Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for MX Series 5G Universal Routing Platform

 

These release notes accompany Junos OS Release 20.1R1 for the MX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

Learn about new features introduced in Junos OS Release 20.1R1 for MX Series routers.

Class Of Service

  • Hierarchical CoS support on MX2K-MPC11E line cards (MX2008, MX2010, and MX2020)—Starting in Junos OS Releases 19.3R2 and 20.1R1, hierarchical CoS is supported on MX2K-MPC11E line cards.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Forwarding CoS (L2 classifiers, rewrite) support on MX2K-MPC11E line cards (MX2008, MX2010, and MX2020)—Starting in Junos OS Releases 19.3R2 and 20.1R1, Junos OS supports forwarding CoS (L2 classifiers, rewrite) for MX Series routers with MX2K-MPC11E line cards.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Seamless MPLS CoS support for pseudowires from access node and multiservices edge (MSE) node on MX2K-MPC11E line cards (MX2008, MX2010, and MX2020)—Starting with Junos OS Releases 19.3R2 and 20.1R1, we support on the MX2K-MPC11E line card pseudowires from access node and multiservices edge (MSE) node for MX2008, MX2010, and MX2020 routers to include seamless MPLS CoS (BA and MF classifiers, rewrite rules, schedulers, drop profiles, policers, HQoS support — interface-set, physical interface level, S-VLAN level, logical unit/C-VLAN level, and traffic-control profile).

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • CoS support for forwarding class counters on MX2K-MPC11E line cards (MX2008, MX2010, and MX2020)—Starting in Junos OS Releases 19.3R2 and 20.1R1, we support forwarding class counters on MX2K-MPC11E line cards. This feature was originally introduced in Junos OS Release 14.1.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Layer 2.5 injection of control traffic to ensure queuing on GRE tunnel with CoS settings intact (MX204 and devices installed with next-generation MPCs (MPC2E-NG and MPC3E-NG))—Starting with Junos OS Release 20.1R1, you can configure host-injected control traffic to reache the GRE tunnel interface queues at the packet forwarding engine when the control session is over the GRE tunnel interface. This includes control protocols OSPF, BGP, PIM, RSVP, LDP, OAM, BFD, and MSDP. Injection of control traffic ensures that the kernel includes the interface ID of the GRE logical interface and the unicast next-hop ID of the corresponding GRE physical interface along with the packet that is injected into the packet forwarding engine.

    With this feature enabled, all transit packets on the GRE tunnel logical interface have the ToS copied to the outer header. To enable this feature, configure the force-control-packets-on-transit-path statement on the GRE tunnel logical interface.

    [See force-control-packets-on-transit-path.]

EVPN

  • Support for EVPN functionality on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS 20.1R1, you can configure MX2K-MPC11E line cards on MX2010 and MX2020 routers to support single-homed devices on an EVPN-MPLS network.

    [See EVPN Multihoming Overview.]

Forwarding and Sampling

  • Support for load balancing on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the following advanced Layer 2 features are supported on MX2010 and MX2020 routers with MX2K-MPC11E line cards and Enhanced Switch Fabric Boards (SFB3s): enhanced hash-key options, consistent flow hashing, symmetrical load balancing over 802.3ad LAGs, source IP only hashing, and destination IP only hashing.

    [See Configuring Per-Flow Load Balancing Based on Hash Values.]

General Routing

  • Support for GRE key (MX Series)—Starting with Junos OS 20.1R1, Junos OS supports configuring a key to identify traffic flows in a GRE tunnel as defined in RFC2890. You must configure the key on the routers on both endpoints of a tunnel and create an export policy to populate the key in the forwarding table. You can configure dynamic-tunnel-gre-key at the [edit routing-options dynamic-tunnels tunnel-attributes name] hierarchy level.

    [See dynamic-tunnel-gre-key.]

High Availability and Resiliency

  • Unified ISSU with enhanced mode (MX240, MX480, MX960, MX2008, MX2010, MX2020)—Starting in Junos OS Release 20.1R1, MX Series routers with MPC7E, MPC8E, or MPC9E line cards installed can use a new ISSU option called enhanced mode. Enhanced mode eliminates packet loss during the unified ISSU process by running a copy of the Junos OS software in standby mode ready to take over when software moves from an old image to a new one.

    Use the request system software in-service-upgrade package-name.tgz enhanced-mode command to use unified ISSU with enhanced mode, or the request system software validate in-service-upgrade package-name.tgz enhanced-mode command to verify that your device and target release are compatible with enhanced mode.

    [See How to Use Unified ISSU with Enhanced Mode.]

  • Sequential upgrade for Virtual Chassis (MX240, MX480, MX960, and MX10003)—Starting in Junos OS Release 20.1R1, MX Series Virtual Chassis configurations can use sequential upgrade to install new software releases with minimal network downtime. Sequential upgrade is an alternative to unified ISSU that installs a new release and reboots each Virtual Chassis member router one at a time. While the upgrade happens on one member router, the other member router continues to operate and handle network operations.

    To perform a sequential upgrade in an MX Series Virtual Chassis, you first issue the request virtual-chassis upgrade protocol-backup package-name command from the CLI for the Virtual Chassis master router. This initiates the upgrade process on the Virtual Chassis backup router. After the upgrade finishes on the backup router, issue the request virtual-chassis upgrade protocol-master package-name command from the backup router CLI to begin the same upgrade process for the Virtual Chassis master router.

    [See How to Use Sequential Upgrade in an MX Series Virtual Chassis.]

  • Support for BFD on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, MX2010 and MX2020 routers with the MX2K-MPC11E line card support the following BFD features:

    • Centralized BFD

    • Distributed BFD

    • Inline BFD (single-hop only)

    • Single-hop BFD

    • Multihop BFD

    • Micro BFD

    • BFD over IRB interfaces

    • BFD over pseudowire over logical tunnel and redundant logical tunnel interfaces

    • Virtual circuit connectivity verification (VCCV) BFD for Layer 2 VPNs, Layer 2 circuits, and virtual private LAN service (VPLS)

    Micro BFD at the Packet Forwarding Engine level behaves slightly differently on MX2K-MPC11E line cards. If micro BFD is enabled on an aggregated Ethernet (ae) interface, the micro BFD packets are not subjected to firewall filters for both tagged and untagged ae interfaces.

    [See Understanding BFD for Static Routes for Faster Network Failure Detection and Understanding Distributed BFD.]

Interfaces and Chassis

  • Support for flexible tunnel interfaces (MX240, MX480, and MX960 with MPC10E; MX2010 and MX2020 with MPC11E)—Starting in Junos OS Release 20.1R1, MX Series routers with MPC10E or MPC11E line cards support flexible tunnel interfaces (FTIs). FTIs support Layer 3 point-to-point tunnels, which use Virtual Extensible LAN (VXLAN) encapsulation with a Layer 2 pseudo header.

    To configure FTIs on your device and to enable multiple encapsulations on the FTIs, use the vxlan-gpe statement at the [edit interfaces interface-name unit logical-unit-number tunnel encapsulation] hierarchy level.

    [See Flexible Tunnel Interfaces Overview and vxlan-gpe (FTI).]

  • Support for ALB on multiple Packet Forwarding Engines for aggregated Ethernet bundles (MX Series MPCs)—Starting in Junos OS Release 20.1R1, on MX Series MPCs, adaptive load balancing (ALB) for aggregated Ethernet bundles evenly redistributes the traffic load across multiple ingress Packet Forwarding Engines on the same line card, thus providing flexibility and redundancy. In earlier releases, ALB evenly redistributes traffic across all ingress traffic on a single Packet Forwarding Engine only. ALB is disabled by default.

    Note

    MPC3E does not support adaptive load balancing.

    To configure ALB, include the adaptive statement at the [edit interfaces ae-interface aggregated-ether-options load-balance] hierarchy level.

    Note

    When you configure locality bias and adaptive load balancing for aggregated Ethernet interfaces, ALB is supported per Packet Forwarding Engine and not across all Packet Forwarding Engines on the same line card. Also, you cannot revert to ALB support per Packet Forwarding Engine after you enable ALB support on multiple Packet Forwarding Engines.

    [See Configuring Adaptive Load Balancing.]

  • Adaptive load balancing on MPC10E-15C-MRATE, MPC10E-10C-MRATE, and MX2K-MPC11E line cards (MX240, MX480, MX960, and MX2020)—Starting in Junos OS Release 20.1R1, adaptive load balancing (ALB) is supported on aggregated Ethernet bundles and ECMP links to correct traffic imbalance among member links. ALB resolves traffic load imbalance caused by the hashing algorithm. With ALB configured on the system, traffic is balanced across member links when an imbalance is detected.

    • To configure ALB on aggregated Ethernet bundles, run the set interfaces name aggregated-ether-options load-balance adaptive tolerance command. [See adaptive.]

    • To configure ALB on ECMP links, run the set chassis ecmp-alb tolerance command. [See ecmp-alb.]

    [See Example: Configuring Aggregated Ethernet Load Balancing.]

  • VLAN TCC encapsulation on aggregated Ethernet interfaces (MX Series)—Starting in Junos OS Release 20.1R1, aggregated Ethernet interfaces support VLAN translational cross-connect (TCC) encapsulation. For configuring VLAN TCC encapsulation, you must have the member links of aggregated Ethernet with VLAN TCC encapsulation supported hardware.

    Note

    MX Series routers do not perform any external commit check for member links of aggregated interfaces for the VLAN TCC encapsulation supported hardware.

    • Enable the extended-vlan-tcc option for aggregated Ethernet interfaces at the [edit interfaces interface-name encapsulation] hierarchy level to configure extended 802.1q tagging for TCC.

    • Enable the vlan-tcc option for aggregated Ethernet interfaces at the [edit interfaces interface-name unit logical-unit-number encapsulation] hierarchy level to configure 802.1q tagging for TCC.

    • Enable the inet-address option for aggregated Ethernet interfaces at the [edit interfaces interface-name unit logical-unit-number family tcc proxy] hierarchy level to configure proxy host address on the non-Ethernet side of Ethernet TCC circuits.

    • Enable the inet-address option for aggregated Ethernet interfaces at the [edit interfaces interface-name unit logical-unit-number family tcc remote] hierarchy level to configure remote host address on the non-Ethernet side of Ethernet TCC circuits.

    • Enable the mac-address option for aggregated Ethernet interfaces at the [edit interfaces interface-name unit logical-unit-number family tcc remote] hierarchy level to configure remote MAC address on the non-Ethernet side of Ethernet TCC circuits.

    • Enable the tcc option for aggregated Ethernet interfaces at the [edit interfaces interface-name unit logical-unit-number family] hierarchy level to configure the TCC protocol suite.

    [See Configuring VLAN TCC Encapsulation.]

  • MX2K-MPC11E supports Junos node slicing (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the MX2K-MPC11E supports Junos node slicing and abstracted fabric (af) interfaces. Using Junos node slicing, you can create multiple partitions in a single physical MX Series router. Each partition, referred to as a guest network function (GNF), behaves as an independent router. An af interface is a pseudointerface that exhibits a first-class Ethernet interface behavior. The af interface facilitates routing control and management traffic between GNFs through the switch fabric. In a Junos node slicing deployment, the MX2K-MPC11E interoperates with all MPCs that support the af interfaces.

    Note

    The MX2K-MPC11E interoperates only with the Switch Fabric Board SFB3.

    [See Understanding Junos Node Slicing.]

  • Support for rate selectability on MX2K-MPC11E line cards (MX2010 and MX2020)—In Junos OS Releases 19.3R2 and 20.1R1, we introduce a new fixed-configuration, rate-selectable line card, MX2K-MPC11E. The line-card has 40 built-in ports that can operate at 100-Gbps speed. You can configure all ports in a PIC to operate at the same speed or configure all the ports at different supported speeds. With QSFP28 optics installed, all ports operate at a default speed of 100-Gbps. In addition, you can use QSFP+ optics on Port 0 of every PIC and configure it as:

    • A 40-Gbps interface

    • Four 10-Gbps interfaces (channels), using breakout cables

    [See Introduction to Rate Selectability.]

  • Distributed LACP support in PPM AFT on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the MX2K-MPC11E line card supports distributed LACP. Distributed LACP support is managed by the advanced forwarding toolkit (AFT)-based periodic packet manager (PPMAN). In earlier releases, and for other line cards except MPC10E, distributed LACP support is managed by the Junos OS-based PPMAN.

    [See Periodic Packet Management.]

  • Optimize fabric path to prevent traffic hop with MX2K-MPC11E line cards (MX2008, MX2010, and MX2020)—Starting in Junos OS Release 20.1R1, on MX2008, MX2010, and MX2020 routers with MX2K-MPC11E, you can optimize the fabric path of the traffic flowing over abstracted fabric (af) interfaces between two guest network functions (GNFs) by configuring fabric optimization mode. This feature reduces fabric bandwidth consumption by preventing any additional fabric hop (switching of traffic flows from one Packet Forwarding Engine to another because of load balancing on the af interface) before the packets eventually reach the destination Packet Forwarding Engine.

    To configure fabric optimization mode, use the following CLI command at the base system (BSYS): set chassis network-slices guest-network-functions gnf id collapsed-forward (monitor | optimize).

    [See Optimizing Fabric Path for Abstracted Fabric Interface.]

  • Chassis and power management for MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the MX2010 and MX2020 routers with the MX2K-MPC11E line card support chassis management features, including field- replaceable unit (FRU) management, power budgeting and management, and environmental monitoring.

    The MX2K-MPC11E line card supports the following configuration:

    • The ambient temperature is less than 46°C.

    • The ports on the MX2K-MPC11E line cards operate at various modes or speeds (10-Gbps, 40-Gbps, or 100 Gbps). The pic-mode specifies the speed of the active ports. If pic-mode is not specified, then the default mode is 100 Gbps.

    • Supports dynamic power management.

    • Supports both hyper mode (the default mode) and normal mode.

    • Supports both normal mode (the deafult mode) and enhanced priority mode for interface schedulers.

    • Supports interface queueing modes, namely WAN port queueing mode (the default mode), limited queueing mode, and enhanced queueing mode.

    [See Understanding How Configuring Ambient Temperature Helps Optimize Power Utilization and Understanding How Dynamic Power Management Enables Better Utilization of Power.]

  • MPC Protocol and Application Support for MX2K-MPC11E line cards—Starting with Junos OS Release 20.1R1, MX2020 and MX2010 routers with MX2K-MPC11E line cards support many MPC protocols and applications. For a complete list, see Protocols and Applications Supported by the MX2K-MPC11E.

    • Standard Generic Routing Encapsulation (GRE)

    • Bidirectional Forwarding Detection protocol (BFD)

    • Internet Control Message Protocol (ICMP) and ICMPv6

    • Border Gateway Protocol (BGP)

    • BGP/MPLS virtual private networks (VPNs)

    • Logical system and Virtual routing and forwarding (VRF) routing instances

    • Load Balancing

    • Class of Service (CoS)—per port, virtual LAN (VLAN), Point-to-Point Protocol over Ethernet (PPPoE) or Dynamic Host Configuration Protocol (DHCP), Egress hierarchical class-of-service (CoS) shaping

    • Layer 2 Features

    • Firewall filters and policers

    [See MX Series 5G Universal Routing Platform Interface Module Reference.]

  • Support for new show | display set CLI commands (ACX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, the following new show commands have been introduced:

    • show | display set explicit—Display explicitly, as a series of commands, all the configurations that the system internally creates when you configure certain statements from the top level of the hierarchy.

    • show | display set relative explicit—Display explicitly, as a series of commands, all the configurations that the system internally creates when you configure certain statements from the current hierarchy level.

    [See show | display set and show | display set relative.]

Junos OS, XML, API, and Scripting

  • The jcs:load-configuration template supports loading the rescue configuration (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, the jcs:load-configuration template supports the rescue parameter to load and commit the rescue configuration on a device. SLAX and XSLT scripts can call the jcs:load-configuration template with the rescue parameter set to "rescue" to replace the active configuration with the rescue configuration.

    [See Changing the Configuration Using SLAX and XSLT Scripts and jcs:load-configuration Template.]

Junos Telemetry Interface

  • IS-IS adjacency and LSDB event streaming support on JTI (MX960, PTX1000, and PTX10000)—Junos OS Release 20.1R1 provides IS-IS adjacency and link-state database (LSDB) statistics using Junos telemetry interface (JTI) and remote procedure call (gRPC) services or gRPC Network Management Interface (gNMI) services. ON_CHANGE statistics are sent to an outside collector.

    The following resource paths are supported:

    • /network-instances/network-instance/protocols/protocol/isis/interfaces/interfaces/circuit-counters/state/ (stream)

    • /network-instances/network-instance/protocols/protocol/isis/interfaces/interface/levels/level/packet-counters/ (stream)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/system-level-counters/state/ (stream)

    • /network-instances/network-instance/protocols/protocol/isis/interfaces/interfaces/levels/level/adjacencies/adjacency/state/ (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/extended-ipv4-reachability/prefixes/prefix/state/ (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/extended-ipv4-reachability/prefixes/prefix/subtlvs/subtlv/ (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/ipv6-reachability/prefixes/prefix/state/ (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/ipv6-reachability/prefixes/prefix/subtlvs/subtlv/ (stream)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/extended-is-reachability/neighbors/neighbors/subTLVs/subTLVs/adjacency-sid/sid/state/ (ON-CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/extended-is-reachability/neighbors/neighbors/subTLVs/subTLVs/lan-adjacency-sid/ (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/ipv4-interfaces-addresses/state/ (ON_CHANGE))

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/ipv4-srlg/state/ (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/ipv4-te-router-id/state/ (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/ipv6-interfaces-addresses/state/ (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/router-capabilities/router-capability/subtlvs/subtlv/segment-routing-capability/state/ (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/state (stream)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/area-address/state/address (stream)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/nlpid/state/nlpid (stream)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/lsp-buffer-size/state/size (stream)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/hostname/state/hname (stream)

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Packet Forwarding Engine support for JTI on MX2K-MPC11E line cards (MX2010 and MX2020)—Now supported in Junos OS Release 20.1R1, Junos telemetry interface (JTI) supports streaming of Packet Forwarding Engine statistics for MX2010 and MX2020 routers using Remote Procedure Calls (gRPC). gRPC is a protocol for configuration and retrieval of state information. This support was first introduced in Junos OS Release 19.3R2.

    To provision the sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • Platform, interface, and alarm sensor ON_CHANGE support on JTI (MX960, MX2020, PTX1000, PTX5000)—Junos OS Release 20.1R1 supports platform, interface, and alarm statistics using Junos telemetry interface (JTI) and gRPC Network Management Interface (gNMI) services. You can use this feature to send ON_CHANGE statistics for a device to an outside collector.

    This feature supports the OpenConfig models:

    • openconfig-platform.yang: oc-ext:openconfig-version 0.12.1

    • openconfig-interfaces.yang: oc-ext:openconfig-version 2.4.1

    • openconfig-alarms.yang: oc-ext:openconfig-version 0.3.1

    Use the following resource paths in a gNMI subscription:

    • /components/component (for each installed FRU)

    • /interfaces/interface/state/

    • /interfaces/interface/subinterfaces/subinterface/state/

    • /alarms/alarm/

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • gRPC Dial-Out support on JTI (ACX Series, MX Series, PTX Series, and QFX Series)—Junos OS Release 20.1R1 provides remote procedure call (gRPC) dial-out support for telemetry. In this method, the target device (server) initiates a gRPC session with the collector (client) and, when the session is established, streams the telemetry data that is specified by the sensor-group subscription to the collector. This is in contrast to the gRPC network management interface (gNMI) dial-in method, in which the collector initiates a connection to the target device.

    gRPC dial-out provides several benefits as compared to gRPC dial-in, including simplifying access to the target advice and reducing the exposure of target devices to threats outside of their topology.

    To enable export of statistics, include the export-profile and sensor statements at the [edit services analytics] hierarchy level. The export profile must include the reporting rate, the transport service (for example, gRPC), and the format (for example, gbp-gnmi). The sensor configuration should include the name of the collector (the server’s name), the name of the export profile, and the resource path. An example of a resource path is /interfaces/interface[name='fxp0'.

    [See Using gRPC Dial-Out for Secure Telemetry Collection.]

  • gRPC version v1.18.0 with JTI (ACX Series, MX Series, PTX Series, and QFX Series)—Junos OS Release 20.1R1 includes support for remote procedure call (gRPC) services version v1.18.0 with Junos telemetry interface (JTI). This version includes important enhancements for gRPC. In earlier releases, JTI is supported with gRPC version v1.3.0.

    Use gRPC in combination with JTI to stream statistics at configurable intervals from a device to an outside collector.

    [See gRPC Services for Junos Telemetry Interface.]

  • SR-TE statistics for uncolored SR-TE policies streaming on JTI (MX Series, PTX Series)—Junos OS Release 20.1R1 provides segment routing traffic engineering (SR-TE) per label-switched Path (LSP) route statistics using Junos telemetry interface (JTI) and remote procedure call (gRPC) services. Using JTI and gRPC services, you can stream SR-TE telemetry statistics for uncolored SR-TE policies to an outside collector.

    Ingress statistics include statistics for all traffic steered by means of an SR-TE LSP. Transit statistics include statistics for traffic to the Binding-SID (BSID) of the SR-TE policy.

    To enable these statistics, include the per-source per-segment-list statement at the [edit protocols source-packet-routing telemetry statistics] hierarchy level.

    If you issue the set protocols source-packet-routing telemetry statistics no-ingress command, ingress sensors are not created.

    If you issue the set protocols source-packet-routing telemetry statistics no-transit command, transit sensors are not created. Otherwise, if BSID is configured for a tunnel, transit statistics are created.

    The following resource paths (sensors) are supported:

    • /junos/services/segment-routing/traffic-engineering/tunnel/lsp/ingress/usage/

    • /junos/services/segment-routing/traffic-engineering/tunnel/lsp/transit/usage/

    To provision the sensor to export data through gRPC services, use the telemetrySubscribe RPC.

    Streaming telemetry data through gRPC or gNMI also requires the OpenConfig for Junos OS module.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface, source-packet-routing, and show spring-traffic-engineering lsp detail name name.]

  • LLDP statistics, notifications, and configuration model for suppress-tlv-advertisement support on JTI (MX240, MX480, MX960, MX10003, PTX10008, PTX10016)—Junos OS Release 20.1R1 provides remote procedure call (gRPC) streaming services support for attribute leaf suppress-tlv-advertisement under the resource path /lldp/state/suppress-tlv-advertisement. The following TLVs are supported, which in turn support operational state, notifications, and configuration change support:

    • port-description

    • system-name

    • system-description

    • system-capabilities

    • management-address

    • port-id-type

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • CPU and NPU sensors support using JTI on MX2K-MPC11E line cards (MX2010 and MX2020)—Junos OS Release 20.1R1 supports Junos telemetry interface (JTI) CPU and network processing unit (NPU) sensors on MX Series routers with MX2K-MPC11E line cards. JTI enables streaming statistics from these sensors to outside collectors at configurable intervals using remote procedure call (gRPC) services.

    Unlike the Junos kernel implementation in earlier Junos OS releases that support these sensors, this feature uses the OpenConfig AFT model. Because of this, there is a difference in the resource path and key-value (kv) pair output compared to the Junos kernel output.

    Use the following resource paths to export statistics:

    /junos/system/linecard/cpu/memory/

    /junos/system/linecard/npu/memory/

    /junos/system/linecard/npu/utilization/

    To provision the sensor to export data through gRPC services, use the telemetrySubscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface) and Understanding OpenConfig and gRPC on Junos Telemetry Interface.]

  • gNMI extension compliance with JTI (MX Series)—Starting in Junos OS Release 20.1R1, changes are qualified in the extension header for Junos telemetry interface (JTI), ensuring they are compliant with the OpenConfig gnmi.extensions.proto specification.

    See gnmi-extensions.md.]

  • gNMI-based streaming telemetry support for Packet Forwarding Engine sensors on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, gRPC Network Management Interface (gNMI) service support is available to export Packet Forwarding Engine statistics for telemetry monitoring and management using Junos telemetry interface (JTI). Using gNMI and JTI, data is exported from devices to outside collectors at configurable intervals. This feature includes support (SensorD daemon) to export telemetry data for the OpenConfig model called AFT platform.

    Use the following resource paths to export sensor data for interface information and traffic, logical interface traffic, firewall filter counters, and policer counters:

    • /junos/system/linecard/interface/

    • /junos/system/linecard/interface/traffic/

    • /junos/system/linecard/interface/queue/

    • /junos/system/linecard/interface/logical/usage/

    • /junos/system/linecard/firewall/

    • /junos/system/linecard/services/inline-jflow/

    To provision the sensor to export data through gNMI services, use the Subscribe RPC. The Subscribe RPC and subscription parameters are defined in the gnmi.proto file. Streaming telemetry data through gRPC or gNMI also requires the OpenConfig for Junos OS module.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface) and Understanding OpenConfig and gRPC on Junos Telemetry Interface.]

Layer 2 Features

  • Supported Layer 2 features on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the following advanced Layer 2 features are supported on MX2K-MPC11E line cards:

  • Support for Layer 2 services with PWHT on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, some of the Layer 2 services are supported with pseudowire headend termination (PWHT) on the new MX2K-MPC11E line card.

    [See Protocols and Applications Supported by the MX2K-MPC11E and Layer 2 VPNs and VPLS User Guide for Routing Devices.]

  • Support for basic Layer 2 features on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, MX2010 and MX2020 routers with the MX2K-MPC11E line card supports the following basic Layer 2 features:

    • Layer 2 bridging with trunk and access modes

    • MAC learning and aging

    • Handling BUM (broadcast, unknown unicast and multicast) traffic, including split horizon

    • MAC move

    • Layer 2 forwarding and flooding statics

    • Mesh groups

    • Static MAC addresses

    • MAC learning and forwarding on AE interfaces

    • Bridging on untagged interfaces

    • Basic Q-n-Q tunneling (without VLAN-translation and VLAN map operations)

    [See Understanding Layer 2 Bridge Domains, Understanding Layer 2 Learning and Forwarding.]

Layer 3 Features

  • Support for new MPC11E line card (MX Series)—Starting in Junos OS Release 20.1R1, we've introduced a new MPC, MPC11E, that supports the following Layer 3 features:

    The following Layer 3 features are supported on MPC11E in 20.1R1:

    • BGP

    • IS-IS

    • Layer 3 VPN

    • OAM - LSP/VPN ping, traceroute, automatic bandwidth, and MPLS-FRR link node protection

    • OSPF

    • RIP

    • Tunnel (GRE tunnels, logical tunnels, and virtual tunnels)

  • Support for IPv6 Ping, IPv6 Traceroute and ECMP traceroute for Labelled-ISIS Segment Routing paths (MX Series and VMX)— Starting in Release 20.1R1, Junos OS supports IPv6 Ping, IPv6 Traceroute, and equal-cost multipath (ECMP) traceroute for Labelled-ISIS Segment Routing paths.

MPLS

  • Support for MPLS features on MX2K-MPC11E line card (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the new MX2K-MPC11E line card supports some of the MPLS features.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Support for selective MPLS traffic mirroring (MX Series with MPC10)—Starting in Junos OS Release 20.1R1, MX Series routers with MPC10 line cards supportelective MPLS traffic mirroring. You can apply inbound and outbound filters for the MPLS family based on MPLS-tagged IPv4 and IPv6 parameters using inner payload match conditions, and enable selective port mirroring of MPLS traffic on to a monitoring device.

    [See Understanding IP-Based Filtering and Selective Port Mirroring of MPLS Traffic]

  • Support for segment routing over RSVP forwarding adjacency (MX Series and PTX Series)—Starting with Junos OS Release 20.1R1, we provide support for segment routing traffic to be carried over RSVP LSPs that are advertised as forwarding adjacencies in IS-IS. This feature is implemented in a network having LDP on the edge and RSVP in the core where you can easily replace LDP with IS-IS segment routing because it eliminates the need for MPLS signaling protocols such as LDP. This helps to remove a protocol from the network and results in network simplification.

    [See Understanding Segment Routing over RSVP Forwarding Adjacency in IS-IS.]

  • Support for static adjacency segment identifier for aggregated Ethernet member links on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting with Junos OS Release 20.1R1, you can configure a transit single-hop static label-switched path (LSP) for a specific member link of an aggregated Ethernet (ae) interface. The label for this route comes from the segment routing local block (SRLB) pool of the configured static label range. Configure the aggregated Ethernet member-interface name using the member-interface statement option at the [edit protocols mpls static-label-switched-path name transit name] hierarchy level. This feature is supported for aggregated Ethernet interfaces only.

    [See transit and Configuring Static Adjacency Segment Identifier for Aggregate Ethernet Member Links Using Single-Hop Static LSP.]

  • Support for Seamless MPLS Layer 3 features on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, MX2010 and MX2020 routers with the MX2K-MPC11E line card support the following MPLS Layer 3 features:

    • Redundant logical tunnel interfaces.

    • Pseudowire subscriber interfaces using either logical tunnel or redundant logical tunnel interfaces as anchor point.

    [See Redundant Logical Tunnels Overview and MPLS Pseudowire Subscriber Logical Interfaces.]

  • Support for segment routing (SR) and segment routing traffic engineering (SRTE) statistics on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, MX2010 and MX2020 routers with the MX2K-MPC11E line card supports segment routing (SR) and segment routing traffic engineering (SRTE) statistics.

    [See Understanding Source Packet Routing in Networking (SPRING).]

  • CoS-based forwarding and policy-based routing to steer selective traffic over an SR-TE path (ACX Series, MX Series, and PTX Series)—Starting in Junos OS Release 20.1R1, you can use CoS-based forwarding (CBF) and policy-based routing (PBR, also known as filter-based forwarding or FBF) to steer service traffic using a particular segment routing-traffic-engineered (SR-TE) path. This feature is supported only on non-colored segment routing LSPs that have the next hop configured as a first hop label or an IP address.

    With CBF and PBR, you can:

    • Choose an SR-TE path on the basis of service.

    • Choose the supporting services to resolve over the selected SR-TE path.

    [See Example: Configuring CoS-Based Forwarding and Policy-Based Routing For SR-TE LSPs.]

  • Support for MPLS features on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, some of the MPLS features are supported on the new MX2K-MPC11E line card.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

Multicast

  • Support for multicast forwarding on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, multicast forwarding is fully supported on MX2010 and MX2020 routers with MX2K-MPC11E line cards and Enhanced Switch Fabric Boards (SFB3).

    [See Multicast Overview.]

  • Next-generation multicast VPN supported on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the MX2K-MPC11E line card supports next-generation MVPN.

    [See Multicast Overview.]

Network Management and Monitoring

Next Gen Services

  • Support for Port Control Protocol (PCP)—Starting in Junos OS Release 20.1R1, Next Gen Services supports the Port Control Protocol (PCP), which provides a mechanism to control how incoming packets are forwarded by upstream devices such as Network Address Translator IPv6/IPv4 (NAT64), Network Address Translator IPv4/IPv4 (NAT44), and IPv6 and IPv4 firewall devices, and mechanism to reduce application keep alive traffic.

    [See pcp-rules.]

  • Support for Traffic Load Balancer—Starting in Junos OS Release 20.1R1, Next Gen Services support Traffic Load Balancer (TLB). TLB enables you to distribute traffic among multiple servers.

    [See Traffic Load Balancer Overview.]

  • Support for TLS transport protocol for Next Gen Services CGNAT syslog messages—Starting in Junos OS Release 20.1R1, you can configure the transport security protocol for Next Gen Services CGNAT global syslog messages to Transport Layer Security (TLS), as well as UDP or TCP.

    TLS ensures the secure transmission of data between a client and a server through a combination of privacy, authentication, confidentiality, and data integrity. SSL relies on certificates and private-public key exchange pairs for this level of security.

    [See transport.]

  • Next Gen Services on GNFs (MX480 and MX960)—Starting in Junos OS Release 20.1R1, guest network functions (GNFs) on MX480 and MX960 routers support Next Gen Services when the MX-SPC3 Services Processing Card is installed. You can enable Next Gen Services on a GNF by using the existing command request system enable unified-services at the GNF level. In a Junos node slicing setup, you can use both MX-SPC3 and MS-MPC on the same chassis but on different GNFs. However, the MX-SPC3 comes online only if you have enabled Next Gen Services on the GNF. If you have not enabled Next Gen Services, only the MS-MPC comes online.

    Note

    The MX-SPC3 does not support abstracted fabric interfaces.

    [See Enabling and Disabling Next Gen Services and request system enable unified-services.]

  • Support for URL filtering, DNS sinkhole and Juniper Sky ATP URL filtering —Starting in Junos OS Release 20.1R1, under Next Gen Services you can configure DNS filtering to identify DNS requests for blacklisted website domains and URL filtering to determine which Web content is not accessible to users. We also support Juniper Sky ATP filtering, which is a cloud-based solution that integrates with Policy Enforcer on the Junos Space Security Director.

    [See local-category.]

OAM

  • Support for link fault management (MX2K-MPC11E)—Starting in Junos OS Release 20.1R1, you can configure IEEE 802.3ah link fault management (LFM) for MX2K-MPC11E on MX2010 and MX2020 routers. You can also configure the following supported LFM features:

    • Discovery and link monitoring

    • Distributed LFM

    • Remote fault detection and remote loopback

    [See Introduction to OAM Link Fault Management (LFM).]

Port Security

  • Media Access Control Security (MACsec) support on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, MACsec is supported on MX2010 and MX2020 routers with the MX2K-MPC11E line card. MACsec is an industry-standard security technology that provides secure communication for all traffic on point-to-point Ethernet links. The MPC11E supports MACsec on all 10-Gigabit Ethernet, 40-Gigabit Ethernet, and 100-Gigabit Ethernet interfaces. The supported cipher suites are GCM-AES-256 and GCM-AES-128. Only static CAK mode is supported.

    [See Understanding Media Access Control Security (MACsec).]

  • VLAN-level MACsec with unencrypted VLAN tags (MX10003 with JNP-MIC1-MACSEC)—You can establish MACsec sessions for logical interfaces instead of physical interfaces on MX10003 routers with the JNP-MIC1-MACSEC installed. VLANs tags are now transmitted in cleartext, allowing intermediate switches that are MACsec-unaware to process VLAN tags. This feature enables MACsec encryption of point-to-multipoint VLAN connections over service provider WANs.

    [See Media Access Control Security (MACsec) over WAN.]

Routing Policy and Firewall Filters

  • Support for CCC and Layer 3 firewall forwarding on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting with Junos OS Release 20.1R1, circuit cross-connect (CCC) traffic and Layer 3 firewall forwarding features are supported on MX2K-MPC11E line cards.

    [See CCC Overview.]

  • Support for firewall forwarding on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, firewall forwarding is fully supported on MX2010 and MX2020 routers with MX2K-MPC11E line cards and Enhanced Switch Fabric Boards (SFB3s).

    [See Filter-Based Forwarding Overview.]

  • Support for IPv6 discard interfaces (MX Series)—Starting in Junos OS Release 20.1R1, you can configure a discard interface for IPv6 traffic. Do this at the [edit interfaces dsc unit 0 family inet6] hierarchy level.

    [See Configuring Discard Interfaces]

Routing Protocols

  • Support for topology-independent loop-free alternate (TI-LFA) in IS-IS for IPv6-only networks (ACX Series, MX Series, and PTX Series)— Starting with Junos OS Release 20.1R1, you can configure TI-LFA with segment routing in an IPv6-only network for the IS-IS protocol. TI-LFA provides MPLS fast reroute (FRR) backup paths corresponding to the post-convergence path for a given failure. TI-LFA provides protection against link failure and node failure.

    You can enable TI-LFA for IS-IS by configuring the use-post-convergence-lfa statement at the [edit protocols isis backup-spf-options] hierarchy level. You can enable the creation of post-convergence backup paths for a given IPv6 interface by configuring the post-convergence-lfa statement at the [edit protocols isis interface interface-name level level] hierarchy level. The post-convergence-lfa statement enables link-protection mode.

    You can enable node-protection mode for a given interface at the [edit protocols isis interface interface-name level level post-convergence-lfa] hierarchy level. However, you cannot configure fate-sharing protection for IPv6-only networks.

    [See Understanding Topology-Independent Loop-Free Alternate with Segment Routing for IS-IS.]

  • Support for IP forward backup path for BGP-LS peer SIDs (MX Series)— Starting in Junos OS Release 20.1R1, you can configure an IP forward backup path that provides protection at the local node or the point of local repair for egress peer engineering. When the primary segment goes down, the packet is forwarded to the configured IP backup path. This IP forward backup path has local node significance only. BGP does not send the IP forward backup path information to the controller in its periodic BGP LS updates. If you have configured both segment protection and IP forwarding backup path, then backup segment protection takes precedence over the IP forwarding backup path protection.

    To configure IP forward backup path for BGP LS peer segments, include the egress-te-backup-ip-forward option at the [edit bgp egress-te–segment-set], [edit bgp group group-name egress-te-node-segment], and [edit bgp group group-name egress-te-segment adj] hierarchy levels.

    [See egress-te-set-segment,egress-te-node-segment, and egress-te-adj-segment.]

Services Applications

  • FlowTapLite support on MPC10E (MX240, MX480, and MX960 routers)—Starting in Junos OS Release 20.1R1, you can configure FlowTapLite on the MPC10E line card.

    [See Configuring FlowTapLite on MX Series Routers and M320 Routers with FPCs.]

  • Support for Two-Way Active Measurement Protocol (TWAMP) on MX2K-MPC11E line card (MX240, MX480, and MX960)—Starting in Junos OS Release 20.1R1, the MX2K-MPC11E line card supports TWAMP. You can use the TWAMP-Control protocol to set up performance measurement sessions between a TWAMP client and a TWAMP server, and use the TWAMP-Test protocol to send and receive performance measurement probes. Configuring the TWAMP client instance to use si-x/y/z as the destination interface (which enables inline services) is not supported if the router has an MX2K-MPC11E installed in the chassis. You can configure only the none authentication mode on the line card.

    [See Understanding Two-Way Active Measurement Protocol on Routers.]

  • Inline J-Flow support for EVPN traffic (MX Series with MPC10 and MPC11)—Starting with Junos OS Release 20.1R1, you can use inline J-Flow sampling for the bridge family. You can monitor Inline J-Flow traffic hitting the bridge family and report the necessary fields in either Version 9 or IPFIX format. The new bridge family under the forwarding-options sampling instance hierarchy monitors all traffic hitting the VPLS or bridge family.

    [See Understanding Inline Active Flow Monitoring.]

  • Support for inline active flow monitoring on (MPC11E line cards on MX240, MX480, and MX960)—Starting in Junos OS Release 20.1R1, you can perform inline flow monitoring to support:

    • MPLS, MPLS-IPv4, and MPLS-IPv6

    • IPv4 or IPv6 traffic on next-hop based GRE tunnels and ps interfaces

    Both IPFIX and V9 formats are supported.

    [See Understanding Inline Active Flow Monitoring.]

  • Fabric support on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the MX2K-MPC11E line card is introduced. It is composed of 8 Packet Forwarding Engines per FPC. Each Packet Forwarding Engine on the MX2K-MPC11E line card has 3 fabric planes per SFB, which is a total of 24 fabric planes. All Packet Forwarding Engines have fabric connectivity with the SFB3. The fabric links are monitored for cyclic redundancy check (CRC) errors. Each Packet Forwarding Engine supports 500G fabric throughput when all 24 fabric planes are operational.

    Note

    Fabric redundancy is not supported on MX2K-MPC11E line card. The MX2K-MPC11E line card interoperates only with SFB3.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Support for local preference when selecting forwarding next hops for load balancing on MPC11E (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, you can have traffic flows across aggregated Ethernet or redundant logical-tunnel interfaces prefer local forwarding next hops over remote ones, for example to ensure that the overall load on the fabric is reduced.

    [See local-bias.]

Software Defined Networking

  • Delegate segment routing LSPs to a PCE (MX Series)—Starting in Junos OS Release 20.1R1, you can enable a Path Computation Client (PCC) to delegate locally configured IPv4 non-colored segment routing LSPs to a Path Computation Element (PCE) controller. The PCE controls the delegated LSPs and can modify LSP attributes for traffic steering.

    A PCC with delegation capability can take back control of the delegated segment routing LSPs from the PCE when the PCEP session goes down; the LSPs would otherwise be deleted from the PCC. You can thus ensure LSP data protection by averting a situation where packets are silently discarded or dropped (also known as a traffic black-hole condition).

    [See Segment Routing for the Path Computation Element Protocol Overview and Example: Configuring Path Computation Element Protocol for SPRING-TE LSPs.]

Subscriber Management and Services

  • Support for BNG M:N subscriber redundancy over pseudowire interfaces (MX Series)—Starting in Junos OS Release 20.1R1, you can configure BNG M:N redundancy using pseudowire redundancy in addition to using VRRP redundancy. The pseudowire redundancy method is supported for IP/MPLS network and Layer 2 VPN scenarios using pseudowire tunnels. These scenarios support dynamic N:1 VLANs.

    [See M:N Subscriber Redundancy Overview.]

  • Distributed denial of service protection on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the MX2K-MPC11E line cards support DDoS protection.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Subscriber services uplink support on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, you can use the MX2K-MPC11E line cards for uplink connections to the core network. This support requires you to enable enhanced subscriber management.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Support for managing policy and charging rules function (PCRF) server errors (MX Series)—Starting in Junos OS Release 20.1R1, you can configure the router to reinitialize the PCRF session when triggered by certain PCRF server errors that result in a state mismatch between the server and the router. You can also configure the router to generate an extended session ID that is universally unique by appending a 32-bit session stamp based on the current UTC time when the router creates the CCR-GX-I.

    [See Understanding Gx Interactions Between the Router and the PCRF.]

System Management

  • Precision Time Protocol (PTP) and IRB support on MPC7E line cards (MX240, MX480, and MX960)—Starting in Junos OS Release 20.1R1, we support PTP over IRB on master interface configurations for MPC7E line cards. This release also supports the configuration of aggregated Ethernet over IRB. We’ve also added disable-lag-revertive-switchover statement at a global level. This configuration enables nonrevertive switchover for a LAG.

    Note
    • Two-step clock mode is not supported.

    • PTP aggregated Ethernet child link switchover is not hitless, in both negotiated and nonnegotiated cases, in scenarios with aggregated Ethernet, because the client goes through a resynchronization phase. When unicast negotiation is enabled, the PTP backup clock starts fresh with new negotiation messages using the secondary link whenever the current active link goes down.

    • Aggregated Ethernet with mixed-speed child links is not supported over IRB.

    [See Configuring Precision Time Protocol Over Integrated Routing and Bridging.]

  • Restrict option under NTP configuration is now visible (ACX Series, QFX Series, MX Series, PTX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, the noquery command under the restrict hierarchy is now available and can be configured with a mask address. The noquery command is used to restrict ntpq and ntpdc queries coming from hosts and subnets.

    [See Configuring NTP Access Restrictions for a Specific Address.]

User Interface and Configuration

  • Synchronous Ethernet support for MPC11E (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, Synchronous Ethernet is supported on the MPC11E.

    Note

    Junos OS dose not support synchronous Ethernet clock recovery from MIC and Precision Time Protocol (PTP).

    [See Synchronous Ethernet Overview.]

What's Changed

Learn about what changed in Junos OS main and maintenance releases for MX Series routers.

Interfaces and Chassis

  • Displaying accurate aggregate drop statistics (MX Series)—Starting in Junos OS Release 20.1R1, you can view the accurate aggregate drop statistics when a packet drop is seen on an aggregated Ethernet Interface by using the show interfaces extensive command. In earlier releases, the show interfaces extensive command did not display accurate aggregate drop statistics. Only the individual aggregate child interface displayed accurate drop statistics.

Network Management and Monitoring

  • Change in startup notification after GRES (MX Series routers)– Starting in Junos OS Release 20.1R1, the master Routing Engine sends a coldStart notification when a device comes up. The master Routing Engine also sends warmStart notifications for subsequent restarts of the SNMP daemon. After graceful routing engine switchover (GRES) the new master Routing Engine sends a single warmStart notification and the backup Routing Engine does not send any notification. In earlier releases, after GRES, the new master RE would sometimes send two notifications or a single notification. Of these, the first notification was always a coldStart notification and the second was either a coldStart notification or a warmStart notification.

  • Enhancement to the show snmp mib command– In Junos OS Release 20.1R1, and later, a new option, hex, is supported to display the SNMP object values in the hexadecimal format. In earlier releases, the show snmp mib command displays the snmp object values in ASCII and decimal format only.

    See show snmp mib

Services Applications

  • Update to CLI option for configuring the version number to distinguish between currently supported version of the Internet draft draft-ietf-softwire-map-03—In Junos OS Release 20.1R1, the version-3 option under the [edit services softwire softwire-concentrator map-e] hierarchy for configuring the version number to distinguish between currently supported version of the Internet draft draft-ietf-softwire-map-03 is optional. In the earlier Junos OS releases, if you did not configure the version-3 option, the configuration resulted in an error.

    [See map-e.]

Subscriber Management and Services

  • Single memory map applies to configuration and schema databases (MX Series)—Starting in Junos OS Release 20.1R1, the Junos OS configuration database and the schema database share the same memory space. This means that when you set the maximum database size, the result is the total memory available to both of these databases. In earlier releases, the schema database is separate and fixed in size.

    [See Configuring Junos OS Enhanced Subscriber Management.]

Known Limitations

Learn about known limitations in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • In some scenarios with MPC, the following major alarm and following messages are generated: messages log: fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) alarmd[3158]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC x Major Errors Major alarm set, FPC x Major Errors fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) cli> show chassis alarms 1 alarms currently active Alarm time Class Description 2019-01-25 15:18:03 UTC Major FPC x Major.

    Despite the major alarm set, this error is due to the Unknown Error Address logged in hardware to the DQ underrun. This message is harmless and has no service impact. PR1303489

  • The MX104 router has the following limitations in error management:

    • The show chassis fpc error command is not available for MX104 in Junos OS Releases 13.3R7, 15.1R2,14.1R5,14.2R4, 13.3R8, and later.

    • Junos OS does not initiate restart of the system on encountering a fatal error.

    • Although you can configure disable-PFE for major errors action, Junos OS does not disable its only Packet Forwarding Engine on encountering a major error. PR1413314

  • The Routing Engine interprets any input from the console port as interrupts. Depending on the frequency, console noise impacts the Routing Engine interruption handling to different extents, even with the current mechanism. When the interrupt frequency is too high for the Routing Engine to handle, the impact might vary from the line card reboot (partial impact) to the Routing Engine reboot (chassis-wide impact). PR1436386

  • In a scaled scenario where the Routing Engine pushes a lot of routes to the Packet Forwarding Engine in the presence of the dynamic tunnel configuration, FIB convergence might take more time, leading to traffic drops. PR1454817

  • Dynamic SR-TE tunnels does not get automatically re-created at the new master Routing Engine after the Routing Engine switchover. PR1474397

  • The control peer PFCP heartbeat request timeout window must be greater than 90 seconds. PR1459135

  • The traffic on GRE interface on both ingress and egress cannot be Layer 2 mirrored. PR1462375

  • The following error message is issued when the connection between aftman and aft-ulcd is dropped: [Error] aft-ipc: AFT-ULCD IPC: Program will exit - ERROR MESSAGE. PR1467246

  • The aftd hogs on executing the clear VPLS table and MACs are not learned for less than 5 minutes. PR1473334

Infrastructure

  • The Juniper Routing Engine with HAGIWARA CF card installed, after upgrading to Junos OS Release 15.1 and later, the following error message might appear on the log: smartd[xxxx]: Device: /dev/ada1, failed to read SMART Attribute Data PR1333855

Platform and Infrastructure

  • Traffic might drop due to the memory error of QX-chipset MPC. PR1197475

  • Interface-group based firewall filters used at MX Series router with the VPLS and BRIDGE logical interfaces hosted by an MPC might work unpredictably. PR1216201

Services Applications

  • Currently, while configuring a DNS filter profile at the [edit services web-filter profile profile-name dns-filter-template] hierarchy level, you can configure a maximum of number of 32 DNS filter templates. However, for a profile configured under [edit services web-filter profile profile-name security-intelligence-policy] hierarchy level, you can configure more than 32 templates.

    [See dns-filter-template and security-intelligence-policy].

Subscriber Management and Services

  • For dual-stacked clients over the same PPP-over-L2TP LNS session, enhanced subscriber management does not support configurations where both of the following are true:

    • The CPE sends separate DHCPv6 solicit messages for the IA_NA and the IA_PD.

    • The solicit messages specify a type 2 or type 3 DUID (link-layer address).

    As a workaround, you must configure the CPE to send a single solicit message for both IA_NA and IA_PD when the other configuration elements are present. PR1441801

VPNs

  • In an MVPN scenario with static lsp mapping type 3, the route withdraw behavior might differ. PR1466122

Open Issues

Learn about open issues in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • Duplicate packets in EVPN scenario are seen because a nondesignated forwarder is sending an inclusive multicast packet to the PE-CE interface after MAC lookup. PR1245316

  • In an EVPN scenario with nonstop active routing (NSR) enabled, the rpd crashes and generates core files on the backup Routing Engine when any configuration changes on the master Routing Engine. PR1336881

  • With Junos OS Release 19.3R1, the VXLAN OAM host-bound packets are not throttled with DDoS policers. PR1435228

  • EVPN-VXLAN core isolation does not work when the system reboots or the routing restarts. PR1461795

  • The ARP entry gets deleted from the kernel after adding and deleting the virtual-gateway-address. PR1485377

Forwarding and Sampling

  • For Junos OS Releases 18.4R1 and 18.3R2, if an IPv4 prefix is added on a prefix-list referred by an IPv6 firewall filter, the following log message is not seen: Prefix-List [Block-Host] in Filter [Protect_V6] not having any relevant prefixes , Match [from prefix-list Block-Host] might be optimized. PR1395923

General Routing

  • The fxp0 is marked as Dest-route-down because of specific operations such as disabling and enabling operations. PR1052725

  • The input errors on MX150 might be zero under the show interfaces extensive output when there are CRC or Align errors on the interface. PR1485706

  • The show ptp statistics detail command shows incorrect values for the delay request and response packets. PR1489711

  • Loss in subscriber might be seen post ISSU for DHCPv6 server subscribers over PPPoE. PR1489954

  • In the MX-VC platforms, setting or deleting a VC port causes other VC ports on the same FPC or MIC slot to bring the link in the Down state for a few seconds, possibly interrupting communication with the other member chassis. PR1493699

  • Incase of G.8273.2 measurement of asymmetric combination of port speeds involving 40-Gigabits Ethernet, cTE metrics of 60-120ns in certain trials are observed. PR1488549

  • On a vMX platform, the performance of the Intel X710 NIC is lower compared to the performance of the Intel 82599 NIC. PR1281366

  • Because a vendor does not use chained CNH, using the feature does not bring in a lot of gain, because TCNH is based on an ingress rewrite premise. Without this feature, things work just fine. PR1318984

  • Changing framing modes on a CHE1T1 MIC between E1 and T1 on a MPC3E NG HQoS line card causes the PIC to go offline. PR1474449

  • In a Message Queuing Telemetry Transport (MQTT) scenario, about 4000 KB of memory leakage might be seen every 30 seconds. However, on very long runs, this leakage uses up high memory, which can indirectly impact other running daemons. PR1324531

  • When the FPC boots (either during unified ISSU, router reboot, or FPC restart), I2C timeout errors for SFP are onserbed. These errors are seen because of the incomplete I2C action as the device was busy. After the FPC is up, all the I2C transactions to the device were normal and there were no periodic failure. There is no functional impact and these errors can be ignored. PR1369382

  • On the MPC10E and MPC11E line cards, the IPv6 local statistics are counted against the IPv6 transit traffic statistics as well. PR1467236

  • Invalid packets are dropped by dut with tcc encapsulation configuration as intended but the statistics counters get incremental. PR1481698

  • With regard to FPC restarts or Virtual Chassis splits, the design of MX Series Virtual Chassis infrastructure relies on the integrity of the TCP connections. The reactions to failure situations might not be handled gracefully. This results in TCP connection timeouts because of jlock hog crossing the boundary value (5 seconds), which causes bad consequences in MX Series Virtual Chassis. Currently, there is no other easy solution to reduce this jlock hog besides enabling marker infrastructure in the MX Series Virtual Chassis setup. PR1332765

  • On the MX2010 and MX2020 routers equipped with SFB2, some error logs might be seen. PR1363587

  • On the MX480 and EX9208 devices, a few XE interfaces go down with the following error message: if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840

  • The traffic destined to the VRRP VIP drops because the filter is not updated to the related logical interface. PR1390367

  • Traffic statistics are not displayed for the hybrid access gateway session and tunnel traffic. PR1419529

  • Traffic drops after the FPC reboots with the aggregated Ethernet member links deactivated by the remote device. PR1423707

  • When you run the show route label X | display json command, two nh keys are present in the output. PR1424930

  • On the dual Routing Engines of the MX Series platforms with subscriber management, the replication daemon (repd process) might crash after booting for the first time with a newly installed Junos OS release. The repd process synchronizes subscriber information across Routing Engines, so normally the repd crash has no impact on the live service. PR1434363

  • MPC10E 3D MRATE-15xQSFPP : Layer 2 over GRE is not supported in Junos OS Release 19.3R1. Even though the configuration gets committed, the feature will not work. PR1435855

  • Interface hold-down timers cannot be achieved for less than 15 seconds on MPC11E at FRS. PR1444516

  • The Mixed Master and Backup RE types alarm is observed when MX2008 with RE-MX2008-X8-128G detects backup Routing Engine as RE-MX2008-X8-64G. PR1450424

  • Physical interface policers are not supported in Junos OS Release 19.3 for MPC11. PR1452963

  • Issues with CLI command are observed after ANCP restarts, before ANCP neighbor reestablishes, and before receiving the port-ups. PR1453837

  • With logical system configuration, filter-based GRE encapsulation does not work. PR1456762

  • On the MPC11E line card, the FIB download rates are lower than MPC10E by 30 percent. PR1456816

  • On the MPC11E line card, the following error messages are seen when the line card is online: i2c transaction error (0x00000002). PR1457655

  • With the scale filter-based forwarding (FBF) configuration, two instances seem unable to forward the traffic to the respective routing instances. It appears that the FBF programming is incorrect for these two FBF instances. PR1459340

  • Some threads of the CPU information might not get exported for the CPU memory sensor. PR1461155

  • Backport jemalloc profiling CLI to support all Junos OS Releases where jemalloc is present. PR1463368

  • The MPC2E-NG or MPC3E-NG card with specific MIC might crash after a high rate of interface flaps. PR1463859

  • The following syslog error messages are harmless and expected during ISSU or GRES or FPC offline/online scenarios: [Oct 3 08:48:35.836 LOG: Err] ifl ps240.1 (1712): child ifl lt-1/0/0.32767 (7709) already there [Oct 3 08:48:35.836 LOG: Err] IFRT: 'Aggregate interface ifl add req' (opcode 87) failed [Oct 3 08:48:35.836 LOG: Err] ifl 1712, child ifl 7709; agg add failed. PR1464524

  • BFD session might flap when the session moves into an aggressive interval after coming up from a slow or non aggressive interval. PR1465285

  • On the MPC11E line card, the DOM MIB alarm for the channelized 10-Gigabit Ethernet interface does not show any alarm for LF/RF. PR1467446

  • Not able to get the service sessions when NAT64 is configured with destination-prefix length of 32. PR1468058

  • In Junos OS Release 16.2R1 and later, if commit is executed after commit check, the daemon (for example, dhcpd and sampled) might not get started even after the related configuration is successfully committed. PR1468119

  • FPC online might take additional time during movement of MPC11 FPC from one GNF to another GNF. PR1469729

  • With BGP rib-sharding and update-threading, traffic drops 100 percent in the BGP Layer 3 VPN streams, after the removal or restoration configuration. PR1469873

  • When Layer 2 bridge domain is configured and traffic is flowing only on one particular interface, the MACsec statistics might be updated incorrectly on other channelized MACsec interfaces on the same port group. PR1472464

  • For the MPC10E card line, the IS-IS and micro BFD sessions do not come up during baseline. PR1474146

  • Upon external X86 node slicing server reboot, the host SNMP configuration gets overwritten by the JDM SNMP configuration settings. PR1474349

  • In some scenarios with the PTP hybrid mode and MPC5E line card, continuos resetting of the Playback Engine log message occurs. The Playback Engine resides inside MPC5E FPGA and it is responsible for maintaining the PTP states. PR1420335

  • On the MX Series platforms, if the clock frequency slowly change on CB0 (slow drift), the clock source for MPC-3D-16XGE-SFPP might not be changed to CB1, which cause interfaces on it to go down and remain in the Down state. PR1433948

  • With multiple different fixed-sized traffic streams configured at 1000000 fps (40 gbps combined rate) on an aggregated Ethernet0 along with another independent aggregated Ethernet (aggregated Ethernet1, 50 percent line rate 4 streams bi-directional => 118 gbps combined traffic rate) both hosted on a single Packet Forwarding Engine instruction of MPC11E line card, causes small varying packet drops every iteration on the aggregated Ethernet1 on disabling the aggregated Ethernet0. The drops might vary from 200 to certain 1000 frames. PR1464549

  • The BGP sessions over the ps interfaces anchored over rlt might flap during ISSU. PR1478693

  • The Next-Gen Services MX-SPC3 service card does not come online automatically when the junos-vmhost image is installed on the Next-Generation Routing Engine (NG-RE): RE-S-X6-64G-UB. PR1482334

  • BFD over Layer 2 VPN or Layer 2 circuit does not work because of the SDK upgrade to version 6.5.16. PR1483014

Infrastructure

  • The following error message might be seen after an upgrade: invalid SMART checksum. PR1222105

Interfaces and Chassis

  • Spontaneous jpppd generates core files on the backup Routing Engine in a longevity test at ../../../../../../src/junos/usr.sbin/jpppd/pppMain.cc:400. PR1350563

  • The SFP index in Packet Forwarding Engine starts at 1, while the port numbering starts at 0. This causes confusion in the log analysis. PR1412040

Junos Fusion Provider Edge

  • On a Junos fusion system, intermediate traffic drop is sometimes seen between AD and SD when sFlow is enabled on the ingress interface. When sFlow technology is enabled, the original packet gets corrupted for those packets that hit the sFlow filter. Because of few packets transmitted from the egress of AD1 are short of FCS (4 bytes) + 2 bytes of data drops occur. The normal data packets are of size 128 bytes while the corrupted packet is 122 bytes. PR1450373

Layer 2 Ethernet Services

  • When you revert from an Enhanced Switch Control Board (SCBE) upgrade, the SCB fails with the following error message: CHASSISD_FASIC_PIO_READ_ERROR. PR980340

  • The DHCP DECLINE packets are not forwarded to the DHCP server when forward-only is set within dhcp-reply. PR1429456

  • DHCPv6 renew do not occur as expected at the ALQ backup relay. PR1489219

MPLS

  • The rpd generates core files at hbt_iterate_next, ldp_purge_unknown_tlv_temp_tree. PR1210526

  • If the two directly connected BGP peers runs on top of a LSP and the MTU of the IP layer is smaller than the MTU of the MPLS layer; plus the BGP packets from the host have the DF bit set, the BGP session may ight keep flapping because of wrong usage of the TCP-MSS. PR1493431

  • The RSVP interface bandwidth calculation rounds up. PR1458527

Platform and Infrastructure

  • In an EVPN and VPLS scenario, the packet gets corrupted at an ingress Packet Forwarding Engine. PR1300211

  • When the REST service configuration is modified, for example, the REST service is configured and then deleted for multiple times, the system might become unresponsive, even to SSH and console. This issue has service impact. PR1461021

  • If the interface is newly added as CE interface, the existing bum traffic can be looped. Loop prevention features is designed to start working whenever a new CE interface is added by configuration. But the existing bum traffic can be distributed to a new CE interface earlier before enabling the loop prevention feature. PR1493650

  • Due to timing condition, the dead next-hops in the flood group of EVPN-MPLS are seen after remote PEs bounce. This affects the raffic flooding to remote EVPN PEs. PR1484296

    On the MX150 and vMX platform, the VXLAN packet might get discarde because the flow caching does not support VXLAN when the flow caching enabled. PR1466470

  • On MX Series routers with MPCs, the unicast traffic might drop when the destination is reachable over an integrated routing and bridging (IRB) interface and a label-switched interface (LSI) with two next hops. PR1420626

  • On the MX-VC setup, if traffic goes through a VCP (virtual chassis port) port and forwards to an egress port to the destination, while the traffic is handled entirely by the same PFE, MAC malformation might occur. PR1491091

  • On the EX9208 and MX480 devices, traffic loss is observed if the ingress and egress ports are in different FPCs. PR1429714

  • For the bridge domains configured under an EVPN instance, the ARP suppression is enabled by default. This enables the EVPN to proxy the ARP and reduces the flooding of ARP in the EVPN networks. As a result, the storm-control does not affect the ARP packets on the ports under such bridge domain. PR1438326

  • On the MX Series router with SP-style, traffic gets looped with the logical interface flapping. PR1485100

  • A dual Routing Engine Junos node slicing GNF with no GRES configured and with a system internet-options no-tcp-reset drop-all-tcp configuration might enter the dual backup Routing Engine state upon manual GNF Routing Engine mastership switchover attempt with the request chassis routing-engine master [acquire|release|switch] command from either GNF Routing Engine CLI. PR1456565

  • While the SNMP-Agent polls round-trip time (RTT) related to OIDs from a router running Junos OS, such as pingResultsAverageRtt, the router might respond with zero (0) value even though there is no RPM ping failure. The following objects might be impacted: iso.3.6.1.2.1.80.1.3.1.4 -> pingResultsMinRtt iso.3.6.1.2.1.80.1.3.1.5 -> pingResultsMaxRtt iso.3.6.1.2.1.80.1.3.1.6 -> pingResultsAverageRtt iso.3.6.1.2.1.80.1.3.1.7 -> pingResultsProbeResponses iso.3.6.1.2.1.80.1.3.1.9 -> pingResultsRttSumOfSquares. PR1458983

  • When traffic is received from 1000 different VRF instances on PE from CE devices, a , few flows are dropped at the PE device. PR1460471

  • Sometime high CPU utilization is observed in MPC 3D 16x 10GE after ISSU. PR1461715

  • A few OAM sessions are not established with the scale EVPN ETREE and CFM configurations. PR1478875

Routing Protocols

  • In the BGP environment, the Ukern memory leaks and the core crashes. PR1366823

  • Even when the protocols mpls traffic-engineering bgp-igp command is configured, the UDP tunnel routes are not added to inet.0. The UDP tunnel routes are added only to inet.3 table whether the command is configured or not. PR1457426

  • In a next-generation MVPN setup, when using MPC10 on egress an PE device with load-balancing join of multiple groups in C_VPN, the egress PE device might not receive multicast traffic. PR1476969

  • If a manually configured rib-group or automatically generated rib-group (through family inet labeled-unicast resolve-vpn) is used to copy inet.0 (IP routing table) routes to inet.3 (MPLS routing table), the process rpd might continuously generate soft core files after protocols bgp path-selection always-compare-med is configured. PR1487893

Subscriber Access Management

  • Verifying deleted services through CoA when the specified family-type has been deactivated fails because of the incorrect numbers of the active service sessions. PR1479486

VPNs

  • Traffic loss is observed while verifying multicast route with VT for VPNA. PR1460480

  • In the MVPN environment with SPT-only option, if the source or receiver is connected directly to the c-rp PE device and the MVPN data packets arrive at the c-rpce PE device before its transition to SPT, the MVPN data packets might be dropped. PR1223434

Resolved Issues

This section lists the issues fixed in Junos OS Release 20.1R1 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Application Layer Gateways

  • SIP messages that needs to be fragmented might get dropped by the SIP ALG. PR1475031

Authentication and Access Control

  • The LLDP packets might get discarded on all Junos OS platforms. PR1464553

Class of Service (CoS)

  • The MX Series generated OAM/CFM LTR messages are sent with a different priority than the incoming OAM/CFM LTM messages. PR1466473

  • Unexpected traffic loss might be discovered in certain conditions under in a Junos fusion scenario. PR1472083

  • The MX10008 and MX100016 routers might generate cosd core files after executing the commit/commit check command if the policy-map configuration is set. PR1475508

EVPN

  • Traffic received from VTEP is dropped if the VNI value used for type-5 routes is greater than 65,535. PR1461860

  • Rpd might crash with the EVPN-related configuration changes in a static VXLAN to MPLS stitching scenario. PR1467309

Forwarding and Sampling

  • Traffic errors do not get policed as expected after being locally switched for VLAN 100 and 101, while verifying the selective local-switching functionality with 4000 VLANs. PR1436343

  • The pfed might crash and not be able to come up on the PTX Series or TVP based platforms. PR1452363

  • The following syslog error messages are seen: pfed: rtslib: ERROR received async message with no handler: 28. PR1458008

  • The following false warning message is seen on commit (commit check) after upgrading to Junos OS Release 19.2R2-S1.4: warning: vxlan-overlay-load-balance configuration for forwarding options has been changed. PR1459833

  • On an MX Series router, the following logs are seen: L2ALD_MAC_IP_LIMIT_REACHED_IF: Limit on learned MAC+IP bindings reached for .local.1048605; current count is 1024. PR1462642

  • Type 1 ESI/ or AD routes are not generated locally on EVPN PE devices in all-active mode. PR1464778

  • On the MX10008 and MX10016 routers, policer bandwidth-limit cannot be set higher than 100-Gigabit Ethernet. PR1465093

  • An output bandwidth-percent policer with logical-bandwidth-policer applied to an aggregated Ethernet bundle along with an output-traffic-control-profile has incorrect effective policing rate. PR1466698

  • Traffic might be forwarded into the default queue instead of the right queue when the VPLS traffic has three or more VLAN tags with VLAN priority 5. PR1473093

  • The filter might not be installed if the policy-map xx is present under the filter. PR1478964

General Routing

  • The severity of the following error is reduced from fatal to major: XR2CHIP_ASIC_JGCI_FATAL_CRC_ERROR. PR1390333

  • On the MX240, MX480, or MX960 router with SCB3E, swapping MPC10E line card with MPC7E line card in the same FPC slot results in fabric errors, which causes system-wide traffic impact. PR1491968

  • After restarting the routing or rpd process, sometimes the sensor statistics is not reset. After the rpd process restarts, the sensor do not reset and traffic statistics increases on the existing value. PR1458107

  • A newly added LAG member interface might forward traffic even though its micro BFD session is down. PR1474300

  • In a configuration mode, when you ask for command completion help for the co-ordinate configuration statement at the [edit protocols lldp-med interface location] hierarchy level, you see that the word value is misspelled in the help text. PR1486327

  • On the MX104 platform with any 2-port license installed on the 10-Gigabits Ethernet interfaces and phy-timestamping enabled in PTP, PTP might not work. PR1421811

  • Default configuration does not create any logical interfaces and LLDP cannot discover neighbor for those interfaces which logical interface is not configured explicitly in the Junos OS configuration. PR1436327

  • The failover time for the LACP link protection might be more than 2 seconds on the MPC11E line card. PR1464652

  • The following constant messages flooding in log is observed: summit_pic_port_profile_isvalid: VALID Port profile. PR1464879

  • The high-cos-queue-threshold range is changed to [uint 0 .. 90;]. PR1390424

  • NAPT66 pool split is not supported with AMS; thus commit must fail with IPv6 pool in AMS. PR1396634

  • The non existent subscribers might appear in the show system resource-monitor subscribers-limit chassis extensive output. PR1409767

  • Changing CAK and CKN multiple times within a short interval (around 5 minutes) sometimes show the security MACsec connection's inbound and outbound channel display with more than one active AN. But on the Packet Forwarding Engine hardware side, the correct AN and SAK is programmed and MKA protocol from both ends transmits the correct and latest AN on each hello packet. You should not see any traffic drop due to this display issue. PR1418448

  • Certain JNP10008-SF and JNP10016-SF Switch Interface Boards (SIBs) manufactured between July 2018 and March 2019 might have incorrect core voltage setting. PR1420864

  • The jnxFruState shows value as 10 for Routing Engine instead of 6 in response to .1.3.6.1.4.1.2636.3.1.15.1.8.9.1.0.0. PR1420906

  • Ports might get incorrectly channelized if they are already of 10-Gigabit Ethernet and they are channelized to 10-Gigabit Ethernet again. PR1423496

  • Observing NPC core files at trinity_rtt_hw_bulk_helper, trinity_rt_delete, rt_entry_delete_msg_proc (rt_params=0x48803bd8) at ../../../../../../../../src/pfe/common/applications/route/hal/rt_entry.c:5210. PR1427825

  • The following syslog error message is observed: Err] dfw_abstract_issu_stats_counters_restore:2222 Failed to find Index = 4613734? during ISSU with 19.3I-20190409_dev_common.0.2212. PR1429879

  • The routers that are configured with the protect core file might send IPfix sampling packets with the incorrect next-hop information. PR1430244

  • The l2cpd process might crash and generate a core file when the interfaces flap. PR1431355

  • MicroBFD 3x100ms flap is observed upon inserting a QSFP in another port. PR1435221

  • ZF interrupts for out-of-range destination Packet Forwarding Engine INTR for Gnt is observed when the MPC6 or MPC9 line card is brought up. PR1436148

  • ISSU fails from the legacy Junos OS Release 19.1R1 images. PR1438144

  • Incorrect values are observed in the JUNIPER-TIMING-NOTFNS-MIB table. PR1439025

  • The ports of the EX devices might stay in the Up state even if the EX4600 or QFX5100 lines of switches is rebooted. PR1441035

  • The interface might go into the Down state after the FPC restarts with the PTP configuration enabled. PR1442665

  • The BGP session fails to establish when you use the firewall filter to de-encapsulate BGP packets from the GRE tunnel. PR1443238

  • System reboot is required when GRES is enabled or disabled with the mobile-edge configuration. PR1444406

  • Irregular traffic drop might be seen when the traffic is ingress from MPC3E and egress to MPC10E. PR1445649

  • When you use a converged CPCD, an MX Series router rewrites the HTTPS request with the destination-port 80. PR1446085

  • When switchover happens with an MX Series router with service interface that has NAT and GR configuration, the static route for NAT never comes up. PR1446267

  • DT_BNG: bbe-smgd generates core file on the backup Routing Engine in bbe_ifd_add_vlan (ifd=0x8c3e835, ifl=0xcaf59f18) at ../../../../../../src/junos/usr.sbin/bbe-svcs/smd/infra/bbe_ifd.c:6374. PR1447493

  • IPv6 throughput numbers for NAT with HTTP traffic are not at par with IPv4. PR1449435

  • Changing the hostname triggers the LSP on-change notification and not the adjacency on-change notification. PR1449837

  • On the MPC10E line card, dcd is unable to clean stale the mt- logical interfaces while reloading rosen configuration on the DUT. PR1450953

  • When you use the Standard_D5_v2, which has 16 vCPUs and 56 GB of memory, the deployment fails. PR1450975

  • JNP10000-LC2101 FPC generates Voltage Tolerance Exceeded major alarm for each IP 2V5 sensor. PR1451011

  • Main chassisd thread at the JNS GNF might stall upon the GNF SNMP polling for hardware-related OIDs. PR1451215

  • Need to add support for drop flows when the packet drops. PR1451921

  • On the MX10000 and PTX10000 lines of routers with Routing Engine redundancy configuration enabled, the firmware upgrade for PSU (JNP10000-AC2) and JNP10000-DC2) might fail due to lcmd being disabled by the firmware upgrade command. PR1452324

  • Sensord core file might be seen when the script runs on MPC10E line card. PR1452976

  • On an MPC10E line card, inconsistency between AFT and non-AFT line cards occurs while displaying ldp p2mp traffic-statistics on the bud node. PR1453130

  • Add the syslog configuration command to the stateful firewall rule then condition. PR1453502

  • On an MX10003 device, alarms are not sent to syslog. PR1453533

  • The VMX might work abnormally in a large topology. PR1453967

  • The 100-Gigabit Ethernet interfaces might not come up again after going down on MPC3E-NG. PR1454595

  • When the scale configurations are applied, chassisd CLI command might delay response or might time out for 10 minutes. PR1454638

  • On the line card, interface damping is not supported. PR1455152

  • The smihelperd process is not initialized when Junos OS is upgraded on PPC-based platforms. PR1455667

  • Multiple daemons might crash on committing configuration changes related to groups. PR1455960

  • Along with the 4x1GE feature using the QSFP28 optics, continuous logging in the chassisd file is observed when speed 1-Gigabit Ethernet is configured with pic_get_nports_inst and ch_fru_db_key. PR1456253

  • On the line card, need to add the support of optics-options low light. PR1456894

  • The bbe-statsd process might continuously crash if any parameter is set to 0 in the mx_large.xml file. PR1457257

  • On the JSU package installed for lcmd, the daemon might not restart the daemon with the new daemon package. PR1457304

  • The chassisd process and all FPCs might restart after Routing Engine switchover. PR1457657

  • After more than 2 million multicast subscribers are activated without performing GRES or bbe-smgd restart, further multicast subscribers might be unable to log in. PR1458419

  • Traffic silently discards or MPC crashes on the MPC10E line card during the change of the firewall filter terms. PR1458499

  • If you use the dynamic VoIP VLAN assignment, the correct VoIP VLAN information in LLDP-MED packets might not be sent after you commit. PR1458559

  • The FPC X major errors alarm might be raised after committing the PTP configuration change. PR1458581

  • The rpd crash might be seen if the BGP route is resolved over the same prefix protocol next hop in the inet.3 table that has both the RSVP and LDP routes. PR1458595

  • The traffic might be stuck on MS-MPC or MS-MIC with sessions receiving a huge number of affinity packets. PR1459306

  • The following error message might be seen after the chassisd restarts: create_pseudos: unable to create interface device for pip0 (File exists). PR1459373

  • The show ancp subscriber access-aggregation-circuit-id < access aggregation circuit ID> command displays incomplete output. PR1459386

  • Telemetry streaming of mandatory TLV ttl learned from LLDP neighbor is missing. PR1459441

  • The traffic might be silently dropped or discarded during the link recovery in an open Ethernet access ring with ERPS configured. PR1459446

  • Inline S-BFD packets are dropped on MPC6E MIC1/PIC1 ports: 0-11. PR1459529

  • In an MC-LAG scenario, the traffic destined to VRRP-virtual MAC gets dropped. PR1459692

  • After the DRD auto-recovery, the traffic is silently dropped or discarded during interface flaps. PR1459698

  • Configuration change might not be applied if the Ephemeral database is used. PR1459839

  • Initial synchronization for the OpenConfig event sensors are streamed only from producers supporting event paths. PR1459927

  • On the line card, interface flaps multiple times after an administrator disables or enables at the side or when an optical module is plugged into. PR1459942

  • In a subscriber management environment, subscriber statistics reported by CLI commands and RADIUS can be broken if ISSU is performed from any Junos OS Release earlier than 18.4 to 18.4 or later. PR1459961

  • The PPTP does not work with destination NAT. PR1460027

  • If vlan-offload is configured on the VMX platform, input-vlan-map might not work. PR1460544

  • Support of del_path for the LLDP neighbor changes at various levels. PR1460621

  • When you receive IPv6 over IPv4 IBGP session, the IPv6 prefix is hidden. PR1460786

  • The PTP function might consume the kernel CPU for a long time. PR1461031

  • Explicit Deletion Notification (del_path) are not received when the LLDP neighbor is lost as result of disabling the local interface on the DuT through CLI (gNMI). PR1461236

  • The bbe-smgd generates a core file when all RADIUS servers are unreachable. PR1461340

  • Traffic might be impacted due to fabric hardening being stuck. PR1461356

  • The traffic might not be forwarded when it is received from the circuit cross-connect interface. PR1461532

  • On the MPC10E line card, more output packets are seen than expected when the ping function is performed. PR1461593

  • In an EVPN scenario, memory leak might be observed when proxy-macip-advertisement is configured. PR1461677

  • The repd generates a core file during system startup. PR1461796

  • During the BBE statistics collection and management process, issues with the bbe-statsd memory on the backup Routing Engine occur. PR1461821

  • JET RIB API RouteRemove and RouteRemoveMatching RPCs do not work as the first RIB API call. PR1461974

  • The rpd might crash after committing the dynamic-tunnel-anchor-pfe command. PR1461980

  • The rpd process might crash if the show v4ov6-tunnels information anti-spoof-ip command is executed. PR1462047

  • The following error message appears when both the DIP switches and power switch are turned off: CHASSISD_SNMP_TRAP6: SNMP trap generated: Power Supply failed. PR1462065

  • The flow stuck and flowd watchdog generate core files while trying to ping the DNS server 8.8.8.8 on the internet through DUT configured with NAPT44. PR1462277

  • Traffic drops over the aggregated Ethernet interfaces configured with Virtual Router Redundancy Protocol (VRRP). PR1462310

  • On an MX204 router, the RADIUS interim accounting statistics are not populated. PR1462325

  • The EA WAN SerDes gets into the Stuck state that leads to continuous DFE tuning timeout errors and causes the link to stay down. PR1463015

  • The vty remote MAC addresses are not learned with correct age if vty is from a line card without Juniper Penta silicon. PR1463040

  • MAC-learning is broken for vlan-id all scenario. PR1463078

  • The Routing Engine switchover might not be triggered when the master CB clock fails. PR1463169

  • MVPN traffic might be dropped after performing switchover. PR1463302

  • The subscribers might not pass traffic after making some changes to the dynamic-profiles filter. PR1463420

  • RPC ALG causes MSPMAND to generate core files when an MX Series router is used as a stateful firewall with the MS-MIC or MS-MPC service cards. PR1464020

  • The IPoE subscriber route installation might fail. PR1464344

  • Observing bbe-smgd-core (0x000000000088488c in bbe_autoconf_delete_vlan_session_only (session_id=918) at ../../../../../../src/junos/usr.sbin/bbe-svcs/smd/plugins/autoconf/bbe_autoconf_plugin.c:3115). PR1464371

  • The PPP IPv6CP might fail if the routing-services command is enabled. PR1464415

  • The CPU utilization on mgd daemon might get stuck at 100 percent after the netconf session is interrupted by flapping interface. PR1464439

  • The MS-MIC might not work when it is used on a specific MPC. PR1464477

  • The show task memory detail command shows incorrect cookie information. PR1464659

  • The PPPoE session goes in to the Terminated state and the accounting stops for the session that is delayed. PR1464804

  • MPC5E or MPC6E might crash due to internal thread hogging of the CPU. PR1464820

  • The end in front of NAT also sends NATT keep alive packets. PR1464864

  • Commit script does not apply changes in the private mode unless a commit full is performed. PR1465171

  • The jdhcpd might consume high CPU and no further subscribers can be brought up if more than 4000 dhcp-relay clients are present in the MAC-MOVE scenario. PR1465277

  • The physical interface of aggregated Ethernet might take time to come up after disabling or enabling the interface. PR1465302

  • Bandwidth percent with shaping rate does not work on an aggregated Ethernet interface after deactivating and activating the class of service. PR1465766

  • ICMP error messages does not appear even enabling the enable-asymmetric-traffic-processing statement. PR1466135

  • The PPPoE subscribers get stuck due to the PPPoE inline keepalives that do not work properly. PR1467125

  • Layer 2 wholesale does not forward all the client requests with stacked VLAN. PR1467468

  • Hot-swapping between MPC11E and legacy MPC9, MPC8, or MPC6 is not supported. PR1467725

  • The process rpd might crash after making several changes to the flow-spec routes. PR1467838

  • Crypto code might cause high CPU utilization. PR1467874

  • You might observe the following error message: the user-ad-authentication subsystem is not responding to management requests. PR1467991

  • The satellite-management commands are not available. PR1467997

  • Benign logs might show in Junos OS Release 19.3R2 when switching between configurations using load-override with GRES and commit-synchronize. PR1468234

  • Optics measurements might not be streamed for the interfaces of a PIC over JTI. PR1468435

  • The process rpd crash might be seen if the BGP sharing is enabled. PR1468676

  • The Inner-list functionality with dual tag does not work. Traffic gets dropped at the ingress port. PR1469396

  • The tcp-log connections fail to reconnect and get stuck in the Reconnect-In-Progress state. PR1469575

  • Memory leak on Layer 2 cpd process causes Layer 2 cpd to crash. PR1469635

  • A hierarchical-scheduler should not be configured on a ps- interface. PR1470049

  • On the MPC11E line card, some of the 10-Gigabit Ethernet interface states might not get cleaned up correctly when performing GRES with invalid profile configuration. PR1470153

  • On MPC-11E interfaces, certain configuration steps might cause traffic to not get policed properly. PR1470629

  • The SNMP interface-mib stops working for the PPPoE clients. PR1470664

  • On MPC11E, PIC online event does not generate SNMP trap when PIC goes through offline to online transition. PR1470796

  • Unable to setup 26M sessions (NAPT44) at 900,000pps per second. PR1470833

  • On rare occasions, the router might send out one extra URR quota value for a bearer. PR1470890

  • Sudden FPC shutdown due to hardware failure or ungraceful removal of line card might cause major alarms on other FPCs in the system. PR1471372

  • In the cRPD platform, license violations are captured as nagging log messages and no alarm is raised. PR1471455

  • The clksyncd crash might be seen when PTP over an aggregated Ethernet interface is configured on the MX104 platform. PR1471466

  • Phase or frequency synchronization might not work correctly when PTP is configured in the hybrid mode. PR1471502

  • MTU errors count captured in the show pfe statistics traffic does not match exactly to the actual count of the frames dropped. PR1471554

  • On the MX10008 and MX10016 line cards, the ARP suppression (default enabled) in EVPN does not work. PR1471679

  • PCC tries to send a report to PCE but the connection between PCC and PCE is not in the Up state especially in the case of MBB in PCE provisioned or controlled LSP. PR1472051

  • On multicore next-generation Routing Engines on the MX960, MX240, and MX480 routers with USF mode enabled and USF-based services configuration, the subsequent Junos vmhost upgrade fails with an error message. PR1472287

  • Chassis alarm on BSYS might be observed : RE0 to one or many FPCs is via em1: Backup RE. PR1472313

  • Service accounting statistics do not get updated after changes are made to the firewall filters. PR1472334

  • The kernel might crash and vmcore might be observed after the configuration change is committed. PR1472519

  • Performing back-to-back rpd restarts might cause rpd to crash. PR1472643

  • Active error counts do not increase for I2C in the synchronization cards. PR1472660

  • On the MX Series devices, if the reauthenticate lease-renewal statement is enabled for DHCP, when the DHCP authentication and re-authenticate lease-renewal occurs, the SDB might go down very frequently. PR1473063

  • Drops counter does not increment for the aggregated Ethernet even after the member link shows the drops. PR1473665

  • Ingress multicast replication does not work with the GRES configuration. PR1474094

  • An MPC11 crash might occur on the MX2000 platform using multi dimensional advanced scale configuration that has inline keep alive sessions. PR1474160

  • MX10000 QSA adapter lane 0 port goes in the Down state when you disable one of the other lanes. PR1474231

  • With URR enabled, the URR reports cause memory leak. Eventually, the heap memory gets exhausted. PR1474306

  • The show services sessions and show services sessions extensive output commands do not display the member interface of the AMS where the session got landed. They display only the AMS interface name. PR1474313

  • When traffic loss is observed on a 100-Gigabit Ethernet logical interface, the MACsec sessions are up and live. PR1474714

  • The request system power-off and request system halt commands might not work correctly. PR1474985

  • The clksyncd generates core files after GRES. PR1474987

  • SFW rule configuration deletion might lead to memory leakage. PR1475220

  • The Radius accounting updates of the service session have incorrect statistic data . PR1475729

  • Dark window size is more than expected and 31.0872721524375 seconds of traffic loss is observed. PR1476505

  • The bbe-mibd might crash on the MX Series platform in a subscriber environment. PR1476596

  • The MX Series router acting as LNS does not get to program the Packet Forwarding Engine with l2tp services, which causes forwarding issues for the l2tp subscribers. PR1476786

  • Traffic loss might be seen in the SAEGW scenario after the daemon restarts or after the GRES operation. PR1477461

  • IKE version 2 tunnel flaps with DPD occur if initiator is not behind NAT. PR1477483

  • The Packet Forwarding Engine might be disabled due to major errors on MPC2E-NG, MPC3E-NG, MPC5, MPC6, MPC7, MPC8, and MPC9 line cards. PR1478028

  • The show evpn statistics instance command gets stuck on the multihomed scenario. PR1478157

  • At scale log ins of both the default and dedicated bearers might require retries from the control plane. PR1478191

  • FPC memory leak might happen after executing the show pfe route command. PR1478279

  • [firewall] [filter_installation] Output chain filter counters are not correct. PR1478358

  • The core files are generated at cassis_alloc_list_timed_free in cassis_free_thread_entry. PR1478392

  • The protocol MTU might not be changed on the lt- interface from the default value. PR1478822

  • The TCP-log sessions might be in the Established state but no logs get sent out to the syslog server. PR1478972

  • The rpd process might crash when executing the show route protocol l2-learned-host-routing or show route protocol rift command on a router. PR1481953

  • The MX204 router reboots when the PPPoE client starts to log in and no core files are generated. PR1482431

  • Packet loss might be observed after the device reboots or l2ald restarts in an EVPN-MPLS scenario. PR1484468

  • UID might not be released properly in some scenarios after the service session deactivation. PR1188434

  • The show subscriber extensive command incorrectly displays DNS address provided to the DHCP clients. PR1457949

  • PPP IPv6 NCP fails to negotiate during the PPP login. PR1468414

  • DHCP relay with forward-only fails to send OFFER when the client is terminated on the lt-0/0/0.2 logical tunnel interface. PR1471161

  • Dynamic-profile for VPLS-PW pseudowire incorrectly reports the Dynamic Static Subscriber Base Feature license alarm. PR1473412

  • DHCP-server RADIUS given mask is being reversed. PR1474097

Infrastructure

  • The kernel crashes during the removal of the mounted USB when a file is being copied to it. PR1425608

  • Slow response from SNMP might be observed after an upgrade to Junos OS Release 19.2R1. PR1462986

  • The scheduled tasks might not be executed if the cron daemon goes down without restarting automatically. PR1463802

Interfaces and Chassis

  • Restarting chassisd with GRES disabled might cause FPC to restart and some demux interfaces to be deleted. PR1337069

  • When the logical interface is associated to a routing-instance inside a LR, the logical interface is removed from the routing-instance and the logical interface is not added to the default routing instance. PR1444131

  • Continuous VRRP state transition (VRRP master or backup flaps) is observed when one device drops the VRRP packets. PR1446390

  • Interface descriptions might be missing under the logical systems CLI. PR1449673

  • Mismatched MTU value causes the RLT interface to flap. PR1457460

  • The EOAM CFM primary-vid functionality does not work if the enhanced-cfm-mode is enabled. PR1465608

  • vrrpv3mibs does not work on the QFX platform to poll the VRRPv6 related objects. PR1467649

  • The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC5. PR1467712

  • When you configure ESI on a physical interface, the traffic drops when you disable the logical interface under the physical interface. PR1467855

  • When dynamic DHCP sessions exist in the device and if multiple commits in parallel are performed, the commit might become nonresponsive. PR1470622

  • Commit error was not thrown when the member link was added to multiple aggregation groups with different interface specific options. PR1475634

  • When the addition and the deletion of an logical interface (both logical interfaces with the same VLAN ID) is performed in a single commit configuration, the check fails with the following error message: duplicate VLAN-ID. PR1477060

  • MC-AE interface might be shown as an unknown status when you add the sub interface as part of the VLAN on the peer MC-AE node. PR1479012

  • For ATM interfaces configuration, if any logical interface has the allow-any-vci configuration, then the commit operation might fail. PR1479153

Junos Fusion Enterprise

  • Loop detection might not work on the extended ports in the Junos fusion scenarios. PR1460209

Layer 2 Ethernet Services

  • The jdhcpd process might go into infinite loop and cause CPU full utilization. PR1442222

  • DHCP subscriber might not come online after the router reboots. PR1458150

  • On the MX2010 and MX2020 lines of routers, no alarm is generated when FPC is connected to the master Routing Engine through the backup Routing Engine. PR1461387

  • The metric does not change when configured under DHCP. PR1461571

  • Member links state might be asynchronized on a connection between PE and CE devices in the EVPN A/A scenario. PR1463791

  • The ISSU might fail during the subscriber in-flight login. PR1465964

  • Telemetry data for relay/bindings/binding-state-v4relay-binding and relay/bindings/binding-state-v4relay-bound are not correct. PR1475248

MPLS

  • The FPC might be stuck in the Ready state after making a change in the configuration that removes RSVP and triggers FPC restart. PR1359087

  • On the MPC10E or MPC11E line card, the LDP and BFD sessions are dropped when the fast-lookup-filter has a default term with only accept as action and it is attached to the lo0 interface. PR1474204

  • The root XML tag in the output is changed from rsvp-pop-and-fwd-info to rsvp-pop-and-fwd-information to be consistent with the XML tag convention. PR1365940

  • Traffic is silently discarded after the LSP protection link on the third-party transit router goes down. PR1439251

  • On the MPC10E line card, the P2MP LSP traceroute is not working. PR1440636

  • The traffic might be silently discarded after the LACP times out. PR1452866

  • P2MP LSP might flap after the VT interface in the MVPN routing instance is reconfigured. PR1454987

  • The rpd core files are generated with SNMP polling. PR1457681

  • All LDP adjacencies flap after changing LDP preference. PR1459301

  • The previously configured credibility preference is not considered by CSPF even though the configuration has been deleted or changed to prefer another protocol in the traffic engineering database. PR1460283

  • MPLS trace route does not trace the SRUDP tunnel ingress router. PR1460516

  • The process rpdtmd might crash while SNMP polls the statistics of the lpd interface. PR1465729

  • The device might use the locally computed path for the PCE-controlled LSPs after the link or node fails. PR1465902

  • The fast reroute detour next-hop down event might cause the primary LSP to go in the Down state in a particular scenario. PR1469567

  • The p2mp traceroute fails with an aggregated Ethernet bundle over AFT. PR1470815

  • The rpd process might crash during shutdown. PR1471191

  • The rpd crash might be seen after some commit operations, which might affect the RSVP ingress routes. PR1471281

  • The following error messages continuously floods the backup Routing Engine: (JTASK_IO_CONNECT_FAILED: RPDTM./var/run/rpdtmd_control: Connecting to 128.0,255.255,255.255,0.0.0.0,0.0.0.0, failed: No such file or directory). PR1473846

  • RSVP LSPs might not come up in the scaled network with a very high number of LSPs if NSR is used on the transit router. PR1476773

  • Kernel crashes and device might restart. PR1478806

  • The rpd process crashes on the backup Routing Engine when LDP tries to create LDP p2mp tunnel upon receiving corrupted data from the master Routing Engine. PR1479249

Network Management and Monitoring

  • The SNMP cold start trap might be seen after the Routing Engine switchover. PR1461839

Platform and Infrastructure

  • The jcrypto syslog help package and events are not packaged even when the error message is compiled. PR1290089

  • The time convergence for the MVPN fast upstream failover might be more than 50 minutes. PR1478981

  • With chained composite next-hop enabled, the MPLS CoS rewrite does not work for IPv6 PE device traffic. PR1436872

  • In an EVPN-VXLAN scenario, sometimes the host-generated packets get dropped when hitting the reject route in the Packet Forwarding Engine. PR1451559

  • The MPC might drop packets after enabling the firewall fast lookup filter. PR1454257

  • Multicast traffic loss occurs in a rare case in a seamless MPLS with MVPN configuration. PR1456905

  • Port mirroring does not occur with VPLS. PR1458856

  • DDoS-protection does not stop logging when the remote tracing is enabled. PR1459605

  • Traceroute initiated from the PE device does not show the tunnel endpoint hop in the output. PR1461441

  • CLI configuration flag version-03 must be optional. PR1462186

  • On the MX204 platform, Packet Forwarding Engine errors might occur when the incoming GRE tunnel fragments get sampled and undergo inline reassembly. PR1463718

  • Not able to view the snapshots of the backup Routing Engine. PR1464394

  • MX80 EVPN-VXLAN RT5 does not work properly, and ip-prefix-routes are not reachable. PR1466602

  • On the MX150 devices, the default subscriber management license does not include the Layer 2 TP. PR1467368

  • On the MX Series Virtual Chassis, the Layer 2 traffic sent from one member to another member is corrupted. PR1467764

  • The JNH memory leaks after the CFM session flap for the LSI and VT interfaces. PR1468663

Routing Policy and Firewall Filters

  • Routes resolution might be inconsistent if any route resolves over the multipath route. PR1453439

Routing Protocols

  • The CPU utilization on rpd spins at 100 percent once the same external BGP route is learned on different VRF tables. PR1442902

  • If the same neighbor is configured under different RIP groups, the commit check fails to capture this invalid configuration and commit is done successfully. However, the rpd process crashes. PR1485009

  • The rpd crash might be seen after configuring OSPF nssa area-range and summaries. PR1444728

  • The BGP routes might fail to be installed in a routing instance if the from next-hop policy match condition is used in the VRF import policy. PR1449458

  • TI-LFA backup path for the adj-sids is broken in OSPF, where the shortest path to the node opposite the adj-sid is not the one-hop path over the interface indicated by the adj-sid. PR1452118

  • The SSH login might fail if a user account exists in both the local database and RADIUS/TACACS+. PR1454177

  • The rpd scheduler slip for BGP GR might be up to 120 seconds after the peer goes down. PR1454198

  • MoFRR with MLDP inband signaling is not working. PR1454199

  • The rpd memory might leak in certain MSDP scenario. PR1454244

  • The rpd might crash continuously due to memory corruption in the IS-IS setup. PR1455432

  • Packet drop and CPU spike on the Routing Engine might be seen in certain conditions if labeled-unicast protection is enabled for a CsC-VRF peer. PR1456260

  • The topology-independent loop-free alternate might be unable to install backup path in the routing table in a specific case. PR1458791

  • The rpd memory leak might be observed on the backup Routing Engine due to BGP flap. PR1459384

  • The other querier present interval timer cannot be changed in a IGMP or MLD snooping scenario. PR1461590

  • The rpd scheduler slips might be seen on the RPKI route validation enabled BGP peering router in a scaled setup. PR1461602

  • Need to install all possible next hops for the OSPF network LSAs. PR1463535

  • The IS-IS IPv6 multitopology routes might flap every time when there is an unrelated commit under the protocol statement. PR1463650

  • The rpd might crash if both the BGP add-path and BGP multipath are enabled. PR1463673

  • The rpd might crash if the IPv4 routes are programmed with the IPv6 next hop via JET APIs. PR1465190

  • The BGP peers might flap if the hold-time parameter is set as small. PR1466709

  • The configured BGP damping policy might not take effect after BGP is disabled and then enabled followed by commit. PR1466734

  • BGP multipath does not work for MT on cRPD. PR1467091

  • The rpd might crash after configuring independent-domain under the master routing instance. PR1469317

  • The mcsnoopd might crash when the STP moves the mrouter port to the Blocked state. PR1470183

  • The BFD client session might flap when removing the BFD configuration from the peer end (from other vendor) of the BFD session. PR1470603

  • The rpd might crash when both the instance-import and instance-export policies contain the as-path-prepend action. PR1471968

  • The rpd process might crash with the BGP multipath and damping configured. PR1472671

  • Removal of the cluster from the BGP group might cause prolonged convergence times. PR1473351

  • SFTP does not connect properly and the following error message is seen: Received message too long. PR1475255

  • The rpd process might crash with BGP multipath and route withdrawal occasionally. PR1481589

  • Removal of the BGP and rib-sharding configuration might cause the routing protocols to become unresponsive. PR1485720

  • High CPU utilization might be observed when the outgoing BGP updates are sent slowly. PR1487691

Services Applications

  • The jl2tpd process might crash during the restart procedure. PR1461335

  • The calling station gets truncated after 64 bytes. PR1462689

  • On an MX Series router, L2tp LTS fails to forward the agentCircuitId and agentRemoteId AVP toward the LNS. PR1472775

  • Phase 1 SA migrates to a new remote IP because of the source-address translation for the static NAT tunnel. PR1477181

Subscriber Access Management

  • The authd crashes on the backup Routing Engine during execution of the slax script that runs the < get-jsrc-counters> RPC call. PR1458185

  • DHCPv6 subscribers might be stuck in a state after the authd process crashes. PR1460578

  • A problem arises with linked-pool-aggregation after attempting to delete a pool in the middle of the chain. PR1465253

  • The volume statistics attributes are missing in the accounting-stop for the Configuration Activated Services and CLI Activated Services. PR1470434

  • The sub interfaces might be missing in the NAS port ID. PR1472045

  • The authd process might crash after the ISSU setup from Junos OS Release 18.3 and earlier to Junos OS Release 18.4 and later. PR1473159

  • Some address-relevant fields are missing when executing the test aaa ppp command. PR1474180

  • The CoA request might not be processed if it includes the proxy-state attribute. PR1479697

  • The mac-address CLI option is hidden under the access profile radius options calling-station-id-format statement. PR1480119

User Interface and Configuration

  • On an MX Series device, a J-Web page might not get redirected to login once the session expires with an idle timeout. PR1459888

VPNs

  • The P1 configuration delete message is not sent on loading baseline configuration if there has been a prior change in VPN configuration. PR1432434

  • The rpd process might crash due to memory leak in MVPN RPF Src PE block. PR1460625

  • The Layer 2 circuit displays MM status, which might cause traffic loss. PR1462583

  • The Layer 2 circuit connections might become stuck in the OL state after changing the Layer 2 circuit community and flapping the primary LSP path. PR1464194

  • The rpd might crash when link-protection is added or deleted from LSP for the MVPN ingress replication selective provider tunnel. PR1469028

Documentation Updates

This section lists the errata and changes in Junos OS Release 20.1R1 documentation for the MX Series.

Dynamic Host Configuration Protocol (DHCP)

  • Introducing DHCP User Guide—Starting in Junos OS Release 20.1R1, we are introducing the DHCP User Guide for Junos OS routing, switching, and security platforms. This guide provides basic configuration details for your Junos OS device as DHCP Server, DHCP client, and DHCP relay agent.

    [See DHCP User Guide.]

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

Starting in Junos OS 17.4R1 release, FreeBSD 11.x is the underlying OS for all Junos OS platforms which were previously running on FreeBSD 10.x based Junos OS. FreeBSD 11.x does not introduce any new Junos OS related modifications or features but is the latest version of FreeBSD.

The following table shows detailed information about which Junos OS can be used on which products:

Platform

FreeBSD 6.x-based Junos OS

FreeBSD 11.x-based Junos OS

MX5,MX10, MX40,MX80, MX104

YES

NO

MX240, MX480, MX960,

MX2010, MX2020

NO

YES

Basic Procedure for Upgrading to Release 20.1R1

Note

Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files) might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Installation and Upgrade Guide.

For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.

Procedure to Upgrade to FreeBSD 11.x based Junos OS

Products impacted: MX240, MX480, MX960, MX2010, and MX2020.

To download and install FreeBSD 11.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-20.1R1.9-signed.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-20.1R1.9-signed.tgz

    Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos package):

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-20.1R1.x-limited.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-20.1R1.9-limited.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 11.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 11.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note
  • You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.

  • Starting in Junos OS Release 20.1R1, in order to install a VM host image based on Wind River Linux 9, you must upgrade the i40e NVM firmware on the following MX Series routers:

    • MX240, MX480, MX960, MX2010, MX2020, MX2008, MX10016, and MX10008

    [See https://kb.juniper.net/TSB17603.]

Note

After you install a Junos OS Release 20.1R1 jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.x) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.

Note

Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.

Procedure to Upgrade to FreeBSD 6.x based Junos OS

Products impacted: MX5, MX10, MX40, MX80, MX104.

To download and install FreeBSD 6.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    • All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

      user@host> request system software add validate reboot source/jinstall-ppc-20.1R1.9-signed.tgz
    • Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos OS package):

      user@host> request system software add validate reboot source/jinstall-ppc-20.1R1.9-limited-signed.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 20.1R1 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:

  1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.

  2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

  3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

  4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Downgrading from Release 20.1R1

To downgrade from Release 20.1R1 to another supported release, follow the procedure for upgrading, but replace the 20.1R1 jinstall package with one that corresponds to the appropriate release.

Note

You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.

Release History Table
Release
Description
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.