Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for MX Series 5G Universal Routing Platform

 

These release notes accompany Junos OS Release 19.2R3 for the MX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What’s New

Learn about new features introduced in the Junos OS main and maintenance releases for MX Series.

What’s New in 19.2R3

There are no new features or enhancements to existing features for MX Series routers in Junos OS Release 19.2R3.

What’s New in 19.2R2

Junos OS XML, API, and Scripting

  • Support for 64-bit architecture added for use of management interface in a nondefault routing instance in op scripts and JET applications (MX Series)—Junos OS Release 19.2R2 supports 64-bit architecture Junos OS operating scripts (op scripts) and on-box JET applications can now use the function set_routing_instance() to program the protocol software (TCP/UDP) to use a nondefault routing instance instead of the default management routing interface.

    [See set_routing_instance() Function (Python).]

Network Management and Monitoring

  • Implement new MIBs using telemetry-based model (MX Series)—Starting in Junos OS Release 19.2R2, new MIBs mplsMldpInterfaceStatsEntry and mplsMldpFecUpstreamSessTable are introduced. The Routing Engine uses a telemetry-based approach to collect statistics to provide MIB data for these MIBs. A new statement, sensor-based-stats at the [edit protocols ldp traffic-statistics] hierarchy level, enables telemetry-based collection. You must configure this statement to enable MIB data collection for mplsMldpInterfaceStatsEntry and mplsMldpFecUpstreamSessTable.

Routing Protocols

  • ECMP nexthop update rate throttling (MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 19.2R2, you can choose to defer multipath computation for all families during a BGP peering churn. In very large-scale network deployments during BGP peering churn there is a temporary spike in multipath computation, which takes a toll on the Packet Forwarding Engine resources. This feature allows you to pause the multipath computation and to resume after the peering churn settles down. Note that if there is no BGP peering churn, then multipath computation is not paused.

    To enable the pause option for BGP multipath computation during BGP peering churn, include the pause computation statement at the [edit protocols BGP multipath] hierarchy level.

Subscriber Management and Services

  • CoA messages support Session-Timeout attribute (MX Series)—Starting in Junos OS Release 19.2R2, you can apply a session timeout for subscriber sessions with a RADIUS CoA message that includes the Session-Timeout attribute (27). This capability is useful, for example, when subscribers purchase Internet access for a specific period of time and must log out when the session expires. In earlier releases, the router does not recognize the attribute if it is included in a CoA message.

    [See Understanding Session Options for Subscriber Access.]

What’s New in 19.2R1-S4

Interfaces and Chassis

  • Support for 1-Gbps speed on QFX-60S line card on PTX10008 and PTX10016 Routers—Starting in Junos OS Release 19.2R1-S4, QFX10000-60S-6Q line card supports 1-Gbps speed on its ports (0 through 59). The QFX10000-60S-6Q line card contains 60 SFP+ ports that support 10-Gbps, two dual-speed QSFP28 ports that support either 40-Gbps or 100-Gbps, and four QSFP+ ports that support 40-Gbps. You can individually configure ports 0 to 59 for 10-Gbps or 1-Gbps port speed. Use the set chassis fpc fps-slot-number pic pic-number port port-number speed 1G command to change the mode of a port from 10-Gbps to 1-Gbps. The transceivers supported for 1-Gbps are QFX-SFP-1GE-LX, QFX-SFP-1GE-SX, and QFX-SFP-1GE-T.

    [See QFX10000 Line Cards for details on the combination of modes supported on the ports.]

Services Applications

What’s New in 19.2R1-S1

MPLS

  • Distributed CSPF for segment routing LSPs (MX Series)—Starting in Junos OS Release 19.2R1-S1, you can compute a segment routing LSP locally on the ingress device according to the constraints you have configured. With this feature, the LSPs are optimized based on the configured constraints and metric type. The LSPs are computed to utilize the available ECMP paths to the destination.

    Prior to Junos OS Release 19.2R1-S1, for traffic engineering of segment routing paths, you could either explicitly configure static paths, or use computed paths from an external controller.

    [See Enabling Distributed CSPF for Segment Routing LSPs.]

  • Color-based mapping of VPN services over SRTE (MX Series)—Starting in Junos OS Release 19.2R1-S1, you can specify a color attribute along with an IP protocol next hop to resolve transport tunnels over static colored and BGP segment routing traffic-engineered (SRTE) label-switched paths (LSPs). This is called the color-IP protocol next hop resolution, where you are required to configure a resolution-map and apply it to the VPN services. Prior to this release, the VPN services were resolved over IP protocol next hops only.

    With this feature, you can enable color-based traffic steering of Layer 2 and Layer 3 VPN services.

    [See Color-Based Mapping of VPN Services Overview.]

Routing Protocols

  • Decouple RSVP for IGP-TE (MX Series, PTX Series, ACX Series, QFX Series, SRX Series, and EX Series)—Starting in Junos OS Release 19.2R1-S1, device can advertise selective traffic-engineering attributes such as admin-color and maximum-bandwidth, without enabling RSVP, for segment routing and interior gateway protocol (IGP) deployments.

What’s New in 19.2R1

Hardware



  • New fixed-configuration Modular Port Concentrator (MX240, MX480, and MX960)—Starting in Junos OS Release 19.2R1, the MPC10E-10C-MRATE is a new Modular Port Concentrator (MPC) that is supported on the MX240, MX480, and MX960 routers.

    The MPC10E-10C-MRATE features the following:

    • Line-rate throughput of up to 1.0 Tbps when installed with an enhanced midplane and 800 Gbps when installed with a standard midplane.

    • Eight QSFP28 ports—Port numbers 0/0 through 0/3 and 1/0 through 1/3. The ports can be configured as 10-Gbps, 40-Gbps, or 100-Gbps Ethernet ports.

    • Two QSFP56-DD ports—Port numbers 0/4 and 1/4. The ports can be configured as 10-Gps, 40-Gps, 100-Gbps Ethernet ports.

    [See MX Series 5G Universal Routing Platform Interface Module Reference.]

  • MX10016 Universal Routing Platform—The MX10016 router provides 10-Gigabit Ethernet, 40-Gigabit Ethernet, and 100-Gigabit Ethernet modular solutions that support up to 2.4 Tbps per slot. The MX10016 router provides redundancy and resiliency. All major hardware components including the power system, the cooling system, the control board and the switch fabrics are fully redundant. MX10016 enables cloud and data center operators to transition from 10-Gigabit Ethernet and 40-Gigabit Ethernet networks to 100-Gigabit Ethernet high-performance networks. The 21 rack unit (21 U) modular chassis can provide 38.4 Tbps of throughput. The MX10016 router has 16 slots for the line cards that can support a maximum of 1536 10-Gigabit Ethernet ports, 384 40-Gigabit Ethernet ports, or 384 100-Gigabit Ethernet ports.

    You can deploy the MX10016 router in an IP edge network using an MX10K-LC2101 line card (ordering model number is JNP10K-LC2101).

    [See MX10016 Hardware Guide.]

  • Advanced Cooling and Power Components (MX10008 Routers)—Starting in Junos OS Release 19.2R1, MX10008 routers offer 5.5 KW power supplies, new high performance fan tray, and compatible fan tray controller. The JNP10K-PWR-AC2 power supply supports AC, high-voltage alternating current (HVAC), DC, or high-voltage direct current (HVDC). The JNP10K-PWR-DC2 provides a 5.5 KW upgrade for DC users. The JNP10008-FAN2 offers increased air flow through the chassis. The JNP10008-FAN2 offers 1793 cubic feet per minute (CFM) per fan tray. The new fan tray controller, JNP10008-FTC2 supports the new fan tray.

    [See MX10008 Hardware Guide.]

Authentication, Authorization and Accounting (AAA) (RADIUS)

  • Option to enable and disable SCP per user level independent of SSH (MX Series)—Starting in Junos OS 19.2R1, you can enable and disable SCP for a certain login class user independent of SSH. By defualt, SCP is not allowed for users added to the system defined classes read-only, operator and unauthorized and is only allowed to the system defined class super-user. SCP is allowed for any login class user belonging to a user defined class. You can deny SCP request for a user assigned to a user defined class by using the no-scp-server configuration statement. Prior to 19.2R1, SCP was enabled and disabled when SSH was enabled and disabled.

    To disable SCP for a certain login class, use set no-scp-server at the [edit system login class <class_name>] hierarchy level.

    [See no-scp-server.]

  • Option to enable and disable SFTP per user level (MX Series)—Starting in Junos OS 19.2R1, you can enable and disable SFTP for a certain login class user. By defualt, SFTP is not allowed for users added to the system defined classes read-only, operator and unauthorized and is only allowed to the system defined class super-user if SFTP is enabled globally. For a user assigned to a user defined class, by default SFTP requests are allowed if set system services ssh sftp-server is configured. You can now deny SFTP requests for a user assigned to a user defined class by using the no-sftp-server configuration statement.

    To disable SFTP for a certain login class, use set no-sftp-server at the [edit system login class <class_name>] hierarchy level.

    [See no-sftp-server.]

EVPN

  • Support for BFD, BGP, IS-IS, and OSPF on IRB interfaces in EVPN-MPLS networks (MX Series and vMX)—Starting with Junos OS Release 19.2R1, you can configure Bidirectional Forwarding Detection (BFD), BGP, IS-IS, and OSPF routing protocols on the IRB interface in an EVPN-MPLS network to route and forward EVPN traffic. This feature supports single-homed, single-active, and all-active multihomed networks.

    [See EVPN with IRB Solution Overview.]

  • EVPN support of VLAN ID ranges and lists in service provider style interface configurations (MX Series routers, and vMX virtual routers)—Starting in Junos OS Release 19.2R1, EX9200 switches, ACX5448 and MX Series routers, and vMX virtual routers support the use of VLAN ID ranges and lists in a service provider style interface configuration, which must be referenced in an EVPN routing instance. This configuration is supported with the following EVPN environments, services, and features:

    • Environments:

      • EVPN with VXLAN encapsulation

      • EVPN with MPLS encapsulation

    • VLAN bundle service:

      • E-LAN

      • E-Tree

      • E-Line

    • Feature:

      • EVPN multihoming:

        • All-active

        • Single-active

      • Singlehoming

    [See VLAN ID Ranges and Lists in an EVPN Environment.]

  • Connectivity fault management support in EVPN-VPWS (MX Series)—Starting with Junos OS Release 19.2R1, you can configure Up maintenance association end points (MEPs) and maintenance association intermediate point (MIPs) on attachment circuits in support of connectivity fault management (CFM) in EVPN-VPWS networks. With the MEPs, you can monitor connectivity between two points on the EVPN-VPWS network. Junos OS supports the continuity check messages (CCM), loopback and link trace messages (LTMs) as defined in IEEE 802.1AG CFM, and delay measurements (DM) and synthetic loss measurements (SLMs) as defined in Y.1731 on a single-active homing network.

    [See Connectivity Fault Management Support for EVPN and Layer 2 VPN Overview.]

  • Support for control word in EVPN-VPWS (MX Series and vMX) —Starting with Junos OS Release 19.2R1, Junos OS supports the insertion of a control word between the label stack and the MPLS payload in a network with EVPN-VPWS service. This feature prevents a transit device from delivering out-of-order packets as a result of the device’s load-balancing hashing algorithm. When you enable the control word feature on a PE device, the PE device advertises support for a control word. If all the PE devices in an EVI on the EVPN-VPWS serviced network support control word, then the PE device inserts a control word between the label stack and the L2 header in the packet thus preventing the packet from being misidentified by transit devices.

    [See Control Word for EVPN-VPWS.]

Forwarding and Sampling

  • Support for local preference when selecting forwarding next-hops for ECMP traffic (MX Series)—Starting in Junos OS Release 19.2R1, you can have equal cost multi-path (ECMP) traffic flows prefer local forwarding next-hops over remote ones. This feature supports BGP prefixes that are directly reachable with IPv4 MPLS ECMP next-hops. Use ecmp-local-bias to direct ECMP traffic towards local links, for example, to ensure that the overall load on the fabric is reduced. [See ecmp-local-bias for usage details.]

High Availability (HA) and Resiliency

Interfaces and Chassis

  • Support for local preference when selecting forwarding next-hops for load balancing (MX Series)—Starting in Junos OS Release 19.2R1, you can have traffic flows across aggregated Ethernet or logical-tunnel interfaces prefer local forwarding next-hops over remote ones, for example to ensure that the overall load on the fabric is reduced. [See local-bias for usage details.]

  • Support to collect and display PRBS statistics (MX10003 and MX204)—Starting in Junos OS Release 19.2R1, on MX10003 and MX204 routers, you can check the physical link connectivity by issuing the test interfaces ifd-name prbs-test-start pattern-type type direction (0|1) flip (0|1) that starts collecting the PRBS statistics.

    The output of the show interfaces interface-name prbs-stats command displays the PRBS statistics while the test is in progress. These statistics are cleared after the test is complete or if it is stopped. You can stop collecting the statistics by issuing the test interfaces ifd-name prbs-test-stop direction (0|1) command.

    Note

    While running PRBS statistics, the link will be down.

    [See prbs-test-start, prbs-test-stop, show interfaces prbs-stats, Collecting Pseudo Random Bit Sequence (PRBS) Statistics.]

  • Domain Name System (DNS) is VRF aware (MX Series)—Starting in Junos OS Release 19.2R1, when the management-instance statement is configured at the [edit system] hierarchy level, you can use the non-default management routing instance mgmt_junos as the routing instance through which the DNS name server is reachable. To specify the routing instance mgmt_junos, configure our new configuration statement routing-instance mgmt_junos, at the [edit system name-server server-ip] hierarchy level.

    [See Management Interface in a Nondefault Instance, Configuring a DNS Name Server for Resolving a Hostname into Addresses, name-server, and show host.]

  • SCBE3-MX interoperates with MPC10E-10C (MX240, MX480, and MX960)—Starting in Junos OS Release 19.2R1, the Enhanced Switch Control Board SCBE3-MX (model number: SCBE3-MX-S) supports fabric management on the MPC10E-10C line card on the MX240, MX480, and MX960 routers. The SCBE3-MX-S supports a pluggable Routing Engine and provides a control plane and data plane interconnect to each line card slot. The MPC10E-10C supports a bandwidth of up to 1 Tbps (800 Gbps with four planes and 1 Tbps with 5 or 6 planes). With MPC10E 15C line card, in a non-redundant configuration the SCBE3-MX provides fabric bandwidth of up to 1 Tbps per slot with four fabric planes and 1.5 Tbps per slot when all six fabric planes are used. Starting in this release, the MPC10E line cards support the standard midplane, which supports a bandwidth up to 800 Gbps per slot. Support for the enhanced midplane, which provides a bandwidth of 1.5 Tbps with MPC10E-15C and 1 Tbps with MPC10E-10C, is already available.

    [See SCBE3-MX Description and MPC10E-15C-MRATE]

  • Support for QSFP-100GE-DWDM2 transceiver (MX204, MX10003, MX10008, and MX10016)—Starting in Junos OS Release 19.2R1, the MX204, MX10003, MX10008, and MX10016 routers support the QSFP-100GE-DWDM2 transceiver. The 100-Gbps bidirectional transceiver has a dual transmitter/receiver that enables it to transmit and receive data through a single optical fiber. You can perform the following actions when this transceiver is installed:

  • MPC10 distributed LACP support in PPM AFT (MX Series)—Starting in Junos OS Release 19.2R1, the MPC10E-15C-MRATE and MPC10E-10C-MRATE MPCs support distributed LACP in Periodic Packet Manager (ppman) Advanced Forwarding Toolkit (AFT).

  • Support for Routing Engine hard disk smart check (MX240, MX480, MX204, MX960, MX10008, MX2008, MX2020, MX10016, MX10000, MX2010, MX10002, and MX10003)—Starting in Junos OS Release 19.2R1, you can configure the device to perform certain health checks on the Routing Engine solid-state drive (SSD) and log a health event or raise an alarm in case a predefined health attribute threshold is breached. You can use the set chassis routing-engine disk smart-check command to instruct the system to raise an alarm when an SSD health attribute threshold is breached. You can view the alarm by using the command show chassis alarms.

    [See smart-check]

Junos OS XML API and Scripting

  • Automation script library additions and upgrades (MX Series)—Starting in Junos OS Release 19.2R1, devices running Junos OS that support the Python extensions package include new and upgraded Python modules. Python automation scripts can leverage new on-box Python modules, including the requests, chardet, and urllib3 modules, as well as upgraded versions of the idna, ipaddress, and six modules. The Requests library provides additional methods for supporting initial deployments as well as for performing routine monitoring and configuration changes on devices running Junos OS.

    [See Overview of Python Modules Available on Devices Running Junos OS and Using the Requests Library for Python on Devices Running Junos OS.]

Junos Telemetry Interface

  • Inline active flow monitoring support using JTI (MPC10E-15C-MRATE line cards)—Starting in Junos OS Release 19.2R1, Junos Telemetry Interface (JTI) supports streaming inline active flow monitoring service-related statistics and errors counters for export to outside collectors at configurable intervals using remote procedure call (gRPC) services.

    Use the following resource path to export statistics:

    /junos/system/linecard/services/inline-jflow/

    To provision the sensor to export data through gRPC services, use the telemetrySubcribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.

    [See Configuring Flow Aggregation on MX, M, vMX and T Series Routers and NFX250 to Use Version 9 Flow Templates, Guidelines for gRPC Sensors (Junos Telemetry Interface) and Understanding OpenCOnfig and gRPC on Junos Telemetry Interface.]

  • Packet Forwarding Engine support for JTI (MX2010 and MX2020 routers)—Starting in Junos OS Release 19.2R1, Junos telemetry interface (JTI) supports streaming of Packet Forwarding Engine statistics for MX2010 and MX2020 routers using Remote Procedure Calls (gRPC). gRPC is a protocol for configuration and retrieval of state information.

    To provision the sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • Sensor- level statistics support on JTI (MX960, MX2008, MX2010, MX2020, PTX5000, PTX1000, and PTX10000 routers and QFX5100 and QFX5200 switches)—Starting with Junos OS Release 19.2R1, you can issue the Junos operational mode command show network-agent statistics to provide more information on a per-sensor level for statistics being streamed to an outside collector by means of remote procedure calls (gRPC) and Junos telemetry interface (JTI). Only sensors exported with gRPC are supported. The command does not support UDP-based sensors.

    [See show network-agent statistics and Understanding OpenConfig and gRPC on Junos Telemetry Interface.]

  • ONCE mode supported using gNMI services and JTI (MX Series)—Starting in Junos OS Release 19.2R1, you can include the "ONCE" mode with the Subcribe RPC when subscribing to gRPC Network Management Interface (gNMI) services to export statistics for telemetry monitoring and management using Junos telemetry interface (JTI). ONCE mode ensures that the collector is only streamed telemetry information one time.

    The Subscribe RPC and subscription parameters are defined in the gnmi.proto file.

    Streaming telemetry data through gNMI also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.

    [See Understanding OpenConfig and gRPC on Junos Telemetry Interface.]

  • Packet Forwarding Engine statistics export using gNMI and JTI (MX960, MX2008, MX2010 and MX2020 routers)—Starting in Junos OS Release 19.2R1, you can stream Packet Forwarding Engine statistics to an outside collector using gRPC Management Interface (gNMI) version 0.7.0 and Junos telemetry interface (JTI). Prior to this, these statistics were exported using OpenConfig gRPC and UDP protocol buffer (gpb) format. OpenConfig gRPC and gNMI are both protocols used to modify and retrieve configurations as well as export telemetry streams from a device in order to manage and monitor it

    To provision Packet Forwarding Engine sensors to export data through gNMI, use the Subscribe RPC defined in the gnmi.proto to specify request parameters. This RPC already supports Routing Engine statistics to be exported by means of gNMI. Now, Packet Forwarding Engine sensors will also stream KV pairs in gNMI format for a majority of Packet Forwarding Engine sensors.

    Streaming telemetry data through gNMI also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface) and Understanding OpenCOnfig and gRPC on Junos Telemetry Interface.]

  • Broadband edge statistics support through JTI (MX Series)—Starting in Junos OS Release 19.2R1, subscriber-based telemetry streaming is enabled when an MX Series router is configured for Broadband Network Gateway (BNG) and Junos fusion where subscribers are connected through Junos fusion Satellite devices. You can use remote procedure calls (gRPC) to export broadband edge (BBE) telemetry statistics to external collectors. gRPC is a protocol for configuration and retrieval of state information.

    You can stream all BBE resource paths except for the following:

    • /junos/system/subscriber-management/access-network/ancp

    • /junos/system/subscriber-management/client-protocols/l2tp

    • /junos/system/subscriber-management/infra/network/l2tp/

    To stream BBE statistics, include a resource path starting with /junos/system/subscriber-management/ in your gRPC subscription.

    To provision the sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface) and Understanding OpenCOnfig and gRPC on Junos Telemetry Interface.]

  • gRPC-based streaming telemetry support for subscriber service accounting statistics for JTI (MX Series 5G Universal Routing Platform)—Starting in Junos OS Release 19.2R1, you can enable service filter accounts statistics for subscribers using Junos telemetry interface (JTI) and remote procedure calls (gRPC). Service accounting statistics include IP protocol IPv4 family, IPv6 family, or both, as well as transmit and receive packets and bytes for subscriber service sessions.

    To enable these statistics from an MX Series router, include the service-statistics statement at the [edit dynamic-profiles my-service-profile telemetry] hierarchy level.

    To stream these statistics, include the resource path /junos/system/subscriber-mamagement/dynamic-interfaces/interfaces/services/ in your gRPC subscription to export the statistics to an outside collector.

    To provision the sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface) service-statistics, and Enable Service Filter Accounting Statistics for Subscribers.]

  • FPC and optics support for JTI (MX Series)—Starting in Junos OS Release 19.2R1, Junos telemetry interface (JTI) supports streaming of Flexible PIC Concentrator (FPC) and optics statistics for the MX Series router using remote procedure calls (gRPC). gRPC is a protocol for configuration and retrieval of state information. This feature effort includes the addition of a new process (SensorD daemon) to export telemetry data for integration with AFTTelementry and LibTelemetry libraries in the OpenConfig model called AFT platform.

    The following base resource paths are supported:

    • /junos/system/linecard/environment/

    • /junos/system/linecard/optics/

    • /junos/system/linecard/optics/optics-diag[if-name =])

    • /junos/system/linecard/optics/optics-diag/if-name

    • /junos/system/linecard/optics/optics-diag/snmp-if-index

    • /junos/system/linecard/optics/lane[lane_number=]/

    To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • Specify Routing Instance for JTI (ACX Series, MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 19.2R1, you can specify the routing instance to use for remote procedure call (gRPC) services. Include the routing-instance instance-name at the [edit system services extension-service request-response grpc] hierarchy level. The routing instance name specified should match the name of the existing routing instance, such as a name configured under the [routing-instances] hierarchy level or mgmt_junos if system management-instance is configured (the dedicated management routing instance).

    Configuring the routing instance lets you choose the VRF for gRPC services. When the routing instance is not configured, the default behavior is that all gRPC-related services are available through the management fxp0/em0) interface.

Layer 2 VPN

  • Support for group key acknowledgment messages (MX Series)—Starting with Junos OS Release 19.2R1, Junos OS supports group members sending acknowledgment messages as defined in RFC 8263 in response to group key push messages sent by group controllers and key servers. The group member sends acknowledgment messages when it receives a group key push message with a standard KEK_ACK_REQUESTED value of 9 in the SA KEK payload as defined in RFC 8263 or a KEK_ACK_REQUESTED value of 129 that is used in older key servers. No additional configuration is required.

    [See Group VPNv2 Overview.]

Layer 2 Features

  • Support for basic Layer 2 features on MPC10E-15C-MRATE line card (MX Series)—Starting in Junos OS Release 19.2R1, MPC10E-15C-MRATE line card supports the following basic Layer 2 features:

    • Layer 2 bridging with trunk and access modes

    • MAC learning and aging

    • Handling BUM (broadcast, unknown unicast and multicast) traffic, including split horizon

    • MAC move

    • Layer 2 forwarding and flooding statics

    • Mesh groups

    • Static MAC addresses

    • MAC learning and forwarding on AE interfaces

    • Bridging on untagged interfaces

    • Basic Q-n-Q tunneling (without VLAN-translation and VLAN map operations)

    [See Understanding Layer 2 Bridge Domains, Understanding Layer 2 Learning and Forwarding.]

Layer 3 Features

  • MPC10E-10C and MPC10E-15C support layer 3 routing features (MX240, MX480, and MX960)—Starting in Junos OS Release 19.2R1, MPC10E-10C and MPC10E-15C line cards support the following features in hyper-mode:

    • Configuring ICMP redirects and generating ICMP redirect messages.

    • Padding VLAN packets to a minimum frame size of 68 bytes, by using the existing command set interfaces interface-name gigether-options pad-to-minimum-frame-size.

    • Collecting interface family statistics for IPv4 and IPv6, by using the existing command show interfaces statistics detail interface-name.

    See Understanding the Hyper Mode Feature on Enhanced MPCs for MX Series Routers and EX9200 Switches

MPLS

  • Dynamic creation of segment routing LSPs using BGP protocol next hops (MX Series)—Starting in Junos OS Release 19.2R1, you can configure tunnel templates on colored and non-colored segment routing traffic-engineered (SR-TE) paths. These templates enable dynamic creation of segment routing tunnels using protocol next hops with BGP prefixes to resolve destination segment identifiers (SIDs).

    With this feature, you can benefit from reduced configuration, especially when the network deployment requires connectivity from each provider edge (PE) device to every other PE device.

    [See Static Segment Routing Label Switched Path.]

  • CSC support for MPLS-over-UDP tunnels (MX Series with MPC and MIC and VMX)—Starting in Junos Release 19.2R1, carrier supporting carrier (CSC) architecture can be deployed with MPLS-over-UDP tunnels carrying MPLS traffic over dynamic IPv4 UDP tunnels that are established between supporting carrier's provider edge (PE) devices. With this enhancement, the scaling advantage that the MPLS-over-UDP tunnels provided is further increased. This feature is not supported on IPv6 UDP tunnels.

    [See Example: Configuring Next-Hop-Based MPLS-Over-UDP Dynamic Tunnels.]

Network Management and Monitoring

  • Support for displaying valid user input in the CLI for command options and configuration statements in custom YANG data models (MX Series)—Starting in Junos OS Release 19.2R1, the CLI displays the set of possible values for a given command option or configuration statement in a custom YANG data model when you include the action-expand extension statement in the option or statement definition and reference a script that handles the logic. The action-expand statement must include the script child statement, which defines the Python action script that is invoked when a user requests context-sensitive help in the CLI for the value of that option or statement.

    [See Displaying Valid Command Option and Configuration Statement Values in the CLI for Custom YANG Modules.]

  • Support for Synchronous Ethernet with ESMC on JNP10K-LC2101 (MX10008 and MX10016)—Starting in Junos OS Release 19.2R1, the JNP10K-LC2101 line card supports Synchronous Ethernet (SyncE) with ESMC. Synchronous Ethernet is a physical layer technology that is used to transfer clock signals over Ethernet interfaces. ESMC transmits Synchronization Status Message (SSM) information, which is the quality level of the transmitting synchronous Ethernet equipment clock (EEC), by using ESMC protocol data units (PDUs). This support allows you to configure BITS-0 (external-0) and BITS-1 (external-1) ports as clock sources or outputs on master Routing and Control Board (JNP10K-RE1). You can also configure a GPS (external-2) port as a clock source on master Routing and Control Board. This feature also supports SyncE over aggregated Ethernet (AE).

    Note

    Only the GPS port and BITS ports that are configured on master RCB are active.

    [Centralized Clocking Overview and Understanding ESMC Quality Level Mapping]

  • Support for optimizing the SNMP walk execution time for IPsec statistics (MX Series)—Starting in Junos OS Release 19.2R1, you can optimize the SNMP walk execution time for IPsec statistics. To achieve this optimization, increase the cache lifetime of the IPsec related information (for example statistics and SA information) so that a single SNMP walk request is served for N number of IPsec Security Associations (SAs) with N number of queries made to the service PIC. IPsec statistics are now fetched by the burst mode, thereby reducing the load on the Routing Engine daemon, kmd. For different scale needs, we may have to tweak the hidden SNMP knob parameters, for example, with Dead Peer detection (DPD) having more number of tunnels without traffic and simultaneous SNMP walks.

Port Security

  • Fallback PSK for Media Access Control Security (MACsec) (MX Series)—Starting in Junos OS Release 19.2R1, fallback PSK for MACsec is supported on MX Series routers that support MACsec. The fallback PSK provides functionality to establish a secure session in the event that the primary PSKs on each end of a MACsec-secured link do not match.

    [See Configuring Media Access Control Security (MACsec) on MX Series Routers.]

Routing Policy and Firewall Filters

Routing Protocols

  • MPC10 Inline BFD support (MX Series)—Starting in Junos OS Release 19.2, MPC10 MPCs support inline BFD features, excluding micro BFD and BFD sessions with authentication.

    [See Understanding BFD for Static Routes.]

  • Support for IPv6 fragment reassembly for v4ov6 dynamic tunnels—Starting in Junos OS Release 19.2R1, you can configure an additional attribute, dynamic-tunnel-reassembly-enable for reassembling IPv6 fragments before the termination of v4ov6 tunnels. The fragment reassembly feature is disabled by default. IPv6 fragments are discarded when this feature is not enabled.

  • IPv6 reassembly for v4ov6 tunnels (MX Series)—Starting in Junos OS 19.2R1, you can enable the MX chassis to perform IPV6 fragment reassembly for forwarding Ipv4 traffic. When the dynamic-tunel-reassembly is configured, the tunnels using the attribute would be setup for reassembling the IPv6 fragments before the termination of v4ov6 tunnels. By default, this attribute is turned off and the tunnels are set up to discard the IPv6 fragments.

    To enable IPv6 fragment reassembly for forwarding Ipv4 traffic, use set dynamic-tunnel-reassembly on statement at the [edit routing-options dynamic-tunnels tunnel-attributes <dynamic-tunnel-name>] hierarchy level.

    [See dynamic-tunnel-reassembly.]

  • Map single IPv6 anycast address on multiple anchor Packet Forwarding Engines (MX240, MX480, MX960, MX2020)—Starting in Junos OS Release 19.2R1, you can assign the same IPv6 anycast address to multiple anchor Packet Forwarding Engines to manage high traffic from CPE to internet. By default, this feature is disabled. Prior to Junos OS Release 19.2R1, you can assign an anycast address only to a single Packet Forwarding Engine and the maximum v4ov6 tunnel scale per Packet Forwarding Engine in MX Series is 150k. This restricts a single anycast address to be used for 150k tunnels.

    To configure the same source address over multiple tunnel-attributes, use set v4ov6 ipv6-anycast-source-duplication statement at the [edit routing-options dynamic-tunnels] hierarchy level.

    If v4ov6 packets are fragmented, the fragmented packets get steered to one of the anchor Packet Forwarding Engines for IPv6 reassembly processing. To steer the traffic to the correct anchor, Packet Forwarding Engine needs information about the range of IPv4 prefixes that goes over a particular tunnel. To get the range of IPv4 prefixes that goes over a particular tunnel, use set get-route-range statement at the [edit policy-options policy-statement <policy-name> term <term-name> from route-filter <route-filter-value> <range>] hierarchy level.

    [See v4ov6 and get-route-range.]

  • Support for export of BGP Local RIB through BGP Monitoring Protocol (BMP) (MX Series)—Starting in Junos OS Release 19.2R1, BMP is enhanced to support monitoring of local RIB (loc-rib) policy. The loc-rib policy is added to RIB types under the bmp route-monitoring statement.

    [See: Understanding the BGP Monitoring Protocol.]

  • Support for BGP routes with N-Multipath primary and 1-Protection backup gateway (MX Series)—Starting in Junos OS 19.2R1, the following enhancements are made to the Junos OS:

    • Support N+1 formation for BGP labelled unicast protection (LU).

    • Support N+1 formation for BGP PIC (IPv4, IPv6, LU).

    • Support for hetero-nexthops (ListNH) in such N+1 formations.

    • Support for KRT to defer fib-update if BGP-multipath is in progress.

    • Removed restriction to use delay-route-advertisement statement for IPv4 labeled-unicast.

    • Four new options import, install-address <address>, no-install, and rib (inet.0 | inet6.0) are added under the egress-te statement.

    • A new configuration statement allow-protection is introduced to allow protection for multipath legs. To allow protection for multipath legs, use set allow-protection statement at the [edit protocols bgp multipath] hierarchy level.

    • A new option always-wait-for-krt-drain is introduced under delay-route-advertisement statement to make more-specific BGP-routes re-advertisement to wait for KRT-queue to drain. To configure this, use set always-wait-for-krt-drain at the [edit protocols bgp family inet unicast delay-route-advertisements] hierarchy level.

    [See allow-protection (Multipath), delay-route-advertisements and egress-te.]

Security

  • Juniper Malware Removal Tool—Starting in Junos OS Release 19.2R1, the Juniper Malware Removal Tool (JMRT) can be used to scan and remove malware running on Junos OS devices. To run JMRT, use the operational commands under the request system malware-scan hierarchy. There are 2 types of scans you can perform with JMRT:

    QuickScan each running program file.
    Veriexec checkCheck if verified execution is enabled.

    [See request system malware-scan.]

Services Applications

  • Support for IPv6 BGP next-hop address in IPv6 and MPLS-IPv6 inline flow record templates(MX Series)—Starting in Junos OS Release 19.2R1, a new element, IPv6 BGP NextHop Address, is available in the the IPv6 inline flow record template and the MPLS-IPv6 inline flow record template to add support for IPv6 BGP NextHop information element. The new element is supported on both version 9 and version 10 (IPFIX) export formats. The element ID is 63 and the element size is 16 bytes.

    [See Understanding Inline Active Flow Monitoring.]

  • IPv4 and IPv6 version 9 templates for inline active flow monitoring (MPC10E-15C-MRATE on MX Series)—Starting in Junos OS Release 19.2R1, while configuring inline active flow monitoring, you can apply version 9 flow templates to define a flow record template suitable for IPv4 or IPv6 traffic.

    [See Configuring Flow Aggregation on MX, M, vMX and T Series Routers and NFX250 to Use Version 9 Flow Templates.]

  • Support for Two-Way Active Measurement Protocol (TWAMP) on MPC10E-15C-MRATE line card—Starting in Junos OS Release 19.2R1, TWAMP is supported on MPC10E line card on the MX240, MX480, and MX960 routers. TWAMP defines a standard for measuring IPv4 performance between two devices in a network. You can use the TWAMP-Control protocol to set up performance measurement sessions between a TWAMP client and a TWAMP server, and use the TWAMP-Test protocol to send and receive performance measurement probes.

    Configuring the TWAMP client instance to use si-x/y/z as the destination interface (which enables inline services) is not supported if the router has an MPC10E-15C-MRATE installed in the chassis. You can configure only the none authentication mode on the line card.

    [See Understanding Two-Way Active Measurement Protocol on Routers]

  • DS-Lite support on MX Virtual Chassis and MX BNG—Starting in Junos OS Release 19.2R1, the MX Series Virtual Chassis and MX Series broadband network gateway (BNG) support dual-stack lite (DS-Lite). DS-Lite uses IPv4-over-IPv6 tunnels to traverse an IPv6 access network to reach a carrier-grade IPv4-IPv4 NAT. DS-Lite enables the phased introduction of IPv6 on the Internet by providing backward compatibility with IPv4.

    DS-Lite on the MX Series Virtual Chassis and MX Series BNG does not support the following:

    • Application Layer Gateways (ALGs)

    • Limits per subnet

    • Clearing NAT mappings and flows for a specific subscriber, for a basic bridging broadband device (B4), or for a specific service set

    • Port Control Protocol

    [See Tunneling Services for IPv4-to-IPv6 Transition Overview.]

  • Hardware timestamping of RPM probe messages—Starting in Junos OS Releases 19.2R1, you can enable timestamps on RPM probes messages in the Packet Forwarding Engine host processor for the following line cards:.

    • MPC10E-15C-MRATE line card on MX240, MX480, and MX960 routers

    • MPC11E line card on MX2008, MX2010, and MX2020 routers

    You can use the following configuration statements at the [edit services rpm probe owner test test-name] hierarchy level:

    • hardware-timestamp—Enables timestamping of RPM probe messages in the Packet Forwarding Engine host Processor.

    • one-way-hardware-timestamp—Enables timestamping of RPM probe messages for one-way delay and jitter measurements.

    These configuration statements are supported only with icmp-ping, icmp-ping-timestamp, udp-ping, and udp-ping-timestamp probe types.

    See [hardware-timestamp]

    [one-way-hardware-timestamp

    Understanding Using Probes for Real-Time Performance Monitoring on M, T, PTX and MX Series Routers

  • Increased number of AMS members supported on single chassis (MX2020)—Starting in Junos OS Release 19.2R1, you can configure up to 60 MS-PICs as part of aggregated multiservices (AMS) bundles on a single chassis. The configuration supports backup and load-balancing mode (N:1) and all active mode (N:0) with both next-hop style services and interface style services of configurations.

    See [Understanding Aggregated Multiservices Interfaces].

  • IPFIX flow-cache support (MX150) —Starting in Junos OS Release 19.2R1, the flow cache infrastructure support is extended to IPFIX to provide improved throughput with IPFIX service enabled. In earlier releases, without flow cache support for IPFIX, all data traffic would take the microcode path which is much slower than flow cache. With this feature, the unsampled traffic gets forwarded using flow cache which results in better throughput.

Software Defined Networking

  • PCE-initiated bypass LSPs (MX Series)—Starting in Junos OS Release 19.2R1, the Path Computation Element Protocol (PCEP) functionality is extended to allow a stateful Path Computation Element (PCE) to initiate, provision, and manage bypass label-switched paths (LSPs) for a protected interface. Multiple bypass LSPs with bandwidth reservation can be initiated by the PCE to protect a resource.

    With this feature, you can benefit from the LSP state synchronization of manual, dynamic, and PCE-initiated bypass LSPs from a PCE, and leverage on the PCE’s global view of the network, resulting in better control over traffic at the time of a failure, and deterministic path computation of protection paths.

    [See Support of the Path Computation Element Protocol for RSVP-TE Overview.]

  • Support for unified ISSU on abstracted fabric interfaces (MX480, MX960, MX2010, MX2020, MX2008)—Starting in Junos OS Release 19.2R1, abstracted fabric (af) interfaces, configured for Junos Node Slicing, support unified in-service software upgrade (ISSU). Unified ISSU enables an upgrade between two Junos OS releases with no disruption on the control plane and with minimal disruption of traffic.

    Note

    Since the af interface traffic is load balanced across all available Packet Forwarding Engines, the traffic loss on an AF interface during ISSU might be higher, compared to the traffic loss on a regular interface.

    An af interface is a pseudo interface that represents a first class Ethernet interface behavior. An AF interface facilitates routing control and management traffic between guest network functions (GNFs) through the switch fabric.

    [See Abstracted Fabric (AF) Interface.]

  • Centralized assignment of unique MAC addresses to GNFs (MX960, MX2008, MX2010, and MX2020)—Starting in Junos OS Release 19.2R1, Junos node slicing supports the assignment of a globally unique MAC address range (supplied by Juniper Networks) for GNFs. To receive the globally unique MAC address range for the GNFs, contact your Juniper Networks representative and provide your GNF license SSRN (Software Support Reference Number), which will have been shipped to you electronically upon your purchase of the GNF license. For each GNF license, you will then be provided an ‘augmented SSRN’, which includes the globally unique MAC address range assigned by Juniper Networks for that GNF license. You must then configure this augmented SSRN at the JDM CLI as follows:

    set system vnf-license-supplement vnf-id gnf-id license-supplement-string augmented-ssrn-string.

    [See Assigning MAC Addresses to GNF]

  • Support for IPSec, stateful firewal, and CGNAT services on MS-MPCs over abstracted fabric interfaces (MX480, MX960, MX2010, and MX2020)—Starting in Junos OS Release 19.2R1, guest network functions (GNF) support Layer 3 services such as Carrier-Grade Network Address Translation (CGNAT), stateful firewall, and IP Security (IPsec) on Multiservices MPCs (MS-MPCs) over abstracted fabric (af) interfaces.

    [See Abstracted Fabric Interface]

  • MX2008 routers support in-chassis Junos node slicing (MX Series)—Starting in Junos OS Release 19.2R1, MX2008 routers support the in-chassis model of Junos node slicing deployment. In the in-chassis model, the base system (BSYS), Juniper Device Manager (JDM), and all guest network functions (GNFs) run within the Routing Engine of the MX Series router. To support in-chassis Junos node slicing, the MX2008 must have the outing ngine REMX2008-X8-128G installed.

    [See Configuring MX Series Router to Operate in In-Chassis Mode]

Software Installation and Upgrade

  • The curl binary is packaged and made available on all Junos OS variants (MX Series)—The curl binary is a command-line utility, used from the shell, that you can use to perform operations over several transport protocols, including the following: dict, file, ftp, gopher, http, imap, pop3, rtsp, smtp, telnet, tftp. The features enabled on Junos OS are curl version 7.59, libcurl version 7.59.

Subscriber Management and Services

  • Support for M:N subscriber redundancy on BNGs (MX Series)—Starting in Junos OS Release 19.2R1, you can configure broadband network gateways (BNGs) to provide interface-level redundancy for DHCP subscribers that are on the same static VLAN and use the same access interface. Failover from master to backup BNG is transparent to the clients because the subscriber sessions remain up. You must configure DHCP active leasequery with topology discovery on peer DHCP relay agents on the master and backup BNGs to support the redundancy.

    [See M:N Subscriber Redundancy.]

  • Support for Interface-Level Redundancy with DHCP Topology Discovery (MX Series)—Starting in Junos OS Release 19.2R1, you can configure DHCP active leasequery with topology discovery to provide interface-level subscriber redundancy between peer relay agents. Topology discovery enables master and backup peer relay agents to determine the access interfaces on peers that correspond to their own local access interfaces for servicing subscriber redundancy groups. During synchronization, DHCP translates the subscriber binding information to use the local interface on the backup instead of the interface on the master. You must use topology discovery when you configure M:N subscriber redundancy.

    [See DHCP Active Leasequery.]

  • Support for fixed wireless access subscribers on BNGs (MX Series)—Starting in Junos OS Release 19.2R1, you can configure the broadband network gateway (BNG) to support subscribers that use a fixed wireless network. Providers use a wireless network for subscriber access over the air instead of than running fiber to the home. The wireless infrastructure saves costs and reduces complexity compared to the fiber network. The BNG acts as the Third-Generation Partnership Project (3GPP) System Architecture Evolution Gateway (SAEGW). The SAEGW incorporates the functions of both the Serving Gateway (SGW) and the Packet Data Network Gateway (PGW). The SGW function routes and forwards user data packets. The PGW function provides connectivity to external packet data networks

    [See Fixed Wireless Access Networks.]

System Management

  • Support for transferring accounting statistics files and router configuration archives using HTTP URL (MX Series)—Starting in Junos OS Release 19.2R1, you can transfer accounting statistics files and router configuration archives to remote servers by using an HTTP URL. In addition to SCP and FTP, the following HTTP URL will be supported under the archive-sites statement:

    http://username@host:url-path password password

    • To transfer accounting statistics files, configure archive-sites under [edit accounting-options file <filename>] hierarchy.

    • To transfer router configuration archival, configure archive-sites under edit system archival configuration hierarchy.

    • To view the statistics of transfer attempted, succeeded, and failed, use the show accounting server statistics archival-transfer command.

    • To clear the statistics of transfer attempted, succeeded, and failed, use the clear accounting server statistics archival-transfer command.

    [See archive-sites, Backing Up Configurations to an Archive Site, show accounting server statistics archival-transfer, and clear accounting server statistics archival-transfer].

Timing and Synchronization

  • Support for Synchronous Ethernet with ESMC on MPC10E-15C-MRATE (MX240, MX480, MX960)—Starting in Junos OS Release 19.2R1, MPC10E-15C-MRATE supports Synchronous Ethernet with ESMC. Synchronous Ethernet is a physical layer technology that is used to transfer clock signals over Ethernet interfaces. It supports hop-by-hop frequency transfer, where all interfaces on the trail must support Synchronous Ethernet.

    ESMC is a logical communication channel. It transmits Synchronization Status Message (SSM) information, which is the quality level of the transmitting synchronous Ethernet equipment clock (EEC), by using ESMC protocol data units (PDUs).

    [See Synchronous Ethernet Overview].

What's Changed

Learn about what changed in Junos OS main and maintenance releases for MX Series routers.

What’s Changed in Release 19.2R3-S1

General Routing

  • New commit check for MC-LAG (MX Series—We've introduced a new commit check to check the values assigned to the redundancy group identification number on the MC-AE interface ( redundancy-group-id ) and ICCP peer (redundancy-group-id-list ) when you configure multichassis aggregation groups (MC-LAGs). If the values are different, the system reports a commit check error. In previous releases, if the configured values were different, the l2ald process would crash.

    [See iccp and mc-ae.]

Infrastructure

  • Change in support for interface-transmit-statistics statement (MX Series)—You cannot configure aggregated Ethernet interfaces to capture and report the actual transmitted load statistics by using the interface-transmit-statistics statement. Aggregated Ethernet interfaces do not support reporting of the transmitted load statistics. The interface-transmit-statistics statement is not supported in the aggregated Ethernet interfaces hierarchy. In earlier releases, the interface-transmit-statistics statement was available in the aggregated Ethernet interfaces hierarchy but not supported.

    See interface-transmit-statistics.

What’s Changed in Release 19.2R3

General Routing

  • Command to view summary information for resource monitor (MX Series routers and EX9200 line of switches)—You can use the show system resource-monitor command to view statistics about the use of memory resources for all line cards or for a specific line card in the device. The command also displays information about the status of load throttling, which manages how much memory is used before the device acts to reduce consumption.

    See show system resource-monitor and Resource Monitoring for Subscriber Management and Services.

Network Management and Monitoring

  • Enhancement to the show snmp mib command– Starting in Junos OS Release 19.2R3, a new option, hex, is supported to display the SNMP object values in the hexadecimal format. In earlier releases, the show snmp mib command displays the SNMP object values in ASCII and decimal format only.

    [ See show snmp mib.]

Routing Protocols

  • Advertising /32 secondary loopback addresses to Traffic Engineering Database (TED) as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—In Junos OS Release, multiple loopback addresses export into lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router-ids instead of prefixes. In earlier Junos OS releases, multiple secondary loopback addresses in TED were added into lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router-id.

Services Applications

  • New option for configuring delay in IPsec SA installation—In Junos OS Release 19.2R3, you can configure the natt-install-interval seconds option at the [edit services ipsec-vpn rule rule-name term term-name then dynamic] hierarchy level to specify the duration of delay in installing IPsec SA in a NAT-T scenario soon after the IPsec SA negotiation is complete. The default value is 0 seconds.

Subscriber Management and Services

  • Improved tunnel session limits display (MX Series)—Starting in Junos OS Release 19.2R3, the show services l2tp tunnel extensive command displays the configured value for maximum tunnel sessions. On both the LAC and the LNS, this value is the minimum from the global chassis value, the tunnel profile value, and the value of the Juniper Networks VSA, Tunnel-Max-Sessions (26–33). On the LNS, the configured host profile value is also considered.

    In earlier releases, the command displays the value 512,000 on the LAC and the configured host profile value on the LNS.

    [See Limiting the Number of L2TP Sessions Allowed by the LAC or LNS.]

What’s Changed in Release 19.2R2

General Routing

  • User confirmation prompt for configuring the suboptions of request vmhost commands (MX Series and PTX series)—While you are configuring the following request vmhost commands, the CLI now prompts you to confirm your choice with a [yes,no] prompt for the suboptions also.

    • request vmhost reboot

    • request vmhost poweroff

    • request vmhost halt

    In earlier Junos OS releases, the confirmation prompt is available for only the main options.

  • Support for full inheritance paths of configuration groups to be built into the database by default (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting with Junos OS Release 19.2R2, the persist-groups-inheritance option at the [edit system commit] hierarchy level is enabled by default. To disable this option, use no-persist-groups-inheritance.

    [See commit (System).]

  • Logical Interface is created along with physical Interface by default (EX Series switches, QFX Series switches, MX Series routers)—The logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces were created. For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), was displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.

  • LLDP ON_CHANGE statistics support with JTI (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series)—Enhanced telemetry ON_CHANGE event support provides the following LLDP attributes: - When LLDP is enabled on interfaces, LLDP interface counters are notified along with other interface-level attributes. - ON_CHANGE event reports LLDP neighbor age and custom TLVs, as well as when a neighbor is initially discovered

    See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).

Junos OS XML API and Scripting

  • Root XML tag change for show rsvp pop-and-forward | display xml command (MX480)—We’ve changed the root XML tag for the show rsvp pop-and-forward | display xml command to rsvp-pop-and-fwd-information to make it consistent with the XML tag convention. In earlier releases, the command output displays rsvp-pop-and-fwd-info XML tag. Update the scripts with the rsvp-pop-and-fwd-info XML tag to reflect the new rsvp-pop-and-fwd-information XML tag.

    See Junos XML API Explorer - Operational Tags.

Interfaces and Chassis

  • Change in error severity (MX960, MX240, MX2020, MX480, MX2008, and MX2010)—Starting in Junos OS Release 19.2R2, we have reduced the severity of the CRC errors (XR2CHIP_ASIC_JGCI_FATAL_CRC_ERROR) from Fatal to Major. Earlier, these errors caused the line card to be reset, if the CLI command interasic-linkerror-recovery-enable was configured. Now, these errors only disable the Packet Forwarding Engines that are affected. With this change, the interasic-linkerror-recovery-enable configuration has no effect when these errors occur because of the reduced severity.

    Note

    This behavior change is applicable to the following line cards only: MPC5E, MPC6 MPC7, MPC8, and MPC9.

  • Logical Interface created along with physical Interface by default (MX Series routers)—In Junos OS Release 19.2R2 and later, logical interfaces are created on ge-, et-, and xe- interfaces along with the physical interface, by default. In earlier Junos OS releases, by default, only physical interfaces are created.

    For example, for ge- interfaces, when you view the show interfaces command in earlier releases, by default, only the physical interface (for example, ge-0/0/0), is displayed. Now, the logical interface (for example, ge-0/0/0.16386) is also displayed.

  • Support for creating Layer 2 logical interfaces independently (ACX Series, EX Series, MX Series, PTX Series, and QFX Series)—In Junos OS Releases 18.4R1, 18.4R2, 19.1R1, 19.1R2, 19.2R2, and later, MX Series routers support creating Layer 2 logical interfaces independent of the Layer 2 routing-instance type. That is, you can configure and commit the Layer 2 logical interfaces separately and add the interfaces to the bridge domain or Ethernet VPN (EVPN) routing instance separately. Note that the Layer 2 logical interfaces work fine only when they are added to the bridge domain or EVPN routing instance.

    In earlier Junos OS releases, when you use a Layer 2 logical interface configuration (units with encapsulation vlan-bridge configuration), then you must add the logical interface as part of a bridge domain or EVPN routing instance for the commit to succeed.

MPLS

  • Deprecated statement (MX Series)—Starting in Junos OS Release 19.2R2, we have deprecated the preference statement at the [edit protocols source-packet-routing source-routing-path name] hierarchy level. This is because you could have two different sequences of the same route, wherein the active route entry that is selected can be different.

Network Management and Monitoring

  • Change in startup notification after GRES (MX Series routers)—The master Routing Engine sends a coldStart notification when a device comes up. The master Routing Engine also sends warmStart notifications for subsequent restarts of the SNMP daemon. After graceful routing engine switchover (GRES) the new master Routing Engine sends a single warmStart notification and the backup Routing Engine does not send any notification. In earlier releases, after GRES, the new master RE would sometimes send two notifications or a single notification. Of these, the first notification was always a coldStart notification and the second was either a coldStart notification or a warmStart notification.

    See Standard SNMP Traps Supported by Junos OS.

OAM

  • Performance monitoring history data is lost when a change in number of supported history records is detected (ACX Series and MX Series)—In Junos OS Release 19.2R2, when Ethernet connectivity fault management starts, it detects the number of history records supported by the existing Performance Monitoring history database and if there is any change from the number of history records supported (that is, 12) in Release 19.2R2, then the existing Performance Monitoring history database is cleared and all performance monitoring sessions are restarted with mi-index 1.

Routing Protocols

  • XML RPC equivalent included for the show bgp output-scheduler | display xml rpc CLI command (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 19.2R2, we have included an XML RPC equivalent for the show bgp output-scheduler | display xml rpc CLI command. In Junos OS releases before Release 19.2R2, the show bgp output-scheduler | display xml rpc CLI command does not have an XML RPC equivalent.

    [See show bgp output-scheduler.]

  • Automatic installation of YANG-based CLI for RIFT protocol (MX Series, QFX Series, and vMX with 64-bit and x86-based servers)—In Rift 1.2 Release, installation of the CLI for RIFT protocol occurs automatically along with the installation of the junos-rift package. In the pre-1.0 releases of the junos-rift package, the RIFT CLI had to be installed separately using request system yang command after installation of the junos-rift package.

Services Applications

  • Update to CLI option for configuring the version number to distinguish between currently supported version of the Internet draft draft-ietf-softwire-map-03 (MX Series Services Applications)—In Junos OS Release 19.2R2, the version-3 option under the [edit services softwire softwire-concentrator map-e] hierarchy is optional. The version number helps distinguish between the currently supported version of the Internet draft draft-ietf-softwire-map-03 is optional. In earlier Junos OS releases, if you do not configure the version-3 option, the configuration results in an error.

    [See map-e.]

  • Change in NAT port block syslog message display (MX Series routers)—When you configure a softwire prefix other than 128, all the JSERVICES_NAT_PORT_BLOCK logs now display the prefixed B4 address. We have modified the following JSERVICES_NAT_PORT_BLOCK logs:

    • JSERVICES_NAT_PORT_BLOCK_ALLOC

    • JSERVICES_NAT_PORT_BLOCK_RELEASE

    • JSERVICES_NAT_PORT_BLOCK_ACTIVE

    In earlier releases of Junos OS, when a softwire prefix is configured, some of the B4 addresses displayed in the JSERVICES_NAT_PORT_BLOCK log are /128 addresses (irrespective of the configured prefix). This change is not observed when the softwire prefix is not configured.

Software Defined Networking (SDN)

  • Increase in the maximum value of delegation-cleanup-timeout (MX Series)—You can now configure a maximum of 2,147,483,647 seconds as the delegation cleanup time for a Path Computation Client (PCC). This extends the time taken by the PCC to retain the last provided path over a PCEP session from the last session down time.

    With the increase in the maximum value of delegation-cleanup-timeout from 600 to 2,147,483,647 seconds, you can benefit during a Path Computation Element (PCE) failover, or other network issues that may disrupt the PCEP session with the main active stateful PCE.

    [See delegation-cleanup-timeout.]

Subscriber Management and Services

  • Enhancement to commands to display reason for Routing Engine disconnect (MX Series)—Starting in Junos OS Release 19.2R2, several commands display the reason when the master and standby Routing Engines disconnect because of a memory mismatch error. On a chassis with two Routing Engines, a DRAM size mismatch error can result when both of the following are true:

    • The Routing Engines have different amounts of DRAM.

    • A 64-bit Junos OS image is loaded on the chassis.

    You can avoid this problem by doing either of the following:

    • Ensure that both Routing Engines have the same amount of DRAM.

    • Load a 32-bit image.

    The show database-replication summary and show system subscriber-management summary commands display the DRAM mismatch as the reason in the Disconnection field. The request chassis routing-engine master switch check command displays an error message if the DRAM size is different for the two Routing Engines.

  • Prevent queue-based throttling from stopping subscriber login (MX Series)—Starting in Junos OS Release 19.2R2, you can specify a value of 0 with the high-cos-queue-threshold statement. This value prevents any subscriber from being throttled by queue-based throttling.

  • XML output format change for test aaa type user commands (MX Series)—Starting in Junos OS Release 19.2R2, the XML output format changes for the test aaa authd-lite user, test aaa dhcp user, and test aaa ppp user commands. Each RADIUS server attribute name has an associated attribute value. Each of these pairs is now enclosed by the <radius-server-data> tag. The new tag makes it easier to recognize the name/value pairs, both for operators and API clients. You may have to change any scripts that use the XML output to work properly with the new format.

    [See AAA Testing and Troubleshooting.]

  • Support for Pseudowire Physical Interface for ANCP Autoconfiguration (MX Series)—Starting in Junos OS Release 19.2R2, you can associate an ANCP neighbor with a subscriber-facing pseudowire physical interface for ANCP autoconfiguration of VLANs. When configured, ANCP Port Up and Port Down messages received on the interface trigger notifications to the autoconfiguration daemon (autoconfd) to initiate VLAN creation (Port Up) or removal (Port Down). In earlier releases, ANCP supports only the following physical interface types for this feature: aggregated Ethernet (ae), Gigabit Ethernet (ge), 10-Gigabit Ethernet (xe), 100-Gigabit Ethernet (et), and demux.

What’s Changed in Release 19.2R1

EVPN

  • Support for disabling automatic ESI generation (MX Series and QFX Series)—Starting with Junos OS Release 19.2R1, Junos OS supports disabling the automatic ESI generation for virtual gateway addresses. We recommend that you disable the automatic ESI generation for EVPN networks with edge-routed bridging to improve performance. To disable automatic ESI generation, include the no-auto-virtual-gateway-esi statement at the [edit interfaces name irb unit logical-unit-number] hierarchy level.

Interfaces and Chassis

  • Deprecation of the [edit fabric protocols bgp] hierarchy level (MX Series)—Starting in Junos OS Release 19.2R1 and later, the [edit fabric protocols bgp] hierarchy level is deprecated.

  • Support to get Optics Loopback Status for QSFP-100GE-DWDM2 transceivers (MX Series)—In Junos OS Release 19.2R1, and later, on MX Series routers, you can get the optics loopback status of QSFP-100GE-DWDM2 transceivers along with the regular ethernet loopback status by issuing the show interfaces interface-name or show interfaces interface-name brief command. New Output field Optics Loopback is added under Link-level type when show interfaces interface-name CLI command is executed.

  • Monitoring information available only in Trace log (MX Series)—In Junos OS Release 19.2R1 and later, the Ethernet link fault management daemon (lfmd) in the peer router stops monitoring the locally occurred errors until ISSU completes. You can view the monitoring-related details only through the trace log file.

  • Health check for power supplies (MX10008 and MX10016)—Starting in Junos OS Release 19.2R1, on the MX10008 and MX10016 routers, the show chassis environment pem command displays the health check information about the DC or AC Power supplies. For any power supply that does not support health check, the status is shown as Unsupported. The system starts health check of a power supply only if the power consumption exceeds 7 KW.

    [See show chassis environment pem]

MPLS

  • New debug statistics counter (MX Series)—The show system statistics mpls command has a new output field, called Packets dropped, over p2mp composite nexthop, to record the packet drops over composite point-to-multipoint next hops.

  • IPv4 explicit-null label retained from the merged protocol MPLS label stack—The IPv4 explicit-null label is retained from the merged protocol MPLS label stack, if the IPv4 explicit-null is at the bottom of the MPLS label stack.

Network Management and Monitoring

  • The show system schema command and <get-yang-schema> RPC require specifying an output directory (MX Series)—Starting in Junos OS Release 19.2R1, when you issue the show system schema operational mode command in the CLI or execute the <get-yang-schema> RPC in a remote session to retrieve schema files, you must specify the directory in which to generate the output files by including the output-directory command option in the CLI or the <output-directory> element in the RPC. In earlier releases, you can omit the output-directory argument when requesting a single module to display the module in standard output.

  • Custom YANG RPC support for input parameters of type empty (MX Series)—Starting in Junos OS Release 19.2R1, custom YANG RPCs support input parameters of type empty when executing the RPC’s command in the Junos OS CLI, and the value passed to the action script is the parameter name. In earlier releases, input parameters of type empty are only supported when executing the RPC in a NETCONF or Junos XML protocol session, and the value passed to the action script is the string 'none'.

    [See Creating Action Scripts for YANG RPCs on Devices Running Junos OS.]

  • Change in power supply alarms (MX10003)—Starting in Junos OS Release 19.2R1, the MX10003 routers do not raise an alarm if a Power Entry Module (PEM) slot is empty. However, when the number of operational PEMs available is less than 2, the router raises a major alarm. This alarm is cleared when the required number of PEMs are made available.

    [See show chassis alarms]

Routing Policy and Firewall Filters

  • Fixed an issue with certain combination of match conditions—In Junos OS Release 19.2R1, fixed a temporary issue wherein configuring a firewall filter with a match condition for port along with source-port and/or destination-port in the same filter term would cause a commit error. Any valid combination of the filter terms is now supported.

Services Applications

  • Support for host generated traffic on a GRE over GRE tunnel (MX Series)—In Junos OS Release 19.2R1, you can send host generated traffic on a GRE over GRE tunnel. However, when path maximum transmission unit (PMTU) is updated for the outer GRE tunnel, MTU for inner GRE tunnel is not corrected.

  • New syslog message displayed during NAT port allocation error (MX Series Routers with MS MPC)—With address pooling paired (APP) enabled, an internal host is mapped to a particular NAT pool address. In case, all the ports under a NAT pool address are exhausted, further port allocation requests from the internal host results in a port allocation failure. The following new syslog message is displayed during such conditions:

    JSERVICES_NAT_OUTOF_PORTS_APP

    This syslog message is generated only once per NAT pool address.

Software Defined Networking

  • Deprecated CLI commands and options for JDM (MX480, MX960, MX2010, MX2020, and MX2008)—Starting in Junos OS Release 19.2R1, in Junos Node Slicing, Juniper Device Manager (JDM) does not support the following CLI commands or options:

    • show system visibility

    • show system inventory

    • the jinventoryd option in the restart command

Subscriber Management and Services

  • Changing attributes of physical interface with active subscribers (MX Series)—Starting in Junos OS Release 19.2R1, the commit check fails when you change any attribute of the physical interface, such as the MTU, when subscribers are active. This affects only aggregated Ethernet physical interfaces with targeted distribution configured. In earlier releases, the commit check does not fail and the attribute change brings down the physical interface and all subscribers using that interface.

    [See CoS for Aggregated Ethernet Subscriber Interfaces Overview.]

  • Out-of-address SNMP trap requires thresholds to be configured (MX Series)—Starting in Junos OS Release 19.2R1, the behavior has changed for generating an out-of-address SNMP trap for an address pool. You must now configure both the high-utilization and abated-utilization thresholds. When the number of assigned addresses surpasses the high-utilization threshold, a high-utilization trap is generated. If all the addresses are assigned from the pool, an out-of-address trap is generated and an out-of-address syslog message is sent.

    In earlier releases, an out-of-address trap is generated when the address pool is exhausted, regardless of whether the thresholds are configured.

    [See Configuring Address-Assignment Pool Usage Threshold Traps.]

  • juniper-access-line-attributes option replaces juniper-dsl-attributes (MX Series)—Starting in Junos OS Release 19.2R1, the juniper-access-line-attributes option replaces the juniper-dsl-attributes option at the [edit access profile profile-name radius options] hierarchy level. For backward compatibility with existing scripts, the juniper-dsl-attributes option redirects to the new juniper-access-line-attributes option. We recommend that you use juniper-access-line-attributes from now on.

VLAN Infrastructure

  • Specifying a descending VLAN ID range ( MX Series routers, and vMX virtual routers)—In Junos OS releases prior to Junos OS Release 19.2R1, the system accepts a descending range—for example, 102-100, with the vlan-id-range configuration statement in the [edit interfaces interface-name unit logical-unit-number] hierarchy.

    Starting with Junos OS Release 19.2R1, the system considers a descending range specified with vlan-id-range to be invalid and raises an error if you try to commit this configuration.

Known Limitations

Learn about known limitations in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • The Routing Engine boots from the secondary disk when you: a) press the reset button, on the RCB front panel, while the Routing Engine is booting up but before Junos OS is up. b) Upgrade software, by booting from the network using the request vmhost reboot network command, and the system fails to boot from the network. c) Upgrade BIOS and the upgrade fails. d) Reboot and the system hangs before Junos OS is up. PR1344342

  • During a unified ISSU that warrants host upgrade, if the router is configured with 8 million IPv4/IPv6 routes or more, the unified ISSU might fail resulting in FPC restart. PR1348825

  • The commit is successful when the configured MTU value is greater than 9500, which is the maximum permissible value. However, the actual value is set back to 1518B without any error. Check the DCD log to verify the occurrence. PR1372690

  • The MIC-MACSEC-20G supports 10-Gigabit speed through the set chassis fpc x pic y pic-mode 10G configuration applied to both the PICs in that MIC. Any other PIC mode configuration should be removed and then the 10-Gigabit PIC mode configuration is to be applied. PR1374680

  • In Junos OS, most daemons underwent architectural change in transition from Junos OS Release 14.1X53 to Junos OS Release 17.X (4 years) and many new features were added. These changes caused an increase in memory footprint in Junos OS Release 17.X compared to Junos OS Release 14.1X53. Unless we see system instability or any adverse performance impact, or a daemon crash due to low memory, this increased memory footprint should not be an issue, and functionality should work fine. The increased memory footprint is a Junos OS property. PR1390226

  • On MX2008 platform with MPC9E, in line rate traffic with a redundant SFB2 scenario, if offline one redundant SFB2, there might be tail or sometimes WRED drops in MPC9E, resulting in partial traffic loss. Under normal circumstances, the SFBs should be auto fail-over if one of them fails, and there should be only a little packet dropped momentarily. PR1395591

  • The dfe tuning failing at times is a known issue on MX10003, the only recovery option in this situation is to restart the FPC. PR1413233

  • The MX104 router has the following limitations in error management:The show chassis fpc error command is not available for MX104 in Junos OS eleases 13.3R7, 15.1R2,14.1R5,14.2R4, 13.3R8, and later. Junos OS does not initiate restart of the system on encountering a fatal error. Although you can configure the action to disable the Packet Forwarding Engine when major errors occur, Junos OS does not disable the Packet Forwarding Engine on encountering a major error. PR1413314

  • In Next Gen Services and non-Next Gen Services cases, the monitor interface is MS or VMS. When chassisd restarts, all FPCs are restarted. The service redundancy daemon (srd) also gets restarted and the ICCP connection goes down. If the FPC hosting the ICL goes down first before srd receives the information about the down physical interface for the monitored interface, it will not do switchover immediately. The same behavior is observed in the Next Gen Services and the non-Next Gen Services as well. PR1416064

  • In the following scenario Device 1 Remote Device MX10003-mx1ru-h <----------------> MX10003-mx3ru-i et-0/0/2 et-1/0/1. If PRBS is started on simultaneously as TX and RX on both the devices, there will be errors seen at remote device because when PRBS is started as TX on remote device, it attempts to dfe tune the line again but PRBS is already running as RX which causes the error. So first start As Tx on Device 1 and as Rx on Remote device, then stop the test on both the ends and start as TX on remote device and as Rx on Device 1. PR1416124

  • Names of user-defined applications are always displayed in the sessions output if they match the traffic criteria defined in the application definition. This happens irrespective of whether the match conditions in the rule has these applications as one of the match condition or not. PR1416365

  • Since creating the loopback at the MacSec port (remote end) in this specific situation, the link itself is down at the EA port hence PRBS test fails with incrementing error counts. PR1421432

  • Due to a race condition between the creation of logical interfaces and sending out of GARP when a logical interface is configured, there is an issue of logical interface statistics incrementing by one output packet. PR1430431

  • FLT will not support source-port and port combination match due to the limitation. PR1432201

  • Dynamic spring-te tunnel creation to LDP (non SR) speaking nodes are not supported even in the presence of mapping server configurations. Spring-te internally converts the tunnel-hop IP addresses (prefix/adjacency) into corresponding labels through auto-translate feature. This feature internally makes use of Traffic Engineering Database (TED); where at present the mapping server entries are not present. PR1432791

  • On MPC2 Junos telemetry interfaces services statistics might not be available after the unified ISSU. PR1433589

  • 128k source-ip addresses as match condition should be configured under couple terms. After commit the configuration, it will take 10 minutes to effect. PR1433974

  • On MX10003 platform with no MSATA device, xSTP topology change is seen during FRU upgrade state in unified ISSU. PR1435397

  • When the Junos telemetry interface collector runs for a longer duration, the iLatency will be negative. PR1436126

  • With scaled inline single-hop BFD sessions, and events such as restart of FPC, ppm, drpd, and some of the BFD sessions might flap. PR1436543

  • In a large-scale setup (such as large number of routing instances or interfaces), if there are frequent changes in configuration and interface flapping when the rpd is restarted by deactivating and then activating the logical system or restarting routing, the rpd might crash. PR1438049

  • MX Series routers report Routing Engine and FPC policer violation when DDoS violation occurs. PR1439427

  • Whenever the primary path goes down for the SRTE tunnel, dynamic tunnel module (DTM) starts an expiry timer of 15 minutes. If the primary path comes up within this timer period, the tunnel will be up again. After the timer expires and the primary path is still not up, DTM asks SRTE to remove the tunnel. Also, if there are multiple paths to reach the tunnel endpoint, bgp routes will resolve over the other route, for example a L-ISIS path. Later even if the primary path comes up, bgp routes will remain resolved over the other secondary route and does not change. No re-resolution is happening because the SRTE tunnel is resolving with more than one indirection (SRTE over MPLS over IS-IS in this case). Because of the whole design of how resolution happens and multiple dependencies, there is no simple fix for this. The same issue is applicable to RSVP tunnels also. The issue is applicable to uncolored tunnels only. PR1439557

  • Interworking between MPC10E and SCBE3 is not supported. PR1440073

  • A privilege escalation vulnerability might occur in devices running Junos OS configured with dual Routing Engines, Virtual Chassis or high-availability cluster might allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. PR1441795

  • The jinsightd might display constant CPU utilization levels (for example, 5-6 percent) with no health monitor due to the presence of default fault monitoring telemetry sensors (check with the show agent sensors command). This is expected and there is no service impact due to this. The utilization level depends on the number of FPCs in the chassis. PR1451057

  • Syslog error message Failed to complete DFE tuning is generated. This message has no functional impact and can be ignored. PR1473280

Interfaces and Chassis

  • Upgrading Junos OS Release 14.2R5 and later maintenance releases and Junos OS Release 16.1 and later mainline releases with CFM configuration might cause the cfmd process to crash after upgrade. This is because of the presence of an old version of /var/db/cfm.db. PR1281073

  • In a large-scale subscriber environment, changing aggregated Ethernet member link configuration might generate core files for the two Routing Engines. PR1375638

  • When disabling physical interface with JNP-100G-AOC-xM AOC cables, port LED could turn red or go off depending on vendor. JNP-100G-AOC-xM cables sourced by Finisar will cause port LED to turn red when physical interface is disabled. Cables sourced by Innolight will cause the port LED to turn off in contrary. Tranceiver vendor information can be obtained from the show chassis pic fpc-slot <fpc slot> pic-slot<pic slot> CLI command. Transceiver vendor field contains 'JUNIPER-FINISAR' for Finisar and 'JUNIPER-INNO' for Innolight. PR1415958

  • Firmware upgrade for nPhi Madison optics is not supported on MX10008/16 platform. PR1424408

Platform and Infrastructure

  • On all platforms running Junos OS, execution of Python scripts through enhanced automation does not work on veriexec images. PR1334425

Routing Protocols

  • When 32,000 SR-TE policies are configured at once, during configuration time there might be scheduler slips. PR1339829

  • A mis-design in the route selection code with respect to BGP multiple exit discriminator (MED) grouping is done. This interacts poorly with families such as EVPN and Layer 2 VPN which create their own routes rather than doing rib-leaking similar to Layer 3 VPN. However, this issue might trigger even without those families if routes are made comparable to BGP (for example, preference 170). This is a corner case with racing condition within rpd code. PR1352697

Open Issues

Learn about open issues in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • Duplicate packets in EVPN scenario are seen because a nondesignated forwarder is sending an inclusive multicast packet to the PE-CE interface after MAC lookup. PR1245316

  • In an EVPN-VXLAN core isolation scenario, the server is multihomed to the leaf devices through LACP interfaces. If graceful restart is enabled, when you reboot the system or restart routing on the leaf device, the core isolation does not work. If you reboot the system, the issue results in the leaf device silently dropping the traffic sent from the server during the time window between LACP coming up and BGP coming up. If you restart routing, there might be no traffic drop because of the graceful restart. PR1461795

  • In an EVPN-MPLS scenario with the proxy-macip-advertisement enabled on an IRB, ARP for remote CE device on local PE device might fail and forwarding-table entry always remains in hold state. The proxy-macip-advertisement enables the proxy advertisement feature on a device that can function as a Layer 3 gateway. With this feature enabled, the Layer 3 gateway advertises the MAC and IP routes (MAC+IP type 2 routes) on behalf of Layer 2 VXLAN gateways. PR1506343

Forwarding and Sampling

  • The skip-service configuration does not work with IPv6 NDP negotiation or ping. PR1074853

  • If IPv4 prefix is added to a prefix list referred by IPv6 firewall filter, then the log message Prefix-List [Block-Host] in Filter [Protect_V6] not having any relevant prefixes , Match [from prefix-list Block-Host] might be optimized is not seen. PR1395923

  • Restart the firewall process in both Routing Engines when firewall error logs are noticed along with SSD hardware failure logs. PR1397171

  • In the case of a physical interface policer for ip-option traffic, the traffic rate is found to be more than 10 percent. PR1398728

  • Verify event CP down/up is long enough to trigger EP timeout for CoS hierarchy model 2, failing as expected when DHCP subscribers are not bound. PR1505409

General Routing

  • SIP session fails when the IPv4 SIP client in a public network initiates a SIP call with the IPv6 SIP client in a private network. PR1139008

  • If a VM host snapshot is taken on an alternate disk and there is no further VM host software image upgrade, the expectation is that if the current VM host image gets corrupted, the system boots from the alternate disk so the user can recover the primary disk to restore the state. However, if the host root file system is corrupted, the node boots with the previous VM host software instead of booting from the alternate disk. PR1281554

  • The deletion of the oneset/leaf-list configuration through JSON might not be successful when the delete attribute is passed in the JSON string. PR1287342

  • The chain-composite statement does not bring in a lot of gain because TCNH is based on an ingress rewrite premise. Without this statement things work fine. PR1318984

  • With regard to FPC restarts or Virtual Chassis splits, the design of MX Series Virtual Chassis infrastructure relies on the integrity of the TCP connections. The reactions to failure situations might not be handled gracefully. This results in TCP connection timeouts because of jlock hog crossing the boundary value (5 seconds), which causes bad consequences in MX Series Virtual Chassis. Currently, there is no other easy solution to reduce this jlock hog besides enabling marker infrastructure in the MX Series Virtual Chassis setup. PR1332765

  • The first packet pertaining to the J-Flow Packet Forwarding Engine sensor in UDP mode is missing after the line card reboots on an MX150 platform. PR1344755

  • With GRES enabled in a subscriber environment, if subscribers are logging in or logging out quickly, the service sessions in the session database (SDB) of the backup Routing Engine might leak. If the problem is not detected for a long time, the backup Routing Engine might not be able to synchronize with the master Routing Engine and will not be ready for GRES. PR1346300

  • Backup Routing Engine might crash after more than 10 continuous GRES switchovers. PR1348806

  • For configurations of bridging routing instances with aggregated Ethernet logical interfaces (6400 logical interfaces) and IRB instances, all from a single FPC, the CPU utilization of the FPC stays at 100 percent for 4 minutes. The behavior from PFEMAN of the FPC has the processing time spiked on IF IPCs, and this seems to be the case of MPC7E line cards from Junos OS Release 16.1R1 (or even earlier). After 4 minutes, the CPU utilization comes down and the FPC is normal. Therefore, scaled configurations on MPC7E line card takes settling time of more than 4 minutes. PR1359286

  • In rare circumstances, a faulty SFP transceiver installed in an MX104 might cause the AFEB to go offline. The backup Routing Engine and fan tray might also show an alarm. PR1360426

  • When an FPC is booting up (either during unified ISSU, router reboot, or FPC restart), I2C timeout errors for an SFP transceiver are seen and the I2C action is not completed because the device is busy. When the FPC is up, all the I2C transactions to the device are normal, so no periodic failure is observed. There is no functional impact and these errors can be ignored. PR1369382

  • If any of the log messages continue to appear in the MPC console, it indicates the presence of a faulty SFP/SFP+ transceiver is causing I2C transaction from the main board CPU. There is no software recovery available to recover from this situation. These logs also indicate potential I2C transaction failure with any of the 10 ports available with GMIC2 in PIC 0, resulting in an unexpected behavior. For example, links do not come up or the MIC does not boot when restarted. I2C Failed device: group 0xa0 address 0x70 Failed to enable PCA9548(0x70):grp(0xa0)->channel(0) mic_sfp_select_link:MIC(0/0) - Failed to enable PCA9548 channel, PCA9548 unit:0, channel ID: 0, SFP link: 0 mic_sfp_id_read: Failed to select link 0. As a workaround, detect and replace the faulty SFP/SFP+ transceiver plugged into the GMIC2 ports. PR1375674

  • On MX480 routers, a few xe- interfaces are going down with the error message if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840

  • The virtio throughput remains the same for multi-queue and single-queue deployments. PR1389338

  • In a BGP Prefix-Independent Convergence (PIC) case, if a route R1 resolves on top of the multipath route R2, where R2 has primary and backup indirect next hops, it will be better if the backup leg is not used for the resolution of R1. There is no impact on any existing CLI commands. The backup path is never used when the primary path is available. PR1401322

  • Parity error detection and correction is not supported. PR1402455

  • On MX150 and vMX-based platforms, when the clear pim join instance instance-name all command is issued, it might result in stopping of the riot process on the system. PR1409527

  • A small number of tunneled subscribers might terminate during the unified ISSU because of momentary loss of IP connectivity between the LAC and LNS devices. PR1414928

  • FPC core files are generated on multiple additions or deletions of hierarchical CoS from pseudowire devices. As a workaround, remove the pseudowire device without changing the hierarchical CoS configuration. PR1414969

  • In Next Gen Services and non-Next Gen Services cases, the monitor interface is MS or VMS. When chassisd restarts, all FPCs are restarted. The service redundancy daemon (srd) also gets restarted and the ICCP connection goes down. If the FPC hosting the ICL goes down first before srd receives the information about the down physical interface for the monitored interface, it will not do switchover immediately. The same behavior is observed in the Next Gen Services and the non-Next Gen Services as well. PR1416064

  • The MX Series Packet Forwarding Engine does not account for the labels pushed on to the packet on the egress Packet Forwarding Engine, while the PTX Series Packet Forwarding Engine does. This results in a slight difference in the byte count for the same traffic stream across these two platforms. The packet count is still the same across the platforms. Currently, this issue is noticed for uncolored SR-TE policies. PR1416738

  • System ID of an old master Routing Engine is reported by FPCs even after GRES. PR1417366

  • Traffic statistics are not displayed for the hybrid access gateway session and tunnel traffic. PR1419529

  • The ROUTING_LOOP_DETECTED subcode is not generated under the PATHERR_RECV code when a strict path loop is created for LSP event telemetry notifications. PR1420763

  • If the HTTP header enrichment function is used, the traffic throughput decreases when the traffic passes through header enrichment. PR1420894

  • Because the loopback was created at the MACsec port (remote end) in this specific situation, the link itself is down at the EA port. Therefore, the PRBS test fails with incrementing error counts. PR1421432

  • For ALGs with out-to-in sessions, if the data sessions come from an IP address that is different from the IP address available in the control sessions with the NAT rule matching, such ALGs should have the match condition for the destination-address as any and not a specific IP, or you must add all possible IP addresses from where the data sessions for the ALGs can come. PR1421555

  • The Junos OS Releases 19.1 and later support RFC8231 and RFC8281 compliance by default. However, if the controller is not compliant with RFC8231 and RFC8281, a backward compatibility can be configured to fall back to pre-RFC 8231/8281 behavior. PR1423894

  • Due to a race condition between the creation of logical interfaces and sending out of gratuitous ARP when a logical interface is configured, there is an issue of logical interface statistics incrementing by one output packet. PR1430431

  • On MPC10 line card, the error message failed, Return code: 500 is seen with baseline. PR1431552

  • After restarting the router, changing the anti-spoof status causes tunnel duplication. However, half of those tunnels are up because they have not been cleaned up. PR1433930

  • On MX Series platforms, if the clock frequency is slowly changing on CB0 (slow drift), the clock source for MPC-3D-16XGE-SFPP might not be changed to CB1, which causes interfaces on it to go down and remain in the down state. PR1433948

  • When you reboot or power off the backup Routing Engine, a trap message is reported. This is the generic design for the MX10003 platform. PR1436212

  • Error of traffic does not get policed as expected after locally switched for VLAN 100 and 101, while verifying the selective local-switching functionality with 4000 VLANs. PR1436343

  • With scaled inline single-hop BFD sessions, and events such as restart of FPC, ppmd, rpd, and some of the BFD sessions might flap. PR1436543

  • FPC might crash when the Packet Forwarding Engine memory usage for a partition such as NH/DFW is high. Under low Packet Forwarding Engine memory condition, log message Safety Pool below 25% Contig Free Space" or "Safety Pool below 50% Contig Free Space might be observed. PR1439012

  • The interface-specific filters do not work on the MPC10E line card, and both count and policer actions are affected. It is advisable not to use interface-specific firewall filters in this release. PR1439327

  • MX Series routers report Routing Engine and FPC policer violation when DDoS violation occurs. PR1439427

  • Before switching mastership of Routing Engine, you need to wait at least 4 minutes after enabling the GRES configuration for both the Routing Engines to come up in dual Routing Engine mode. Check GRES readiness by executing the request chassis routing-engine master switch check command from the master Routing Engine and the show system switchover command from the backup Routing Engine. PR1439884

  • There is a change in the way egress topology is being set up for the control packets in MPC10 line cards from the way it is set up in legacy MX Series routers. In legacy MX Series routers, the control packets (ARP) are not subject to family any firewall next hops, whereas in MPC10 line card they will be. Thus, if the firewall does not have the ACCEPT default term, it is expected to drop the ARP packet. PR1440792

  • On MX204 and MX10003 routers, egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, and MPC9E line cards. PR1441816

  • The BGP session establishing over the GRE tunnel fails when the router receives the BGP packets encapsulated as GRE and uses the firewall filter action to de-encapsulate the GRE header. PR1443238

  • When an xe- interface working in 1-Gigabit mode is added to a member link of an aggregated Ethernet interface, the speed of the aggregated Ethernet interface is incorrectly shown as 10 Gbps. There is no functional impact. This is a display issue. PR1449887

  • On MX Series, the dropped packets are seen on MQ/XM-based MPCs, although there is no traffic flowing through the system. PR1451958

  • When you use the replace pattern command to replace the name in the apply-group, the mgd crashes. PR1452136

  • SDK upgrade from 5.10 to 6.5.16 is done in this release. PR1454144

  • When you edit a command and run the command from CLI command history, the timestamp might not appear. PR1454387

  • The firewall filter might be incorrectly updated in the MPC10E Packet Forwarding Engine when a change (for example, add, delete, deactivate, or activate) of firewall filter terms occurs in some scenarios, such as large-scale term changes or changes happening during MPC reboot. The incorrect firewall filter might cause the traffic to be silently dropped or discarded and even lead to an MPC crash. It is a timing issue. PR1458499

  • The commit script does not apply changes in private mode unless a commit full operation is performed. PR1465171

  • With BGP RIB sharding and update threading, traffic drops by 100 percent in the BGP Layer 3 VPN streams after removal or restoration of the configuration. PR1469873

  • When enhanced-mode ISSU is in progress, the MPC7E, MPC8E, and MPC9E line cards lose control connection, chassisd incorrectly marks FPCs offline reason as "Bad Voltage". PR1473722

  • When you reboot the external server, the SNMP values configured within /etc/snmp/snmpd.conf at the server get overwritten with content from the JDM SNMP stanza. Trap configuration changes get completely removed. JDM restart or stop/start does not change the host /etc/snmp/snmpd.conf file; only system reboot of the server does this change. PR1474349

  • Changing framing modes on a CHE1T1 MIC between E1 and T1 on an MPC3E NG HQoS line card causes the PIC to go offline. PR1474449

  • In VPLS configurations, ARP resolution over an IRB interface might fail if the hosts are behind a vt- tunnel. As a workaround, you can use no-tunnel-services statement. PR1477005

  • When specific hardware failure conditions occur in MX2000 platforms, fabric healing attempts to auto-heal the fault location in three phases to prevent traffic get silently dropped and discarded. In such fault conditions, fabric healing process in last phase-3 might not be able to decide which FPC slot should be marked faulty and off-line all the FPCs in the system reporting fabric destination time out. PR1482124

  • BFD over Layer 2 VPN or Layer 2 circuit does not work because of the SDK upgrade to version 6.5.16. PR1483014

  • Viewing a large file from vFPC console using cat application might hog the console. PR1493805

  • On deactivating and activating routing instance, packets from nonexisting source on GRE or UDP designated tunnel are accepted where they are supposed to be dropped. PR1503421

  • On all Junos OS platforms with the Juniper Telemetry Interface configured, the rpd might crash when there is telemetry streaming is in progress and meanwhile there is a network churn. This is a timing issue, and the rpd recovers automatically. PR1505425

  • In an EVPN scenario with VRRPv6 is used, the Ethernet source MAC address might be used for IPv6 mac-ip binding when the NA is sent from VRRPv6 master. As this unexpected behavior is triggered on regular intervals, it causes the entries to keep refreshing in the EVPN database because NS from VRRPv6 master changes the mac-ip binding. This impacts the traffic. PR1505976

  • A 10-Gigabit Ethernet interface configured with WAN-PHY framing might flap continuously if the hold-down timer is set to 0 (which is the default). This is not applicable to an interface with the default framing LAN-PHY. PR1508794

Infrastructure

  • The following messages are seen during FTP: ftpd[14105]: bl_init: connect failed for `/var/run/blacklistd.sock' (No such file or directory). PR1315605

Interfaces and Chassis

  • Out-of-sequence packets are seen with the LSQ interface. PR1258258

  • With a connectivity fault management (CFM) configuration, if you execute an upgrade between releases that uses a different db format, the continuous cfmd crashes might be seen after upgrade. PR1281073

  • After GRES, 1-Gigabit Ethernet speed calculation changes to 10-Gigabit Ethernet. PR1326316

  • In MX Series Virtual Chassis, flooding of the error message CHASSISD_CONFIG_ACCESS_ERROR: pic_parse_ifname: Check fpc rnage failed can be seen when MPC7, MPC8, and MPC9 line cards are inserted to member 1. The errors only impact DWDM PICs, and do not affect the MPC7, MPC8, and MPC9 line cards. Hence this syslog message can be safely suppressed. PR1349277

  • There are multiple failures when events such as node reboot, ICL flaps, and ICCP flaps occur, and even with enhanced convergence configured there is no guarantee that subsecond convergence will be achieved. PR1371493

  • Some routers index the SFP transceivers starting at 1, while interface numbering starts from 0; thus, reading the Packet Forwarding Engine-level output can be confusing. PR1412040

  • Syslog error scchassisd[ ]: CHASSISD_IPC_WRITE_ERR_NULL_ARGS: FRU has no connection arguments fru_send_msg Global FPC x is observed after MX Virtual Chassis local or global switchover. This syslog is harmless in this scenario. PR1428254

  • If an aggregated Ethernet interface has VRRP configuration, in the following use cases, member logical interfaces are not created after a member physical interface comes up and the aggregated Ethernet interface is in down state:

    • FPC restart (request chassis fpc restart slot <>)

    • Chassis-control restart (restart chassis-control)

    • Reboot of both Routing Engines (request system reboot both-routing-engines).

    So, before performing these operations, we recommend that you remove the VRRP configuration from the aggregated Ethernet interface. PR1429045

Junos Fusion for Provider Edge

  • On a Junos fusion for enterprise system, intermediate traffic drop is seen between aggregation and satellite device when sFlow is enabled on an ingress interface. This issue is not seen always. When sFlow is enabled, the original packet gets corrupted for those packets that hit the sFlow filter. This is because a few packets transmitted from the egress interface of AD1 is short of FCS (4 bytes) + 2 bytes of data, due to which the drop occurs. It is seen that the normal data packets are of size 128 bytes (4 bytes FCS + 14 bytes Ethernet header + 20 bytes IP header + 90 bytes data), while the corrupted packet is 122 byte (14 bytes Ethernet header + 20 byte IP header + 88 bytes data). PR1450373

Layer 2 Features

  • If VLAN ID lists are configured under a single physical interface, Q-in-Q might stop working for certain VLAN ID lists. PR1395312

Layer 2 Ethernet Services

  • DHCPV6_LEASEQUERY counter might not be as expected in the show dhcpv6 relay statistics command output. PR1521227

MPLS

  • With nonstop active routing (NSR), when the routing protocol process (rpd) restarts on the master Routing Engine, the rpd on the backup Routing Engine might restart. PR1282369

  • The root XML tag in the output is changed from rsvp-pop-and-fwd-info to rsvp-pop-and-fwd-information to be consistent with the XML tag convention. PR1365940

  • The default behavior of local reversion has changed from Junos OS Release 16.1 and that impacts the LSPs for which the ingress router does not perform make-before-break. Junos OS does not perform make-before-break for no-CSPF LSPs. PR1401800

  • Packet drop might be seen if SR-TE and mapping server are configured. Dynamic SPRING-TE tunnel creation to LDP (non-SR) speaking nodes is not supported even in the presence of mapping-server configurations. SPRING-TE internally converts the tunnel hop IP addresses (prefix/adjacency) into corresponding labels through the auto-translate feature. This feature internally makes use of traffic engineering database where currently the mapping-server entries are not present. PR1432791

  • When an interface in an MVPN routing instance is changed from a virtual tunnel (VT) interface to a label-switched interface (LSI), the P2MP LSP might get stuck in an incorrect state due to no-tear-down message created from the LSP egress side. In the end, MVPN traffic will be lost. PR1454987

Network Management and Monitoring

  • Junos OS is used to send a cold trap from the new master just after the first GRES. This is because the cold_start timestamp file is not present or updated after the reboot. So, for the first GRES, it is used to send the cold start trap. PR1461839

Platform and Infrastructure

  • In configurations with IRB interfaces, during times of interface deletion (for example, FPC reboot), the Packet Forwarding Engine might log the error as nh_ucast_change:291Referenced l2ifl not found. This condition should be transient, with the system reconverging on the expected state. PR1054798

  • An accuracy issue occurs with three-color policers of both types, single rate and two rate, in which the policer rate and burst-size combination of the policer accuracy vary. This issue is present starting in Junos OS Release 11.4 on all platforms that use the MX Series ASIC. PR1307882

  • If scaling logical-interface-set members and aggregated Ethernet members are configured on the same FPC, the FPC might crash when it restarts. PR1380527

  • On MX Series routers with MPCs, the unicast traffic might drop when the destination is reachable over an integrated routing and bridging (IRB) interface and a label-switched interface (LSI) with two next hops. PR1420626

  • On MX Series routers with MS-MPC cards, when an FPC restarts or the routing-instance type is changed (for example, virtual-router to VRF), or route distinguisher is changed, traffic from a group virtual private network (GVPN) tunnel to MPLS over UDP tunnel might fail to get decrypted on the MS-MPC, and this causes complete service loss. PR1422242

  • On all platforms running Junos OS, with NSR enabled, the BGP session with a hold time of 6 seconds or smaller flaps after if the backup Routing Engine is powered off ungracefully. PR1428518

  • For the bridge domains configured under an EVPN instance, ARP suppression is enabled by default. This enables the EVPN to proxy the ARP, and reduces the flooding of ARP in the EVPN networks. Because of that, storm control is not taking effect to the ARP packets on the ports under such bridge domains. PR1438326

  • A dual Routing Engine Juniper node slicing GNF with no GRES configured and with system internet-options no-tcp-reset drop-all-tcp configured might enter dual backup Routing Engine state after a manual GNF Routing Engine mastership switchover attempt with the request chassis routing-engine master [acquire|release|switch] CLI command from either GNF Routing Engine CLI. PR1456565

  • Expected PIM joins are not learned after performing GRES. PR1457166

  • In NTP with the boot-server scenario, when the router or switch boots, the NTP daemon sends an ntpdate request to poll the configured NTP boot-server to determine the local date and time. If the ntpdate is not activated correctly while the device is booting, the ntpdate might not work successfully. Then, some cosmetic error messages of time synchronization might be seen, but there is no impact with time update because the NTP daemon will update the time eventually. PR1463622

Routing Protocols

  • When interoperating with other vendors in a draft-rosen multicast VPN, by default the Junos OS attaches a route target to multicast distribution tree (MDT) subsequent address family identifier (SAFI) network layer reachability information (NLRI) route advertisements. But some vendors do not support attaching route targets to the MDT-SAFI route advertisements. In this case, the MDT-SAFI route advertisement without route-target extended communities will be excluded from propagating if the BGP route target filtering is enabled on a device running Junos OS. Note that draft-rosen-idr-rtc-no-rt has been created in IETF to document this issue and carry the proposed fix through standards. PR993870

  • Certain BGP traceoption flags (for example, open, update, and keepalive) might result in (trace) logging of debugging messages that do not fall within the specified traceoption category, which results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294

  • LDP and OSPF are in the in-sync state because an IGP interface is down with LDP synchronization enabled for OSPF. According to the current analysis, the IGP interface down message is seen as the reason because although LDP notified OSPF that LDP synchronization is achieved, OSPF is not able to take note of the LDP synchronization notification because the OSPF neighbor is not up yet. PR1256434

  • In rare cases, RIP replication might fail as a result of performing NSR Routing Engine switchovers when the system is not NSR ready. PR1310149

  • BGP I/O threading was added in Junos OS Release 16.1R1, whereby BGP writes were batched to improve efficiency. This might sometimes lead to some latency in sending BGP update while reacting to certain network events. PR1332301

  • SCP command with routing option (-JU) is not supported. PR1364825

  • It is possible for a GNF with rosen6 multicast to display stuck KRT queue entries after recovery from a dual Routing Engine reboot at the BSYS. PR1367849

  • Performance improvement with addpath-optimization statement configured will vary across releases because of variability of baseline convergences without the configuration statement. PR1395684

  • During NSR initial state replication on a scaled setup, while BGP state replication is still ongoing, the BGP task replication might get marked as completed. This is because BGP replication is triggered and controlled through the backup Routing Engine. You must check the output of the show bgp replication command to confirm whether replication has actually completed. This corner case scenario is valid only on a scaled setup and during initial state synchronization.PR1404470

  • The issue is seen when a direct change of route distinguisher is done on a routing instance. As a workaround, deactivate the instance before changing route distinguisher and then reactivate. PR1433913

  • On the MX2010 Series routers, the BFD session on the IS-IS step up flaps during the ISSU - FRU upgrade stage. PR1453705

  • When the system is in transient state (that is, it is learning new routes), the number of routes and the active routes in inet.0 and junosmain::inet.0 are not supposed to be same. When the system is in stable state, the number of routes and the active routes in inet.0 and junos-main::inet.0 converge eventually. PR1453981

  • When the system is in transient state (that is, it is learning new routes), the number of routes and the active routes in inet.0 and junosmain::inet.0 are not supposed to be same. When the system is in stable state, the number of routes and the active routes in inet.0 and junos-main::inet.0 converge eventually. PR1453981

  • The order of the statement displayed for the show configuration command is changed. PR1457240

User Interface and Configuration

  • Changing nested apply groups does not take effect. PR1427962

VPNs

  • In an MVPN environment with the SPT-only option, if the source or receiver is connected directly to the c-rp PE device and the MVPN data packets arrive at the c-rp PE device before its transition to SPT, the MVPN data packets might be dropped. PR1223434

  • The LSP might stay down if you configure both the virtual tunnel (VT) interface and vrf-table-label in an MVPN scenario. In this case, VT is preferred over LSI. Later when the VT interfaces are deleted, there is no notification to MVPN indicating that LSI is still available. Hence traffic loss might be seen. PR1474830

Resolved Issues

This section lists the issues fixed in Junos OS main and maintenance releases for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 19.2R3

Class of Service (CoS)

  • MX Series platforms with MPC1-Q and MPC2-Q line cards might report memory errors. PR1500250

EVPN

  • Remote MAC address present in EVPN database might be unreachable. PR1477140

  • The ESI of IRB interface does not update after autonomous-system number change if the interface is down. PR1482790

  • Dead next hops might flood in a rare scenario after remote PE devices are bounced. PR1484296

  • The rpd core file might be generated when doing Routing Engine switchover after disabling BGP protocol globally. PR1490953

  • VXLAN bridge domain might lose VTEP logical interface after restarting chassisd. PR1495098

  • The l2ald memory leak might be observed in an EVPN scenario. PR1498023

  • The VXLAN function might be broken due to a timing issue. PR1502357

  • The MAC address of the LT interface might not be installed in the EVPN database. PR1503657

Forwarding and Sampling

  • Issue of UTC timestamp in the flat-file-accounting files when profile is configured. PR1509467

General Routing

  • The cosmetic error mspmand[190]: msvcs_session_send: Plugin id 3 not present in the svc chain for session is observed in the output. PR1258970

  • The show security group-vpn member ipsec security-associations detail | display xml command output is not in the expected format. PR1349963

  • On MX2010 routers, error message Failed to get xfchip which_xfchip 7, CMTY_FM_HSL2: [cmty_fm_hsl2_adc_xbar_set_cell_limit_per_link] xbar limit set failed pb_slot[3], pfe[1], sfb_slot[7], sub_plane[2], link_index[83] is observed during unified ISSU. PR1388076

  • The configuration database might not be unlocked automatically if the related user session is disconnected when the commit operation in progress. PR1410322

  • Core files are generated with reference to ddl_access_check_sequence during software upgrade. PR1414118

  • FPC x Voltage Tolerance Exceeded alarm is raised and cleared upon bootup of JNP10K-LC2101. PR1415671

  • Resetting the playback engine log messages are seen on MPC5E line card. PR1420335

  • FPC crash might be observed after GRES when you commit changes in the firewall filter with the next term statement in subscriber scenario. PR1421541

  • Configuration commit might fail when the file system gets into full state. PR1423500

  • IRB over VTEP unicast traffic might get dropped on MX Series platforms. PR1436924

  • FPC19 (MPC9E) might not go offline due to unreachable destinations in phase 3 stage. PR1443803

  • Interfaces shut down by disable-pfe action might not be up using MIC offline or online command. PR1453433

  • FPC or Packet Forwarding Engine might crash with ATM MIC installed in the FPC. PR1453893

  • Multiple daemons might crash when you commit configuration changes related to groups. PR1455960

  • All the IPsec tunnels might be cleared when the clear command is executed for only one IPsec tunnel with specified service-set name. PR1456749

  • The MPC2E-NG or MPC3E-NG line card with specific MIC might crash after a high rate of interface flap. PR1463859

  • Daemons might not be started if commit is executed after commit check. PR1468119

  • IPv6 dynamic subscribers might be unable to access on Junos OS Release 18.2R3 and later. PR1468414

  • NSD core file generates after committing the configuration successfully if the destination NAT rule matches the destination address. PR1469613

  • When both MSTP and ERP are enabled on the same interface, then ERP does not come up properly. PR1473610

  • Routing Engine might not be able to send packets after some time when traffic-manager enhanced-priority-mode configuration is enabled on MPC10 or MPC11 line cards. PR1476683

  • Error log message chassisd[7836]: %DAEMON-3-CHASSISD_IOCTL_FAILURE: acb_get_fpga_rev: unable to get FPGA revision for Control Board (Inappropriate ioctl for device) is observed after every commit. PR1477941

  • MPCs might crash when there is bulk route update failure in a corner case. PR1478392

  • FPC with vpn-localization vpn-core-facing-only configuration might get stuck in ready state. PR1478523

  • PPPoE subscribers might not log in after FPC restart. PR1479099

  • The downstream IPv4 packets greater than BR MTU are getting dropped in MAP-E. .

  • Interface input error counters are not increasing on MX150 routers. PR1485706

  • Kernel core files are generated if you delete an ifstate. PR1486161

  • The unified ISSU is not supported on next-generation MPC cards. PR1491337

  • MS-MIC is down after loading some releases in MX Virtual Chassis scenario. PR1491628

  • FPCs might stay down or restart when you swap the MPC7, MPC8, and MPC9 line cards with the MPC10 and MPC11 line cards or vice versa in the same slot. PR1491968

  • User-configured MTU might be ignored after the unified ISSU upgrade uses request vmhost software in-service-upgrade. PR1491970

  • On MX10008 platform, SNMP table entPhysicalTable does not match the PICs shown for the show chassis hardware command. PR1492996

  • MPC10 and MPC11 line cards might crash if the interface is configured with firewall filter referencing shared bandwidth policer. PR1493084

  • Flapping of one port on MIC-3D-2XGE-XFP might cause the other port on the same MIC to flap. PR1493699

  • In node slicing setup after GRES, RADIUS interim updates might not carry actual statistics. PR1494637

  • B4 devices might not be able to establish softwire with an AFTR device. PR1496211

  • The MPC10E line card might restart with sensord crash on it due to a timing issue. PR1497343

  • Outbound SSH connection flap or a memory leak issue might be observed during the high rate of pushing the configuration to the ephemeral DB. PR1497575

  • In a node slicing scenario, when a FPC with aggregated Ethernet member port comes online, subscribers might be disconnected. PR1498024

  • SNMP polling does not show correct PSM jnxOperatingState when one of the PSM inputs failed. PR1498538

  • The rpd might crash when multiple VRFs with IFLs link-protection are deleted at a single time. PR1498992

  • On MX2020 and MX2010, the pem_tiny_power_remaining message will be continuously logged in chassisd log. PR1501108

  • Traffic might be silently dropped and discarded in a fast reroute scenario. PR1501817

  • The chassisd process might get stuck. PR1502118

  • Core files are generated if you add or delete ERP configuration multiple times and restart l2cpd. PR1505710

  • The disabled QSPF transceiver might fail to turn on. PR1510994

  • Static subscribers logs out after creating a unit under demux0 interface. PR1511745

  • The l2ald memory leak might be seen after you add or delete VXLAN routing instances and interfaces. PR1512802

  • The wavelength configured through CLI might not be set on SFP+-10G-T-DWDM-ZR optics when the optics is placed on MPC7E line card. PR1513321

Infrastructure

  • An alarm might be seen if the PEM's serial number starts with 1F1. PR1398128

Interfaces and Chassis

  • The vrrp-inherit-from change operation leads to packet loss when traffic is forwarded to the VIP gateway. PR1489425

  • Unexpected dual VRRP backup state might happen after performing two subsequent Routing Engine switchovers with the track priority-hold-time statement is configured. PR1506747

J-Web

  • Security vulnerability in J-Web and Web-based (HTTP/HTTPS) services. PR1499280

Junos Fusion Provider Edge

  • The stats of extended ports on satellite device cluster might show wrong values from the aggregation device. PR1490101

Junos Fusion Satellite Software

  • Temperature sensor alarm is seen in Junos fusion scenario. PR1466324

Layer 2 Features

  • Connectivity is broken through LAG because of the members configured with hold-time and force-up. PR1481031

Layer 2 Ethernet Services

  • On MX204 platform, the Vendor-ID is set as MX10001 in factory-default configuration and DHCP client messages. PR1488771

  • Issues with DHCPv6 relay processing confirm and reply packets. PR1496220

  • The MC-LAG might become down after disabling and then enabling the force-up statement. PR1500758

  • DHCPV6 leasequery is not as expected while verifying the DHCPV6 server statistics. PR1506418

MPLS

  • Traffic loss might be seen if p2mp with NSR enabled. PR1434522

  • The RSVP interface bandwidth calculation might be incorrect when the RSVP subscription percentage is configured under the RSVP interface. PR1458527

  • The rpd might crash in PCEP for the RSVP-TE scenario. PR1467278

  • The fast reroute detour next-hop down event might cause primary LSP go in the Down state in a particular scenario. PR1469567

  • High CPU utilization for rpd might be seen if RSVP is implemented. PR1490163

  • The rpd might crash when BGP with FEC 129 VPWS enabled flaps. PR1490952

  • BGP session might keep flapping between two directly connected BGP peers because of the incorrect TCP-MSS in use. PR1493431

  • The rpd process might crash and generate a core file when SNMP polling is done using OID jnxMplsTeP2mpTunnelDestTable. PR1497641

  • Traffic loss might happen after a switchover when RSVP point-to-multipoint is configured. PR1500615

  • CSPF job might get stalled for new or existing LSP in a high scale LSP setup. PR1502993

  • The rpd process might crash with the RSVP configured in a rare timing case. PR1505834

  • Activating or deactivating LDP-sync under OSPF might cause the LDP neighborship to go down and stay down. PR1509578

  • The rpd might crash after upgrading from pre Junos OS Release 18.1 to Junos OS Release 18.1 and later. PR1517018

Platform and Infrastructure

  • Core.vmxt.mpc0 is seen at 5 0x096327d5 in l2alm_sync_entry_in_pfes (context=0xd92e7b28, sync_info=0xd92e7a78) at ../../../../../src/pfe/common/applications/l2alm/l2alm_common_hw_api.c:1727. PR1430440

  • Traffic loss might be seen in case of Ethernet frame padding with VLAN. PR1452261

  • The show system buffer command displays all zeros in the MX104 chassis. PR1484689

  • MAC learning under bridge domain stops after MC-LAG interface flaps. PR1488251

  • In node slicing setup MPLS TTL might be set to zero when the packet goes through af interface configured with CCC family. PR1492639

  • Packets get dropped when next hop is IRB over lt- interface. PR1494594

  • Routing Engine crash might be seen when a large number of next hops are quickly deleted and readded in large ARP/ND scale scenario. PR1496429

  • Python or Slax script might not be executed. PR1501746

  • Traffic originated from another subnet is sent out with 0x8100 instead of 0x88a8. PR1502867

  • MPCs might crash when there is a change on routes learned on IRB interface configured in VPLS and EVPN instances. PR1503947

  • Traffic loss might be seen in certain conditions under MC-LAG setup. PR1505465

  • During route table object fetch failure, FPC might crash. PR1513509

Routing Protocols

  • PIM RPF selection for the specific multicast group might get incorrectly applied to other multicast groups. PR1443056

  • The rpd crash might be observed because of specific BGP update packets. PR1481641

  • Multicast traffic loss might be seen in certain conditions while enabling IGMP snooping under EVPN-VXLAN ERB scenario. PR1481987

  • RIPv2 packets stop transmitting when changing interface-type configuration from p2mp to broadcast. PR1483181

  • Rpd memory leak is observed in certain looped MSDP scenario. PR1485206

  • The rpd process might generate soft core files after always-compare-med is configured for BGP path-selection. PR1487893

  • The rpd crashes when reset OSPF neighbors. PR1489637

  • The BGP route target family might prevent route reflector from reflecting Layer 2 VPN and Layer 3 VPN routes. PR1492743

  • The rpd might crash because of rpd resolver problem of INH. PR1494005

  • Receipt of certain genuine BGP packets from any BGP speaker causes rpd to crash. PR1497721

  • The rpd might crash if the import policy is changed to accept more routes that exceed the teardown function threshold. PR1499977

  • The show bgp neighbors command shows change in x-path output for input-updates value. PR1504399

  • The rpd crash might occur due to RIP updates being sent on an interface in down state. PR1508814

  • The rpd process might crash on backup Routing Engine if BGP (standby) received a route from peer which is rejected due to invalid target community. PR1508888

  • The rpd process might crash if there is a huge number of SA messages in MSDP scenario. PR1517910

Services Applications

  • The FPC might crash and generate NPC core file if the service interface is configured under service-set in USF mode. PR1502527

Subscriber Access Management

  • Syslog message pfe_tcp_listener_open_timeout: Peer info msg not received from addr: 0x6000080. Socket 0xfffff804ad23c2e0 closed is seen. PR1474687

  • The authd logs events might not be sent to syslog host when destination-override is used. PR1489339

  • MX Series platforms are not compliant with RFC 2868 and sending RADIUS access request includes tunnel assignment ID for LTS client. PR1502274

User Interface and Configuration

  • The version information under the configuration changes from Junos OS Release 19.1. PR1457602

VPNs

  • Traffic loss might be observed when the inter-AS next-generation MVPN VRF is disabled on one of the ASBRs. PR1460480

  • The l2circuit neighbor might be stuck in RD state at one end of MG-LAG peer. PR1498040

  • The rpd fork process might crash on removing last l2circuit neighbor interface. PR1511783

  • The rpd might crash when you delete l2circuit configuration in a specific sequence. PR1512834

Resolved Issues: 19.2R2

Application Layer Gateways (ALGs)

  • SIP messages that need to be fragmented might get dropped by SIP ALG. PR1475031

  • FTPS traffic might get dropped on MX Series platforms if FTP ALG is enabled. PR1483834

Authentication and Access Control

  • The LLDP packets might get discarded on all Junos OS running devices. PR1464553

Class of Service (CoS)

  • The host-inbound packets might be dropped if you configure host-outbound FC. PR1428144

  • The dfwd crashes for the forwarding-class configuration in policers. PR1436894

  • MX Series generated OAM/CFM LTR messages are sent with a different priority than the incoming OAM/CFM LTM messages. PR1466473

  • Unexpected traffic loss might be discovered under certain conditions in a Junos fusion scenario. PR1472083

  • The MX10008 and MX100016 routers might generate cosd core file after executing commit/commit check command if policy-map configuration is set. PR1475508

EVPN

  • The RA packets might be sent out without using the configured virtual gateway address. PR1384574

  • Unexpected next-hop operation error from kernel to l2ald in a Layer 2 gateway during the MAC movement operation is observed. PR1430764

  • Incorrect MAC count is observed with the show evpn/bridge statistics command. PR1432293

  • Asynchronous state between ARP table and Ethernet switching table occurs if EVPN ESI link flaps multiple times. PR1435306

  • EVPN/MPLS IRB logical interface might not come up when local Layer 2 interface is down. PR1436207

  • Configuring ESI on a single-homed 25-Gigabit Ethernet port might not work. PR1438227

  • On EVPN/VXLAN setup, the specific source-ports of UDP packet are dropped. PR1441047

  • Restarting Layer 2 learning might cause some remote MAC addresses to move into forwarding dead state. PR1441565

  • Traffic drop might be observed in an EVPN Layer 3 gateway scenario. PR1442319

  • On MX Series platform, the core-isolation feature does not work after setting and then deleting the no-core-isolation statement. PR1442973

  • The EVPN type 2 routes might not be advertised properly in logical-systems. PR1443798

  • The local host address is not present in the EVPN database and the mac-ip-table table. PR1443933

  • The bridge mac-table age timer does not expire for rbeb interfaces. PR1453203

  • Instance type is changed from VPLS to EVPN, which results in loss of packet. PR1455973

  • Preference-based DF Election algorithm does not work on the LT interface. PR1458056

  • ARP request or NS might be sent back to the local segment by the DF router. PR1459830

  • Traffic received from VTEP gets dropped if the VNI value used for Type-5 routes is greater than 65,535. PR1461860

  • The rpd might crash after changing EVPN-related configuration. PR1467309

  • Dead next hops might flood in a rare scenario after remote PE devices bounce. PR1484296

  • The ARP entry gets deleted from the kernel after adding and deleting the virtual-gateway-address. PR1485377

  • The rpd core might be generated when you do Routing Engine switchover after disabling the BGP protocol globally. PR1490953

  • On an MX10003, VTEP interface are not installed under the VXLAN bridge domain after a chassisd restart. PR1495098

  • The VXLAN function might be broken due to a timing issue. PR1502357

Fault Management

  • Cmerror Op Set log message is missing for bringup jspec command-based error simulation. PR1430300

Forwarding and Sampling

  • The SRRD might crash when memory corruption occurs. PR1414568

  • DT_BNG: rt-delay-threshold can be set below one second. However, rt-marker-interval is limited to one second. PR1425544

  • The device is in amnesiac mode after ISSU with mgd: error: configuration check-out failed error generated. PR1432664

  • Enable interface with input or output VLAN maps to be added to a routing instance configured with a VLAN ID or VLAN tags with the virtual-switch instance type and VLPS protocol. PR1433542

  • The test aaa ppp command gets timed out with Client session Activate: no response error. PR1435689

  • Sampling might return incorrect ASN for BGP traffic. PR1439630

  • High CPU utilization of l2ald is observed after replacing the EVPN configuration. PR1446568

  • On MX204, input/output counters of an aggregated Ethernet bundle or member links configured on nondefault logical systems are not updated. PR1446762

  • The ARP packets get dropped by Packet Forwarding Engine after chassis-control is restarted. PR1450928

  • Crafted packets traversing in a BNG configured with IPv6 NDP proxy could lead to denial-of-service. PR1451959

  • On the PTX Series or TVP platforms, the pfed might crash and might not be able to come up. PR1452363

  • Commit error and dfwd core files might be observed when applying a firewall filter with then traffic-class or then dscp action. PR1452435

  • On devices running Junos OS, the l2ald process might experience memory leak. PR1455034

  • The following syslog error messgaes are seen at pfed: rtslib: ERROR received async message with no handler: 28. PR1458008

  • A problem with statistics on some interfaces of a router might be observed after FPC or PIC reboot. PR1458143

  • With the MX Series devices, the following logs are seen: L2ALD_MAC_IP_LIMIT_REACHED_IF: Limit on learned MAC+IP bindings reached for .local.1048605; current count is 1024. PR1462642

  • Type 1 ESI/AD route might not be generated locally on EVPN PE device in the all-active mode. PR1464778

  • On the MX10008 and MX10016 routers, policer bandwidth-limit cannot be set higher than 100-Gigabit Ethernet. PR1465093

  • An output bandwidth-percent policer with logical-bandwidth-policer applied to an aggregated Ethernet bundle along with an output-traffic-control-profile has incorrect effective policing rate. PR1466698

  • Traffic might not be forwarded into the correct queue instead of the default queue when the VPLS traffic has three or more VLAN tags with VLAN priority 5. PR1473093

  • The filter might not be installed if the policy-map xx is present under the filter. PR1478964

General Routing

  • On MX Series Virtual Chassis, suboptimal aggregated Ethernet load balancing occurs when an aggregated Ethernet bundle is part of an ECMP path. PR1255542

  • PFEIFD: Could not decode media address with length 0 syslog error messages might be generated by the Packet Forwarding Engine. PR1341610

  • Default credentials supplied in vMX configuration. PR1344858

  • SFP stop forwarding traffic after unified ISSU upgrade. PR1379398

  • The severity of the error is reduced from fatal to major PR1390333

  • The high-cos-queue-threshold range is changed to [uint 0 .. 90;]. PR1390424

  • Commit error might be observed after adding additional sites to existing group and routing-instance configuration. PR1391668

  • Layer 3 gateway des not update ARP entries IP or MAC quickly move from one router to another router in an EVPN-VXLAN environment. PR1395685

  • NAPT66 pool split is not supported with AMS hus commit fail with IPv6 pool in AMS. PR1396634

  • The PPPoE subscribers are unable to reconnect after FPC reboot. PR1397628

  • Confirmation message is missing when issuing request vmhost reboot re*. PR1397912

  • The rpd might crash when condition-manager policy is configured for routing table and the same routing table is repeatedly deleted then re-added. PR1401396

  • The na-grpcd log file is not rotated and keeps growing until the Routing Engine is out of disk space. PR1401817

  • Kernel memory leak in virtual memory because of interface flap. PR1407000

  • FPC crash and slow convergence upon HMC fatal error condition is seen when inline J-Flow is usedPR1407506

  • For the initial packet, which is specific to MPC10 and onward, the ICMP redirects are not seen at the source and packets are sent to the better next hop. PR1409346

  • Nonexistent subscribers might appear in the output of the show system resource-monitor subscribers-limit chassis extensive command. PR1409767

  • Slow SNMP on entityMIB during subscribers load test. PR1411062

  • Parity error might cause FPC alarm. PR1411610

  • Log severity level change is seen on MX150. PR1411846

  • Egress monitored traffic is not mirrored to destination for analyzers on MX Series router. PR1411871

  • Redirect IP is not supported for BGP FlowSpec filters. If such an action is programmed for BGP FlowSpec rules, then it will not be reflected in filter term action. PR1413371

  • J-Flow gets disabled when you reduce the maximum flow table size byusing the flex-flow-sizing statement enabling the bandwidth command. PR1413513

  • On PowerPCbased MX Series platforms, the DHCP/DHCPv6 subscribers might fail to establish sessions. PR1414333

  • The FPC x Voltage Tolerance Exceeded alarm is raised and cleared after the JNP10K-LC2101 is powered on. PR1415671

  • cRPD does not restrict the number of simultaneous JET API sessions. PR1415802

  • The JSU package installation might fail. PR1417345

  • The rpd core files are seen when you restart the rpd or when the logical system is deactivated. PR1418192

  • Multiple ANs are created when you configure or unconfigure PSK and last for a longer duration. PR1418448

  • Resetting the Playback Engine generates log files on the MPC5E line card. PR1420335

  • Core voltage of ASIC chip in SIBs is not set as per the required e-fuse value and remains to default value of 0.9V on JNP10008-SF and JNP10016-SF SIBs. PR1420864

  • jnxFruState shows value as 10 for Routing Engine instead of 6 in response to .1.3.6.1.4.1.2636.3.1.15.1.8.9.1.0.0. PR1420906

  • MX Series LNS might fail to forward the traffic on the subscriber access route. PR1421314

  • PTP might not work on MX104 if phy-timestamping is enabled. PR1421811

  • After control plane event, a few IPsec tunnels failed to send traffic through the tunnelPR1421843

  • RSI bloat VM host-based log collection. PR1422354

  • Packet Forwarding Engine wedge m be observed after running the show forwarding-options load-balance command. PR1422464

  • The XML output might be not be hierarchically structured if you issue the show security group-vpn member ipsec statistics command. PR1422496

  • Ports might get incorrectly channlized if they are 10-Gigabit Ethernet already and they are channelized to 10-Gigabit Ethernet again. PR1423496

  • The MPC10line card might crash once multiple filters are configured in a scaled environment. PR1423709

  • PTP asymmetry change needs PTP bounching. PR1423860

  • The system does not reboot or halt as configured when encountering the disk error. PR1424187

  • The rpd keeps crashing after changing the configuration. PR1424819

  • Interface with FEC disabled might flap after Routing Engine mastership switchover. PR1425211

  • The mspmand process might crash and restart with a mspmand core file created after you do a commit change to deactivate and activate service set. PR1425405

  • One hundred percent CPU usage is seen on route monitor of static routes after the client disconnected from prpd server. PR1425559

  • MPC reboot or Routing Engine mastership switchover might occur on MX204 and MX10003. PR1426120

  • The host-bound traffic might be dropped after performing a change configuration related to prefix-list. PR1426539

  • Some CFM and BFD sessions might flap while collecting MPLS statistics. PR1426727

  • The show lldp neighbors interface command does not display all interface information. PR1426793

  • The decoding of telemetry data at collector might not be proper if you configure the sensors. PR1426871

  • ENTITY MIB has incorrect containedIn values for some fixed MPCs with built-in PICs. PR1427305

  • Rebooting or halting a Virtual Chassis member might cause the RTG link to be down for 30 seconds. PR1427500

  • When broadband edge PPPoE and DHCP subscribers coming up over Junos fusion satellite ports are active, the commit full and the commit synchornization full commands fail. PR1427647

  • When installing YANG package without proxy-xml statement, the CLI environment does not work well. PR1427726

  • The PPP session does not work properly on MX Series platform. PR1428212

  • The global-mac-limit and global-mac-ip-limit configuration statements might allow more entries than the configured values. PR1428572

  • Fabric drops might be seen on MX10003 platform when two FPCs come online together. PR1428854

  • Incorrect IGMP interface counter for dynamic PPP interfaces. PR1429018

  • The emitted XML output INVALID is thrown for the show virtual-network-functions command. PR1429090

  • A race condition vulnerability might cause RPD daemon to crash when processing a BGP notification message. PR1429719

  • Extended ukern thread (PFEBM task) priority to support BBE performance tuning. PR1429797

  • The aggregated Ethernet interface does not come up after rebooting the FPC or device although the physical member link is up. PR1429917

  • Protect core configured router might send IPFIX sampling packets with incorrect next-hop information. PR1430244

  • Performance degradation is observed for about 20 seconds after the fabric board on MX10008 or MX100016 is taken offline. PR1430739

  • Disabling DAC QSFP port might not work on MX204 and MX10003. PR1430921

  • Inline LSQ might not work when it is configured on the same FPC where MIC-3D-16CHE1-T1 is slotted. PR1431069

  • Error might be observed when you use a script to load the configuration. PR1431198

  • The l2cpd process might crash and generate a core file when interfaces flap. PR1431355

  • SIB Link Error is detected on a specific Packet Forwarding Engine might cause complete service impact. PR1431592

  • Allow installation of three identical framed routes in the same routing instance. PR1431891

  • Line card might be offline when Packet Forwarding Engine is powered off. PR1432019

  • Dual-stack subscriber accounting statistics are not baselined when one stack logs out. PR1432163

  • Traffic might be sent on the standby link of aggregated Ethernet bundle and lost with LACP fast-failover enabled. PR1432449

  • Change to in-use parameterized filter prefix-list result in bbe-smgd core files on the backup Routing Engine. PR1432655

  • Output traffic statistics might be incorrect with Routing Enginegenerated traffic. PR1432724

  • In BBE configurations, receipt of a specific MPLS or IPv6 packet causes a denial of service. PR1432957

  • After deleting the CLI configuration chassis license bandwidth, the bandwidth value is not defaulting to maximum bandwidth value. PR1433157

  • A few entries specific to show dynamic-tunnels database output are not getting populated while testing the functionality after both PICs are taken offline and then one PIC is brought online. PR1433247

  • Traffic drop sa-multicast is configur. PR1433306

  • The gNMI set RPC with replace field does not work and the mgd-api might crash. PR1433378

  • RSI and RSIbrief should not include show route forwarding-table when is enabled. PR1433440

  • Junos telemetry interface-firewall ollected service statistics all 0 after unified ISSU for MPC2. PR1433589

  • Lawful intercept for subscriber traffic is not programmed in Packet Forwarding Engine if it activated by Access-Accept. PR1433911

  • URL case sensitivity support is needed. PR1434004

  • Incorrect PLUGGABLE ID 17 on MX10003-LC2103. PR1434183

  • rpd crashes during the route flash when the policy is removed. PR1434243

  • Packet Forwarding Engine memory leak might be seen if MLPPP links are flapped. PR1434980

  • Micro BFD 3x100 ms flap is seen upon inserting a QSFP to another port. PR1435221

  • Traffic drops when session key rolls over between primary and fallback for more than 10 times. PR1435277

  • DHCPv6 advertise to client might use incorrect destination MAC address. PR1435694

  • Total number of packets mirrored after adding the DTCP trigger and enabling DTC is not in the expected range while verifying traffic on mirror port after DTCP drop policy is enabled. PR1435736

  • MPC7/8/9/MX10003 MPC/EX9200-12QS/EX9200-40XS line card might crash in a scaling setup. PR1435744

  • The mc-ae interface might get stuck in waiting state in a dual mc-ae scenario. PR1435874

  • The local route in the secondary routing table gets stuck in the KRT. PR1436080

  • The ifHCInOctets counter on aggregated Ethernet interface shows the zero value when SNMP MIB walk is executed. PR1436201

  • Control logical interface is not created by default for LLDP. PR1436327

  • A few static PPP/PPPoE get subscribers stuck in the initialization state permanently and the Failed to create client session, err=SDB data corrupted error message is seen. PR1436350

  • The subscriber interim statistics might reset to zero and idle-timeout might not work in the statistics setup. PR1436419

  • The device might not be reachable after a downgrade from some releases. PR1436832

  • On MPC10E, micro BFD sessions do not come up in centralized mode. PR1436937

  • MX10003 FPCs show high CPU because the JGCI_Background thread runs for a long period. PR1437283

  • Schema XSDs are missing objects/commands from Junos OS Release 19.1. PR1437469

  • The CPU utilization on a daemon might be around 100 percent or backup Routing Engine might crash in race conditions. PR1437762

  • The LIBCOS_COS_TVP_FC_INFO_NOT_FOUND: Forwarding-class information not specified messages is seen while you commit the configurations. PR1437824

  • LNS router might send the router-advertisement packet with NULL source link-layer option field. PR1437847

  • The chassisd might crash after you enable hash-key. PR1437855

  • Unified ISSU fails from 19.1R1 legacy Junos OS release images. PR1438144

  • The rpd crash might be seen during the router startup file pointer issue. PR1438597

  • Subscriber flows might not be synchronized between aggregated Ethernet members on MX Series Virtual Chassis platforms. PR1438621

  • Carrier-grade NAT logs are not received by the syslog server over TCP-based-syslog when data traffic is sent at 10,000 sessionssec. PR1438928

  • Incorrect values are seen in JUNIPER-TIMING-NOTFNS-MIB table. PR1439025

  • The show jdaf service cmd statistics / clients command is not available. PR1439118

  • FPC on Virtual Chassis backup router might reboot in an MX Series Virtual Chassis scenario. PR1439170

  • LACP state might get stuck in Attached state after disabling peer active members. PR1439268

  • Packet drop might be seen when chained composite next hop is enabled for Layer 3 VPN. PR1439317

  • The vlan all interface all combination not workas expected under VSTP. PR1439583

  • When group is applied at nonroot level, updating commands inside the group does not update the hierarchies where it is applied. PR1439805

  • The bbe-smgd core files are seen after restart. PR1439905

  • PRPD flexible tunnel profile queries do not return DMAC when set to all zeros by client. PR1439940

  • CoS-related errors are seen and subscribers could not get service. PR1440381

  • CPU might hang or interface might be stuck down on a particular 100-Gigabit Ethernet port. PR1440526

  • FPC might stuck 100 percent CPU GRES and multiple daemons continuous restart on MX platforms. PR1440676

  • DHCP offer packets toward IRB over LT interface getting dropped in DHCP relay environment. PR1440696

  • The Layer 2 dynamic VLAN misses when an interface is added to or removed from an aggregated Ethernet interface. PR1440872

  • The EX ports might stay in up state even if the EX4600 line of devices or the QFX5100 line of devices are rebooted. PR1441035

  • For a route received through EBGP, the AIGP value might not be considered as expected. PR1441438

  • The rpd might crash or consume 100 percent of CPU after flapping the routes. PR1441550

  • New OID is added that calculates the buffer utilization where inactive memory is not considered as free memory. PR1441680

  • The outgoing aggregated Ethernet traffic might be dropped after changes are made to the aggregated Ethernet interface. PR1441772

  • Privilege escalation vulnerability in dual Routing Engine, Virtual Chassis, or HA cluster might allow unauthorized configuration change. PR1441795

  • SNMP trap comes twice for FRU removal in MX10000—one trap with FRU name as FPC: JNP10K-LC2101 and second with FRU name as FPC @ 1/*/*. PR1441857

  • The packets originating from the IRB interface might be dropped in a VPLS scenario. PR1442121

  • The chassisd is unable to power off a faulty FPC after Routing Engine switchover, which leads to chassisd restart loop. PR1442138

  • In enhanced-ip or enhanced-ethernet mode with destination-class-usage (DCU) accounting enabled, MS-DPC might drop all traffic that should egress through aggregated Ethernet interface. PR1442527

  • EVENT UpDown interface logs are partially collected in syslog messages. PR1442542

  • Different formats of the B4 addresses might be observed in the SERVICES_PORT_BLOCK_ALLOC/RELEASE/ACTIVE log messages. PR1442552

  • A few Path Computation Element Protocol (PCEP) logs are marked as ERROR even though they are not. Now the severity of those logs is corrected as INFO. PR1442598

  • The interface might go into the down state after FPC restarts with the PTP configuration enabled. PR1442665

  • DHCPv6 client might fail to get an IP address. PR1442867

  • On MX Series platforms, the bbe-smgd might crash. PR1443109

  • Improper handling of specific IPv6 packets sent by clients eventually leads to kernel crash (vmcore) on the device. PR1443576

  • The kmd process might crash and restart with a kmd core file created if IP of NAT mapping address for IPsec-VPN remote peer is changed. PR1444183

  • GRE packets that are larger than MTU get dropped on MX204 platforms when sampling is enabled on the egress interface. PR1444186

  • For eventd, you might observe high CPU utilization along with error logs. PR1444462

  • Inline-keepalive might stop working for LNS subscribers if the routing-services statement is enabled. PR1444696

  • Access route might be stuck in bbe-smgd and rpd might not be cleared. PR1445155

  • The CPCDD process might crash continuously if the captive-portal-content-delivery service is activated for dual-stack PPPoE/DHCPv6 subscriber. PR1445382

  • ECMP-FRR might not work for BGP multipath ECMP routes. PR1445391

  • Detached LACP member link gets LACP state as enabled in Packet Forwarding Engine when switchover occurs because of device reboot. PR1445428

  • The 1-Gigabit Ethernet interface on MX204 might stay down after the device is rebooted. PR1445508

  • Irregular traffic drop might be seen when traffic is ingress from MPC3E and egress to MPC10E. PR1445649

  • In Junos OS Release 19.2 the group level use of wildcard <*> is not an available option. PR1445651

  • The l2ald might crash when FPC restarts. PR1445720

  • The mspmand process might crash if URL filtering is configured and one blacklisted domain name is a substring of another blacklisted domain name in URL filter database file. PR1445751

  • The jdhcpd process might crash after you issue the show access-security router-advertisement-guard command. PR1446034

  • When you use a converged CPCD, MX Series router rewrites the HTTPS request with destination-port 80. PR1446085

  • Upgrade of jfirmware might fail on MX chassis with MX-SCBE3 installed. PR1446205

  • The static route for NAT might never come up if switchover happens with MX Series route service interface that has NAT and GR configuration. PR1446267

  • The rpd process might crash when it is terminated immediately after it has been started. PR1446320

  • Accurate statistics might not include packets forwarded during the last two seconds before subscriber termination. PR1446546

  • On MX Series routers with MPC10 or MPC11 line cards, the incoming packets might get dropped. PR1446736

  • NAT service set in a certain scale might fail to get programmed. PR1446931

  • MX Series-based MPC might crash and restart during unified ISSU with large-scale logical interfaces. PR1446993

  • The J-Flow version 5 stops working after changing input rate value. PR1446996

  • The bbe-smgd core file bbe_ifd_add_vlan (ifd=0x8c3e835, ifl=0xcaf59f18) is generated on the backup Routing Engine at ../../../../../../src/junos/usr.sbin/bbe-svcs/smd/infra/bbe_ifd.c:6374. PR1447493

  • Traffic silently drops when using ps- interface over RLT in Layer 2 circuit with no-control-word enabled. PR1447917

  • The rpd process might crash if BGP is activated or deactivated multiple times. PR1448325

  • The vehostd process might crash without generating core files and automatic restart of vehostd might fail. PR1448413

  • Interface attributes might cause high CPU usage of dcd. PR1448858

  • FPC might reboot when PIC 0 is taken offline on MX204 platforms. PR1449067

  • The DHCP relay feature might not work as expected with helpers bootp configured. PR1449201

  • Increase in the maximum value of delegation-cleanup-timeout. PR1449468

  • Currently IS-IS is sending system host-name instead of system-id in OC paths in lsdb or adjacency xpaths in periodic streaming and on-change notification. PR1449837

  • No localhost ifl for rtt 65535 can be seen on MX Series routers running Junos OS enhanced subscriber management feature. PR1450057

  • Interfaces might flap forever after deleting the interface disable configuration. PR1450263

  • The Mixed Master and Backup RE types alarm is observed when MX2008 with RE-MX2008-X8-128G detects backup Routing Engine as RE-MX2008-X8-64G. PR1450424

  • VLAN configuration change with l2ald restart might cause kernel synchronization issues and impact forwarding. PR1450832

  • JNP10K-LC2101 FPC generates Voltage Tolerance Exceeded major alarm for EACHIP 2V5 sensors. PR1451011

  • The burst size is not updated when the dynamic profile uses the static traffic control profile. PR1451033

  • Main chassisd thread at a JNS GNF might stall upon the GNF SNMP polling for hardware-related OIDs. PR1451215

  • SNMP query for IPsec decrypted/encrypted packets does not fetch correct values and KMD_SNMP_FATAL_ERROR error is observed. PR1451324

  • DHCP snooping statistics binding does not take effect after deleting and readding the entries. PR1451688

  • RMPC core file is found after configuration changes are done on the network for PTP/clock synchronization. PR1451950

  • Firmware upgrade for PSU (JNP10K-AC2 and JNP10K-DC2) on MX10000 and PTX10000 systems with Routing Engine redundancy configuration enabled might fail due to lcmd being disabled by the firmware upgrade command. PR1452324

  • PLL errors might be seen after FPC reboot or restart. PR1452604

  • Framing errors and packet loss might be seen when high throughput traffic passes through MACsec device. PR1452851

  • Sensord core file might be seen when the script runs on the MPC10E line card. PR1452976

  • The values displayed in the output of show snmp mib walk jnxTimingNotfnsMIB.3 are not correct. PR1453436

  • PTP goes out of synchronization when HWDB is not accessible during initialization. PR1453531

  • Alarm was not sent to syslog on MX10003 platforms. PR1453533

  • The FPC might crash due to the memory corruption in JNH pool. PR1453575

  • The ANCP interface-set QoS adjusts might not be processed. PR1453826

  • The FPC might crash when the severity of error is modified. PR1453871

  • RADIUS interim accounting statistics are not populated on the MX204. PR1454541

  • The 100-Gigabit Ethernet interfaces might not come up again after going down on MPC3E-NG. PR1454595

  • The access request for L2BSA port up might not be retransmitted if the RADIUS server used is unreachable. PR1454975

  • CRAFTD syslog fatal errors along with junk characters are seen upon its startup and exits after four startup attempts. PR1454985

  • JET/JSD RPC tag handling bug. PR1455426

  • SmiHelperd process is not initialized in Junos OS running on PPC-based platforms. PR1455667

  • Device chooses incorrect source address for locally originated IPv6 packets in routing-instance when destination address is reachable through static route with next-table statement. PR1455893

  • BgpRouteInitialize API exits with error code 2. PR1455967

  • Queue data might be missing from the following path: /interfaces/interface/state. PR1456275

  • High temperature from the show chassis environment output is observed after MPC4E is inserted to slot 5. PR1456457

  • CLI command with invoke-on and display xml rpc results in unexpected multiple RPC commands. PR1456578

  • All the IPsec tunnels might be cleared when the clear command is executed for only one IPsec tunnel with a specified service-set name. PR1456749

  • The bbe-statsd process continuously crashes if any parameter is set to 0 in the mx_large.xml file. PR1457257

  • Default value of 2^32 replay-window size results in framing errors at an average of one in 2^32 frames received. PR1457555

  • The chassisd process and all FPCs might restart after Routing Engine switchover. PR1457657

  • The subscriber routes are not cleared from backup Routing Engine when the session is aborted. PR1458369

  • Subscribers are unable to log in after more than 2 million multicast subscribers are being activated. PR1458419

  • The correct VoIP VLAN information in LLDP-MED packets might not be sent after commit if dynamic VoIP VLAN assignment is used. PR1458559

  • The FPC X major errors alarm might be raised after committing the PTP configuration change. PR1458581

  • The rpd crash might be seen if BGP route is resolved over the same prefix protocol next hop in inet.3 table that has both RSVP and LDP routes. PR1458595

  • The traffic might be stuck on MS-MPC or MS-MIC with sessions receiving a huge number of affinity packets. PR1459306

  • The following error message might be seen after the chassisd restarts: create_pseudos: unable to create interface device for pip0 (File exists). PR1459373

  • The show ancp subscriber access-aggregation-circuit-id < access aggregation circuit ID> command displays incomplete output. PR1459386

  • Telemetry streaming of mandatory TLV ttl learned from LLDP neighbor is missing. PR1459441

  • The traffic might be silently dropped or discarded during link recovery in an open Ethernet access ring with ERPS configured. PR1459446

  • In MC-LAG scenario, the traffic destined to VRRP-virtual MAC gets dropped. PR1459692

  • Traffic is silently dropped and discarded upon interface flap after DRD autorecovery. PR1459698

  • CPCDD core file is found at ServicesManager::cpcddSmdInterface::processServiceNotifyMsg ,SmdInterface::cbStateSyncServiceNotifyMsgHandler ,statesync_consumer_poll_new_state_cb. PR1459904

  • Subscriber statistics might be broken after unified ISSU. PR1459961

  • The PPTP does not work with destination NAT. PR1460027

  • Multiple leaf devices and prefixes are missing when LLDP neighbor is added after a streaming starts at global level. PR1460347

  • If vlan-offload is configured on the VMX platform, input-vlan-map might not work. PR1460544

  • Support of del_path for the LLDP neighbor changes at various levels. PR1460621

  • When you receive IPv6 over IPv4 IBGP session, the IPv6 prefix is hidden. PR1460786

  • The PTP function might consume the kernel CPU for a long time. PR1461031

  • Explicit deletion notification (del_path) is not received when LLDP neighbor is lost as a result of disabling local interface on the DuT using CLI (gNMI). PR1461236

  • A bbe-smgd core file is generated when all RADIUS servers are unreachable. PR1461340

  • Traffic might be impacted because the fabric hardening is stuck. PR1461356

  • On the MPC10E line card, more output packets are seen than expected when the ping function is performed. PR1461593

  • In EVPN scenario, memory leak might be observed when proxy-macip-advertisement is configured. PR1461677

  • The rpd core files are generated during system startup. PR1461796

  • Memory leak causes bbe-statsd and bbe-smgd crash. PR1461821

  • On MPC11E line card, the PPS information on the physical interface is inaccurate and varies. PR1461872

  • The rpd might crash after committing the dynamic-tunnel-anchor-pfe command. PR1461980

  • The rpd process might crash if the show v4ov6-tunnels information anti-spoof-ip command is executed. PR1462047

  • The CHASSISD_SNMP_TRAP6: SNMP trap generated: Power Supply failed message appears when both DIP switches and power switch are turned off. PR1462065

  • On MX204, RADIUS interim accounting statistics are not populated. PR1462325

  • The EA WAN SerDes gets into the Stuck state that leads to continuous DFE tuning timeout errors and causes the link to stay down. PR1463015

  • The Routing Engine switchover might not be triggered when the master CB clock fails. PR1463169

  • MVPN traffic might be dropped after performing switchover. PR1463302

  • The subscribers might not pass traffic after making some changes to the dynamic-profiles filter. PR1463420

  • The MPC2E-NG or MPC3E-NG card with specific MIC might crash after a high rate of interface flaps. PR1463859

  • The bbe-smgd process generates core files on the backup routing engine. PR1466118

  • The mspmand process might crash when stateful firewall and RPC ALG are used on MX Series platforms with MS-MIC or MS-MPC. PR1464020

  • The IPoE subscriber route installation might fail. PR1464344

  • Observing bbe-smgd-core (0x000000000088488c in bbe_autoconf_delete_vlan_session_only (session_id=918) at ../../../../../../src/junos/usr.sbin/bbe-svcs/smd/plugins/autoconf/bbe_autoconf_plugin.c:3115). PR1464371

  • The PPP IPv6CP might fail if the routing-services command is enabled. PR1464415

  • The CPU utilization on mgd daemon might get stuck at 100 percent after the NETCONF session is interrupted by a flapping interface. PR1464439

  • The MS-MIC might not work when it is used on a specific MPC. PR1464477

  • The show task memory detail command shows incorrect cookie information. PR1464659

  • The PPPoE session goes in to the Terminated state and the accounting stops for the delayed session. PR1464804

  • MPC5E or MPC6E might crash due to internal thread hogging the CPU. PR1464820

  • MPC10E might crash due to inconsistencies during firewall filter add or delete operations. PR1465153

  • The jdhcpd might consume high CPU and no further subscribers can be brought up if there are more than 4000 dhcp-relay clients in the MAC-MOVE scenario. PR1465277

  • The physical interface of aggregated Ethernet might take time to come up after disabling or enabling the interface. PR1465302

  • The internal ixlv1 interface might not be created after PXE or network installation. PR1465547

  • ICMP error messages do not appear even after enabling the enable-asymmetric-traffic-processing statement. PR1466135

  • The PPPoE subscribers get stuck due to the PPPoE inline keepalives that do not work properly. PR1467125

  • A few DHCP inform packets specific to particular VLAN might be taking the wrong resolve queue. PR1467182

  • Layer 2 wholesale does not forward all the client requests with stacked VLAN. PR1467468

  • Hot-swapping between MPC11E and legacy MPC9, MPC8, or MPC6 is not supported. PR1467725

  • The rpd process might stop after several changes to the flow-spec routes. PR1467838

  • Crypto code might cause high CPU utilization. PR1467874

  • Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435

  • The tcp-log connections fail to reconnect and get stuck in the Reconnect-In-Progress state. PR1469575

  • Memory leak on Layer 2 cpd process causes Layer 2 cpd to crash. PR1469635

  • A hierarchical-scheduler should not be configured on a ps- interface. PR1470049

  • The SNMP interface-mib stops working for the PPPoE clients. PR1470664

  • Multiple FreeBSD vulnerabilities fixed in Junos OS. PR1470693

  • Sudden FPC shutdown due to hardware failure or ungraceful removal of line card might cause major alarms on other FPCs in the system. PR1471372

  • The clksyncd crash might be seen when PTP over an aggregated Ethernet interface is configured on the MX104 platform. PR1471466

  • Phase or frequency synchronization might not work correctly when PTP is configured in the hybrid mode. PR1471502

  • On the MX10008 and MX10016 line cards, the ARP suppression (default enabled) in EVPN does not work. PR1471679

  • The pccd core file and PCEP session flaps might be seen in PCE-initiated or PCE-delegated LSP scenario. PR1472051

  • Chassis alarm on BSYS might be observed: RE0 to one or many FPCs is via em1: Backup RE. PR1472313

  • Service accounting statistics do not get updated after changes are made to the firewall filters. PR1472334

  • The kernel might crash and VM core file might be generated after the configuration change is committed. PR1472519

  • Performing back-to-back rpd restarts might cause rpd to crash. PR1472643

  • Active errors counts do not increase for I2C in the synchronization cards. PR1472660

  • SDB goes down very frequently if the reauthenticate lease-renewal statement is enabled for DHCP. PR1473063

  • ERP might not come up properly when MSTP and ERP are enabled on the same interface. PR1473610

  • Ingress multicast replication does not work with the GRES configuration. PR1474094

  • On MX150 routers, unable to see generated core files for the show system core-dumps command. PR1474118

  • An MPC11 crash might occur on MX2000 platform using multidimensional advanced scale configuration that has inline keepalive sessions. PR1474160

  • MX10000 QSA adapter lane 0 port goes in the down state when you disable one of the other lanes. PR1474231

  • A newly added LAG member interface might forward traffic even though its micro BFD session is down. PR1474300

  • The clksyncd generates core files after GRES. PR1474987

  • SFW rule configuration deletion might lead to memory leakage. PR1475220

  • The RADIUS accounting updates of the service session have incorrect statistic data. PR1475729

  • Dark window size is more than expected and 31.0872721524375 seconds of traffic loss is observed. PR1476505

  • The bbe-mibd might crash on the MX Series platform in subscriber environment. PR1476596

  • Traffic loss might be observed to the LNS subscribers in case the routing-service statement is enabled under the dynamic-profile. PR1476786

  • In a NAT-T scenario, IKE version 2 tunnel flaps if the tunnel initiator is not behind NAT. PR1477483

  • The Packet Forwarding Engine might be disabled due to major error on MPC2E-NG, MPC3E-NG, MPC5, MPC6, MPC7, MPC8, and MPC9 line cards. PR1478028

  • FPC memory leak might happen after you execute the show pfe route command. PR1478279

  • Output chain filter counters are not proper. PR1478358

  • The protocol MTU might not be changed on lt- interface from the default value. PR1478822

  • The TCP-log sessions might be in Established state, but no logs get sent out to the syslog server. PR1478972

  • The SCBE3 fabric plane gets into check state in MX Virtual Chassis. PR1479363

  • After kmd restart IPsec SA comes up but traffic fails for some time. PR1480692

  • The rpd process might crash when executing the show route protocol l2-learned-host-routing or show route protocol rift command on a router. PR1481953

  • The MX204 router reboots when the PPPoE client starts to log in and no core files are generated. PR1482431

  • Packet loss might be observed after device reboots or l2ald restarts in an EVPN-MPLS scenario. PR1484468

  • ARP entry might not be created in the EVPN-MPLS environment. PR1484721

  • The logical tunnel interface might not work on MPC10 line cards. PR1484751

  • MPC9E line cards show "Bad Voltage" state when you power on by deleting set chassis fpc X power off setting. PR1485216

  • Interface input error counters are not increasing on MX150 routers. PR1485706

  • When rpd starts or restarts, krt-nexthop-ack-timeout might not pick up automatically. PR1485800

  • The unified ISSU is not supported on NG-MPC cards. PR1491337

  • On the MX240, MX480, and MX960 router with SCB3E, FPCs might stay down or restart when you swap MPC7, MPC8, or MPC9 with MPC10, MPC11, or vice versa in the same slot. PR1491968

  • DHCP subscribers do not come up as expected after deactivating Virtual Chassis port. PR1493699

  • The ptp-clock-global-freq-tracable leaf value is not changing to True. PR1493743

  • UID might not release properly in some scenarios after service session deactivation. PR1188434

  • Need to change the default parameters for resource-monitor rtt-parameters. PR1407021

  • The show system subscriber-management summary command needs to include failure reason for standby disconnect when primary and backup Routing Engine memories do not match. PR1422976

  • The show subscriber extensive command incorrectly displays the DNS address provided to DHCP clients. PR1457949

  • DHCP relay with forward-only fails to send OFFER when the client is terminated on the logical tunnel interface. PR1471161

  • Dynamic-profile for VPLS-PW pseudowire incorrectly reports the Dynamic Static Subscriber Base Feature license alarm. PR1473412

  • DHCP-server: RADIUS given mask is being reversed. PR1474097

Infrastructure

  • The duplex status of the management interface might not be updated in the output of the show command. PR1427233

  • The operations on the console might not work if the system ports console log-out-on-disconnect command is configured. PR1433224

  • On all Junos OS VM-based platforms, FPC might reboot if jlock hog occurs. PR1439906

  • Slow response from SNMP might be observed after an upgrade to Junos OS Release 19.2R1 and later releases. PR1462986

  • The scheduled tasks might not be executed if cron daemon goes down without restarting automatically. PR1463802

Interfaces and Chassis

  • Restarting chassisd with GRES disabled might cause FPC to restart and some demux interfaces to be deleted. PR1337069

  • Unrelated aggregated Ethernet interfaces might go down if you commit configuration changes. PR1409535

  • MX Series Virtual Chassis unified ISSU is not supported when Redundant LT (RLT) is configured. PR1411729

  • The demultiplexer interfaces will be down after the MTU of the underlying et- interface is changed. PR1424770

  • Upgrade from releases before Junos OS Release 17.4R1 results in the generation of cfmd core files. PR1425804

  • The NCP session might be brought down after IPCP configure-reject is sent. PR1431038

  • VRRP mastership might flap when the tracked route is deleted or the tracked interface goes down. PR1432361

  • In MX Series platform where PPPoE is used, the router might not send LCP termination-request or LCP terminate-ack. PR1433489

  • The output of the show interfaces <> command for AFT card might be different from legacy card. PR1435416

  • Mixed link-speed ae- bundle could not add new subinterface successfully. PR1437929

  • Targeted-distribution for static demux interface over aggregate Ethernet interface does not take correct LACP link status into consideration when choosing primary and backup links. PR1439257

  • The cfmd process might crash after a restart on Junos OS Release 17.1R1 and later. PR1443353

  • Enhancement of add or delete a single VLAN in vlan-id-list under interface family bridge. PR1443536

  • When the logical interface is associated to a routing-instance inside a LR, the logical interface is removed from routing-instance and the logical interface is not added to the default routing instance. PR1444131

  • Unified ISSU might fail when you upgrade a device that has an aggregated Ethernet bundle with more than 64 logical interfaces. PR1445040

  • The OAM CCM messages are sent with single-tagged VLAN even when configuring with two VLANs. PR1445926

  • Continuous VRRP state transition (VRRP master or backup flaps) is observed when one device drops the VRRP packets. PR1446390

  • Unable to connect to newly installed Routing Engine from other Routing Engine in MX Series Virtual Chassis. PR1446418

  • VRRP dual-master status is seen after Routing Engine switchover on the backup router. PR1447028

  • The l2ald might fail to update composite next hop. PR1447693

  • The ifinfo daemon might crash on the execution of the show interface extensive command. PR1448090

  • Interface descriptions might be missing under logical systems CLI. PR1449673

  • Dual VRRP mastership might be seen after Routing Engine switchover occurs ungracefully. PR1450652

  • LACP daemon crashes continuously. PR1450978

  • The severity level log might be flooded when the QSFP-100GE-DWDM2 is inserted. PR1453919

  • CFM UP MEP session does not come up in scaled scenario over L2VPN circuits on LAG interfaces. PR1454187

  • The VRRP traffic loss is longer than one second for some backup groups after performing a GRES. PR1454895

  • Mismatched MTU value causes the RLT interface to flap. PR1457460

  • The EOAM CFM primary-vid functionality does not work if the enhanced-cfm-mode is enabled. PR1465608

  • The vrrpv3mibs does work to poll the VRRPv6-related objects. PR1467649

  • The voltage high alarm might not be cleared when the voltage level comes back to normal for MIC on MPC5. PR1467712

  • When you configure ESI on a physical interface, the traffic drops when you disable the logical interface under the physical interface. PR1467855

  • Executing commit might hang up due to stuck dcd process. PR1470622

  • Commit error was not thrown when member link was added to multiple aggregation groups with different interface specific options. PR1475634

  • The interface on MIC3-100G-DWDM might go down after performing an interface flap. PR1475777

  • Multichassis aggregated Ethernet interface might be shown as an unknown status when you add the subinterface as part of the VLAN on the peer multichassis aggregated Ethernet node. PR1479012

J-Web

  • Session fixation vulnerability in J-Web. PR1410401

  • Cross-site scripting (XSS) in J-Web. PR1434553

  • Some error messages might be seen when using J-Web. PR1446081

  • Security vulnerability in J-Web and web based (HTTP/HTTPS) services. PR1499280

Junos Fusion for Enterprise

  • The SDPD generates core files at vfpc_all_eports_deletion_complete vfpc_dampen_fpc_timer_expiry. PR1454335

  • Loop detection might not work on the extended ports in Junos fusion scenarios. PR1460209

Layer 2 Ethernet Services

  • LACP PDU might be looped toward peer MC-LAG nodes. PR1379022

  • Error messages might be seen when you add a logical interface for physical interfaces. PR1424106

  • The DHCP DECLINE packets are not forwarded to the DHCP server when forward-only is set within dhcp-reply. PR1429456

  • DHCP request might get dropped in a DHCP relay scenario. PR1435039

  • The jdhcpd process might go into an infinite loop and cause full utilization of CPU. PR1442222

  • The ppman and aft process might crash if ppm control logs are enabled. PR1443410

  • The dhcp-relay statement might not work on MX10008 and MX10016 platforms. PR1447323

  • DHCPv6 authentication via RADIUS server might fail as a result of the missing VSA option 26-207. PR1448100

  • Multiple vulnerabilities in JDHCPD allow for OS command injection and code execution of JDHCPD. PR1449353

  • PPPoE holding DHCPv6 prefix causes DHCPv6 binding failure due to a duplicate prefix. PR1453464

  • DHCP subscriber might not come online after rebooting the router. PR1458150

  • DHCP packet might not be processed correctly if DHCP option 82 is configured. PR1459925

  • The metric does not change when configured under DHCP. PR1461571

  • The ISSU might fail during the subscriber in-flight login. PR1465964

  • Telemetry data for relay/bindings/binding-state-v4relay-binding and relay/bindings/binding-state-v4relay-bound are not correct. PR1475248

Layer 2 Features

  • LSI interface might not be created, which prevents MAC addresses from being learned. The following error is seen: RPD_KRT_Q_RETRIES: ifl iff add: Device busy. PR1295664

  • VPLS neighbors might stay in the down state after changing the configuration in vlan-id. PR1428862

  • After disabling and enabling the aggregate interface, the next hop of CE-facing aggregate interface might be in a wrong state. PR1436714

  • The operational status of the interface in hardware and software might be out of synchronization in an EVPN setup with the proxy ARP feature enabled. PR1442310

  • In Virtual Chassis scenario, traffic drop might be seen when one Virtual Chassis member reboots and rejoins the Virtual Chassis. PR1453430

  • Connectivity is broken through LAG due to members configured with hold-time and force-up. PR1481031

MPLS

  • The FPC might be stuck in the Ready state after making a change in the configuration that removes RSVP and triggers FPC restart. PR1359087

  • The rpd might restart after an MPLS LSP flap if no-cspf and fast-reroute are configured in an LSR ingress router. PR1368177

  • RSVP LSP might get stuck in down state in an OSPF multiarea topology. PR1417931

  • MPLS LSP autobandwidth statistics miscalculations might lead to high bandwidth reservation. PR1427414

  • Continuous rpd core files at l2ckt_alloc_label , l2ckt_standby_assign_label , l2ckt_intf_change_process in new backup during GRES in MX2010 box. PR1427539

  • The LDP might withdraw a label for an FEC after the IGP route is inactive in inet.0. PR1428843

  • MPLS ingress LSPs might not come up after MLPS is disabled or enabled. PR1432138

  • SRLG entry shows uknown after removing it from configuration in the show mpls lsp extensive or show mpls srlg output. PR1433287

  • Restart routing might result in RPD core files while GRES and NSR are enabled. PR1433857

  • Traffic loss might occur if p2mp with NSR is enabled. PR1434522

  • The P2MP LSP branch traffic might be dropped for a while when the sender PE device switchover occurs. PR1435014

  • Traffic loss might be seen after the LDP session flaps rapidly. PR1436119

  • The rpd might crash after executing the ping mpls ldp command. PR1436373

  • The flow label is not pushed when chained-composite-next-hop ingress l2ckt/l2vpn is enabled. PR1439453

  • The LDP route and LDP output label are not displayed in the inet.3 table and LDP database respectively if OSPF rib-group is enabled. PR1442135

  • The active path of a no-cspf LSP might keep flapping when one or more transit nodes are shared by primary path and secondary path. PR1442495

  • The backup LSP path messages are rejected if the bypass tunnel path is an interarea LSP. PR1442789

  • RSVP path message with long refresh interval is dropped between nodes running Junos OS releases earlier than and later than Release 16.1. PR1443811

  • P2MP LSP might get stuck in the down state after link flaps. PR1444111

  • The rpd memory leak might be seen when the interdomain RSVP LSP is in the down state. PR1445024

  • Traffic might be silently dropped or discarded if two consecutive PLRs along the LSP perform local repair simultaneously under certain misconfigured conditions. PR1445994

  • The transit packets might be dropped if an LSP is added or changed on MX Series device. PR1447170

  • Traffic drop might be seen after traceoption configuration is committed in RSVP P2MP scenario. PR1447480

  • The LDP route timer resets when you commit unrelated configuration changes. PR1451157

  • The traffic might be silently discarded after the LACP timeouts. PR1452866

  • The rpd crash might be observed with traceoption enabled in MPLS. PR1457681

  • All LDP adjacencies flap after changing LDP preference. PR1459301

  • Previously configured credibility preference is not considered by CSPF despite that the configuration is deleted or changed to prefer another protocol in the traffic engineering database. PR1460283

  • High CPU usage and rpd core file might be observed if ldp track-igp-metric is configured and IGP metric is changed. PR1460292

  • The rpdtmd process might crash while SNMP polls the statistics of the lpd interface. PR1465729

  • The device might use the locally computed path for the PCE-controlled LSPs after link or node fails. PR1465902

  • The rpd process might crash during shutdown. PR1471191

  • The rpd crash might be seen after some commit operations, which might affect the RSVP ingress routes. PR1471281

  • The following error messages continuously flood the backup Routing Engine: (JTASK_IO_CONNECT_FAILED: RPDTM./var/run/rpdtmd_control: Connecting to 128.0,255.255,255.255,0.0.0.0,0.0.0.0, failed: No such file or directory). PR1473846

  • RSVP LSPs might not come up in scaled network with a very high number of LSPs if NSR is used on the transit router. PR1476773

  • Kernel crashes and device might restart. PR1478806

  • RPD 100 percent CPU load and RPD core files are generated on the backup Routing Engine. PR1479249

  • The rpd core files are generated during unified ISSU. PR1493969

Network Address Translation (NAT)

  • The nsd process might crash when SNMP query deterministic NAT pool information. PR1436775

Network Management and Monitoring

  • MX10000 reports jail socket errors. PR1442176

  • The Wrong Type error might be seen for the hrProcessorFrwID object. PR1446675

Platform and Infrastructure

  • The jcrypto syslog help package and events are not packaged even when errmsg is compiled. PR1290089

  • LACP DDoS policer is incorrectly triggered by other protocol’s traffic. PR1409626

  • Error logs might be observed after performing unified ISSU. PR1412463

  • The slax scripts triggered by event options might be stuck forever. PR1422939

  • Packet drops, replication failure, or ksyncd crashes might be seen on the logical system of a device running Junos OS after Routing Engine switchover. PR1427842

  • With CNH for 6PE, MPLS EXP rewrite rule for non-VPN IPv4 over MPLS traffic might not work. PR1430878

  • The FPC might crash when the firewalls filter manager deals with the firewall filters. PR1433034

  • TWAMP session remains in pending state when cooperating with a non-Juniper device. PR1434740

  • Traffic from the same physical interface cannot be forwarded. PR1434933

  • The device might not be accessible after the upgrade. PR1435173

  • BR for MAP-E does not return ICMP Type=3/Code=4 when over MTU sized packet comes with DF bit. PR1435362

  • MAP-E encapsulation or de-encapsulation with specific parameter might work incorrectly. PR1435697

  • The RPM http-get probe always returns HTTP 400 error. PR1436338

  • The /var/db/scripts directory might be deleted after you execute the request system zeroize command. PR1436773

  • With CNH enabled, the MPLS CoS rewrite does not work for 6PE traffic. PR1436872

  • The BGP session might flap after you perform Routing Engine switchover simultaneously on both end of BGP peers. PR1437257

  • The next-hop MAC address in the output for the show route forwarding-table command might be incorrect. PR1437302

  • A certain combination of allow-commands/deny-commands does not work properly after Junos OS Release 18.4R1. PR1438269

  • The inner IPv4 packet might get fragmented using the same size as the configured mtu-v6, which is used for the MAP-E softwire tunnel in the MAP-E configuration. PR1440286

  • The RPM udp-ping probe does not work in a multiple routing instance scenario. PR1442157

  • ARP resolution might fail after ARP HOLD next hops are added and deleted continuously. PR1442815

  • When a host-bound packet is received in a MAP-E BR router, service interface statistics counter shows incorrect number of bytes. PR1443204

  • Packets drop due to missing destination MAC address in the Packet Forwarding Engine. PR1445191

  • Python op scripts are executed as user "nobody" if started from NETCONF session, not as logged in user, resulting in failing PyEZ connection to the device. PR1445917

  • On certain MPC line cards, cm errors need to be reclassified. PR1449427

  • Some hosts behind unnumbered interfaces are unreachable after the router or FPC restarts. PR1449615

  • FPC might reboot with vmcore due to memory leak. PR1449664

  • REST API process becomes nonresponsive when a number of requests come in at a high rate. PR1449987

  • In an EVPN-VXLAN scenario, sometimes host-generated packets gets dropped as hitting reject route in Packet Forwarding Engine. PR1451559

  • The Routing Engine originated IPv6 packets might be dropped when interface-group rule is configured under IPv6 filter. PR1453649

  • The MPC might drop packets after you enable the firewall fast lookup filter. PR1454257

  • The DDoS protection does not stop logging when remote tracing is enabled. PR1459605

  • Modifying the REST configuration might cause the system to become unresponsive. PR1461021

  • CLI configuration flag version-03 must be optional. PR1462186

  • On the MX204 platform, Packet Forwarding Engine errors occur when the incoming GRE tunnel fragments get sampled and undergo inline reassembly. PR1463718

  • EVPN-VXLAN T-5 tunnel does not work properly. PR1466602

  • On the MX150 devices, the default subscriber management license does not include Layer 2 TP. PR1467368

  • The Layer 2 traffic over ae- interfaces sent from one member to another member is corrupted on MX Series Virtual Chassis. PR1467764

  • The JNH memory leaks after CFM session flap for LSI and VT interfaces. PR1468663

  • The switch might not be able to learn MAC address with dot1x and interface-mac-limit configured. PR1470424

  • SSH login might hang, and the TACAS plus server closes the connection without sending any authentication failure response. PR1478959

  • The time convergence for the MVPN fast upstream failover might be more than 50 ms. PR1478981

  • Show system buffer command displays all zeros in the MX104 chassis. PR1484689

  • MAC malformation might occur in rare scenarios under MX Series Virtual Chassis. PR1491091

  • A specific IPv4 packet might lead to FPC restart. PR1493176

  • Routing Engine crash might be seen when a large number of next hops are quickly deleted and added again in a large ARP or ND scale scenario. PR1496429

  • Traffic to VRRP VMAC/VIP drops as "my-mac check failed" when ingress queueing enabled on an aggregated Ethernet interface. PR1501014

  • Python or Slax script might not be executed. PR1501746

Routing Policy and Firewall Filters

  • The route-filter-list configuration with noncontinuous match might not work as expected after being updated. PR1419731

  • Policy matching RD changes next hop of the routes that do not carry the RD. PR1433615

  • The rib-group might not process the exported route correctly. PR1450123

  • The rpd might crash after Routing Engine switchover when prefix-list is configured PR1451025

  • Routes resolution might be inconsistent if any route resolves over the multipath route. PR1453439

Routing Protocols

  • The rpd crashes in Junos OS Release 16.1 or later during BGP convergence. PR1351639

  • Routing Engine-based micro-BFD packets do not go out with configured source IP address when the interface is in logical system. PR1370463

  • The rpd might crash under a rare condition if GR helper mode is triggered. PR1382892

  • Processing a large scale AS-path regex causes the flap of the route protocols to flap. PR1396344

  • BFD link-failure detection of the broken path is delayed when IGP link-state update is received from the same peer through an alternative path. PR1410021

  • BGP might get stuck in the idle state when the peer triggers a GR restart event. PR1412538

  • The Layer 3 VPN link protection does not work after flapping the CE-facing interface. PR1412667

  • Transit traffic does not forward under TI-LFA and IS-IS overLoad bit setting scenario. PR1412923

  • Multicast traffic might be lost for around 30 seconds during Routing Engine switchover. PR1427720

  • The next hop of IPv6 route remains empty when a new IS-IS link comes up. PR1430581

  • The BGP configuration statement multipath multiple-as does not work in specific scenario. PR1430899

  • IPv6 aggregate routes are hidden. PR1431227

  • The rpd process might crash continuously if egress-te is configured under the EBGP VRF routing instance. PR1431536

  • The show isis adjacency extensive output does not contain the state transition details. PR1432398

  • In BFD and GR enabled scenario, BFD DOWN packets are not being sent immediately after BFD failure. PR1432440

  • Per-prefix LFA might not work as expected where the last hop needs to be protected on the penultimate node. PR1432615

  • PIM-SM join message might be delayed when MSDP is enabled. PR1433625

  • The rpd crashes after removing MVPN configuration from a VRF instance. PR1434347

  • With SR enabled, 6PE next hop is not installed. PR1435298

  • The rpd might crash during the best-path changes in BGP-L3VPN with multipath and no-vrf-propagate-ttl enabled. PR1436465

  • BGP route next hop can be incorrect in some scenarios with PIC edge configuration. PR1437108

  • Removing SSH protocol version 1 from configuration. PR1440476

  • RIP routes are discarded by Juniper Networks device over a /31 subnet interface. PR1441452

  • The rpd process might crash in inter-AS option B Layer 3 VPN scenario if CNH is used. PR1442291

  • The CPU utilization on rpd spins at 100 percent once the same external BGP route is learned on different VRF tables. PR1442902

  • The rpd might crash with SR-TE configuration change. PR1442952

  • IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507

  • The rpd crash might be seen after configuring OSPF nssa area-range and summaries. PR1444728

  • The rpd might crash in OSPF scenario due to invalid memory access. PR1445078

  • The rpd process crashes if the multicast scope with an invalid prefix is configured and committed. PR1445746

  • BRP: RPC call is missing for show bgp output-scheduler. PR1445854

  • The BGP route prefixes are not being advertised to the peer. PR1446383

  • The as-external route might not work in OSPF overload scenario for a VRF instance. PR1446437

  • The rpd might crash when the policy applied to the MoFRR is deleted. PR1446472

  • The rpd uses full CPU utilization due to incorrect path selection. PR1446861

  • The multicast traffic might be dropped in PIM with BGP PIC setup. PR1447187

  • The rpd crashes and commit fails when trying to commit configuration changes. PR1447595

  • On the MX2000 Series of devices, Layer 3 VPN PE-CE link protection exhibits unexpected behavior. PR1447601

  • Junos OS BFD sessions with authentication flaps occur after some time. PR1448649

  • The connection between ppmd (Routing Engine) and ppman (FPC) might get lost due to session timeout. PR1448670

  • The BGP routes might fail to be installed in routing instance if the from next-hop policy match condition is used in the VRF import policy. PR1449458

  • The TI-LFA backup path for adj-sid is broken in OSPF. PR1452118

  • SPRING-LDP interoperability issues are observed with colocated SRMS+SR-client+LDP-stitching. PR1452956

  • The SSH login might fail if a user account exists in both local database and RADIUS or TACACS+. PR1454177

  • The rpd scheduler slip for BGP GR might be up to 120 seconds after the peer goes down. PR1454198

  • MoFRR with MLDP inband signaling is not working. PR1454199

  • The rpd memory might leak in a certain MSDP scenario. PR1454244

  • Invalid BGP update sent to peer device might cause BGP session to terminate. PR1454677

  • The rpd might crash when BGP features ORR and IS-IS are configured. PR1454803

  • The rpd process might crash when multipath is in use. PR1454951

  • The rpd might crash continuously due to memory corruption in IS-IS setup. PR1455432

  • Prefix SID conflict might be observed in IS-IS. PR1455994

  • Packets drop and CPU spike on Routing Engine might be seen in certain conditions if labeled-unicast protection is enabled for a CsC-VRF peer. PR1456260

  • The rpd might crash when OSPF router-id gets changed for NSSA with the area-range configured. PR1459080

  • The rpd memory leak might be observed on backup Routing Engine due to BGP flap. PR1459384

  • The other querier present interval timer cannot be changed in an IGMP or MLD snooping scenario. PR1461590

  • Rpd scheduler slips might be seen on RPKI route validation-enabled BGP peering router in a scaled setup. PR1461602

  • Need to install all possible next hops for OSPF network LSAs. PR1463535

  • IS-IS IPv6 multitopology routes might flap every time when there is an unrelated commit under protocol stanza. PR1463650

  • The rpd might crash if both BGP add-path and BGP multipath are enabled. PR1463673

  • The rpd might crash if the IPv4 routes are programmed with IPv6 next hop through JET APIs. PR1465190

  • The BGP peers might flap if the hold-time parameter is set as small. PR1466709

  • The configured BGP damping policy might not take effect after BGP is disabled and then enabled followed by commit. PR1466734

  • BGP multipath does not work for MT on cRPD. PR1467091

  • The rpd might crash after configuring independent-domain under the master routing instance. PR1469317

  • The mcsnoopd might crash when the STP moves the mrouter port to the blocked state. PR1470183

  • The BFD client session might flap when removing the BFD configuration from the peer end (from other vendor) of the BFD session. PR1470603

  • The rpd might stop when both the instance-import and instance-export policies contain the as-path-prepend action. PR1471968

  • The rpd process might crash with BGP multipath and damping configured. PR1472671

  • Removal of the cluster from BGP group might cause prolonged convergence time. PR1473351

  • The rpd process might crash with BGP multipath and route withdrawal occasionally. PR1481589

  • The rpd crashes if the same neighbor is configured in different RIP groups. PR1485009

  • The BGP-LU routes do not have the label when BGP sharding is used. PR1485422

  • The rpd might crash when you perform GRES with MSDP configured. PR1487636

  • High CPU utilization might be observed when the outgoing BGP updates are sent slowly. PR1487691

  • BGP RIB sharding feature cannot be run on a system with a single CPU. PR1488357

  • The routing protocol process (rpd) crashes while processing a specific BGP update information. PR1448425

  • Receipt of certain genuine BGP packets from any BGP speaker causes rpd to crash. PR1497721

Services Applications

  • The kmd process might crash when DPD timeouts for some IKEv2 SAs occur. PR1434521

  • Traffic might be dropped in an IPsec VPN scenario when the VPN peer is behind a NAT device. PR1435182

  • The output of the show subscriber user-name on LTS shows only one session instead of two. PR1446572

  • The jl2tpd process might crash during the restart procedure. PR1461335

  • On an MX Series router, L2tp LTS fails to forward the agentCircuitId and agentRemoteId AVP toward the LNS. PR1472775

  • The kmd might crash due to the incorrect IKE SA establishment after the remote peer's NAT mapping address is changed. PR1477181

Subscriber Access Management

  • Subscriber filtering for general authentication services traceoptions could report debug messages for other users. PR1431614

  • Incorrect Acct-Session-Time and no LCP Termination-Ack by MX Series BNG. PR1433251

  • Subscriber deactivation might get stuck in terminated state. PR1437042

  • Missing <radius-server-data> tags on test ppp aaa display XML output. PR1444438

  • On MX Series platforms, there might be a false error for SAE policy activation or deactivation failure. PR1447632

  • Subscriber’s login fails when PCRF server is unreachable. PR1449064

  • DHCPv6 subscribers might be stuck in a state after the authd process crashes. PR1460578

  • The subscriber address allocation might fail after deleting the pool link in the middle of the chain. PR1465253

  • The volume statistics attributes are missing in the accounting-stop for the Configuration Activated Services and CLI Activated Services. PR1470434

  • The subinterfaces might be missing in the NAS port ID. PR1472045

  • The authd process might crash after the unified ISSU setup from Junos OS Release 18.3 and earlier to Junos OS Release 18.4 and later. PR1473159

  • Some address-relevant fields are missing when executing the test aaa ppp command. PR1474180

  • The CoA request might not be processed if it includes the proxy-state attribute. PR1479697

  • The mac-address CLI option is hidden under the access profile profile-name radius options calling-station-id-format statement. PR1480119

User Interface and Configuration

  • The show chassis hardware satellite command is not available in Junos OS Release 17.3. PR1388252

  • On an MX Series device, a J-Web page might not get redirected to login once the session expires with an idle timeout. PR1459888

VPNs

  • In a specific CE device environment in which asynchronous-notification is used, after the link between the PE and CE devices goes up, the Layer 2 circuit flaps repeatedly. PR1282875

  • The rpd core file is seen at rtbit_reset, rte_tgtexport_rth. PR1379621

  • The rpd crash might be seen if Layer 2 circuit or local-switching connections flap continuously. PR1418870

  • MPLS LSP ping over Layer 2 circuit might not work when flow-label is enabled. PR1421609

  • MVPN using PIM dense mode does not prune the OIF when PIM prune is received. PR1425876

  • The P1 configuration delete message is not sent on loading baseline configuration if there is a prior change in VPN configuration. PR1432434

  • The resumed multicast traffic for certain groups might be stopped in overlapping MVPN scenario. PR1441099

  • Memory leak might happen if PIM messages are received over an MDT (mt- interface) in Draft-Rosen MVPN scenario. PR1442054

  • The rpd process might crash due to memory leak in MVPN RPF Src PE block. PR1460625

  • The l2circuit displays MM status, which may cause traffic loss. PR1462583

  • The Layer 2 circuit connections might become stuck in OL state after changing the Layer 2 circuit community and flapping the primary LSP path. PR1464194

  • The rpd might crash when the link-protection is added to or deleted from LSP for the MVPN ingress replication selective provider tunnel. PR1469028

  • Layer 2 circuit stuck in RD state at one end. PR1498040

Resolved Issues: 19.2R1

Application Layer Gateways (ALGs)

  • DNS requests with the EDNS option might be dropped by the DNS ALG. PR1379433

Authentication and Access Control

  • The dot1xd might crash when dot1xd receives incorrect reply length from the authd. PR1372421

  • Push-to-JIMS now supports push auth entry to all online jims servers. PR1407371

Class of Service (CoS)

  • Traffic drop occurs when deleting MPLS family or disabling the interface that has non-default EXP rewrite-rules. PR1408817

EVPN

  • The rpd process would crash if deactivating the Autonomous-System (AS) in an EVPN scenario. PR1381940

  • The RA packets might be sent out without using the configured virtual gateway address. PR1384574

  • [EVPN/VXLAN] VTEP tunnel does not get deleted when EVPN peer goes down. PR1390965

  • On EVPN setups, incorrect destination MAC addresses starting with 45 might show up when using the show arp hostname command. PR1392575

  • The rpd process might crash with EVPN type-3 route churn. PR1394803

  • The rpd process generates core files upon Routing Engine switchover with scaled EVPN configuration. PR1401669

  • The rpd crashes due to memory corruption in EVPN. PR1404351

  • EVPN database and bridge MAC-table are out of sync due to the interface's flap. PR1404857

  • EVPN routes might show Route Label: 0 in addition to the real label. PR1405695

  • The rpd might crash after NSR switchover in an EVPN scenario. PR1408749

  • Local L2ALD proxy MAC+IP advertisements accidentally delete MAC+IP EVPN database state from remotely learned type 2 routes. PR1415277

  • The rpd process crash on backup Routing Engine after enabling nonstop-routing with EVPN. PR1425687

  • The device might proxy the ARP probe packets in an EVPN environment. PR1427109

  • IP is missing in mac-ip-table of EVPN database but is present in the EVPN database when CE interface has two primary IP address. PR1428581

  • Extra incorrect MAC move might be seen when the host moves continuously between the different ESIs. PR1429821

  • Stale MAC addresses are present in the bridge MAC-table in a EVPN/MPLS scenario. PR1432702

  • Configuring ESI on a single-homed 25G port might not work. PR1438227

  • The RPD process might crash after you commit the changes. PR1439537

Flow-based and Packet-based Processing

  • Fragmentation and ALG support for Power Mode IPSec. PR1397742

Forwarding and Sampling

  • The LSI binding for the IPv6 neighbor is missing. PR1388454

  • Firewall flexible match syntax clarification. PR1389103

  • In Junos OS Release 13.3R9.13, the firewall filter action, "decapsulate gre", decapsulates gre, ip-over-ip, and ipv6-over-ip, but in 17.3R3.9, it only decapsulates gre. PR1398888

General Routing

  • In a BGP/MPLS scenario, if the next hop type of label route is indirect, disabling and enabling the family mpls of the next hop interface might cause the route to go into a dead state. PR1242589

  • Large-scale user’s log in and log out might cause mgd memory leak. PR1352504

  • Packet Forwarding Engine selector get stuck in rerouted state on unilist NH after primary aggregated Ethernet interface is link deactivated and activated. PR1354786

  • The voltage high alarm might not be cleared when the voltage level comes back to normal for a MIC on an MPC5E. PR1370337

  • The filter service might fail to get installed for the subscriber in a scaled BBE scenario. PR1374248

  • In a subscriber scenario, FPC errors might be seen. PR1380566

  • The routes learned over an interface will be marked as "dead" next hop after changing the prefix-length of IPv6 address on that interface. PR1380600

  • Traffic is silently discarded that is caused by FPC offline in a MC-LAG scenario. PR1381446

  • High cpu utilization for chassisd on bsys, approximately 20 percent at steady state. PR1383335

  • Disable reporting of correctable single-bit error on Hybrid Memory Cube (HMC) and prevent Major Alarm. PR1384435

  • Subscriber connection setup is 30 percent lower than expected. PR1384722

  • The rpd might crash when switchover is performed along with configuration changes being committed. PR1385005

  • Incorrect log message for chip errors (extra dash "-"). PR1385066

  • The MPC10E line card interface filter statistics are not showing the input packet count or rejects. The show pfe statistics traffic statement does not report for any normal discard. PR1383579

  • The rpd and KRT queue might get stuck in a VRF scenario. PR1386475

  • Behavior of the set interfaces ams0 service-options session-limit rate <integer value> has changed. PR1386956

  • Migrate from syslog API to errmsg API - VMhost messages on Junos OS. PR1387099

  • Some SFBs might go down when one of the PSMs in the chassis generates a bad output voltage which is out-of-range. PR1387737

  • IPsec IKE keys are not cleared when delete/clear notification is received. PR1388290

  • BBE SMGD core files are geneerated if MTU is changed while subscribers are logged in on the physical interface. PR1389611

  • The jnxFruState might show incorrect PIC state after replacing a MPC with another MPC having less PICs. PR1390016

  • Traffic destined to VRRP VIP gets dropped as filter is not updated to related logical interface. PR1390367

  • Delete chassis redundancy will not give commit warning. PR1390575

  • The BNG might not respond with PADO and create any Demux interface when PPPoE PADI packet is received. PR1390989

  • The Packet Forwarding Engine might not respond with ICMP time exceeded error when packet arrives from the subscriber. PR1391932

  • FPC might reboot on vMX in a subscriber scenario. PR1393660

  • Junos OS enhancement configuration statement to modify mcontrol watchdog timeout. PR1393716

  • The FPC cards might not come up while performing unified ISSU on MX10003. PR1393940

  • IDS aggregate configuration statement should not be considered for the installation of the IDS dynamic. filter PR1395316

  • L3 gateway did not update ARP entries if IP or MAC quickly move from one router to another router in EVPN-VXLAN environment. PR1395685

  • The MPC, and Forwarding Engine Board (AFEB or TFEB) with channelized OC MIC might crash with the generation of core files. PR1396538

  • Adding IRB to bridge-domain with PS interface causes kernel crash. PR1396772

  • Subscriber flapping might cause SMID resident memory leak. PR1396886

  • The routing protocol process (rpd) has facilities to attempt to trap certain classes of nonfatal bugs by continuing to run, but it generates a "soft" core file. PR1396935

  • Seeing VMHost RE 0 Secure BIOS Version Mismatch and VMHost RE 1 Secure Boot Disabled alarms. PR1397030

  • The service PIC might crash while changing CGNAT mode. PR1397294

  • The show system firmware command might provide unexpected output on some MX Series routers such as MX104. PR1398022

  • Wrong transmit clock quality is observed when router is in holdover. PR1398129

  • MPLSoUDP/MPLSoGRE tunnel might not come up on the interface route. PR1398362

  • JET/PRPD incompatibility for the rib_service.proto field RouteGateway.weight from Junos OS Release 18.4R1 to Release 18.4R2 onward. PR1400563

  • The mgd-api might crash due to a memory leak. PR1400597

  • Only one Packet Forwarding Engine could be disabled on FPC with multiple Packet Forwarding Engines in error/wedge condition. PR1400716

  • The show | compare command output on global group changes lose the diff context after a rollback or 'load update' is performed. PR1401505

  • The TCP connection between ppmd and ppman might be dropped due to a kernel issue. PR1401507

  • The FPC generates core files due to a corner case scenario (race condition between RPF, IP flow). PR1401808

  • Traffic loss is seen in IGMP subscribers after GRES. PR1402342

  • The MPC might crash due to the CPU hogging by dfw thread. PR1402345

  • DHCP subscriber cannot reconnect over dynamic VLAN demux interfaces due to RPF check failure. PR1402674

  • Observed rpd core files when few colored LSPs changed to uncolored LSPs. PR1403208

  • The sync_response received earlier for interface sensor subscribed in on-change mode. PR1403672

  • Continuous kernel crashes might be observed in the backup Routing Engine or VC-BM. PR1404038

  • With MS-MPC and MS-MIC service cards, Syslog messages for port block interim might show 0.0.0.0 for the private-IP and PBA release messages might show the NAT'd IP as the private IP. PR1404089

  • The FPC might crash in a CoS scenario. PR1404325

  • The repd continues to generate core files on VC-Bm when there are too many IPv6 addresses on one session. PR1404358

  • Incorrect output of the assigned prefixes to the subscriber in the output of the show interface < dynamic demux interface> command. PR1404369

  • On an MX10003 and an MX10008, its i2c bus might fail a read operation. PR1405787

  • MPC might generate core files after restarting the FPC that belongs to targeting aggregate Ethernet and host subscribers. PR1405876

  • NAT64 translation issues of ICMPv6 Packet Too Big message with MS-MPC/MS-PIC. PR1405882

  • The FPC crash might be observed in MS-MPC HA environment. PR1405917

  • Fabric performance drops on MPC7, MPC8, and MPC9E and SFB2 based MX2000 routers. PR1406030

  • A rpd crash is seen post configuration commit and bt has pointers on receiving SNMP packet. PR1406357

  • Traffic impact might be seen if auto-bandwidth is configured for RSVP LSPs. PR1406822

  • New CLI option to display DF and MLR in split format. PR1406884

  • MX10003 gives a cosmetic error message ALARMD_CONNECTION_FAILURE: after 60 attempts craftd connect returned error: Connection refused. PR1406952

  • Layer 2 VPN might flap repeatedly after the link up between PE and CE devices. PR1407345

  • The rpd might crash when a commit check is executed on LDP trace options filtering. PR1407367

  • NPC core file is generated after daemon restart in jnh_get_oif_nh ( ) routine. PR1407765

  • Ephemeral database might get stuck during commit. PR1407924

  • Traffic forwarding fails when crossing VCF members. PR1408058

  • openconfig-network-instance:network-instances support for IS-IS must be hidden unless supported. PR1408151

  • Group VPN (GVPN): ToS/DSCP byte is not copied into the outer IPSec header during IP header preservation. PR1408168

  • Alarm mismatch in total memory is detected after reboot vmhost both. PR1408480

  • The MPC line cards might crash when performing unified ISSU to Junos OS Release 19.1R1 or above. PR1408558

  • Python script might stop working due to Too many open files error. PR1408936

  • MX-service templates are not cleaned up. PR1409398

  • MX-MPC2-3D-EQ and MPC-3D-16XGE-SFPP will now show the Exhaust A temperature, rather than the Intake temperature. PR1409406

  • MIC-MACSEC-20GE supports Extended Packet Numbering (XPN) mode on 1-Gigabit or 10-Gigabit Ethernet interfaces PR1409457

  • Telemetry: interface-set meta-data needs to include the CoS TCP names in order to aid collector reconciliation with queue-stats data. PR1409625

  • The non-existent subscribers might appear at show system resource-monitor subscribers-limit chassis extensive output. PR1409767

  • FPC might crash during next hop change when using MPLS inline-jflow. PR1409807

  • MX80 drops DNS responses which contain an underscore. PR1410062

  • When using SFP+, the interface optic output might be non-zero even though the interface has been disabled. PR1410465

  • Traffic loss might be seen on MPC8E or MPC9E after request one of the SFB2s offline/online. PR1410813

  • Kernel replication failure might be seen if an IPv6 route next hop points to an ether-over-atm-llc ATM interface. PR1411376

  • Packet Forwarding Engine heap memory leak might happen during frequent flapping of PPPoE subscribers connected over aggregated Ethernet interface. PR1411389

  • Virtual Route Reflector might report DAEMON-3-JTASK_SCHED_SLIP_KEVENT error on some hypervisor or host machine because of NTP sync. Routing protocol might be impacted. PR1411679

  • If GRE over GRE tunnel is used for sending Routing Engine-originating traffic, the traffic cannot be encapsulated properly although the GRE over GRE tunnel works for transit traffic. PR1411874

  • The file copy command might not work if the routing-instance option is not specified. PR1412033

  • On MX10003 router, the rpd process crash with switchover-on-routing-crash does not trigger the Routing Engine switchover and the rpd process on the master Routing Engine goes into STOP state. PR1412322

  • Junos OS PCC might reject PCUpdate/PCCreate message if there is metric type other than type 2. PR1412659

  • PPPoE subscribers might not be able to login after unified ISSU. PR1413004

  • The rpd memory leak might be seen due to a wrong processing of a transient event. PR1413224

  • During unified ISSU from Junos OS Release 16.1R4-S11.1 to Junos OS Release 18.2R2-S1.2, CoS GENCFG write failures are observed. PR1413297

  • The support of inet6 filter attribute for ATM interface is broken in the Junos OS Release 17.2R1 and onwards PR1413663

  • DHCP subscribers over HAG might cause core file generation. PR1413862

  • The services load balance might not be effective for AMS if the hash-key under the forwarding-options hierarchy is configured. PR1414109

  • FPC crash might be observed if it reaches the heap utilization limit. PR1414145

  • Firewall filters are not getting programmed into Packet Forwarding Engine. PR1414706

  • The user might not enter the configure mode due to mgd is in lockf status. PR1415042

  • PMTU issue IPv4/IPv6 MX does not respond when MTU exceeded for clients terminated on tunnel type interfaces. PR1415130

  • Port speed change and scaled aggregate Ethernet configuration can lead to MQSS errors and subsequent card crash. PR1415183

  • PCE-initiated LSPs get deleted from the PCC if the PCEP session goes down and gets re-established within the configured delegation-cleanup-timeout period. PR1415224

  • The bbe-smgd process might have memory leak while running the show system subscriber-management route route-type <> routing-instance <> command. PR1415922

  • jdhcpd core file is observed after deletion of the active lease-query configurations. PR1415990

  • BMP type 1 message with extra 24 bytes at end of the message. PR1416301

  • After a GRES on a MX104 some tunnels will fail to pass traffic after a re-key. PR1417170

  • The ECMP fast reroute protection feature might not work on MX5, MX10, MX40, MX80, and MX104 routers. PR1417186

  • An IPv4 packet with a zero checksum might not be translated to IPv6 packet properly under NAT64 scenario. PR1417215

  • With NETCONF the xmlns attribute is displayed twice when the RPC get-arp-table-information is sent to the router. PR1417269

  • Some subscribers might be offline when doing GRES or daemon restart. PR1417574

  • Observed zero tunnel statistics on the soft-gre tunnel. PR1417666

  • The BGP session might flap after Routing Engine switchover. PR1417966

  • CGNAT with MS-MPC card does not account for AP-P out of port errors or generate a syslog message when this condition is met. PR1418128

  • There is no SNMP trap message generated for jnxHardDiskMissing/jnxHardDiskFailed on MX10003 routers. PR1418461

  • Clear PRBS statistics is ineffective on latest build. PR1418495

  • lsp-cleanup-timer is not being honored when lsp-cleanup-timer is configured to be greater than 2147483647. PR1418937

  • PPPoE compliance issue with RFC2516, the MX allows PPPoE session-id 65535. PR1418960

  • A PPP session under negotiation might be terminated if another PPPoE client bearing the same session ID. PR1419500

  • CPU usage on Service PIC might spike while forming an IPSec tunnel under DEP/NAT-T scenario. PR1419541

  • A new tunnel could not be established after changing the NAT mapping IP address until the IPEC SA Clear command is run. PR1419542

  • rtsock_peer_unconsumed_obj_free_int: unable to remove node from list logged extensively. PR1419647

  • A bbe-mibd memory leak is causing daemon crash when having live subscribers and SNMP OIDs query. PR1419756

  • In the scenario where the MX Series router and the peer device both try to bring an IPsec tunnel up, so both sides are acting as an initiator, if the peer side does not answer the MX ISAKMP requests the MX can bring the peer initiated tunnel down. PR1420293

  • On MX Series routers, the PTP phase is aligned but TE/cTE not good. PR1420809

  • The FPC CPU might be hogged if channelized interfaces are configured. PR1420983

  • Failed to reload keyadmin database for /var/etc/keyadmin.conf. PR1421539

  • bbemg_smgd_lock_cli_instance_db should not log as error messages. PR1421589

  • MX-VC: VCP port reports MTU value 9152 in the ICMP MTU exceeded message while the VCP port MTU is set to 9148. PR1421629

  • RPM syslogs are not getting generated after deactivating the aggregate Ethernet interface. PR1421934

  • Remote gateway address change is not effective on MX150 router when its an initiator. PR1421977

  • The CoS IEEE-802.1 classifier might not get applied when it is configured with service activation on underlying interface. PR1422542

  • On the MX204 router, the number of PICs per FPC is incorrectly used as 8, that causes MAC allocation failure on the physical interfaces. PR1422679

  • Added support for SFP-T with QSA adapter in MX10003. PR1422808

  • Incorrect PIC mode on MX10003 MX1RU when pic mode is changed to default mode. PR1423215

  • While commiting huge configuration customer is seeing the error: mustd trace init failed error. PR1423229

  • MX10003: enhanced-hash-key symmetric is not effective and not shown on FPC. PR1423288

  • Traffic is dropped after FPC reboot with aggregated Ethernet member links deactivated by the remote device. PR1423707

  • The MPC10 line card crash is seen on Ktree alloc ( jnh_dfw_instance_add (filter_index=< optimized out>)) at ../../../../../src/pfe/common/applications/dfw/dfw_iff.c:1030 with inline + scale prefix filter. PR1423709

  • On MX204 optics, "SFP-1GE-FE-E-T" I2C read errors are seen when an SFP-T is inserted into a disabled state port. PR1423858

  • The bbe-smgd process might crash after executing the show system subscriber-management route prefix <> command. PR1424054

  • MX10000 port configured for 1-Gigabit flaps after a Routing Engine switchover. PR1424120

  • The interface configured with 1-Gigabit speed on JNP10K-LC2101 cannot come up. PR1424125

  • mgd-api core file is seen while running the gNMI set operation. PR1424128

  • Continuous MAC change might cause CPU hogs and FPC reboot. PR1424653

  • [vMX]Continous disk error logs on vCP Console (Requesting switchover due to disk failure on ada1). PR1424771

  • The jdhcpd might consume 100 percent CPU and then crash if dhcp-security is configured. PR1425206

  • The rpd might crash continuously when MD5 authentication on any protocols is used along with master password. PR1425231

  • Soft-gre tunnel route is lost after reboot or GRES or upgrade in WAG scenario. PR1425237

  • Log messages are seen continuously on MX204 router fru_is_present: out of range slot 0 for. PR1425411

  • All interfaces creation fails after NSSU. PR1425716

  • Sometimes, the interface is down after rebooting. PR1426349

  • Traffic loss might be seen when multiple IPsec tunnels are established with the remote peer. PR1426975

  • Traffic is not flowing through MACsec interfaces when configured with an unknown cipher algorithm and change back. PR1427294

  • Execution of the clear-session re-cli command should not be allowed from Standby DUT. PR1428353

  • The subscriber IP route might get suck in bbe-smgd if the subscriber IP address is the same with local IP address. PR1428428

  • Incorrect normalization on routing instance where an interface includes a vlan-id-range. PR1428623

  • PTSP subscriber is stuck in configured state. Auto-clear-timer does not work as well. PR1428688

  • Incorrect IGMP statistics for dynamic PPP interfaces are observed. PR1428822

  • L2TP subscriber and MPLS Pseudowire Subscriber volume accounting statistics value remains unchanged post unified ISSU. PR1429692

  • The rpsd daemon is not getting killed on when unconfigured simulatenous to toggling rpd 'force-64-bit', rpsd core file is seen 10 minutes later. PR1429770

  • Cmerror Op set log message is missing for bringup jspec command-based error simulation in EVO. PR1430300

  • Configuration is prevented from being applied on MX Series routers in subscriber scenario. PR1430360

  • Destination unreachable counter is counting up without receiving traffic. PR1431384

  • The bbe-smgd process might crash if PPPoE subscribers are trying to log in when commit is in progress. PR1431459

  • MX10003 - PEM not present alarm is raised when minimum required PEM exist in the system. PR1431926

  • Error message for show system resource-monitor and show system resource-cleanup is error: command is not valid on the qfx5220-32cd. PR1435136

  • A unified ISSU fails from Junos OS Release 19.1R1 legacy Junos OS release images. PR1438144

Infrastructure

  • SNMP OID IFOutDiscards is not updated when drops increase. PR1411303

  • Increase in Junos image size for Junos OS Release 19.1R1. PR1423139

Interfaces and Chassis

  • LFM sessions might flap during unified ISSU. PR1377761

  • Changing the value of mac-table-size to default might lead all FPC to reboot. PR1386768

  • The dcd memory leak might be seen when committing configuration change on static route tag. PR1391323

  • The dcd crash might be seen after deleting the sub interface from VPLS routing-instance and mesh-group. PR1395620

  • NPC crashes at rt_nh_install (rnh=0x618123d8, rnh_src=0x0, rt=< optimized out>, p_rtt=0x74f886c0) at ../../../../src/pfe/common/pfe-arch/trinity/applications/route/rt_nh.c:631. PR1396540

  • Static demux0 logical interfaces do not come up after a configuration change if the underlying interface is et. PR1401026

  • Certain otn-options cause interface flapping during commit. PR1402122

  • Missing mandatory ICCP configuration statement redundancy-group-id-list produces misleading error message. PR1402606

  • The subscriber might not be able to access the device due to the conflicted assigned address. PR1405055

  • On MX Series routers, the EX-SFP-1FE-LX SFP transceiver does not initialize with MIC-3D-20GE-SFP-E(EH). PR1405271

  • The cfmd might fail to start after it is restarted. PR1406165

  • The aaa-options configuration statement for PPPoE subscribers does not work on the MX80 and MX104 routers. PR1410079

  • OAM CFM MEP flaps might occur when hardware-assisted keep alives are enabled. PR1417707

  • Monitor Ethernet loss-measurement command returns Invalid ETH-LM request for unsupported outgoing logical interface. PR1420514

  • Incorrect value on speed will cause traffic destined to the IRB's VIP to be dropped. PR1421857

  • The syslog message /kernel: %KERN-3: pointchange for flag 04000000 not supported on IFD aex is seen on executing LFM related configuration commit on the aggregated Ethernet interfaces. PR1423586

  • [EVPN] Aggregate Ethernet interface flaps followed by commit. PR1425339

  • flexible-queuing-mode is not working on MPC5E of Virtual Chassis member1. PR1425414

  • PEMs lose DC output power load sharing after PEM switch off and on operation on MX routers. PR1426350

  • CFM message flooding. PR1427868

  • Vrrpd crashes during group mastership change if preemption is configured and logical interface was enabled/activated some time after disabling/deactivation. PR1429906

Layer 2 Features

  • The unicast traffic from IRB interface towards LSI might be dropped due to Packet Forwarding Engine mismatch at egress processing. PR1381580

  • Traffic loss might be seen over LDP-VPLS scenario. PR1415522

  • The rpd crashes after iw0 interface is configured under a VPLS instance. PR1406472

  • In a Layer 2 domain, there might be unexpected flooding of unicast traffic at every 32-40 seconds interval towards all local CE-facing interface. PR1406807

  • Broadcast traffics might be discarded in a VPLS local-switching scenario. PR1416228

  • Commit error will be seen but the commit is processed if adding more than one site under protocols vpls in the VPLS routing-instances. PR1420082

Layer 2 Ethernet Services

  • The SNMP query on LACP interface might lead to lacpd crash. PR1391545

  • Log messages dot1xd[]: task_connect: task ESP CLIENT:...: Connection refused might be reported in Junos OS Release 17.4 or later. PR1407775

  • DMAC problem of IRB interface for traffic over the Layer 2 cuircuit. PR1410970

  • The IRB interface might flap after committing configuration change on any interface. PR1415284

  • The IPv6 neighbor might become unreachable after the primary link goes down in a VPLS scenario. PR1417209

  • The jdhcpd becomes aware about some of the existing configuration only after 'commit full' or jdhcpd restart. PR1419437

  • Change the nd6 next hops to reject NH once Layer 2 interfaces gets disassociated with IPv6 entries. PR1419809

  • The jdhcpd process might consistently run at 100 percent CPU and not provide service if delay-offer is configured for the DHCP local server. PR1419816

  • JDI-RCT:BBE:DHCP subscribers on non-default routing instance went down after unified ISSU. PR1420982

  • The jdhcpd daemon might crash during continuous stress test. PR1421569

MPLS

  • Not found number of ingress, transit, and egress LSP's as expected. PR1242558

  • Collecting LDP statistics do not work correctly and kernel memory leak is observed after configuring ldp traffic-statistics. PR1258308

  • With an SR-TE path with "0" explicit NULL as the innermost label, SR-TE path does not get installed with label "0". PR1287354

  • A RSVP-signaled LSP might stay in down state after a link in the path flaps. PR1384929

  • The rpd process might crash when executing traceroute mpls bgp. PR1399484

  • MPLS LSP traffic loss might be seen under rare conditions if CSPF is enabled. PR1402382

  • Scaled MPLS labels might cause slow labels allocation and high CPU utilization. PR1405033

  • The Layer 2 circuit information is not advertised over the LDP session if ldp dual-transport inet-lsr-id is different from the router-id. PR1405359

  • Resources might be reserved for stale RSVP LSP when RSVP is disabled on the interface. PR1410972

  • The rpd might crash in BGP-LU with egress-protection while committing configuration changes. PR1412829

  • The rpd might crash if longest-match is configured for LDP. PR1413231

  • LDP route is not present in inet6.3 if IPv6 interface address is not configured. PR1414965

  • Rpd memory might leak when RSVP LSP is cleared/re-signaled. PR1415774

  • RSVP signalled LSP takes 3 - 4 minutes before LSP switchover begins, causing long traffic to be silently discarded. PR1416487

  • LDP route might be missing in inet.3 when enabling sr-mapping-client on LDP-SR stitching node. PR1416516

  • Traffic might be dropped because of the LDP label corruption after Routing Engine switchover. PR1420103

  • Bad length for Sub-TLV 34 (RFC 8287) in MPLS echo request. PR1422093

  • LDP route metric might not match IGP route metric even with ldp track-igp-metric configured. PR1422645

  • Bypass dynamic RSVP LSP tears down too soon when being used for protecting LDP LSP with dynamic-rsvp-lsp statement. PR1425824

  • MPLS ping sweep stops working and gets CLI irresponsive. PR1426016

  • When MBB for P2MP LSP fails, it is stuck in the old path. PR1429114

Network Management and Monitoring

  • The chassisd might crash and restart after the AGENTX session timeout between master(snmpd) and sub-agent. PR1396967

  • The snmp query might not get data in scaled L2 circuit environment. PR1413352

  • Syslog filtering(match "regular-expression" statement) does not work if each line of /etc/syslog.conf is over 2048 bytes. PR1418705

Platform and Infrastructure

  • The kernel and ksyncd core after dual cb flap at rt_nhfind_params: rt_nhfind() found an nh different from that onmaster 30326. PR1372875

  • Traffic is being dropped when passing through MS-DPC to MPC. PR1390541

  • All FPCs might restart after the Layer 3 VPN routes churn multiple times. PR1398502

  • MAP-E some ICMP types cannot be encapsulated or decapsulated on the SI interface. PR1404239

  • Abnormal queue-depth counters are seen in the show interface queue command output on interfaces that are associated to XM2 and 3. PR1406848

  • IPv6 traffic might be dropped between VXLAN bridge-domain and IP/MPLS network. PR1407200

  • CoS configuration changes might lead to traffic drop on cascade port in a Junos fusion setup. PR1408159

  • Traffic is getting dropped when there is a combination of DPC/FPC card and MPC card on egress PE router in Layer 3 VPN. PR1409523

  • The VLAN tag is wrongly inserted on the access interface if the packet is sent from an IRB interface. PR1411456

  • The MPC might crash when one MIC is pulled out while the MIC is booting up. PR1414816

  • Distributed multicast forwarding to the subscriber interface might not work. PR1416415

  • The op url command cannot run a script with libs from /config/scripts. PR1420976

  • arp request is not replied although proxy-arp is configured. PR1422148

  • show jnh trap-info with incorrect LU instance crashes and generates a core file on FPC. PR1423508

  • The native VLAN ID of packets might fail to be removed when leaving out. PR1424174

  • The policer bandwidth might be incorrect for the aggregated Ethernet interface after activating the shared-bandwidth-policer statement. PR1427936

  • Pre-fragmented ICMP IPv4 packets might fail to arrive at the destination. PR1432506

  • Enable sensor /junos/system/linecard/qmon/ causing continuous ppe_error_interrupt errors. PR1434198

Routing Policy and Firewall Filters

  • The rpd process might crash when the policy configuration is being changed. PR1357802

  • MX-Series: The CLI statement as-path-expand last-as causes commit failures. PR1388159

  • The rpd process might crash when routing-options flow configuration is removed. PR1409672

Routing Protocols

  • Dynamic NextHop template cache does not shrink when application frees the NextHop template. PR1346984

  • Qualified next hop of static route might not be withdrawn when BFD is down. PR1367424

  • The static route might persist even after its BFD session goes down. PR1385380

  • BGP sessions might keep flapping on backup RE if proxy-macip-advertisement is configured on IRB interface for EVPN-VXLAN. PR1387720

  • In rare cases, rpd process might crash after Routing Engine switchover when BGP multipath and L3VPN vrf-table-label are configured PR1389337

  • BGP IPv6 routes with IPv4 next hop causes a rpd crash. PR1389557

  • Multicast traffic might be interrupted in some H-VPLS scenario. PR1394213

  • BGP DMZ LINK BANDWIDTH - not able to aggregate bandwidth, when applying the policy. PR1398000

  • The process rpd might crash in a BGP setup with NSR enabled. PR1398700

  • Unexpectedly high packet loss might be observed after an uplink failure when the MoFRR feature is used in a scaled environment. PR1399457

  • There might be unexpected packets drop in MoFRR scenario if active RPF path is disabled. PR1401802

  • The rpd might be stuck at 100 percent when auto-export and BGP add-path are configured. PR1402140

  • BGP router on the same broadcast subnet with its neighbors might cause IPv6 routing issue on the neighbor from other vendors. PR1402255

  • Some times when a new logical router is configured, the logical router core might be seen on the system. PR1403087

  • Memory leaks when labeled-isis transit routes is created as a chain composite next hop. PR1404134

  • Extended traffic loss might be seen after link recovery when source-packet-routing is used on OSPF P2P links. PR1406440

  • SBFD failure is seen with a special IP address like 127.0.0.1 under interface lo0. PR1406631

  • IGMP join through PPPOE sub is not propagated to upstream PIM. PR1407202

  • The rpd crashes on static route configuration for multicast source. PR1408443

  • On MX Series routers, mcsnoopd core file is generated immediately after the commit change related to EVPN-VXLAN configuration. PR1408812

  • SID label operation might be performed incorrectly in an OSPF SPRING environment. PR1413292

  • An unexpected AS prepending action for AS path might be seen after the no-attrset statement is configured or deleted with vrf-import/vrf-export configuration. PR1413686

  • The CPU utilization of the rpd process is stuck at 100 percent if BGP multipath is configured. PR1414021

  • Dynamic routing protocol flaps with vmhost Routing Engine switchover on Next Generation-Routing Engine. PR1415077

  • The IS-IS SR route sent by the mapping server might be broken for ECMP. PR1415599

  • Route info might be inconsistent between RIB and OSPF database when using the OSPF LFA feature. PR1416720

  • A memory leak in rpd might be seen if source packet routing is enabled for the IS-IS protocol. PR1419800

  • IPv6 IS-IS routes might be deleted and not be reinstalled when MTU is changed under the logical interface level for family inet6. PR1420776

  • A timing issue is seen while closing a PIM task and an auto-RP at the same time that might sometimes result in an rpd core file generation. PR1426711

  • The rpd might crash while handling the withdrawal of an imported VRF route. PR1427147

  • The rpd process might crash with OSPF overload as external configuration. PR1429765

  • The request system core-dump routing CLI is not supported in cRPD. PR1433349

Services Applications

  • Hide HA information when the service set does not have HA configured. PR1383898

  • The following log message is seen: SPD_CONN_OPEN_FAILURE: spd_svc_set_summary_query: unable to open connection to si-0/0/0 (No route to host). PR1397259

  • Inconsistent content might be observed to the access line information between ICRQ and PPPoE. message PR1404259

  • The stale si- logical interface might be seen when L2TP subscribers with duplicated prefixes or framed-route log in. PR1406179

  • The kmd process might crash on MX/ACX platforms when IKEv2 is used. PR1408974

  • The ERA value does not match with configured values while verifying if the new ERA settings are reflected in messages log. PR1410783

  • The jpppd generates core files on LNS. PR1414092

  • L2TP LAC might fail to tunnel static pp0 subscriber to the desired LNS. PR1416016

  • IPsec SA might not come up when the local gateway address is a VIP for a VRRP configured. interface. PR1422171

  • In subscriber with L2TP scenario, subscribers are stuck in INIT state forever. PR1425919

  • Some problems might be seen if client negotiates LCP with no ppp-options to LAC. PR1426164

Software Installation and Upgrade

  • The configuration loss and traffic loss might be seen if the backup Routing Engine is zeroized and is then switched over to master within short time. PR1389268

  • JSU might be deactivated from FPC in case of power cycle. PR1429392

Subscriber Access Management

  • The DHCPv6-PD client connection might be terminated after commit when the RADIUS assigned address is not defined within the range of a local pool. PR1401839

  • The authd crash might be seen due to a memory corruption issue.PR1402012

  • Adding a firewall filter service through the test aaa command causes a crash in dfwd. PR1402051

  • The authd re-uses address too quickly before jdhcpd completely cleans up the old subscriber that is causing the flooding error log DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add x.x.x.x as it is already used by xxx. PR1402653

  • Continuous log message authd[18454]: %DAEMON-3-LI: liPollTimerExpired returned 0. PR1407923

  • Authd telemetry: Linked pool head attribute is incorrect for single pools. PR1413293

  • CoA-NACK is not sent when performing negative COA request tests by sending incorrect session-id. PR1418144

  • Subscribers might not be able to re-login in Gx-plus provisioning scenario. PR1418579

  • PPPoE session might be disconnected when LI attributes are received in access-accept with invalid data. PR1418601

  • Address allocation issue with linked pools when using linked-pool-aggregation. PR1426244

  • RADIUS authentication server might always be marked as DEAD. PR1429528

User Interface and Configuration

  • The show configuration and rollback compare commands are causing high CPU usage. PR1407848

  • Commit reject occurs for ae0.0 vlan-id-list and routing-instance vlan-id (but does not reject for vlan-range). PR1427278

VPNs

  • The receivers belonging to a routing instance might not receive multicast traffic in an Extranet next-generation MVPN scenario. PR1372613

  • Downstream interface is not removed from multicast route after getting PIM prune. PR1398458

  • Routes with multiple communities are being rejected in an inter-AS next-generation MVPN scenario. PR1405182

  • For rosen MVPN configuration with data-mdt, the show pim mdt data-mdt-limit instance < instance name> CLI command with family option causes high CPU usage of the rpd. PR1405887

  • The rpd might crash in rosen MVPN scenario when the same provider tunnel source address is being used for both IPv4 and IPv6. PR1416243

  • The deletion of (S,G) entry might be skipped after the PIM join timeout. PR1417344

  • The rpd process might crash in rare conditions when Extranet next-generation MVPN is configured. PR1419891

  • A permanent traffic loss is seen on next-generation MVPN selective tunnels after Routing Engine switchover (one-time). PR1420006

  • The rpd process might crash and core file is generated during mpls ping command on L2 circuit. PR1425828

Documentation Updates

This section lists the errata and changes in Junos OS Release 19.2R3 documentation for the MX Series.

Installation and Upgrade Guide

  • Veriexec explained (MX Series)—Verified Exec (also known as veriexec) is a file-signing and verification scheme that protects the Junos operating system (OS) against unauthorized software and activity that might compromise the integrity of your device. Originally developed for the NetBSD OS, veriexec was adapted for Junos OS and enabled by default from Junos OS Release 7.5 onward.

    [See Veriexec Overview.]

Subscriber Management Provisioning Guide

  • The Broadband Subscriber Sessions User Guide published for Junos OS Release 19.2R1 erroneously reported support for a feature to manage certain PCRF server errors. Support for an extended session ID was also incorrectly reported. The incorrect information has been removed from the affected topics.

  • The Broadband Subscriber Sessions User Guide published for Junos OS Release 19.2R1 reported that the juniper-access-line-attributes option is backward compatible. This option is not backward compatible with Junos OS Release 19.1 or earlier releases. This means that if you have configured juniper-access-line-attributes option in Junos OS Release 19.2 or higher releases, you must perform the following steps to downgrade to Junos OS Release 19.1 or earlier releases:

    1. Delete the juniper-access-line-attributes option from all access profiles that include it.

    2. Perform the software downgrade.

    3. Add the juniper-dsl-attributes option to the affected access profiles.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

Starting in Junos OS 18.3R1 release, FreeBSD 11.x is the underlying OS for all Junos OS platforms which were previously running on FreeBSD 10.x based Junos OS. FreeBSD 11.x does not introduce any new Junos OS related modifications or features but is the latest version of FreeBSD.

The following table shows detailed information about which Junos OS can be used on which products:

Platform

FreeBSD 6.x-based Junos OS

FreeBSD 11.x-based Junos OS

MX5,MX10, MX40,MX80, MX104

YES

NO

MX240, MX480, MX960,

MX2010, MX2020

NO

YES

Basic Procedure for Upgrading to Release 19.2

Note

Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files) might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Installation and Upgrade Guide.

For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.

Procedure to Upgrade to FreeBSD 11.x based Junos OS

Products impacted: MX240, MX480, MX960, MX2010, and MX2020.

To download and install FreeBSD 11.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-19.2R3.9-signed.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-19.2R3.9-signed.tgz

    Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos package):

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-19.2R3.x-limited.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-19.2R3.9-limited.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 11.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 11.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.

Note

After you install a Junos OS Release 19.2 jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.x) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.

Note

Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.

Procedure to Upgrade to FreeBSD 6.x based Junos OS

Products impacted: MX5, MX10, MX40, MX80, MX104.

To download and install FreeBSD 6.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    • All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

      user@host> request system software add validate reboot source/jinstall-ppc-19.2R3.9-signed.tgz
    • Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos OS package):

      user@host> request system software add validate reboot source/jinstall-ppc-19.2R3.9-limited-signed.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 19.2 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:

  1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.

  2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

  3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

  4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Downgrading from Release 19.2

To downgrade from Release 19.2 to another supported release, follow the procedure for upgrading, but replace the 19.2 jinstall package with one that corresponds to the appropriate release.

Note

You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.

Release History Table
Release
Description
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.