Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for MX Series 5G Universal Routing Platform

 

These release notes accompany Junos OS Release 20.1R1 for the MX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

Learn about new features introduced in Junos OS Release 20.1R1 for MX Series routers.

Class Of Service

  • Hierarchical Class of Service (CoS) support on the MX2K-MPC11E line card (MX2008, MX2010, MX2020)—Starting in Junos OS Release 19.3R2 and 20.1R1, hierarchical class of service (CoS) is supported on the MX2K-MPC11E line card.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Forwarding COS (L2 classifiers, rewrite) support on the MX2K-MPC11E line card (MX2008, MX2010, MX2020)—Starting in Junos OS Release 19.3R2 and 20.1R1, Junos OS supports forwarding CoS (L2 classifiers, rewrite) for MX Series routers with the MX2K-MPC11E line card.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Seamless MPLS CoS support for pseudo-wires from access node (AN) and Multi-Services-Edge (MSE) node on MX2K-MPC11E line cards (MX2008, MX2010, MX2020)—Starting with Junos OS Release 19.3R2 and Junos OS Release 20.1R1, support is provided on the MX2K-MPC11E line card for pseudo-wires from access node (AN) and Multi-Services-Edge (MSE) node for MX Series (MX2008, MX2010, MX2020) routers to include seamless MPLS class of service(CoS) (BA and MF classifier, rewrite, schedulers, drop-profiles, policers, HQoS support - interface-set, PS IFD level, S-VLAN level, logical unit/C-VLAN level, traffic-control profile).

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Class of Service (CoS) support for forwarding-class (FC) counters on MX2K-MPC11E line cards (MX2008, MX2010, MX2020)—Starting in Junos OS Release 19.3R2 and Junos OS Release 20.1R1, support for forwarding-class (FC) counters on MX2K-MPC11E line cards is provided. This feature was originally introduced in Junos OS Release 14.1.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Layer 2.5 injection of control traffic to ensure queuing on GRE tunnel with class of service (CoS) settings intact (MX Series)—Starting with Junos OS Release 20.1R1, host-injected control traffic reaches the GRE tunnel interface queues at the PFE when the control session is over the GRE tunnel interface. This includes control protocols OSPF, BGP, PIM, RSVP, LDP, OAM, BFD and MSDP.

    Injection of control traffic ensures that the kernel includes the interface ID of the GRE logical interface and the unicast next-hop ID of the corresponding GRE physical interface along with the packet that is injected into the PFE. PFE code uses the logical interface ID and next-hop ID information to forward the packet. GRE encapsulation occurs at the PFE level and the packet gets looped back over the GRE tunnel after being subjected to CoS treatment over the GRE interface queues. The looped back packet is subjected to a second lookup and is then forwarded over the egress physical interface.

    Support for control traffic to travel over the GRE tunnel with CoS intact means the copy-tos-to-outer-ip-header statement cannot be used. Use the copy-tos-to-outer-ip-header-transit configuration statement instead. With this feature enabled, all transit packets on the GRE tunnel logical interface have the TOS copied to the outer header.

    To enable this feature, configure the force-control-packets-on-transit-path statement on the GRE tunnel logical interface.

    This feature is supported on the MX204 and the MX NG MPCs (MPC2E-NG and MPC3E-NG).

    [See force-control-packets-on-transit-path.

EVPN

  • Support for EVPN functionality on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS 20.1R1, you can configure MX2K-MPC11E line cards on MX2010 and MX2020 routers to support single-homed devices on an EVPN-MPLS network.

    [See EVPN Multihoming Overview.]

Forwarding and Sampling

  • Support for load balancing on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the following advanced Layer 2 features are supported on MX2010 and MX2020 routers with MX2K-MPC11E line cards and Enhanced Switch Fabric Boards (SFB3s): enhanced hash-key options, consistent flow hashing, symmetrical load balancing over 802.3ad LAGs, source IP only hashing, and destination IP only hashing. [See Configuring Per-Flow Load Balancing Based on Hash Values.]

General Routing

  • Support for GRE Key (MX Series)—Starting with Junos OS 20.1R1, Junos OS supports configuring a key to identify traffic flows in a GRE tunnel as defined in RFC2890. You must configure the key on the routers on both endpoints of a tunnel and create an export policy to populate the key in the forwarding table. You can configure dynamic-tunnel-gre-key at the [edit routing-options dynamic-tunnels tunnel-attributes name] hierarchy level.

    [See dynamic-tunnel-gre-key.]

High Availability and Resiliency

  • Support for BFD on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1, MX2010 and MX2020 routers with the MX2K-MPC11E line card support the following Bidirectional Forwarding Detection (BFD) features:

    • Centralized BFD

    • Distributed BFD

    • Inline BFD (single-hop only)

    • Single-hop BFD

    • Multihop BFD

    • Micro BFD

    • BFD over integrated routing and bridging (IRB) interfaces

    • BFD over pseudowire over logical tunnel and redundant logical tunnel interfaces

    • Virtual circuit connectivity verification (VCCV) BFD for Layer 2 VPNs, Layer 2 circuits, and virtual private LAN service (VPLS)

    Micro BFD at the Packet Forwarding Engine level behaves slightly differently on MX2K-MPC11E line cards. If micro BFD is enabled on an aggregated Ethernet (ae) interface, the micro BFD packets are not subjected to firewall filters for both tagged and untagged ae interfaces.

    [See Understanding BFD for Static Routes for Faster Network Failure Detection and Understanding Distributed BFD.]

Interfaces and Chassis

  • Support for flexible tunnel interfaces (MX240, MX480, and MX960 with MPC10E; MX2010 and MX2020 with MPC11E)—Starting in Junos OS Release 20.1R1, MX Series routers with MPC10E or MPC11E support flexible tunnel interfaces (FTIs). FTIs support Layer 3 point-to-point tunnels, which use Virtual Extensible LAN (VXLAN) encapsulation with a Layer 2 pseudo-header.

    To configure FTIs on your device and to enable multiple encapsulations on the FTIs, use the vxlan-gpe statement at the [edit interfaces interface-name unit logical-unit-number tunnel encapsulation] hierarchy level.

    [See Flexible Tunnel Interfaces Overview and vxlan-gpe (FTI).]

  • Adaptive load balancing on MPC10E-15C-MRATE, MPC10E-10C-MRATE, and MX2K-MPC11E line cards (MX240, MX480, MX960, MX2020)—Starting in Junos OS Release 20.1R1, adaptive load balancing (ALB) is supported on aggregate Ethernet bundles and ECMP links to correct traffic imbalance among member links. Adaptive load balancing (ALB) resolves traffic load imbalance caused by the hashing algorithm. With ALB configured on the system, traffic is balanced across member links when an imbalance is detected.

    • To configure ALB on aggregated Ethernet bundles, run the set interfaces name aggregated-ether-options load-balance adaptive tolerance command. [See adaptive.]

    • To configure ALB on ECMP links, run the set chassis ecmp-alb tolerance command. [See ecmp-alb.]

    [See Example: Configuring Aggregated Ethernet Load Balancing.]

  • VLAN TCC encapsulation on aggregated Ethernet interfaces (MX Series)—Starting in Junos OS Release 20.1R1, aggregated Ethernet interfaces support VLAN translational cross-connect (TCC) encapsulation. For configuring VLAN TCC encapsulation, you must have the member links of aggregated Ethernet with VLAN TCC encapsulation supported hardware.

    Note

    MX series routers does not perform any external commit check for member links of aggregated interfaces for the VLAN TCC encapsulation supported hardware.

    You must configure the following parameters to enable VLAN TCC encapsulation on aggregated Ethernet interfaces:

    • Enable the extended-vlan-tcc option for aggregated Ethernet interfaces at the [edit interfaces interface-name encapsulation] hierarchy level to configure extended 802.1q tagging for TCC.

    • Enable the vlan-tcc option for aggregated Ethernet interfaces at the [edit interfaces interface-name unit logical-unit-number encapsulation] hierarchy level to configure 802.1q tagging for TCC.

    • Enable the inet-address option for aggregated Ethernet interfaces at the [edit interfaces interface-name unit logical-unit-number family tcc proxy] hierarchy level to configure proxy host address on the non-Ethernet side of Ethernet TCC circuits.

    • Enable the inet-address option for aggregated Ethernet interfaces at the [edit interfaces interface-name unit logical-unit-number family tcc remote] hierarchy level to configure remote host address on the non-Ethernet side of Ethernet TCC circuits.

    • Enable the mac-address option for aggregated Ethernet interfaces at the [edit interfaces interface-name unit logical-unit-number family tcc remote] hierarchy level to configure remote MAC address on the non-Ethernet side of Ethernet TCC circuits.

    • Enable the tcc option for aggregated Ethernet interfaces at the [edit interfaces interface-name unit logical-unit-number family] hierarchy level to configure the TCC protocol suite.

    [See Configuring VLAN TCC Encapsulation.]

  • MPC11E supports Junos node slicing (MX2010, MX2020)—Starting in Junos OS Release 20.1R1, the MPC11E supports Junos node slicing and abstracted fabric (af) interfaces. Using Junos node slicing, you can create multiple partitions in a single physical MX Series router. Each partition, referred to as a guest network function (GNF), behaves as an independent router. An Abstracted Fabric interface is a pseudointerface that exhibits a first-class Ethernet interface behavior. The abstracted fabric interface facilitates routing control and management traffic between GNFs through the switch fabric. In a Junos node slicing deployment, the MPC11E interoperates with all MPCs that support the abstracted fabric interfaces.

    Note

    The MPC11E interoperates only with the Switch Fabric Board SFB3.

    [SeeUnderstanding Junos Node Slicing.]

  • Support for rate selectability on MX2K-MPC11E line card (MX2010 and MX2020 routers)—In Junos OS Release 19.3R2, and Release 20.1R1, we introduce a new fixed-configuration, rate-selectable line card, MX2K-MPC11E. The line-card has 40 built-in ports that can operate at 100 Gbps speed. You can configure all ports in a PIC to operate at the same speed or configure all the ports at different supported speeds. With QSFP28 optics installed, all ports operate at a default speed of 100 Gbps. In addition, you can use QSFP+ optics on Port 0 of every PIC and configure it as:

    • A 40-Gbps interface

    • Four 10-Gbps interfaces (channels), using breakout cables

    See Introduction to Rate Selectability.

  • Distributed LACP support in PPM AFT on MX2K-MPC11E (MX Series)—Starting in Junos OS Release 20.1R1, the MX2K-MPC11E line card supports distributed LACP. Distributed LACP support is managed by the advanced forwarding toolkit (AFT)-based periodic packet manager (PPMAN). In earlier releases, and for other line cards except MPC10E, distributed LACP support is managed by the Junos OS-based PPMAN.

    See [Periodic Packet Management]

  • Optimize fabric path to prevent traffic hop (MX2008, MX2010, and MX2020 with MX2K-MPC11E)—Starting in Junos OS Release 20.1R1, on MX2008, MX2010, and MX2020 routers with MX2K-MPC11E, you can optimize the fabric path of the traffic flowing over abstracted fabric (af) interfaces between two guest network functions (GNFs) by configuring fabric optimization mode. This feature reduces fabric bandwidth consumption by preventing any additional fabric hop (switching of traffic flows from one Packet Forwarding Engine to another because of load balancing on the abstracted fabric interface) before the packets eventually reach the destination Packet Forwarding Engine.

    To configure fabric optimization mode, use the following CLI command at the base system (BSYS): set chassis network-slices guest-network-functions gnf id collapsed-forward (monitor | optimize).

    [See Optimizing Fabric Path for Abstracted Fabric Interface.]

  • Chassis and power management for MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the MX2010 and MX2020 routers with the MX2K-MPC11E line card support chassis management features, including field- replaceable unit (FRU) management, power budgeting and management, and environmental monitoring.

    The MX2K-MPC11E line card supports the following configuration:

    • The ambient temperature is less than 46°C.

    • The ports on the MX2K-MPC11E line cards operate at various modes or speeds (10-Gbps, 40-Gbps, or 100 Gbps). The pic-mode specifies the speed of the active ports. If pic-mode is not specified, then the default mode is 100 Gbps.

    • Supports dynamic power management.

    • Supports both hyper mode (the default mode) and normal mode.

    • Supports both normal mode (the deafult mode) and enhanced priority mode for interface schedulers.

    • Supports interface queueing modes, namely WAN port queueing mode (the default mode), limited queueing mode, and enhanced queueing mode.

    [See Understanding How Configuring Ambient Temperature Helps Optimize Power Utilization and Understanding How Dynamic Power Management Enables Better Utilization of Power.]

  • MPC Protocol and Application Support for MX2K-MPC11E line cards—Starting with Junos OS Release 20.1R1, MX2020 and MX2010 routers with MX2K-MPC11E line cards support many MPC protocols and applications. For a complete list, see Protocols and Applications Supported by the MX2K-MPC11E.

    • Standard Generic Routing Encapsulation (GRE)

    • Bidirectional Forwarding Detection protocol (BFD)

    • Internet Control Message Protocol (ICMP) and ICMPv6

    • Border Gateway Protocol (BGP)

    • BGP/MPLS virtual private networks (VPNs)

    • Logical system and Virtual routing and forwarding (VRF) routing instances

    • Load Balancing

    • Class of Service (CoS)—per port, virtual LAN (VLAN), Point-to-Point Protocol over Ethernet (PPPoE) or Dynamic Host Configuration Protocol (DHCP), Egress hierarchical class-of-service (CoS) shaping

    • Layer 2 Features

    • Firewall filters and policers

    [See MX Series 5G Universal Routing Platform Interface Module Reference.]

Junos OS, XML, API and Scripting

  • The jcs:load-configuration template supports loading the rescue configuration (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, the jcs:load-configuration template supports the rescue parameter to load and commit the rescue configuration on a device. SLAX and XSLT scripts can call the jcs:load-configuration template with the rescue parameter set to "rescue" to replace the active configuration with the rescue configuration.

    [See Changing the Configuration Using SLAX and XSLT Scripts and jcs:load-configuration Template.]

Junos Telemetry Interface

  • Packet Forwarding Engine support for JTI on MX2K-MPC11E line cards (MX2010 and MX2020)—Now supported in Junos OS Release 20.1R1, Junos telemetry interface (JTI) supports streaming of Packet Forwarding Engine statistics for MX2010 and MX2020 routers using Remote Procedure Calls (gRPC). gRPC is a protocol for configuration and retrieval of state information. This support was first introduced in Junos OS Release 19.3R2.

    To provision the sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • Platform, interface, and alarm sensor ON_CHANGE support on JTI (MX960, MX2020, PTX1000, PTX5000)—Junos OS Release 20.1R1 supports platform, interface, and alarm statistics using Junos telemetry interface (JTI) and gRPC Network Management Interface (gNMI) services. You can use this feature to send ON_CHANGE statistics for a device to an outside collector.

    This feature supports the OpenConfig models:

    • openconfig-platform.yang: oc-ext:openconfig-version 0.12.1

    • openconfig-interfaces.yang: oc-ext:openconfig-version 2.4.1

    • openconfig-alarms.yang: oc-ext:openconfig-version 0.3.1

    Use the following resource paths in a gNMI subscription:

    • /components/component (for each installed FRU)

    • /interfaces/interface/state/

    • /interfaces/interface/subinterfaces/subinterface/state/

    • /alarms/alarm/

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • gRPC version v1.18.0 supported with JTI (ACX Series, MX Series, PTX Series, QFX Series)—Junos OS Release 20.1R1 includes support for remote procedure call (gRPC) services version v1.18.0 with Junos telemetry interface. Important enhancements for gRPC are included in version v1.18.0. Previously, JTI was supported with gRPC version v1.3.0.

    Use gRPC in combination with JTI to stream statistics at configurable intervals from a device to an outside collector.

    [See gRPC Services for Junos Telemetry Interface.]

  • gNMI-based streaming telemetry support for Packet Forwarding Engine sensors on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, gRPC Network Management Interface (gNMI) service support is available to export Packet Forwarding Engine statistics for telemetry monitoring and management using Junos telemetry interface (JTI). Using gNMI and JTI, data is exported from devices to outside collectors at configurable intervals. This feature includes support (SensorD daemon) to export telemetry data for the OpenConfig model called AFT platform.

    Use the following resource paths to export sensor data for interface information and traffic, logical interface traffic, firewall filter counters, and policer counters:

    • /junos/system/linecard/interface/

    • /junos/system/linecard/interface/traffic/

    • /junos/system/linecard/interface/queue/

    • /junos/system/linecard/interface/logical/usage/

    • /junos/system/linecard/firewall/

    • /junos/system/linecard/services/inline-jflow/

    To provision the sensor to export data through gNMI services, use the Subscribe RPC. The Subscribe RPC and subscription parameters are defined in the gnmi.proto file. Streaming telemetry data through gRPC or gNMI also requires the OpenConfig for Junos OS module.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface) and Understanding OpenConfig and gRPC on Junos Telemetry Interface.]

  • gNMI-based streaming telemetry support for Packet Forwarding Engine sensors on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, gRPC Network Management Interface (gNMI) service support is available to export Packet Forwarding Engine statistics for telemetry monitoring and management using Junos telemetry interface (JTI). Using gNMI and JTI, data is exported from devices to outside collectors at configurable intervals. This feature includes support (SensorD daemon) to export telemetry data for the OpenConfig model called AFT platform.

    Use the following resource paths to export sensor data for interface information and traffic, logical interface traffic, firewall filter counters, and policer counters:

    • /junos/system/linecard/interface/

    • /junos/system/linecard/interface/traffic/

    • /junos/system/linecard/interface/queue/

    • /junos/system/linecard/interface/logical/usage/

    • /junos/system/linecard/firewall/

    • /junos/system/linecard/services/inline-jflow/

    To provision the sensor to export data through gNMI services, use the Subscribe RPC. The Subscribe RPC and subscription parameters are defined in the gnmi.proto file. Streaming telemetry data through gRPC or gNMI also requires the OpenConfig for Junos OS module.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface) and Understanding OpenConfig and gRPC on Junos Telemetry Interface.]

Layer 2 Features

  • Supported features on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the following advanced Layer 2 features are supported on MX2K-MPC11E line cards:

MPLS

  • Support for segment routing over RSVP FA (MX Series)—Starting with Junos OS Release 20.1R1, we provide support for segment routing traffic to be carried over RSVP LSPs that are advertised as forwarding adjacencies in IS-IS. This feature is implemented in a network having LDP on the edge and RSVP in the core where LDP can be easily replaced with ISIS-SR. Therefore, we are able to remove a protocol from the network resulting in network simplification.

    [See Understanding Source Packet Routing in Networking (SPRING).]

  • Support for static adjacency segment identifier for aggregated Ethernet member links on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting with Junos OS Release 20.1R1, you can configure a transit single-hop static label-switched path (LSP) for a specific member link of an aggregated Ethernet (ae) interface. The label for this route comes from the segment routing local block (SRLB) pool of the configured static label range. Configure the aggregated Ethernet member-interface name using the member-interface statement option at the [edit protocols mpls static-label-switched-path name transit name] hierarchy level. This feature is supported for aggregated Ethernet interfaces only.

    [See transit and Configuring Static Adjacency Segment Identifier for Aggregate Ethernet Member Links Using Single-Hop Static LSP.]

Multicast

  • Support for multicast forwarding on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, multicast forwarding is fully supported on MX2010 and MX2020 routers with MX2K-MPC11E line cards and Enhanced Switch Fabric Boards (SFB3).

    [See Multicast Overview.]

  • Next-generation multicast VPN supported on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the MX2K-MPC11E line card supports next-generation MVPN.

    [See Multicast Overview.]

Next Gen Services

  • Support for TCP/TLS Transport Protocols for Next Gen Services CGNAT Syslog Messages—Starting in Junos OS Release 20.1R1, you can configure the transport security protocol for Next Gen Services CGNAT global syslog messages to UDP, TLS or TCP. See transport.

  • Support for URL Filtering, DNS Sinkhole and Sky ATP URL filtering —Starting in Junos OS Release 20.1R1, Next Gen Services support URL filtering, DNS sinkhole and Sky ATP URL filtering. See local-category.

OAM

  • Support for link fault management (MX2K-MPC11E)—Starting in Junos OS Release 20.1R1, you can configure IEEE 802.3ah link fault management (LFM) for MX2K-MPC11E on MX2010 and MX2020 routers. You can also configure the following supported LFM features:

    • Discovery and link monitoring

    • Distributed LFM

    • Remote fault detection and remote loopback

    [See Introduction to OAM Link Fault Management (LFM).]

Port Security

  • Media Access Control Security (MACsec) support (MX2010 and MX2020 with MX2K-MPC11E)—Starting in Junos OS Release 20.1R1, MACsec is supported on MX2010 and MX2020 routers with the MX2K-MPC11E line card. MACsec is an industry-standard security technology that provides secure communication for all traffic on point-to-point Ethernet links. The MPC11E supports MACsec on all 10GbE, 40GbE, and 100GbE interfaces. The supported cipher suites are GCM-AES-256 and GCM-AES-128. Only static CAK mode is supported.

    [See Understanding Media Access Control Security (MACsec).]

  • VLAN-level MACsec with Unencrypted VLAN Tags (MX10003 with JNP-MIC1-MACSEC)—You can establish MACsec sessions for logical interfaces instead of physical interfaces on MX10003 routers with the JNP-MIC1-MACSEC installed. VLANs tags are now transmitted in clear text, allowing intermediate switches that are MACsec-unaware to switch based on VLAN tags. This feature enables MACsec encryption of point-to-multipoint VLAN connections over service provider WANs.

    [See Media Access Control Security (MACsec) over WAN

Routing Policy and Firewall Filters

  • Support for CCC and Layer 3 firewall forwarding on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting with Junos OS Release 20.1R1, circuit cross-connect (CCC) traffic and Layer 3 firewall forwarding features are supported on MX2K-MPC11E line cards.

    [See CCC Overview.]

  • Support for firewall forwarding on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, firewall forwarding is fully supported on MX2010 and MX2020 routers with MX2K-MPC11E line cards and Enhanced Switch Fabric Boards (SFB3s).

    [See Filter-Based Forwarding Overview.]

  • Support for IPv6 discard interfaces (MX Series)—Starting in Junos OS Release 20.1R1, you can configure a discard interface for IPv6 traffic. Do this at the [edit interfaces dsc unit 0 family inet6] hierarchy level.

    [See Configuring Discard Interfaces

Routing Protocols

  • Support for Topology-Independent Loop-Free Alternate (TI-LFA) in IS-IS for IPv6-only networks (ACX Series, MX Series, PTX Series)— Starting with Junos OS Release 20.1R1, you can configure TI-LFA with segment routing in an IPv6-only network for the IS-IS protocol. TI-LFA provides fast reroute (FRR) backup paths corresponding to the post-convergence path for a given failure. TI-LFA provides protection against link failure and node failure.

    You can enable TI-LFA for IS-IS by configuring use-post-convergence-lfa statement at the [edit protocols isis backup-spf-options] hierarchy level. You can enable the creation of post-convergence backup paths for a given IPv6 interface by configuring the post-convergence-lfa statement at the [edit protocols isis interface interface-name level level] hierarchy level. The post-convergence-lfa statement enables link-protection mode.

    You can enable node-protection mode for a given interface at the [edit protocols isis interface interface-name level level post-convergence-lfa] hierarchy level. However, you cannot configure fate-sharing protection for IPv6-only networks.

    [See Understanding Topology-Independent Loop-Free Alternate with Segment Routing for IS-IS]

  • Support for IP Forward Backup Path for BGP-LS Peer SIDs (MX Series)— Starting in Junos OS Release 20.1R1, you can configure an IP forward backup path that provides protection at the local node or the point of local repair for egress peer engineering (EPE). When the primary segment goes down, the packet is forwarded to the configured IP backup path. This IP forward backup path has local node significance only. BGP does not send the IP forward backup path information to the controller in its periodic BGP LS updates. If you have configured both segment protection and IP forwarding backup path then backup segment protection takes precedence over the IP forwarding backup path protection.

    To configure IP forward backup path for BGP LS peer segments include the egress-te-backup-ip-forward option at the [edit bgp egress-te–segment-set], [edit bgp group group-name egress-te-node-segment], and [edit bgp group group-name egress-te-segment adj] hierarchy levels.

    [See egress-te-set-segment.]

    [See egress-te-node-segment.]

    [See egress-te-adj-segment.]

Services Applications

  • FlowTapLite support on MPC10E (MX240, MX480, and MX960 routers)—Starting in Junos OS Release 20.1R1, you can configure FlowTapLite on an MPC10E line card. See Configuring FlowTapLite on MX Series Routers and M320 Routers with FPCs.

  • Support for Two-Way Active Measurement Protocol (TWAMP) on MPX10E-15C-MRATE linecard—Starting in Junos OS Release 20.1R1, TWAMP is supported on MPC10E-15C-MRATE line card on the MX240, MX480, and MX960 routers. TWAMP defines a standard for measuring IPv4 performance between two devices in a network. You can use the TWAMP-Control protocol to set up performance measurement sessions between a TWAMP client and a TWAMP server, and use the TWAMP-Test protocol to send and receive performance measurement probes. Configuring the TWAMP client instance to use si-x/y/z as the destination interface (which enables inline services) is not supported if the router has an MPC10E-15C-MRATE installed in the chassis. You can configure only the none authentication mode on the line card. See Understanding Two-Way Active Measurement Protocol on Routers.

  • Inline J-Flow support for EVPN traffic (MX Series MPC10/MPC11)—Starting with Junos OS Evolved Release 20.1R1, inline J-Flow supports sampling under the bridge family. Inline J-Flow monitors traffic hitting the bridge family and reports the necessary fields in either version 9 or IPFIX format. The new bridge family under the forwarding-options sampling instance hierarchy monitors all traffic hitting the VPLS or bridge family. See Understanding Inline Active Flow Monitoring.

  • Support for local preference when selecting forwarding next-hops for load balancing on MPC11E (MX2010 and MX2020 routers)—Starting in Junos OS Release 20.1R1, you can have traffic flows across aggregate-Ethernet or redundant logical-tunnel interfaces prefer local forwarding next-hops over remote ones, for example to ensure that the overall load on the fabric is reduced. [See local-bias for usage details.]

  • Support for local preference when selecting forwarding next-hops for load balancing (MX Series MPC10/MPC11)—Starting in Junos OS Release 20.1R1, you can have traffic flows across aggregate-Ethernet interfaces prefer local forwarding next-hops over remote ones, for example to ensure that the overall load on the fabric is reduced. [See local-bias for usage details.]

  • Support for inline active flow monitoring (MPC11E line card on MX240, MX480, and MX960 routers)—Starting in Junos OS Release 20.1R1, you can perform inline flow monitoring to support:

    • MPLS, MPLS-IPv4, and MPLS-IPv6

    • IPv4 or IPv6 traffic on next-hop based GRE tunnels and ps interfaces

    Both IPFIX and V9 formats are supported.

    See Understanding Inline Active Flow Monitoring.

  • Fabric support on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the MX2K-MPC11E line card is introduced. It is composed of 8 Packet Forwarding Engines per FPC. Each Packet Forwarding Engine on the MX2K-MPC11E line card has 3 fabric planes per SFB, which is a total of 24 fabric planes. All Packet Forwarding Engines have fabric connectivity with the SFB3. The fabric links are monitored for cyclic redundancy check (CRC) errors. Each Packet Forwarding Engine supports 500G fabric throughput when all 24 fabric planes are operational.

    Note

    Fabric redundancy is not supported on MX2K-MPC11E line card. The MX2K-MPC11E line card interoperates only with SFB3.

Subscriber Management and Services

  • Distributed denial of service protection on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the MX2K-MPC11E line cards support DDoS protection.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Subscriber services uplink support on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, you can use the MX2K-MPC11E line cards for uplink connections to the core network. This support requires you to enable enhanced subscriber management.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Support for managing policy and charging rules function (PCRF) server errors (MX Series)—Starting in Junos OS Release 20.1R1, you can configure the router to reinitialize the PCRF session when triggered by certain PCRF server errors that result in a state mismatch between the server and the router. You can also configure the router to generate an extended session ID that is universally unique by appending a 32-bit session stamp based on the current UTC time when the router creates the CCR-GX-I.

    [See Understanding Gx Interactions Between the Router and the PCRF.]

What's Changed

Learn about what changed in Junos OS main and maintenance releases for MX Series routers.

Interfaces and Chassis

  • Displaying accurate aggregate drop statistics (MX Series)—Starting in Junos OS 20.1R1 release, you can view the accurate aggregate drop statistics when a packet drop is seen on an aggregated Ethernet Interface by using the show interfaces extensive command. In earlier releases, the show interfaces extensive command did not display accurate aggregate drop statistics. Only the individual aggregate child interface displayed accurate drop statistics.

Services Applications

  • Update to CLI option for configuring the version number to distinguish between currently supported version of the Internet draft draft-ietf-softwire-map-03—In Junos OS Release 20.1R1, the version-3 option under the [edit services softwire softwire-concentrator map-e] hierarchy for configuring the version number to distinguish between currently supported version of the Internet draft draft-ietf-softwire-map-03 is optional. In the earlier Junos OS releases, if you did not configure the version-3 option, the configuration resulted in an error.

    [See map-e.]

Subscriber Management and Services

  • Single memory map applies to configuration and schema databases (MX Series)—Starting in Junos OS Release 20.1R1, the Junos OS configuration database and the schema database share the same memory space. This means that when you set the maximum database size, the result is the total memory available to both of these databases. In earlier releases, the schema database is separate and fixed in size.

    [See Configuring Junos OS Enhanced Subscriber Management.]

Known Limitations

Learn about known limitations in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • In some scenarios with MPC, major alarm and following messages are generated: messages log: fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) alarmd[3158]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC x Major Errors Major alarm set, FPC x Major Errors fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) cli> show chassis alarms 1 alarms currently active Alarm time Class Description 2019-01-25 15:18:03 UTC Major FPC x Major.

    Despite the major alarm set, this error is due to the Unknown Error Address logged in hardware to the DQ underrun. This message is harmless and has no service impact. PR1303489

  • The MX104 router has the following limitations in the error management:

    • The show chassis fpc error command is not available for MX104 in Junos OS Releases 13.3R7, 15.1R2,14.1R5,14.2R4, 13.3R8, and later.

    • Junos OS does not initiate restart of the system on encountering a fatal error.

    • Although you can configure the disable PFE for major errors action, Junos OS does not disable its only Packet Forwarding Engine on encountering a major error. PR1413314

  • The Routing Engine interprets any input from the console port as interrupts. Depending on the frequency, console noise impacts the Routing Engine interruption handling to different extents, even with the current mechanism. When the interrupt frequency is too high for the Routing Engine to handle, the impact might vary from the line card reboot (partial impact) to the Routing Engine reboot (chassis-wide impact). PR1436386

  • In a scaled scenario where the Routing Engine pushes a lot of routes to the Packet Forwarding Engine in the presence of the dynamic tunnel configuration, FIB convergence might take more time, leading to traffic drops. PR1454817

  • The control peer PFCP heartbeat request time out window must be greater than 90 seconds. PR1459135

  • The traffic on GRE interface on both ingress and egress cannot be Layer 2 mirrored. PR1462375

  • The following error message is issued whenthe connection between aftman and aft-ulcd is dropped: [Error] aft-ipc: AFT-ULCD IPC: Program will exit - ERROR MESSAGE PR1467246

  • aftd hogs on executing the clear VPLS table and MACs are not learned for less than 5 minutes. PR1473334

Infrastructure

  • Juniper Routing Engine with HAGIWARA CF card installed, after upgrading to Junos OS Release 15.1 and later, the following error message might appear on the log: smartd[xxxx]: Device: /dev/ada1, failed to read SMART Attribute Data PR1333855

Platform and Infrastructure

  • Traffic might drop due to the memory error of QX-chipset MPC. PR1197475

  • Interface-group based firewall filters used at MX router with the VPLS and BRIDGE logical interfaces hosted by an MPC, might work unpredictably. PR1216201

Services Applications

  • Currently, while configuring a DNS filter profile at the [edit services web-filter profile profile-name dns-filter-template] hierarchy level, you can configure a maximum of number of 32 DNS filter templates. However, for a profile configured under [edit services web-filter profile profile-name security-intelligence-policy] hierarchy level, you can configure more than 32 templates.

    [See dns-filter-template].

    security-intelligence-policy

Subscriber Management and Services

  • For dual-stacked clients over the same PPP-over-L2TP LNS session, enhanced subscriber management does not support configurations where both of the following are true:

    • The CPE sends separate DHCPv6 solicit messages for the IA_NA and the IA_PD.

    • The solicit messages specify a type 2 or type 3 DUID (link-layer address).

    As a workaround, you must configure the CPE to send a single solicit message for both IA_NA and IA_PD when the other configuration elements are present. PR1441801

VPNs

  • In an MVPN scenario with static lsp mapping type 3, the route withdraw behavior might differ. PR1466122

Open Issues

Learn about open issues in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • Duplicate packets in EVPN scenario are seen because a nondesignated forwarder is sending an inclusive multicast packet to the PE-CE interface after MAC lookup. PR1245316

  • In an EVPN scenario with nonstop active routing (NSR) enabled, the rpd crashes and generates core files on the backup Routing Engine when any configuration changes on the master Routing Engine. PR1336881

  • With Junos OS Release 19.3R1, the VXLAN OAM host-bound packets are not throttled with DDoS policers. PR1435228

  • EVPN-VXLAN core isolation does not work when the system reboots or the routing restarts. PR1461795

  • The ARP entry gets deleted from the kernel after adding and deleting the virtual-gateway-address. PR1485377

Forwarding and Sampling

  • For Junos OS Releases 18.4R1 and 18.3R2, if an IPv4 prefix is added on a prefix-list referred by an IPv6 firewall filter, the following log message is not seen: Prefix-List [Block-Host] in Filter [Protect_V6] not having any relevant prefixes , Match [from prefix-list Block-Host] might be optimized. PR1395923

General Routing

  • The fxp0 is marked as Dest-route-down because of specific operations such as disabling and enabling operations. PR1052725

  • On a vMX platform, the performance of the Intel X710 NIC is lower compared to the performance of the Intel 82599 NIC. PR1281366

  • Because a vendor does not use chained CNH, using the feature does not bring in a lot of gain, because TCNH is based on an ingress rewrite premise. Without this feature, things work just fine. PR1318984

  • In a Message Queuing Telemetry Transport (MQTT) scenario, about 4000 KB of memory leakage might be seen every 30 seconds. However, on very long runs, this leakage uses up high memory, which can indirectly impact other running daemons. PR1324531

  • With regard to FPC restarts or Virtual Chassis splits, the design of MX Series Virtual Chassis infrastructure relies on the integrity of the TCP connections. The reactions to failure situations might not be handled gracefully. This results in TCP connection timeouts because of jlock hog crossing the boundary value (5 seconds), which causes bad consequences in MX Series Virtual Chassis. Currently, there is no other easy solution to reduce this jlock hog besides enabling marker infrastructure in the MX Series Virtual Chassis setup. PR1332765

  • On the MX2010 and MX2020 routers equipped with SFB2, some error logs might be seen. PR1363587

  • On the EX9208 device, a few XE interfaces go down with the following error message: if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840

  • The traffic destined to the VRRP VIP drops because the filter is not updated to the related logical interface. PR1390367

  • Traffic statistics are not displayed for the hybrid access gateway session and tunnel traffic. PR1419529

  • On an MX104 router, PTP might not work if phy-timestamping is enabled. PR1421811

  • Traffic drops after the FPC reboots with the aggregated Ethernet member links deactivated by the remote device. PR1423707

  • When you run the show route label X | display json command, two nh keys are present in the output. PR1424930

  • On the dual Routing Engines of the MX Series platforms with subscriber management, the replication daemon (repd process) might crash after booting for the first time with a newly installed Junos OS release. The repd process synchronizes subscriber information across Routing Engines, so normally the repd crash has no impact on the live service. PR1434363

  • MPC10E 3D MRATE-15xQSFPP : Layer 2 over GRE is not supported in Junos OS Release 19.3R1. Even though the configuration gets committed, the feature will not work. PR1435855

  • Interface hold-down timers cannot be achieved for less than 15 seconds on MPC11E at FRS. PR1444516

  • The Mixed Master and Backup RE types alarm is observed when MX2008 with RE-MX2008-X8-128G detects backup Routing Engine as RE-MX2008-X8-64G. PR1450424

  • Physical interface policers are not supported in Junos OS Release 19.3 for MPC11. PR1452963

  • Issues with CLI command are observed after ANCP restarts, before ANCP neighbor reestablishes, and before receiving the port-ups. PR1453837

  • With logical system configuration, filter-based GRE encapsulation does not work. PR1456762

  • On the MPC11E line card, the FIB download rates are lower than MPC10E by 30 percent. PR1456816

  • The Packet Forwarding Engine status always remains in the reconfiguring state after configuring the flex flow size command for the second time. PR1457282

  • On the MPC11E line card, the following error messages are seen when the line card is online: i2c transaction error (0x00000002). PR1457655

  • The LSP statistics do not reset after routing is restarted. As a workaround, deactivate and activate telemetry. PR1458107

  • With the scale filter-based forwarding (FBF) configuration, two instances seem unable to forward the traffic to the respective routing instances. It appears that the FBF programming is incorrect for these two FBF instances. PR1459340

  • Some threads of the CPU information might not get exported for the CPU memory sensor. PR1461155

  • Backport jemalloc profiling CLI to support all Junos OS Releases where jemalloc is present. PR1463368

  • The MPC2E-NG or MPC3E-NG card with specific MIC might crash after a high rate of interface flaps. PR1463859

  • The following syslog error messages are harmless and expected during ISSU or GRES or FPC offline/online scenarios: [Oct 3 08:48:35.836 LOG: Err] ifl ps240.1 (1712): child ifl lt-1/0/0.32767 (7709) already there [Oct 3 08:48:35.836 LOG: Err] IFRT: 'Aggregate interface ifl add req' (opcode 87) failed [Oct 3 08:48:35.836 LOG: Err] ifl 1712, child ifl 7709; agg add failed. PR1464524

  • BFD session might flap when the session moves into an aggressive interval after coming up from a slow or non aggressive interval. PR1465285

  • On the MPC11E line card, the DOM MIB alarm for the channelized 10-Gigabit Ethernet interface does not show any alarm for LF/RF. PR1467446

  • Not able to get the service sessions when NAT64 is configured with destination-prefix length of 32. PR1468058

  • In Junos OS Release 16.2R1 and later, if commit is executed after commit check, the daemon (for example, dhcpd and sampled) might not get started even after the related configuration is successfully committed. PR1468119

  • FPC online might take additional time during movement of MPC11 FPC from one GNF to another GNF. PR1469729

  • With BGP rib-sharding and update-threading, traffic drops 100 percent in the BGP Layer 3 VPN streams, after the removal or restoration configuration. PR1469873

  • When Layer 2 bridge domain is configured and traffic is flowing only on one particular interface, the MACsec statistics might be updated incorrectly on other channelized MACsec interfaces on the same port group. PR1472464

  • For the MPC10E card line, the IS-IS and micro BFD sessions do not come up during baseline. PR1474146

  • A newly added LAG member interface might forward traffic even though micro BFD session of the interface is down. PR1474300

  • Upon external X86 node slicing server reboot, the host SNMP configuration gets overwritten by the JDM SNMP configuration settings. PR1474349

  • All the mobile-edge sessions are lost when you perform a GRES while sessions with URR are logged in. Sessions that attempt to log in after the GRES will also be rejected in this state. It is necessary to reboot the router using the request system reboot both-routing-engines statement to recover from this state. PR1478985

Infrastructure

  • The following error message might be seen after an upgrade: invalid SMART checksum. PR1222105

Interfaces and Chassis

  • Spontaneous jpppd generates core files on the backup Routing Engine in a longevity test at ../../../../../../src/junos/usr.sbin/jpppd/pppMain.cc:400. PR1350563

  • The SFP index in Packet Forwarding Engine starts at 1, while the port numbering starts at 0. This causes confusion in the log analysis. PR1412040

Junos Fusion Provider Edge

  • On a Junos fusion system, intermediate traffic drop is sometimes seen between AD and SD when sFlow is enabled on the ingress interface. When sFlow technology is enabled, the original packet gets corrupted for those packets that hit the sFlow filter. Because of few packets transmitted from the egress of AD1 are short of FCS (4 bytes) + 2 bytes of data drops occur. The normal data packets are of size 128 bytes while the corrupted packet is 122 bytes. PR1450373

Layer 2 Ethernet Services

  • When you revert from an Enhanced Switch Control Board (SCBE) upgrade, the SCB fails with the following error message: CHASSISD_FASIC_PIO_READ_ERROR. PR980340

  • The DHCP DECLINE packets are not forwarded to the DHCP server when forward-only is set within dhcp-reply. PR1429456

MPLS

  • The rpd generates core files at hbt_iterate_next, ldp_purge_unknown_tlv_temp_tree. PR1210526

  • The RSVP interface bandwidth calculation rounds up. PR1458527

  • On the MPC11E line card, the LDP sessions do not come up in a scaled setup. PR1474204

Platform and Infrastructure

  • In an EVPN and VPLS scenario, the packet gets corrupted at an ingress Packet Forwarding Engine. PR1300211

  • On MX Series routers with MPCs, the unicast traffic might drop when the destination is reachable over an integrated routing and bridging (IRB) interface and a label-switched interface (LSI) with two next hops. PR1420626

  • On the EX9208 and MX480 devices, traffic loss is observed if the ingress and egress ports are in different FPCs. PR1429714

  • For the bridge domains configured under an EVPN instance, the ARP suppression is enabled by default. This enables the EVPN to proxy the ARP and reduces the flooding of ARP in the EVPN networks. As a result, the storm-control does not affect the ARP packets on the ports under such bridge domain. PR1438326

  • A dual Routing Engine Junos node slicing GNF with no GRES configured and with a system internet-options no-tcp-reset drop-all-tcp configuration might enter the dual backup Routing Engine state upon manual GNF Routing Engine mastership switchover attempt with the request chassis routing-engine master [acquire|release|switch] command from either GNF Routing Engine CLI. PR1456565

  • While the SNMP-Agent polls round-trip time (RTT) related to OIDs from a router running Junos OS, such as pingResultsAverageRtt, the router might respond with zero (0) value even though there is no RPM ping failure. The following objects might be impacted: iso.3.6.1.2.1.80.1.3.1.4 -> pingResultsMinRtt iso.3.6.1.2.1.80.1.3.1.5 -> pingResultsMaxRtt iso.3.6.1.2.1.80.1.3.1.6 -> pingResultsAverageRtt iso.3.6.1.2.1.80.1.3.1.7 -> pingResultsProbeResponses iso.3.6.1.2.1.80.1.3.1.9 -> pingResultsRttSumOfSquares. PR1458983

  • When traffic is received from 1000 different VRF instances on PE from CE devices, a , few flows are dropped at the PE device. PR1460471

  • Sometime high CPU utilization is observed in MPC 3D 16x 10GE after ISSU. PR1461715

  • A few OAM sessions are not established with the scale EVPN ETREE and CFM configurations. PR1478875

Routing Protocols

  • In the BGP environment, the Ukern memory leaks and the core crashes. PR1366823

  • Even when the protocols mpls traffic-engineering bgp-igp command is configured, the UDP tunnel routes are not added to inet.0. The UDP tunnel routes are added only to inet.3 table whether the command is configured or not. PR1457426

  • In a next-generation MVPN setup, when using MPC10 on egress an PE device with load-balancing join of multiple groups in C_VPN, the egress PE device might not receive multicast traffic. PR1476969

  • The rpd crashes if the same neighbor is set up in different RIP groups. PR1485009

Subscriber Access Management

  • Verifying deleted services through CoA when the specified family-type has been deactivated fails because of the incorrect numbers of the active service sessions. PR1479486

VPNs

  • Traffic loss is observed while verifying multicast route with VT for VPNA. PR1460480

Resolved Issues

This section lists the issues fixed in Junos OS Release 20.1R1 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Application Layer Gateways

  • When you use the SIP ALG after payload changed by ALG, some SIP messages size might be bigger than the outgoing MTU interface and it might need to be fragmented. Else, the SIP messages might be dropped by SIP ALG. PR1475031

Authentication and Access Control

  • The LLDP packets might get discarded on all Junos OS platforms. PR1464553

Class of Service (CoS)

  • The MX generated OAM/CFM LTR message are sent with a different priority than the incoming OAM/CFM LTM message. PR1466473

  • Unexpected traffic loss might be discovered in certain conditions under the fusion scenario. PR1472083

  • The MX10008 and MX100016 routers might generate cosd core after executing the commit/commit check command if the policy-map configuration is set. PR1475508

EVPN

  • Traffic received from VTEP is dropped if the VNI value used for type-5 routes is greater than 65535. PR1461860

  • Rpd might crash with the EVPN-related configuration changes in a static VXLAN to MPLS stitching scenario. PR1467309

Forwarding and Sampling

  • Error of traffic does not get policied as expected after locally switched for VLAN 100 and 101, while verifying the selective local-switching functionality with 4000 VLANs. PR1436343

  • The pfed might crash and not be able to come up on the PTX or TVP platforms. PR1452363

  • The following syslog error messgaes are seen:pfed: rtslib: ERROR received async message with no handler: 28 PR1458008

  • The following false warning message is seen on commit (commit check) after upgrading to Junos OS Release 19.2R2-S1.4: warning: vxlan-overlay-load-balance configuration for forwarding options has been changed...... PR1459833

  • On an MX Series router, the following logs are seen: L2ALD_MAC_IP_LIMIT_REACHED_IF: Limit on learned MAC+IP bindings reached for .local.1048605; current count is 1024. PR1462642

  • Type 1 ESI/ or AD route are not generated locally on EVPN PE in all-active mode. mode PR1464778

  • On the MX10008 and MX10016 routers, policer bandwidth-limit cannot be set higher than 100g. PR1465093

  • An output bandwidth-percent policer with logical-bandwidth-policer applied to an aggregated Ethernet bundle along with an output-traffic-control-profile has incorrect effective policing rate. PR1466698

  • On the MX Series routers with MPC line card (except DPC line card) used, if an input firewall filter is configured at the ingress VPLS interface, the packet with a VLAN priority of 5 with three or more VLAN tags might be forwarded into the wrong queue. When this occurs, it might cause traffic loss due to congestion as all traffic is forwarded into the default queue. PR1473093

  • The filter might not be installed if the policy-map xx is present under the filter. PR1478964

General Routing

  • The severity of the following error is reduced from fatal to major: XR2CHIP_ASIC_JGCI_FATAL_CRC_ERROR PR1390333

  • The high-cos-queue-threshold range is changed to [uint 0 .. 90;]. PR1390424

  • NAPT66 pool split is not supported with AMS; thus commit must fail with V6 pool in AMS. PR1396634

  • The non-existent subscribers might appear in the show system resource-monitor subscribers-limit chassis extensive output. PR1409767

  • Changing CAK and CKN multiple times within a short interval (around 5 minutes) sometimes show the security MACsec connection's inbound and outbound channel display with more than one active AN. But on the Packet Forwarding Engine hardware side, the correct AN and SAK is programmed and MKA protocol from both ends transmit correct and latest AN on each hello packet. You should not see any traffic drop due to this display issue. PR1418448

  • Certain JNP10008-SF and JNP10016-SF Switch Interface Boards (SIBs) manufactured between July 2018 and March 2019 might have incorrect core voltage setting. As a workaround, you can correct the issue by reprogramming the core voltage and updating the setting in the NVRAM memory. PR1420864

  • The jnxFruState shows value as 10 for Routing Engine instead of 6 in response to .1.3.6.1.4.1.2636.3.1.15.1.8.9.1.0.0. PR1420906

  • Ports might get incorrectly channelized if they are already of 10-Gigabit Ethernet and they are channelized to 10-Gigabit Ethernet again. PR1423496

  • Observing NPC core at trinity_rtt_hw_bulk_helper, trinity_rt_delete, rt_entry_delete_msg_proc (rt_params=0x48803bd8) at ../../../../../../../../src/pfe/common/applications/route/hal/rt_entry.c:5210. PR1427825

  • The following syslog error message is observed: "Err] dfw_abstract_issu_stats_counters_restore:2222 Failed to find Index = 4613734? during ISSU with 19.3I-20190409_dev_common.0.2212. PR1429879

  • The routers that are configured with the protect core might send IPfix sampling packets with the incorrect next hop information. PR1430244

  • The l2cpd process might crash and generate a core file when the interfaces flaps. PR1431355

  • MicroBFD 3x100ms flap is observed upon inserting a QSFP in another port. PR1435221

  • ZF interrupts for out-of-range Dest PFE INTR for Gnt is observed when the MPC6 or MPC9 line card are brought up. PR1436148

  • ISSU fails from the legacy Junos OS Release 19.1R1 images. PR1438144

  • Incorrect values are observed in the JUNIPER-TIMING-NOTFNS-MIB table. PR1439025

  • With the DAC cable used between the EX4600 or QFX5100 lines of switches, an EX Series device, and an EX device, during the reboot of the EX46XX or QFX51XX device, the ports on the EX Series device might be still running. PR1441035

  • The interface might go into the Down state after the FPC restarts with the PTP configuration enabled. PR1442665

  • The BGP session fails to establish when you use the firewall filter to de-capsulate BGP packets from the GRE tunnel. PR1443238

  • System reboot is required when GRES is enabled or disabled with the mobile-edge configuration. PR1444406

  • Irregular traffic drop might be seen when the traffic is ingress from MPC3E and egress to MPC10E. PR1445649

  • When you use a converged CPCD, an MX Series router rewrites the HTTPS request with the destination-port 80. PR1446085

  • When switchover happens with an MX Series router with service interface that has NAT and GR configuration, the static route for NAT never comes up. PR1446267

  • DT_BNG: bbe-smgd generates core file on the backup Routing Engine in bbe_ifd_add_vlan (ifd=0x8c3e835, ifl=0xcaf59f18) at ../../../../../../src/junos/usr.sbin/bbe-svcs/smd/infra/bbe_ifd.c:6374. PR1447493

  • IPv6 throughput numbers for NAT with HTTP traffic is not at par with IPv4. PR1449435

  • Changing the hostname triggers the LSP on-change notification and not the adjacency on-change notification. PR1449837

  • On the MPC10E line card, dcd is unable to clean stale the mt- logical interfaces while reloading rosen configuration on the DUT. PR1450953

  • When you use the Standard_D5_v2, which has 16 vCPUs and 56 GB of memory, the deployment fails. PR1450975

  • JNP10000-LC2101 FPC generates Voltage Tolerance Exceeded major alarm for each IP 2V5 sensors. PR1451011

  • Chassisd main thread stalls might be seen at a JNS GNF upon GNF SNMP polling for hardware-related OIDs (for example, the ones from jnxBoaAnatomy MIB). When the issue persist, the following messages are logged into the GNF /var/log/mastership log if the stall duration is longer than 60 seconds: > main chassis-control thread stalled for 60 sec - If the stall duration is longer than 200 seconds, then the GNF chassisd will crash and dump a core, and the following message will be logged into the GNF /var/log/messages file: > chassisd[PID]: %DAEMON-3-CHASSISD_MAIN_THREAD_STALLED: main chassis-control thread stalled for 200 sec ? exiting - Once chassisd crashed, it will restart automatically; - These GNF chassisd main thread stalls and GNF chassisd crashes do not cause GNF-assigned FPC restarts/reconnects to chassisd since a JNS GNF does not manage any hardware component; ISSUE-2: ******** - If a GNF chassisd main thread stalls are ongoing and the GNF is restarted, then a service MGD process at the BSYS could start spinning at 100% CPU. This MGD process won't terminate by itself and will be consuming 100% CPU even when the GNF is back online. This condition could be seen at the BSYS JUNOS root shell as follows: > root@BSYS-re0:~ # ps wuaxd | grep mgd | grep -v grep > root 60221 0.0 0.0 733764 7768 - I 09:31 0:00.02 | |-- /usr/sbin/mgd-api -N > root 60223 0.0 0.1 792196 13672 - I 09:31 0:00.05 | |-- /usr/libexec32/bbe-smgd -b -N > root 60225 0.0 0.2 1410708 37740 - S 09:31 0:32.57 | `-- /usr/sbin/mgd -N > root 9954 100.0 0.3 1413260 49528 - Rs 04:11 66:35.37 | |-- mgd: (mgd) (root) (mgd) <<<--- > root 18029 0.0 0.2 1413260 38508 - Is 04:33 0:00.37 | |-- mgd: (mgd) (root)/dev/pts/1 (mgd) > root 35331 0.0 0.2 1413260 38516 - Is 05:21 0:00.01 | |-- mgd: (mgd) (root)/dev/pts/0 (mgd) > root 35392 0.0 0.2 1413260 38516 - Is 05:21 0:00.01 | |-- mgd: (mgd) (root)/dev/pts/0 (mgd) > root 35414 0.0 0.2 1413260 38516 - Is 05:21 0:00.01 | |-- mgd: (mgd) (root)/dev/pts/0 (mgd) PR1451215

  • Need to add support for drop flows when the packet drops. PR1451921

  • On the MX10000 and PTX10000 lines of routers with Routing Engine redundancy configuration enabled, the firmware upgrade for PSU (JNP10000-AC2) and JNP10000-DC2) might fail due to lcmd being disabled by the firmware upgrade command. PR1452324

  • Sensord core file might be seen when the script runs on MPC10E line card. PR1452976

  • On an MPC10E line card, inconsistency between AFT and non-AFT line cards occur while displaying ldp p2mp traffic-statistics on the bud node. PR1453130

  • Add the syslog configuration command to the Stateful firewall rule then condition. PR1453502

  • On an MX10003 device, alarms are not sent to syslog. PR1453533

  • The VMX might work abnormally in a large topology. PR1453967

  • The 100-Gigabit Ethernet interfaces might not come up again after going down on MPC3E-NG. PR1454595

  • When the scale configurations are applied, chassisd CLI command might delay response or might time out for 10 minutes. PR1454638

  • On the line card, interface damping is not supported. PR1455152

  • The SmiHelperd process is not initialized in the Junos OS PPC Releases. PR1455667

  • When you enable the persist-groups-inheritance command and execute a delete operation to delete the entire configuration, if the user selects no and then later tries to commit the configuration changes related to the groups, multiple daemons might crash. PR1455960

  • Along with the 4x1GE feature using the QSFP28 optics, continuous logging in the chassisd file is observed when speed 1-Gigabits is configured with pic_get_nports_inst and ch_fru_db_key. PR1456253

  • On the line card, need to add the support of optics-options low light. PR1456894

  • The bbe-statsd process might continuously crash if any parameter is set to 0 in the mx_large.xml file. PR1457257

  • JSU package when installed for LCMD, daemon might not restart the daemon with the new daemon package. PR1457304

  • The chassisd process and all FPCs might restart after Routing Engine switchover. PR1457657

  • After more than 2 million multicast subscribers are activated without performing GRES or bbe-smgd restart, further multicast subscribers might be unable to log in. PR1458419

  • Traffic silently discards or MPC crashes on the MPC10E line card during the change of the firewall filter terms. PR1458499

  • If you use the dynamic VoIP VLAN assignment, the correct VoIP VLAN information in LLDP-MED packets might not be sent after you commit. PR1458559

  • The FPC X major errors alarm might be raised after committing the PTP configuration change. PR1458581

  • The rpd crash might be seen if the BGP route is resolved over the same prefix protocol next hop in the inet.3 table that has both the RSVP and LDP routes. PR1458595

  • The traffic might be stuck on MS-MPC or MS-MIC with sessions receiving a huge number of affinity packets. PR1459306

  • The following error message might be seen after the chassisd restarts: create_pseudos: unable to create interface device for pip0 (File exists) PR1459373

  • The show ancp subscriber access-aggregation-circuit-id < access aggregation circuit ID> command displays incomplete output. PR1459386

  • Telemetry streaming of mandatory TLV ttl learned from LLDP neighbor is missing. PR1459441

  • The traffic might be silently dropped or discarded during the link recovery in an open Ethernet access ring with ERPS configured. PR1459446

  • Inline S-BFD packets are dropped on MPC6E MIC1/PIC1 ports: 0-11. PR1459529

  • In an MC-LAG scenario, the traffic destined to VRRP-virtual MAC gets dropped. PR1459692

  • After the DRD auto recovery, the traffic blackholing upon interface flaps. PR1459698

  • Configuration change might not be applied if Ephemeral DB is used. PR1459839

  • Initial synchronization for the OpenConfig event sensors are streamed only from producers supporting event paths. PR1459927

  • On the line card, interface flaps multiple times after an admin disables or enables at the side or when an optical module is plugged into . PR1459942

  • In a subscriber management environment, subscriber statistics reported by CLI commands and RADIUS can be broken if ISSU is performed from any Junos OS Release earlier than 18.4 to 18.4 or later. PR1459961

  • The PPTP does not work with destination NAT. PR1460027

  • If vlan-offload is configured on the VMX platform, input-vlan-map might not work. PR1460544

  • Support of del_path for the LLDP neighbor changes at various levels. PR1460621

  • When you receive IPv6 over IPv4 IBGP session, the IPv6 prefix is hidden. PR1460786

  • The PTP function might consume the kernel CPU for a long time. PR1461031

  • Explicit Deletion Notification (del_path) are not received when the LLDP neighbor is lost as result of disabling the local interface on the DuT through CLI (gNMI). PR1461236

  • The bbe-smgd generates a core file when all RADIUS servers are unreachable. PR1461340

  • Traffic might be impacted due to fabric hardening being stuck. PR1461356

  • The traffic might not be forwarded when it is received from the circuit cross-connect interface. PR1461532

  • On the MPC10E line card, more number of output packets are seen than expected when the ping function is performed. PR1461593

  • In an EVPN scenario, memory leak might be observed when proxy-macip-advertisement is configured. PR1461677

  • The repd generates a core file during system startup. PR1461796

  • During the BBE statistics collection and management process, issues with the bbe-statsd memory on the backup Routing Engine occurs. PR1461821

  • JET RIB API RouteRemove and RouteRemoveMatching RPCs do not work as the first RIB API call. PR1461974

  • The rpd might crash after committing the dynamic-tunnel-anchor-pfe command. PR1461980

  • The rpd process might crash if the show v4ov6-tunnels information anti-spoof-ip command is executed. PR1462047

  • The following error message appears when both the DIP switches and power switch are turned off: CHASSISD_SNMP_TRAP6: SNMP trap generated: Power Supply failed PR1462065

  • The flow stuck and flowd watchdog generate core files while trying to ping the DNS server 8.8.8.8 on the internet through DUT configured with NAPT44. PR1462277

  • Traffic drops over the aggregated Ethernet interfaces configured with Virtual Router Redundancy Protocol (VRRP). PR1462310

  • On an MX204 router, the RADIUS interim accounting statistics are not populated. PR1462325

  • The EA WAN SerDes gets into the Stuck state that leads to continuous DFE tuning timeout errors and causing the link to stay down. PR1463015

  • The vty remote MAC addresses are not learned with correct age if vty is from a line card without Juniper Penta silicon. PR1463040

  • MAC-learning is broken for vlan-id all scenario. PR1463078

  • The Routing Engine switchover might not be triggered when the master CB clock fails. PR1463169

  • MVPN traffic might be dropped after performing switchover. PR1463302

  • The subscribers might not pass traffic after making some changes to the dynamic-profiles filter. PR1463420

  • RPC ALG causes MSPMAND to generate core files when an MX Series router is used as a stateful firewall with the MS-MIC or MS-MPC service cards. PR1464020

  • The IPoE subscriber route installation might fail. PR1464344

  • Observing bbe-smgd-core (0x000000000088488c in bbe_autoconf_delete_vlan_session_only (session_id=918) at ../../../../../../src/junos/usr.sbin/bbe-svcs/smd/plugins/autoconf/bbe_autoconf_plugin.c:3115). PR1464371

  • The PPP IPv6CP might fail if the routing-services command is enabled. PR1464415

  • If a NETCONF session is initiated over an inband connection, the CPU utilization on mgd daemon might be 100 percent after the NETCONF, which executes an RPC call for some commands and gets interrupted by flapping the interface. There is no impact observed to the control plane or the forwarding plane, the subsequent NETCONF session continues to function. PR1464439

  • The MS-MIC might not work when it is used on a specific MPC. PR1464477

  • The show task memory detail command shows incorrect cookie information. PR1464659

  • The PPPoE session goes in to the Terminated state and the accounting stops for the session that is delayed. PR1464804

  • MPC5E or MPC6E might crash due to internal thread hogging of the CPU. PR1464820

  • The end in front of NAT also sends NATT keep alive packets. PR1464864

  • Commit script does not apply changes in the private mode unless a commit full is performed. PR1465171

  • The jdhcpd might consume high CPU and no further subscribers can be brought up if more than 4000 dhcp-relay clients are present in the MAC-MOVE scenario. PR1465277

  • The physical interface of aggregated Ethernet might take time to come up after disabling or enabling the interface. PR1465302

  • Bandwidth percent with shaping rate does not work on an aggregated Ethernet after deactivating and activating the class of service. PR1465766

  • Traceroute generates the ICMP error message such as, destination host unreachable and time exceeded that helps in identifying the intermediate hops. Code logic for handling ICMP errors was not there as a part of the asymmetric processing. PR1466135

  • In the PPPoE subscriber management environment, due to the PPPoE inline keepalives timeout, events might be dropped by the Routing Engine and the PPPoE subscribers might get stuck. This issue might cause the PPPoE subscribers to be unable to reconnect. PR1467125

  • On the line card, the IPv6 local statistics are counted against the IPv6 transit traffic statistics as well. PR1467236

  • Layer 2 wholesale does not forward all the client requests with stacked VLAN. PR1467468

  • Hot-swapping between and legacy MPC9, MPC8, or MPC6 is not supported. PR1467725

  • The process rpd might crash after making several changes to the flow-spec routes. PR1467838

  • Crypto code might cause high CPU utilization. PR1467874

  • You might observe the following error message: the user-ad-authentication subsystem is not responding to management requests. PR1467991

  • The satellite-management commands are not available. PR1467997

  • Benign logs might show in the Junos OS Release 19.3R2 when switching between configurations using load-override with GRES and commit-synchronize. PR1468234

  • Optics measurements might not be streamed for the interfaces of a PIC over JTI. PR1468435

  • The process rpd crash might be seen if the BGP sharing is enabled. PR1468676

  • The Inner-list functionality with dual tag does not work. Traffic gets dropped at the ingress port. PR1469396

  • When MS-MIC becomes unreachable or SPD restart, the next hop used by tcp-log connection are set to discard. However, the SPD does not delete this next hop and incorrectly continue to use this next hop in the Packet Forwarding Engine. This causes the MS-MIC not able to establish the TCP connection to the syslog server. PR1469575

  • Memory leak on Layer 2 cpd process causes Layer 2 cpd to crash. PR1469635

  • A hierarchical-scheduler should not be configured on a ps- interface. PR1470049

  • On the MPC11E line card, some of the 10-Gigabits interface states might not get cleaned up correctly when performing GRES with invalid profile configuration. PR1470153

  • On MPC-11E interfaces, certain configuration steps might cause traffic to not get policed properly. PR1470629

  • SNMP interface-mib stops working for the PPPoE clients. In this scenario, SNMP works fine for standard queries on the MX Series router; however, for subscriber statistics, it always return a zero value. PR1470664

  • On MPC11, PIC online event does not generate SNMP trap when PIC goes through offline to online transition. PR1470796

  • Unable to setup 26M sessions (NAPT44) at 900Kpps/s. PR1470833

  • In rare occasions, the router might send out one extra URR quota value for a bearer. PR1470890

  • Sudden FPC shutdown due to hardware failure or ungraceful removal of line card might cause major alarms on other FPCs in the system. PR1471372

  • In the cRPD platform, license violations are captured as nagging log messages and no alarm is raised. PR1471455

  • The clksyncd crash might be seen when PTP over Aan aggregated Ethernet is configured on the MX104 platform. PR1471466

  • Phase or frequency synchronization might not work correctly when PTP is configured in the hybrid mode. PR1471502

  • MTU errors count captured in the show pfe statistics traffic does not match exactly to the actual count of the frames dropped. PR1471554

  • On the MX10008 and MX10016 line cards, the ARP suppression (default enabled) in EVPN does not work. PR1471679

  • PCC tries to send a report to PCE but the connection between PCC and PCE is not in the Up state especially in the case of MBB in PCE provisioned or controlled LSP. PR1472051

  • On multicore next-generation Routing Engines on the MX960, MX240, and MX480 routers with USF mode enabled and USF-based services configuration, the subsequent Junos vmhost upgrade fails with the following error message: Validation failed ERROR: Failed to add /var/tmp/junos-vmhost-install-mx-x86-64-20.1I-20191112_dev_common.0.1229.tg z warning: Host software installation has failed. As a workaround you can use the no-validate argument to the request vmhost software add <> command. For example, request vmhost software add junos-vmhost-install-mx-x86-64-20.1I-20191112_dev_common.0.1229.tgz no-validate.

    You can also move the chassis to the baseline configuration and commit, and then perform a software upgrade. After the software upgrade, the original configuration can be reapplied. PR1472287

  • Chassis alarm on BSYS might be observed : RE0 to one or many FPCs is via em1: Backup RE PR1472313

  • Service accounting statistics do not get updated after changes are made to the firewall filters. PR1472334

  • The kernel might crash and vmcore might be observed after the configuration change is committed. PR1472519

  • Performing back-to-back rpd restarts might cause rpd to crash. PR1472643

  • Active error counts does not increase for I2C in the synchronization cards. PR1472660

  • On the MX Series devices, if the reauthenticate lease-renewal statement is enabled for DHCP, when the DHCP authentication and re-authenticate lease-renewal occurs, the SDB might go down very frequently. PR1473063

  • Drops counter does not increment for the aggregated Ethernet even after the member link shows the drops. PR1473665

  • This issue occurs only with GRES when both the Routing Engines are rebooted together. During chassis init time, the kernel does not allow any GENCFG to be added before the Routing Engines mastership transition is complete, if GRES is active. If ingress multicast replication configuration is changed after GRES is enabled, before rebooting both the Routing Engines, you must disable the GRES configurations. PR1474094

  • An MPC11 crash might occur on the MX2000 platform using multi-dimensional advanced scale configuration that has Inline Keep Alive Sessions. PR1474160

  • MX10000 QSA adapter lane 0 port goes in the Down state when you disable one of the other lanes. PR1474231

  • With URR enable, the URR reports cause memory leak. Eventually, the heap memory gets exhausted. PR1474306

  • The show services sessions and show services sessions extensive output command does not display the member interface of the AMS where the session got landed. It displays only the AMS interface name. PR1474313

  • When the traffic loss is observed on 100g logical interface, the MACsec sessions are up and live. PR1474714

  • The request system power-off and request system halt command might not work correctly. PR1474985

  • The clksyncd generates core files after GRES. PR1474987

  • SFW rule configuration deletion might lead to memory leakage. PR1475220

  • In subscriber scenario, when there is a configuration change of the firewall filter used by the subscriber service, the RADIUS accounting updates of service session might have incorrect statistic data. The abnormal accounting data might have impact on billing system, so this issue has service impact. PR1475729

  • Dark window size is more than expected. 31.0872721524375 seconds of traffic lost is observed. PR1476505

  • The bbe-mibd might get crashed on the MX platform in a subscriber environment. PR1476596

  • The MX router acting as LNS does not get to program the PFE with l2tp services that causes forwarding issues for the l2tp subscribers. PR1476786

  • Traffic loss might be seen in the SAEGW scenario after the daemon restart or after the GRES operation. PR1477461

  • Ike version 2 tunnel flaps with DPD if initiator is not behind NAT. PR1477483

  • When enhanced subscriber management feature are enabled or Junos OS running at Junos OS Release 18.4R1 or later with the nextgen-stats enabled and with XL or EA based line cards (MPC2E-NG/MPC3E-NG/MPC5/MPC6/MPC7/MPC8/MPC9) inserted, the Packet Forwarding Engine might be disabled due to major error under very specific and rare scenarios. PR1478028

  • The show evpn statistics instance command gets stuck on the multihomed scenario. PR1478157

  • During simultaneous scale login of default and dedicated bearers, the router might require the control plane to send retries in order to login all the bearers. In rare situations, the router might reject a small number of requests during the stated scale login procedure. As a workaround, the control plane can send new requests in order to eventually login all the bearers on the router. PR1478191

  • FPC memory leak might happen after executing the show pfe route command. PR1478279

  • [firewall] [filter_installation] Output chain filter counters are not correct. PR1478358

  • The core files are generated at cassis_alloc_list_timed_free in cassis_free_thread_entry. PR1478392

  • The protocol MTU might not be changed on the lt- interface from the default value. PR1478822

  • The TCP-log sessions might be in the Established state but no logs get sent out to the syslog server. PR1478972

  • The process rpd might crash when executing the show route protocol l2-learned-host-routing or show route protocol rift command on a router. PR1481953

  • The MX204 router reboots when the PPPoE client starts to log in and no cores gets created. PR1482431

  • Packet loss might be observed after the device reboots or l2ald restarts in an EVPN-MPLS scenario. PR1484468

  • When the same objects are used in both inet and inet6 services of the same subscriber session, deactivation of the first session causes conditions that avoid releasing the UID entry after deactivation of the second service session. This leads to having a stale UID entry and can cause a subscriber connection problem in the future when the UID pool might be completely exhausted. The probability of hitting the issue increases if the amount of subscribers to the amount of unique services ratio is approaching 1, which occurs when almost every subscriber has a service with unique service objects. PR1188434

  • The show subscriber extensive command incorrectly displays DNS address provided to the DHCP clients. PR1457949

  • PPP IPv6 NCP fails to negotiate during the PPP login. PR1468414

  • DHCP relay with forward-only fails to send OFFER when the client is terminated on the lt-0/0/0.2 logical tunnel interface. PR1471161

  • Dynamic-profile for VPLS-PW pseudowire incorrectly reports the Dynamic Static Subscriber Base Feature license alarm. PR1473412

  • DHCP-server : RADIUS given mask is being reversed. PR1474097

Infrastructure

  • The kernel crashes during the removal of the mounted USB when a file is being copied to it. PR1425608

  • Slow Response from SNMP might be observed after an upgrade to Junos OS Release 19.2R1. PR1462986

  • The scheduled tasks might not be executed if the cron daemon goes down without restarting automatically. PR1463802

Interfaces and Chassis

  • Restarting chassisd with GRES disabled might cause FPC to restart and deletion of some demux interfaces. PR1337069

  • Mgd processes increase because the mgd processes are not closed properly. PR1439440

  • When the logical interface is associated to a routing-instance inside a LR, the logical interface is removed from the routing-instance and the logical interface is not added to default routing instance. PR1444131

  • When there are three VRRP routers (for example, R1, R2, and R3), the VRRP priority on R1 is larger than R2 and R2 is larger than R3. Additionally, a firewall filter on R3 interface input direction is configured to drop all VRRP packets. Then, continuous VRRP state transition (VRRP master or backup flaps) might be seen. It might affect the service. PR1446390

  • Interface descriptions might be missing under the logical systems CLI. PR1449673

  • Mismatched MTU value causes the RLT interface to flap. PR1457460

  • The EOAM CFM primary-vid functionality does not work if the enhanced-cfm-mode is enabled. PR1465608

  • vrrpv3mibs does not work on the QFX platform to poll the VRRPv6 related objects. PR1467649

  • The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC5. PR1467712

  • On EVPN active or active software design, disabling the ESI logical interface might effect the designated forwarder election of EVPN when the physical interface has ESI configured. In such configuration, disabling the ESI logical interface, type-1 routes (AD/EVI and AD/ES) are not generated from this PE. With ESI configured at the IFD level, as one of the logical interface in the IFD is down, DF election can not happen for the ESI. Also, AD/EVI and AD/ESI routes are deleted. The following warning message occurs upon commit, where this configuration might cause DF election issues and undesired unicast or BUM traffic drop: DCD_PARSE_CFG_WARNING: aex.y : Disabling the IFL might affect the Designated Forwarder election of EVPN when IFD is having ESI configured. PR1467855

  • When dynamic DHCP sessions exists in the device and if multiple commits in parallel are performed, the commit might become nonresponsive. PR1470622

  • Commit error was not thrown when member link was added to multiple aggregation group with different interface specific options. When member interface added to bundle with both the ether and gig-ether interface specific options, the gig-ether option takes precedence over the other. PR1475634

  • When the addition and the deletion of an logical interface (both logical interfaces with same VLAN ID) is performed in a single commit configuration, the check fails with the following error message: duplicate VLAN-ID PR1477060

  • MC-AE interface might be shown as an unknown status when you add the sub-interface as part of the VLAN on the peer MC-AE node. PR1479012

  • For ATM interfaces configuration, if any logical interface has the allow-any-vci configuration, then the commit operation might fail. PR1479153

Junos Fusion Enterprise

  • Loop detection might not work on the extended ports in the Junos Fusion scenarios. PR1460209

Layer 2 Ethernet Services

  • The jdhcpd process might go into infinite loop and cause CPU full utilization. PR1442222

  • DHCP subscriber might not come online after the router reboots. PR1458150

  • On the MX2010 and MX2020 Series router, no alarm is generated when FPC connected to the master Routing Engine through the backup Routing Engine. PR1461387

  • The metric does not change when configured under DHCP. PR1461571

  • In EVPN multi-homed active or active scenario, when LACP is enabled on the PE-CE child member links and after recovering from a core-isolation on the PE device, the PE-CE child member links might be stuck in the Detached state if the LACP sync-reset feature is enabled on the CE device. The child links on the CE device might show the LACP state as Collecting Distributing. However, on the PE devices, the LACP state might be shown as Detached. PR1463791

  • The ISSU might fail during the subscriber in-flight login. PR1465964

  • Telemetry data for relay/bindings/binding-state-v4relay-binding and relay/bindings/binding-state-v4relay-bound are not correct. PR1475248

MPLS

  • The FPC might be stuck in the Ready state after making a change in the configuration that removes RSVP and triggers FPC restart. PR1359087

  • The root XML tag in the output is changed from rsvp-pop-and-fwd-info to rsvp-pop-and-fwd-information to be consistent with the XML tag convention. PR1365940

  • Traffic is silently discarded after the LSP protection link on Huawei transit router goes down. PR1439251

  • On the MPC10E line card, the P2MP LSP traceroute does not working. PR1440636

  • The traffic might be silently discarded after the LACP time outs. PR1452866

  • P2MP LSP might flap after the VT interface in the MVPN routing instance is reconfigured. PR1454987

  • The rpd core files are generated with SNMP polling. PR1457681

  • All LDP adjacencies flap after changing LDP preference. PR1459301

  • The previously configured credibility preference is not considered by CSPF even though the configuration has been deleted or changed to prefer another protocol in the traffic engineering database. PR1460283

  • MPLS trace route does not trace the SRUDP tunnel ingress router. PR1460516

  • The process rpdtmd might crash while SNMP polls the statistics of the lpd interface. PR1465729

  • The device might use the locally computed path for the PCE-controlled LSPs after the link or node fails. PR1465902

  • The fast reroute detour next hop down event might cause the primary LSP to go in to the Down state in a particular scenario. PR1469567

  • p2mp traceroute fails with an aggregated Ethernet bundle over AFT. PR1470815

  • The rpd process might crash during shutdown. PR1471191

  • The rpd crash might be seen after some commit operations, which might affect the RSVP ingress routes. PR1471281

  • The following error messages keep on continuously flooding in the backup Routing Engine: ( JTASK_IO_CONNECT_FAILED: RPDTM./var/run/rpdtmd_control: Connecting to 128.0,255.255,255.255,0.0.0.0,0.0.0.0, failed: No such file or directory ) PR1473846

  • RSVP LSPs might not come up in the scaled network with a very high number of LSPs if NSR is used on the transit router. PR1476773

  • In a corner case on Junos OS platform, where the family circuit cross-connect is configured along with any other existing family within the same interface such as, inet and inet6, which Junos OS never allows to do so, but somehow a customer did it, and if the family circuit cross-connect is deleted from the interface, that causes kernel to crash and the device reboot automatically, all the traffic will be interrupted. PR1478806

  • RPD crashs on the backup Routing Engine when LDP tries to create LDP p2mp tunnel upon receiving corrupted data from the master Routing Engine. PR1479249

Network Management and Monitoring

  • Junos OS used to send a cold start trap from the new master just after the first GRES. This was because the cold_start timestamp file was not present or updated after the reboot. PR1461839

Platform and Infrastructure

  • The jcrypto syslog help package and events are not packaged even when the error message is compiled. PR1290089

  • On the MX Series devices with chained composite next hop (CNH) for labeled BGP configured, the MPLS COS rewrite does not work for 6 PE traffic. This issue has service or traffic impact. PR1436872

  • In an EVPN-VXLAN scenario, sometimes the host-generated packets get dropped when hitting the reject route in the Packet Forwarding Engine. PR1451559

  • The MPC might drop packets after enabling the firewall fast lookup filter. PR1454257

  • Multicast traffic loss occurs in a rare case in a seamless MPLS with MVPN configuration. PR1456905

  • Port mirroring does not occur with VPLS. PR1458856

  • DDoS-protection does not stop logging when the remote tracing is enabled. PR1459605

  • Modifying the REST configuration might cause the system to become unresponsive. PR1461021

  • Traceroute initiated from the PE device does not show the tunnel endpoint hop in the output. PR1461441

  • CLI configuration flag version-03 must be optional. PR1462186

  • On the MX204 platform, the Packet Forwarding Engine errors might occur when the incoming GRE tunnel fragments get sampled and undergoes inline reassembly. PR1463718

  • Not able to view the snapshots of the backup Routing Engine. PR1464394

  • MX80 EVPN-VXLAN RT5 does not work properly and ip-prefix-routes are not reachable. PR1466602

  • On the MX150 devices, the default subscriber management license does not include the Layer 2 TP. PR1467368

  • On the MX Series Virtual Chassis, the Layer 2 traffic sent from one member to another member is corrupted. PR1467764

  • The JNH memory leaks after the CFM session flap for the LSI and VT interfaces. PR1468663

Routing Policy and Firewall Filters

  • Routes resolution might be inconsistent if any route resolves over the multipath route. PR1453439

Routing Protocols

  • The CPU utilization on rpd spins at 100 percent once the same external BGP route is learned on different VRF tables. PR1442902

  • The rpd crash might be seen after configuring OSPF nssa area-range and summaries. PR1444728

  • The BGP routes might fail to be installed in a routing instance if the from next-hop policy match condition is used in the VRF import policy. PR1449458

  • TI-LFA backup path for the adj-sids is broken in OSPF, where the shortest path to the node opposite the adj-sid is not the one-hop path over the interface indicated by the adj-sid. PR1452118

  • The SSH login might fail if a user account exists in both the local database and RADIUS/TACACS+. PR1454177

  • The rpd scheduler slip for BGP GR might be up to 120 second after the peer goes down. PR1454198

  • MoFRR with MLDP inband signaling is not working. PR1454199

  • The rpd memory might leak in certain MSDP scenario. PR1454244

  • The rpd might crash continuously due to memory corruption in the IS-IS setup. PR1455432

  • Packet drop and CPU spike on the Routing Engine might be seen in certain conditions if the labeled-unicast protection is enabled for a CsC-VRF peer. PR1456260

  • Consider the case where the backup nexthop for a route in inet6.3 has all valid labels except for the last label. While it is not possible to install a working backup path in inet6.3, it is possible to install a working backup path for inet6.0. This is because the inet6.0 backup path is derived from the inet6.3 backup path by removing the last label. Removing the last label leaves a label stack with all valid labels. However, the current implementation does not install the inet6.0 backup path. PR1458791

  • The rpd memory leak might be observed on the backup Routing Engine due to BGP flap. PR1459384

  • The other querier present interval timer cannot be changed in a IGMP or MLD snooping scenario. PR1461590

  • The rpd scheduler slips might be seen on the RPKI route validation enabled BGP peering router in a scaled setup. PR1461602

  • Need to install all possible next hops for the OSPF network LSAs. PR1463535

  • The IS-IS IPv6 multi-topology routes might flap every time when there is an unrelated commit under protocol statement. PR1463650

  • The rpd might crash if both the BGP add-path and BGP multipath are enabled. PR1463673

  • The rpd might crash if the IPv4 routes are programmed with the IPv6 next hop via JET APIs. PR1465190

  • The BGP peers might flap if the hold-time parameter is set as small. PR1466709

  • The configured BGP damping policy might not take effect after BGP is disabled and then enabled followed by commit. PR1466734

  • BGP multipath does not work for MT on cRPD. PR1467091

  • The rpd might crash after configuring independent-domain under the master routing instance. PR1469317

  • The mcsnoopd might crash when the STP moves the mrouter port to the Blocked state. PR1470183

  • The BFD client session might flap when removing the BFD configuration from the peer end (from other vendor) of the BFD session. PR1470603

  • The rpd might crash when both the instance-import and instance-export policies contains the as-path-prepend action. PR1471968

  • The rpd process might crash with the BGP multipath and damping configured. PR1472671

  • Removal of the cluster from the BGP group might cause prolonged convergence times. PR1473351

  • sftp does not connect properly and the following error message is seen: Received message too long. PR1475255

  • The rpd process might crash with the BGP multipath and route withdraw occasionally. PR1481589

  • Removal of the BGP and rib-sharding configuration might cause the routing protocols to become unresponsive. PR1485720

  • High CPU utilization might be observed when the outgoing BGP updates are sent slowly. PR1487691

Services Applications

  • The jl2tpd process might crash during the restart procedure. PR1461335

  • The calling station gets truncated after 64 bytes. PR1462689

  • On an MX Serirs router, L2tp LTS fails to forward the agentCircuitId and agentRemoteId AVP towards the LNS. PR1472775

  • Phase 1 SA migrates to a new remote IP because of the source-address translation for the static NAT tunnel. PR1477181

Subscriber Access Management

  • The authd crashes on the backup Routing Engine during the execution of the slax script, that runs the < get-jsrc-counters> RPC call. PR1458185

  • DHCPv6 subscribers might be stuck in a state after the authd process crashes. PR1460578

  • Problem rises with linked-pool-aggregation after attempting to delete a pool in the middle of the chain. PR1465253

  • The volume statistics attributes are missing in the accounting-stop for the Configuration Activated Services and CLI Activated services. PR1470434

  • The sub-interfaces might be missing in the NAS port ID. PR1472045

  • The authd process might crash after the ISSU setup from the Junos OS Release 18.3 and earlier to Junos OS Release 18.4 and later. PR1473159

  • Some address relevant fields are missing when executing the test aaa ppp command. PR1474180

  • The CoA request might not be processed if it includes the proxy-state attribute. PR1479697

  • The mac-address CLI option are hidden under the access profile radius options calling-station-id-format statement. PR1480119

User Interface and Configuration

  • In an MX J-Web, page might not get redirected to login once the session expires with an idle timeout. PR1459888

VPNs

  • The P1 configuration delete message is not sent on loading baseline configuration if there has been a prior change in VPN configuration. PR1432434

  • The rpd process might crash due to memory leak in MVPN RPF Src PE block. PR1460625

  • The Layer 2 circuit displays MM status which might cause traffic loss. PR1462583

  • The Layer 2 circuit connections might become stuck in the OL state after changing the Layer 2 circuit community and flapping the primary LSP path. PR1464194

  • In MVPN scenario with ingress replication selective provider tunnel being used, if the ink-protection statement is added or deleted from the LSP for MVPN, rpd crash might be seen. The reason is that when link-protection is deleted, the ingress tunnel is not deleted, and when link link-protection is added back, it tries to add same tunnel. Due to which, the rpd asserts as same tunnel exists and the rpd generates core files. PR1469028

Documentation Updates

There are no errata or changes in Junos OS Release 20.1R1 documentation for MX Series.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

Starting in Junos OS 20.1R1 release, FreeBSD 11.x is the underlying OS for all Junos OS platforms which were previously running on FreeBSD 10.x based Junos OS. FreeBSD 11.x does not introduce any new Junos OS related modifications or features but is the latest version of FreeBSD.

The following table shows detailed information about which Junos OS can be used on which products:

Platform

FreeBSD 6.x-based Junos OS

FreeBSD 11.x-based Junos OS

MX5,MX10, MX40,MX80, MX104

YES

NO

MX240, MX480, MX960,

MX2010, MX2020

NO

YES

Basic Procedure for Upgrading to Release 20.1R1

Note

Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files) might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Installation and Upgrade Guide.

For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.

Procedure to Upgrade to FreeBSD 11.x based Junos OS

Products impacted: MX240, MX480, MX960, MX2010, and MX2020.

To download and install FreeBSD 11.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-20.1R1.9-signed.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-20.1R1.9-signed.tgz

    Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos package):

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-20.1R1.x-limited.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-20.1R1.9-limited.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 11.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 11.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note
  • You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.

  • Starting in Junos OS Release 20.1R1, in order to install a VM host image based on Wind River Linux 9, you must upgrade the i40e NVM firmware on the following MX Series routers:

    • MX240, MX480, MX960, MX2010, MX2020, MX2008, MX10016, and MX10008

    [See https://kb.juniper.net/TSB17603.]

Note

After you install a Junos OS Release 20.1R1 jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.x) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.

Note

Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.

Procedure to Upgrade to FreeBSD 6.x based Junos OS

Products impacted: MX5, MX10, MX40, MX80, MX104.

To download and install FreeBSD 6.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    • All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

      user@host> request system software add validate reboot source/jinstall-ppc-20.1R1.9-signed.tgz
    • Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos OS package):

      user@host> request system software add validate reboot source/jinstall-ppc-20.1R1.9-limited-signed.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 20.1R1 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:

  1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.

  2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

  3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

  4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Downgrading from Release 20.1R1

To downgrade from Release 20.1R1 to another supported release, follow the procedure for upgrading, but replace the 20.1R1 jinstall package with one that corresponds to the appropriate release.

Note

You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.

Release History Table
Release
Description
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.