Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for NFX Series

 

These release notes accompany Junos OS Release 20.1R2 for the NFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os

What’s New

Learn about new features introduced in the Junos OS main and maintenance releases for NFX Series.

Note

For information about NFX product compatibility, see NFX Product Compatibility.

What’s New in Release 20.1R2

There are no new features or enhancements to existing features for NFX Series devices in Junos OS Release 20.1R2.

What’s New in Release 20.1R1

Application Security

  • AppQoE support for granular APBR rules (NFX Seris, SRX Series, and vSRX)—Starting in Junos OS Release 20.1R1, AppQoE utilizes the granular rule matching functionality of advanced policy-based routing (APBR) for better quality of experience (QoE) for the application traffic.

    In Junos OS Release 18.2R1, APBR supported configuring policies by defining source addresses, destination addresses, and applications as match conditions. After a successful match, the configured APBR profile is applied as an application services for the session. In this release, AppQoE leverages the APBR enhancement and selects the best possible link for the application traffic as sent by APBR to meet the performance requirements specified in SLA.

    [See Application Quality of Experience.]

  • Default mechanism to forward the traffic through APBR rule (NFX Series, SRX Series, and vSRX)— Starting in Junos OS 20.1R1, you can configure a APBR rule by specifying the dynamic application match criteria with any keyword. This provides a default mechanism to forward the traffic to a specific next-hop device or to a destination if the traffic matches any dynamic application.

    [See Advanced Policy-Based Routing.]

  • Custom application enhancements (NFX Series, SRX Series, and vSRX)—Starting in Junos OS Release 20.1R1, we’ve enhanced the custom applications signature functionality by providing a new set of applications and contexts.

    Application identification allows you to create custom application signatures to detect applications specific to your network environment. You can create custom application signatures for applications based on ICMP, IP protocol, IP address, and Layer 7 or TCP/UDP stream. While configuring the custom application signatures, you must specify the context values that the device can use to match the patterns in the application traffic.

    Custom application signature contexts are part of application signature package. You must download and install the latest application signature package version 3248 or later to use new contexts for custom application signatures.

    [See Custom Application Signatures for Application Identification.]

Interfaces

  • Single-leg and unidirectional cross-connect— Starting in Junos OS Release 20.1R1, NFX Series devices support single-leg cross-connect and unidirectional cross-connect features.

    Single-leg cross-connect feature allows configuration of single entry in the cross-connect. The entry can be either VNF interface or a virtual interface. You can configure the other entry in the cross-connect at any later point of time.

    Unidirectional cross-connect feature allows the traffic to be forwarded conditionally or unconditionally in a single direction. Traffic flow in the opposite (other) direction follows the MAC-based forwarding rule.

    [See How to Configure NFX150, How to Configure NFX250, and How to Configure NFX350.]

Virtualized Network Functions (VNFs)

  • Virtual router reflector (VRR) virtualized network function (VNF) in enhanced orchestration (EO) mode— Starting in Junos OS Release 20.1R1, you can instantiate the VRR VNF in EO mode by using the JDM CLI configuration and without using the XML descriptor file. EO mode uses Open vSwitch (OVS) as an NFV backplane for bridging the interfaces.

    [See Managing Virtual Network Functions Using JDM.]

What's Changed

Learn about what changed in the Junos OS main and maintenance releases for NFX Series.

Known Limitations

There are no known limitations for NFX Series devices in Junos OS Release 20.1R2.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Open Issues

Learn about open issues in Junos OS Release 20.1R2 for NFX Series devices.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Interfaces

  • On NFX350 devices, the clear interface statistics all command takes a longer time to execute. PR1475804

Platform and Infrastructure

  • On NFX150 devices, an srxpfe core file is observed while testing the ADSL interface. PR1485384

  • If you plug an unsupported SFP-T transceiver into an NFX150 device and reboot the device, the FPC1 WAN port does not come online. PR1411851

  • On NFX350 devices, traffic drop is seen with fragmented traffic, and the log reports FLOW_REASSEMBLE_FAIL. PR1475023

Virtual Network Functions (VNFs)

  • On NFX Series devices, analyzers can be configured on VNF interfaces with output port as other VNF interfaces. All the packets entering or exiting can be mirrored on to the designated analyzer port. It is observed that after a system reboot, this functionality stops working and no packets are mirrored on the output analyzer port. PR1480290

Resolved Issues

Learn which issues were resolved in the Junos OS Release 20.1R1 for NFX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 20.1R2

Application Security

  • AppQoE is sending active probe packets for the deleted active-probe-params. PR1492208

Interfaces

  • On NFX250 NextGen devcies, the monitor interface traffic command might not display the output pps for sxe and physical interfaces. PR1464376

  • On NFX350 devices, the show interfaces | no-more command output freezes for 20 seconds after displaying the dl0 interface information. PR1502626

Platform and Infrastructure

  • The device reads the board ID from EEPROM directly using I2C upon power cycle. PR1529667

  • On NFX150 devices, ZTP over LTE configuration commit fails for operation=create in an XML operations configuration. PR1511306

  • After you upgrade the JDM image from Junos OS Release 15.1X53-D497.1 to Junos OS Release 18.4R3-S2, tunnels are down in the gateway router. PR1507165

  • On NFX150 devices, MAC aging does not work. You must remove aged MAC entries from the CLI. PR1502700

  • The request vmhost power-off command reboots the NFX250 NextGen device instead of powering off the device. PR1493062

  • After initiation of zeroization, the NFX250 device is going into a reboot loop. PR1491479

  • Core files on NFX250 while adding the second LAN subnet. PR1490077

  • Potential security vulnerabilities in Intel firmware that is used in the NFX150 network services platform may allow escalation of privilege, denial of service, or information disclosure. Intel has released firmware updates to mitigate these potential vulnerabilities. PR1480976

  • The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best practice as it can allow an attacker with access to the local file system the ability to decrypt password hashes stored on the system by brute force. PR1462556

Resolved Issues: 20.1R1

High Availability

  • On an NFX150 high availability chassis cluster, the host logs updated in the system log messages might not show the correct time stamp. PR1394778

Interfaces

  • On NFX150 devices, no error is displayed when the commit fails after you configure native-vlan-id on an access VNF interface. PR1438854

  • On NFX Series devices, ping is not working between the cross-connected interfaces with interface deny-forwarding configuration. PR1442173

  • On NFX Series devices, the static MAC address is replaced by a random MAC address. PR1458554

  • When traffic goes through vSRX3.0 platforms, core-dump files are generated and traffic is dropped. This issue might result in the Packet Forwarding Engine being inactive and all interfaces being down. PR1465132

  • On NFX150 devices, GRE tunnel interface (gr-1/0/0) might not appear if the clear-dont-fragment-bit option is configured for the GRE interface. PR1472029

  • On NFX350 devices, if you delete and add SXE interfaces, the SXE interface moves to Spanning Tree Protocol blocking (STP BLK) state, and the traffic drops on that interface. PR1475854

Mapping of Address and Port with Encapsulation (MAP-E)

  • On NFX Series devices, IP identification (IP ID) is not changed after MAP-E NAT44 is performed on fragment packets when the packets reach the customer edge (CE) device.

    PR1478037

Platform and Infrastructure

  • LTE package related files are lost after image upgrade from Junos OS Release D497.1 to Junos OS Release 18.4R3.3 on NFX250 devices. PR1493711

  • On NFX Series devices, if there are any conditional groups, the l2cpd process might crash and generate a core dump when interfaces are flapping and the LLDP neighbors are available. It might cause the dot1x process to fail and all the ports have a short interruption at the time of process crash. PR1431355

  • Half-duplex configuration on 1-Gigabit Ethernet ports is not supported when auto negotiation is disabled. PR1453911

  • On NFX350 devices, if you execute the show vmhost mode command multiple times, JDM might crash and cause the show vmhost mode commands to stop working. PR1474220

  • After a power outage, JDMD is not responsive because the /etc/hosts file is corrupted on NFX250 devices. PR1477151

Routing Protocols

  • On NFX Series devices, changing the other querier present interval timer is not working on IGMP or the MLD snooping device in the existing bridge domain (BD) or listener domain (LD). PR1461590

Virtualized Network Functions (VNFs)

  • On NFX150 and NFX250 NextGen devices, when two flowd interfaces are mapped to the same physical interface and if you delete the interface mapping to VF0, the traffic flow is disrupted. Even though the mapping is moved to VF0, the MAC address is not cleared in VF1, which disrupts the traffic. PR1448595

  • On NFX150 devices, when you need to change the vmhost mappings of a particular NIC or NICs, you must delete the existing vmhost mapping and commit the configuration. Now you can configure the new mappings for the respective NICs. You cannot change the NIC vmhost mappings in the same commit to delete and add a new mapping to the heth NICs. PR1459885

  • NFX250 devices do not allow jdm (case-insensitive) as a VNF name. You can use jdm as a part of the name. For example, jdm123, abcJDM, abcJDM123 are valid VNF names, whereas, jdm, JDM, Jdm, JDm are not valid VNF names. PR1463963

Documentation Updates

There are no errata or changes in Junos OS Release 20.1R2 documentation for NFX Series.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the NFX Series. Upgrading or downgrading Junos OS might take several hours, depending on the size and configuration of the network.

Note

For information about NFX product compatibility, see NFX Product Compatibility.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information on EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Basic Procedure for Upgrading to Release 20.1

When upgrading or downgrading Junos OS, use the jinstall package. For information about the contents of the jinstall package and details of the installation process, see the Installation and Upgrade Guide. Use other packages, such as the jbundle package, only when so instructed by a Juniper Networks support representative.

Note

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the device, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files), might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the device. For more information, see the Software Installation and Upgrade Guide.

Note

We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

To download and install Junos OS Release 20.1R2:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the Software tab.
  4. Select the release number (the number of the software version that you want to download) from the Version drop-down list to the right of the Download Software page.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the device or to your internal software distribution site.
  10. Install the new package on the device.