Junos OS Release Notes for PTX Series Packet Transport Routers
These release notes accompany Junos OS Release 20.1R1 for the PTX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
Learn about new features introduced in this release for PTX Series routers.
Interfaces and Chassis
Handling thermal health events (PTX5000)—Starting in Junos OS Release 20.1R1, on PTX5000 routers, you can enable a thermal health check and configure an action (such as auto shutdown and alarm) to be taken when a thermal health event such as power leakage is detected. You can also configure the power supply module (PSM) watchdog, which powers off the PSM output power, if a thermal health event causes Junos to go down.
The PSM watchdog feature works only if all the online PSMs in the router support this feature.
Support for new show | display set CLI commands (ACX-Series, SRX Series, QFX Series, PTX Series, and MX Series)—Starting in Junos OS Release 20.1R1, the following new show CLI commands have been introduced:
show | display set explicit—Display all the configurations explicitly that the system internally creates when you configure certain commands in a single line.
show | display set relative explicit—Display all the configurations explicitly that the system internally creates when you configure certain commands in a single line.
Junos OS XML API and Scripting
jcs:load-configurationtemplate supports loading the rescue configuration (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, the
jcs:load-configurationtemplate supports the
rescueparameter to load and commit the rescue configuration on a device. SLAX and XSLT scripts can call the
jcs:load-configurationtemplate with the
rescueparameter set to
"rescue"to replace the active configuration with the rescue configuration.
Junos Telemetry Interface
ISIS adjacency and LSDB event streaming support on JTI (MX960, PTX1000, PTX10000)—Junos OS Release 20.1R1provides Intermediate System to Intermediate System (IS-IS) adjacency and LSDB statistics using Junos telemetry interface (JTI) and remote procedure call (gRPC) services or gRPC Network Management Interface (gNMI) services. ON_CHANGE statistics are sent to an outside collector.
The following resource paths are supported:
Platform, interface, and alarm sensor ON_CHANGE support on JTI (MX960, MX2020, PTX1000, PTX5000)—Junos OS Release 20.1R1 supports platform, interface, and alarm statistics using Junos telemetry interface (JTI) and gRPC Network Management Interface (gNMI) services. You can use this feature to send ON_CHANGE statistics for a device to an outside collector.
This feature supports the OpenConfig models:
openconfig-platform.yang: oc-ext:openconfig-version 0.12.1
openconfig-interfaces.yang: oc-ext:openconfig-version 2.4.1
openconfig-alarms.yang: oc-ext:openconfig-version 0.3.1
Use the following resource paths in a gNMI subscription:
/components/component(for each installed FRU)
gRPC Dial-Out support on JTI (ACX Series, MX Series, PTX Series, QFX Series)—Junos OS Release 20.1R1 provides gRPC Dial-Out support for telemetry. In contrast to the gNMI Dial-In feature, where the collector (client) initiates a connection to the target device (server) to perform a gNMI subscription operation for telemetry data, the gRPC Dial-Out feature initiates the request for telemetry data in a reverse fashion. The target device initiates a gRPC session with the client, and when the session is established, streams the telemetry data that is specified by the sensor-group subscription to the collector.
gRPC Dial-Out provides several benefits as compared to gRPC Dial-In:
Reduces the exposure of target devices to threats outside of their topology.
Simplifies access to a target device, which, if the gRPC Dial-In method is used, would require a collector to overcome a series of complex firewall configurations to gain access to the target device.
Collectors can be stateless; without the need to initiate a session, they simply listen, subscribe, and store collected data.
Supports encryption statistics to an outside collector.
To enable export of statistics, include the export-profile and sensor option at the [edit services analytics] hierarchy level. The export profile should include the reporting rate, the transport service (like gRPC), and the format (like gbp-gnmi). The sensor configuration should include the name of the collector (the server’s name), the name of the export profile, and the resource path (sensor name), such as
[See Using gRPC Dial-Out.]
gRPC version v1.18.0 supported with JTI (ACX Series, MX Series, PTX Series, QFX Series)—Junos OS Release 20.1R1 includes support for remote procedure call (gRPC) services version v1.18.0 with Junos telemetry interface. Important enhancements for gRPC are included in version v1.18.0. Previously, JTI was supported with gRPC version v1.3.0.
Use gRPC in combination with JTI to stream statistics at configurable intervals from a device to an outside collector.
LLDP statistics, notifications, and configuration model for suppress-tlv-advertisement support on JTI (MX240, MX480, MX960, MX10003, PTX10008, PTX10016)—Junos OS Release 20.1R1 provides remote procedure call (gRPC) streaming services support for attribute leaf suppress-tlv-advertisement under the resource path
SR-TE statistics for uncolored SR-TE policies streaming support on JTI (MX Series, PTX Series)—Junos OS Release 20.1R1 provides Segment Routing Traffic Engineering (SR-TE) per Label Switched Path (LSP) route statistics using Junos telemetry interface (JTI) and remote procedure call (gRPC) services. Using JTI and gRPC services, you can stream SR-TE telemetry statistics for uncolored SR-TE policies statistics to an outside collector.
Ingress statistics include statistics for all traffic steered by means of an SR-TE LSP. Transit statistics include statistics for traffic to the Binding-SID (BSID) of the SR-TE policy.
To enable these statistics, include the per-source per-segment-list option at the [edit protocols source-packet-routing telemetry statistics] hierarchy level.
If the statement set protocols source-packet-routing telemetry statistics no-ingress is issued, ingress sensors are not created.
If the statement set protocols source-packet-routing telemetry statistics no-transit, transit sensors are not created. Otherwise, if BSID is configured for a tunnel, transit statistics are created.
The following resource paths (sensors) are supported:
To provision the sensor to export data through gRPC services, use the telemetrySubscribe RPC.
Streaming telemetry data through gRPC or gNMI also requires the OpenConfig for Junos OS module.
Support for Topology-Independent Loop-Free Alternate (TI-LFA) in IS-IS for IPv6-only networks (ACX Series, MX Series, PTX Series)— Starting with Junos OS Release 20.1R1, you can configure TI-LFA with segment routing in an IPv6-only network for the IS-IS protocol. TI-LFA provides fast reroute (FRR) backup paths corresponding to the post-convergence path for a given failure. TI-LFA provides protection against link failure, and node failure.
You can enable TI-LFA for IS-IS by configuring use-post-convergence-lfa statement at the [edit protocols isis backup-spf-options] hierarchy level. You can enable the creation of post-convergence backup paths for a given IPv6 interface by configuring the post-convergence-lfa statement at the [edit protocols isis interface interface-name level level] hierarchy level. The post-convergence-lfa statement enables link-protection mode.
You can enable node-protection mode for a given interface at the [edit protocols isis interface interface-name level level post-convergence-lfa] hierarchy level. However, you cannot configure fate-sharing protection for IPv6-only networks.
Support for real-time performance monitoring (RPM) on PTX10003—Starting in Junos OS Evolved Release 20.1R1, RPM sends out probes to the network to give a measure of network performance. The scope of support is limited to:
User configuration parsing for RPM
Probe generation and reception (client) as well as reflection (server) for the following RPM probe types:
Also supported are probe history management and reporting through syslog only. See Understanding Using Probes for Real-Time Performance Monitoring on M, T, PTX and MX Series Routers.
MPLS-based J-Flow support (PTX10008)—Starting with Junos OS Evolved Release 20.1R1, MPLS-based J-Flow is supported on the PTX10008. MPLS-based flow records are based on Version 10 (IPFIX) and Version 9.
MPLS-based J-Flow support (PTX10003)—Starting in Junos OS Evolved Release 20.1R1, MPLS-based J-Flow is supported on the PTX10003. MPLS-based flow records are based on Version 10 (IPFIX) and Version 9.
Network Management and Monitoring
Remote port mirroring to an IP address (GRE encapsulation) (PTX Series)—You use port mirroring to send traffic to applications that analyze traffic to monitor compliance, enforce policies, detect intrusions, and so on. Starting in Junos OS Release 20.1R1, you can configure remote port mirroring to send sampled packets to a remote IP address, with the packets encapsulated in a GRE header.
The filter with the port-mirroring instance action is also supported as a bind point for forwarding-table filter (FTF) interfaces.
Configure remote port mirroring to send sampled packets to a remote IP address, with the packets encapsulated in an IPv4 GRE header:
set forwarding-options port-mirroring instance instance-name output ip-source-address address ip-destination-address address
(Optional) Configure a static traffic-class value that represents the 8-bit differentiated services (DS) field in the IPv4 header of a GRE tunnel:
set forwarding-options port-mirroring instance instance-name output dscp numeric-dscp-value
(Optional) Configure a policer to control the amount of packets sent out:
set forwarding-options port-mirroring instance instance-name output policer policer-name
(Optional) Configure the forwarding of packets to a queue defined by a forwarding class:
set forwarding-options port-mirroring instance instance-name output forwarding-class forwarding-class-name
There are no changes in the behavior of Junos OS features or in the syntax of Junos OS statements and commands in this release for PTX Series.
Learn about known limitations in this release for PTX Series routers.
PTX Series platform with FPC Model FPC-PTX-P1-A or FPC2-PTX-P1A might encounter single event upset (SEU) event which can cause a linked-list corruption of the TQCHIP. The following syslog message will get reported. Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 JunOS chassis management error handling does detect such condition, will raise an Alarm and performs disable-pfe action for the affected Packet Forwarding Engine entity. To recover this Packet Forwarding Engine entity a restart of the FPC is needed. Soft errors are transient or non-recurring. FPC experiencing such SEU events do not have any permanent damage. Contact your Juniper support representative if the issue is seen after a FPC restart. PR1254415
When filter is attached in outbound direction, GRE encap headers are applied after the filter block at egress direction. So in this case, it is possible that filter is evaluated on old header content (and not on new GRE encap header) and hence filter evaluation turns true and packet gets recirculated for another GRE encap. This issue is difficult to fix as filter block evaluation happens before new header is attached. This should be documented. PR1465837
Learn about open issues in this release for PTX Series routers.
Traffic loss will be greater than 50 ms (in-order of 200 to 300 ms) for IP routes pointing to unilist of composites with Indirect nexthops during link down scenario. In this case Packet Forwarding Engine does not do the local repair and will wait for the RPD to install the new nexthops. PR1383965
On Junos routers and switches with Link Aggregation Control Protocol (LACP) enabled, deactivating a remote aggregate Ethernet (AE) member link will make the local member link move to LACP Detached state. The Detached link will be invalidated from the Packet Forwarding Engine AE-Forwarding table as expected. However, if the device is rebooted with this state, all the member links will be enabled in PFE AE-Forwarding table irrespective of LACP states and result in traffic drop. PR1423707
The em2 interface configuration is causing FPC to crash during initialization and FPC does not come online, after deleting the em2 configuration and restarting the router FPC comes online. PR1429212
Memory leaks are expected in this release. PR1438358
On PTX1000/PTX10002 platforms, if transient voltage fluctuations on SIB/FPC are seen, it might trigger FHP (fabric healing process) and FPC/SIB restart, and later the SIB might never restart and FPC still goes online, so the device might stay in black hole finally. It would affect the service. PR1460406
When user configure best destination-network with dyn-tunnel-attribute-policy and preference. we are not migrating tunnel from old destination network. PR1462805
On PTX3000/PTX5000 platform with some specific FPCs, if the weights of links are set to an invalid value on an AE bundle interface or unilist (an unilist next-hop composed of several unicast next-hops), the FPC crash might be observed. It is a rare issue and the FPC will try to reload to resolve this problem. Traffic loss might be seen before the FPC completes the reload period. PR1484255
The harmless log of invalid SMART checksum might be seen when performing software upgrade to specific releases (for example,15.1F5-S3, 15.1F6-S1, 15.1F7, 15.1R4-S3, 15.1R5, 16.1R1, 16.1R2, and 16.2R1). PR1222105
With Bidirectional Forwarding Detection (BFD) configured on an aggregated Ethernet interface, if you disable/enable the aggregated Ethernet interface, then that interface and the BFD session might not come up. PR1354409
By adding sbfd responder configuration on RE-DUO-2600, ppmd crashes and core file is generated. The issue is not seen on RE-PTX-2X00x6(NGRE). PR1477525
Learn which issues were resolved in this release for PTX Series.
Forwarding and Sampling
The pfed might crash and not be able to come up on the PTX or TVP platforms. PR1452363
PTX interface stays down after maintenance. PR1412126
Telemetry statistics might not account correctly when IS-IS sensors are enabled and the route next-hops are ae interfaces. PR1413680
LACP packet does not pass through l2circuit. PR1424553
Interface does not come up after interface flapping and FPC reboot. PR1428307
Reclassification policy applied on the route prefixes might not work on PTX Series platforms. PR1430028
The l2cpd process might crash and generate a core file when interfaces are flapping. PR1431355
The FPC might crash when a firewall filter is modified. PR1432116
Unable to change DDoS protocol TTL values under PTX10000. PR1433259
Upgrading will fail due to communication failure between Junos VM and Host OS. PR1438219
Packet loss might be seen if IPoIP or MPLSoUDP dynamic tunnels with ECMP is configured. PR1446132
Changing the hostname will trigger lsp on -change notification, not an adjacency on-change notification. Also, currently IS-IS is sending host-name instead of system-id in OC paths. PR1449837
JNP10K-LC2101 FPC generates "Voltage Tolerance Exceeded" major alarm for EACHIP 2V5 sensors. PR1451011
The 100G interface might not come up after flapping on PTX5000. PR1453217
Traffic might be dropped on PTX Series platforms. PR1459484
Traffic blackholing upon interface flap after DRD auto-recovery. PR1459698
The "forwarding" option is missed in routing-instance type. PR1460181
Hardware failure in CB2-PTX causes traffic interruption. PR1460992
The sample/syslog/log action in output firewall filter with packet of size less than 128 might cause ASIC wedge (all packet loss) on PTX Series platforms. PR1462634
PIC might restart if the temperature of QSFP optics is overheated on PTX3000 or PTX5000. PR1462987
FPC might restart during run time on PTX10000/QFX10000 platforms. PR1464119
Continuous MACSEC wedge cleared logs might be seen and LACP flapping might happen with 100% line rate traffic or near line rate traffic in the MACsec line card. PR1466481
EBUF parity interrupt is not seen on QFX10000/PTX platforms. PR1466532
IPv6 traffic might get dropped in Layer 3 VPN network. PR1466659
Packet Forwarding error logs (prds_packet_classify_notification: Failed to find fwd nh for flabel 48) might be reported when igmp packets got sampled on PTX5000 platform. PR1466995
Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435
Incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands. PR1470385
Traffic loops for pure Layer 2 packets coming over evpn tunnel with destination mac matching irb mac. PR1470990
The input-vlan-map/output-vlan-map might not work properly in L2circuit local-switching scenario. PR1474876
The kernel crashes when removing mounted USB while a file is being copied to it. PR1425608
Slow response from SNMP might be observed after an upgrade to Junos OS Release 19.2R1 and above. PR1462986
Interfaces and Chassis
After member interface flapping aggregated Ethernet remains down on 5X100GE DWDM CFP2-ACO PIC. PR1429279
Layer 2 Ethernet Services
Member links state might be asychronized on a connection between Provider Edge and CE in EVPN A/A scenario. PR1463791
Kernel crash and device restart might happen. PR1478806
SSH login might fail if a user account exists in both local database and RADIUS or TACACS+. PR1454177
The other querier present interval timer cannot be changed in IGMP/MLD snooping scenario. PR1461590
The rpd process might crash with BGP multipath and route withdraw occasionally. PR1481589
There are no errata or changes in Junos OS Release 20.1R1 documentation for the PTX Series.
Migration, Upgrade, and Downgrade Instructions
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the PTX Series. Upgrading or downgrading Junos OS might take several hours, depending on the size and configuration of the network.
Basic Procedure for Upgrading to Release 20.1
When upgrading or downgrading Junos OS, use the jinstall package. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide. Use other packages, such as the jbundle package, only when so instructed by a Juniper Networks support representative.
Back up the file system and the currently active Junos OS configuration before upgrading Junos OS. This allows you to recover to a known, stable environment if the upgrade is unsuccessful. Issue the following command:
The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the router, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files), might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Installation and Upgrade Guide.
We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.
To download and install Junos OS Release 20.1R1:
- Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:
- Select the name of the Junos OS platform for the software that you want to download.
- Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
- Select the Software tab.
- In the Install Package section of the Software tab, select the software package for the release.
- Log in to the Juniper Networks authentication system by using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
- Review and accept the End User License Agreement.
- Download the software to a local host.
- Copy the software to the routing platform or to your internal software distribution site.
- Install the new jinstall package on the router.
We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.
All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:
user@host> request system software add validate reboot source/junos-install-ptx-x86-64-20.1R1.9.tgz
Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (limited encryption Junos OS package):
user@host> request system software add validate reboot source/junos-install-ptx-x86-64-20.1R1.9-limited.tgz
Replace the source with one of the following values:
/pathname—For a software package that is installed from a local directory on the router.
For software packages that are downloaded and installed from a remote location:
The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.
Adding the reboot command reboots the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
You need to install the Junos OS software package and host software package on the routers with the RE-PTX-X8 Routing Engine. For upgrading the host OS on this router with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.
After you install a Junos OS Release 20.1jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.
Most of the existing request system commands are not supported on routers with RE-PTX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.4, 18.1, and 18.2 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.
To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see https://support.juniper.net/support/eol/software/junos/.
Upgrading a Router with Redundant Routing Engines
If the router has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to avoid disrupting network operation as follows:
Disable graceful Routing Engine switchover (GRES) on the master Routing Engine and save the configuration change to both Routing Engines.
Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.
After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.
Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.
For the detailed procedure, see the Installation and Upgrade Guide.