Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for NFX Series


These release notes accompany Junos OS Release 19.4R1 for the NFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at

What’s New

Learn about new features introduced in the Junos OS main and maintenance releases for NFX Series devices.

General routing

  • Support for MAP-E customer edge encapsulation and decapsulation (NFX Series)—Starting in Junos OS release 19.4R1, Mapping of Address and Port with Encapsulation (MAP-E) customer edge (CE) encapsulation and decapsulation are supported on NFX Series devices. MAP-E is an IPV6 transition technique that encapsulates an IPv4 packet in an IPv6 and carries the packet over IPv4-over-IPv6 tunnel from MAP-E CE devices to the MAP-E provider edge (PE) devices (also called as border relay [BR] devices) through an IPv6 routing topology, where the packet is de-tunneled for further processing.

    MAP-E uses network address port translation (NAPT) features for restricting transport protocol ports, Internet Control Message Protocol (ICMP) identifiers, and fragment identifiers to the configured port sets. Existing NAPT feature is enhanced to add this capability.

    [See How to Configure the NFX150.]

    [See How to Configure the NFX250 NextGen.]


  • NFX350 Platform— With Junos OS Release 19.4R1, the NFX portfolio introduces the NFX350 Network Services Platform, which is a secure, automated, software-driven customer premises equipment (CPE) platform that delivers virtualized network and security services on demand. The NFX350 is part of the Juniper Cloud CPE solution, which leverages Network Functions Virtualization (NFV). The NFX350 platform completes the uCPE portfolio to provide end-to-end platforms for medium, large, and extra-large deployments. In addition to IPsec, Layer 2 features, and SD-WAN functionality, the NFX350 provides features such as LAN or WAN isolation, software and hardware resiliency, redundant power supply, BMC, and serial over LAN.

    The NFX350 devices are available in the following variants:

    • NFX350-S1—Rack-mount model with 8-core Intel Skylake D-2146NT CPU, 100-GB SSD, 32-GB RAM, eight 1-Gigabit Ethernet RJ-45 LAN ports, and eight 10-Gigabit Ethernet SFP+ WAN ports.

    • NFX350-S2—Rack-mount model with 12-core Intel Skylake D-2166NT CPU, 100-GB SSD, 64-GB RAM, eight 1-Gigabit Ethernet RJ-45 LAN ports, and eight 10-Gigabit Ethernet SFP+ WAN ports.

    • NFX350-S3—Rack-mount model with 16-core Intel Skylake D-2187NT CPU, 100-GB SSD, 128-GB RAM, eight 1-Gigabit Ethernet RJ-45 LAN ports, and eight 10-Gigabit Ethernet SFP+ WAN ports.

    [See NFX350 Hardware Guide.]

    [See How to Configure the NFX350.]


  • Remote Management through Baseboard Management Controller (BMC)—BMC allows you to monitor the NFX350 device externally with an independent connection through BMC management or console, and internally using the Junos OS.

    [See How to Configure the NFX350.]


  • NFX350 Architecture—The NFX350 architecture enables unified management of its components through the Junos Control Plane (JCP). It supports the following modes to effectively manage system resources:

    • Throughput mode—Provides maximum resources (CPU and memory) for Junos software. The default mode is throughput mode.

    • Hybrid mode—Provides a balanced distribution of resources between the Junos software and third-party VNFs.

    • Compute mode—Provides minimal resources for Junos software and maximum resources for third-party VNFs

    [See NFX350 Hardware Guide.]

    [See How to Configure the NFX350.]

What's Changed

There are no changes in the behavior of Junos OS features or in the syntax of Junos OS statements and commands in Junos OS Release 19.4R1 for NFX Series devices.

Known Limitations

Learn about known limitations in Junos OS Release 19.4R1 for NFX Series devices. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.


  • On NFX150 devices, the link does not come up if a 1-gigabit SFP transceiver is connected from heth-0-4 and heth-0-5 to a peer device. As a workaround, disable the auto-negotiation for the interface connected to the NFX150 on the remote device. PR1428020

Platform and Infrastructure

  • On NFX150 devices, random RPM probe losses are noticed if the probe packets are fragmented because the data-size more than the inet MTU. PR1447082

Open Issues

Learn about open issues in Junos OS Release 19.4R1 for NFX Series devices. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

High Availability

  • On an NFX150 high availability chassis cluster, the host logs updated in the system log messages might not show the correct time stamp. As a workaround, convert the UTC time stamp to local time zone. PR1394778

Mapping of Address and Port with Encapsulation (MAP-E)

  • On NFX Series devices, IP address is not changed after MAP-E NAT44 is performed on fragment packets when the packets reach the customer edge (CE) device. To avoid this issue, you can configure the Border Relay (BR) device as follows:

    user@host# set services softwire softwire-concentrator map-e mape-domain-1 v4-reassembly
    user@host# set services softwire softwire-concentrator map-e mape-domain-1 v6-reassembly



  • When you issue a show interface command on NFX150 devices to check the interface details, the system will not check whether the interface name provided is valid or invalid. The system will not generate an error message if the interface name is invalid. PR1306191

  • When a DHCP server assigns a conflicting IP address to the NFX device interfaces, the NFX device will not send a DHCP DECLINE message in response. PR1398935

  • On NFX150 and NFX250 NextGen devices, when you add, modify, or delete a VNF interface that is mapped to an L2 or L3 data plane, kernel traces might be observed on the NFX Series device console. PR1435361

  • Only ge-1/0/1 is mapped to OVS by default and 8 logical interfaces are created on this. PR1452743

  • When traffic goes through vSRX3.0 platforms, core-dump files are generated and traffic is dropped. This issue might result in Packet Forwarding Engine being inactive and all interfaces being down. PR1465132

Platform and Infrastructure

  • If you plug an unsupported SFP-T transceiver into an NFX150 device and reboot the device, the FPC1 WAN port does not come online. PR1411851

  • Jumbo frames are not supported through OVS on an NFX250 device. PR1420630

  • On NFX250 devices, vector packet processing (VPP) is not running on dual CPE and occasionally on single CPE. PR1461238

  • After upgrading the NFX Series devices to Junos OS Release 19.2R2-S1.4, the following commit warning is seen even though there is no configuration change under the forwarding-options vxlan-overlay-load-balance option:


  • Packet drops, replication failure or ksyncd crashes might be seen on the logical system of a Junos OS device after Routing Engine switchover. PR1427842

  • On NFX350 devices, if you execute the show vmhost mode command multiple times, JDM may crash and cause the show commands to stop working. PR1474220

  • On NFX350 devices, an srxpfe core file is generated when VF mapping to srxpfe changes. When mapping the backplane's NIC changes for FPC1 to a VF, the srxpfe restarts. In NFX350 devices, the internal NICs are Intel NICs and the DPDK library in srxpfe is unable to handle the PF reset event generated during the remapping. This causes the srxpfe to crash just before the restart. There is no impact on functionality as a result of this issue; however, graceful restart doesn’t happen, and instead the srxpfe generates a core file. PR1469201

Virtual Network Functions (VNFs)

  • On NFX150 and NFX250 NextGen devices, when two flowd interfaces are mapped to the same physical interface and if you delete the interface mapping to VF0, the traffic flow is disrupted. Even though the mapping is moved to VF0, the MAC address is not cleared in VF1, which disrupts the traffic. As a workaround, reboot the device, which resets the MAC address to the default value. PR1448595

  • NFX250 devices do not allow jdm (case-insensitive) as a VNF name. You can use jdm as a part of the name. For example, jdm123, abcJDM, abcJDM123 are valid VNF names, whereas, jdm, JDM, Jdm, JDm are not valid VNF names. PR1463963

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases for NFX Series devices.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service

  • On NFX Series devices, when CoS rewrite rule is configured for st0 interface, the CoS value will not take effect on corresponding forwarding class. It causes the CoS not to work as expected. This issue has traffic impact. PR1439401


  • When you transition NFX150 devices from PPPoE configuration to non-PPPoE configuration in a non-promiscuous mode, the interface hangs without any traffic flow. PR1409475

  • The limit on maximum OVS interfaces is restored to the originally defined limit of 25 for backward compatibility. As a workaround, reduce the number of OVS interfaces in the configuration to 20 or fewer. PR1439950

  • On NFX150 and NFX250 NextGen devices, cross-connect stays down even if all linked interfaces are up. PR1443465

  • On NFX Series devices, ping is not working between the cross-connected interfaces with interface deny-forwarding configuration. PR1442173

Layer 2 Ethernet Services

  • In DHCP relay scenario, if the device (DHCP relay) receives a request packet with option 50 where the requested IP address matches the IP address of an existing subscriber session, such request packet would be dropped. In such a case the subscriber may need more time to get IP address assigned. The subscriber may remain in this state until it's lease expires if it had previously bound with the address in the option 50. PR1435039

Platform and Infrastructure

  • On NFX Series devices, the HTTP traffic flow is created with a different routing instance when an APBR profile is configured with category and application in the same profile. PR1447757

  • When applying firewall filters on lo0.0 on an NFX250 NextGen device, FPC0 disappears. PR1448246

  • On NFX150 devices, the show security dynamic-address command does not work for port 3. PR1448594

  • Half duplex configuration on 1G ports is not supported when autonegotiation is disabled. PR1453911

  • Informational log message, LIBCOS_COS_RETRIEVE_FROM_PVIDB: feature cos_fc_defaults num elems 4 rc 0 is displayed on the console when you commit after you configure AppQoS rule set. PR1457328

  • REST API process will get non responsive when a number of requests start coming at a high rate. PR1449987


  • On NFX150 devices, SNMP does not work for the following commands:

    • show snmp mib walk jnxIpSecTunMonOutEncryptedBytes

    • show snmp mib walk jnxIpSecTunMonOutEncryptedPkts

    • show snmp mib walk jnxIpSecTunMonInDecryptedBytes

    • show snmp mib walk jnxIpSecTunMonInDecryptedPkts

    • show snmp mib walk jnxIpSecTunMonLocalGwAddr

    • show snmp mib walk jnxIpSecTunMonLocalGwAddrType


  • Version compare in phc may fail causing the phc to download the same image. PR1453535

Virtual Network Functions (VNFs)

  • On NFX150 devices with VNFs configured, when the VNF interfaces are moved from default OVS bridge to custom OVS bridge, there will be duplicate VNF host entries in the /etc/hosts file on JDM. PR1434679

  • On NFX150 devices, when you need to change the vmhost mappings of a particular NIC or NICs, you must delete the existing vmhost mapping and commit the configuration. Now you can configure the new mappings for the respective NICs. You cannot change the NIC vmhost mappings in the same commit to delete and add a new mapping to the heth NICs. PR1450147

Documentation Updates

This section lists the errata and changes in Junos OS Release 19.4R1 documentation for the NFX Series.

Feature Guides Are Renamed As User Guides

  • Starting with Junos OS 19.4R1, we renamed our Feature Guides to User Guides to better reflect the purpose of the guides. For example, the BGP Feature Guide is now the BGP User Guide. We didn’t change the URLs of the guides, so any existing bookmarks you have will continue to work. To keep the terminology consistent on our documentation product pages, we renamed the Feature Guides section to User Guides. To find documentation for your specific product, check out this link.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the NFX Series. Upgrading or downgrading Junos OS might take several hours, depending on the size and configuration of the network.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information on EEOL releases and to review a list of EEOL releases, see

Basic Procedure for Upgrading to Release 19.4

When upgrading or downgrading Junos OS, use the jinstall package. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide. Use other packages, such as the jbundle package, only when so instructed by a Juniper Networks support representative.


The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the device, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files), might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the device. For more information, see the Software Installation and Upgrade Guide.


We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

To download and install Junos OS Release 19.4R1:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the Software tab.
  4. Select the release number (the number of the software version that you want to download) from the Version drop-down list to the right of the Download Software page.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the device or to your internal software distribution site.
  10. Install the new package on the device.