Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for NFX Series

 

These release notes accompany Junos OS Release 19.2R2 for the NFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os

What’s New

Learn about new features introduced in the main and maintenance releases for NFX Series devices.

What’s New in Release 19.2R2

There are no new features or enhancements to existing features for NFX Series devices in Junos OS Release 19.2R2.

What’s New in Release 19.2R1

Architecture

  • Open vSwitch (OVS) integrated with Data Plane Development Kit (DPDK)—Starting in Junos OS Release 19.2R1, NFX150-S1 and NFX150-S1E devices support OVS integrated with DPDK that offers better network packet throughput and lower latencies.

    [See Benefits and Uses of NFX150.]

Application Security

  • Application-based multipath support (NFX Series)—Starting in Junos OS Release 19.2R1, application-based multipath routing is supported on NFX150 devices.

    Multipath routing allows the sending device to create copies of packets, send each copy through two or more WAN links. On the other end, multipath calculates the jitter and packet loss for the combined links and estimates the jitter and packet loss for the same traffic on individual links. You can compare the reduction in packet loss when combined links instead of individual links are used. Sending multiple copies of traffic ensures timely delivery of the sensitive application traffic.

    Multipath support in SD-WAN uses case enhances application experience.

    [See Application Quality of Experience.]

  • Application-level logging for AppQoE (NFX Series)—Starting in Junos OS Release 19.2R1, NFX series devices support application-level logging for AppQoE. This feature reduces the impact on the CSO or log collector device while processing a large number of system log messages generated at the session-level. The device maintains session-level information and provides system log messages for the session level. Replacing session-level logging with application-level logging decreases the overhead on the device and increases AppQoE throughput.

    [See AppQoE.]

Virtual Network Functions

  • Disable VNF interfaces (NFX150 and NFX250 NextGen)—Starting in Junos OS Release 19.2R1, you can manually disable the VNF interfaces (eth0 through eth9) on the OVS or custom bridge on NFX150 and NFX250 NextGen devices.

    [See Configuring VNF Interfaces and VLANs.]

  • MAC flooding on VNF interfaces (NFX150 and NFX250 NextGen)—Starting in Junos OS Release 19.2R1, changes to the default MAC flooding behavior of the virtualized network function (VNF) interfaces improve the performance of multicast traffic. If a VNF interface is not attached to a VLAN, drop flow is not configured. The interface functions as a trunk port that can receive and forward the VLAN traffic.

    In earlier releases, if a VNF interface is not attached to a VLAN, drop flow is configured and the VNF interface drops the outgoing traffic.

    [See Configuring VNF Interfaces and VLANs.]

  • Bootstrap configuration of a VNF using a config-drive (NFX150 and NFX250 NextGen)—Starting in Junos OS Release 19.2R1, you can bootstrap a VNF using an attached config drive that contains a bootstrap-config ISO file on NFX150 and NFX250 NextGen devices. The config drive is a virtual drive, which can be a CD-ROM, USB drive or Disk drive associated to a VNF with the configuration data. Configuration data can be files or folders, which are bundled in the ISO file that makes a virtual CD-ROM, USB drive, or Disk drive.

    [See Preparing the Bootstrap Configuration on NFX150 Devices.]

    [See Preparing the Bootstrap Configuration on NFX250 NextGen Devices.]

What’s Changed

Learn about what changed in Junos OS main and maintenance releases for NFX Series devices.

What’s Changed in Release 19.2R2

There are no changes in the behavior of Junos OS features or in the syntax of Junos OS statements and commands in Junos OS Release 19.2R2 for NFX Series devices.

What’s Changed in Release 19.2R1

Factory-default Configuration

  • Plug-and-play configuration (NFX150 and NFX250 NextGen devices)—Starting in Junos OS Release 19.2R1, the factory default configuration is modified to include the secure router plug-and-play configuration.

Known Limitations

Learn about known limitations in Junos OS Release 19.2R2 for NFX Series devices.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Interfaces

  • On NFX250 devcies, the maximum number of VLAN interfaces on the OVS that can be configured in the system is limited to 20. PR1281134

  • On NFX150 devices, the TCP and ICMP RPM probes take the best-effort queue of the outgoing interface, instead of the network control queue. As a workaround, configure a DSCP value such as nc1 for the RPM probes to take the network control queue. PR1329643

  • On NFX150 devices, the PPPoE session does not come up on the interface due to the hardware limitation for both tagged and untagged cases. As a workaround, enable the promiscuous mode on the interface. PR1347830

  • On NFX150 devices, the link does not come up if a 1-GbE SFP transceiver is connected from heth-0-4 and heth-0-5 to a peer device. As a workaround, disable the auto negotiation for the interface connected to the NFX150 on the remote device. PR1428020

Platform and Infrastructure

  • The Routing Engine boots from the secondary disk when you:

    • Press the reset button on the RCB front panel, while the Routing Engine is booting up before Junos OS reboots.

    • Upgrade the software by booting from the network using the request vmhost reboot network command, and the system fails to boot from the network.

    • Upgrade the BIOS and it fails.

    • Reboot the system and it hangs before Junos OS reboots.

    As a workaround, interrupt the boot process to select the primary disk. PR1344342

  • Starting in Junos OS Release 18.4, NFX150 devices support two versions of disk layout. In the older version of the disk layout, you could upgrade or downgrade from Junos OS Release 18.4. With the new disk layout, a downgrade to releases later than Junos OS Release 18.4 is not possible. As a workaround, avoid operations that reformat the disk layout. PR1379983

  • On NFX150 devices, SNMP does not work for the following commands:

    • show snmp mib walk jnxIpSecTunMonOutEncryptedBytes

    • show snmp mib walk jnxIpSecTunMonOutEncryptedPkts

    • show snmp mib walk jnxIpSecTunMonInDecryptedBytes

    • show snmp mib walk jnxIpSecTunMonInDecryptedPkts

    • show snmp mib walk jnxIpSecTunMonLocalGwAddr

    • show snmp mib walk jnxIpSecTunMonLocalGwAddrType

    PR1386894

Virtual Network Functions (VNFs)

  • After you create or delete a VNF on NFX150 and NFX250 NextGen devices, the request virtual-network-functions console vnf-name command gives an error that the VNF domain is not found. VNFs are reachable through SSH in this state. PR1433204

Open Issues

Learn about open issues in this release for the NFX Series devices.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Interfaces

  • On NFX150 and NFX250 NextGen devices, the link disable option puts the analyzer interface in inconsistent state with the link state as down and admin state as up. PR1442224

  • On NFX150 and NFX250 NextGen devices, while configuring vmhost vlans using vlan-id-list, the system allows duplicate VLAN IDs in the VLAN ID list. PR1438907

  • On NFX250 devices, if the IRB interface configuration and DHCP service configuration on JDM are removed and rolled back while retaining the VLAN mapping to the IRB interface, the DHCP service fails to assign IP addresses to the corresponding VNF interfaces and the service chaining fails. As a workaround, remove the VLAN mapping to the IRB interface along with IRB and DHCP service configuration on JDM. PR1234055

  • On an NFX250 NextGen device, you cannot configure more than 93 logical interfaces. The error message dcf_ng_ifl_alloc_hw_token: Hardware token exhausted-IFL and DCD_CONFIG_WRITE_FAILED with no buffer space available is logged in the log messages. PR1424180

  • On NFX150 devices, only the CFM cells that are configured for MEP levels are exchanged across xDSL MEPs. Other MEP-level CFM packets are dropped, whereas for Ethernet All MD level along with above level will be exchanged. PR1409576

  • When you issue the show interface command on NFX150 devices to check the interface details, the system does not check whether the interface name provided is valid or invalid. The system does not generate an error message if the interface name is invalid. PR1306191

  • When a DHCP server assigns a conflicting IP address to the NFX Series device interfaces, the device does not send a DHCP DECLINE message in response. PR1398935

  • If you plug an unsupported SFP-T transceiver into an NFX150 device and reboot the device, the FPC1 WAN port does not come online. PR1411851

  • When the interface configuration has the encapsulation flexible-ethernet-services enabled on a 10-Gigabit Ethernet interface, traffic is dropped. PR1425927

Platform and Infrastructure

  • On NFX150 devices, the request vmhost reboot in minutes command with a delay specified in minutes reboots the device immediately. PR1406018

  • On NFX250 devices, the request load configuration command output does not match with 18.4 yang. PR1416106

  • When the NFX250 devices are operating in Linux bridge mode, the memory might be insufficient to launch a CLI session from JDM. This results in the generation of multiple JDM core files while spinning up a vSRX VNF. As a workaround:

    1. Check whether the /var/third-party/jdm-config/last_1048576kB_nr_hugepages_value or /var/third-party/jdm-config/last_2048kB_nr_hugepages_value file is present on the hypervisor. If it is, then delete it.
    2. Reboot the device.
    3. Upgrade to the release where this issue is fixed, if not already upgraded.

    PR1440427

  • If you are using init-descriptor filename vsrx.xml to upgrade the NFX Series devices, the upgrade process reverts the file to default and the JDM subsystem becomes unavailable. PR1456900

  • On NFX250 devices, Virtual Port Peer (VPP) is not running on dual CPE and occasionally on single CPE. PR1461238

  • On NFX150 devices, the following messages are seen during FTP: ftpd[14105]: bl_init: connect failed for `/var/run/blacklistd.sock' (No such file or directory). PR1315605

Routing Protocols

  • When a static route and an OSPF route are active in the routing table for a specific destination network, a ping initiated to that destination network from the NFX Series device will fail. PR1438443

Virtual Network Functions (VNFs)

  • On NFX150 and NFX250 NextGen devices, when you add, modify, or delete a VNF interface that is mapped to an L2 or L3 data plane, kernel traces might be observed on the NFX Series device console. PR1435361

  • On NFX150 and NFX250 NextGen devices, if the VNFs are instantiated in Throughput mode, the sshd cores are seen and SSH to the device may fail, rendering the device unreachable and with restricted functionality. Only a power cycle of the device can fix this state. PR1440285

  • On an NFX250-LS1 device operating in Compute mode, the traffic throughput rate is reduced when the traffic is service-chained with a third-party VNF with OVS cross-connect configuration. PR1438687

  • On issuing the show virtual-network-functions vnf-name command on NFX250 devices, the system creates a defunct process due to a mismatch between the popen() and pclose() calls. PR1415210

Resolved Issues

Learn which issues were resolved in the Junos OS main and maintenance releases for NFX Series devices.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 19.2R2

Class of Service (CoS)

  • Traffic is sent to the incorrect queue when you are configuring COS with forwarding-classes class versus queue. PR1436408

  • The CoS rewrite rule does not work for the st0 interface. PR1439401

High Availability

  • On an NFX150 high availability chassis cluster, the host logs updated in the system log messages might not show the correct timestamp. As a workaround, convert the UTC timestamp to the local time zone. PR1394778

Interfaces

  • On NFX150 devices, if VLAN-tagged PPPoE is configured and you commit the configuration without using the delete interfaces command, then PPPoE does not come up and we will see malformed offer packet at CPE. PR1409475

  • The l2cpd process might crash and generate a core file when interfaces are flapping. PR1431355

  • The temperature field is displayed as Testing in the show chassis fpc and show chassis fpc details CLI command output. PR1433221

  • The limit on the maximum OVS interfaces is restored to the originally defined limit 25 for backward compatibility. PR1439950

  • On NFX Series devices, ping does not work between the cross-connected interfaces configured with the interface deny-forwarding option. PR1442173

  • On NFX150 and NFX250 NextGen devices, cross-connect stays down even if all linked interfaces are up. PR1443465

  • On NFX250 NextGen devices, when you change the performance mode from throughput to compute, the FPC0 interface goes down after the reboot. PR1448246

  • The heth-0-4 and heth-0-5 ports do not detect traffic when you try to activate the ports by plugging in or unplugging the cable. PR1449278

  • On NFX Series devices, the static MAC address is replaced by a random MAC address. PR1458554

  • After upgrading vSRX3 from Junos OS Release 18.4R1.8 to Junos OS Release 18.4R1-S4 to solve swap memory issues, core files are generated and traffic is dropped. PR1465132

  • On NFX150 devices, GRE tunnel interface (gr-1/0/0) might not appear if the clear-dont-fragment-bit option is configured for the GRE interface. PR1472029

Layer 2 Ethernet Services

  • DHCP request may be dropped in DHCP relay scenario. PR1435039

Platform and Infrastructure

  • REST API process becomes nonresponsive when a number of requests come in at a high rate. PR1449987

  • Packet drops, replication failure, or ksyncd crashes might be seen on the logical system of a device running Junos OS after Routing Engine switchover. PR1427842

  • LACP state might remain in Attached state after peer active members are disabled. PR1439268

  • On NFX150 devices, when you issue the show security dynamic-address command, the show security dynamic-address does NOT work on port3 message is displayed. PR1448594

  • On NFX150 devices, version compare in PHC might fail, making the PHC download the same image. PR1453535

  • NFX250 devices do not allow jdm (case-insensitive) as a VNF name. You can use jdm as part of the name. For example, jdm123, abcJDM, and abcJDM123 are valid VNF names, whereas, jdm, JDM, Jdm, JDm are not valid VNF names. PR1463963

  • On NFX Series devices, after a power outage, JDMD might become unresponsive because the /etc/hosts file is corrupted. PR1477151

Routing Protocols

  • The other querier present interval timer cannot be changed in an IGMP/MLD snooping scenario. PR1461590

Virtual Network Functions (VNFs)

  • Duplicate host entries are observed in /etc/hosts on JDM when VNF interfaces are moved from the default OVS bridge to a custom OVS bridge. PR1434679

  • When you downgrade from Junos OS Release 19.2 to Junos OS Release 18.4, the show virtual-network-functions vnf-name command does not display the VNF information. PR1437547

  • No error is displayed for native-vlan-id that is configured on an access VNF interface, although the commit fails. PR1438854

  • Management ports are not disabled with the link disable command on NFX150-S1 devices. PR1442064

Resolved Issues: 19.2R1

Interfaces

  • On NFX250 devices, an SFP-T interface does not become active when it is plugged into a ge-12/0/0 or a ge-13/0/0 interface. PR1404756

  • On a NFX250 devices with xDSL SFP used on the fiber ports the status of the xDSL SFP was displayed with Adsl Status field under cli command show interfaces int-name. But whenever a user hot-swaps a xDSL SFP with another xDSL SFP on the same port, then the Adsl Status field was not displayed in the show interfaces command output. PR1408597

  • On NFX150 devices, FPC0 may not be online after an upgrade and a device reboot is required. PR1430803

Platform and Infrastructure

  • Software upgrade does not delete all images from a previous installation. This occupies about 1GB of storage per upgrade and leads to depletion of storage after several upgrades. PR1408061

  • JDM depends on the libvirtd deamon to manage the guest VM through cli. The libvirtd daemon was stuck and vjunos VM start up failed, which resulted in in-band connectivity issues, the guest VM could not start, and the console was hung. PR1314945

  • The NFX3/ACX5448:LIBCOS_COS_TVP_FC_INFO_NOT_FOUND: Forwarding-class information not specified message is displayed when you commit the configuration on config prompt. As a workaround to exclude this from messages or syslogs, run the set system syslog user * match "!(LIBCOS_COS_TVP_FC_INFO_NOT_FOUND: Forwarding-class information not specified) and commit. PR1376665

Documentation Updates

There are no errata or changes in Junos OS Release 19.2R2 for documentation for NFX Series.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the NFX Series. Upgrading or downgrading Junos OS might take several hours, depending on the size and configuration of the network.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information on EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Basic Procedure for Upgrading to Release 19.2

When upgrading or downgrading Junos OS, use the jinstall package. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide. Use other packages, such as the jbundle package, only when so instructed by a Juniper Networks support representative.

Note

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the device, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files), might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the device. For more information, see the Software Installation and Upgrade Guide.

Note

We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

To download and install Junos OS Release 19.2R1:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the Software tab.
  4. Select the release number (the number of the software version that you want to download) from the Version drop-down list to the right of the Download Software page.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the device or to your internal software distribution site.
  10. Install the new package on the device.