Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for NFX Series

 

These release notes accompany Junos OS Release 19.4R3 for the NFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What’s New

Learn about new features introduced in the Junos OS main and maintenance releases for NFX Series devices.

What's New in Release 19.4R3

There are no new features or enhancements to existing features for NFX Series devices in Junos OS Release 19.4R3.

What's New in Release 19.4R2

There are no new features or enhancements to existing features for NFX Series devices in Junos OS Release 19.4R2.

What's New in Release 19.4R1

General routing

  • Support for MAP-E customer edge encapsulation and decapsulation (NFX Series)—Starting in Junos OS release 19.4R1, Mapping of Address and Port with Encapsulation (MAP-E) customer edge (CE) encapsulation and decapsulation are supported on NFX Series devices. MAP-E is an IPV6 transition technique that encapsulates an IPv4 packet in an IPv6 and carries the packet over IPv4-over-IPv6 tunnel from MAP-E CE devices to the MAP-E provider edge (PE) devices (also called as border relay [BR] devices) through an IPv6 routing topology, where the packet is de-tunneled for further processing.

    MAP-E uses network address port translation (NAPT) features for restricting transport protocol ports, Internet Control Message Protocol (ICMP) identifiers, and fragment identifiers to the configured port sets. Existing NAPT feature is enhanced to add this capability.

    [See How to Configure the NFX150.]

    [See How to Configure the NFX250 NextGen.]

Hardware

  • NFX350 Platform— With Junos OS Release 19.4R1, the NFX portfolio introduces the NFX350 Network Services Platform, which is a secure, automated, software-driven customer premises equipment (CPE) platform that delivers virtualized network and security services on demand. The NFX350 is part of the Juniper Cloud CPE solution, which leverages Network Functions Virtualization (NFV). The NFX350 platform completes the uCPE portfolio to provide end-to-end platforms for medium, large, and extra-large deployments. In addition to IPsec, Layer 2 features, and SD-WAN functionality, the NFX350 provides features such as LAN or WAN isolation, software and hardware resiliency, redundant power supply, and serial over LAN. The NFX350 device supports two external SSD and LTE expansion module.

    The NFX350 devices are available in the following variants:

    • NFX350-S1—Rack-mount model with 8-core Intel Skylake D-2146NT CPU, 100-GB SSD, 32-GB RAM, eight 1-Gigabit Ethernet RJ-45 LAN ports, and eight 10-Gigabit Ethernet SFP+ WAN ports.

    • NFX350-S2—Rack-mount model with 12-core Intel Skylake D-2166NT CPU, 100-GB SSD, 64-GB RAM, eight 1-Gigabit Ethernet RJ-45 LAN ports, and eight 10-Gigabit Ethernet SFP+ WAN ports.

    • NFX350-S3—Rack-mount model with 16-core Intel Skylake D-2187NT CPU, 100-GB SSD, 128-GB RAM, eight 1-Gigabit Ethernet RJ-45 LAN ports, and eight 10-Gigabit Ethernet SFP+ WAN ports.

    [See NFX350 Hardware Guide.]

    [See How to Configure the NFX350.]

Architecture

  • NFX350 Architecture—The NFX350 architecture enables unified management of its components through the Junos Control Plane (JCP). It supports the following modes to effectively manage system resources:

    • Throughput mode—Provides maximum resources (CPU and memory) for Junos software. The default mode is throughput mode.

    • Hybrid mode—Provides a balanced distribution of resources between the Junos software and third-party VNFs.

    • Compute mode—Provides minimal resources for Junos software and maximum resources for third-party VNFs

    [See NFX350 Hardware Guide.]

    [See How to Configure the NFX350.]

What's Changed

Learn about what changed in Junos OS main and maintenance releases for NFX Series devices.

What’s Changed in 19.4R3 Release

There are no changes in the behavior of Junos OS features or in the syntax of Junos OS statements and commands in Junos OS Release 19.4R3 for NFX Series devices.

What’s Changed in 19.4R2 Release

There are no changes in the behavior of Junos OS features or in the syntax of Junos OS statements and commands in Junos OS Release 19.4R2 for NFX Series devices.

What’s Changed in 19.4R1 Release

There are no changes in the behavior of Junos OS features or in the syntax of Junos OS statements and commands in Junos OS Release 19.4R1 for NFX Series devices.

Known Limitations

Learn about known limitations in this release for NFX Series devices. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

High Availability

  • On an NFX250 chassis cluster, commit fails for LAG deployment on a reth interface. PR1487857

Platform and Infrastructure

  • On NFX350 devices, an srxpfe core file is generated when VF is mapped to srxpfe changes. While mapping the backplane's NIC changes for FPC1 to a VF, the srxpfe restarts. On NFX350 devices, the internal NICs are Intel NICs and the DPDK library in srxpfe is unable to handle the PF reset event generated during the remapping. This causes the srxpfe to crash just before the restart. There is no impact on functionality as a result of this issue; however, graceful restart does not happen, and instead the srxpfe generates a core file. PR1469201

Open Issues

Learn about open issues in this release for NFX Series devices. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Platform and Infrastructure

  • Login access to JDM through TACACS failed after upgrade to Junos OS Release 18.4R3 As a workaround, log in as a local user. PR1504915

  • On NFX150 devices, the following messages are seen during FTP: ftpd[14105]: bl_init: connect failed for /var/run/blacklistd.sock (No such file or directory) messages are seen during FTP. PR1315605

  • On NFX350 devices, the request system storage clean-up command does not clear the /var/packages/db/pkginst.* folders. PR1474695

Virtual Network Functions (VNFs)

  • On NFX Series devices, analyzers can be configured on VNF interfaces with output port as other VNF interfaces. All the packets ingressing or egressing can be mirrored on to the designated analyzer port. It is observed that after a system reboot, this functionality stops working and no packets are mirrored on the output analyzer port. PR1480290

Resolved Issues

Learn which issues were resolved in Junos OS main release and the maintenance releases for NFX Series devices.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 19.4R3

Interfaces

  • On NFX350 devices, the clear interface statistics all command takes a longer time to execute. PR1475804

  • On NFX350 devices, the show interfaces | no-more command output freezes for 20 seconds after displaying the dl0 interface information. PR1502626

Platform and Infrastructure

  • On NFX150 devices, MAC aging does not work. You must remove aged MAC entries from the CLI. PR1502700

  • On NFX150 devices, ZTP over LTE configuration commit fails for operation=create in xml operations configuration. PR1511306

Resolved Issues: 19.4R2

Interfaces

  • On NFX350 devices, if any xSTP protocol is enabled on all interfaces, it gets enabled on L3 interfaces, which are enabled with vlan-tagging or flexible-vlan-tagging. This results in blocking the SXE interface. PR1475854

  • Management ports are not disabled with link disable command on NFX150-S1 devices. PR1442064

  • On NFX Series devices, ping is not working between the cross-connected interfaces with interface deny-forwarding configuration. PR1442173

  • On NFX150 and NFX250 NextGen devices, when two srxpfe interfaces are mapped to the same physical interface, data packets received on physical NIC from external device are still sent to the old VF mapping instead of new mapping. PR1448595

  • On NFX150 devices, the heth-0-4 and heth-0-5 ports do not detect traffic when you try to activate the ports by plugging or unplugging the cable. PR1449278

  • On NFX Series devices, the static MAC address is replaced by random MAC address. PR1458554

  • On NFX150 devices running Junos OS Release 19.3R1, the vmhost virtualization-options command is not working as expected for heth to ge interface mapping. PR1459885

  • On NFX250 NextGen devices, the monitor interface traffic command might not display the pps output for SXE and physical interfaces. PR1464376

  • When traffic goes through vSRX3.0 platforms, core-dump files are generated and traffic is dropped. This issue might result in Packet Forwarding Engine being inactive and all interfaces being down. PR1465132

  • On NFX Series devices, the GRE tunnel interface (gr-1/0/0) may not appear if the clear-dont-fragment-bit option is configured for the GRE interface. PR1472029

Mapping of Address and Port with Encapsulation (MAP-E)

  • On NFX Series devices, IP identification (IP ID) is not changed after MAP-E NAT44 is performed on fragment packets when the packets reach the customer edge (CE) device.

    PR1478037

Platform and Infrastructure

  • On NFX Series devices, if there are any conditional groups, the l2cpd process might crash and generate a core dump when interfaces are flapping and the lldp neighbors are available. It might cause the dot1x process to fail and all the ports have a short interruption at the time of process crash. As a workaround, delete the conditional group in the device. PR1431355

  • On NFX350 devices, if you execute the show vmhost mode command multiple times, JDM may crash and cause the show commands to stop working. PR1474220

  • After a power outage, JDMD is not responsive because the /etc/hosts file is being corrupted. PR1477151

  • Coredumps on NFX250 while adding the second LAN subnet. PR1490077

  • AppQoE is sending active probing packets for the deleted active-probe-params option. PR1492208

  • On NFX250 NexGen devices, the request vmhost power-off command reboots the device instead of powering off. PR1493062

  • Package files are lost after you upgrade the software image from Junos OS Release D497.1 to Junos OS release 18.4R3.3 on NFX250 devices. PR1493711

Virtual Network Function (VNF)

  • No error is displayed for native-vlan-id option that is configured on an access VNF interface though the commit fails. PR1438854

  • On NFX350 devices, VNF instantiation does not work properly. PR1478456

Resolved Issues: 19.4R1

Class of Service

  • On NFX Series devices, when CoS rewrite rule is configured for st0 interface, the CoS value will not take effect on corresponding forwarding class. It causes the CoS not to work as expected. This issue has traffic impact. PR1439401

High Availability

  • On an NFX150 high availability chassis cluster, the host logs updated in the system log messages might not show the correct time stamp. As a workaround, convert the UTC time stamp to local time zone. PR1394778

Interfaces

  • When you transition NFX150 devices from PPPoE configuration to non-PPPoE configuration in a non-promiscuous mode, the interface hangs without any traffic flow. PR1409475

  • The limit on maximum OVS interfaces is restored to the originally defined limit of 25 for backward compatibility. As a workaround, reduce the number of OVS interfaces in the configuration to 20 or fewer. PR1439950

  • On NFX150 and NFX250 NextGen devices, cross-connect stays down even if all linked interfaces are up. PR1443465

Layer 2 Ethernet Services

  • In DHCP relay scenario, if the device (DHCP relay) receives a request packet with option 50 where the requested IP address matches the IP address of an existing subscriber session, such request packet would be dropped. In such a case the subscriber may need more time to get IP address assigned. The subscriber may remain in this state until it's lease expires if it had previously bound with the address in the option 50. PR1435039

Platform and Infrastructure

  • On NFX Series devices, the HTTP traffic flow is created with a different routing instance when an APBR profile is configured with category and application in the same profile. PR1447757

  • When applying firewall filters on lo0.0 on an NFX250 NextGen device, FPC0 disappears. PR1448246

  • On NFX150 devices, the show security dynamic-address command does not work for port 3. PR1448594

  • Half duplex configuration on 1G ports is not supported when autonegotiation is disabled. PR1453911

  • Informational log message, LIBCOS_COS_RETRIEVE_FROM_PVIDB: feature cos_fc_defaults num elems 4 rc 0 is displayed on the console when you commit after you configure AppQoS rule set. PR1457328

  • REST API process will get non responsive when a number of requests start coming at a high rate. PR1449987

  • Packet drops, replication failure or ksyncd crashes might be seen on the logical system of a Junos OS device after Routing Engine switchover. PR1427842

  • After upgrading the NFX Series devices to Junos OS Release 19.2R2-S1.4, the following commit warning is seen even though there is no configuration change under the forwarding-options vxlan-overlay-load-balance option:

    PR1459833

Routing Protocols

  • On NFX Series devices, changing the other querier present interval timer is not working on IGMP or MLD snooping device in the existing Bridge Domain (BD) or Listener Domain (LD). As a workaround, deactivate or activate the IGMP snooping via configuration or run the restart multicast-snooping command.PR1461590

SNMP

  • On NFX150 devices, SNMP does not work for the following commands:

    • show snmp mib walk jnxIpSecTunMonOutEncryptedBytes

    • show snmp mib walk jnxIpSecTunMonOutEncryptedPkts

    • show snmp mib walk jnxIpSecTunMonInDecryptedBytes

    • show snmp mib walk jnxIpSecTunMonInDecryptedPkts

    • show snmp mib walk jnxIpSecTunMonLocalGwAddr

    • show snmp mib walk jnxIpSecTunMonLocalGwAddrType

    PR1386894

  • Version compare in phc may fail causing the phc to download the same image. PR1453535

Virtual Network Functions (VNFs)

  • On NFX150 devices with VNFs configured, when the VNF interfaces are moved from default OVS bridge to custom OVS bridge, there will be duplicate VNF host entries in the /etc/hosts file on JDM. PR1434679

  • On NFX150 devices, when you need to change the vmhost mappings of a particular NIC or NICs, you must delete the existing vmhost mapping and commit the configuration. Now you can configure the new mappings for the respective NICs. You cannot change the NIC vmhost mappings in the same commit to delete and add a new mapping to the heth NICs. PR1450147

  • NFX250 devices do not allow jdm (case-insensitive) as a VNF name. You can use jdm as a part of the name. For example, jdm123, abcJDM, abcJDM123 are valid VNF names, whereas, jdm, JDM, Jdm, JDm are not valid VNF names. PR1463963

Documentation Updates

This section lists the errata and changes in Junos OS Release 19.4R3 documentation for the NFX Series.

Feature Guides Are Renamed As User Guides

  • Starting with Junos OS 19.4R1, we renamed our Feature Guides to User Guides to better reflect the purpose of the guides. For example, the BGP Feature Guide is now the BGP User Guide. We didn’t change the URLs of the guides, so any existing bookmarks you have will continue to work. To keep the terminology consistent on our documentation product pages, we renamed the Feature Guides section to User Guides. To find documentation for your specific product, check out this link.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the NFX Series. Upgrading or downgrading Junos OS might take several hours, depending on the size and configuration of the network.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information on EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Basic Procedure for Upgrading to Release 19.4

When upgrading or downgrading Junos OS, use the jinstall package. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide. Use other packages, such as the jbundle package, only when so instructed by a Juniper Networks support representative.

Note

NFX150, NFX250 NextGen, and NFX350 devices run VMhost supported routing engine, and should follow the VMhost Support on Routing Engines upgrade procedure.

Note

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the device, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files), might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the device. For more information, see the Software Installation and Upgrade Guide.

Note

We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

To download and install Junos OS Release 19.4R3:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the Software tab.
  4. Select the release number (the number of the software version that you want to download) from the Version drop-down list to the right of the Download Software page.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the device or to your internal software distribution site.
  10. Install the new package on the device.