Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for ACX Series

 

These release notes accompany Junos OS Release 20.2R2 for the ACX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

Learn about new features introduced in the Junos OS main and maintenance releases for ACX Series routers.

What's New in Release 20.2R2

There are no new features or enhancements to existing features for ACX Series routers in Junos OS Release 20.2R2.

What's New in Release 20.2R1

Hardware

  • New ACX710 Universal Metro Routers (ACX Series)—In Junos OS Release 20.2R1, we introduce the ACX710 router. The ACX710 is a compact 1-U router that provides system throughput of up to 320 Gbps through the following port configurations:

    • Twenty-four 10GbE or 1GbE ports (ports 0 through 23) that operate at 10-Gbps speed when you use small form-factor pluggable plus (SFP+) transceivers or at 1-Gbps speed when you use small form-factor pluggable (SFP) optics. Ports 0 through 15 also support 1000 Mbps speeds when you use tri-rate SFP optics. Ports 16 through 23 support 100 Mbps and 1000 Mbps speeds when you use tri-rate SFP optics.

    • Four 100GbE ports (ports 0 through 3) that support quad small form-factor pluggable 28 (QSFP28) transceivers. You can channelize these ports into four 25-Gbps interfaces using breakout cables and channelization configuration. These ports also support 40-Gbps speed when you use quad small form-factor pluggable plus (QSFP+) optics. You can channelize these 40-Gbps ports into four 10-Gbps interfaces using breakout cables and channelization configuration. [See Channelize Interfaces on ACX710 Routers.]

    The ACX710 router is a DC-powered device that is cooled using a fan tray with five high-performance fans to cool the chassis.

    To install the ACX710 router hardware and perform initial software configuration, routine maintenance, and troubleshooting, see the ACX710 Universal Metro Router Hardware Guide.

    Table 1 summarizes the ACX710 features supported in Junos OS Release 20.2R1.

    Table 1: Features Supported by the ACX710 Routers

    Feature

    Description

    Class of service (CoS)

    DHCP

    EVPN

    Firewalls and policers

    • Configure firewall filters on packets (families such as bridge domain, IPv4, IPv6, CCC, and MPLS) based on packet match conditions. Along with the match conditions, actions such as count, discard, log, syslog, policer are performed on the packets that match the filter. You can configure policers and attach them to a firewall term. [See Standard Firewall Filter Match Conditions and Actions on ACX Series Routers Overview.]

    High availability (HA) and resiliency

    • VRRP protocol support with Broadcom’s DNX chipset. [See Understanding VRRP Overview.]

    • Configure alarm input and output, manage FRUs, and monitor environment. The router also supports field-replaceable unit (FRU) management and environmental monitoring. [See alarm-port.]

    • Platform resiliency to handle failures and faults of the components such as fan trays, temperature sensors, and power supplies. The router also supports firmware upgrade for FPGA and U-boot. [See show chassis alarms and show system firmware.]

    Layer 2 features

    • Layer 2 support: bridging, bridge domain with no vlan-id, with vlan-id none, or with single vlan-id, single learning domain support,.Q-in-Q service for bridging, MAC limit feature support, no local switching support for bridge domain, and E-LINE from a bridge with no MAC learning. [See Layer 2 Bridge Domains on ACX Series Overview.]

    • Layer 2 support for bridge interfaces for vlan-map push operation, swap operation, pop operation, and swap-swap operation. [See Layer 2 Bridging Interfaces Overview.]

    • Layer 2 support for control protocols (L2CP): RSTP, MSTP, LLDP, BPDU guard/protection, loop protection, root protection, Layer 2 protocol tunneling, storm control, IRB interface, LAG support with corresponding hashing algorithm, E-LINE, E-LAN, E-ACCESS, and E-Transit service over L2/Bridge with the following AC interface types: Port, VLAN, Q-in-Q, VLAN range and VLAN list. [See Layer 2 Control Protocols on ACX Series Routers.]

    • Layer 2 circuit cross-connect (L2CCC) support for Layer 2 switching cross-connects. You can leverage the hardware support available for cross-connects on the ACX710 device with the Layer 2 local switching functionality using certain models. With this support, you can provide the EVP and EVPL services. [See Configuring MPLS for Switching Cross-Connects.]

    • Reflector function support in RFC 2544. [See RFC 2544-Based Benchmarking Tests Overview.]

    Layer 3 features

    • Layer 3 VPN and Layer 3 IPv6 VPN Provider Edge router (6VPE) support over MPLS. The router uses MPLS as a transport mechanism with support for label-switching router (LSR), label edge routers (LERs), and pseudowire services. These protocols are also supported: ECMP, OSPF, IS-IS, and BGP. [See Understanding Layer 3 VPNs.]

    • Basic Layer 3 services over segment routing infrastructure. The segment routing features supported are: segment routing with OSPF through MPLS, segment routing with IS-IS through MPLS, segment routing traffic engineering (SR-TE), segment routing global block (SRGB) range label used by source packet routing in networking (SPRING), anycast segment identifiers (SIDs) and prefix SIDs in SPRING, and segment routing with topology independent (TI)-loop-free alternate (LFA) provides fast reroute (FRR) backup paths corresponding to the post-convergence path for a given failure. [See Segment Routing LSP Configuration.]

    • Enhanced timing and synchronization support using Synchronous Ethernet with ESMC and BITS-Out. [See Synchronous Ethernet Overview and synchronization (ACX Series).]

    • Supports full-mesh VPLS domain deployment. The router supports interworking of both BGP as well as LDP-based VPLS. BGP can be used only for auto-discovery of the VPLS PEs, while LDP signaling for VPLS connectivity. [See Introduction to VPLS.]

    MPLS

    Multicast

    • Multicast support for IPv4 and IPv6 PIM-SM, SSM, IGMP snooping and proxy support, IGMP, IGMPv1/v2/v3 snooping, IGMP snooping support for LAG, global multicast support, MLD, and multicast support on IRB. [See Multicast Overview.]

    Network management and monitoring

    OAM

    System management

    To view the hardware compatibility matrix for optical interfaces, transceivers, and DACs supported across all platforms, see the Hardware Compatibility Tool.

Authentication, Authorization, and Accounting

  • Support for LDAP authentication and authorization over TLS (ACX710)— Starting in Junos OS Release 20.2R1, we support LDAP authentication and authorization for Junos OS user login. Through the use of LDAP over TLS (LDAPS), we’ve implemented the LDAP authentication and authorization support for Junos OS user login user by providing TLS security between the device running Junos OS (which is the LDAPS client) and the LDAPS server.

    To enable LDAPS support, you can configure the ldaps-server option at the [edit system authentication-order] hierarchy level. LDAPS ensures the secure transmission of data between a client and a server with better privacy, confidentiality, data integrity and higher scalability.

    [See Understanding LDAP Authentication over TLS.]

Class of Service (CoS)

  • Support for hierarchical class of service (HCoS) (ACX5448)—Starting with Junos OS Release 20.2R1, ACX5448 devices support up to four levels of hierarchical scheduling (physical interfaces, logical interface sets, logical interfaces, and queues). By default, all interfaces on the ACX5448 use port-based scheduling (eight queues per physical port). To enable hierarchical scheduling, set hierarchical-scheduler at the [edit interfaces interface-name] hierarchy level.

    [See Hierarchical Class of Service in ACX Series Routers.]

EVPN

  • Noncolored SR-TE LSPs with EVPN-MPLS (ACX5448, EX9200, MX Series, and vMX)—Starting in Junos OS Release 20.2R1, ACX5448, EX9200, MX Series, and vMX routers support noncolored static segment routing-traffic engineered (SR-TE) label-switched paths (LSPs) with an EVPN-MPLS core network and the following Layer 2 services running at the edges of the network:

    • E-LAN

    • EVPN-ETREE

    • EVPN-VPWS with E-Line

    Without color, all LSPs resolve using a BGP next hop only.

    The Juniper Networks routers support noncolored SR-TE LSPs in an EVPN-MPLS core network with the following configurations:

    • EVPN running in a virtual switch routing instance

    • Multihoming in active/active and active/standby modes

    The Juniper Networks routers also support noncolored SR-TE LSPs when functioning as a Data Center Interconnect (DCI) device that handles EVPN Type 5 routes.

    [See Static Segment Routing Label Switched Path.]

Interfaces and Chassis

  • Port speeds and channelization (ACX710 routers)—Starting in Junos OS Release 20.2R1, you can configure multiple speeds and interface channelization on our new ACX710 router. The router has 28 ports, which support the following speeds:

    • Ports 0 through 23 on PIC 0 support 1-Gbps speed (with SFP transceivers) and 10-Gbps speed (with SFP+ transceivers).

    • Ports 0 through 3 on PIC 1 support the default 100-Gbps speed (with QSFP28 transceivers) or the configured 40-Gbps speed (with QSFP+ transceivers). You can use the set chassis fpc slot-number pic pic-number port port-number speed speed CLI command and breakout cables to channelize each:

      • 100-Gbps port into four 25-Gbps interfaces

      • 40-Gbps port into four 10-Gbps interfaces

    [See Channelize Interfaces on ACX710 Routers.]

  • Ethernet OAM and BFD support (ACX710)—Starting in Junos OS Release 20.2R1, the ACX710 routers support IEEE 802.3ah standard for Operation, Administration, and Maintenance (OAM) connectivity fault management (CFM), BFD, and the ITU-T Y.1731 standard for Ethernet service OAM.

    [See Introduction to OAM Connectivity Fault Management (CFM).]

  • Alarm port configuration, FRU management, and environmental monitoring (ACX710)—Starting in Junos OS Release 20.2R1, you can configure the alarm port on the ACX710 router. You can use the alarm input to connect the router to external alarm sources such as security sensors so that the router receives alarms from these sources and displays those alarms. You can use the alarm output to connect the router to an external alarm device that gives audible or visual alarm signals based on the configuration. You can configure three alarm inputs and one alarm output by using the alarm-port statement at the [edit chassis] hierarchy level. You can view the alarm port details by using the show chassis craft-interface command.

    The ACX710 also supports FRU management and environmental monitoring.

    [See alarm-port.]

  • Multichassis link aggregation groups, configuration synchronization, and configuration consistency check (ACX5448 routers)—Starting in Junos OS Release 20.2R1, multichassis link aggregation (MC-LAG) includes support of Layer 2 circuit functionality with ether-ccc and vlan-ccc encapsulations.

    MC-LAG enables a client device to form a logical LAG interface using two switches. MC-LAG provides redundancy and load balancing between the two switches, multihoming support, and a loop-free Layer 2 network without running spanning-tree protocols (STPs).

    [See Multichassis Link Aggregation Features, Terms, and Best Practices.]

Juniper Extension Toolkit (JET)

  • JET Clang toolchain supports cross-compiling JET applications for use on ARM platforms (ACX710)—Starting in Junos OS Release 20.2R1, you can use the Clang toolchain to compile JET applications written in C, Python, or Ruby to run on the ARM architecture as well as Junos OS with FreeBSD and upgraded FreeBSD. The Clang toolchain for ARM is included in the JET software bundle. After you have downloaded the JET software bundle, you can access the Clang toolchain at /usr/local/junos-jet/toolchain/llvm/. Use the mk-arm,bsdx command to use the Clang toolchain to compile your application.

    [See Develop On-Device JET Applications.]

  • Python 3 support for JET (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS can use Python 3 to execute JET scripts. To enable unsigned JET Python applications that support Python 3 to run on devices running Junos OS, use the set system scripts language python3 command.

    [See language (Scripts), Develop Off-Device JET Applications, and Develop On-Device JET Applications.]

Junos Telemetry Interface

MPLS

  • Support for MPLS ping and traceroute for segment routing (ACX Series, MX Series, and PTX Series)—Starting in Junos OS Release 20.2R1, we extend the MPLS ping and traceroute support for all types segment routing--traffic engineering (SR-TE) tunnels, including static segment routing tunnels, BGP-SR-TE tunnels, and PCEP tunnels.

    We also support the following features:

    • FEC validation support, as defined in RFC 8287, for paths consisting of IGP segments. Target FEC stack contains single or multiple segment ID sub-TLVs. This involves validating IPv4 IGP-Prefix Segment and IGP-Adjacency Segment ID FEC-stack TLVs.

    • ECMP traceroute support for all types of SR-TE paths.

    We do not support the following:

    • Ping and traceroute for SR-TE tunnel for non-enhanced-ip mode.

    • OAM for IPv6 prefix.

    • BFD

    [See traceroute mpls segment-routing spring-te and ping mpls segment routing spring-te.]

Multicast

  • Support for IPv6 multicast using MLD (ACX5448)—Starting with Junos OS Release 20.2R1, ACX5448 routers support Multicast Listener Discovery (MLD) snooping with MLDv1 and MLDv2 for both any source multicast and SSM. Support for MLD snooping in EVPN was introduced in Junos OS Release 19.4R2.

    MLD snooping for IPv6 is used to optimize Layer 2 multicast forwarding. It works by checking the MLD messages sent between hosts and multicast routers to identify which hosts are interested in receiving IPv6 multicast traffic, and then forwarding the multicast streams to only those VLAN interfaces that are connected to the interested hosts (rather than flooding the traffic to all interfaces). You can enable or disable MLD snooping per VLAN at the [edit protocols mld-snooping vlan vlan-ID] hierarchy level. Note, however, that you cannot use ACX Series routers to connect to a multicast source.

    [See Understanding MLD Snooping, Understanding MLD, and Overview of Multicast Forwarding with IGMP or MLD Snooping in an EVPN-MPLS Environment.]

Network Management and Monitoring

  • NETCONF sessions over TLS (ACX710)—Starting in Junos OS Release 20.2R1, ACX710 routers support establishing Network Configuration Protocol (NETCONF) sessions over Transport Layer Security (TLS) to manage devices running Junos OS. TLS uses mutual X.509 certificate-based authentication and provides encryption and data integrity to establish a secure and reliable connection. NETCONF sessions over TLS enable you to remotely manage devices using certificate-based authentication and to more easily manage networks on a larger scale than when using NETCONF over SSH.

    [See NETCONF Sessions over Transport Layer Security (TLS).]

  • Python 3 support for YANG scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS uses Python 3 to execute YANG action and translation scripts that are written in Python. Junos OS does not support using Python 2.7 to execute YANG Python scripts as of this release.

    [See Understanding Python Automation Scripts for Devices Running Junos OS.]

  • Support for port mirroring (ACX5448)—Starting in Junos OS Release 20.2R1, you can use analyzers to mirror copies of packets to a configured destination. Mirroring helps in debugging network problems and also in defending the network against attacks. You can mirror all ingress traffic to a configured port (or port list), using a protocol analyzer application that passes the input to mirror through a list of ports configured through the logical interface. You configure the analyzer at the [edit forwarding-options analyzer] hierarchy level.

    Configuration guidelines and limitations:

    • Maximum of four default analyzer sessions

    • LAGs supported as mirror output; a maximum of eight child members

    • Not supported:

      • Egress mirroring

      • Mirroring on IRB, Virtual Chassis, or management interfaces

      • Nondefault analyzers

    [See show forwarding-options analyzer.]

Routing Policy and Firewall Filters

  • Support for firewall filters and policers (ACX710)—Starting with Junos OS Release 20.2R1, the ACX710 router supports configuring firewall filters on packets (families such as bridge domain, IPv4, IPv6, CCC, and MPLS) based on packet match conditions. Along with the match conditions, actions such as count, discard, log, syslog, and policer are performed on the packets that match the filter. You can configure policers and attach them to a firewall term.

    [See Standard Firewall Filter Match Conditions and Actions on ACX Series Routers Overview.]

What's Changed

Learn about what changed in Junos OS main and maintenance releases for ACX Series routers.

What’s Changed in Release 20.2R2

Routing Protocols

  • Advertising /32 secondary loopback addresses to traffic engineering database as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, multiple secondary loopback addresses in the traffic engineering database were added to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router ID.

  • IGMP snooping in EVPN-VXLAN multihoming environments (QFX5110)—In an EVPN-VXLAN multihoming environment on QFX5110 switches, you can now selectively enable IGMP snooping only on those VLANs that might have interested listeners. In earlier releases, you must enable IGMP snooping on all VLANs associated with any configured VXLANs because all the VXLANs share VXLAN tunnel endpoints (VTEPs) between the same multihoming peers and require the same settings. This is no longer a configuration limitation.

What’s Changed in Release 20.2R1

General Routing

  • Support for full inheritance paths of configuration groups to be built into the database by default (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting with Junos OS Release 20.2R1, the persist-groups-inheritance option at the [edit system commit] hierarchy level is enabled by default. To disable this option, use no-persist-groups-inheritance.

    [See commit (System).]

  • Install or activate the RIFT package to include the request rift package activate-as-top-of-fabric option—Install or activate the RIFT package to include the request rift package activate-as-top-of-fabric option. This option is same as the activate option but it adds additional configuration to act as a top-of-fabric node.

Juniper Extension Toolkit (JET)

  • PASS keyword required for Python 3 JET applications (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—If you are writing a JET application using Python 3, include the PASS keyword in the Exception block of the script. Otherwise, the application throws an exception when you attempt to run it.

    [See Develop Off-Device JET Applications and Develop On-Device JET Applications.]

  • Updates to IDL for RIB service API bandwidth field (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The IDL for the RouteGateway RIB service API has been updated to document additional rules for the bandwidth field. You must set bandwidth only if a next hop has more than one gateway, and if you set it for one gateway on a next hop, you must set it for all gateways. If you set bandwidth when there is only a single usable gateway, it is ignored. If you set bandwidth for one or more gateways but not all gateways on a next hop, you see the error code BANDWIDTH_USAGE_INVALID.

    [See Juniper EngNet.]

Network Management and Monitoring

  • Junos OS only supports using Python 3 to execute YANG Python scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS uses Python 3 to execute YANG action and translation scripts that are written in Python. In earlier releases, Junos OS uses Python 2.7 to execute these scripts.

    [See Understanding Python Automation Scripts for Devices Running Junos OS.]

Known Limitations

Learn about known limitations in this release for ACX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • If Layer 2 VPN sessions have the OAM control-channel option set to router-alert-label, the no-control-word option in the Layer 2 VPN should not be used for BFD sessions to come up. PR1432854

  • In case of Dot1P, CFI rewrite based on TC or DP classification is not possible on the ACX5448 and ACX710 routers. As a workaround to preserve or control the incoming packet CFI bit at egress side (rewrite), configure 802.1ad, which has the control over the CFI rewrite as well. PR1435966

  • The time consumed on 1-Gigabit performance is not equal to that on 10-Gigabit performance. Compensation is done to bring the mean value under class A but the peak-to-peak variations are high and can go beyond 100 ns. It has a latency variation with peak-to-peak variations of around 125–250 ns without any traffic (for example, 5–10 percent of the mean latency introduced by each phy which is of around 2.5us). PR1437175

  • With an asymmetric network connection, EX: 10G MACsec port connected to a 10-Gigabit Ethernet channelized port, high and asymmetric T1 and T4 time errors introduce a high two-way time error. This introduces different CF updates in forward and reverse paths. PR1440140

  • With the MACsec feature enabled and introduction of traffic, the peak-to-peak value varies with the percentage of traffic introduced. Find the maximum and mean values of the time errors with different traffic rates (for example, two router scenario) that can have maximum value jumps as high as 1054 ns with 95 percent traffic, 640 ns with 90 percent traffic, and 137 ns with no traffic. PR1441388

  • On the ACX710 router, a variable amount of time is taken to reflect the TWAMP packets. Because of this, the packet latency is not uniform. PR1477329

  • On the ACX710 router, as per current design and BCOM input, load balancing does not work on any packet which is injected from host path. PR1477797

  • On the ACX710 router, OSPF neighbors are not learned via VPLS connections because the vlan-tags outer vlan-id1 inner vlan-id2 statement is not supported in VPLS routing instance. PR1477957

  • On the ACX710 router, sequential increment of both SRC and DST MAC do not provide better load balance as per HASH result. PR1477964

  • On the ACX710 router, load balancing does not happen based on inner IP address when MPLS labelled traffic is received on NNI interface. PR1478945

  • On the ACX710 router, for TCP protocol as well as for non-TCP protocol, loss-priority medium-low is not supported. PR1479164

  • For ethernet-vpls encapsulation, if both DST IP and SRC IP are identically varied at the same octet, then hashing might not happen and leads to undefined behavior in load balancing on the ACX710 router. PR1479767

  • For bridge LB with vlan-bridge encapsulation, if both SRC IP and DST IP are incremented or decremented by the same order (such as DIP = 10.1.1.1 (increment by 1 up to 100) and SIP = 20.2.3.1 (increment by 1 upto 100), then hashing does not happen on the ACX710 router. PR1479986

  • For vlan-ccc encapsulation, if both SRC IP and DST IP are incremented or decremented by the same order (such as DIP = 10.1.1.1 (increment by 1 upto 100) and SIP = 20.2.3.1 (increment by 1 upto 100), then hashing does not happen on the ACX710 router. PR1480228

  • On the ACX710 router, the input packet statistics for the show interfaces command represents the input packets at the MAC. The error packets which get dropped by MAC and that do not reach PHY will not be accounted. PR1480413

  • Fragmentation or reassembly is not supported on ACX710 platforms due to the lack of hardware support. PR1481867

  • On ACX5448 and ACX710 routers, each traffic stream is measured independently per port. Storm control is initiated only if one of the streams exceeds the storm control level. For example, if you set a storm control level of 100 Megabits and the broadcast and unknown unicast streams on the port are each flowing at 80 Mbps, storm control is not triggered. PR1482005

  • On the ACX710 router, RFC2544 reports high latency and throughput loss when the packet size is 64 bytes at 100 percent line rate on the ASIC. The ASIC has low threshold value due to which packets are moved to DRAM from SRAM. When packets are moved to DRAM, high latency and packet drop are observed. PR1483370

  • On the ACX710 router, VRRP over aggregated Ethernet interface is not supported. PR1483594

  • On the ACX710 router, traffic loss is seen for segment routing, if protection (FRR) is enabled for 128 IPv6 prefix route. PR1484234

  • Counters for PCS bit errors are not supported because of hardware limitations. Hence "Bit errors" and "Errored blocks" are not supported on an ACX710. PR1484766

  • If any queue is configured with high priority, it is expected that accuracy of traffic distribution might vary for normal queues because of chip limitation. PR1485405

  • For Layer 3 VPN configuration, sequential increment of both SRC IP and DST IP address would not provide better load balance as per hash result on the ACX710 router. PR1486406

  • On the ACX710 router, double tagged interfaces implicit normalization to VLAN ID none is not supported. PR1486515

  • On the ACX710 router, double tagged interfaces implicit normalization to VLAN ID none, ingress VLAN map operation, and pop-pop are not supported. PR1486520

  • On the ACX710 router, packet priority at egress is derived from the internal priority. This internal priority is derived from the outer VLAN priority at ingress. Thus, the exiting packet retains the same priority as the ingress outer VLAN priority. PR1486571

  • When you add or delete a configuration or a LAG member link flaps, configuration updates happen for all other members of the LAG too. This results in transient traffic drop on the ACX710 devices. PR1486997

  • On the ACX710 router, double tagged ELMI and LLDP PDUs are dropped when L2PT is enabled for these protocols on the ingress interface. These PDUs are supposed to be untagged/native VLAN tagged and hence the drop. PR1487931

  • On the ACX710 router, VLAN map operations like swap/swap does not work because the vlan-tags outer vlan-id1 inner vlan-id2 statement is not supported in VPLS routing instance. PR1488084

  • On the ACX710 router, whenever the 100-Gigabit Ethernet interface is disabled, the alarm is not shown in the jnxDomMib jnxDomCurrentLaneWarnings and jnxDomCurrentLaneAlarms. PR1489940

  • On the ACX710 router, in case of Layer 2 circuit, load balancing does not occur based on inner MAC address when MPLS labelled traffic is received on an NNI interface. PR1490441

  • On the ACX710 router, unable to scale 1000 CFM sessions at 3 ms intervals; an error message is observed. PR1495753

  • On ACX5448 routers, aggregated Ethernet LACP toggles with host path traffic with MAC rewrite configuration enabled. PR1495768

  • The traceroute mpls ldp command does not work in case explicit-null is configured. It does not affect data path traffic. PR1498339

  • On the ACX710 router, the convergence time for the traffic to switch over from the primary to the secondary link during link flap could be expected to be around 60 to 200 ms with the basic link aggregation configuration. PR1499965

  • On the ACX710 router, not able to scale BFD to 1024 sessions with IPv4 and IPv6. PR1502170

  • On the ACX710 router, GPS satellites do not track intermittently with GPS-only constellation. PR1505325

  • On ACX710 routers, unexpected delay counter values are seen in the output for show ptp statistics detail when upstream master stops sending the PTP packets. PR1508031

  • On ACX710 routers, if the ukern is restarted with the chassis-control restart command, the state of the PTP lock status on the Routing Engine will transition among holdover/acquiring/phase locked. The clock data is displayed accordingly. Once the Packet Forwarding Engine is up and running after restart, clock data is stable and correct. During the time the Packet Forwarding Engine is not up, the clock display is inconsistent but eventually it becomes valid once the Packet Forwarding Engine is up and the clock is created and announce packets are being generated. PR1508385

  • On ACX710 routers, servo status toggles to free-run/holdover-in-spec/acquiring on doing ABMCA change from virtual port to PTP. PR1510880

  • On ACX710 routers, local repair can be in seconds (>50 ms) during FRR convergence. If explicit NULL is configured on the PHP node and on the PHP node of the backup path, the link failure is observed at PHP node. Global repair resumes the traffic flow. PR1515512

  • The maximum FIB route scale supported in an ACX710 router are as below:

    FIB IPv6 route scale - 80,000

    FIB IPv4 route scale - 170,000

    If routes are added above this scale, an error indicating lpm route add failure is reported. PR1515545

  • PTP to 1PPS noise transfer test fails for frequency 1.985 Hz. PR1522666

  • SyncE to 1PPS transient test results do not meet G.8273.2 SyncE to 1PPS transient metric. PR1522796

Open Issues

Learn about open issues in this release for ACX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • On the ACX5000 router, the following false positive parity error message is observed: soc_mem_array_sbusdma_read. The SDK can raise false alarms for parity error messages like this. PR1276970

  • The SD (Signal Degrade) threshold is normally lower than the SF threshold (that is, so that as errors increase, SD condition is encountered first). For the ACX6360 optical links there is no guard code to prevent the user from setting the SD threshold above the SF threshold, which would cause increasing errors to trigger the SF alarm before the SD alarm. This will not cause any issues on systems with correctly provisioned SD/SF thresholds. PR1376869

  • The switchover time is observed to be more than 50 minutes under certain soak test conditions with an increased scale with a multi-protocol and multi-router topology. PR1387858

  • A jnxIfOtnOperState trap notification is sent for all OT interfaces. PR1406758

  • The em2 interface configuration causes the FPC to crash during initialization and FPC does not come online. After deleting the em2 configuration and restarting the router, the FPC comes online. PR1429212

  • DHCP clients are not able to scale to 96000. PR1432849

  • Protocols get forwarded when using a non-existing SSM map source address in IGMPv3 instead of pruning. PR1435648

  • Memory leaks are expected in this release. PR1438358

  • Drop profile maximum threshold might not be reached when the packet size is other than 1000 bytes. This is due to the current design limitation. PR1448418

  • The IPv6 BFD sessions flap when configured below 100 ms flaps. PR1456237

  • On ACX710 routers, packet drop is observed after changing ALT port cost for RSTP. PR1482566

  • On ACX710 routers, VRRP over dual tagged interface is not supported. PR1483759

  • On ACX710 routers, FEC of channel 0 in a channelized 25-Gigabit Ethernet interface is set to None while channels 1, 2, and 3 have FEC74 as the default value for 100-Gigabit Etherne LR4 optics. The desired FEC value can be set through the CLI command set interfaces et-x/y/z: channel no gigether-options fec fec value. PR1488040

  • On ACX6360 Series platforms, port mirroring does not work when the port mirroring is configured with the firewall filter. PR1491789

  • On ACX710 routers, the ping mpls l2ckt/l2vpn command does not work if the no-control-word statement is configured. PR1492963

  • On ACX710 routers, the ping mpls l2circuit command does not work if the explicit-null is configured. It does not affect the data path traffic. PR1494152

  • On ACX710 routers with an EVPN-VPWS and EVPN-FXC circuits, Layer 3 VPN destination reachable over composite next hop (this is enabled using CLI set routing-options forwarding-table chained-composite-next-hop ingress l3vpn) does not get HW FRR behavior (less than 50 ms convergence). The traffic convergence depends on control plane convergence. PR1499483

  • On ACX710 routers, if we configure DHCP option 012 host-name in DHCP server and the actual base configuration file also has the host-name in it, then overwriting of the base configuration file's host-name with the DHCP option 012 host-name is happening. PR1503958

  • On the ACX6360 platform, the core file core-ripsaw-node-aftd-expr is generated and you are unable to back trace the file. PR1504717

  • On ACX710 routers, when the following steps are done for PTP, chassis does not lock:

    1. Use one or two ports as source for chassis synchronization and lock both PTP and SyncE locked.

    2. Disable both logical interfaces.

    3. Restart clksyncd.

    4. Rollback 1.

    As a workaround, you can avoid this issue by deleting the PTP configuration, restarting clksyncd, and then reconfiguring PTP. PR1505405

  • MPLS LSP check fails while verifying basic LSP retry limit. Reset the src-address of the LSP to 0 (if src-address is not configured) whenever it changes its state from up to down. So when the ingress LSP goes to down state, reset it to 0. The script fails because the script checks for src-address to be present for the ingress LSP session. PR1505474

  • On ACX710 routers, unexpected delay counter values are seen under show ptp statistics detail when upstream master stops sending the PTP packets. PR1508031

  • On ACX710 routers, if the ukern is restarted with the chassis-control restart command, the state of the PTP lock status on the Routing Engine changes among holdover/acquiring/phase locked. The clock data is displayed accordingly. Once the Packet Forwarding Engine is up and runs after restart, clock data is stable and correct. During the time the Packet Forwarding Engine is not up, the clock display is inconsistent but eventually it becomes valid once the Packet Forwarding Engine is up and the clock is created and announce packets are being generated. PR1508385

  • ACX1100, ACX2100, ACX2200, ACX2000, and ACX4000 routers might stop forwarding transit and control traffic because of DMA stuck issue with SDK. PR1508534

  • On ACX710 routers, EXP re-marking is supported only for a single MPLS label packet. PR1509627

  • In a rare scenario, sometimes logical interfaces statistics might be shown as 0. This issue might impact queue statistics of Layer 2 VPN , Layer 3 VPN, IPv6 services in that particular logical interfaces. Issue is seen rarely, once in multiple tries. PR1511279

  • On ACX710 routers, local repair can be in seconds (>50 ms) during FRR convergence. If the explicit NULL is configured on the PHP node and on the PHP node of the backup path, the link failure is observed at PHP node. Global repair resumes the traffic flow. PR1515512

  • Alarm might not be seen on ACX710 routers when the system is booted with recovery snapshot. PR1517221

  • In a scenario with BGP-PIC with IS-IS as IGP, the control plane converges, taking 9000 msec on failing the link toward DUT to move the traffic to the backup path. PR1517280

  • Configuring the stateful-firewall filter will lead to traffic drop and firewall session counters will not be incremented. This is seen only in new SDK 6.5.16 releases. PR1520305

  • Interface does not come up with the auto-negotiation setting between ACX1100 and QFX, MX, and ACX as other end. PR1523418

Platform and Infrastructure

  • The CFM remote MEP does not come up after configuration or remains in start state. PR1460555

Resolved Issues

Learn which issues were resolved in the Junos OS main and maintenance releases for ACX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 20.2R2

General Routing

  • Policer discarded count is shown incorrectly to the enq count of the interface queue, but the traffic behavior is as expected. PR1414887

  • The gigether-options command is enabled again under the interface hierarchy. PR1430009

  • While performing repeated power-off or power-on of the device, SMBUS transactions timeout is observed. PR1463745

  • On the ACX5048 router, the egress queue statistics do not work for the aggregated Ethernet interfaces. PR1472467

  • On ACX710 routers, VPLS OAM sessions are detected with error (remote defect indication sent by some MEPs) after changing VLANs. PR1478346

  • BFD over Layer 2 VPN or Layer 2 circuit does not work because of the SDK upgrade to version 6.5.16. PR1483014

  • On the ACX5048 router, traffic loss is observed during the unified ISSU upgrade. PR1483959

  • On ACX5048 and ACX5096 routers, the LACP control packets might get dropped due to high CPU utilization. PR1493518

  • When 40-Gigabit Ethernet or 10-Gigabit Ethernet interface optics are inserted in 100-Gigabit Ethernet or 25-Gigabit Ethernet interface port with 100-Gigabit Ethernet or 25-Gigabit Ethernet interface speed configured and vice versa, the Packet Forwarding Engine log message displays a speed mismatch. PR1494591

  • On the ACX710 router, high convergence is observed with the EVPN-ELAN service in a scaled scenario during FRR switchover. PR1497251

  • Outbound SSH connection flaps or memory leaks occur during the push configuration to the ephemeral database with a high rate. PR1497575

  • All the autonegotiation parameters are not shown in the output of the show interface media command. PR1499012

  • On the ACX5448 router, the EXP rewrite for the Layer 3 VPN sends all traffic with incorrect EXP. PR1500928

  • SFP-T is unrecognized after FPGA upgrade and power cycle. PR1501332

  • The error message mpls_extra NULL might be seen when you add, change, or delete MPLS route. PR1502385

  • On the ACX500 router, the SFW sessions might not get updated on ms interfaces. PR1505089

  • The wavelength changes from CLI but does not update the hardware for the tunable optics. PR1506647

  • The PIC slot might shut down in less than 240 seconds due to the over temperature start time being handled incorrectly. PR1506938

  • In the PTP environment, some vendor devices acting as clients are expecting announce messages at an interval of -3 (8pps) from the upstream master device. PR1507782

  • The BFD session flaps with the following error message after a random time interval: ACX_OAM_CFG_FAILED: ACX Error (oam):dnx_bfd_l3_egress_create : Unable to create egress object. PR1513644

  • The loopback filter cannot take more than two TCAM slices. PR1513998

  • On the ACX710 router, the following error message is observed in the Packet Forwarding Engine while the EVPN core link flaps: dnx_l2alm_add_mac_table_entry_in_hw. PR1515516

  • The VM process generates a core file while running stability test in a multidimensional scenario. PR1515835

  • The l2ald process crashes during stability test with traffic on a scaled setup. PR1517074

  • On the ACX710 router, whenever a copper optic interface is disabled and enabled, the speed shows 10 Gbps rather than 1 Gbps. This issue is not seen with the fiber interface. PR1518111

  • The IPv6 neighbor state change causes Local Outlif to leak by two values, which leads to the following error: DNX_NH::dnx_nh_tag_ipv4_hw_install. PR1519372

  • Tagged traffic matching the vlan-list configuration in the vlan-ccc logical interface gets dropped in the ingress interface. PR1519568

  • The incompatible media type alarm is not raised when the synchronous Ethernet source is configured over the copper SFP. PR1519615

  • If the client clock candidate is configured with a virtual port, the clock class is on T-BC. PR1520204

  • On the ACX710 router, the alarm port configuration is not cleared after deleting the alarm-port. PR1520326

  • The show class-of-service interface command does not show classifier information. PR1522941

  • The vlan-id-list statement might not work as expected on the ACX5448 and ACX710 platforms. PR1527085

  • The show class-of-service routing-instance command does not show configured classifier on ACX Series platforms. PR1531413

  • Memory leak in local OutLif in VPLS and CCC topology. PR1532995

  • Management Ethernet link down alarm is seen while verifying system alarms in a Virtual Chassis setup. PR1538674

Interfaces and Chassis

  • The FPC crash might be observed with inline mode CFM configured. PR1500048

Routing Protocols

  • The rpd process might report 100 percent CPU usage with BGP route damping enabled. PR1514635

Resolved Issues: 20.2R1

General Routing

  • Drift messages in ACX2200, which is a PTP hybrid (PTP + Synchronous Ethernet) device. PR1426910

  • ACX5448-D interfaces support: The input bytes value for the show interfaces extensive command is not at par with older ACX Series or MX Series devices. PR1430108

  • On an ACX5448 device, DHCP packets are not transparent over Layer 2 circuit. PR1439518

  • On an ACX5048 device, SNMP polling stops after the link is flapped or the SFP transceiver is replaced, and ACX_COS_HALP(acx_cos_gport_sched_set_strict_priority:987): Failed to detach logs might be seen. PR1455722

  • ACX5448-D and ACX5448-M devices do not display airflow information and temperature sensors as expected. PR1456593

  • Unable to get shared buffer count as expected. PR1468618

  • ERP might not come up properly when MSTP and ERP are enabled on the same interface. PR1473610

  • On an ACX710 device, MPLS packet load balancing is done without hashing enabled. PR1475363

  • FPC might continuously crash after deactivating or activating loopback filter or reboot the system after configuring the loopback filter. PR1477740

  • The dcpfe core file is generated when disabling or enabling MACsec through Toby scripts. PR1479710

  • Link does not come up when a 100-Gigabit Ethernet port is channelized into four port 25-Gigabit Ethernet interfaces. PR1479733

  • Memory utilization enhancement on ACX platforms to reduce the memory foot print. PR1481151

  • On ACX5448 devices, dnx_nh_mpls_tunnel_install logs are seen. PR1482529

  • ACX AUTHD process memory usage is 15 percent. PR1482598

  • FPC crash is seen on ACX5448 platform. PR1485315

  • On an ACX5448 device, Layer 2 VPN with interface ethernet-ccc input-vlan-map/output-vlan-map can cause traffic to be discarded silently. PR1485444

  • On the ACX710 router, VPLS flood group results in IPv4 traffic drop after core interface flap. PR1491261

  • On the ACX710 routers, LSP (primary and standby) does not Act/Up after routing or rpd restart. PR1494210

  • During speed mismatch, QSFP28/QSFp+ optics/cables might or might not work. PR1494600

  • ACX710 BFD sessions are in initialization state with CFM scale of 1000 on reboot or chassis control restart. PR1503429

  • On an ACX500-i router, SFW sessions are not getting updated on ms- interfaces. PR1505089

  • On an ACX710 router, wavelength changed from CLI does not take effect in tunable optics. PR1506647

  • PIC slot might be shut down in less than 240 seconds due to the over-temperature start time is handled incorrectly. PR1506938

  • BFD flaps with the error ACX_OAM_CFG_FAILED: ACX Error (oam):dnx_bfd_l3_egress_create : Unable to create egress object after random time interval. PR1513644

Interfaces and Chassis

  • The status of the MC-AE interface might be shown as unknown when you add the subinterface as part of the VLAN on the peer MC-AE node. PR1479012

Layer 2 Ethernet Services

  • Member links state might be asynchronized on a connection between a PE device and a CE device in an EVPN active/active scenario. PR1463791

MPLS

  • BGP session might keep flapping between two directly connected BGP peers because of the incorrect TCP-MSS in use. PR1493431

Routing Protocols

  • The BGP route target family might prevent route reflector from reflecting Layer 2 VPN and Layer 3 VPN routes. PR1492743

VPNs

  • The Layer 2 circuit neighbor might be stuck in RD state at one end of the MG-LAG peer. PR1498040

  • The rpd core files are generated while disabling Layer 2 circuit with connection protection, backup neighbor configuration, and Layer 2 circuit trace logs enabled. PR1502003

Documentation Updates

There are no errata or changes in Junos OS Release 20.2R2 documentation for ACX Series routers.

Migration, Upgrade, and Downgrade Instructions

This section contains the upgrade and downgrade support policy for Junos OS for ACX Series routers. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 19.3, 19.4, and 20.1 are EEOL releases. You can upgrade from Junos OS Release 19.3 to Release 19.4 or from Junos OS Release 19.3 to Release 20.1.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

For information about software installation and upgrade, see the Installation and Upgrade Guide.