Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for MX Series 5G Universal Routing Platform

 

These release notes accompany Junos OS Release 20.1R2 for the MX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

Learn about new features introduced in Junos OS Release 20.1R2 for MX Series routers.

What’s New in 20.1R2 Release

There are no new features or enhancements to existing features for MX Series routers in Junos OS Release 20.1R2.

What’s New in 20.1R1 Release

Hardware

Note

The MX2K-MPC11E line card is supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases and in Junos OS Release 20.1R1 and later Junos OS releases. It is not supported in any Junos OS 19.4 releases.

Class Of Service

  • Hierarchical CoS support on MX2K-MPC11E line cards (MX2008, MX2010, and MX2020)—Starting in Junos OS Release 20.1R1, hierarchical CoS is supported on MX2K-MPC11E line cards.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Forwarding CoS (L2 classifiers, rewrite) support on MX2K-MPC11E line cards (MX2008, MX2010, and MX2020)—Starting in Release 20.1R1, Junos OS supports forwarding CoS (L2 classifiers, rewrite) for MX Series routers with MX2K-MPC11E line cards.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Seamless MPLS CoS support for pseudowires from access node and multiservices edge (MSE) node on MX2K-MPC11E line cards (MX2008, MX2010, and MX2020)—Starting with Junos OS Release 20.1R1, we support on the MX2K-MPC11E line card pseudowires from access node and multiservices edge (MSE) node for MX2008, MX2010, and MX2020 routers to include seamless MPLS CoS (BA and MF classifiers, rewrite rules, schedulers, drop profiles, policers, HQoS support — interface-set, physical interface level, S-VLAN level, logical unit/C-VLAN level, and traffic-control profile).

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • CoS support for forwarding class counters on MX2K-MPC11E line cards (MX2008, MX2010, and MX2020)—Starting in Junos OS Release 20.1R1, we support forwarding class counters on MX2K-MPC11E line cards. This feature was originally introduced in Junos OS Release 14.1.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Layer 2.5 injection of control traffic to ensure queuing on GRE tunnel with CoS settings intact (MX204 and devices installed with next-generation MPCs (MPC2E-NG and MPC3E-NG))—Starting with Junos OS Release 20.1R1, you can configure host-injected control traffic to reache the GRE tunnel interface queues at the packet forwarding engine when the control session is over the GRE tunnel interface. This includes control protocols OSPF, BGP, PIM, RSVP, LDP, OAM, BFD, and MSDP. Injection of control traffic ensures that the kernel includes the interface ID of the GRE logical interface and the unicast next-hop ID of the corresponding GRE physical interface along with the packet that is injected into the packet forwarding engine.

    With this feature enabled, all transit packets on the GRE tunnel logical interface have the ToS copied to the outer header. To enable this feature, configure the force-control-packets-on-transit-path statement on the GRE tunnel logical interface.

    [See force-control-packets-on-transit-path.]

EVPN

  • Support for EVPN functionality on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS 20.1R1, you can configure MX2K-MPC11E line cards on MX2010 and MX2020 routers to support single-homed devices on an EVPN-MPLS network.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See EVPN Multihoming Overview.]

Forwarding and Sampling

  • Support for load balancing on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the following advanced Layer 2 features are supported on MX2010 and MX2020 routers with MX2K-MPC11E line cards and Enhanced Switch Fabric Boards (SFB3s): enhanced hash-key options, consistent flow hashing, symmetrical load balancing over 802.3ad LAGs, source IP only hashing, and destination IP only hashing.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Configuring Per-Flow Load Balancing Based on Hash Values.]

General Routing

  • Support for GRE key (MX Series)—Starting with Junos OS 20.1R1, Junos OS supports configuring a key to identify traffic flows in a GRE tunnel as defined in RFC2890. You must configure the key on the routers on both endpoints of a tunnel and create an export policy to populate the key in the forwarding table. You can configure dynamic-tunnel-gre-key at the [edit routing-options dynamic-tunnels tunnel-attributes name] hierarchy level.

    [See dynamic-tunnel-gre-key.]

High Availability and Resiliency

  • Unified ISSU with enhanced mode (MX240, MX480, MX960, MX2008, MX2010, MX2020)—Starting in Junos OS Release 20.1R1, MX Series routers with MPC8E, or MPC9E line cards installed can use a new ISSU option called enhanced mode. Enhanced mode eliminates packet loss during the unified ISSU process by running a copy of the Junos OS software in standby mode ready to take over when software moves from an old image to a new one.

    Use the request system software in-service-upgrade package-name.tgz enhanced-mode command to use unified ISSU with enhanced mode, or the request system software validate in-service-upgrade package-name.tgz enhanced-mode command to verify that your device and target release are compatible with enhanced mode.

    [See How to Use Unified ISSU with Enhanced Mode.]

  • Sequential upgrade for Virtual Chassis (MX240, MX480, MX960, and MX10003)—Starting in Junos OS Release 20.1R1, MX Series Virtual Chassis configurations can use sequential upgrade to install new software releases with minimal network downtime. Sequential upgrade is an alternative to unified ISSU that installs a new release and reboots each Virtual Chassis member router one at a time. While the upgrade happens on one member router, the other member router continues to operate and handle network operations.

    To perform a sequential upgrade in an MX Series Virtual Chassis, you first issue the request virtual-chassis upgrade protocol-backup package-name command from the CLI for the Virtual Chassis master router. This initiates the upgrade process on the Virtual Chassis backup router. After the upgrade finishes on the backup router, issue the request virtual-chassis upgrade protocol-master package-name command from the backup router CLI to begin the same upgrade process for the Virtual Chassis master router.

    [See How to Use Sequential Upgrade in an MX Series Virtual Chassis.]

  • Support for BFD on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, MX2010 and MX2020 routers with the MX2K-MPC11E line card support the following BFD features:

    • Centralized BFD

    • Distributed BFD

    • Inline BFD (single-hop only)

    • Single-hop BFD

    • Multihop BFD

    • Micro BFD

    • BFD over IRB interfaces

    • BFD over pseudowire over logical tunnel and redundant logical tunnel interfaces

    • Virtual circuit connectivity verification (VCCV) BFD for Layer 2 VPNs, Layer 2 circuits, and virtual private LAN service (VPLS)

    Micro BFD at the Packet Forwarding Engine level behaves slightly differently on MX2K-MPC11E line cards. If micro BFD is enabled on an aggregated Ethernet (ae) interface, the micro BFD packets are not subjected to firewall filters for both tagged and untagged ae interfaces.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Understanding BFD for Static Routes for Faster Network Failure Detection and Understanding Distributed BFD.]

Interfaces and Chassis

  • Support for flexible tunnel interfaces (MX240, MX480, and MX960 with MPC10E; MX2010 and MX2020 with MPC11E)—Starting in Junos OS Release 20.1R1, MX Series routers with MPC10E or MPC11E line cards support flexible tunnel interfaces (FTIs). FTIs support Layer 3 point-to-point tunnels, which use Virtual Extensible LAN (VXLAN) encapsulation with a Layer 2 pseudo header.

    To configure FTIs on your device and to enable multiple encapsulations on the FTIs, use the vxlan-gpe statement at the [edit interfaces interface-name unit logical-unit-number tunnel encapsulation] hierarchy level.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Flexible Tunnel Interfaces Overview and vxlan-gpe (FTI).]

  • Support for ALB on multiple Packet Forwarding Engines for aggregated Ethernet bundles (MX Series MPCs)—Starting in Junos OS Release 20.1R1, on MX Series MPCs, adaptive load balancing (ALB) for aggregated Ethernet bundles evenly redistributes the traffic load across multiple ingress Packet Forwarding Engines on the same line card, thus providing flexibility and redundancy. In earlier releases, ALB evenly redistributes traffic across all ingress traffic on a single Packet Forwarding Engine only. ALB is disabled by default.

    Note

    MPC3E does not support adaptive load balancing.

    To configure ALB, include the adaptive statement at the [edit interfaces ae-interface aggregated-ether-options load-balance] hierarchy level.

    Note

    When you configure locality bias and adaptive load balancing for aggregated Ethernet interfaces, ALB is supported per Packet Forwarding Engine and not across all Packet Forwarding Engines on the same line card. Also, you cannot revert to ALB support per Packet Forwarding Engine after you enable ALB support on multiple Packet Forwarding Engines.

    [See Configuring Adaptive Load Balancing.]

  • Adaptive load balancing on MPC10E-15C-MRATE, MPC10E-10C-MRATE, and MX2K-MPC11E line cards (MX240, MX480, MX960, and MX2020)—Starting in Junos OS Release 20.1R1, adaptive load balancing (ALB) is supported on aggregated Ethernet bundles and ECMP links to correct traffic imbalance among member links. ALB resolves traffic load imbalance caused by the hashing algorithm. With ALB configured on the system, traffic is balanced across member links when an imbalance is detected.

    • To configure ALB on aggregated Ethernet bundles, run the set interfaces name aggregated-ether-options load-balance adaptive tolerance command. [See adaptive.]

    • To configure ALB on ECMP links, run the set chassis ecmp-alb tolerance command. [See ecmp-alb.]

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Example: Configuring Aggregated Ethernet Load Balancing.]

  • VLAN TCC encapsulation on aggregated Ethernet interfaces (MX Series)—Starting in Junos OS Release 20.1R1, aggregated Ethernet interfaces support VLAN translational cross-connect (TCC) encapsulation. For configuring VLAN TCC encapsulation, you must have the member links of aggregated Ethernet with VLAN TCC encapsulation supported hardware.

    Note

    MX Series routers do not perform any external commit check for member links of aggregated interfaces for the VLAN TCC encapsulation supported hardware.

    • Enable the extended-vlan-tcc option for aggregated Ethernet interfaces at the [edit interfaces interface-name encapsulation] hierarchy level to configure extended 802.1q tagging for TCC.

    • Enable the vlan-tcc option for aggregated Ethernet interfaces at the [edit interfaces interface-name unit logical-unit-number encapsulation] hierarchy level to configure 802.1q tagging for TCC.

    • Enable the inet-address option for aggregated Ethernet interfaces at the [edit interfaces interface-name unit logical-unit-number family tcc proxy] hierarchy level to configure proxy host address on the non-Ethernet side of Ethernet TCC circuits.

    • Enable the inet-address option for aggregated Ethernet interfaces at the [edit interfaces interface-name unit logical-unit-number family tcc remote] hierarchy level to configure remote host address on the non-Ethernet side of Ethernet TCC circuits.

    • Enable the mac-address option for aggregated Ethernet interfaces at the [edit interfaces interface-name unit logical-unit-number family tcc remote] hierarchy level to configure remote MAC address on the non-Ethernet side of Ethernet TCC circuits.

    • Enable the tcc option for aggregated Ethernet interfaces at the [edit interfaces interface-name unit logical-unit-number family] hierarchy level to configure the TCC protocol suite.

    [See Configuring VLAN TCC Encapsulation.]

  • MX2K-MPC11E supports Junos node slicing (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the MX2K-MPC11E supports Junos node slicing and abstracted fabric (af) interfaces. Using Junos node slicing, you can create multiple partitions in a single physical MX Series router. Each partition, referred to as a guest network function (GNF), behaves as an independent router. An af interface is a pseudointerface that exhibits a first-class Ethernet interface behavior. The af interface facilitates routing control and management traffic between GNFs through the switch fabric. In a Junos node slicing deployment, the MX2K-MPC11E interoperates with all MPCs that support the af interfaces.

    Note
    • The MX2K-MPC11E interoperates only with the Switch Fabric Board SFB3.

    • The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Understanding Junos Node Slicing.]

  • Support for rate selectability on MX2K-MPC11E line cards (MX2010 and MX2020)—In Junos OS Releases 19.3R2 and 20.1R1, we introduce a new fixed-configuration, rate-selectable line card, MX2K-MPC11E. The line-card has 40 built-in ports that can operate at 100-Gbps speed. You can configure all ports in a PIC to operate at the same speed or configure all the ports at different supported speeds. With QSFP28 optics installed, all ports operate at a default speed of 100-Gbps. In addition, you can use QSFP+ optics on Port 0 of every PIC and configure it as:

    • A 40-Gbps interface

    • Four 10-Gbps interfaces (channels), using breakout cables

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Introduction to Rate Selectability.]

  • Distributed LACP support in PPM AFT on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the MX2K-MPC11E line card supports distributed LACP. Distributed LACP support is managed by the advanced forwarding toolkit (AFT)-based periodic packet manager (PPMAN). In earlier releases, and for other line cards except MPC10E, distributed LACP support is managed by the Junos OS-based PPMAN.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Periodic Packet Management.]

  • Optimize fabric path to prevent traffic hop with MX2K-MPC11E line cards (MX2008, MX2010, and MX2020)—Starting in Junos OS Release 20.1R1, on MX2008, MX2010, and MX2020 routers with MX2K-MPC11E, you can optimize the fabric path of the traffic flowing over abstracted fabric (af) interfaces between two guest network functions (GNFs) by configuring fabric optimization mode. This feature reduces fabric bandwidth consumption by preventing any additional fabric hop (switching of traffic flows from one Packet Forwarding Engine to another because of load balancing on the af interface) before the packets eventually reach the destination Packet Forwarding Engine.

    To configure fabric optimization mode, use the following CLI command at the base system (BSYS): set chassis network-slices guest-network-functions gnf id collapsed-forward (monitor | optimize).

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Optimizing Fabric Path for Abstracted Fabric Interface.]

  • Chassis and power management for MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the MX2010 and MX2020 routers with the MX2K-MPC11E line card support chassis management features, including field- replaceable unit (FRU) management, power budgeting and management, and environmental monitoring.

    The MX2K-MPC11E line card supports the following configuration:

    • The ambient temperature is less than 46°C.

    • The ports on the MX2K-MPC11E line cards operate at various modes or speeds (10-Gbps, 40-Gbps, or 100 Gbps). The pic-mode specifies the speed of the active ports. If pic-mode is not specified, then the default mode is 100 Gbps.

    • Supports dynamic power management.

    • Supports both hyper mode (the default mode) and normal mode.

    • Supports both normal mode (the deafult mode) and enhanced priority mode for interface schedulers.

    • Supports interface queueing modes, namely WAN port queueing mode (the default mode), limited queueing mode, and enhanced queueing mode.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Understanding How Configuring Ambient Temperature Helps Optimize Power Utilization and Understanding How Dynamic Power Management Enables Better Utilization of Power.]

  • MPC Protocol and Application Support for MX2K-MPC11E line cards—Starting in 20.1R1, MX2020 and MX2010 routers with MX2K-MPC11E line cards support many MPC protocols and applications. For a complete list, see Protocols and Applications Supported by the MX2K-MPC11E.

    • Standard Generic Routing Encapsulation (GRE)

    • Bidirectional Forwarding Detection protocol (BFD)

    • Internet Control Message Protocol (ICMP) and ICMPv6

    • Border Gateway Protocol (BGP)

    • BGP/MPLS virtual private networks (VPNs)

    • Logical system and Virtual routing and forwarding (VRF) routing instances

    • Load Balancing

    • Class of Service (CoS)—per port, virtual LAN (VLAN), Point-to-Point Protocol over Ethernet (PPPoE) or Dynamic Host Configuration Protocol (DHCP), Egress hierarchical class-of-service (CoS) shaping

    • Layer 2 Features

    • Firewall filters and policers

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See MX Series 5G Universal Routing Platform Interface Module Reference.]

  • Support for new show | display set CLI commands (ACX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, the following new show commands have been introduced:

    • show | display set explicit—Display explicitly, as a series of commands, all the configurations that the system internally creates when you configure certain statements from the top level of the hierarchy.

    • show | display set relative explicit—Display explicitly, as a series of commands, all the configurations that the system internally creates when you configure certain statements from the current hierarchy level.

    [See show | display set and show | display set relative.]

Junos OS, XML, API, and Scripting

  • The jcs:load-configuration template supports loading the rescue configuration (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, the jcs:load-configuration template supports the rescue parameter to load and commit the rescue configuration on a device. SLAX and XSLT scripts can call the jcs:load-configuration template with the rescue parameter set to "rescue" to replace the active configuration with the rescue configuration.

    [See Changing the Configuration Using SLAX and XSLT Scripts and jcs:load-configuration Template.]

Junos Telemetry Interface

  • IS-IS adjacency and LSDB event streaming support on JTI (MX960, PTX1000, and PTX10000)—Junos OS Release 20.1R1 provides IS-IS adjacency and link-state database (LSDB) statistics using Junos telemetry interface (JTI) and remote procedure call (gRPC) services or gRPC Network Management Interface (gNMI) services. ON_CHANGE statistics are sent to an outside collector.

    The following resource paths are supported:

    • /network-instances/network-instance/protocols/protocol/isis/interfaces/interfaces/circuit-counters/state/ (stream)

    • /network-instances/network-instance/protocols/protocol/isis/interfaces/interface/levels/level/packet-counters/ (stream)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/system-level-counters/state/ (stream)

    • /network-instances/network-instance/protocols/protocol/isis/interfaces/interfaces/levels/level/adjacencies/adjacency/state/ (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/extended-ipv4-reachability/prefixes/prefix/state/ (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/extended-ipv4-reachability/prefixes/prefix/subtlvs/subtlv/ (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/ipv6-reachability/prefixes/prefix/state/ (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/ipv6-reachability/prefixes/prefix/subtlvs/subtlv/ (stream)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/extended-is-reachability/neighbors/neighbors/subTLVs/subTLVs/adjacency-sid/sid/state/ (ON-CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/extended-is-reachability/neighbors/neighbors/subTLVs/subTLVs/lan-adjacency-sid/ (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/ipv4-interfaces-addresses/state/ (ON_CHANGE))

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/ipv4-srlg/state/ (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/ipv4-te-router-id/state/ (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/ipv6-interfaces-addresses/state/ (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/router-capabilities/router-capability/subtlvs/subtlv/segment-routing-capability/state/ (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/state (stream)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/area-address/state/address (stream)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/nlpid/state/nlpid (stream)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/lsp-buffer-size/state/size (stream)

    • /network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/hostname/state/hname (stream)

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Packet Forwarding Engine support for JTI on MX2K-MPC11E line cards (MX2010 and MX2020)—Now supported in Junos OS Release 20.1R1, Junos telemetry interface (JTI) supports streaming of Packet Forwarding Engine statistics for MX2010 and MX2020 routers using Remote Procedure Calls (gRPC). gRPC is a protocol for configuration and retrieval of state information. This support was first introduced in Junos OS Release 19.3R2.

    To provision the sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • Platform, interface, and alarm sensor ON_CHANGE support on JTI (MX960, MX2020, PTX1000, PTX5000)—Junos OS Release 20.1R1 supports platform, interface, and alarm statistics using Junos telemetry interface (JTI) and gRPC Network Management Interface (gNMI) services. You can use this feature to send ON_CHANGE statistics for a device to an outside collector.

    This feature supports the OpenConfig models:

    • openconfig-platform.yang: oc-ext:openconfig-version 0.12.1

    • openconfig-interfaces.yang: oc-ext:openconfig-version 2.4.1

    • openconfig-alarms.yang: oc-ext:openconfig-version 0.3.1

    Use the following resource paths in a gNMI subscription:

    • /components/component (for each installed FRU)

    • /interfaces/interface/state/

    • /interfaces/interface/subinterfaces/subinterface/state/

    • /alarms/alarm/

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • gRPC Dial-Out support on JTI (ACX Series, MX Series, PTX Series, and QFX Series)—Junos OS Release 20.1R1 provides remote procedure call (gRPC) dial-out support for telemetry. In this method, the target device (server) initiates a gRPC session with the collector (client) and, when the session is established, streams the telemetry data that is specified by the sensor-group subscription to the collector. This is in contrast to the gRPC network management interface (gNMI) dial-in method, in which the collector initiates a connection to the target device.

    gRPC dial-out provides several benefits as compared to gRPC dial-in, including simplifying access to the target advice and reducing the exposure of target devices to threats outside of their topology.

    To enable export of statistics, include the export-profile and sensor statements at the [edit services analytics] hierarchy level. The export profile must include the reporting rate, the transport service (for example, gRPC), and the format (for example, gbp-gnmi). The sensor configuration should include the name of the collector (the server’s name), the name of the export profile, and the resource path. An example of a resource path is /interfaces/interface[name='fxp0'.

    [See Using gRPC Dial-Out for Secure Telemetry Collection.]

  • gRPC version v1.18.0 with JTI (ACX Series, MX Series, PTX Series, and QFX Series)—Junos OS Release 20.1R1 includes support for remote procedure call (gRPC) services version v1.18.0 with Junos telemetry interface (JTI). This version includes important enhancements for gRPC. In earlier releases, JTI is supported with gRPC version v1.3.0.

    Use gRPC in combination with JTI to stream statistics at configurable intervals from a device to an outside collector.

    [See gRPC Services for Junos Telemetry Interface.]

  • SR-TE statistics for uncolored SR-TE policies streaming on JTI (MX Series, PTX Series)—Junos OS Release 20.1R1 provides segment routing traffic engineering (SR-TE) per label-switched Path (LSP) route statistics using Junos telemetry interface (JTI) and remote procedure call (gRPC) services. Using JTI and gRPC services, you can stream SR-TE telemetry statistics for uncolored SR-TE policies to an outside collector.

    Ingress statistics include statistics for all traffic steered by means of an SR-TE LSP. Transit statistics include statistics for traffic to the Binding-SID (BSID) of the SR-TE policy.

    To enable these statistics, include the per-source per-segment-list statement at the [edit protocols source-packet-routing telemetry statistics] hierarchy level.

    If you issue the set protocols source-packet-routing telemetry statistics no-ingress command, ingress sensors are not created.

    If you issue the set protocols source-packet-routing telemetry statistics no-transit command, transit sensors are not created. Otherwise, if BSID is configured for a tunnel, transit statistics are created.

    The following resource paths (sensors) are supported:

    • /junos/services/segment-routing/traffic-engineering/tunnel/lsp/ingress/usage/

    • /junos/services/segment-routing/traffic-engineering/tunnel/lsp/transit/usage/

    To provision the sensor to export data through gRPC services, use the telemetrySubscribe RPC.

    Streaming telemetry data through gRPC or gNMI also requires the OpenConfig for Junos OS module.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface, source-packet-routing, and show spring-traffic-engineering lsp detail name name.]

  • LLDP statistics, notifications, and configuration model for suppress-tlv-advertisement support on JTI (MX240, MX480, MX960, MX10003, PTX10008, PTX10016)—Junos OS Release 20.1R1 provides remote procedure call (gRPC) streaming services support for attribute leaf suppress-tlv-advertisement under the resource path /lldp/state/suppress-tlv-advertisement. The following TLVs are supported, which in turn support operational state, notifications, and configuration change support:

    • port-description

    • system-name

    • system-description

    • system-capabilities

    • management-address

    • port-id-type

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • CPU and NPU sensors support using JTI on MX2K-MPC11E line cards (MX2010 and MX2020)—Junos OS Release 20.1R1 supports Junos telemetry interface (JTI) CPU and network processing unit (NPU) sensors on MX Series routers with MX2K-MPC11E line cards. JTI enables streaming statistics from these sensors to outside collectors at configurable intervals using remote procedure call (gRPC) services.

    Unlike the Junos kernel implementation in earlier Junos OS releases that support these sensors, this feature uses the OpenConfig AFT model. Because of this, there is a difference in the resource path and key-value (kv) pair output compared to the Junos kernel output.

    Use the following resource paths to export statistics:

    /junos/system/linecard/cpu/memory/

    /junos/system/linecard/npu/memory/

    /junos/system/linecard/npu/utilization/

    To provision the sensor to export data through gRPC services, use the telemetrySubscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface) and Understanding OpenConfig and gRPC on Junos Telemetry Interface.]

  • gNMI extension compliance with JTI (MX Series)—Starting in Junos OS Release 20.1R1, changes are qualified in the extension header for Junos telemetry interface (JTI), ensuring they are compliant with the OpenConfig gnmi.extensions.proto specification.

    See gnmi-extensions.md.]

  • gNMI-based streaming telemetry support for Packet Forwarding Engine sensors on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, gRPC Network Management Interface (gNMI) service support is available to export Packet Forwarding Engine statistics for telemetry monitoring and management using Junos telemetry interface (JTI). Using gNMI and JTI, data is exported from devices to outside collectors at configurable intervals. This feature includes support (SensorD daemon) to export telemetry data for the OpenConfig model called AFT platform.

    Use the following resource paths to export sensor data for interface information and traffic, logical interface traffic, firewall filter counters, and policer counters:

    • /junos/system/linecard/interface/

    • /junos/system/linecard/interface/traffic/

    • /junos/system/linecard/interface/queue/

    • /junos/system/linecard/interface/logical/usage/

    • /junos/system/linecard/firewall/

    • /junos/system/linecard/services/inline-jflow/

    To provision the sensor to export data through gNMI services, use the Subscribe RPC. The Subscribe RPC and subscription parameters are defined in the gnmi.proto file. Streaming telemetry data through gRPC or gNMI also requires the OpenConfig for Junos OS module.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface) and Understanding OpenConfig and gRPC on Junos Telemetry Interface.]

Layer 2 Features

  • Supported Layer 2 features on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the following advanced Layer 2 features are supported on MX2K-MPC11E line cards:

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

  • Support for Layer 2 services with PWHT on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, some of the Layer 2 services are supported with pseudowire headend termination (PWHT) on the new MX2K-MPC11E line card.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Protocols and Applications Supported by the MX2K-MPC11E and Layer 2 VPNs and VPLS User Guide for Routing Devices.]

  • Support for basic Layer 2 features on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, MX2010 and MX2020 routers with the MX2K-MPC11E line card supports the following basic Layer 2 features:

    • Layer 2 bridging with trunk and access modes

    • MAC learning and aging

    • Handling BUM (broadcast, unknown unicast and multicast) traffic, including split horizon

    • MAC move

    • Layer 2 forwarding and flooding statics

    • Mesh groups

    • Static MAC addresses

    • MAC learning and forwarding on AE interfaces

    • Bridging on untagged interfaces

    • Basic Q-n-Q tunneling (without VLAN-translation and VLAN map operations)

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Understanding Layer 2 Bridge Domains, Understanding Layer 2 Learning and Forwarding.]

Layer 3 Features

  • Support for new MPC11E line card (MX Series)—Starting in Junos OS Release 20.1R1, we've introduced a new MPC, MPC11E, that supports the following Layer 3 features:

    The following Layer 3 features are supported on MPC11E in 20.1R1:

    • BGP

    • IS-IS

    • Layer 3 VPN

    • OAM - LSP/VPN ping, traceroute, automatic bandwidth, and MPLS-FRR link node protection

    • OSPF

    • RIP

    • Tunnel (GRE tunnels, logical tunnels, and virtual tunnels)

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

  • Support for IPv6 Ping, IPv6 Traceroute and ECMP traceroute for Labelled-ISIS Segment Routing paths (MX Series and VMX)— Starting in Release 20.1R1, Junos OS supports IPv6 Ping, IPv6 Traceroute, and equal-cost multipath (ECMP) traceroute for Labelled-ISIS Segment Routing paths.

Management

  • Error recovery, fault handling, and resiliency support for MX2K-MPC11E (MX2010 and MX2020)—In Junos OS Releases 19.3R2 and 20.1R1, the MX2010 and MX2020 routers with MX2K-MPC11E line cards support error recovery, fault handling, and software resiliency. The MX2K-MPC11E line cards support detecting errors, reporting them through alarms, and triggering resultant actions. To view application level errors, use the show trace node fpc<#> application fabspoked-pfe-redbull command. To check the status of the card, use the show chassis fpc pic-status command. Use the show chassis errors active command to view the fault details and the show system alarm command to view the alarm details.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See show chassis fpc pic-status and clear chassis fpc errors.]

MPLS

  • Support for MPLS features on MX2K-MPC11E line card (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the new MX2K-MPC11E line card supports some of the MPLS features.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Support for selective MPLS traffic mirroring (MX Series with MPC10)—Starting in Junos OS Release 20.1R1, MX Series routers with MPC10 line cards supportelective MPLS traffic mirroring. You can apply inbound and outbound filters for the MPLS family based on MPLS-tagged IPv4 and IPv6 parameters using inner payload match conditions, and enable selective port mirroring of MPLS traffic on to a monitoring device.

    [See Understanding IP-Based Filtering and Selective Port Mirroring of MPLS Traffic]

  • Support for segment routing over RSVP forwarding adjacency (MX Series and PTX Series)—Starting with Junos OS Release 20.1R1, we provide support for segment routing traffic to be carried over RSVP LSPs that are advertised as forwarding adjacencies in IS-IS. This feature is implemented in a network having LDP on the edge and RSVP in the core where you can easily replace LDP with IS-IS segment routing because it eliminates the need for MPLS signaling protocols such as LDP. This helps to remove a protocol from the network and results in network simplification.

    [See Understanding Segment Routing over RSVP Forwarding Adjacency in IS-IS.]

  • Support for static adjacency segment identifier for aggregated Ethernet member links on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting with Junos OS Release 20.1R1, you can configure a transit single-hop static label-switched path (LSP) for a specific member link of an aggregated Ethernet (ae) interface. The label for this route comes from the segment routing local block (SRLB) pool of the configured static label range. Configure the aggregated Ethernet member-interface name using the member-interface statement option at the [edit protocols mpls static-label-switched-path name transit name] hierarchy level. This feature is supported for aggregated Ethernet interfaces only.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See transit and Configuring Static Adjacency Segment Identifier for Aggregate Ethernet Member Links Using Single-Hop Static LSP.]

  • Support for Seamless MPLS Layer 3 features on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, MX2010 and MX2020 routers with the MX2K-MPC11E line card support the following MPLS Layer 3 features:

    • Redundant logical tunnel interfaces.

    • Pseudowire subscriber interfaces using either logical tunnel or redundant logical tunnel interfaces as anchor point.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Redundant Logical Tunnels Overview and MPLS Pseudowire Subscriber Logical Interfaces.]

  • Support for segment routing (SR) and segment routing traffic engineering (SRTE) statistics on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, MX2010 and MX2020 routers with the MX2K-MPC11E line card supports segment routing (SR) and segment routing traffic engineering (SRTE) statistics.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Understanding Source Packet Routing in Networking (SPRING).]

  • CoS-based forwarding and policy-based routing to steer selective traffic over an SR-TE path (ACX Series, MX Series, and PTX Series)—Starting in Junos OS Release 20.1R1, you can use CoS-based forwarding (CBF) and policy-based routing (PBR, also known as filter-based forwarding or FBF) to steer service traffic using a particular segment routing-traffic-engineered (SR-TE) path. This feature is supported only on non-colored segment routing LSPs that have the next hop configured as a first hop label or an IP address.

    With CBF and PBR, you can:

    • Choose an SR-TE path on the basis of service.

    • Choose the supporting services to resolve over the selected SR-TE path.

    [See Example: Configuring CoS-Based Forwarding and Policy-Based Routing For SR-TE LSPs.]

  • Support for MPLS features on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, some of the MPLS features are supported on the new MX2K-MPC11E line card.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

Multicast

  • Support for multicast forwarding on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, multicast forwarding is fully supported on MX2010 and MX2020 routers with MX2K-MPC11E line cards and Enhanced Switch Fabric Boards (SFB3).

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Multicast Overview.]

  • Next-generation multicast VPN supported on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the MX2K-MPC11E line card supports next-generation MVPN.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Multicast Overview.]

Network Management and Monitoring

Next Gen Services

  • Support for Port Control Protocol (PCP)—Starting in Junos OS Release 20.1R1, Next Gen Services supports the Port Control Protocol (PCP), which provides a mechanism to control how incoming packets are forwarded by upstream devices such as Network Address Translator IPv6/IPv4 (NAT64), Network Address Translator IPv4/IPv4 (NAT44), and IPv6 and IPv4 firewall devices, and mechanism to reduce application keep alive traffic.

    [See pcp-rules.]

  • Support for Traffic Load Balancer—Starting in Junos OS Release 20.1R1, Next Gen Services support Traffic Load Balancer (TLB). TLB enables you to distribute traffic among multiple servers.

    [See Traffic Load Balancer Overview.]

  • Support for TLS transport protocol for Next Gen Services CGNAT syslog messages—Starting in Junos OS Release 20.1R1, you can configure the transport security protocol for Next Gen Services CGNAT global syslog messages to Transport Layer Security (TLS), as well as UDP or TCP.

    TLS ensures the secure transmission of data between a client and a server through a combination of privacy, authentication, confidentiality, and data integrity. SSL relies on certificates and private-public key exchange pairs for this level of security.

    [See transport.]

  • Next Gen Services on GNFs (MX480 and MX960)—Starting in Junos OS Release 20.1R1, guest network functions (GNFs) on MX480 and MX960 routers support Next Gen Services when the MX-SPC3 Services Processing Card is installed. You can enable Next Gen Services on a GNF by using the existing command request system enable unified-services at the GNF level. In a Junos node slicing setup, you can use both MX-SPC3 and MS-MPC on the same chassis but on different GNFs. However, the MX-SPC3 comes online only if you have enabled Next Gen Services on the GNF. If you have not enabled Next Gen Services, only the MS-MPC comes online.

    Note

    The MX-SPC3 does not support abstracted fabric interfaces.

    [See Enabling and Disabling Next Gen Services and request system enable unified-services.]

  • Support for URL filtering, DNS sinkhole and Juniper Sky ATP URL filtering —Starting in Junos OS Release 20.1R1, under Next Gen Services you can configure DNS filtering to identify DNS requests for blacklisted website domains and URL filtering to determine which Web content is not accessible to users. We also support Juniper Sky ATP filtering, which is a cloud-based solution that integrates with Policy Enforcer on the Junos Space Security Director.

    [See local-category.]

OAM

  • Support for link fault management (MX2K-MPC11E)—Starting in Junos OS Release 20.1R1, you can configure IEEE 802.3ah link fault management (LFM) for MX2K-MPC11E on MX2010 and MX2020 routers. You can also configure the following supported LFM features:

    • Discovery and link monitoring

    • Distributed LFM

    • Remote fault detection and remote loopback

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Introduction to OAM Link Fault Management (LFM).]

Port Security

  • Media Access Control Security (MACsec) support on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, MACsec is supported on MX2010 and MX2020 routers with the MX2K-MPC11E line card. MACsec is an industry-standard security technology that provides secure communication for all traffic on point-to-point Ethernet links. The MPC11E supports MACsec on all 10-Gigabit Ethernet, 40-Gigabit Ethernet, and 100-Gigabit Ethernet interfaces. The supported cipher suites are GCM-AES-256 and GCM-AES-128. Only static CAK mode is supported.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Understanding Media Access Control Security (MACsec).]

  • VLAN-level MACsec with unencrypted VLAN tags (MX10003 with JNP-MIC1-MACSEC)—You can establish MACsec sessions for logical interfaces instead of physical interfaces on MX10003 routers with the JNP-MIC1-MACSEC installed. VLANs tags are now transmitted in cleartext, allowing intermediate switches that are MACsec-unaware to process VLAN tags. This feature enables MACsec encryption of point-to-multipoint VLAN connections over service provider WANs.

    [See Media Access Control Security (MACsec) over WAN.]

Routing Policy and Firewall Filters

  • Support for CCC and Layer 3 firewall forwarding on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting with Junos OS Release 20.1R1, circuit cross-connect (CCC) traffic and Layer 3 firewall forwarding features are supported on MX2K-MPC11E line cards.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See CCC Overview.]

  • Support for firewall forwarding on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, firewall forwarding is fully supported on MX2010 and MX2020 routers with MX2K-MPC11E line cards and Enhanced Switch Fabric Boards (SFB3s).

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Filter-Based Forwarding Overview.]

  • Support for IPv6 discard interfaces (MX Series)—Starting in Junos OS Release 20.1R1, you can configure a discard interface for IPv6 traffic. Do this at the [edit interfaces dsc unit 0 family inet6] hierarchy level.

    [See Configuring Discard Interfaces]

Routing Protocols

  • Support for topology-independent loop-free alternate (TI-LFA) in IS-IS for IPv6-only networks (ACX Series, MX Series, and PTX Series)— Starting with Junos OS Release 20.1R1, you can configure TI-LFA with segment routing in an IPv6-only network for the IS-IS protocol. TI-LFA provides MPLS fast reroute (FRR) backup paths corresponding to the post-convergence path for a given failure. TI-LFA provides protection against link failure and node failure.

    You can enable TI-LFA for IS-IS by configuring the use-post-convergence-lfa statement at the [edit protocols isis backup-spf-options] hierarchy level. You can enable the creation of post-convergence backup paths for a given IPv6 interface by configuring the post-convergence-lfa statement at the [edit protocols isis interface interface-name level level] hierarchy level. The post-convergence-lfa statement enables link-protection mode.

    You can enable node-protection mode for a given interface at the [edit protocols isis interface interface-name level level post-convergence-lfa] hierarchy level. However, you cannot configure fate-sharing protection for IPv6-only networks.

    [See Understanding Topology-Independent Loop-Free Alternate with Segment Routing for IS-IS.]

  • Support for IP forward backup path for BGP-LS peer SIDs (MX Series)— Starting in Junos OS Release 20.1R1, you can configure an IP forward backup path that provides protection at the local node or the point of local repair for egress peer engineering. When the primary segment goes down, the packet is forwarded to the configured IP backup path. This IP forward backup path has local node significance only. BGP does not send the IP forward backup path information to the controller in its periodic BGP LS updates. If you have configured both segment protection and IP forwarding backup path, then backup segment protection takes precedence over the IP forwarding backup path protection.

    To configure IP forward backup path for BGP LS peer segments, include the egress-te-backup-ip-forward option at the [edit bgp egress-te–segment-set], [edit bgp group group-name egress-te-node-segment], and [edit bgp group group-name egress-te-segment adj] hierarchy levels.

    [See egress-te-set-segment,egress-te-node-segment, and egress-te-adj-segment.]

Services Applications

  • Support for port mirroring (MX2K-MPC11E line card on MX2010 and MX2020 routers)—In Junos OS Releases 19.3R2 and 20.1R1, you can configure port mirroring on the MX2K-MPC11E line card to mirror a copy of a packet to a configured destination, in addition to the normal processing and forwarding of the packet. The MX2K-MPC11E supports IPv4 (inet) and IPv6 (inet6) address families only.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Configuring Port Mirroring.]

  • Support for tunnel interfaces (MX2K-MPC11E line card on MX2010 and MX2020 routers)—In Junos OS Releases 19.3R2 and 20.1R1, Junos OS supports three tunnel interfaces: generic routing encapsulation (GRE) tunnel, logical tunnel (LT), and virtual tunnel (VT) on the MX2K-MPC11E line card.

    • The GRE tunnel interface supports the tunnel statement with these options: destination, key, source, traffic-class and ttl. The copy-tos-to-outer-ip-header statement is also supported.

    • The LT interface supports family inet, family inet6, and family iso options. The encapsulation statement supports the Ethernet and VLAN physical interface options only.

    • The VT interface supports the family inet option only.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Tunnel Services Overview.]

  • Fabric support on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the MX2K-MPC11E line card is introduced. It is composed of 8 Packet Forwarding Engines per FPC. Each Packet Forwarding Engine on the MX2K-MPC11E line card has 3 fabric planes per SFB, which is a total of 24 fabric planes. All Packet Forwarding Engines have fabric connectivity with the SFB3. The fabric links are monitored for cyclic redundancy check (CRC) errors. Each Packet Forwarding Engine supports 500G fabric throughput when all 24 fabric planes are operational.

    Note
    • Fabric redundancy is not supported on MX2K-MPC11E line card. The MX2K-MPC11E line card interoperates only with SFB3.

    • The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Support for local preference when selecting forwarding next hops for load balancing on MPC11E (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, you can have traffic flows across aggregated Ethernet or redundant logical-tunnel interfaces prefer local forwarding next hops over remote ones, for example to ensure that the overall load on the fabric is reduced.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See local-bias.]

  • Inline J-Flow support for EVPN traffic (MX Series with MPC10 and MPC11)—Starting with Junos OS Release 20.1R1, you can use inline J-Flow sampling for the bridge family. You can monitor Inline J-Flow traffic hitting the bridge family and report the necessary fields in either Version 9 or IPFIX format. The new bridge family under the forwarding-options sampling instance hierarchy monitors all traffic hitting the VPLS or bridge family.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Understanding Inline Active Flow Monitoring.]

  • Configure next-hop-based dynamic tunnels on MX2K-MPC11E line card (MX2010 and MX2020 routers)—In Junos OS Releases 19.3R2 and 20.1R1, on MX2010 and MX2020 routers with an MX2K-MPC11E line card, you can configure next-hop-based dynamic tunnels for the following configurations:

    • MPLS-over-UDP—You can configure a dynamic MPLS-over-UDP tunnel that includes a tunnel composite next hop.

      In a dynamic tunnel configuration, where the Routing Engine forwards a lot of routes to the Packet Forwarding Engine, the FIB convergence may take more time resulting in traffic loss. Also, when you restart an FPC restart in a dynamic tunnel configuration, traffic flow may not resume.

    • MPLS-over-GRE—You can configure MPLS LSPs to use generic routing encapsulation (GRE) tunnels to cross routing areas, autonomous systems, and ISPs.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See dynamic-tunnels.]

  • Support for inline active flow monitoring on (MPC11E line cards on MX240, MX480, and MX960)—Starting in Junos OS Release 20.1R1, you can perform inline flow monitoring to support:

    • MPLS, MPLS-IPv4, and MPLS-IPv6

    • IPv4 or IPv6 traffic on next-hop based GRE tunnels and ps interfaces

    Both IPFIX and V9 formats are supported.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Understanding Inline Active Flow Monitoring.]

  • Support for Two-Way Active Measurement Protocol (TWAMP) on MX2K-MPC11E line card (MX240, MX480, and MX960)—Starting in Junos OS Release 20.1R1, the MX2K-MPC11E line card supports TWAMP. You can use the TWAMP-Control protocol to set up performance measurement sessions between a TWAMP client and a TWAMP server, and use the TWAMP-Test protocol to send and receive performance measurement probes. Configuring the TWAMP client instance to use si-x/y/z as the destination interface (which enables inline services) is not supported if the router has an MX2K-MPC11E installed in the chassis. You can configure only the none authentication mode on the line card.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Understanding Two-Way Active Measurement Protocol on Routers.]

  • L2TPv2 silent failover on peer interface for L2TPv2 subscriber services on MX2K-MPC11E line card (MX2010 and MX2020 routers)—In Junos OS Releases 19.3R2 and 20.1R1, you can configure L2TPv2 silent failover and peer interface support for L2TPv2 subscriber services on MX2K-MPC11E line card.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Peer Resynchronization After an L2TP Failover.]

  • Port mirroring support on MX2K-MPC11E (MX2010 and MX2020 routers)—In Junos OS Releases 19.3R2 and 20.1R1, you can configure port mirroring on the MX2K-MPC11E line card. You can configure port mirroring for the CCC, bridge, and family any only.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Understanding Port Mirroring.]

  • FlowTapLite support on MPC10E (MX240, MX480, and MX960 routers)—Starting in Junos OS Release 20.1R1, you can configure FlowTapLite on the MPC10E line card.

    [See Configuring FlowTapLite on MX Series Routers and M320 Routers with FPCs.]

  • Support adaptive load balancing (ALB) for ECMP next hops (MX Series)—Currently, adaptive load balancing for ECMP next hops is limited to a single Packet Forwarding Engine. Hence, traffic is restricted to a single Packet Forwarding Engine and impacts the flexibility and redundancy. Starting in Junos OS Release 20.1R1, you can configure adaptive load balancing for ECMP next hops across multiple ingress Packet Forwarding Engines on the same line card for even distribution of the traffic and redundancy. The behavior is default starting with Junos OS Release 20.1R1 and you cannot choose to configure back to the behavior prior to Junos OS Release 20.1R1. Also, the behavior is not applicable when you configure adaptive load-balancing and locality-bias together.

    To configure adaptive load balancing for ECMP next hops, configure the ecmp-alb command under the [edit chassis] hierarchy level.

    [See ecmp-alb].

Software Defined Networking

  • Delegate segment routing LSPs to a PCE (MX Series)—Starting in Junos OS Release 20.1R1, you can enable a Path Computation Client (PCC) to delegate locally configured IPv4 non-colored segment routing LSPs to a Path Computation Element (PCE) controller. The PCE controls the delegated LSPs and can modify LSP attributes for traffic steering.

    A PCC with delegation capability can take back control of the delegated segment routing LSPs from the PCE when the PCEP session goes down; the LSPs would otherwise be deleted from the PCC. You can thus ensure LSP data protection by averting a situation where packets are silently discarded or dropped (also known as a traffic black-hole condition).

    [See Segment Routing for the Path Computation Element Protocol Overview and Example: Configuring Path Computation Element Protocol for SPRING-TE LSPs.]

Subscriber Management and Services

  • Support for BNG M:N subscriber redundancy over pseudowire interfaces (MX Series)—Starting in Junos OS Release 20.1R1, you can configure BNG M:N redundancy using pseudowire redundancy in addition to using VRRP redundancy. The pseudowire redundancy method is supported for IP/MPLS network and Layer 2 VPN scenarios using pseudowire tunnels. These scenarios support dynamic N:1 VLANs.

    [See M:N Subscriber Redundancy Overview.]

  • Distributed denial of service protection on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, the MX2K-MPC11E line cards support DDoS protection.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Subscriber services uplink support on MX2K-MPC11E line cards (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, you can use the MX2K-MPC11E line cards for uplink connections to the core network. This support requires you to enable enhanced subscriber management.

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Protocols and Applications Supported by the MX2K-MPC11E.]

  • Support for managing policy and charging rules function (PCRF) server errors (MX Series)—Starting in Junos OS Release 20.1R1, you can configure the router to reinitialize the PCRF session when triggered by certain PCRF server errors that result in a state mismatch between the server and the router. You can also configure the router to generate an extended session ID that is universally unique by appending a 32-bit session stamp based on the current UTC time when the router creates the CCR-GX-I.

    [See Understanding Gx Interactions Between the Router and the PCRF.]

System Management

  • Precision Time Protocol (PTP) and IRB support on MPC7E line cards (MX240, MX480, and MX960)—Starting in Junos OS Release 20.1R1, we support PTP over IRB on master interface configurations for MPC7E line cards. This release also supports the configuration of aggregated Ethernet over IRB. We’ve also added disable-lag-revertive-switchover statement at a global level. This configuration enables nonrevertive switchover for a LAG.

    Note
    • Two-step clock mode is not supported.

    • PTP aggregated Ethernet child link switchover is not hitless, in both negotiated and nonnegotiated cases, in scenarios with aggregated Ethernet, because the client goes through a resynchronization phase. When unicast negotiation is enabled, the PTP backup clock starts fresh with new negotiation messages using the secondary link whenever the current active link goes down.

    • Aggregated Ethernet with mixed-speed child links is not supported over IRB.

    [See Configuring Precision Time Protocol Over Integrated Routing and Bridging.]

  • Restrict option under NTP configuration is now visible (ACX Series, QFX Series, MX Series, PTX Series, and SRX Series)—Starting in Junos OS Release 20.1R1, the noquery command under the restrict hierarchy is now available and can be configured with a mask address. The noquery command is used to restrict ntpq and ntpdc queries coming from hosts and subnets.

    [See Configuring NTP Access Restrictions for a Specific Address.]

User Interface and Configuration

  • Synchronous Ethernet support for MPC11E (MX2010 and MX2020)—Starting in Junos OS Release 20.1R1, Synchronous Ethernet is supported on the MPC11E.

    Note

    Junos OS dose not support synchronous Ethernet clock recovery from MIC and Precision Time Protocol (PTP).

    Note

    The MX2K-MPC11E line card is also supported in Junos OS Release 19.3R2 and later Junos OS 19.3 releases. It is not supported in any Junos OS 19.4 releases.

    [See Synchronous Ethernet Overview.]

What's Changed

Learn about what changed in Junos OS main and maintenance releases for MX Series routers.

What’s Changed in 20.1R2

Class of Service (CoS)

  • We’ve corrected the output of the show class-of-service interface | display xml command. Output of the following sort: <container> <leaf-1> data </leaf-1><leaf-2>data </leaf-2> <leaf-3> data</leaf-3> <leaf-1> data </leaf-1> <leaf-2> data </leaf-2> <leaf-3> data </leaf-3> </container> will now appear correctly as <container> <leaf-1> data </leaf-1><leaf-2>data </leaf-2> <leaf-3> data</leaf-3></container> <container> <leaf-1> data </leaf-1> <leaf-2> data </leaf-2> <leaf-3> data </leaf-3> </container>.

General Routing

  • Displaying accurate aggregate drop statistics (MX Series)—You can view the accurate aggregate drop statistics when a packet drop is seen on an aggregated Ethernet interface by using the show interfaces extensive command. In earlier releases, the show interfaces extensive command did not display accurate aggregate drop statistics. Only the individual aggregate child interface displayed accurate drop statistics.

  • MS-MPC and MS-MIC service package (MX240, MX480, MX960, MX2020, MX2010, and MX2008)—PICs of the Multiservices MPC (MS-MPC) and Multiservices MIC (MS-MIC) do not support any service package other than extension-provider. These PICs always come up with the extension-provider service package, irrespective of the configuration. If you try to configure any other service package for these PICs by using the command set chassis fpc slot-number pic pic-number adaptive-services service-package, an error is logged. Use the show chassis pic fpc-slot slot pic-slot slot command to view the service package details of the PICs of the MS-MPC and MS-MIC.

    [See extension-provider.[

  • Round-trip time load throttling for pseudowire interfaces (MX Series)—The Routing Engine supports round-trip time load throttling for pseudowire (ps) interfaces. In earlier releases, only Ethernet and aggregated Ethernet interfaces are supported.

    [See Resource Monitoring for Subscriber Management and Services.[

  • Command to view summary information for resource monitor (MX Series routers and EX9200 line of switches)—You can use the show system resource-monitor command to view statistics about the use of memory resources for all line cards or for a specific line card in the device. The command also displays information about the status of load throttling, which manages how much memory is used before the device acts to reduce consumption.

    [See show system resource-monitor and Resource Monitoring for Subscriber Management and Services.]

  • Updates to ON-CHANGE and periodic dynamic subscriber interface metadata sensors (MX Series routers and EX9200 line of switches)—We've made the following updates to the /junos/system/subscriber-management/dynamic-interfaces/interfaces/meta-data/interfacesid='sid-value'/ sensor:

    • Notifications are sent when subscribers log in on either IP demux or VLAN demux interfaces. In earlier releases, login notifications are sent only for IP demux logins.

    • The interface-set end path has been added to the logical interface metadata. The interface-set field appears in both ON-CHANGE and periodic notifications. In earlier releases, this field is not included in the sensor metadata or notifications.

    [See gRPC Sensors for Subscriber Statistics and Queue Statistics for Dynamic Interfaces and Interface-Sets (Junos Telemetry Interface).]

  • New commit check for MC-LAG (MX Series)— We've introduced a new commit check to check the values assigned to the redundancy group identification number on the MC-AE interface (redundancy-group-id) and ICCP peer (redundancy-group-id-list) when you configure multichassis aggregation groups (MC-LAGs). If the values are different, the system reports a commit check error. In previous releases, if the configured values were different, the l2ald process would crash.

    [See iccp.]

  • Install or activate the RIFT package to include the request rift package activate-as-top-of-fabric option—Install or activate the RIFT package to include the request rift package activate-as-top-of-fabric option. This option is same as the activate option but it adds additional configuration to act as a top-of-fabric node.

High Availability (HA) and Resiliency

  • IPv6 address in the prefix TIEs displayed correctly—The IPv6 address in the prefix TIEs are displayed correctly in the show rift tie output.

  • Install or activate the RIFT package to include the request rift package activate-as-top-of-fabric option—Install or activate the RIFT package to include the request rift package activate-as-top-of-fabric option. This option is same as the activate option but it adds additional configuration to act as a top-of-fabric node.

Infrastructure

  • Change in support for interface-transmit-statistics statement (MX Series)—You cannot configure aggregated Ethernet interfaces to capture and report the actual transmitted load statistics by using the interface-transmit-statistics statement. Aggregated Ethernet interfaces do not support reporting of the transmitted load statistics. The interface-transmit-statistics statement is not supported in the aggregated Ethernet interfaces hierarchy. In earlier releases, the interface-transmit-statistics statement was available in the aggregated Ethernet interfaces hierarchy but not supported.

    [See interface-transmit-statistics.]

Juniper Extension Toolkit (JET)

  • Set the trace log to only show error messages (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series)— You can set the verbosity of the trace log to only show error messages using the error option at the [edit system services extension-service traceoptions[ hierarchy level.

    See traceoptions (Services).

Junos OS XML API and Scripting

  • Root XML tag change for show rsvp pop-and-forward | display xml command (MX480)—We’ve changed the root XML tag for the show rsvp pop-and-forward | display xml command to rsvp-pop-and-fwd-information to make it consistent with the XML tag convention. In earlier releases, the command output displays rsvp-pop-and-fwd-info XML tag. Update the scripts with the rsvp-pop-and-fwd-info XML tag to reflect the new rsvp-pop-and-fwd-information XML tag.

    [See Junos XML API Explorer - Operational Tags.]

Network Management and Monitoring

  • Support for clearing the event at MEP level (MX Series)—In Junos OS 20.1R2 and later, you can define an action profile for connectivity fault management at the local MEP level or at the remote MEP level. You define an action profile to monitor events and thresholds and specify an action that the device performs when the configured event occurs. When you define the action profile at the local MEP level, you can clear the event for the configured action profile at the local MEP level by specifying only the local MEP numeric identifier. When you define the action profile at the remote MEP level, you can clear the event for the configured action profile at the remote MEP level by specifying the local MEP numeric identifier as well as the remote MEP numeric identifier.

    [See clear oam ethernet connectivity-fault-management event.]

Routing Protocols

  • Automatic installation of YANG-based CLI for RIFT protocol (MX Series, QFX Series, and vMX with 64-bit and x86-based servers)—In Rift 1.2 Release, installation of the CLI for RIFT protocol occurs automatically along with the installation of the junos-rift package. In the pre-1.0 releases of the junos-rift package, the RIFT CLI had to be installed separately using request system yang command after installation of the junos-rift package.–

  • Advertising /32 secondary loopback addresses to Traffic Engineering Database (TED) as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—In Junos OS Release, multiple loopback addresses export into lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router-ids instead of prefixes. In earlier Junos OS releases, multiple secondary loopback addresses in TED were added into lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router-id.

Services Applications

  • New option for configuring delay in IPsec SA installation—In Junos OS Release 20.1R2, you can configure the natt-install-interval seconds option under the [edit services ipsec-vpn rule rule-name term term-name then dynamic] hierarchy to specify the duration of delay in installing IPsec SA in a NAT-T scenario soon after the IPsec SA negotiation is complete. The default value is 0 seconds.

Subscriber Management and Services

  • Improved tunnel session limits display (MX Series)—Starting in Junos OS Release 20.1R2, the show services l2tp tunnel extensive command displays the configured value for maximum tunnel sessions. On both the LAC and the LNS, this value is the minimum from the global chassis value, the tunnel profile value, and the value of the Juniper Networks VSA, Tunnel-Max-Sessions (26–33). On the LNS, the configured host profile value is also considered.

    In earlier releases, the command displayed the value 512,000 on the LAC and the configured host profile value on the LNS.

    [See Limiting the Number of L2TP Sessions Allowed by the LAC or LNS.]

What’s Changed in 20.1R1

Interfaces and Chassis

  • Displaying accurate aggregate drop statistics (MX Series)—Starting in Junos OS Release 20.1R1, you can view the accurate aggregate drop statistics when a packet drop is seen on an aggregated Ethernet Interface by using the show interfaces extensive command. In earlier releases, the show interfaces extensive command did not display accurate aggregate drop statistics. Only the individual aggregate child interface displayed accurate drop statistics.

Network Management and Monitoring

  • Change in startup notification after GRES (MX Series routers)– Starting in Junos OS Release 20.1R1, the master Routing Engine sends a coldStart notification when a device comes up. The master Routing Engine also sends warmStart notifications for subsequent restarts of the SNMP daemon. After graceful routing engine switchover (GRES) the new master Routing Engine sends a single warmStart notification and the backup Routing Engine does not send any notification. In earlier releases, after GRES, the new master RE would sometimes send two notifications or a single notification. Of these, the first notification was always a coldStart notification and the second was either a coldStart notification or a warmStart notification.

  • Enhancement to the show SNMP mib command– In Junos OS Release 20.1R1, and later, a new option, hex, is supported to display the SNMP object values in the hexadecimal format. In earlier releases, the show snmp mib command displays the snmp object values in ASCII and decimal format only.

    See show snmp mib

Services Applications

  • Update to CLI option for configuring the version number to distinguish between currently supported version of the Internet draft draft-ietf-softwire-map-03—In Junos OS Release 20.1R1, the version-3 option under the [edit services softwire softwire-concentrator map-e] hierarchy for configuring the version number to distinguish between currently supported version of the Internet draft draft-ietf-softwire-map-03 is optional. In the earlier Junos OS releases, if you did not configure the version-3 option, the configuration resulted in an error.

    [See map-e.]

Subscriber Management and Services

  • Single memory map applies to configuration and schema databases (MX Series)—Starting in Junos OS Release 20.1R1, the Junos OS configuration database and the schema database share the same memory space. This means that when you set the maximum database size, the result is the total memory available to both of these databases. In earlier releases, the schema database is separate and fixed in size.

    [See Configuring Junos OS Enhanced Subscriber Management.]

Known Limitations

Learn about known limitations in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • MX Series platforms with the FPC-PTX-P1-A or FPC2-PTX-P1A line card might encounter a single event upset (SEU) event that can cause a linked-list corruption of the TQ chip. The following syslog message is reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002

    The Junos OS chassis management error handling detects such a condition, raises an alarm, and disables the affected Packet Forwarding Engine entity. To recover this Packet Forwarding Engine entity, a restart of the FPC is needed. Contact your Juniper support representative if the issue is seen after an FPC restart. PR1254415

  • In some scenarios with MPC, the following major alarm and following messages are generated: messages log: fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) alarmd[3158]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC x Major Errors Major alarm set, FPC x Major Errors fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) cli> show chassis alarms 1 alarms currently active Alarm time Class Description 2019-01-25 15:18:03 UTC Major FPC x Major.

    Despite the major alarm set, this error is due to the Unknown Error Address logged in hardware to the DQ underrun. This message is harmless and has no service impact. PR1303489

  • The MX104 router has the following limitations in error management:

    • The show chassis fpc error command is not available for MX104 in Junos OS Releases 13.3R7, 15.1R2,14.1R5,14.2R4, 13.3R8, and later.

    • Junos OS does not initiate restart of the system on encountering a fatal error.

    • Although you can configure disable-PFE for major errors action, Junos OS does not disable its only Packet Forwarding Engine on encountering a major error. PR1413314

  • After an MX Series router with the JNP10K-LC2101 line card is powered on, a voltage of 1345–1348 mV is read for about 20 seconds, which gets stabilized to 1493 mV. During this period, the FPC x Voltage Tolerance Exceeded major alarm is raised. PR1415671

  • The Routing Engine interprets any input from the console port as interrupts. Depending on the frequency, console noise impacts the Routing Engine interruption handling to different extents, even with the current mechanism. When the interrupt frequency is too high for the Routing Engine to handle, the impact might vary from the line card reboot (partial impact) to the Routing Engine reboot (chassis-wide impact). PR1436386

  • On the MPC11E line card, the number-of-sub-ports configuration on the 4x10G channelized ports might cause the channels to go down. PR1442439

  • In a scaled scenario where the Routing Engine pushes a lot of routes to the Packet Forwarding Engine in the presence of the dynamic tunnel configuration, FIB convergence might take more time, leading to traffic drops. PR1454817

  • On the MPC11E line card, the following error message is seen when the line card is online: i2c transaction error (0x00000002). PR1457655

  • Dynamic SR-TE tunnels does not get automatically re-created at the new primary Routing Engine after the Routing Engine switchover. PR1474397

  • Dynamic SR-TE tunnels does not get automatically re-created at new master after Routing Engine switchover. PR1474397

  • If the frequency of messages is too high for the number of sessions, the kernel might be overloaded and causes riftd to quit and generate a core file. PR1481169

  • After dot1xd restart, it takes around 60–70 seconds to display the MACsec statistics. In case of a full scale of 200 sessions, it takes around 40 seconds for all MACsec sessions to get configured on the FPC, then it reads statistics for 50 logical interfaces in every 5 seconds. This is to ensure that FPC CPU utilization is under check even on a scaled setup due to a slow MDIO bus. So, on a fully scaled setup of 200 logical interfaces, statistics for a given logical interface are read every 25 seconds. Thus the approximate total time will be 40 seconds + 25 seconds for statistics to be displayed after dot1x restart. PR1484699

  • After an FPC restart or offline/online event, DUT sends the delete path for interfaces where LLDP is explicitly disabled. PR1484734

  • The control peer PFCP heartbeat request timeout window must be greater than 90 seconds. PR1459135

  • The traffic on GRE interface on both ingress and egress cannot be Layer 2 mirrored. PR1462375

  • The following error message is issued when the connection between aftman and aft-ulcd is dropped: [Error] aft-ipc: AFT-ULCD IPC: Program will exit - ERROR MESSAGE. PR1467246

  • If you move the MX2K-MPC11E line card from one GNF to another in an in-chassis Junos node slicing setup, the line card takes a longer time than expected to come online. PR1469729

  • ALB over 64 links cannot rebalance the traffic to the desired configured tolerance. PR1470717

  • On MX10003 and MX204 routers, BFD or LACP might flap during BGP convergence. PR1472587

  • The following error message might appear: Failed to complete DFE tuning. This error message has no functional impact and can be ignored. PR1473280

  • The aftd hogs on executing the clear VPLS table and MACs are not learned for less than 5 minutes. PR1473334

  • ALB over 64 links fails to redistribute the traffic load after removing one fat traffic flow. PR1473435

Infrastructure

  • The Juniper Routing Engine with HAGIWARA CF card installed, after upgrading to Junos OS Release 15.1 and later, the following error message might appear on the log: smartd[xxxx]: Device: /dev/ada1, failed to read SMART Attribute Data PR1333855

MPLS

  • On all platforms running Junos OS with distributed CSPF under SR-TE scenario, if you execute some operations such as deactivate or activate SR protocols, restart routing, and so on, then rpd crash might be observed. PR1493721

Platform and Infrastructure

  • Traffic might drop due to the memory error of QX-chipset MPC. PR1197475

  • Interface-group based firewall filters used at MX Series router with the VPLS and BRIDGE logical interfaces hosted by an MPC might work unpredictably. PR1216201

  • Unknown unicast filter applied in an EVPN routing instance blocks unexpected traffic. PR1472511

  • An EVPN does not support individual logical interfaces operation if ESI is configured on the physical interface. On MX Series routers, the loop prevention feature supports per logical interface flap, only when ESI is configured at the logical interface level. If one logical interface is flapped during BUM traffic flow through another logical interface, the loop prevention feature does not work. If ESI is configured on the physical interface and one of the ESI logical interfaces is down, EVPN considers it as whole physical interface down. The router's designated forwarder (DF) role or MH status is changed and the local bias filter is reconfigured or deleted. Because the traffic flowing through the logical interface is not flapped, loop prevention is not enabled for the logical interface. PR1485100

Services Applications

  • Currently, while configuring a DNS filter profile at the [edit services web-filter profile profile-name dns-filter-template] hierarchy level, you can configure a maximum of number of 32 DNS filter templates. However, for a profile configured under [edit services web-filter profile profile-name security-intelligence-policy] hierarchy level, you can configure more than 32 templates.

    [See dns-filter-template and security-intelligence-policy].

Subscriber Management and Services

  • For dual-stacked clients over the same PPP-over-L2TP LNS session, enhanced subscriber management does not support configurations where both of the following are true:

    • The CPE sends separate DHCPv6 solicit messages for the IA_NA and the IA_PD.

    • The solicit messages specify a type 2 or type 3 DUID (link-layer address).

    As a workaround, you must configure the CPE to send a single solicit message for both IA_NA and IA_PD when the other configuration elements are present. PR1441801

Open Issues

Learn about open issues in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • CoS EXP classifier and rewrite with the mpls-inet-both-non-vpn protocol option is not working as expected. PR1479575

EVPN

  • In an EVPN scenario, duplicate packets are seen because a nondesignated forwarder is sending an inclusive multicast packet to the PE-CE interface after MAC lookup. PR1245316

  • In an EVPN scenario with nonstop active routing (NSR) enabled, the rpd crashes and generates core files on the backup Routing Engine when any configuration changes on the primary Routing Engine. PR1336881

  • With Junos OS Release 19.3R1, the VXLAN OAM host-bound packets are not throttled with DDoS policers. PR1435228

  • The no-arp-suppression statement is required for MAC learning to happen across the EVPN domain on a static VTEP. PR1517591

  • VLAN ID information is missed while installing the EVPN route from the BGP Type 2 route after modifying a routing-instance from instance-type evpn to instance-type virtual-switch. As a result, the data traffic sent via these EVPN routes doe not push VLAN ID in the inner Ethernet header. This might result in traffic getting discarded on the remote PE device. PR1547275

Forwarding and Sampling

  • Packet length for ICMPv6 is shown as '0' in the output of the show firewall log detail CLI command. PR1184624

  • When an IPv4 prefix is added to a prefix list referenced by an IPv6 firewall filter, the log message Prefix-List [Block-Host] in Filter [Protect_V6] not having any relevant prefixes , Match [from prefix-list Block-Host] might be optimized is not seen. PR1395923

  • When GRES is triggered by SSD hardware failure, the syslog error rpd[2191]: krt_flow_dfwd_open,8073: Failed connecting to DFWD, error checking reply - Operation timed out might be seen. PR1397171

  • After you restart routing, the remote mask, which indicates from which remote PE devices MAC IP addresses are learned, that the routing daemon sends might be different from the existing remote mask that the Layer 2 learning daemon had before restart. This causes a mismatch between Layer 2 learning and the routing daemon’s interpretation as to where the MAC IP address entries are learned, either local or remote, leading to the MAP IP table being out of synchronization. PR1452990

  • On MX platforms with EVPN-VXLAN implemented, ARP requests received on the VXLAN tunnel endpoint (VTEP) might not forward to CE device or proxy ARP role on VTEP might not work properly. This issue could happen when no-arp-suppression statement is disabled under EVPN instance combined with static VXLAN implementation. PR1546631

General Routing

  • The fxp0 marked as Dest-route-down because of specific operations such as disabling and enabling operations. PR1052725

  • On a vMX platform, the performance of the X710 NIC is lower compared to the performance of the 82599 NIC. A 10-Gbps line rate can be achieved at a 512-byte packet size for the X710 NIC compared to 256 bytes for the 82599 NIC. PR1281366

  • If a vmhost snapshot is taken on an alternate disk and there is no further vmhost software image upgrade, the expectation is that if the current vmhost image gets corrupted, the system boots with the alternate disk so the user can recover the primary disk to restore the state. However, under the condition where corruption is with the host root file system, the node is booting with the previous vmhost software instead of booting from the alternate disk. PR1281554

  • The chain-composite statement does not bring in a lot of gain because TCNH is based on an ingress rewrite premise. PR1318984

  • In a Message Queue Telemetry Transport (MQTT) scenario, about 4000 KB of memory leakage might be seen every 30 seconds. However, on very long runs, this leakage uses up high memory, which can indirectly impact other running daemons. PR1324531

  • With regard to FPC restarts or Virtual Chassis splits, the design of MX Series Virtual Chassis infrastructure relies on the integrity of the TCP connections and hence the reactions to failure situations might not be handled in a graceful way. For example, TCP connection timeout because of jlock hog crossing the boundary value (5 seconds) can cause bad consequences for the MX Series Virtual Chassis. Currently, there is no other easy solution to reduce this jlock hog besides enabling the marker infrastructure in an MX Series Virtual Chassis setup. PR1332765

  • On MX2010 and MX2020 routers equipped with SFB2, some error messages are seen in the logs. There is no operational impact caused by these messages. PR1363587

  • A few xe- interfaces go down with the error message if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840

  • The virtio throughput remains the same for multi-queue and single-queue deployments. PR1389338

  • Traffic destined to the VRRP VIP gets dropped as the filter is not updated to the related logical interface. PR1390367

  • FPC core files are generated on multiple additions or deletions of hierarchical CoS from pseudowire devices. As a workaround, remove the pseudowire device without changing the hierarchical CoS configuration. PR1414969

  • Traffic statistics are not displayed for the hybrid access gateway session and tunnel traffic. PR1419529

  • If the HTTP header enrichment function is used, the traffic throughput decreases when the traffic passes through header enrichment. PR1420894

  • With LACP enabled, deactivating a remote aggregate Ethernet member link makes the local member link move to LACP detached state and causes traffic drop on that member link. The same scenario happens when a new member link is added where the other end of that link is not yet configured with LACP. PR1423707

  • When you run the show route label X | display json command, two nh keys are present in the output. PR1424930

  • Dynamic tunnel summary displays an incorrect count of up and total tunnels after multiple iterations of activating and deactivating the dynamic tunnel configuration. It is just a display issue and there is no problem with the functionality. PR1429949

  • On MX Series platforms, if the clock frequency is slowly changing on CB0 (slow drift), the clock source for MPC-3D-16XGE-SFPP might not be changed to CB1, which will cause interfaces on it to go down and remain in the down state. PR1433948

  • On the dual Routing Engines of the MX Series platforms with subscriber management, the replication daemon (repd process) might crash after booting for the first time with a newly installed Junos OS release. The repd process synchronizes subscriber information across Routing Engines, so normally the repd crash has no impact on the live service. PR1434363

  • On MPC10E 3D MRATE-15xQSFPP, Layer 2 over GRE is not supported. Even though the configuration gets committed, the feature does not work. PR1435855

  • Interface hold-down timers cannot be achieved for less than 15 seconds on the MPC11E line card. PR1444516

  • Physical interface policers are not supported in Junos OS Release 19.3 for the MPC11 line card. PR1452963

  • Cosmetic issue that affects only CLI. RADIUS, L2TP, and so on are unaffected. The CLI issue is seen after ANCP restart and before ANCP neighbor is re-established and port-ups are received. Under normal working conditions, after ANCP restart, the port-ups should be received right away and the CLI issue will not be seen. PR1453837

  • With logical system configuration, filter-based GRE encapsulation does not work. PR1456762

  • On the MPC11E line card, the FIB download rates are lower than on the MPC10E by 30 percent. PR1456816

  • With the scaled filter-based forwarding (FBF) configuration, two instances seem unable to forward the traffic to the respective routing instances. It appears that the FBF programming is incorrect for these two FBF instances. PR1459340

  • Occasional warning messages such as TCP connect error can be seen during the FPC reboot. These are generally inconsequential and have no impact on the FPC or the line-card software functionality. PR1460153

  • A BFD session might flap when it is moving to an aggressive interval after coming up with a slow/nonaggressive interval. This issue is mainly seen in a scaled setup. PR1462775

  • Backport jemalloc profiling CLI support to all releases where jemalloc is present. PR1463368

  • The traffic stops when volume quota is reached but resumed wrongly after APFE failover. Threshold and quota values are not updated to the secondary APFE. If quota is hit on the primary APFE and traffic starts dropping due to quota and switchover happens, traffic will continue to flow until quota is hit. PR1463723

  • The following syslog error messages are harmless and expected during ISSU or GRES or FPC offline/online scenarios: [Oct 3 08:48:35.836 LOG: Err] ifl ps240.1 (1712): child ifl lt-1/0/0.32767 (7709) already there [Oct 3 08:48:35.836 LOG: Err] IFRT: 'Aggregate interface ifl add req' (opcode 87) failed [Oct 3 08:48:35.836 LOG: Err] ifl 1712, child ifl 7709; agg add failed. PR1464524

  • A BFD session might flap when it is moving to an aggressive interval after coming up with a slow/nonaggressive interval. This issue is mainly seen in a scaled setup. PR1465285

  • Unable to get the service sessions when NAT64 is configured with the destination-prefix length 32. PR1468058

  • The FPC might take additional time to come online during movement of MPC11 from one GNF to another GNF. PR1469729

  • With BGP rib-sharding and update-threading, traffic drops 100 percent in the BGP Layer 3 VPN streams, after the removal or restoration of the configuration. PR1469873

  • Syslog error message Failed to complete DFE tuning is generated. This message has no functional impact and can be ignored. PR1473280

  • For the MPC10E line card, the IS-IS and micro-BFD sessions do not come up during baseline. PR1474146

  • When the external server is rebooted, the SNMP values configured within the /etc/snmp/snmpd.conf file at the server gets overwritten with the content from the JDM SNMP configuration section. The trap configuration changes get completely removed. Restarting or stopping and starting JDM does not change the host /etc/snmp/snmpd.conf file. PR1474349

  • Dynamic SR-TE tunnels do not get automatically re-created at the new primary Routing Engine after the Routing Engine switchover. PR1474397

  • Expected number of 512,000 MAC addresses are not re-learned in the bridge table after clearing 512,000 MAC addresses from the table. PR1475205

  • Error message [Error] L2alm : l2alm_mac_process_hal_delete_msg:667 Ignoring MAC delete with ifl index 355, fwd_entry has 7888 are seen after performing configuration removal/restoration with IP/MPLS configurations in the MX480. PR1475785

  • In VPLS configurations, ARP resolution over an IRB interface might fail if the hosts are behind a vt- tunnel. As a workaround, you can use no-tunnel-services statement. PR1477005

  • The BGP sessions over the PS interfaces anchored over RLT might flap during ISSU. PR1478693

  • Invalid packets are dropped by DUT with TCC encapsulation configuration as intended but the statistics counters are incremented. PR1481698

  • When an SFB3 is un-gracefully yanked out and plugged back in and comes back online, there is a chance that the SFB3 might end up in error state during fabric chip initialization error. This error is seen intermittently. PR1482000

  • The next-generation services MX Series SPC3 services card can exhibit inconsistent behavior when the vmhost image is installed on the next-generation Routing Engine (NG-RE) RE-S-X6-64G-UB. Other Routing Engines that are compatible with next-generation services do not experience this problem. These Routing Engines are RE-S-1800X4-16G-UPG-BB, RE-S-1800X4-32G-UB, RE-S-1800X4-16G-UPG-BB, and RE-S-1800X4-32G-UB. PR1482334

  • Error message fpc0 user.crit aftd-trio: [Critical] Em: Possible out of order deletion of AftNode #012#012#012 AftNode details - AftIndirect token:230791 group:0 nodeMask:0xffffffffffffffff indirect:333988 hwInstall:1#012 is seen while executing the IP/MPLS script in baseline. PR1486158

  • Failed to open session database and unexpected LSP flap is observed on ingress node after ZPL ISSU. As a workaround, use the set protocols lacp fast-hello-issu command. PR1488089

  • The show ptp statistics detail command shows incorrect values for the delay request and response packets. PR1489711

  • Accessing the free memory might fail even after multiple switchovers of more than 50 with scale configuration generating a core file. PR1491527

  • On MX204 and MX10003 routers with the MPC7E, MPC8E, MPC9E, MPC10E, and JNP10K-LC2101 line cards, the following error message is observed: unable to set line-side lane config (err 30). This is error does not have any impact and can be ignored. PR1492162

  • The component sensor does not export data under CBO/1 in the expected time. PR1493579

  • In a VPLS scenario after an NSR Routing Engine switchover, the flood next-hop ID for the VPLS instance might not get synchronized between primary and backup Routing Engines which might lead to the traffic loss for that VPLS instance. PR1495925

  • After backup Routing Engine halt, CB1 goes offline and comes back online; this leads to the backup Routing Engine booting up and the reboot reason is displayed as 0x1:power cycle/failure. There is no functional impact of this issue. PR1497592

  • On an MX2020 device, the MPC11 line card is not supported. PR1503605

  • In an EVPN scenario with VRRPv6, the Ethernet source MAC address might be used for IPv6 MAC-IP binding when the NA is sent from the VRRPv6 primary. AS this unexpected behavior is triggered on regular intervals, it causes the entries to keep refreshing in the EVPN database because NS from the VRRPv6 primary changes the MAC-IP binding. This impacts the traffic. PR1505976

  • VLAN membership for interfaces is not added when configured with the vlan name of a VLAN created using vlan-id-list. PR1506045

  • Disruptive switchover (no GRES or NSR configured) can lead to stale Periodic Packet Management (PPM) entries programmed on the new primary Routing Engine. If both GRES and NSR are activated after disruptive switchover and then a GRES switchover is performed, BFD sessions might flap continuously. PR1518106

  • Show interfaces redundancy rlt0 shows current status as primary down as the FPC is still in ready state after the RLT failover. Issue occurs only with specific RLT interface configuration followed by FPC restart. In this PR, GRES was done when the FPC was doing the interface cleanup after FPC restart. The amount of time taken for interface cleanup on an FPC depends on scale. If GRES is done before FPC comes to clean state, the backup Routing Engine might not be in sync with the primary Routing Engine. This might create inconsistent interface states after GRES. PR1518543

  • Inconsistent core.python2.7.mpc0 core files are seen. PR1534568

  • If you pull out the MPC before the router is offline and the chassisd process is not able to process this event on the master Routing Engine because of additional mastership switch, and later the MPC which is pulled out is inserted back to the slot, many Switch Fabric Board (SFB) might go offline because of max_total_cell_usage overflow condition on the xfchip. MX2020 platform with SFB2 is not exposed to such event if the disable-grant-bypass is configured. PR1535787

  • On MX platforms with Junos OS Release 18.1 or higher release, chassisd memory leak might be caused by configuration commit. When chassisd consumes ~3.4 GB of memory it might crash, chassisd crash might cause GRES or/and FPC to restart. If GRES is enabled, commits are being synchronized between Routing Engines, so backup Routing Engine chassisd might suffer from memory leak too. PR1537194

  • If the Packet Forwarding Engine processes distributed IGMP pseudo logical interfaces is deleted, it attempts to delete all the associated multicast flows. On a scaled setup, deleting several thousand multicast flows hogs CPU for long time that it is killed by the scheduler, resulting in core file generation. This is a rare condition, seen only on scaled distributed IGMP setup. PR1537846

  • On MX2020 routers with MPC11 line card, plane offline event is getting stuck. PR1546449

  • In syslog output, sylog-local-tag name is truncated (it shows as SYSLOG_SF) when you configure the syslog local-log-tag as SYSLOG_SFW. PR1547505

  • The following leak is observed during the period of churn for the sensor group bound to RSVP P2MP tunnels: SENSOR APP DWORD.PR1547698

  • Validation of OCSP certificate might not go through for some CA servers. PR1548268

  • Whenever AMS undergoes any update, flowd process crashes. When AMS sends LB blob, USF-HCM-PKT plugin consumes and frees it. But it frees in legacy platform (Non-USF) manner which leads flowd process to crash. Basically, USF-HCM-PKT plugin is not supported in the USF platform and it is supported only in the Non-USF platform alone. PR1548928

  • In the ptp freerun state, output of the show ptp clock might continue to show the clock attributes of previously locked clock. PR1553369

  • On MX240, MX480, and MX960 platforms, with default increased-bandwidth fabric mode and SCBE3, if we have MPC3 or MPC3-NG line card exist on the system along with high bandwidth MPC, during high traffic situation or bursty traffic through the fabric towards MPC3/MPC3-NG line card. MX fabric might report unreachable destination condition and causes fabric healing to trigger in. This issue is exacerbated when having MPC7 or MPC10 line cards installed due to high fabric bandwidth that can be generated. PR1553641

High Availability (HA) and Resiliency

  • When an ZPL is done while traffic is running, some BGP sessions might flap, leading to traffic loss. The drop is transient and traffic recovers after the ZPL. PR1487144

Infrastructure

  • The following error message might be seen after an upgrade: invalid SMART checksum. PR1222105

  • An interface is configured for single VLAN or multiple VLANs, if all these VLANs of this interface have igmp-snooping enabled, then this interface will drop hot standby router protocol for IPv6 (HSRPv2) packets. PR1232403

  • Add F-label veto code checks for per-PFE f-label pools. PR1466071

  • IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) error message is observed continuously in AD with base configurations. PR1485038

Interfaces and Chassis

  • In an L2TP scenario when an MX Series router functions as an LTS (L2TP tunnel switch), there is a memory leak in the jpppd process running on the backup Routing Engine. This eventually generates jpppd core files due to an out-of-memory condition. There is no functional impact as it happens on the backup Routing Engine. PR1350563

  • The SFP index in the Packet Forwarding Engine starts at 1, while the port numbering starts at 0. This causes confusion in the log analysis. PR1412040

  • Layer 2 logical interface configuration is now decoupled from bridge or EVPN configuration. A Layer 2 logical interface can now be configured without being assigned to a bridge/EVPN. PR1438172

  • When user a checks for interface-level statistics, an issue occurs for IPv6 counters. At the originating router IPv6 local statistics counters are not updating because IPv6 local statistics counters not incrementing. IPv6 transit statistics are derived from total statistics and local statistics (Transit statistics = Total - Local). Because the local statistics are not updating, total statistics and transit statistics will be the same. This issue is specific to platforms with MPC10E and MPC11E. PR1467236

  • Changing framing modes on a CHE1T1 MIC between E1 and T1 on an MPC3E NG HQoS line card causes the PIC to go offline. PR1474449

  • After Routing Engine switchover without nonstop routing (NSR) on the broadband network gateway (BNG), some VRF routing instances might experience silent dropping of traffic destined to the hosts behind a static PPPoE subscriber's CPE device. The affected routing instances are configured without the vrf-table-label statement and should have a static route configured with the pp0.xxx interface as a next hop. PR1488302

  • On MX platforms, under subscriber environment and unnumbered IP address borrowed from the loopback interface configured on Demux interface and aggregated Ethernet interface, subscriber session might flap if the IP address of the loopback interface IP is changed. PR1544257

  • After an ASIC error, the logical interface down messages were being sent to VC-MM. They should have been sent to the local chassis master where the error was reported. PR1552588

  • The device control daemon (dcd) memory leak issue might be observed on pushing the scaled routing-instance configuration with bridge-domain stanza into the ephemeral database. PR1553148

Layer 2 Ethernet Services

  • When you revert from an Enhanced Switch Control Board (SCBE) upgrade, the SCB fails with the following error message: CHASSISD_FASIC_PIO_READ_ERROR. PR980340

  • The DHCP DECLINE packets are not forwarded to the DHCP server when forward-only is set within dhcp-reply. PR1429456

MPLS

  • The rpd generates core files at hbt_iterate_next, ldp_purge_unknown_tlv_temp_tree. PR1210526

  • On the MPC11E line card, degradation in IS-ISv4/RSVP convergence with link-protection configuration is observed. PR1485701

  • On all Junos OS platforms with RSVP-TE configured, when a transit router carries a large number of LSP's (for example, 60000 and higher) and all those LSPs undergo FRR (for example, when link carrying large number of LSP's flap) then, the rpd scheduler might slip and LDP session tear down might be observed after the link flap. PR1516657

Platform and Infrastructure

  • Packet header might get corrupted at the ingress Packet Forwarding Engine if the packet with more than two IEEE 802.1Q VLAN tags are traversing in an EVPN/VPLS routing instance. PR1300211

  • On MX Series routers with MPCs, the unicast traffic might drop when the destination is reachable over an integrated routing and bridging (IRB) interface and a label-switched interface (LSI) with two next hops. PR1420626

  • On the MX480 devices, traffic loss is observed if the ingress and egress ports are on different FPCs. PR1429714

  • For the bridge domains configured under an EVPN instance, ARP suppression is enabled by default. This enables the EVPN to proxy the ARP, and reduces the flooding of ARP in the EVPN networks. Because of that, storm control does not take effect on ARP packets on the ports under such bridge domains. PR1438326

  • A dual Routing Engine Junos node slicing GNF with no GRES configured and with system internet-options no-tcp-reset drop-all-tcp configuration might enter dual backup Routing Engine state upon manual GNF Routing Engine primary-role switchover attempt with the chassis routing-engine master [acquire|release|switch] command from either GNF Routing Engine CLI. PR1456565

  • While SNMP-Agent polls round-trip time (RTT) related to OIDs from a router running Junos OS, such as pingResultsAverageRtt, the router might respond with zero (0) value even there is no RPM ping failure. The following objects might be impacted: iso.3.6.1.2.1.80.1.3.1.4 -> pingResultsMinRtt iso.3.6.1.2.1.80.1.3.1.5 -> pingResultsMaxRtt iso.3.6.1.2.1.80.1.3.1.6 -> pingResultsAverageRtt iso.3.6.1.2.1.80.1.3.1.7 -> pingResultsProbeResponses iso.3.6.1.2.1.80.1.3.1.9 -> pingResultsRttSumOfSquares. PR1458983

  • The CFM remote MEP is not coming up after configuration or remains in start state. PR1460555

  • After performing ISSU with a scaled configuration, high CPU utilization is observed in the MPC 3D 16x 10GE card. PR1461715

  • With multiple different fixed-sized traffic streams configured at 1,000,000 fps (40-Gbps combined rate) on aggregated Ethernet0 along with another independent aggregated Ethernet (aggregated Ethernet1, 50 percent line rate 4 streams bi-directional => 118-Gbps combined traffic rate) both hosted on a single Packet Forwarding Engine instruction of an MPC11E line card, small varying packet drops occurs at every iteration on aggregated Ethernet1 on disabling aggregated Ethernet0. The drops might vary from 200 to certain 1000 frames. PR1464549

  • Line-card errors found at HALP-trinity_nh_dynamic_mcast_add_irb_topo:3520 snooping-error: invlaid IRB topo/ IRB ifl zero in l2 nh 40495 add IRB. PR1472222

  • Line-card errors found at RT-HAL,rt_mesh_group_delete_check,1599: Deletion of a non-existant mesh-group : proto 35 rtt 60grp-index 0,PFE_ERROR_NOT_FOUND: route check failed, entry not found with steady state measurement check. PR1472454

  • Unknown unicast filter applied in an EVPN routing instance blocks unexpected traffic. PR1472511

  • A few OAM sessions are not established with scaled EVPN ETREE and CFM configurations. PR1478875

  • An EVPN does not support individual logical interfaces operations if the ESI is configured on the physical interface. On MX Series routers, the loop prevention feature supports per logical interface flap, only when ESI is configured at the logical interface level. If one logical interface is flapped during BUM traffic flow through another logical interface, the loop prevention feature does not work. If ESI is configured on the physical interface and one of the ESI logical interfaces is down, EVPN considers it as whole physical interface down. The router's designated forwarder (DF) role or MH status is changed and the local bias filter is reconfigured or deleted. Because the traffic flowing through the logical interface is not flapped, loop prevention is not enabled for the logical interface. PR1485100

  • On all platforms running Junos OS that support EVPN-MPLS and EVPN-VXLAN, when an existing ESI interface flaps or is added newly to the configuration, sometimes designated forwarder (DF) election happens before the local bias feature is enabled and during this time, existing broadcast, unknown unicast, and multicast (BUM) traffic might be looped for a short time duration (less than several seconds). PR1493650

  • Traffic loss is observed after a unified ISSU, when you enable or disable and activate or deactivate the interface. PR1493723

  • The following error message is observed when alarms after interface reset: 7836 ifl 567 chan_index 8 NOENT & jnh_ifl_topo_handler_pfe(13015): ifl=567 err=1 updating channel table nexthop. PR1525824

  • With subscriber services configuration and distributed IGMP processing enabled for subscribers, it is possible that the line card can occasionally crash due to npc process core file generation. A line-card reboot is required to recover. This issue is seen outside of subscriber services or even with subscriber services if distributed IGMP is not enabled. PR1534542

  • On MX480 routers, IPv6 VRRP sessions are not established when duplicate address detection (DAD) is enabled. PR1534835

  • On certain Junos platforms with dual Routing Engines (platforms capable of installing Junos packages with name format as "junos*install"), BGP replication might fail to start under GRES/NSR setup after a crash on backup Routing Engine. NSR starts unreplicating the socket since backup Routing Engine is no longer present. Massive unreplicated request leads to memory buffer getting full with multiple BGP sessions (for example, 20 BGP peers). Hence BGP unreplicated request returned with an error. Besides, the kernel is left with stale data. It does not allow the Juniper Socket Replication (JSR) when backup Routing Engine comes up due to the stale data. BGP-NSR is broke under the conditions. Traffic outage will be observed after performing GRES. PR1552603

Routing Policy and Firewall Filters

  • Routing policy actions failed to configure neighbor-sets and tag-sets. PR1491795

Routing Protocols

  • While interoperating with other vendors in a draft-rosen multicast VPN, by default Junos OS attaches a route target to multicast distribution tree (MDT) subsequent address family identifier (SAFI) network layer reachability information (NLRI) route advertisements. But some vendors do not support attaching route targets to the MDT-SAFI route advertisements. In this case, the MDT-SAFI route advertisement without route-target extended communities are prevented from propagating if the BGP route target filtering is enabled on the device running Junos OS. PR993870

  • When the device is configured with link-node protection and labeled-bgp, ukern memory leak and FPC core file generation might occur. PR1366823

  • BFD session flaps during unified ISSU in the MPC7E line card. PR1453705

  • Even when the protocols mpls traffic-engineering bgp-igp statement is configured, the UDP tunnel routes are not added to inet.0. The UDP tunnel routes are added only to the inet.3 table irrespective of whether the statement is configured or not. PR1457426

  • With NSR enabled, the current BGP design supports 3000 BGP IPv6 peers or 8000 BGP IPv4 peers. If you try to bring up more than 3000 BGP IPv6 sessions or more than 8000 BGP IPv4 sessions, the rpd might crash. PR1461436

  • In a scaled scenario in a very short period of time dedicated PIM router receives more than 2500 PIM hello packets from the new neighbors followed by PIM Join packets for the same multicast group, some of this joins might not be processed from the first attempt. PR1500125

  • On devices with Next Generation Routing Engine and SCBE2 (Enhanced Switch Control Board), when BFD authentication for BGP is enabled, the BFD might flap after a Next Generation Routing Engine switchover. After the flap, the device does a self-recovery. PR1522261

  • When VRRP virtual address is configured and used to set up a BGP session with the remote side, under rare timing conditions, BGP peer establishment might get rejected repetitively. PR1523075

  • On MX Series with MPCs/MICs based Virtual Chassis, when there are multicast tunneled packets being received, which come into the Virtual Chassis Ports (VCP) and then pop out of the tunnel, if the VCP ports and the interfaces where multicast packets enter/leave the router are located on the same Packet Forwarding Engine, it might fail in sending multicast traffic to downstream receiver due to this issue. PR1555518

User Interface and Configuration

  • NETCONF service over SSH with dedicated TCP port (configured with system services netconf ssh and the default port is 830) might not work if in-band management is used (that is, connection is established via network interface or loopback interface and so on). PR1517160

VPNs

  • In an MVPN environment with the SPT-only option, if the source or receiver is connected directly to the c-rp PE device and the MVPN data packets arrive at the c-rp PE device before its transition to SPT, the MVPN data packets might be dropped. PR1223434

  • The MPC10E-15C-MRATE next-generation MPVN ingress replication flushing out is not proper when in egress the ingress replication configuration is deactivated. PR1475834

  • In a multicast VPN RPT-SPT mode with both locally and remotely connected receivers, the multicast forwarding entry related to the actual downstream interfaces might not be properly updated. The issue might happen when multicast forwarding entry is created by locally connected PIM receiver, followed by remote receiver and after local receiver decides to prune its membership in that multicast group. PR1546739

Resolved Issues

This section lists the issues fixed in Junos OS Release 20.1R2 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 20.1R2

Application Layer Gateways (ALGs)

  • FTPS traffic might be dropped on MX Series platforms if FTP ALG is used. PR1483834

  • The srxpfe and mspmand processes might crash if FTPS is enabled in a specific scenario. PR1510678

Class of Service (CoS)

  • SNMP query for jnxCos objects does not work. PR1475960

  • The following error message is observed: GENCFG write failed (op, minor_type) = (delete, Scheduler map definition) for tbl id 2 ifl 0 TABLE Reason: No such file or directory. PR1476531

  • The MX Series routers with MPC1 Q and MPC2 Q line cards might report memory errors. PR1500250

EVPN

  • When a dynamic list next hop is referenced by more than one route, it might result in an early deletion of the next hop from the kernel, thereby assigning the next-hop index as 0. PR1477140

  • IRB interface might get stuck in down state in an EVPN multihoming scenario. PR1479681

  • Deleting a Layer 2 logical interface generates an error if the interface is not deleted first from EVPN. PR1482774

  • The ESI of IRB interface does not get updated after autonomous-system number change if the interface is down. PR1482790

  • Due to timing condition, dead next hops in the flood group of the EVPN-MPLS are seen after remote PE devices bounce. PR1484296

  • The ARP entry gets deleted from the kernel after adding and deleting the virtual gateway address. PR1485377

  • The rpd process might crash due to a slow memory leak. PR1490269

  • The rpd process might generate a core file when the Routing Engine switches over after disabling the BGP protocol globally. PR1490953

  • VXLAN bridge domain might lose the VTEP logical interface after restarting chassisd. PR1495098

  • The l2ald memory leakage might be observed in any EVPN scenario. PR1498023

  • Packets might not be sent out of the IRB interface if there is no Layer 2 interface in the associated bridge domains. PR1498534

  • In an EVPN-VXLAN scenario, the l2ald process might crash in a rare condition. PR1501117

  • The VXLAN function might be broken due to a timing issue. PR1502357

  • The MAC address of the LT interface might not be installed in the EVPN database. PR1503657

  • Configuring the proxy-macip-advertisement statement for EVPN-MPLS leads to functionality breakage. PR1506343

  • Unable to create a new VTEP interface. PR1520078

  • ARP table might not be updated after performing VMotion or a network loop. PR1521526

  • EVPN: routing table stuck in deleted state in kernel. PR1521668

  • The BUM traffic might get dropped in the EVPN-VXLAN setup. PR1525888

  • The rpd process might crash when auto-service-id is configured in the EVPN-VPWS scenario. PR1530991

  • All the ARP reply packets toward to some address are flooded across the entire fabric. PR1535515

Forwarding and Sampling

  • In some rare scenarios upon FPC or PIC reboot, the Packet Forwarding Engine daemon database might not get updated with the correct location_id for some physical interfaces. Then a problem with statistics on some interfaces of a router might be observed. PR1458143

  • DHCP relay might not work normally under an EVPN with VXLAN environment. PR1487385

  • The DHCP subscribers might get stuck in Terminated state for around 5 minutes after disabling cascade ports. PR1505409

  • The pfed process might crash while running the show pfe fpc x command. PR1509114

  • UTC timestamp is used in the flat-file-accounting files when a profile is configured. PR1509467

  • Traffic might be dropped without exceeding the configured bandwidth under policer. PR1511041

  • The srrd process might crash in a high route churns scenario or if the process flaps. PR1517646

General Routing

  • In some MX Series platforms, the following random syslog messages are observed for FPCs: fpcx ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM - xxx left. PR1298161

  • The show security group-vpn member IPsec security-associations detail | display xml command is not in the expected format. PR1349963

  • The max-drop-flows statement is not available. PR1375466

  • On the MX2000 router, the error message Failed to get xfchip might be observed if the MPC7 line card is offline when Routing Engine switchover occurs. PR1388076

  • After the JNP10K-LC2101 line card is powered on, a voltage of 1345–1348 mV is read for about 20 seconds, which gets stabilized to 1493 mV. During this period, the FPC x Voltage Tolerance Exceeded major alarm is raised. PR1415671

  • In some scenarios with PTP hybrid mode, continuous resetting of the Playback Engine log message occurs. PR1420335

  • FPC might crash after GRES when you commit the changes in firewall filter with the next term statements in the subscriber scenario. PR1421541

  • PTP might not work on the MX104 router with any two-port license installed on the 10GbE interface and if phy-timestamping is enabled in PTP. PR1421811

  • The RPD scheduler slips might be seen upon executing the show route resolution extensive 0.0.0.0/0 | no-more command if the number of routes in the system is large (several millions). PR1425515

  • PTP and show warning are disabled when hyper mode is configured. PR1429527

  • MPC9E line card does not go offline due to unreachable destinations in phase 3 stage. PR1443803

  • FEC statistics are not getting reset after changing the FEC mode. PR1449088

  • The Mixed Master and Backup RE types alarm is observed when MX2008 with RE-MX2008-X8-128G detects backup Routing Engine as RE-MX2008-X8-64G. PR1450424

  • When an M-VLAN interface (OIF map) is changed, the existing multicast subscribers with membership reports in place experience loss of multicast traffic till traffic is forwarded to the new OIF map. For example, a new M-VLAN interface. PR1452644

  • Interfaces shut down by the disable-pfe action might not come up when you use the MIC offline or online command. PR1453433

  • The FPC or the Packet Forwarding Engine might crash with the ATM MIC installed in the FPC. PR1453893

  • When the scale configurations are applied, the chassisd CLI command might delay response or might time out for 10 minutes. PR1454638

  • Application and removal of 1-Gbps speed results in the channel being down. PR1456105

  • LSP statistics are not getting reset after routing restart. PR1458107

  • Multiple leaf devices and prefixes are missing when an LLDP neighbor is added after streaming is started at the global level. PR1460347

  • In the MVPN instance, traffic drops on multicast receivers within the range of 0.1 to 0.9 percent. PR1460471

  • On the MX960 router, the following error message might be observed: SCHED L4NP[0] Parity errors. PR1464297

  • The bbe-smgd process generates core files on the backup Routing Engine. PR1466118

  • On the MPC11E line card, the DOM MIB alarm for the channelized 10-Gigabit Ethernet interface does not show any alarm for LF/RF. PR1467446

  • In Junos OS Release 16.2R1 and later, if commit is executed after commit check, the daemons (for example, dhcpd and sampled) might not get started even after the related configuration is successfully committed. PR1468119

  • On the MX150 routers, the request system halt and request system power-off commands do not work as expected. PR1468921

  • The GRE tunnel might go down in a scenario with IPv4 and IPv6 IPsec service configured. PR1470667

  • The following syslog message are observed: fpcX user.notice logrotate: ALERT exited abnormally with [1]. PR1471006

  • On MX104 routers, the clksyncd crash might be seen when PTP over an aggregated Ethernet is configured. PR1471466

  • pkid process might crash at bn_i2c (pval=0x1d, cont=0x0, putype=0xffffcce8, it=0xc8c848b8 < BIGNUM_it>) at ../../../../../../../src/crypto/openssl/crypto/asn1/x_bignum.c:127. PR1471878

  • When both MSTP and ERP are enabled on the same interface, ERP might not come up properly. PR1473610

  • Drops counter does not increment for the aggregated Ethernet interface even after the member link shows the drops. PR1473665

  • On MX150 platforms, core files are not seen under show system core-dumps. PR1474118

  • A newly added LAG member interface might forward traffic even though its micro-BFD session is down. PR1474300

  • Traffic loss might be seen as backup Routing Engine takes around 20 seconds to acquire the primary role. PR1475871

  • Syslog reports simultaneous zone change reporting for all zones green, yellow, orange, red for one or more service PICs. PR1475948

  • On MX2020, MX2010, and MX960 platforms, traffic drop might be observed while performing a unified ISSU. PR1476505

  • In vMX instances, after every commit, the following error message is observed: chassisd[7836]: %DAEMON-3-CHASSISD_IOCTL_FAILURE: acb_get_fpga_rev: unable to get FPGA revision for Control Board (Inappropriate ioctl for device). PR1477941

  • The ukern-platformd process might crash on the MX2000 router with the MPC11 line card. PR1478243

  • The FPC with vpn-localization vpn-core-facing-only configured might be stuck in ready state. PR1478523

  • On the MPC7E, MPC8E, and MPC9E line cards, hardware sensor information is logged on the syslog and /var/log/messages for every 30 minutes. PR1478816

  • All PPPoE subscribers might not log in after FPC restart. PR1479099

  • Multiple SQLite vulnerabilities resolved. PR1480208

  • The 100GbE might randomly fail to come up after maintenance operations. PR1481054

  • Memory utilization enhancement is required. PR1481151

  • Issue with binding non-default routing instance to existing soft-gre group. PR1481278

  • After unified ISSU on the primary and the backup Routing Engines, the ISSU enhanced-mode:Performing action get-state for error /fpc/5/pfe/0/cm/0/PCIe_Error/0/PCIE_CMERROR_UNCORRECTABLE (0x190001) error message is generated. PR1481859

  • Fabric healing logic incorrectly makes all MPC line cards go offline in the MX2000 router while the hardware fault is located on one specific MPC line-card slot. PR1482124

  • The vmcore process crashes sometimes along with the mspmand process on MS-MPC and MS-MIC if large-scale traffic flows are processed. PR1482400

  • Fragmentation limit and reassembly timeout configuration under services option are missing for SPC3. PR1482968

  • On SCBE3, traffic decreases during throughput testing. PR1483100

  • The downstream IPv4 packet greater than BR MTU gets dropped in MAP-E. PR1483984

  • The traffic rate might not be as expected on the aggregated Ethernet interface after applying a shared-bandwidth policer. PR1484193

  • SNMP index in Packet Forwarding Engine reports as 0, causing sFlow to report either IIF or OIF (not both) as 0 in sFlow record data at collector. PR1484322

  • On MPC10 line cards, the logical tunnel interface might not work. PR1484751

  • In a scaled environment, bbe-smgd might crash when executing the show system resource-monitor summary CLI command. PR1484444

  • tcpdump core file is generated after initiating monitor traffic interface command from CLI. PR1485465

  • The krt-nexthop-ack-timeout command might not automatically be picked up on restarting the rpd process. PR1485800

  • MPC10E line card installed in the FPC slot 4 might drop host outbound traffic. PR1485942

  • Kernel core files might be seen if deleting an ifstate. PR1486161

  • Kernel crash (vmcore) occurs upon receipt of a malformed IPv6 packet. PR1486948

  • On MX Series Virtual Chassis, error logs ac200_dcfp2_pm_get_info: ifd 0xb3d090a8, info 0x196cc518, ac200_dcfp2 0x0 are generated periodically. PR1487070

  • The aftd process might crash. PR1487416

  • Incorrect frame length of 132 bytes might be captured in the packet header. PR1487876

  • XML is not correctly formatted. PR1488036

  • Add support for PSM firmware upgrade on MX2000. PR1488575

  • The chassisd process might crash if you execute an SNMP request for a MIC that is a part of an offline FPC. PR1488946

  • Daemon might restart due to mishandling of data. PR1489512

  • Previous configuration might still take effect after rollback rescue is performed. PR1489575

  • With the MX-SPC3 service card, NAT might not be processed on an order as setup. PR1489581

  • With a 4-member AMS used in the service set, commit check should fail when a /30 subnet address is used as NAT pool IP. PR1489885

  • Support for PSM firmware upgrade on the MX2000 platforms. PR1489939

  • Prolonged flow control might occur with MS-MPC or MS-MIC. PR1489942

  • Add support for PSM firmware upgrade in utility on the MX2000 platforms. PR1489967

  • Syslog error message Failed to connect to the agentx master agent (/var/agentx/master): Unknown host (/var/agentx/master) (No such file or directory) is continuously being generated with DNS-sinkhole. PR1490487

  • The MPC might crash due to the PHY interface driver issue of MIC in MX2000 and MX10003 platforms. PR1490531

  • When a NAT/SFW rule is configured with application-set with multiple applications having different TCP inactivity-timeout values, sessions are not getting TCP inactivity-timeout according to the configured application order. PR1491036

  • In an event where BCM SerDes firmware has stopped and not completed, a corresponding alarm is generated. PR1491142

  • The ISSU is not supported on the NG-MPC line cards from Junos OS Release 19.4R1. PR1491337

  • Multiple deactivation or activation of the security traceoptions along with a single NAPT44 session might crash the flowd process. PR1491540

  • MS-MIC goes down after loading some Junos OS releases in an MX Virtual Chassis scenario. PR1491628

  • On the MX240, MX480, or MX960 router with SCB3E, swapping the MPC10E line card with the MPC7E line card in the same FPC slot results in fabric errors, which causes system-wide traffic impact. PR1491968

  • User-configured MTU might be ignored after the unified ISSU using request vmhost software in-service-upgrade. PR1491970

  • MX10003 RCB always detect fire temp and shutdown in short time after downgrade. PR1492121

  • There is a delay in the LT interfaces on the MPC11E line card coming up after configuring the scaled PS interfaces anchoring to RLT. PR1492330

  • A PIC number greater than four will be missing from the SNMP table entPhysicalTable. PR1492996

  • The delta PSM firmware upgrade status is incorrectly displayed. PR1493045

  • MPC10 and MPC11 line cards might crash if the interface is configured with the firewall filter referencing shared-bandwidth policer. PR1493084

  • DHCP subscribers do not come up as expected after deactivating Virtual Chassis port. PR1493699

  • The ptp-clock-global-freq-tracable leaf value becomes false and does not change to true when the internal lock is in the Acquiring state. PR1493743

  • The LSP might not come up in an LSP externally provisioned scenario. PR1494210

  • The error message PFE_ERROR_FAIL_OPERATION: Unable to unbind cos scheduler from physical interface is seen for the AF interfaces on an FPC when the peer FPC is restarted. PR1494452

  • In a node slicing setup, after GRES, the RADIUS interim updates might not carry actual statistics. PR1494637

  • B4 devices cannot establish the softwire with AFTR. PR1496211

  • The following error messages are generated by Packet Forwarding Engine when the subscribers come up over a pseudowire interface: PFEIFD: Could not decode media address with length 0. PR1496265

  • Outbound SSH connection flap or memory leak issue might be observed during a push configuration to the ephemeral database with a high rate. PR1497575

  • Port numbers logged in the ALG syslog are incorrect. PR1497713

  • Subscribers might be disconnected after one of the aggregated Ethernet participating FPCs comes online in a Junos OS node slicing scenario. PR1498024

  • SNMP polling does not show correct PSM jnxOperatingState when one of the PSM inputs failed. PR1498538

  • The rpd process might crash when multiple VRFs with IFLs link-protection are deleted at a single time. PR1498992

  • The commit check might fail when adding a logical interface into a routing instance with the no-normalization statement enabled under the routing instances hierarchy. PR1499265

  • Heap memory leak might be seen on the MPC10 and MPC11 line cards. PR1499631

  • Some of the virtual services might not come up after GRES or rpd restart. PR1499655

  • After disabling and enabling the ams0 interfaces, the NAT sessions do not get synchronized back to the current standby SDG. PR1500147

  • Inline Junos telemetry interface might report a wrong value for some fields in flow records after enabling nexthop-learning and route churn happens. PR1500179

  • The SPC3 card might crash if the SIP ALG is enabled. PR1500355

  • The show services alg conversations and show services alg sip-globals commands are not supported in the USF mode. PR1501051

  • On MX2010 and MX2020 routers, the pem_tiny_power_remaining message will be continuously logged in chassisd log. PR1501108

  • Application ID is not displayed under the NAT/SFW rule configured with application any rule. PR1501109

  • VPN traffic gets silently discarded in a cornered Layer 3 VPN scenario. PR1501935

  • The chassisd process might become nonresponsive. PR1502118

  • On the MPC11 line card, the show syslog command in the Packet Forwarding Engine shell might time out. PR1502877

  • MACsec delay protection fails to drop or discard delayed MACsec packets. PR1503010

  • The packets from a nonexisting source on the GRE or UDP designated tunnel might be accepted. PR1503421

  • Configuring the ranges statement for autosensed VLANs might not work on the vMX platforms. PR1503538

  • The show bridge statistics command output does not display the statistics information for the pseudowire subscriber interfaces. PR1504409

  • The gNMI stream does not follow the frequency on the subscription from the collector. PR1504733

  • Fan speed might toggle between full and normal on the MX960 router with an enhanced FRU. PR1504867

  • S-BFD session might be unable to get up if multiple IP addresses are configured in lo0 interface. PR1505418

  • The rpd process might crash in case of a network churn when the telemetry streaming is in progress. PR1505425

  • The l2cpd process might crash if the ERP configuration is added or removed, and the l2cpd process is restarted. PR1505710

  • GnmiJuniperTelemetryHeader incompatibility is introduced in Junos OS Release 19.3. PR1507999

  • The heap memory utilization might increase after extensive subscriber login or logout. PR1508291

  • Outbound SSH connection flap or memory leak issues might be observed during a push configuration to the ephemeral database with a high rate. PR1508324

  • The ERO update by the controller for branch LSP might cause issues. PR1508412

  • False positive TSensor errors are reported on vjunos0. PR1508580

  • The host-generated packets might be dropped if the force-control-packets-on-transit-path statement is configured. PR1509790

  • The disabled QSFP transceiver might fail to be switched on. PR1510994

  • Static subscribers are logged out after creating a unit under the demux0 interface. PR1511745

  • Memory leak on l2ald might be seen when adding or deleting the routing-instances or bridge-domains configuration. PR1512802

  • The wavelength configured through the CLI might not be set on the SFP+-10G-T-DWDM-ZR optics when the optics is used on the MPC7E line card. PR1513321

  • Modifying the segment list of the segment routing LSP might not work. PR1513583

  • Subscribers might not be able to bind again after performing back-to-back GRES followed by an FPC restart. PR1514154

  • The MACsec session might fail to establish if 256-bit cipher suite is configured for MACsec connectivity association assigned to a logical interface. PR1514680

  • On the MX2020 and MX2010 routers, the SPMB CPU is elevated when an SFB3 is installed. PR1516287

  • Used-Service-Unit of the CCR-U has Output-Bytes counter zero. PR1516728

  • The l2ald process crashes during stability test with traffic on a scaled setup. PR1517074

  • The MPC7E line card with QSFP installed might get rebooted when the show mtip-chmac <1|2> registers vty command is executed. PR1517202

  • There might be memory leak in cfmd if both the CFM and inet/IPv4 interfaces are configured. PR1518744

  • The vgd process might generate a core file when the OVSDB server restarts. PR1518807

  • Traffic loss might happen when an uncorrected (fatal) AER error is detected. PR1519530

  • The PADI packets might be dropped when the interface encapsulation VPLS is set along with the accepted protocol configured as PPPoE. PR1523902

  • The PSM firmware upgrade must not allow multiple PSM upgrades in parallel to avoid the firmware corruption and support mutliple firmwares for different hardware. PR1524338

  • Commit is successful while deactivating CB0 and CB1 interfaces with a running GNF. PR1524766

  • According to the OC data model, the openconfig-alarms.yang subscription path must be used as system/alarms/alarm. PR1525180

  • Addition and removal of an aggregated Ethernet interface member link might cause the PPPoE subscriber session and traffic to drop. PR1525585

  • Error message Erroneous RPD_DYN_CFG_GET_PROF_NAME_FAILED is seen during GRES if a RIB interface is configured without a profile. PR1526481

  • WAG control route prefix length is observed. PR1526666

  • On MX150 routers, physical interface stay up during vmhost halt or power-off. PR1526855

  • Family IPv6 does not come up for the L2TP subscriber when additional attributes are not passed in the Framed-IPv6-Route VSA. PR1526934

  • Commit error messages come twice while validating the physical-cores statement. PR1527322

  • The cpcdd process might generate core files after upgrading to Junos OS Release 19.4 and later. PR1527602

  • The transit PTP packet might be modified unexpectedly when the packet passes through MPC2E-NG, MPC3E-NG, and MPC5E line cards. PR1527612

  • The commit confirm command might not roll back the previous configuration when the commit operation fails. PR1527848

  • The speed command cannot be configured under the interface hierarchy on an extended port when MX204 or MX10003 router works as an aggregation device. PR1529028

  • Non-impacting error message is seen in the message logs: IFP error> ../../../../../../../../../src/pfe/usp/control/applications/interface/ifp.c@3270:(errno=1000) tunnel session add failed. PR1529224

  • The multicast traffic might be dropped due to hash mismatch when there are aggregated Ethernet and ECMP links involved in the multicast tree. PR1529475

  • In the subscriber management environment, the RADIUS interim accounting record does not get populated with the subscriber statistics. PR1529602

  • SFP-LX10 shows unsupported after unified ISSU upgrade on 3D 20x 1GE(LAN)-E,SFP and 3D 20x 1GE(LAN)-EH,SFP. PR1529844

  • PEM 0 always shows as absent or empty even if PEM 0 is present on MX10003 router. PR1531190

  • New subscribers might fail to connect due to filter index space exhausted error. PR1531580

  • Deletion of the address of the jmgmt0 interface might fail if the shortened version of the CLI command is used. PR1532642

  • Some routes might get incorrectly programmed in the forwarding table in the kernel which is no longer present in rpd. PR1534455

  • The clear ike statistics with remote gateway does not work. PR1535321

  • SNMP MIB walk for jnxSubscriber OIDs returns general error. PR1535754

  • Multicast traffic might be sent out through unexpected interfaces with distributed IGMP enabled. PR1536149

  • Error message JAM: Plugin installed for summit_xxx PIC might be seen when the JAM packages are installed for MX10003 platforms. PR1537389

  • The accounting interim-updates for subscriber does not work after GRES and subsequent reboot of the FPCs in a node slicing setup. PR1539474

  • Services process mspmand leaks memory in relation to MX telemetry, reporting RLIMIT_DATA exceed. PR1540538

  • With hold time configuration, Gigabit Ethernet interfaces remain down on reboot. PR1541382

  • Subscriber might not come up on some dynamic VLAN ranges in a subscriber management environment. PR1541796

  • Port mirroring with maximum-packet-length configuration does not work over a GRE interface. PR1542500

  • The PPPoE subscribers might fail to login. PR1551207

  • The show dynamic-profile session client-id command displays only one IPv6 framed-route information. PR1555476

High Availability (HA) and Resiliency

  • Unified ISSU might fail on MX204 and MX10003 Virtual Chassis with an error message. PR1480561

Infrastructure

  • If the serial number of the PEM starts with 1F1, the following alarm might be generated: Minor FPC PEM Temp Sensor Failed. PR1398128

  • Packet counter does not work as expected when using SNMP get. PR1422929

  • Unknown MIB OID 1.3.6.1.2.1.47.2.0.30 are referenced in the SNMP trap after upgrading to Junos OS Release 18.4R3.3. PR1508281

  • SNMP polling might return an unexpectedly high value for the ifHCOutOctets counter for a physical interface when any jnxDom OID is processed at the same time. PR1508442

Interfaces and Chassis

  • Syslog error scchassisd[ ]: CHASSISD_IPC_WRITE_ERR_NULL_ARGS: FRU has no connection arguments fru_send_msg Global FPC x is observed after MX Series Virtual Chassis local or global switchover. PR1428254

  • Benign registration is being denied message might be seen when committing configuration on MX Virtual Chassis. PR1431377

  • The MC-LAG configuration-consistency ICL configuration might fail after committing some changes. PR1459201

  • The sonet-options configuration statement is disabled for the xe interface that works in wan-phy mode. PR1472439

  • The interface on MIC3-100G-DWDM might go down after performing an interface flap. PR1475777

  • Fail to configure proactive ARP detection. PR1476199

  • A stale IP address might be seen after a specific order of configuration changes in a logical systems scenario. PR1477084

  • Control logical interface 32767 is not created on the VLAN-tagged physical interface even after removing the VLAN 0 configuration. PR1483395

  • Traffic might get dropped as the next hop points to the ICL even though the local MC-LAG is up. PR1486919

  • On the MPC6 line cards, the CFM DM two-way verification fails with an invalid timestamp. PR1489196

  • The vrrp-inherit-from change operation leads to packet loss when traffic is being forwarded to the VIP gateway. PR1489425

  • The mgd process might hang up on a crashed dcd commit check process and the dcd might also crash. PR1491363

  • The FPC crash might be observed with an inline mode with CFM configured. PR1500048

  • Unexpected dual VRRP backup state might occur after performing two subsequent Routing Engine switchovers with track priority-hold-time configured. PR1506747

  • Commit failure is observed while deleting all the units under the ps0 interface. PR1514319

  • The following error message is observed: Request failed: OID not increasing: ieee8021CfmStackServiceSelectorType. PR1517046

  • Buffer overflow vulnerability in a device control daemon is observed. PR1519334

  • Syslog error should have at least one member link on a different fpc might be observed after committing a configuration under interface hierarchy. PR1539719

  • The following the commit error is observed while trying to delete unit 1 logical systems interfaces: ae2.1: Only unit 0 is valid for this encapsulation. PR1547853

Intrusion Detection and Prevention (IDP)

  • When creating the custom IDP signatures that match the raw bytes (hexadecimal), the commit check fails if the administrator configures the depth parameter. PR1506706

J-Web

  • Session fixation vulnerability in J-Web. PR1410401

  • The httpd process might run with high CPU utilization when J-Web is enabled. PR1483607

  • Security vulnerability in J-Web and Web-based (HTTP or HTTPS) services is observed. PR1499280

Juniper Extension Toolkit (JET)

  • Behavior change in clients with multiple gRPC channels to same target. PR1492088

Junos Fusion Satellite Software

  • Temperature sensor alarm is seen in Junos fusion scenarios. PR1466324

Layer 2 Features

  • Connectivity is broken through LAG because of the members configured with hold-time and force-up. PR1481031

Layer 2 Ethernet Services

  • For the MX204 router, the vendor ID is set as MX10001 in the factory-default configuration and in the DHCP client messages. PR1488771

  • The DHCP subscribers might not come up when DHCP ALQ and VRRP are configured. PR1490907

  • JDHCPD memory leak is observed during login or logout test over five days. Memory is more than tripled in this time. PR1491349

  • Issues with the DHCPv6 relay processing confirm and reply packets are observed. PR1496220

  • The MC-LAG might be down after disabling and then enabling the force-up configuration. PR1500758

  • The default-route might not be added to the Juniper device configured as the DHCPv4 client device. PR1504931

  • The aggregated Ethernet interface sometimes might not come up after the router is rebooted. PR1505523

  • The DHCPv6 lease query is not as expected while verifying the DHCPv6 server statistics. PR1506418

  • Receipt of the malformed DHCPv6 packets causes jdhcpd to crash. PR1511782

  • The show dhcp relay statistics display DHCPLEASEUNASSIGNED instead of DHCPLEASEUNASSINGED. PR1512239

  • The show dhcpv6 relay statistics command must display DHCPV6_LEASEQUERY_REPLY instead of DHCPV6_LEASEQUERY_REPL for the messages sent. PR1512246

  • The jdhcpd process crashes when a specific DHCPDv6 packet is processed in the DHCPv6 relay configuration. PR1512765

  • The DHCP6 lease query is not as expected while verifying the DHCPv6relay statistics. PR1521227

  • Memory leak in jdhcpd might be seen if access-profile is configured under the dhcp-relay or dhcp-local-server statement. PR1525052

  • Memory leak in the jdhcpd process might be seen if the access-profile is configured under the dhcp-relay or dhcp-local-server statement. PR1525052

MPLS

  • The following error is observed on switchover when a vt- interface is in use: show routing-instances MVPN-1 instance-type vrf; interface vt-0/0/0.1202 { <<<<< multicast; } //snip.PR1434522

  • The RSVP interface bandwidth calculation rounds up. PR1458527

  • The rpd process might crash in PCEP for the RSVP-TE scenario. PR1467278

  • On the MPC10E and MPC11E line cards, the LDP and BFD sessions are dropped when the fast-lookup-filter has a default term with only accept as action and it is attached to the lo0 interface. PR1474204

  • PCC might flood event logs to the controller. PR1476822

  • The rpd crash might be seen after back-to-back graceful restart or GRES. PR1485985

  • The rpd might crash on restart of the primary Routing Engine or backup Routing Engine when chain-NH has inner and outer labels in the SR-TE scenario. PR1486077

  • High CPU utilization for rpd might be seen if RSVP is implemented. PR1490163

  • The rpd process might crash when the BGP flaps with FEC 129 VPWS enabled. PR1490952

  • BGP session flaps between two directly connected BGP peers because of the incorrect TCP-MSS in use. PR1493431

  • The rpd process might crash in a rare condition in the SR-TE scenario. PR1493721

  • The rpd core files are generated during unified ISSU. PR1493969

  • The rpd process generates core file on the backup Routing Engine. PR1495746

  • The rpd process might crash when the SNMP polling is done using the OID jnxMplsTeP2mpTunnelDestTable. PR1497641

  • Traffic loss might occur if unified ISSU is performed when P2MP is configured for an LSP. PR1500615

  • The CSPF job might get stalled for a new or an existing LSP in a high-scale LSP setup. PR1502993

  • The auto-bandwidth feature might not work correctly in an MPLS scenario. PR1504916

  • The rpd process might crash with RSVP configured in a rare timing case. PR1505834

  • The rpd process might crash when the rpd restarts or GRES switchovers. PR1506062

  • Activating or deactivating the LDP-sync under OSPF might cause the LDP neighborship to go down and stay down. PR1509578

  • The rpd process might crash after upgrading Junos OS Release 18.1 to a later release. PR1517018

  • The SNMP trap is sent with the incorrect OID jnxSpSvcSetZoneEntered. PR1517667

  • The LDP session-group might throw a commit error and flap. PR1521698

  • The inter-domain LSP with a loose next hops path might get stuck in down state. PR1524736

  • LDP routes might be deleted from MPLS routing table after Routing Engine switchover. PR1527197

  • The ping mpls rsvp command does not take into account the lower MTU in the path. PR1530382

  • The rpd process might crash when the LDP route with indirect next hop is deleted on the aggregated Ethernet interface. PR1538124

  • Performing commit might trigger externally provisioned LSP MBB mechanism. PR1546824

Network Address Translation (NAT)

  • Improve the max ENODE connections for one persistent NAT binding from 8 to 32. PR1532249

Network Management and Monitoring

  • The SNMPv3 informs might not work properly after rebooting. PR1497841

Platform and Infrastructure

  • The core.vmxt.mpc0 is seen at 5 0x096327d5 in l2alm_sync_entry_in_pfes (context=0xd92e7b28, sync_info=0xd92e7a78) at ../../../../../src/pfe/common/applications/l2alm/l2alm_common_hw_api.c:1727. PR1430440

  • Traffic loss might be seen in case of Ethernet frame padding with VLAN. PR1452261

  • Traffic from an IRB interface toward an LSI interface gets dropped with adaptive or per-packet load balancing. PR1458825

  • On the MX204 router, GRE with sampling causes the following Packet Forwarding Engine error: MQSS(0): MALLOC: Underflow error during reference count read - Overflow 1, Underflow 1, HMCIF 0, Address 0x8d62e0. PR1463718

  • VXLAN packet might be discarded with flow caching enabled on MX150 and vMX. PR1466470

  • SSH login might hang and the TACACS+ server closes the connection without sending any authentication failure response. PR1478959

  • Traffic disruption for an MoFRR protected multicast flow in an NG-MVPN hot root standby FRR scenario. PR1478981

  • Some error logs might be reported every 2 minutes due to SRAM single bit ECC error which is a transient hardware issue on MX Series with MPCs/MICs with queuing chip. PR1479240

  • XQCHIP xqchip_drop_get_q_length severity of parity error moved from major to minor. PR1481558

  • The show system buffer command displays all zeros in the MX104 chassis. PR1484689

  • MAC learning under bridge domain stops after the MC-LAG interface flaps. PR1488251

  • Normalize PPE thread timeout settings across platforms with different clock speeds. PR1490761

  • MAC malformation might happen in a rare scenario under MX Series Virtual Chassis setup. PR1491091

  • In a node slicing setup, MPLS TTL might be set to zero when the packet goes through AF interface configured with CCC family. PR1492639

  • Traceroute monitor with MTR version v.69 shows a false 10 percent loss. PR1493824

  • Packets get dropped when the next hop is an IRB-over-LT interface. PR1494594

  • The Routing Engine might crash when a large number of next hops are quickly deleted and added again in a large ARP or ND scaled scenario. PR1496429

  • Traffic to VRRP virtual IP or MAC addresses might be dropped when ingress queuing is enabled. PR1501014

  • Python or SLAX script might not be executed. PR1501746

  • MAC learning request throttling mechanism could not work properly in a scale setup. PR1501758

  • Arbitrary code execution vulnerability in Telnet server. PR1502386

  • Traffic originated from another subnet is sent out with 0x8100 instead of 0x88a8. PR1502867

  • MPCs might crash when there is a change on routes learned on the IRB interface configured in the VPLS or EVPN instances. PR1503947

  • Traffic loss might be seen in certain conditions under an MC-LAG setup. PR1505465

  • The kernel might crash causing the router or the Routing Engine to reboot when performing virtual IP related change. PR1511833

  • During route table object fetch failure, the FPC might crash. PR1513509

  • The output of the show jnh qmon queues-sensor stats 0 command has no content. PR1514881

  • VPLS connection might be stuck in primary fail status when a dynamic profile is used on the VPLS pseudowire logical interface. PR1516418

  • The configured scheduler map is not applied on the ms- interface if the service PIC is in the Offline state during commit. PR1523881

  • TWAMP interoperability issue between Junos OS releases are observed. PR1533025

  • NH DWORD memory leak observed in the Packet Forwarding Engine with ARP churn bound to IRB interface, part of EVPN-MPLS routing instance. PR1533857

  • Subscribers are not coming up on PS interface. PR1536043

  • The rmopd process memory leak might be seen if TWAMP client is configured. PR1541808

  • MX Series with MPCs/MICs might crash when the underlying Layer 2 interface for ARP over IRB interface is changed from physical interface to LSI interface. PR1542211

Routing Policy and Firewall Filters

  • The router ID from the martian address range cannot be committed even if the range is allowed by the configuration. PR1480393

  • The policy configuration might be mismatched between rpd and mgd when the deactivate policy-options prefix-list is involved in configuration sequence. PR1523891

Routing Protocols

  • The BGP session might become nonresponsive with high BGP OutQ value after GRES on both sides. PR1323306

  • When configuring an alternate incoming interface for a PIM RPF check using rpf-selection, the additional groups outside the configured range might switch to the alternate incoming interface. PR1443056

  • IS-IS TI-LFA traffic convergence time is more than 50 ms for IPv4 and IPv6 traffic. PR1458791

  • Adjacency SID might be missed and not be advertised to peer/controller/BMP monitor in BGP-LS NLRI. PR1473362

  • The rpd process crashes due to specific BGP UPDATE packets. PR1481641

  • Multicast traffic loss might be seen in certain conditions while enabling the IGMP snooping under an EVPN-VXLAN ERB scenario. PR1481987

  • The rpd process might crash when deactivating logical systems. PR1482112

  • The BGP multipath traffic might not fully load-balance for a while after adding a new path for load sharing. PR1482209

  • The output of the show isis interface detail command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters. PR1482983

  • RIPv2 might malfunction when changing the interface type from P2MP to broadcast. PR1483181

  • The rpd process crashes if the same neighbor is set in different RIP groups. PR1485009

  • There might be rpd process memory leak in a certain looped MSDP scenario. PR1485206

  • The BGP-LU routes do not have the label when BGP sharding is used. PR1485422

  • Removal of the BGP and rib-sharding configuration might cause the routing protocols to become unresponsive. PR1485720

  • Layer 3 VPN RR with the family route-target and no-client-reflect statements does not work as expected. PR1485977

  • Traffic loss might be seen while performing GRES in an MPLS setup. PR1486657

  • The rpd crashes if BGP LLGR with RIB sharding and traceoptions for graceful-restart are configured. PR1486703

  • The rpd might crash with BGP RPKI enabled in a race condition PR1487486

  • The rpd might crash when you perform GRES with MSDP configured. PR1487636

  • High CPU utilization might be observed when the outgoing BGP updates are sent slowly. PR1487691

  • The rpd process might generate core files after always-compare-med is configured for BGP path selection. PR1487893

  • The BGP RIB sharding feature cannot be run on a system with a single CPU. PR1488357

  • The rpd crashes when OSPF neighbors are reset. PR1489637

  • Ppmd core file is generated after MS-MPC restart. PR1490918

  • The BGP route target family might prevent the route reflector from reflecting Layer 2 VPN and Layer 3 VPN routes. PR1492743

  • A core file is generated in krt_mcnh_update_rpf_info() when TI-LFA is used with MOFRR. PR1493259

  • The rpd process generates core files at rt_nh_resolve_add_gen in ../../../../../../../../src/junos/usr.sbin/rpd/lib/rt/rt_resolve_ind.c: with the EVPN DHCP configurations. PR1494005

  • The static route in inet6.0 or inet6.3 RIB might fail to be deleted. PR1495477

  • Receipt of certain genuine BGP packets from any BGP speaker causes the rpd process to crash. PR1497721

  • The route entries might be unstable after being imported into inet6.x RIB through a RIB group. PR1498377

  • The rpd process might crash if the import policy is changed to accept more routes that exceed the teardown function threshold. PR1499977

  • The rpd process might crash in a multicast scenario with BGP configured. PR1501722

  • The rpd process might crash while processing a specific BGP packet. PR1502327

  • On MX series Virtual Chassis, when you run the show bgp neighbors command, change in the x-path output for the value input-updates is observed. PR1504399

  • BGP might not advertise routes to peers after a peer flap. PR1507195

  • The rpd crash might be seen on a new primary Routing Engine if switchover happens with massive routing instances deletion. PR1507638

  • The rpd process might crash due to RIP updates being sent on an interface in the down state. PR1508814

  • The rpd process might crash on the backup Routing Engine if BGP (standby) receives a route from the peer, which is rejected due to an invalid target community. PR1508888

  • The rpd might report 100 percent CPU usage with the BGP route damping enabled. PR1514635

  • IS-IS segment routing routes might not be updated to reflect the change in the SRMS advertisements. PR1514867

  • The rpd process might crash after deleting and then adding a BGP neighbor. PR1517498

  • The rpd process might crash if there is a huge number of SA messages in an MSDP scenario. PR1517910

  • Tag matching in the VRF policy does not work properly when the independent-domain option is configured. PR1518056

  • Need BGP-LS NLRI handling improvements for BGP-LS ID TLV. PR1521258

  • The VRF label is not assigned at ASBR when the inter AS is implemented. PR1523896

  • VRF label is not assigned at ASBR when inter AS is implemented. PR1523896

  • The IS-IS LSP database synchronization issue might be seen while using the flood-group feature. PR1526447

  • Transit labels for Layer 3 VPN routes pushed momentary to mpls.0 table. PR1532414

  • Configuring then next-hop and then reject on a route policy for the same route might cause rpd crash. PR1538491

  • After move peer out of protection group, path protection is not removed from the PE router and multipath route is still present. PR1538956

  • The rpd process generates the core file at gp_rtarget_tsi_update,bgp_rtarget_flash_rt,bgp_rtarget_flash. PR1541768

Services Applications

  • The fpc process might crash with the npc core file if the service interface is configured under a service set in USF mode. PR1502527

  • The output of the show services l2tp tunnel extensive command does not show the configured session limit. PR1503436

  • Destination lockout functionality does not work at the tunnel session level when CDN code is received. PR1532750

Subscriber Access Management

  • Subscriber accounting messages retransmissions exist even after configuring accounting retry 0. PR1405855

  • The following syslog message is observed: pfe_tcp_listener_open_timeout: Peer info msg not received from addr: 0x6000080. Socket 0xfffff804ad23c2e0 closed. PR1474687

  • The delete request of a specified service session through CoA could fail. PR1479486

  • NAS-Port-ID includes a subinterface in the RADIUS messages for the aggregated Ethernet interface. PR1484351

  • The authd log events might not be sent to the syslog host when destination-override is used. PR1489339

  • The LTS incorrectly sends the access-request with the Tunnel-Assignment-ID, which is not compliant with RFC 2868. PR1502274

  • CCR-T does not contain the usage monitoring information. PR1517507

  • The show network-access aaa subscribers statistics username "<>" command fails to fetch the subscriber-specific AAA statistics information if the username of the subscriber contains space. PR1518016

User Interface and Configuration

  • The version information under the configuration changes from Junos OS Release 19.1 onward. PR1457602

VPNs

  • Traffic loss is observed while verifying a multicast route with VT interface for VPNA. PR1460480

  • In an MVPN scenario, the LSP might stay down on removing all VT interfaces from a single-hop egress. PR1474830

  • The Layer 2 circuit neighbor might become nonresponsive in the Ready state at one end of the MG-LAG peer. PR1498040

  • The rpd process might crash in certain conditions after deleting the Layer 2 circuit configuration. PR1502003

  • The MPLS label manager might allow configuration of a duplicated VPLS static label. PR1503282

  • The rpd process might crash after removing the last configured interface under the Layer 2 circuit neighbor. PR1511783

  • The rpd process might crash when deleting the Layer 2 circuit configuration in a specific sequence. PR1512834

Resolved Issues: 20.1R1

Application Layer Gateways

  • SIP messages that needs to be fragmented might get dropped by the SIP ALG. PR1475031

Authentication and Access Control

  • The LLDP packets might get discarded on all Junos OS platforms. PR1464553

Class of Service (CoS)

  • The MX Series generated OAM/CFM LTR messages are sent with a different priority than the incoming OAM/CFM LTM messages. PR1466473

  • Unexpected traffic loss might be discovered in certain conditions under in a Junos fusion scenario. PR1472083

  • The MX10008 and MX100016 routers might generate cosd core files after executing the commit/commit check command if the policy-map configuration is set. PR1475508

EVPN

  • Traffic received from VTEP is dropped if the VNI value used for type-5 routes is greater than 65,535. PR1461860

  • Rpd might crash with the EVPN-related configuration changes in a static VXLAN to MPLS stitching scenario. PR1467309

Forwarding and Sampling

  • Traffic errors do not get policed as expected after being locally switched for VLAN 100 and 101, while verifying the selective local-switching functionality with 4000 VLANs. PR1436343

  • The pfed might crash and not be able to come up on the PTX Series or TVP based platforms. PR1452363

  • The following syslog error messages are seen: pfed: rtslib: ERROR received async message with no handler: 28. PR1458008

  • The following false warning message is seen on commit (commit check) after upgrading to Junos OS Release 19.2R2-S1.4: warning: vxlan-overlay-load-balance configuration for forwarding options has been changed. PR1459833

  • On an MX Series router, the following logs are seen: L2ALD_MAC_IP_LIMIT_REACHED_IF: Limit on learned MAC+IP bindings reached for .local.1048605; current count is 1024. PR1462642

  • Type 1 ESI/ or AD routes are not generated locally on EVPN PE devices in all-active mode. PR1464778

  • On the MX10008 and MX10016 routers, policer bandwidth-limit cannot be set higher than 100-Gigabit Ethernet. PR1465093

  • An output bandwidth-percent policer with logical-bandwidth-policer applied to an aggregated Ethernet bundle along with an output-traffic-control-profile has incorrect effective policing rate. PR1466698

  • Traffic might be forwarded into the default queue instead of the right queue when the VPLS traffic has three or more VLAN tags with VLAN priority 5. PR1473093

  • The filter might not be installed if the policy-map xx is present under the filter. PR1478964

General Routing

  • The severity of the following error is reduced from fatal to major: XR2CHIP_ASIC_JGCI_FATAL_CRC_ERROR. PR1390333

  • On the MX240, MX480, or MX960 router with SCB3E, swapping MPC10E line card with MPC7E line card in the same FPC slot results in fabric errors, which causes system-wide traffic impact. PR1491968

  • After restarting the routing or rpd process, sometimes the sensor statistics is not reset. After the rpd process restarts, the sensor do not reset and traffic statistics increases on the existing value. PR1458107

  • A newly added LAG member interface might forward traffic even though its micro BFD session is down. PR1474300

  • In a configuration mode, when you ask for command completion help for the co-ordinate configuration statement at the [edit protocols lldp-med interface location] hierarchy level, you see that the word value is misspelled in the help text. PR1486327

  • On the MX104 platform with any 2-port license installed on the 10-Gigabits Ethernet interfaces and phy-timestamping enabled in PTP, PTP might not work. PR1421811

  • Default configuration does not create any logical interfaces and LLDP cannot discover neighbor for those interfaces which logical interface is not configured explicitly in the Junos OS configuration. PR1436327

  • The failover time for the LACP link protection might be more than 2 seconds on the MPC11E line card. PR1464652

  • The following constant messages flooding in log is observed: summit_pic_port_profile_isvalid: VALID Port profile. PR1464879

  • The high-cos-queue-threshold range is changed to [uint 0 .. 90;]. PR1390424

  • NAPT66 pool split is not supported with AMS; thus commit must fail with IPv6 pool in AMS. PR1396634

  • The non existent subscribers might appear in the show system resource-monitor subscribers-limit chassis extensive output. PR1409767

  • Changing CAK and CKN multiple times within a short interval (around 5 minutes) sometimes show the security MACsec connection's inbound and outbound channel display with more than one active AN. But on the Packet Forwarding Engine hardware side, the correct AN and SAK is programmed and MKA protocol from both ends transmits the correct and latest AN on each hello packet. You should not see any traffic drop due to this display issue. PR1418448

  • Certain JNP10008-SF and JNP10016-SF Switch Interface Boards (SIBs) manufactured between July 2018 and March 2019 might have incorrect core voltage setting. PR1420864

  • The jnxFruState shows value as 10 for Routing Engine instead of 6 in response to .1.3.6.1.4.1.2636.3.1.15.1.8.9.1.0.0. PR1420906

  • Ports might get incorrectly channelized if they are already of 10-Gigabit Ethernet and they are channelized to 10-Gigabit Ethernet again. PR1423496

  • Observing NPC core files at trinity_rtt_hw_bulk_helper, trinity_rt_delete, rt_entry_delete_msg_proc (rt_params=0x48803bd8) at ../../../../../../../../src/pfe/common/applications/route/hal/rt_entry.c:5210. PR1427825

  • The following syslog error message is observed: Err] dfw_abstract_issu_stats_counters_restore:2222 Failed to find Index = 4613734? during ISSU with 19.3I-20190409_dev_common.0.2212. PR1429879

  • The routers that are configured with the protect core file might send IPfix sampling packets with the incorrect next-hop information. PR1430244

  • The l2cpd process might crash and generate a core file when the interfaces flap. PR1431355

  • MicroBFD 3x100ms flap is observed upon inserting a QSFP in another port. PR1435221

  • ZF interrupts for out-of-range destination Packet Forwarding Engine INTR for Gnt is observed when the MPC6 or MPC9 line card is brought up. PR1436148

  • ISSU fails from the legacy Junos OS Release 19.1R1 images. PR1438144

  • Incorrect values are observed in the JUNIPER-TIMING-NOTFNS-MIB table. PR1439025

  • The ports of the EX devices might stay in the Up state even if the EX4600 or QFX5100 lines of switches is rebooted. PR1441035

  • The interface might go into the Down state after the FPC restarts with the PTP configuration enabled. PR1442665

  • The BGP session fails to establish when you use the firewall filter to de-encapsulate BGP packets from the GRE tunnel. PR1443238

  • System reboot is required when GRES is enabled or disabled with the mobile-edge configuration. PR1444406

  • Irregular traffic drop might be seen when the traffic is ingress from MPC3E and egress to MPC10E. PR1445649

  • When you use a converged CPCD, an MX Series router rewrites the HTTPS request with the destination-port 80. PR1446085

  • When switchover happens with an MX Series router with service interface that has NAT and GR configuration, the static route for NAT never comes up. PR1446267

  • DT_BNG: bbe-smgd generates core file on the backup Routing Engine in bbe_ifd_add_vlan (ifd=0x8c3e835, ifl=0xcaf59f18) at ../../../../../../src/junos/usr.sbin/bbe-svcs/smd/infra/bbe_ifd.c:6374. PR1447493

  • IPv6 throughput numbers for NAT with HTTP traffic are not at par with IPv4. PR1449435

  • Changing the hostname triggers the LSP on-change notification and not the adjacency on-change notification. PR1449837

  • On the MPC10E line card, dcd is unable to clean stale the mt- logical interfaces while reloading rosen configuration on the DUT. PR1450953

  • When you use the Standard_D5_v2, which has 16 vCPUs and 56 GB of memory, the deployment fails. PR1450975

  • JNP10000-LC2101 FPC generates Voltage Tolerance Exceeded major alarm for each IP 2V5 sensor. PR1451011

  • Main chassisd thread at the JNS GNF might stall upon the GNF SNMP polling for hardware-related OIDs. PR1451215

  • Need to add support for drop flows when the packet drops. PR1451921

  • On the MX10000 and PTX10000 lines of routers with Routing Engine redundancy configuration enabled, the firmware upgrade for PSU (JNP10000-AC2) and JNP10000-DC2) might fail due to lcmd being disabled by the firmware upgrade command. PR1452324

  • Sensord core file might be seen when the script runs on MPC10E line card. PR1452976

  • On an MPC10E line card, inconsistency between AFT and non-AFT line cards occurs while displaying ldp p2mp traffic-statistics on the bud node. PR1453130

  • Add the syslog configuration command to the stateful firewall rule then condition. PR1453502

  • On an MX10003 device, alarms are not sent to syslog. PR1453533

  • The VMX might work abnormally in a large topology. PR1453967

  • The 100-Gigabit Ethernet interfaces might not come up again after going down on MPC3E-NG. PR1454595

  • When the scale configurations are applied, chassisd CLI command might delay response or might time out for 10 minutes. PR1454638

  • On the line card, interface damping is not supported. PR1455152

  • The smihelperd process is not initialized when Junos OS is upgraded on PPC-based platforms. PR1455667

  • Multiple daemons might crash on committing configuration changes related to groups. PR1455960

  • Along with the 4x1GE feature using the QSFP28 optics, continuous logging in the chassisd file is observed when speed 1-Gigabit Ethernet is configured with pic_get_nports_inst and ch_fru_db_key. PR1456253

  • On the line card, need to add the support of optics-options low light. PR1456894

  • The bbe-statsd process might continuously crash if any parameter is set to 0 in the mx_large.xml file. PR1457257

  • On the JSU package installed for lcmd, the daemon might not restart the daemon with the new daemon package. PR1457304

  • The chassisd process and all FPCs might restart after Routing Engine switchover. PR1457657

  • After more than 2 million multicast subscribers are activated without performing GRES or bbe-smgd restart, further multicast subscribers might be unable to log in. PR1458419

  • Traffic silently discards or MPC crashes on the MPC10E line card during the change of the firewall filter terms. PR1458499

  • If you use the dynamic VoIP VLAN assignment, the correct VoIP VLAN information in LLDP-MED packets might not be sent after you commit. PR1458559

  • The FPC X major errors alarm might be raised after committing the PTP configuration change. PR1458581

  • The rpd crash might be seen if the BGP route is resolved over the same prefix protocol next hop in the inet.3 table that has both the RSVP and LDP routes. PR1458595

  • The traffic might be stuck on MS-MPC or MS-MIC with sessions receiving a huge number of affinity packets. PR1459306

  • The following error message might be seen after the chassisd restarts: create_pseudos: unable to create interface device for pip0 (File exists). PR1459373

  • The show ancp subscriber access-aggregation-circuit-id < access aggregation circuit ID> command displays incomplete output. PR1459386

  • Telemetry streaming of mandatory TLV ttl learned from LLDP neighbor is missing. PR1459441

  • The traffic might be silently dropped or discarded during the link recovery in an open Ethernet access ring with ERPS configured. PR1459446

  • Inline S-BFD packets are dropped on MPC6E MIC1/PIC1 ports: 0-11. PR1459529

  • In an MC-LAG scenario, the traffic destined to VRRP-virtual MAC gets dropped. PR1459692

  • After the DRD auto-recovery, the traffic is silently dropped or discarded during interface flaps. PR1459698

  • Configuration change might not be applied if the Ephemeral database is used. PR1459839

  • Initial synchronization for the OpenConfig event sensors are streamed only from producers supporting event paths. PR1459927

  • On the line card, interface flaps multiple times after an administrator disables or enables at the side or when an optical module is plugged into. PR1459942

  • In a subscriber management environment, subscriber statistics reported by CLI commands and RADIUS can be broken if ISSU is performed from any Junos OS Release earlier than 18.4 to 18.4 or later. PR1459961

  • The PPTP does not work with destination NAT. PR1460027

  • If vlan-offload is configured on the VMX platform, input-vlan-map might not work. PR1460544

  • Support of del_path for the LLDP neighbor changes at various levels. PR1460621

  • When you receive IPv6 over IPv4 IBGP session, the IPv6 prefix is hidden. PR1460786

  • The PTP function might consume the kernel CPU for a long time. PR1461031

  • Explicit Deletion Notification (del_path) are not received when the LLDP neighbor is lost as result of disabling the local interface on the DuT through CLI (gNMI). PR1461236

  • The bbe-smgd generates a core file when all RADIUS servers are unreachable. PR1461340

  • Traffic might be impacted due to fabric hardening being stuck. PR1461356

  • The traffic might not be forwarded when it is received from the circuit cross-connect interface. PR1461532

  • On the MPC10E line card, more output packets are seen than expected when the ping function is performed. PR1461593

  • In an EVPN scenario, memory leak might be observed when proxy-macip-advertisement is configured. PR1461677

  • The repd generates a core file during system startup. PR1461796

  • During the BBE statistics collection and management process, issues with the bbe-statsd memory on the backup Routing Engine occur. PR1461821

  • JET RIB API RouteRemove and RouteRemoveMatching RPCs do not work as the first RIB API call. PR1461974

  • The rpd might crash after committing the dynamic-tunnel-anchor-pfe command. PR1461980

  • The rpd process might crash if the show v4ov6-tunnels information anti-spoof-ip command is executed. PR1462047

  • The following error message appears when both the DIP switches and power switch are turned off: CHASSISD_SNMP_TRAP6: SNMP trap generated: Power Supply failed. PR1462065

  • The flow stuck and flowd watchdog generate core files while trying to ping the DNS server 8.8.8.8 on the internet through DUT configured with NAPT44. PR1462277

  • Traffic drops over the aggregated Ethernet interfaces configured with Virtual Router Redundancy Protocol (VRRP). PR1462310

  • On an MX204 router, the RADIUS interim accounting statistics are not populated. PR1462325

  • The EA WAN SerDes gets into the Stuck state that leads to continuous DFE tuning timeout errors and causes the link to stay down. PR1463015

  • The vty remote MAC addresses are not learned with correct age if vty is from a line card without Juniper Penta silicon. PR1463040

  • MAC-learning is broken for vlan-id all scenario. PR1463078

  • The Routing Engine switchover might not be triggered when the master CB clock fails. PR1463169

  • MVPN traffic might be dropped after performing switchover. PR1463302

  • The subscribers might not pass traffic after making some changes to the dynamic-profiles filter. PR1463420

  • RPC ALG causes MSPMAND to generate core files when an MX Series router is used as a stateful firewall with the MS-MIC or MS-MPC service cards. PR1464020

  • The IPoE subscriber route installation might fail. PR1464344

  • Observing bbe-smgd-core (0x000000000088488c in bbe_autoconf_delete_vlan_session_only (session_id=918) at ../../../../../../src/junos/usr.sbin/bbe-svcs/smd/plugins/autoconf/bbe_autoconf_plugin.c:3115). PR1464371

  • The PPP IPv6CP might fail if the routing-services command is enabled. PR1464415

  • The CPU utilization on mgd daemon might get stuck at 100 percent after the netconf session is interrupted by flapping interface. PR1464439

  • The MS-MIC might not work when it is used on a specific MPC. PR1464477

  • The show task memory detail command shows incorrect cookie information. PR1464659

  • The PPPoE session goes in to the Terminated state and the accounting stops for the session that is delayed. PR1464804

  • MPC5E or MPC6E might crash due to internal thread hogging of the CPU. PR1464820

  • The end in front of NAT also sends NATT keep alive packets. PR1464864

  • Commit script does not apply changes in the private mode unless a commit full is performed. PR1465171

  • The jdhcpd might consume high CPU and no further subscribers can be brought up if more than 4000 dhcp-relay clients are present in the MAC-MOVE scenario. PR1465277

  • The physical interface of aggregated Ethernet might take time to come up after disabling or enabling the interface. PR1465302

  • Bandwidth percent with shaping rate does not work on an aggregated Ethernet interface after deactivating and activating the class of service. PR1465766

  • ICMP error messages does not appear even enabling the enable-asymmetric-traffic-processing statement. PR1466135

  • The PPPoE subscribers get stuck due to the PPPoE inline keepalives that do not work properly. PR1467125

  • Layer 2 wholesale does not forward all the client requests with stacked VLAN. PR1467468

  • Hot-swapping between MPC11E and legacy MPC9, MPC8, or MPC6 is not supported. PR1467725

  • The process rpd might crash after making several changes to the flow-spec routes. PR1467838

  • Crypto code might cause high CPU utilization. PR1467874

  • You might observe the following error message: the user-ad-authentication subsystem is not responding to management requests. PR1467991

  • The satellite-management commands are not available. PR1467997

  • Benign logs might show in Junos OS Release 19.3R2 when switching between configurations using load-override with GRES and commit-synchronize. PR1468234

  • Optics measurements might not be streamed for the interfaces of a PIC over JTI. PR1468435

  • The process rpd crash might be seen if the BGP sharing is enabled. PR1468676

  • The Inner-list functionality with dual tag does not work. Traffic gets dropped at the ingress port. PR1469396

  • The tcp-log connections fail to reconnect and get stuck in the Reconnect-In-Progress state. PR1469575

  • Memory leak on Layer 2 cpd process causes Layer 2 cpd to crash. PR1469635

  • A hierarchical-scheduler should not be configured on a ps- interface. PR1470049

  • On the MPC11E line card, some of the 10-Gigabit Ethernet interface states might not get cleaned up correctly when performing GRES with invalid profile configuration. PR1470153

  • On MPC-11E interfaces, certain configuration steps might cause traffic to not get policed properly. PR1470629

  • The SNMP interface-mib stops working for the PPPoE clients. PR1470664

  • On MPC11E, PIC online event does not generate SNMP trap when PIC goes through offline to online transition. PR1470796

  • Unable to setup 26M sessions (NAPT44) at 900,000pps per second. PR1470833

  • On rare occasions, the router might send out one extra URR quota value for a bearer. PR1470890

  • Sudden FPC shutdown due to hardware failure or ungraceful removal of line card might cause major alarms on other FPCs in the system. PR1471372

  • In the cRPD platform, license violations are captured as nagging log messages and no alarm is raised. PR1471455

  • The clksyncd crash might be seen when PTP over an aggregated Ethernet interface is configured on the MX104 platform. PR1471466

  • Phase or frequency synchronization might not work correctly when PTP is configured in the hybrid mode. PR1471502

  • MTU errors count captured in the show pfe statistics traffic does not match exactly to the actual count of the frames dropped. PR1471554

  • On the MX10008 and MX10016 line cards, the ARP suppression (default enabled) in EVPN does not work. PR1471679

  • PCC tries to send a report to PCE but the connection between PCC and PCE is not in the Up state especially in the case of MBB in PCE provisioned or controlled LSP. PR1472051

  • On multicore next-generation Routing Engines on the MX960, MX240, and MX480 routers with USF mode enabled and USF-based services configuration, the subsequent Junos vmhost upgrade fails with an error message. PR1472287

  • Chassis alarm on BSYS might be observed : RE0 to one or many FPCs is via em1: Backup RE. PR1472313

  • Service accounting statistics do not get updated after changes are made to the firewall filters. PR1472334

  • The kernel might crash and vmcore might be observed after the configuration change is committed. PR1472519

  • Performing back-to-back rpd restarts might cause rpd to crash. PR1472643

  • Active error counts do not increase for I2C in the synchronization cards. PR1472660

  • On the MX Series devices, if the reauthenticate lease-renewal statement is enabled for DHCP, when the DHCP authentication and re-authenticate lease-renewal occurs, the SDB might go down very frequently. PR1473063

  • Drops counter does not increment for the aggregated Ethernet even after the member link shows the drops. PR1473665

  • Ingress multicast replication does not work with the GRES configuration. PR1474094

  • An MPC11 crash might occur on the MX2000 platform using multi dimensional advanced scale configuration that has inline keep alive sessions. PR1474160

  • MX10000 QSA adapter lane 0 port goes in the Down state when you disable one of the other lanes. PR1474231

  • With URR enabled, the URR reports cause memory leak. Eventually, the heap memory gets exhausted. PR1474306

  • The show services sessions and show services sessions extensive output commands do not display the member interface of the AMS where the session got landed. They display only the AMS interface name. PR1474313

  • When traffic loss is observed on a 100-Gigabit Ethernet logical interface, the MACsec sessions are up and live. PR1474714

  • The request system power-off and request system halt commands might not work correctly. PR1474985

  • The clksyncd generates core files after GRES. PR1474987

  • SFW rule configuration deletion might lead to memory leakage. PR1475220

  • The Radius accounting updates of the service session have incorrect statistic data . PR1475729

  • Dark window size is more than expected and 31.0872721524375 seconds of traffic loss is observed. PR1476505

  • The bbe-mibd might crash on the MX Series platform in a subscriber environment. PR1476596

  • The MX Series router acting as LNS does not get to program the Packet Forwarding Engine with l2tp services, which causes forwarding issues for the l2tp subscribers. PR1476786

  • Traffic loss might be seen in the SAEGW scenario after the daemon restarts or after the GRES operation. PR1477461

  • IKE version 2 tunnel flaps with DPD occur if initiator is not behind NAT. PR1477483

  • The Packet Forwarding Engine might be disabled due to major errors on MPC2E-NG, MPC3E-NG, MPC5, MPC6, MPC7, MPC8, and MPC9 line cards. PR1478028

  • The show evpn statistics instance command gets stuck on the multihomed scenario. PR1478157

  • At scale log ins of both the default and dedicated bearers might require retries from the control plane. PR1478191

  • FPC memory leak might happen after executing the show pfe route command. PR1478279

  • [firewall] [filter_installation] Output chain filter counters are not correct. PR1478358

  • The core files are generated at cassis_alloc_list_timed_free in cassis_free_thread_entry. PR1478392

  • The protocol MTU might not be changed on the lt- interface from the default value. PR1478822

  • The TCP-log sessions might be in the Established state but no logs get sent out to the syslog server. PR1478972

  • The rpd process might crash when executing the show route protocol l2-learned-host-routing or show route protocol rift command on a router. PR1481953

  • The MX204 router reboots when the PPPoE client starts to log in and no core files are generated. PR1482431

  • Packet loss might be observed after the device reboots or l2ald restarts in an EVPN-MPLS scenario. PR1484468

  • UID might not be released properly in some scenarios after the service session deactivation. PR1188434

  • The show subscriber extensive command incorrectly displays DNS address provided to the DHCP clients. PR1457949

  • PPP IPv6 NCP fails to negotiate during the PPP login. PR1468414

  • DHCP relay with forward-only fails to send OFFER when the client is terminated on the lt-0/0/0.2 logical tunnel interface. PR1471161

  • Dynamic-profile for VPLS-PW pseudowire incorrectly reports the Dynamic Static Subscriber Base Feature license alarm. PR1473412

  • DHCP-server RADIUS given mask is being reversed. PR1474097

Infrastructure

  • The kernel crashes during the removal of the mounted USB when a file is being copied to it. PR1425608

  • Slow response from SNMP might be observed after an upgrade to Junos OS Release 19.2R1. PR1462986

  • The scheduled tasks might not be executed if the cron daemon goes down without restarting automatically. PR1463802

Interfaces and Chassis

  • Restarting chassisd with GRES disabled might cause FPC to restart and some demux interfaces to be deleted. PR1337069

  • When the logical interface is associated to a routing-instance inside a LR, the logical interface is removed from the routing-instance and the logical interface is not added to the default routing instance. PR1444131

  • Continuous VRRP state transition (VRRP master or backup flaps) is observed when one device drops the VRRP packets. PR1446390

  • Interface descriptions might be missing under the logical systems CLI. PR1449673

  • Mismatched MTU value causes the RLT interface to flap. PR1457460

  • The EOAM CFM primary-vid functionality does not work if the enhanced-cfm-mode is enabled. PR1465608

  • vrrpv3mibs does not work on the QFX platform to poll the VRRPv6 related objects. PR1467649

  • The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC5. PR1467712

  • When you configure ESI on a physical interface, the traffic drops when you disable the logical interface under the physical interface. PR1467855

  • When dynamic DHCP sessions exist in the device and if multiple commits in parallel are performed, the commit might become nonresponsive. PR1470622

  • Commit error was not thrown when the member link was added to multiple aggregation groups with different interface specific options. PR1475634

  • When the addition and the deletion of an logical interface (both logical interfaces with the same VLAN ID) is performed in a single commit configuration, the check fails with the following error message: duplicate VLAN-ID. PR1477060

  • MC-AE interface might be shown as an unknown status when you add the sub interface as part of the VLAN on the peer MC-AE node. PR1479012

  • For ATM interfaces configuration, if any logical interface has the allow-any-vci configuration, then the commit operation might fail. PR1479153

Junos Fusion Enterprise

  • Loop detection might not work on the extended ports in the Junos fusion scenarios. PR1460209

Layer 2 Ethernet Services

  • The jdhcpd process might go into infinite loop and cause CPU full utilization. PR1442222

  • DHCP subscriber might not come online after the router reboots. PR1458150

  • On the MX2010 and MX2020 lines of routers, no alarm is generated when FPC is connected to the master Routing Engine through the backup Routing Engine. PR1461387

  • The metric does not change when configured under DHCP. PR1461571

  • Member links state might be asynchronized on a connection between PE and CE devices in the EVPN A/A scenario. PR1463791

  • The ISSU might fail during the subscriber in-flight login. PR1465964

  • Telemetry data for relay/bindings/binding-state-v4relay-binding and relay/bindings/binding-state-v4relay-bound are not correct. PR1475248

MPLS

  • The FPC might be stuck in the Ready state after making a change in the configuration that removes RSVP and triggers FPC restart. PR1359087

  • On the MPC10E or MPC11E line card, the LDP and BFD sessions are dropped when the fast-lookup-filter has a default term with only accept as action and it is attached to the lo0 interface. PR1474204

  • The root XML tag in the output is changed from rsvp-pop-and-fwd-info to rsvp-pop-and-fwd-information to be consistent with the XML tag convention. PR1365940

  • Traffic is silently discarded after the LSP protection link on the third-party transit router goes down. PR1439251

  • On the MPC10E line card, the P2MP LSP traceroute is not working. PR1440636

  • The traffic might be silently discarded after the LACP times out. PR1452866

  • P2MP LSP might flap after the VT interface in the MVPN routing instance is reconfigured. PR1454987

  • The rpd core files are generated with SNMP polling. PR1457681

  • All LDP adjacencies flap after changing LDP preference. PR1459301

  • The previously configured credibility preference is not considered by CSPF even though the configuration has been deleted or changed to prefer another protocol in the traffic engineering database. PR1460283

  • MPLS trace route does not trace the SRUDP tunnel ingress router. PR1460516

  • The process rpdtmd might crash while SNMP polls the statistics of the lpd interface. PR1465729

  • The device might use the locally computed path for the PCE-controlled LSPs after the link or node fails. PR1465902

  • The fast reroute detour next-hop down event might cause the primary LSP to go in the Down state in a particular scenario. PR1469567

  • The p2mp traceroute fails with an aggregated Ethernet bundle over AFT. PR1470815

  • The rpd process might crash during shutdown. PR1471191

  • The rpd crash might be seen after some commit operations, which might affect the RSVP ingress routes. PR1471281

  • The following error messages continuously floods the backup Routing Engine: (JTASK_IO_CONNECT_FAILED: RPDTM./var/run/rpdtmd_control: Connecting to 128.0,255.255,255.255,0.0.0.0,0.0.0.0, failed: No such file or directory). PR1473846

  • RSVP LSPs might not come up in the scaled network with a very high number of LSPs if NSR is used on the transit router. PR1476773

  • Kernel crashes and device might restart. PR1478806

  • The rpd process crashes on the backup Routing Engine when LDP tries to create LDP p2mp tunnel upon receiving corrupted data from the master Routing Engine. PR1479249

Network Management and Monitoring

  • The SNMP cold start trap might be seen after the Routing Engine switchover. PR1461839

Platform and Infrastructure

  • The jcrypto syslog help package and events are not packaged even when the error message is compiled. PR1290089

  • The time convergence for the MVPN fast upstream failover might be more than 50 minutes. PR1478981

  • With chained composite next-hop enabled, the MPLS CoS rewrite does not work for IPv6 PE device traffic. PR1436872

  • In an EVPN-VXLAN scenario, sometimes the host-generated packets get dropped when hitting the reject route in the Packet Forwarding Engine. PR1451559

  • The MPC might drop packets after enabling the firewall fast lookup filter. PR1454257

  • Multicast traffic loss occurs in a rare case in a seamless MPLS with MVPN configuration. PR1456905

  • Port mirroring does not occur with VPLS. PR1458856

  • DDoS-protection does not stop logging when the remote tracing is enabled. PR1459605

  • Traceroute initiated from the PE device does not show the tunnel endpoint hop in the output. PR1461441

  • CLI configuration flag version-03 must be optional. PR1462186

  • On the MX204 platform, Packet Forwarding Engine errors might occur when the incoming GRE tunnel fragments get sampled and undergo inline reassembly. PR1463718

  • Not able to view the snapshots of the backup Routing Engine. PR1464394

  • MX80 EVPN-VXLAN RT5 does not work properly, and ip-prefix-routes are not reachable. PR1466602

  • On the MX150 devices, the default subscriber management license does not include the Layer 2 TP. PR1467368

  • On the MX Series Virtual Chassis, the Layer 2 traffic sent from one member to another member is corrupted. PR1467764

  • The JNH memory leaks after the CFM session flap for the LSI and VT interfaces. PR1468663

Routing Policy and Firewall Filters

  • Routes resolution might be inconsistent if any route resolves over the multipath route. PR1453439

Routing Protocols

  • The CPU utilization on rpd spins at 100 percent once the same external BGP route is learned on different VRF tables. PR1442902

  • If the same neighbor is configured under different RIP groups, the commit check fails to capture this invalid configuration and commit is done successfully. However, the rpd process crashes. PR1485009

  • The rpd crash might be seen after configuring OSPF nssa area-range and summaries. PR1444728

  • The BGP routes might fail to be installed in a routing instance if the from next-hop policy match condition is used in the VRF import policy. PR1449458

  • TI-LFA backup path for the adj-sids is broken in OSPF, where the shortest path to the node opposite the adj-sid is not the one-hop path over the interface indicated by the adj-sid. PR1452118

  • The SSH login might fail if a user account exists in both the local database and RADIUS/TACACS+. PR1454177

  • The rpd scheduler slip for BGP GR might be up to 120 seconds after the peer goes down. PR1454198

  • MoFRR with MLDP inband signaling is not working. PR1454199

  • The rpd memory might leak in certain MSDP scenario. PR1454244

  • The rpd might crash continuously due to memory corruption in the IS-IS setup. PR1455432

  • Packet drop and CPU spike on the Routing Engine might be seen in certain conditions if labeled-unicast protection is enabled for a CsC-VRF peer. PR1456260

  • The topology-independent loop-free alternate might be unable to install backup path in the routing table in a specific case. PR1458791

  • The rpd memory leak might be observed on the backup Routing Engine due to BGP flap. PR1459384

  • The other querier present interval timer cannot be changed in a IGMP or MLD snooping scenario. PR1461590

  • The rpd scheduler slips might be seen on the RPKI route validation enabled BGP peering router in a scaled setup. PR1461602

  • Need to install all possible next hops for the OSPF network LSAs. PR1463535

  • The IS-IS IPv6 multitopology routes might flap every time when there is an unrelated commit under the protocol statement. PR1463650

  • The rpd might crash if both the BGP add-path and BGP multipath are enabled. PR1463673

  • The rpd might crash if the IPv4 routes are programmed with the IPv6 next hop via JET APIs. PR1465190

  • The BGP peers might flap if the hold-time parameter is set as small. PR1466709

  • The configured BGP damping policy might not take effect after BGP is disabled and then enabled followed by commit. PR1466734

  • BGP multipath does not work for MT on cRPD. PR1467091

  • The rpd might crash after configuring independent-domain under the master routing instance. PR1469317

  • The mcsnoopd might crash when the STP moves the mrouter port to the Blocked state. PR1470183

  • The BFD client session might flap when removing the BFD configuration from the peer end (from other vendor) of the BFD session. PR1470603

  • The rpd might crash when both the instance-import and instance-export policies contain the as-path-prepend action. PR1471968

  • The rpd process might crash with the BGP multipath and damping configured. PR1472671

  • Removal of the cluster from the BGP group might cause prolonged convergence times. PR1473351

  • SFTP does not connect properly and the following error message is seen: Received message too long. PR1475255

  • The rpd process might crash with BGP multipath and route withdrawal occasionally. PR1481589

  • Removal of the BGP and rib-sharding configuration might cause the routing protocols to become unresponsive. PR1485720

  • High CPU utilization might be observed when the outgoing BGP updates are sent slowly. PR1487691

Services Applications

  • The jl2tpd process might crash during the restart procedure. PR1461335

  • The calling station gets truncated after 64 bytes. PR1462689

  • On an MX Series router, L2tp LTS fails to forward the agentCircuitId and agentRemoteId AVP toward the LNS. PR1472775

  • Phase 1 SA migrates to a new remote IP because of the source-address translation for the static NAT tunnel. PR1477181

Subscriber Access Management

  • The authd crashes on the backup Routing Engine during execution of the slax script that runs the < get-jsrc-counters> RPC call. PR1458185

  • DHCPv6 subscribers might be stuck in a state after the authd process crashes. PR1460578

  • A problem arises with linked-pool-aggregation after attempting to delete a pool in the middle of the chain. PR1465253

  • The volume statistics attributes are missing in the accounting-stop for the Configuration Activated Services and CLI Activated Services. PR1470434

  • The sub interfaces might be missing in the NAS port ID. PR1472045

  • The authd process might crash after the ISSU setup from Junos OS Release 18.3 and earlier to Junos OS Release 18.4 and later. PR1473159

  • Some address-relevant fields are missing when executing the test aaa ppp command. PR1474180

  • The CoA request might not be processed if it includes the proxy-state attribute. PR1479697

  • The mac-address CLI option is hidden under the access profile radius options calling-station-id-format statement. PR1480119

User Interface and Configuration

  • On an MX Series device, a J-Web page might not get redirected to login once the session expires with an idle timeout. PR1459888

VPNs

  • The P1 configuration delete message is not sent on loading baseline configuration if there has been a prior change in VPN configuration. PR1432434

  • The rpd process might crash due to memory leak in MVPN RPF Src PE block. PR1460625

  • The Layer 2 circuit displays MM status, which might cause traffic loss. PR1462583

  • The Layer 2 circuit connections might become stuck in the OL state after changing the Layer 2 circuit community and flapping the primary LSP path. PR1464194

  • The rpd might crash when link-protection is added or deleted from LSP for the MVPN ingress replication selective provider tunnel. PR1469028

Documentation Updates

This section lists the errata and changes in Junos OS Release 20.1R2 documentation for the MX Series.

Dynamic Host Configuration Protocol (DHCP)

  • Introducing DHCP User Guide—Starting in Junos OS Release 20.1R1, we are introducing the DHCP User Guide for Junos OS routing, switching, and security platforms. This guide provides basic configuration details for your Junos OS device as DHCP Server, DHCP client, and DHCP relay agent.

    [See DHCP User Guide.]

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

Starting in Junos OS 17.4R1 release, FreeBSD 11.x is the underlying OS for all Junos OS platforms which were previously running on FreeBSD 10.x based Junos OS. FreeBSD 11.x does not introduce any new Junos OS related modifications or features but is the latest version of FreeBSD.

The following table shows detailed information about which Junos OS can be used on which products:

Platform

FreeBSD 6.x-based Junos OS

FreeBSD 11.x-based Junos OS

MX5,MX10, MX40,MX80, MX104

YES

NO

MX240, MX480, MX960,

MX2010, MX2020

NO

YES

Basic Procedure for Upgrading to Release 20.1R2

Note

Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files) might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Installation and Upgrade Guide.

For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.

Procedure to Upgrade to FreeBSD 11.x based Junos OS

Products impacted: MX240, MX480, MX960, MX2010, and MX2020.

To download and install FreeBSD 11.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-20.1R2.9-signed.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-20.1R2.9-signed.tgz

    Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos package):

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-20.1R2.x-limited.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-20.1R2.9-limited.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 11.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 11.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note
  • You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.

  • Starting in Junos OS Release 20.1R2, in order to install a VM host image based on Wind River Linux 9, you must upgrade the i40e NVM firmware on the following MX Series routers:

    • MX240, MX480, MX960, MX2010, MX2020, MX2008, MX10016, and MX10008

    [See https://kb.juniper.net/TSB17603.]

Note

After you install a Junos OS Release 20.1R2 jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.x) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.

Note

Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.

Procedure to Upgrade to FreeBSD 6.x based Junos OS

Products impacted: MX5, MX10, MX40, MX80, MX104.

To download and install FreeBSD 6.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    • All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

      user@host> request system software add validate reboot source/jinstall-ppc-20.1R2.9-signed.tgz
    • Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos OS package):

      user@host> request system software add validate reboot source/jinstall-ppc-20.1R2.9-limited-signed.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 20.1R2 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:

  1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.

  2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

  3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

  4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Downgrading from Release 20.1R2

To downgrade from Release 20.1R2 to another supported release, follow the procedure for upgrading, but replace the 20.1R2 jinstall package with one that corresponds to the appropriate release.

Note

You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.

Release History Table
Release
Description
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.