Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for MX Series

 

These release notes accompany Junos OS Release 20.2R2 for the MX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

Learn about new features introduced in the Junos OS main and maintenance releases for MX Series routers.

What’s New in Release 20.2R2

There are no new features or enhancements to existing features for MX Series routers in Junos OS Release 20.2R2.

What’s New in Release 20.2R1-S1

Software Installation and Upgrade

  • Zero touch provisioning (ZTP) with IPv6 support (EX3400, EX4300, QFX5100 and QFX5200 switches, MX-Series routers)—Starting in Junos OS Release 20.2R1-S1, ZTP supports the DHCPv6 client. During the bootstrap process, the device first uses the DHCPv4 client to request for information regarding image and configuration file from the DHCP server. The device checks the DHCPv4 bindings sequentially. If there is a failure with one of the DHCPv4 bindings, the device will continue to check for bindings until provisioning is successful. If there are no DHCPv4 bindings, however, the device will check for DHCPv6 bindings and follow the same process as for DHCPv4 until the device can be provisioned successfully. Both DHCPv4 and DHCPv6 clients are included as part of the default configuration on the device.

    The DHCP server uses DHCPv6 options 59 and 17 and applicable suboptions to exchange ZTP-related information between itself and the DHCP client.

    Note

    Only HTTP and HTTPS transport protocols are supported EX3400, EX4300, QFX5100, and QFX5200 devices.

    [See Zero Touch Provisioning.]

What’s New in Release 20.2R1

Class of Service (CoS)

  • Support for rewrite rules on a per-customer basis on MPC10 and MPC11 (MX Series)—Starting in Junos OS Release 20.2R1, we support creating rewrite rules on a per-customer basis on MPC10 and MPC11 cards. You can create rewrite rules on a per-customer basis through a policy map. You define policy maps at the [edit class-of-service policy-map] hierarchy level, and assign the policy map to a customer through a firewall action, an ingress interface, or a routing policy.

    [See Assigning Rewrite Rules on a Per-Customer Basis Using Policy Maps Overview.]

EVPN

  • IPv4 unicast VXLAN encapsulation optimization (MX240, MX480, MX960, MX2008, MX2010, MX2020, MX10003, MX10008, and MX10016)—Starting in Junos OS Release 20.2R1, by default, the listed MX Series routers optimize the IPv4 unicast VXLAN encapsulation process for the following tunnel types:

    • PIM-based VXLAN

    • EVPN-VXLAN

    • Static VXLAN

    The optimized encapsulation process results in an increased throughput rate for IPv4 unicast packets between 512 to 1500 bytes in size.

    The optimization feature does not support the following:

    • EVPN Type-5 tunnels, which are already optimized

    • Forwarding table filters

    [See Understanding VXLANs.]

  • EVPN on MPLS-over-UDP tunnels (MX Series and vMX)—Starting in Junos OS Release 20.2R1, Junos OS supports an EVPN network with MPLS-over-UDP tunnels. EVPN uses indirect next hop while MPLS-over-UDP tunnels use tunnel composite next hop (TCNH) in resolving routes in the routing table. In Junos OS releases before Release 20.2R1, indirect next hops for EVPN traffic on MPLS-over-UDP tunnels resolve into unicast next hops. With this release, the indirect next hops for EVPN traffic on MPLS-over-UDP tunnels will resolve into TCNH.

    [See EVPN Overview and Example: Configuring Next-Hop-Based MPLS-Over-UDP Dynamic Tunnels.]

  • Support for inline performance monitoring services on EVPN (MX Series)—Starting in Junos OS Release 20.2R1, you can enable inline performance monitoring services on an EVPN network. With inline performance monitoring, you can configure a greater number of performance monitoring sessions. Inline performance monitoring applies only to delay measurements and synthetic loss measurements. You must also enable both enhanced IP network services and enhanced CFM mode in the device.

    To enable inline performance monitoring, include the following statements:

    • hardware-assisted-pm and hardware-assisted-keepalives enable statements at the [edit protocols oam ethernet connectivity-fault-management performance-monitoring] hierarchy level.

    • enhanced-ip statement at the [edit chassis network-services] hierarchy level.

    • enhanced-cfm-mode statement at the [edit protocols oam ethernet connectivity-fault-management] hierarchy level.

    [See Connectivity Fault Management Support for EVPN and Layer 2 VPN Overview.]

  • Noncolored SR-TE LSPs with EVPN-MPLS (ACX5448, EX9200, MX Series, and vMX)—Starting in Junos OS Release 20.2R1, ACX5448, EX9200, MX Series, and vMX routers support noncolored static segment routing-traffic engineered (SR-TE) label-switched paths (LSPs) with an EVPN-MPLS core network and the following Layer 2 services running at the edges of the network:

    • E-LAN

    • EVPN-ETREE

    • EVPN-VPWS with E-Line

    Without color, all LSPs resolve using a BGP next hop only.

    The Juniper Networks routers support noncolored SR-TE LSPs in an EVPN-MPLS core network with the following configurations:

    • EVPN running in a virtual switch routing instance

    • Multihoming in active/active and active/standby modes

    The Juniper Networks routers also support noncolored SR-TE LSPs when functioning as a Data Center Interconnect (DCI) device that handles EVPN Type 5 routes.

    [See Static Segment Routing Label Switched Path.]

  • Layer 3 gateway in an EVPN-MPLS environment (MPC10 and MPC11 line cards with MX240, MX480, and MX960)—Starting in Junos OS Release 20.2R1, the supported MX Series routers with MPC10 and MPC11 line cards can act as a default Layer 3 gateway for an EVPN instance (EVI), which can span a set of routers. In this role, the MX Series routers can perform inter-subnet forwarding. With inter-subnet forwarding, each subnet represents a distinct broadcast domain.

    The Layer 3 gateway supports the following features:

  • Multihoming in an EVPN-MPLS environment (MPC10 and MPC11 line cards with MX240, MX480, and MX960)—Starting in Junos OS Release 20.2R1, you can multihome a customer edge (CE) device to two or more provider edge (PE) devices (the supported MX Series routers with MPC10 and MPC11 line cards) in an EVPN-MPLS network. We support the following multihoming features:

    • Single-active and all-active modes

    • The configuration of an Ethernet segment identifier (ESI) per interface

    • Preference-based designated forwarder election

    [See EVPN Multihoming Overview.]

  • EVPN-VXLAN (MPC10 and MPC11 line cards with MX2010, MX2020)—Starting in Junos OS Release 20.2R1, the MX2010 and MX2020 routers with MPC10 and MPC11 line cards installed support the following EVPN-VXLAN features:

    • Layer 2 VXLAN

      • Multihoming with active/active and active/standby modes, an Ethernet segment identifier (ESI) per interface, and preference-based designated forwarder (DF) election

      • MAC pinning, MAC move, MAC limiting, and MAC aging

      • QoS

      • DHCP and DHCP relay

      • Prevention of broadcast, unknown unicast, and multicast (BUM) traffic loops when a leaf device is multihomed to more than one spine device

    • Layer 3 VXLAN

      • IRB interfaces

      • IPv6 over IRB interfaces

      • Support for OSPF, IS-IS, BGP, and static routing over IRB interfaces

      • Proxy ARP and ARP suppression, and proxy NDP and NDP suppression with and without IRB interfaces

      • IPv6 underlay

      • Virtual machine traffic optimization (VMTO) for ingress traffic

    • Data Center Interconnect (DCI)

      • Nonpure and pure EVPN Type-5 routes

    • High availability

      • Nonstop active routing (NSR)

      • Graceful Routing Engine switchover (GRES)

      • Graceful restart from a routing process restart or Routing Engine switchover without NSR enabled

    • Operations and management

      • Core isolation feature

      • Ping over EVPN Type-5 tunnel

    • Static VXLAN

      • Overlay ping and traceroute

    [See EVPN User Guide.]

High Availability (HA) and Resiliency

  • Support for VRRP on the MPC11 (MX2010 and MX2020)—Starting in Junos OS Release 20.2R1, VRRP is supported on the MPC11 line card. All VRRP features are supported.

    [See Understanding VRRP.]

  • LACP inline support during unified ISSU for multivendor networks (MX104, MX240, MX480, MX960, and MX10003)—Starting with Junos OS Release 20.2R1, unified ISSU supports LACP interoperability with other vendor devices for fast periodic interval sessions. LACP sessions in full-scale scenarios with interoperability will no longer experience timeouts during unified ISSU.

    Use the set protocols lacp ppm inline command to enable LACP inline support.

    [See Getting Started with Unified In-Service Software Upgrade.]

  • Support for failover configuration synchronization for the ephemeral database (EX Series, MX Series, MX Series Virtual Chassis, PTX Series, and QFX Series)—Starting in Junos OS Release 20.2R1, when you configure the commit synchronize statement at the [edit system] hierarchy level in the static configuration database of an MX Series Virtual Chassis or dual Routing Engine device, the backup Routing Engine will synchronize both the static and ephemeral configuration databases when it synchronizes its configuration with the master Routing Engine. This happens, for example, when a backup Routing Engine is newly inserted, comes back online, or changes roles. On a dual Routing Engine system, the backup Routing Engine synchronizes both configuration databases with the master Routing Engine. In an MX Series Virtual Chassis, the master Routing Engine on the protocol backup synchronizes both configuration databases with the master Routing Engine on the protocol master.

    [See Understanding the Ephemeral Configuration Database.]

  • Support for VRRP on the MPC10 and MPC11 (MX240, MX480, and MX960)—Starting in Junos OS Release 20.2R1, VRRP is supported on the MPC11 and MPC10 line cards. All VRRP features are supported.

    [See Understanding VRRP.]

Interfaces and Chassis

  • Transparent forwarding of CFM packets over VPLS (MX Series)—In Junos OS Release 20.2R1 and later, MX Series router supports VLAN transparency for connectivity fault management (CFM) packets over Virtual private LAN service (VPLS). If the incoming CFM packets have more vlan-tags than the configured interface vlan-tags, then CFM PDU is treated transparent. In the earlier Junos OS releases, CFM frame filtering was applied on all CFM PDU including on CFM PDU that had more number of tags than the interface configuration.

    We do not support the following on MX Series routers:

    • Transparency for tagged CFM PDU incoming on untagged interface.

    • Transparency for untagged CFM PDU on interface with native VLAN configuration.

    [See Example: Configuring Ethernet CFM over VPLS.]

  • Support for 400-Gbps port speed (MX240, MX480, and MX960)—In Junos OS Release 20.2R1, you can configure port speed of 400-Gbps for MPC10E (MPC10E-10C-MRATE and MPC10E-15C-MRATE) on MX240, MX480, and MX960 routers. Use the QSFP56-DD optics to configure 400-Gbps port speed on:

    • MPC10E-10C-MRATE: Port 4 of the MPC

    • MPC10E-15C-MRATE: Port 4 of the MPC

    [See Port Speed.]

  • Support for monitoring link degradation (MX Series routers with MPC10E)—Starting in Junos OS Release 20.2R1, you can monitor link degradation of the 10-Gigabit Ethernet interfaces, 40-Gigabit Ethernet interfaces, and 100-Gigabit Ethernet interfaces on the MPC10E (MPC10E-15C-MRATE and MPC10E-10C-MRATE) line cards. Link degradation monitoring enables you to monitor the quality of physical links on interfaces and take corrective action when the link quality degrades beyond a certain value.

    To enable your device to monitor the links, use the link-degrade-monitor statement at the [edit interfaces interface-name] hierarchy level.

    [See Link Degrade Monitoring Overview.]

  • Targeted broadcast support (MPC10E and MX2K-MPC11E)—Starting in Junos OS Release 20.2R1, you can configure targeted broadcast on broadcast interfaces on the MPC10E and MX2K-MPC11E line cards. Targeted broadcast enables a broadcast packet, destined for a remote network, to transit across networks until the destination network is reached. In the destination network, the packet is broadcast as a normal broadcast packet. This feature is useful when the Routing Engine is flooded with packets to process. You can configure targeted broadcast to forward the packets to :

    • Both the egress interface and the Routing Engine.

    • Egress interface only.

    To configure targeted broadcast on an interface, include the targeted-broadcast statement at the [edit interfaces interface-name unit logical-unit-number family inet] hierarchy level.

    [See Understanding Targeted Broadcast.]

Juniper Extension Toolkit (JET)

  • RIB service APIs support dynamic next-hop interface binding (MX Series, PTX Series, and vMX)—Starting in Junos OS Release 20.2R1, programmed RIB routes react to Up, Down, Add, and Delete events for direct next-hop interfaces. When all direct next-hop interfaces are unusable, the route becomes inactive. This prevents traffic from being dropped and keeps inactive routes from being propagated through the network.

    This feature applies to all routes programmed using the rib_service JET API where an interface is configured as a direct next hop, including interfaces that are part of a flexible tunnel. It also applies to tunnels configured with the flexible_tunnel_service JET API.

    To disable this feature, use edit routing-options programmable-rpd rib-service dynamic-next-hop-interface disable.

    [See rib-service (programmable-rpd), Juniper Extension Toolkit Developer Guide, and Juniper Engineering Network website.]

  • Python 3 support for JET (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS can use Python 3 to execute JET scripts. To enable unsigned JET Python applications that support Python 3 to run on devices running Junos OS, use the set system scripts language python3 command.

    [See language (Scripts), Develop Off-Device JET Applications, and Develop On-Device JET Applications.]

Junos Telemetry Interface

  • Network instance (policy) statistics and OpenConfig configuration enhancements on JTI (ACX1100, ACX2100, ACX5448, ACX6360, EX4300, MX240, MX480, MX960, MX10003, PTX10008, PTX10016, QFX5110, and QFX10002)—Junos OS Release 20.2R1 provides enhancements to support the OpenConfig data models openconfig-local-routing.yang and openconfig-network-instance.yang.

    [See Mapping OpenConfig Routing Policy Commands to Junos Configuration and Mapping OpenConfig Network Instance Commands to Junos Operation.]

  • ON-CHANGE BGP peer information statistics support for JTI (MX960, MX2008, MX2010, MX2020, PTX1000, PTX5000, PTX10000, QFX5100, and QFX5200)—Junos OS Release 20.2R1 provides BGP peer sensor support using Junos telemetry interface (JTI) and remote procedure call (gRPC) services or gRPC Network Management Interface (gNMI) services. ON_CHANGE statistics are sent to an outside collector.

    The following resource paths are supported:

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/active (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes/received (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes/sent (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes/rejected (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/admin-state (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/established-transitions (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/last-established (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/messages/received/notification (stream)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/messages/received/update (stream)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/messages/sent/notification (stream

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/messages/sent/update (stream)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/session-state (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/supported-capabilities (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/transport/state/local-address (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/transport/state/remote-address (ON_CHANGE)

    • /network-instances/network-instance/protocols/protocol/bgp/transport/state/remote-port (ON_CHANGE)

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Telemetry support for LDP and MLDP traffic statistics (MX Series and PTX Series)—Starting in Junos OS Release 20.2R1, the following LDP and multipoint LDP native sensors are added for the Junos telemetry interface:

    • /junos/services/ldp/label-switched-path/ingress/usage/

    • /junos/services/ldp/label-switched-path/transit/usage/

    • /junos/services/ldp/p2mp/interface/receive/usage/

    • /junos/services/ldp/p2mp/interface/transmit/usage/

    • /junos/services/ldp/p2mp/label-switched-path/usage/

    You must enable telemetry streaming with the sensor-based-stats option at the [edit protocols ldp traffic-statistics] hierarchy level.

    The show ldp traffic-statistics command is enhanced to display upstream LDP traffic statistics and to display multipoint LDP traffic statistics per interface.

    On PTX Series routers, this feature is not supported for the following variants:

    • PTX3000 and PTX5000 with the RE-DUO-C2600-16G Routing Engine

    • PTX10003

    • PTX10008 with the PTX10K-LC1201-36CD line card

    • FPC2 line cards do not support ingress multipoint LDP statistics.

    [See sensor (Junos Telemetry Interface).]

  • gRPC telemetry support for LDP and MLDP traffic statistics (MX Series)—Starting in Junos OS Release 20.2R1, gRPC support is available to export LDP and multipoint LDP traffic statistics. You can use the following resource paths to export sensor data:

    • LDP LSP transit traffic—/mpls/signaling-protocols/ldp/lsp-transit-policies/lsp-transit-policy/state/counters

    • LDP LSP ingress traffic—/mpls/signaling-protocols/ldp/lsp-ingress-policies/lsp-ingress-policy/state/counters

    • Multipoint LDP traffic—/mpls/signaling-protocols/ldp/p2mp-lsps/p2mp-lsp/state/counters

    • Multipoint LDP egress traffic per-interface—/mpls/signalling-protocols/ldp/p2mp-interfaces/p2mp-interface/state/counters

    • Multipoint LDP ingress traffic per-interface—/mpls/signalling-protocols/ldp/p2mp-interfaces/p2mp-interface/

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • JTI sensor support for Packet Forwarding Engine and Routing Engine sensors (MX Series Virtual Chassis and MX Series routers with dual Routing Engines)—Junos OS Release 20.2R1 extends Junos telemetry interface (JTI) sensor support for all Packet Forwarding Engine and Routing Engine sensors currently supported on MX Series routers to include MX routers with dual Routing Engines or MX Series Virtual Chassis. The level of sensor support currently available for MX Series routers applies, whether through streaming or ON_CHANGE statistics export, using UDP, remote procedure call (gRPC) services or gRPC Network Management Interface (gNMI) services. Additionally, JTI operational mode commands will provide details for all Routing Engines and MX Series Virtual Chassis, too.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • JTI sensor support for standby Routing Engine statistics (MX480, MX960, MX10003, MX2010, and MX2020)—Junos OS Release 20.2R1 provides Junos telemetry interface (JTI) sensor support for standby Routing Engine statistics using remote procedure call (gRPC) services. This feature is supported on both single chassis and virtual chassis unless otherwise indicated. Use this feature to better track the state of software components running on a standby Routing Engine. Statistics exported to an outside collector through the following sensors (primarily under subscriber management) provide a more complete view of the system health and resiliency state:

    • Chassis role (backup or master) sensor /junos/system/subscriber-management/chassis and /junos/system/subscriber-management/chassis[chassis-index=chassis-index] (for specifying an index for an MX Series Virtual Chassis)

    • Routing Engine status and GRES notification sensor /junos/system/subscriber-management/chassis/routing-engines/routing-engine and /junos/system/subscriber-management/chassis/routing-engines/routing-engine[re-index=RoutingEngineIndex] (to specify an index number for a specific Routing Engine)

    • Subscriber management process sensor /junos/system/subscriber-management/chassis/routing-engines/process-status/subscriber-management-processes/subscriber-management-process and /junos/system/subscriber-management/chassis/routing-engines/process-status/subscriber-management-processes/subscriber-management-process[pid=ProcessIdentifier] (to specify a PID for a specific process)

    • Per Routing Engine DHCP binding statistics for server or relay sensor /junos/system/subscriber-management/chassis/routing-engines/routing-engine/dhcp-bindings/dhcp-element[dhcp-type-name=RelayOrServer/v4] and /junos/system/subscriber-management/chassis/routing-engines/routing-engine/dhcp-bindings/dhcp-element[dhcp-type-name=RelayOrServer/v6]

    • Virtual Chassis port counter sensor /junos/system/subscriber-management/chassis/virtual-chassis-ports/virtual-chassis-port and /junos/system/subscriber-management/chassis/virtual-chassis-ports/virtual-chassis-port[vcp-interface-name=vcp-interface-port-string] (to specify the interface name). This resource path is only supported on a virtual chassis.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface) and Understanding OpenConfig and gRPC on Junos Telemetry Interface.]

  • CPU statistics support on JTI (MX960, MX2010, MX2020, PTX1000, PTX5000, PTX10000, QFX5100, and QFX5200)—Junos OS Release 20.2R1 supports streaming various CPU statistics and process parameters using remote procedure call (gRPC) or gRPC Network Management Interface (gNMI) services and Junos telemetry interface (JTI). You can stream CPU usage per process (statistics are similar to output from the show system process detail operational mode command), as well as CPU usage per Routing Engine core.

    This feature supports the private data model openconfig-procmon.yang.

    To stream statistics to an outside collector, include the following resource paths in a gRPC or gNMI subscription:

    • Individual process level information (resource path /system/processes/process/)

    • Individual Routing Engine core information (resource path /components/component/cpu/)

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • TARGET_DEFINED subscription mode support with JTI (MX5, MX10, MX40, MX80, MX104, MX150, MX204, MX240, MX480, MX960, MX2008, MX2010, MX2020, MX10003, MX10008, and MX10016)—Junos OS Release 20.2R1 adds support for TARGET-DEFINED mode for subscriptions made using gRPC Network Management Interface (gNMI) services.

    Using a gNMI subscription, an external collector stipulates how sensor data should be delivered:

    • STREAMING mode periodically streams sensor data from the DUT at a specified interval.

    • ON_CHANGE mode sends updates for sensor data from the DUT only when data values change.

    • Newly supported TARGET_DEFINED mode (submode 0) instructs the DUT to select the relevant mode (STREAMING or ON_CHANGE) to deliver each element (leaf) of sensor data to the external collector. When a subscription for a sensor with submode 0 is sent from the external collector to the DUT, the DUT responds, activating the sensor subscription so that periodic streaming does not include any of the ON_CHANGE updates. However, the DUT will notify the collector whenever qualifying ON_CHANGE events occur.

    [See Understanding OpenConfig and gRPC and gNMI on Junos Telemetry Interface.]

  • Packet Forwarding Engine sensor support with INITIAL_SYNC on JTI (MX960, MX2008, MX2010, MX2020, PTX1000, PTX5000, PTX10000 line of routers, QFX5100, and QFX5200)—Starting in Junos OS Release 20.2R1, you can use Junos telemetry interface (JTI) and gRPC Network Management Interface (gNMI) services to export Packet Forwarding Engine statistics from devices to an outside collector using gNMI submode INITIAL_SYNC. When an external collector sends a subscription request for a sensor with INITIAL_SYNC (gnmi-submode 2), the host sends all supported target leaves (fields) under that resource path at least once to the collector with the current value. This is valuable because:

    • The collector has a complete view of the current state of every field on the device for that sensor path.

    • Event-driven data (ON_CHANGE) is received by the collector at least once before the next event is seen. In this way, the collector is aware of the data state before the next event happens.

    • Packet Forwarding Engine sensors that contain zero counter values (zero-suppressed) that normally do not show up in streamed data are sent, ensuring that all fields from each line card (also referred to as source) are known to the collector.

    Note

    ON_CHANGE data is not available for native (UDP) Packet Forwarding Engine Sensors.

    INITIAL_SYNC submode requires that at least one copy to be sent to the collector; however, sending more than one is acceptable.

    INITIAL_SYNC submode is supported for the following sensors:

    • Sensor for CPU (ukernel) memory (resource path /junos/system/linecard/cpu/memory/)

    • Sensor for firewall filter statistics (resource path /junos/system/linecard/firewall/)

    • Sensor for physical interface traffic (resource path /junos/system/linecard/interface/)

    • Sensor for logical interface traffic (resource path /junos/system/linecard/interface/logical/usage/)

    • Sensor for physical interface queue traffic (resource path /junos/system/linecard/interface/

      queue/
      )

    • Sensor for physical interface traffic except queue statistics (resource path /junos/system/linecard/interface/traffic/)

    • Sensor for NPU memory (resource path /junos/system/linecard/npu/memory/)

    • Sensor for NPU utilization (resource path /junos/system/linecard/npu/utilization/)

    • Sensor for packet statistics (resource path /junos/system/linecard/packet/usage/)

    • Sensor for software-polled queue-monitoring statistics (resource path /junos/system/linecard/qmon-sw/)

    [See Understanding OpenConfig and gRPC and gNMI on Junos Telemetry Interface and Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Export data using JSON encoding format with JTI (MX5, MX10, MX40, MX80, MX104, MX150, MX204, MX240, MX480, MX960, MX2008, MX2010, MX2020, MX10003, MX10008, and MX10016)—Junos OS Release 20.2R1 adds support for JavaScript Object Notation (JSON) encoding to export telemetry data using gRPC network management interface (gNMI) services and Junos telemetry interface (JTI). JSON is an open standard file format and data interchange format that provides a good balance of usability and performance. It uses human-readable text to store and transmit data objects consisting of attribute–value pairs and array data types.

    To export telemetry data using JSON encoding, include format json-gnmi at the [edit services analytics export-profile profile-name] hierarchy level. This is part of the export profile CLI configuration used to configure collector and sensor details in Junos OS.

    [See export-profile (Junos Telemetry Interface).]

  • SR-TE statistics for uncolored SR-TE policies streaming on JTI (MX240. MX480, MX960, MX2010, and MX2020 with MPC-10E or MPC-11E)—Junos OS Release 20.2R1 provides segment routing-traffic engineering (SR-TE) per label-switched path (LSP) route statistics using Junos telemetry interface (JTI) and remote procedure call (gRPC) services. Using JTI and gRPC services, you can stream SR-TE telemetry statistics for uncolored SR-TE policies to an outside collector.

    Ingress statistics include statistics for all traffic steered by means of an SR-TE LSP. Transit statistics include statistics for traffic to the binding SID (BSID) of the SR-TE policy.

    To enable these statistics, include the per-source per-segment-list statement at the [edit protocols source-packet-routing telemetry statistics] hierarchy level.

    If you issue the set protocols source-packet-routing telemetry statistics no-ingress command, ingress sensors are not created.

    If you issue the set protocols source-packet-routing telemetry statistics no-transit command, transit sensors are not created. Otherwise, if BSID is configured for a tunnel, transit statistics are created.

    The following resource paths (sensors) are supported:

    • /junos/services/segment-routing/traffic-engineering/tunnel/lsp/ingress/usage/

    • /junos/services/segment-routing/traffic-engineering/tunnel/lsp/transit/usage/

    To provision the sensor to export data through gRPC services, use the telemetrySubscribe RPC.

    Streaming telemetry data through gRPC or gNMI also requires the OpenConfig for Junos OS module.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface), source-packet-routing, and show spring-traffic-engineering lsp detail name name.]

Layer 2 VPN

Layer 3 Features

  • MPC10E interoperates with MS-MPC/MS-MICs for Layer 3 Services (MX240,MX480, and MX960)—Starting in Junos OS Release 20.2, the MPC10E interoperates with MS-MPC/MS-MICs for Layer 3 Services such as active flow monitoring, IPSec, NAT, RPM, and stateful firewall. [See Layer 2 and Layer 3 Features on MX Series Routers.]

Management

  • Error recovery, fault handling, and resiliency support for MX2K-MPC11E (MX2010 and MX2020)—Starting in Junos OS Release 20.2R1, the MX2010 and MX2020 routers with the MX2K-MPC11E line card support error recovery, fault handling, and software resiliency. The MX2K-MPC11E line cards support detecting errors, reporting them through alarms, and triggering resultant actions. To view application-level errors, use the show trace node fpc<#> application fabspoked-pfe command. To check the status of the card, use the show chassis fpc pic-status command. Use the show chassis errors active command to view the fault details and the show system alarm command to view the alarm details.

    [See show chassis fpc pic-status and clear chassis fpc errors.]

MPLS

  • Support to change the default re-merge behavior on the P2MP LSP (MX Series)—Starting with Junos OS Release 20.2R1, you can change the default re-merge behavior on RSVP P2MP LSP. The term re-merge refers to the case of an ingress (headend) or transit node (re-merge node) that creates a re-merge branch intersecting the P2MP LSP at another node in the network. This may occur due to events such as an error in path calculation, an error in manual configuration, or network topology changes during the establishment of the P2MP LSP.

    You can configure the no re-merge behavior on P2MP LSPs by enabling the newly introduced no-re-merge and no-p2mp-re-merge CLI commands at the ingress (headend) and transit devices (re-merge nodes), respectively.

    [See Re-merge Behavior on Point-to-Multipoint LSP Overview.]

  • Support for MPLS ping and traceroute for segment routing (ACX Series, MX Series, and PTX Series)—Starting in Junos OS Release 20.2R1, we extend the MPLS ping and traceroute support for all types segment routing--traffic engineering (SR-TE) tunnels, including static segment routing tunnels, BGP-SR-TE tunnels, and PCEP tunnels.

    We also support the following features:

    • FEC validation support, as defined in RFC 8287, for paths consisting of IGP segments. Target FEC stack contains single or multiple segment ID sub-TLVs. This involves validating IPv4 IGP-Prefix Segment and IGP-Adjacency Segment ID FEC-stack TLVs.

    • ECMP traceroute support for all types of SR-TE paths.

    We do not support the following:

    • Ping and traceroute for SR-TE tunnel for non-enhanced-ip mode.

    • OAM for IPv6 prefix.

    • BFD

    [See traceroute mpls segment-routing spring-te and ping mpls segment routing spring-te.]

  • MPLS support (MX Series routers with MPC10E and MPC11E)—Starting in Junos OS Release 20.2R1, some of the MPLS features are supported on MX Series routers with MPC10E (MPC10E-15C-MRATE and MPC10E-10C-MRATE) and MX2K-MPC11E line cards.

    [See Protocols and Applications Supported by the MPC10E and Protocols and Applications Supported by the MX2K-MPC11E.]

Multicast

  • Fast failover according to flow rate (MX Series with MPC10E or MPC11E line cards)—Starting in Junos OS Release 20.2R1, for routers operating in Enhanced IP Network Services mode, you can configure a threshold that triggers fast failover in next-generation MVPNs with hot-root standby on the basis of aggregate flow rate. For example, fast failover (as defined in Draft Morin L3VPN Fast Failover 05) is triggered if the flow rate of monitored multicast traffic from the provider tunnel drops below the set threshold.

    [See min-rate.]

Network Management and Monitoring

  • SNMP support for multicast LDP MIB objects (MX Series and PTX Series)—Starting in Junos OS Release 20.2R1, Junos OS SNMP extends support for the following multicast LDP MIB tables and objects:

    • mplsMldpInterfaceStatsTable

    • mplsMldpFecUpstreamSessPackets

    • mplsMldpFecUpstreamSessBytes

    • mplsMldpFecUpstreamSessDiscontinuityTime

    The multicast LDP standard MIB builds on the objects and tables that are defined in RFC3815, which only supports LDP point-to-point label-switched paths (LSPs). This multicast LDP MIB provides support for managing multicast LDP point-to-multipoint (P2MP) and multipoint-to-multipoint (MP2MP) LSPs.

    [See Standard SNMP MIBs Supported by Junos OS and SNMP MIB Explorer.]

  • Python 3 support for YANG scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS uses Python 3 to execute YANG action and translation scripts that are written in Python. Junos OS does not support using Python 2.7 to execute YANG Python scripts as of this release.

    [See Understanding Python Automation Scripts for Devices Running Junos OS.]

  • NETCONF sessions over outbound HTTPS (EX Series, MX Series, PTX1000, PTX3000, PTX5000, PTX10001, PTX10002, PTX10008, PTX10016, QFX Series, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX)—Starting in Junos OS Release 20.2R1, the Junos OS with upgraded FreeBSD software image includes a Juniper Extension Toolkit (JET) application that supports establishing a NETCONF session using outbound HTTPS. The JET application establishes a persistent HTTPS connection with a gRPC server over a TLS-encrypted gRPC session and authenticates the NETCONF client using an X.509 digital certificate. A NETCONF session over outbound HTTPS enables you to remotely manage devices that might not be accessible through other protocols, for example, if the device is behind a firewall.

    [See NETCONF Sessions over Outbound HTTPS.]

  • Enhanced on-box monitoring support on the control plane (MX Series and PTX Series)—Starting in Junos OS Release 20.2R1, you can configure traceoptions to track all events related to system-level and process-level memory monitoring. You can also view the history of the actions taken for system-level and process-level memory monitoring by using the show system monitor memory actions command.

Next Gen Services

  • Support for Dual Stack Lite (DS-Lite) Softwires—Starting in Junos OS Release 20.2R1, Dual Stack Lite (DS-Lite) softwires are supported for CGNAT Next Gen Services. DS-Lite allows service providers to migrate to an IPv6 network while continuing to support IPv4 services; even after the exhaustion of the IPv4 address space. You can natively allocate IPv6 addresses to customers while legacy end-user devices accessing the IPv4 Internet remain same. Thus, IPv4 devices continue to access the IPv4 Internet with minimum disruption on their home networks. DS-Lite also de-couples IPv6 deployment in the service provider network from the rest of the Internet, making incremental deployment easier.

    [See DS-Lite Softwires—IPv4 over IPv6 for Next Gen Services.]

  • Support for HTTP Content Manager (HCM)—Starting in Junos OS Release 20.2R1, HTTP Content Manager (HCM) is supported under Next Gen Services. HCM is an application that inspects the HTTP traffic transmitted through port 80 (default) or any other port you use to transmit HTTP traffic. HCM inspects HTTP traffic even if the default port 80 is not used for HTTP traffic and is interoperable with ms, rms, and ams interface types. It supports fragmented HTTP request packets and GET, PUT, and POST requests.

    [See HTTP Content Manager (HCM).]

  • Support for Mapping of Address and Port with Encapsulation (MAP-E) Softwires for CGNAT Next Gen Services—Starting in Junos OS Release 20.2R1, Mapping of Address and Port with Encapsulation (MAP-E) softwires are supported for CGNAT Next Gen Services. MAP-E is an automatic tunneling mechanism tailored for deployment of IPv4 to end users via a service provider's IPv6 network infrastructure. Using MAP-E technology, islands of v4 networks can be connected via v6 tunnels. The IPV4 packets are carried in IPV4-over-IPV6 tunnels from the MAP-E Customer Edge (CE) routers to the MAP-E Border Relay(s) (BR) (through IPV6 routing topology), where they are de-tunneled for further processing. MAP-E can be used by Service Providers to provide IPv4 connectivity to their subscribers over the ISP's IPv6 access network.

    [See Mapping of Address and Port with Encapsulation (MAP-E) for Next Gen Services.]

  • Support for Network Address Translation and Protocol Translation for CGNAT Next Gen Services—Starting in Junos OS Release 20.2R1, Network Address Translation and Protocol Translation (NAT-PT) [RFC2766] are supported for CGNAT Next Gen Services. NAT-PT is a IPv4-to-IPv6 transition mechanism that provides a way for end-nodes in IPv6 realm to communicate with end-nodes in IPv4 realm and vice versa. This is achieved using a combination of Network Address Translation and Protocol Translation.

    [See NAT46 Next Gen Services Configuration Examples.]

  • Support for Port Control Protocol Support (PCP) for DS-Lite for CGNAT Next Gen Services—Starting in Junos OS Release 20.2R1, Port Control Protocol Support (PCP) for DS-Lite is supported for CGNAT Next Gen Services. DS-Lite is a technology which enables a broadband service provider to share IPv4 addresses among customers by combining two well-known technologies: IP in IP (IPv4-in-IPv6) and Network Address Translation (NAT).

    Typically, the home gateway embeds a Basic Bridging BroadBand (B4) capability that encapsulates IPv4 traffic into a IPv6 tunnel to the CGNAT, named the Address Family Transition Router (AFTR). AFTRs are run by service providers.

    PCP allows customer applications to create mappings in a NAT for new inbound communications destined to machines located behind a NAT. In a DS-Lite environment, PCP servers control AFTR devices.

    [See Port Control Protocol Overview.]

Operation, Administration, and Maintenance (OAM)

  • Support for connectivity fault management (CFM) on MPC10E and MX2K-MPC11E—Starting in Junos OS Release 20.2R1, you can configure the IEEE 802.1ag OAM CFM Down maintenance association end points (MEPs) on MPC10E and MX2K-MPC11E to monitor Ethernet networks for connectivity faults.

    Junos OS supports the continuity check messages (CCM) and loopback messages as defined in IEEE 802.1ag.

    [See Configuring Connectivity Fault Management.]

Routing Policy and Firewall Filters

  • ARP policer support on pseudowire interfaces (MX Series)—Starting in Junos OS Release 20.2R1, you can create policers for ARP traffic on pseudowire interfaces. Configure rate limiting for the policer by specifying the bandwidth and the burst-size limit of a firewall policer and attaching the policy to a pseudowire interface, just like you would any other interface. Traffic that exceeds the specified rate limits can be dropped or marked as low priority and delivered when congestion permits.

    In the case of denial of service (DoS) or ARP broadcast storms, ARP policers protect the Routing Engine against malicious traffic intended to degrade the network.

    Apply the ARP policer to a pseudowire interface at the [edit interfaces interface-name unit unit-number family inet policer arp policy-name] level of the hierarchy.

    [See ARP Policer Overview.]

  • Support for P2MP and P2P automatic LSP policers (MX Series)—Starting in Junos OS Release 20.2R1, support for automatic policers on point-to-multipoint (P2MP) label-switched paths (LSPs) is available on MX240, MX480, MX960, MX2010, and MX2020 routers with MPC10E and MPC11E line cards.

    P2MP MPLS LSP is either an LDP-signaled, or RSVP-signaled, LSP with a single source and multiple destinations that can optimize packet replication at the ingress router. With it, packet replication only occurs for packets being forwarded to two or more different destinations requiring different network paths. Automatic LSP policing lets you provide strict service guarantees for network traffic in accordance with the bandwidth configured for the LSPs.

    Also supported with this release are the following features:

    • Graceful Routing Engine switchover (GRES) at the ingress and egress

    • Load balancing over aggregated links

    • P2MP statistics

    • Multiprotocol BGP-based multicast VPNs (or Layer 3 VPN multicast)

    [See Configuring Automatic Policers.]

  • Support for firewall forwarding (MX Series)—Starting in Junos OS Release 20.2R1, the following traffic policers are supported on MX240, MX480, MX960, MX2010, and MX2020 routers with MPC10E or MPC11E line cards:

    • GRE tunnels, including encapsulation (family any), de-encapsulation, GRE-in-UDP over IPv6, and the following sub-options: sample, forwarding class, interface group, and no-ttl-decrement

    • Input and output filter chains

    • Actions, including policy-map filters, do-not-fragment, and prefix

    • Layer 2 policers

    • Policer overhead adjustment

    • Hierarchical policers

    • Shared bandwidth

    • Percentages

    • Logical interfaces

    [See Traffic Policer Types.]

Routing Protocols

  • TI-LFA SRLG protection for IS-IS (MX Series and PTX Series)—Starting in Junos OS Release 20.2R1, you can configure Shared Risk Link Group (SRLG) protection for segment routing to choose a fast reroute path that does not include SRLG links in the topology-independent loop-free alternate (TI-LFA) backup paths. This is in addition to existing fast reroute options such as link-protection, node protection, and fate-sharing protection for segment routing. IS-IS computes the fast reroute path that is aligned with the post-convergence path and excludes the SRLG of the protected link. All local and remote links that are from the same SRLG as the protected link are excluded from the TI-LFA back up path. The point of local repair (PLR) sets up the label stack for the fast reroute path with a different outgoing interface.

    To enable TI-LFA SRLG protection with segment routing for IS-IS, include the srlg-protection statement at the [edit protocols isis interface name level number post-convergence-lfa] hierarchy level.

    [See Understanding Topology-Independent Loop-Free Alternate with Segment Routing for IS-IS.]

  • Support for BGP-LU over SR-TE for color-based mapping of VPN Services (MX Series and PTX Series)—Starting in Junos OS Release 20.2R1, we are extending support to BGP labeled unicast service for color-based mapping of VPN services over Segment Routing-Traffic Engineering (SR-TE). This enables you to advertise BGP-LU IPv6 and IPv4 prefixes with an IPv6 next-hop address in IPv6-only networks where routers do not have any IPv4 addresses configured. With this feature, BGP-LU can now resolve IPv4 and IPv6 routes over SR-TE core. BGP-LU constructs a colored protocol next hop, which is resolved on a colored SR-TE tunnel in the inetcolor.0 or inet6color.0 table. Currently we support BGP IPv6 LU over SR-TE with IS-IS underlay.

    See [Understanding Static Segment Routing LSP in MPLS Networks.]

  • Support for AIGP metric to MED translation (MX2010 and MX2020)—Starting in Release 20.2R1, Junos OS supports the translation of AIGP metric to MED. You can enable this feature when you want the end to end effective AIGP metric in order to choose the best path. Effective AIGP is the AIGP value advertised with the route plus the IGP cost to reach the nexthop. This is especially useful in Inter-AS MPLS VPNs solution, where customer sites are connected via two different service providers, and customer edge routers want to take IGP metric based decision. You can configure a minimum-aigp to prevent unnecessary update of route when effective-aigp changes past the previously known lowest value.

    The following configuration statements are introduced at the [edit protocols bgp group <group-name> metric-out] hierarchy level:

    • effective-aigp to track the effective AIGP metric

    • minimum-effective-aigp to track the minimum effective AIGP metric.

    [See effective-aigp and minimum-effective-aigp.]

  • Support for Layer 2 circuit, Layer 2 VPN, and VPLS services with BGP labeled unicast (MX Series, EX9204, EX9208, EX9214, EX9251, and EX9253 devices)—Starting with Junos OS Release 20.2R1, MX Series, EX9204, EX9208, EX9214, EX9251, and EX9253 devices support BGP PIC Edge protection for Layer 2 circuit, Layer 2 VPN, and VPLS (BGP VPLS, LDP VPLS and FEC 129 VPLS) services with BGP labeled unicast as the transport protocol. BGP PIC Edge using the BGP labeled unicast transport protocol helps to protect traffic failures over border nodes (ABR and ASBR) in multi-domain networks. Multi-domain networks are typically used in metro-aggregation and mobile backhaul networks designs.

    A prerequisite for BGP PIC Edge protection is to program the Packet Forwarding Engine (PFE) with expanded next-hop hierarchy.

    To enable BGP PIC Edge protection, use the following CLI configuration statements:

    • Expand next-hop hierarchy for BGP labeled unicast family:

    • BGP PIC for MPLS load balance nexthops:

    • Fast convergence for Layer 2 circuit and LDP VPLS:

    • Fast convergence for Layer 2 VPN, BGP VPLS, and FEC129:

    [See Load Balancing for a BGP Session.]

  • Support for dynamic peer AS range for BGP groups (ACX Series, MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 20.2R1, you can configure acceptable autonomous system (AS) ranges for EBGP groups that can be used for bringing up BGP peers while establishing a BGP session. BGP accepts a peer request based on the configured AS range and rejects a peer request if the AS does not fall into the specified range. This allows you to control BGP peering when the neighbor’s exact IP address is not known.

    To define peer AS range for BGP groups through policy, you can include the as-list statement at the [edit policy-options] hierarchy level. To include the specified peer AS list, include the peer-as-list peer-as-list statement at the [edit protocols bgp group group-name] hierarchy level.

    See [peer-as-list and as-list.]

  • Support for BGP-SR-TE rearchitecture (MX Series and PTX Series)—Starting in Junos OS Release 20.2R1, Junos OS provides support for controller-based BGP segment routing--traffic engineering (SR-TE) routes to be installed as source packet routing traffic-engineered (SPRING-TE) routes. BGP installs the SR-TE policy in the routing tables bgp.inetcolor.0 and bgp.inet6color.0, and these routes are subsequently installed in the routing tables inetcolor.0 or inet6color.0 by SPRING-TE.

    In releases before Junos OS Release 20.2R1, controller-based BGP SR-TE routes are installed as BGP routes in the routing table. To maintain consistency and for easy maintenance, all SR-TE based routes appear as SPRING-TE routes irrespective of the source.

    You need to enable source-packet-routing at the [edit protocols] hierarchy level to see the routes installed in inetcolor.0 or inet6color.0. A new option detail is introduced under traceoptions (Protocols Spring-TE) to trace the detailed information.

    See [Segment Routing Traffic Engineering at BGP Ingress Peer Overview.]

  • Support for egress protection and BGP PIC features (MX Series Routers with MPC10E and MPC11E)—Starting in Junos OS Release 20.2R1, you can configure the following egress link protection and BGP Prefix Independent Convergence (PIC) features on MX Series devices with MPC10E and MPC11E.

    • Egress protection for BGP labeled unicast —Fast protection for egress nodes is available to services in which BGP labeled unicast interconnects IGP areas, levels, or autonomous systems (ASs). If a provider router detects that an egress router (AS or area border router) is down, it immediately forwards the traffic destined to that router to a protector router that forwards the traffic downstream to the destination.

    • Provider-edge link protection for BGP labeled unicast paths—You can configure a precomputed protection path in a Layer 3 VPN such that if a BGP labeled-unicast path between an edge router in one AS and an edge router in another AS goes down, you can use the protection path (also known as the backup path) between alternate edge routers in the two ASs. This is useful in a carrier-of-carriers deployments, where a carrier can have multiple labeled-unicast paths to another carrier. In this case, the protection path avoids disruption of service if one of the labeled-unicast paths goes down.

    • BGP PIC for inet —We’ve extended the BGP Prefix Independent Convergence (PIC) support to BGP with multiple routes in the global tables such as inet and inet6 unicast, and inet and inet6 labeled unicast. When you enable the BGP PIC feature on a router, BGP installs to the Packet Forwarding Engine the second best path in addition to the calculated best path to a destination. When an IGP loses reachability to a prefix, the router uses this backup path to reduce traffic loss until the global convergence through BGP is resolved, thereby drastically reducing the outage duration.

    • BGP (PIC Edge for RSVP —With BGP PIC Edge in an MPLS VPN network, IGP failure triggers a repair of the failing entries and causes the Packet Forwarding Engine to use the prepopulated protection path until global convergence has re-resolved the VPN routes. The convergence time is no longer dependent on the number of prefixes. When RSVP receives a tunnel down notification at the ingress PE router, it sends a notification to the Packet Forwarding Engine to start making use of the tunnel to the alternate egress PE router.

    [See Egress Protection for BGP Labeled Unicast ,Understanding Provider Edge Link Protection for BGP Labeled Unicast Paths, Use Case for BGP PIC for Inet, and show rsvp version.]

Services Applications

  • Interoperability of MPC10E with MS-MPC and MS-MIC for Layer 3 Services ( MX240, MX480,and MX960)—Starting in Junos OS Release 20.2R1, the MPC10E-15C-MRATE interoperates with MS-MPC and MS-MIC-16G to support the following Layer 3 Services:

    • Stateful firewall

    • NAT

    • IPSec

    • RPM

    • MS-MPC/MS-MIC based Inline flow monitoring services

  • Support for RFC 2544-based benchmarking tests (MX Series routers with MPC10E and MX2K-MPC11E)—Junos OS Release 20.2 extends support for the reflector function and the corresponding RFC 2544-based benchmarking tests on MX240, MX480, and MX960 routers with MPC10E (MPC10E-15C-MRATE and MPC10E-10C-MRATE) and MX2010 and MX2020 routers with MX2K-MPC11E. The RFC 2544 tests are performed to measure and demonstrate the service-level agreement (SLA) parameters before activation of the service. The tests measure throughput, latency, frame loss rate, and back-to-back frames.

    RFC 2544-based benchmarking tests on MX Series routers support the following reflection functions:

    • Ethernet pseudowire reflection (ingress and egress direction) (ELINE service—supported for family ccc)

    • Layer 2 reflection (egress direction) (ELAN service—supported for family bridge, vpls)

    • Layer 3 IPv4 reflection (limited support)

    To run the benchmarking tests on the MX Series routers, you must configure reflection (Layer 2 or pseudowire) on the supported MPC. To configure the reflector function on the MPC, use the fpc fpc-slot-no slamon-services rfc2544 statement at the [edit chassis] hierarchy level.

    [See Understanding RFC2544-Based Benchmarking Tests on MX Series Routers].

  • Support for random load balancing (MX Series routers with MPC10E and MX2K-MPC11E)—Starting in Junos OS Release 20.2R1, you can configure per packet random load balancing on MX240, MX480, and MX960 routers with MPC10E (MPC10E-15C-MRATE and MPC10E-10C-MRATE) and MX2010 and MX2020 routers with MX2K-MPC11E. Per-packet random spray load balancing ensures that the members of ECMP are equally loaded without taking bandwidth into consideration. Random load balancing also eliminates traffic imbalance that occurs as a result of software errors, except for packet hash.

    To configure random load balancing on the MPC, include the load-balance random statement at the [edit policy-options policy-statement policy-name term term-name then] hierarchy level.

    [See Understanding the Algorithm Used to Load Balance Traffic on MX Series Routers].

  • Support for static IP tunnels (MX Series routers with MPC10E and MX2K-MPC11E)—Starting in Junos OS Release 20.2R1, MX240, MX480, and MX960 routers with MPC10E (MPC10E-15C-MRATE and MPC10E-10C-MRATE) and MX2010 and MX2020 routers with MX2K-MPC11E support static IP tunnels with:

    • Encapsulation support of the following types:

      • IPv4-over IPv4

      • IPv6-over-IPv4

      • IPv4-over-IPv6

      • IPv6-over-IPv6

    • Scaling upto 4000 tunnels per PIC

    • Graceful Routing Engine switchover (GRES)

Software-Defined Networking (SDN)

  • Manual (PIM-based) VXLAN support (MPC10 and MPC11 line cards with MX2010 and MX2020)—Starting in Junos OS Release 20.2R1, the MX2010 and MX2020 routers with MPC10 and MPC11 line cards installed support manual (PIM-based) VXLAN.

    [See Understanding VXLANs.]

  • GNFs with MX-SPC3 support carrier-grade NAT services over abstracted fabric interfaces (MX480 and MX960)—Starting in Junos OS Release 20.2R1, guest network functions running Next Gen Services with the MX-SPC3 card support carrier-grade NAT services.

    The support includes the following:

    • NAT translation types—dnat-44, dynamic-nat44, basic-nat44, basic-nat66, twice-basic-nat-44, twice-dynamic-nat44, deterministic NAT. Support for interface and next-hop style service sets, EIM/EIF, PBA, XLAT464, and port forwarding are available. Support for basic-nat44, basic-nat66 over layer 3 VPN is also available.

    • SIP and RTSP Application Layer Gateways

    • carrier-grade events logging, using the Junos Traffic Vision (J-Flow).

    • Class of service (CoS)

    Note

    To support the services traffic over abstracted fabric interfaces, a GNF that has an MX-SPC3 card assigned to it must also have a line card linked to it.

    [See Junos OS Carrier-Grade NAT Implementation Overview.]

  • GNFs with MX-SPC3 support various services over abstracted fabric interfaces (MX480 and MX960)—Starting in Junos OS Release 20.2R1, guest network functions (GNFs) running Next Gen Services with the MX-SPC3 card support the following services over abstracted fabric interfaces:

    • DNS filtering to identify DNS requests for blacklisted website domains.

    • URL filtering to determine which Web content is not accessible to users.

    To support the services traffic over abstracted fabric interfaces, a GNF that has an MX-SPC3 card assigned to it must also have a line card linked to it.

    [See DNS Request Filtering for Blacklisted Website Domains and Configuring URL Filtering]

Subscriber Management and Services

  • RADIUS-sourced connection status updates to CPE devices (MX Series)—Starting in Junos OS Release 20.2R1, you can use RADIUS-sourced messages to convey information, such as upstream bandwidth or connection rates, that the BNG transparently forwards to CPE devices. Configure RADIUS to send the router the Juniper Networks Connection-Status-Message VSA (26-4874–218) in Access-Accept or CoA messages. Include the lcp-connection-update PPP option in the client dynamic profile to enable PPP to send the VSA contents to the CPE device in the Connection-Status-Message option of an LCP Connection-Update-Request message.

    [See RADIUS-Sourced Connection Status Updates to CPE Devices.]

  • Identifying dynamic profile versions with version aliases (MX Series)—Starting in Junos OS Release 20.2R1, you can use the versioning-alias statement to configure a text description that identifies a particular variation of a dynamic client profile. The version alias is conveyed to the RADIUS server in the Access-Accept message in the Juniper Networks Client-Profile-Name VSA (26–4874–174).

    [See Versioning for Dynamic Profiles.]

  • IPFIX support for per-subscriber queue statistics (MX Series)—Starting in Junos OS Release 20.2R1, you can configure the input-jti-ipfix plug-in to collect per–subscriber interface queue statistics. The output ipfix-plugin can then export the statistics as IPFIX template and data records.

    [See Telemetry Data Collection on the IPFIX Mediator for Export to an IPFIX Collector.]

  • Junos Multi-Access User Plane support (MX204, MX10003)—Starting with Junos OS Release 20.2R1, you can configure Junos Multi-Access User Plane on MX204 and MX10003 routers. Junos Multi-Access User Plane is a software solution that turns your MX Series router into a high-capacity user plane function called a System Architecture Evolution Gateway-User Plane (SAEGW-U). This MX Series SAEGW-U interoperates with a third-party SAEGW-C (control plane function), according to the 3GPP Release 14 Control User Plane Separation (CUPS) architecture, to provide high-throughput 4G fixed-wireless access service. CUPS enables independent scaling of the user and control planes, network architecture flexibility, operational flexibility, and an easier migration path from 4G to 5G services. The CUPS architecture is optional for 4G but inherent in 5G architecture.

    [See Junos Multi-Access User Plane User Guide.]

System Logging

  • Support to track the maximum number of routing and forwarding (RIB/FIB) routes and VRFs (MX Series and PTX Series)—Starting in Junos OS Release 20.2R1, you can track and display the high-water mark data of routing and forwarding (RIB/FIB) table routes and VRFs in a system (RPD) using the show route summary CLI command. High-water mark refers to the maximum number of routing and forwarding (RIB/FIB) table routes and VRFs that was present in the RPD system. The high-water mark data can also be viewed in the syslog at the LOG_NOTICE level.

    You can configure the interval of the high-water mark data using the highwatermark-log-interval CLI configuration statement at the [edit routing-options] hierarchy level. The minimum time gap at which the high-water mark data logged in the syslog is 30 seconds. You can configure the value for highwatermark-log-interval CLI configuration statement between 5 to 1200 seconds.

    [See routing-options and show route summary.]

System Management

  • Support for the G.8275.1 Profile (MX10008 and MX10016 with line card JNP10K-LC2101)—Starting in Junos OS Release 20.2R1, we support ITU-T G.8275.1 Full path Timing Support (FTS) Profile and G.8273.2 Telecom Boundary Clock. The G.82751.5 Profile is a phased profile that operates with PTP-based packet exchange for Phase and Time recovery, and Synchronous-Ethernet-based based frequency recovery (also called Synchronous-Ethernet-based assisted PTP mode of operation). This profile is required in TDD application deployment in both 4G and 5G networks.

    The PTP operation must be two-way in this profile in order to transport phase/time synchronization because propagation delay must be measured. Hybrid mode must be enabled for the G.8275.1 profile.

    [See profile-type.]

Virtual Chassis

  • MX Series Virtual Chassis support for the ephemeral database (MX480 and MX960)—Starting in Junos OS Release 20.2R1, MX Series Virtual Chassis support configuring the ephemeral database. The ephemeral database is an alternate configuration database that provides a fast programmatic interface for performing configuration updates on devices running Junos OS.

    [See Understanding the Ephemeral Configuration Database.]

What's Changed

Learn about what changed in Junos OS main and maintenance releases for MX Series routers.

What’s Changed in Release 20.2R2

EVPN

  • New output flag for the show bridge mac-ip table command (MX Series)—The Layer 2 address learning process does not send updated MAC and IP address advertisements to the routing protocol process when an IRB interface is disabled in an EVPN-VXLAN network. We have added the NAD flag in the output of the show bridge mac-ip-table command to identify the disabled IRB entries where the MAC and IP address advertisement will not be sent.

    [See show bridge mac-ip-table.]

  • Warning message for proxy MAC advertisement (MX Series)—When proxy-macip-advertisement is enabled, the Layer 3 gateway advertises MAC and IP routes (MAC+IP type 2 routes) on behalf of Layer 2 VXLAN gateways in EVPN-VXLAN networks. This behavior is not supported on EVPN-MPLS. Starting in Junos OS Release 20.2R2, the warning message, WARNING: Only EVPN VXLAN supports proxy-macip-advertisement configuration, appears when you enable proxy-macip-advertisement. The message appears when you change your configuration, save your configuration, or use the show command to display your configuration.

    [See proxy-macip-advertisement.]

General Routing

  • MS-MPC and MS-MIC service package (MX240, MX480, MX960, MX2008, MX2010, and MX2020)—PICs of MS-MPC and MS-MIC do not support any other service package than extension-provider. These PICs always come up with the extension-provider service-package, regardless of the configuration. If you try to configure any other service package for these PICs by using the command set chassis fpc slot-number pic pic-number adaptive-services service-package, an error is logged. Use the show chassis pic fpc-slot slot pic-slot slot command to view the service package details of the PICs of MS-MPC and MS-MIC.

    [See extension-provider.]

  • Round-trip time load throttling for pseudowire interfaces (MX Series)—The Routing Engine supports round-trip time load throttling for pseudowire (ps) interfaces. In earlier releases, only Ethernet and aggregated Ethernet interfaces were supported.

    [See Resource Monitoring for Subscriber Management and Services.]

  • Changes to Junos XML operational RPC request tag names (MX480)—Starting in Junos OS Release, we've updated the Junos XML request tag name for the below operational RPCs. The changes include:

    • <get-security-associations-information> is changed to <get-re-security-associations-information>.

    • <get-ike-security-associations-information> is changed to <get-re-ike-security-associations-information>.

    [See Junos XML API Operational Developer Reference.  ]

High Availability (HA) and Resiliency

  • IPv6 address in the prefix TIEs displayed correctly—The IPv6 address in the prefix TIEs are displayed correctly in the show rift tie output.

Infrastructure

  • Change in support for interface-transmit-statistics statement (MX Series)—You cannot configure aggregated Ethernet interfaces to capture and report the actual transmitted load statistics by using the interface-transmit-statistics statement. Aggregated Ethernet interfaces do not support reporting of the transmitted load statistics. In Junos OS Release 20.2R2, the interface-transmit-statistics statement is not supported in the aggregated Ethernet interfaces hierarchy. In earlier releases, the interface-transmit-statistics statement was available in the aggregated Ethernet interfaces hierarchy but not supported.

    [See interface-transmit-statistics.]

Routing Protocols

  • Advertising 32 secondary loopback addresses to traffic engineering database as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, multiple secondary loopback addresses in the traffic engineering database were added to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised as router IDs.

Subscriber Management and Services

  • Improved tunnel session limits display (MX Series)—Starting in Junos OS Release 20.2R2, the show services l2tp tunnel extensive command displays the configured value for maximum tunnel sessions. On both the LAC and the LNS, this value is the minimum from the global chassis value, the tunnel profile value, and the value of the Juniper Networks VSA, Tunnel-Max-Sessions (26–33). On the LNS, the configured host profile value is also considered.

    In earlier releases, the command displayed the value 512,000 on the LAC and the configured host profile value on the LNS.

    [See Limiting the Number of L2TP Sessions Allowed by the LAC or LNS.]

What’s Changed in Release 20.2R1

Class of Service (CoS)

  • We’ve corrected the output of the show class-of-service interface | display xml command. Output of the following sort: <container> <leaf-1> data </leaf-1><leaf-2>data </leaf-2> <leaf-3> data</leaf-3> <leaf-1> data </leaf-1> <leaf-2> data </leaf-2> <leaf-3> data </leaf-3> </container> will now appear correctly as <container> <leaf-1> data </leaf-1><leaf-2>data </leaf-2> <leaf-3> data</leaf-3></container> <container> <leaf-1> data </leaf-1> <leaf-2> data </leaf-2> <leaf-3> data </leaf-3> </container>.

General Routing

  • Support for full inheritance paths of configuration groups to be built into the database by default (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting with Junos OS Release 20.2R1, the persist-groups-inheritance option at the [edit system commit] hierarchy level is enabled by default. To disable this option, use no-persist-groups-inheritance.

    [See commit (System).]

  • Install or activate the RIFT package to include the request rift package activate-as-top-of-fabric option—Install or activate the RIFT package to include the request rift package activate-as-top-of-fabric option. This option is same as the activate option but it adds additional configuration to act as a top-of-fabric node.

  • Command to view summary information for resource monitor (EX9200 line of switches and MX Series)—You can use the show system resource-monitor command to view statistics about the use of memory resources for all line cards or for a specific line card in the device. The command also displays information about the status of load throttling, which manages how much memory is used before the device acts to reduce consumption.

    [See show system resource-monitor and Resource Monitoring for Subscriber Management and Services.]

Juniper Extension Toolkit (JET)

  • PASS keyword required for Python 3 JET applications (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—If you are writing a JET application using Python 3, include the PASS keyword in the Exception block of the script. Otherwise, the application throws an exception when you attempt to run it.

    [See Develop Off-Device JET Applications and Develop On-Device JET Applications.]

  • Updates to IDL for RIB service API bandwidth field (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The IDL for the RouteGateway RIB service API has been updated to document additional rules for the bandwidth field. You must set bandwidth only if a next hop has more than one gateway, and if you set it for one gateway on a next hop, you must set it for all gateways. If you set bandwidth when there is only a single usable gateway, it is ignored. If you set bandwidth for one or more gateways but not all gateways on a next hop, you see the error code BANDWIDTH_USAGE_INVALID.

    [See Juniper EngNet.]

Network Management and Monitoring

  • Support for new SNMP object for the ifJnx MIB—Starting in Junos OS Release 20.2R1, we introduce a new SNMP object, ifJnxInputErrors, that tracks all input errors except the L3 incomplete errors. The ifJnxInErrors object continues to track the L3 incomplete errors.

  • Support for Clearing the Event at MEP Level (MX Series)—In Junos OS 20.2R1, you can define an action profile for connectivity fault management at the local MEP level or at the remote MEP level. You define an action profile to monitor events and thresholds and specify an action that the device performs when the configured event occurs. When you define the action profile at the local MEP level, you can clear the event for the configured action profile at the local MEP level by specifying only the local MEP numeric identifier. When you define the action profile at the remote MEP level, you can clear the event for the configured action profile at the remote MEP level by specifying the local MEP numeric identifier as well as the remote MEP numeric identifier.

    See [clear oam ethernet connectivity-fault-management event.]

  • Request support information for IPsec function (MX Series)—Starting in Release 20.2R1, Junos OS introduces ipsec-vpn option to the existing request support information command. The request support information ipsec-vpn command displays all the configurations, states, and statistics at Routing Engine and Service Card level. This new option helps in debugging IPsec-VPN related issues. The information collection is streamlined and reduces the output file size.

    See [Request support information.]

  • Junos OS only supports using Python 3 to execute YANG Python scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS uses Python 3 to execute YANG action and translation scripts that are written in Python. In earlier releases, Junos OS uses Python 2.7 to execute these scripts.

    [See Understanding Python Automation Scripts for Devices Running Junos OS.]

Services Applications

  • New option for configuring delay in IPSec SA installation—In Junos OS Releases 20.2R1 and 20.2R2, you can configure the natt-install-interval seconds option under the [edit services ipsec-vpn rule rule-name term term-name then dynamic] hierarchy to specify the duration of delay in installing IPSec SA in a NAT-T scenario soon after the IPSec SA negotiation is complete. The default value is 0 seconds.

Software-Defined Networking (SDN)

  • JDM install and configuration do not impact host SNMP—Starting in Junos OS Release 20.2R1, JDM does not write any configuration to the host SNMP configuration file (/etc/snmp/snmpd.conf). Hence, JDM installation and subsequent configuration do not have any impact on the host SNMP. The SNMP configuration CLI command in JDM is used only to configure JDM's snmpd.conf file, which is present within the container.

    [See SNMP Trap Support: Configuring NMS Server (External Server Model).]

Known Limitations

Learn about known limitations in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • On the MPC11E line card, the number-of-sub-ports configuration on the 4x10GbE channelized ports might cause the channels to go down. PR1442439

  • On the MPC11E line card, the following error messages are seen when the line card is online: i2c transaction error (0x00000002). PR1457655

  • The MPC11E line card might take additional time to come during the movement from one GNF to another GNF. PR1469729

  • On the MX204 or MX10003 router, BFD or LACP might flap during the BGP convergence. PR1472587

  • Dynamic SR-TE tunnels do not get automatically re-created at the new master Routing Engine after the Routing Engine switchover. PR1474397

  • Packet Forwarding Engine lookup loop occurs when the firewall based re-direction under forwarding-options is used to perform route-lookup in a non-default routing instance for destinations reachable over MPLSoUDP tunnels. PR1478000

  • The following messages might be seen when MTU is configured: SNMP_TRAP_LINK_DOWN. PR1486542

  • The rpd core files might be generated in the absence of an explicit route-distinguisher configuration. PR1486922

  • Junos Traffic Vision gets the interface values (for example, state, counters, and in-unicast-pkts) from the Packet Forwarding Engine and sends them to the remote client (collectors). This value will be different in the output of the show interfaces command after the clear interfaces statistics all command is run because this command does not clear up counters on the Packet Forwarding Engine. PR1488758

  • It takes nearly 20 minutes to display IP-IP tunnel statistics on the backup Routing Engine after GRES at full scale of 4000 tunnels. PR1489067

  • Packets do not get fragmented based on FTI interface MTU in the data path. PR1489526

  • Traffic drop of around 2.5 seconds on switchover from primary physical interface is observed to back up FTI interface with the scaled routes. PR1490070

  • Sequence numbers (initial-sync and regular streaming) are in incorrect order when multiple collectors are present. The initial-sync sequence number (2097152) might appear after the regular streaming sequence number. PR1490798

  • BSID scaling limits for IPv6 policies are 16,000 per ECMP. PR1495330

  • The ppmd restart does not clear the active RFC2544 reflection sessions. PR1499285

  • Active reflection sessions are not aborted when the delete interfaces + delete services configuration is committed. PR1499628

  • One hundred percent traffic drop at tunnel destination is observed if fragmentation is enabled when the incoming packet size is greater than the egress WAN MTU. PR1505209

  • The npc process crashes at cmtfpc_mic_neo_state_check (mic_env=< optimized out>, mic_slot=< optimized out>) at ../../../../src/pfe/common/applications/cmt/jam/cmtfpc_pic_npc_jam.c:4808. PR1538131

High Availability (HA) and Resiliency

  • Unsupported hardware for unified ISSU (MX240, MX480, MX960, MX10003, and PTX3000)—The following cards do not support unified ISSU upgrading to Junos OS Release 20.2R1:

    • MPC7E-MRATE

    • MPC8E with MRATE MIC

    • MPC9E with MRATE MIC

    • MPC10E-10C-MRATE

    • MPC10E-15C-MRATE

    • PTX5000 with 24-Port 10-Gigabit Ethernet, 40-Gigabit Ethernet PIC with QSFP+ or 15-Port 10-Gigabit, 40-Gigabit Ethernet, 100-Gigabit Ethernet PIC with QSFP28

    • MX10003 with QSFP28 Ethernet TIC

Infrastructure

  • On Juniper networks Routing Engines with Hagiwara CompactFlash card installed, after the upgrade to Junos OS Release 15.1 and later, the following error message might appear: smartd[xxxx]: Device: /dev/ada1, failed to read SMART Attribute Data. PR1333855

Interfaces and Chassis

  • Session fails to come up after the outer tag pop when ingress and egress logical interfaces are on the same Packet Forwarding Engine. PR1487351

  • On the MPC10 or MPC11 line card, the convergence goes up to 38 seconds for a highly scaled configuration. PR1519373

MPLS

  • The P2MP branches stay on bypass even after the link becomes functional after failure. PR1486813

  • After enabling the MPLS p2mp-lsp no-re-merge set protocols on ingress, the P2MP branches fail to come up. PR1487007

  • Branches does not select the common ASBR from the available list with the single-asb command enabled after the common ASBR failure. PR1490637

Network Management and Monitoring

  • On the MPC11E line card, the following trap message is not observed after a LC reboot when the scaled interfaces are present :SNMP Link up. PR1507780

Platform and Infrastructure

  • PIM join message (S,G) might not be created after GRES. PR1457166

  • Unknown unicast filter applied in the EVPN routing instance blocks the unexpected traffic. PR1472511

  • Even after subscribing to /junos/system/linecard/firewall/, starting the GNMI decoder and performing negative interface triggers the subscription and the remaining TCP sessions. PR1477790

Open Issues

Learn about open issues in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • The following syslog error message is observed: cosd[10290]: LIBCOS_COS_ATTRIBUTE_RETRIEVE_FAILED: FAILED to retrieve cos field (cos_fc_defaults_0_fc_no_loss). PR1470252

  • The mpls-inet-both-non-vpn command does not work as expected. PR1479575

  • When an interface attached to the aggregated Ethernet interface is decoupled and an IP address is assigned to it, ARP resolution issues are seen. PR1504287

EVPN

  • The VXLAN OAM host-bound packets are not throttled with DDoS policers. PR1435228

  • no-arp-suppression is required for MAC learning across the EVPN domain on the static VTEP. PR1517591

  • VLAN ID information is missed while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from instance-type EVPN to instance-type virtual-switch. PR1547275

  • BUM traffic might be dropped in the EVPN-VXLAN setup. PR1525888

  • In the MX480 router, the following error message is observed: Expected EVPN Type5 Routes :4 is NOT same as Actual EVPN Type5 Routes :0]. PR1535353

Forwarding and Sampling

  • For Junos OS Releases 18.4R1 and 18.3R2, if the IPv4 prefix is added on a prefix-list referred by the IPv6 firewall filter, the following log message is not seen: Prefix-List [Block-Host] in Filter [Protect_V6] not having any relevant prefixes , Match [from prefix-list Block-Host] might be optimized. PR1395923

  • The following syslog error message might be seen if the SSD hardware fails: rpd[2191]: krt_flow_dfwd_open,8073: Failed connecting to DFWD, error checking reply - Operation timed out. PR1397171

  • After restarting the router, the remote mask sent by the routing daemon might be different from the existing remote mask that the Layer 2 learning daemon had prior to restart. These remote mask indicates from which remote PE devices the xMAC IP addresses are learned. This causes a mismatch between the Layer 2 learning and routing daemons interpretation as to where the MAC IP address entries are learned, either local or remote, leading to the MAP IP table being out of synchronization. PR1452990

  • The srrd process might crash in a high route churns scenario or if the process flaps. PR1517646

General Routing

  • The rpd process leaks memory due to repeated deletion of the RSVP RSB (reservation state block). PR1115686

  • Performance of the Intel X710 NIC is lower compared to the performance of the Intel 82599 NIC. This issue occurs because 10-Gbps rate is achieved at 512-byte packet size for X710 NICs, whereas the same is achieved at 256 bytes for 82599 NICs. PR1281366

  • The host root file system and the node boots with the previous vmhost software instead of the alternate disk. PR1281554

  • The chained CNH feature does not bring in a lot of gain because TCNH is based on an ingress rewrite premise. Without this feature, things work just fine. PR1318984

  • With regard to FPC restarts or Virtual Chassis splits, the design of MX Series Virtual Chassis infra relies on the integrity of the TCP connections. The reactions to failure situations might not be handled gracefully, resulting in TCP connection timeouts because of jlock hog crossing the boundary value (5 seconds), which causes bad consequences in MX Series Virtual Chassis. Currently, there is no other easy solution to reduce this jlock hog besides enabling marker infra in the MX Series Virtual Chassis setup. PR1332765

  • In an MS-MPC or MS-MIC in ALG scenario, the MAC_STUCK message might be observed and traffic might be dropped. PR1335956

  • The following error messages are observed with Junos OS Release 17.3 throttle image: localttp_offload_tx_errcheck: failed to send packet 4 times in last one second. PR1359149

  • On the MX204 and MX10003 routers, the following garbage value on syslog messages from craftd demon is observed: craftd[xxxx]: fatal error, failed to open smb device: JÎÈ. PR1359929

  • On the MX2010 and MX2020 routers equipped with SFB2, some error logs might be seen. PR1363587

  • A few xe interfaces go down with the following error message: if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840

  • The virtio throughput remains the same for the multiqueue and single-queue deployments. PR1389338

  • CPU performance might become slow. PR1399369

  • The FPC process generates core files under certain circumstances on the addition and deletion of hierarchical CoS from the pseudowire devices. PR1414969

  • Traffic statistics are not displayed for the hybrid access gateway session and tunnel traffic. PR1419529

  • With the HTTP header enrichment function enabled, the processing of the window scaling option significantly reduces the performance of HTTP sessions from 65 Mbps to less than 40 Mbps, which results in decrease of traffic throughput. The download rate also drops. PR1420894

  • Dynamic tunnel summary displays wrong count of up and total tunnels. PR1429949

  • Layer 2 over GRE is not supported in Junos OS Release 19.3R1. Even though the configuration gets committed, the feature does not work. PR1435855

  • The FPC process might crash when the Packet Forwarding Engine memory exhausts. PR1439012

  • Interface hold-down timers cannot be achieved for less than 15 seconds on the MPC11E line card. PR1444516

  • The vehostd application fails to generate a minor alarm. PR1448413

  • Physical interface policers are not supported in Junos OS Release 19.3 for the MPC11 line card. PR1452963

  • On the MPC11E line card, the FIB download rates are lower than the rates on the MPC10E line card by 30 percent. PR1456816

  • After more than 2 million multicast subscribers are activated without performing GRES or bbe-smgd restart, further multicast subscribers might be unable to log in. PR1459340

  • The following CDA error message is observed: LkupAsicClient: Index Dmem block read failed, PFE:0.0. PR1459665

  • Need to add the backport jemalloc profiling CLI support to all Junos OS releases where jemalloc is present. PR1463368

  • For the MPC10E line card, the IS-IS and micro-BFD sessions do not come up during baseline. PR1474146

  • Dynamic SR-TE tunnels do not get automatically re-created at the new master Routing Engine after the Routing Engine switchover. PR1474397

  • Expected number of 512,000 MAC entries are not re-learned in the bridge table after clearing 512,000 MAC entries from the table. PR1475205

  • On the MX480 router, the following error message is seen after restore or removal with IP or MPLS configurations: [Error] L2alm : l2alm_mac_process_hal_delete_msg:667 Ignoring MAC delete with ifl index 355, fwd_entry has 7888. PR1475785

  • A 64-bit cMGD should be used if cMGD is running on a 64-bit OS to avoid random issues. PR1481335

  • Invalid packets are dropped by dut with TCC encapsulation configuration as intended but the statistics counters get incremented. PR1481698

  • The vmcore process crashes sometimes along with the mspmand process on MS-MPC or MS-MIC if large-scale traffic flows are processed. PR1482400

  • The following critical syslog error messages at FPC3 user.crit aftd-trio are seen during baseline: [Critical] Em: Possible out of order deletion of AftNode #012#012#012 AftNode details - AftIndirect token:230791 group:0 nodeMask:0xffffffffffffffff indirect:333988 hwInstall:1#012. PR1486158

  • Login or logout of high scale (around 1 million bearers) causes some sessions not to re-login. PR1489665

  • On the MX2000 router, support for PSM firmware upgrade is required. PR1489939

  • Need to add support for PSM firmware upgrade in utility. PR1489967

  • On the MPC10 line card, AFT crash is seen at std::default_delete< AftTermAction>::operator() (this=< optimized out>, __ptr=0x7fb0bc5d5910) at /volume/evo/files/opt/poky/2.2.1-22/sysroots/core2-64-poky-linux/usr/include/c++/6.2.0/bits/unique_ptr.h:76. PR1491527

  • On the MPC7E/, MPC8E, MPC9E, and MPC10E line cards, JNP10K-LC2101, MX204 and MX10003 routers, the following error message is observed: unable to set line-side lane config (err 30). PR1492162

  • The Delta PSM firmware upgrade status is incorrectly displayed. PR1493045

  • On the MX2020 router, the AER image for non-correctable or correctable PCI error is needed. PR1493065

  • Component sensor does not export data under components CB0 or CB1 in the expected time. PR1493579

  • The backup Routing Engine reboots because of power cycle or failure when the offline and online operations are performed on CB1. PR1497592

  • The MPC11 line card is not supported in Junos OS Release 19.4. PR1503605

  • For EVPN VXLAN feature verification, the set chassis loopback-dynamic-tunnel command is used. PR1509690

  • On the MPC11 line card, dfw crash is seen after removing and restoring configurations on the backup Routing Engine. PR1512770

  • Sometimes external 1 pps cTE is slightly above Class B requirement of the ITU-T G.8273.2 specification. PR1514066

  • On the MX960 router, expected traffic is not received with multicast and PIM scaling configurations. PR1514646

  • On the MPC10E line card, normal discards are seen with multicast groups at the Steady state. PR1516732

  • The BFD sessions might flap continuously after disruptive switchover followed by GRES. PR1518106

  • On the MX960 routers, the show interfaces redundancy rlt0 statement shows current status as primary down as FPC is still in the Ready state after rlt failover (restart FPC). PR1518543

  • Subscribers are not logged out after the AGT test stops. PR1531415

  • The accounting interim-updates for subscriber does not work after GRES and subsequent reboot of FPCs in the node-slicing setup. PR1539474

  • On the MX480 routers, in an EVPN VLAN scenario, the set routing-instances protocols evpn mac-table-aging-time 30 statement does not work. PR1543238

  • The speed command cannot be configured under the interface hierarchy on an extended port when MX204 or MX10003 router works as an aggregation device. PR1529028

  • Services process mspmand leaks memory in relation to MX telemetry, reporting RLIMIT_DATA exceed. PR1540538

  • Even though enhanced-ip is active, the following alarm is observed during ISSU: RE0 network-service mode mismatch between configuration and kernel setting.PR1546002

  • The following leak is observed during the period of churn for the sensor group bound to RSVP P2MP tunnels: SENSOR APP DWORD. PR1547698

  • SNMP index in the Packet Forwarding Engine reports as 0, causing sFlow to report either IIF or OIF (not both) as 0 in the sFlow record data at the collector. PR1484322

  • The BGP session with VRRP virtual address used might not come up after flapping. PR1523075

  • The NPC process crashes at cmtfpc_mic_neo_state_check (mic_env=< optimized out>, mic_slot=< optimized out>) at ../../../../src/pfe/common/applications/cmt/jam/cmtfpc_pic_npc_jam.c:4808. PR1538131

  • Subscriber might not come up on some dynamic VLAN ranges in an subscriber management environment. PR1541796

  • Plane offline IPC of chassisd might time out on the MX devices with MPC11E line cards. PR1546449

  • The PPPoE subscribers login failure might happen. PR1551207

High Availability (HA) and Resiliency

  • During ZPL ISSU traffic loss is seen with the IGP or BGP protocol session. PR1487144

Infrastructure

  • The following error message is observed continuously in AD with base configurations: IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) failed. PR1485038

  • HSRPv2 IPV6 packets might get dropped if IGMP-snooping is enabled. PR1232403

Interfaces and Chassis

  • The cfmd process might continuously crash after the upgrade. PR1281073

  • The SFP index in the Packet Forwarding Engine starts at 1, while the port numbering starts at 0. This causes confusion in the log analysis. PR1412040

  • Changing the framing modes on a CHE1T1 MIC between E1 and T1 on an MPC3E NG HQoS line card causes the PIC to go offline. PR1474449

  • MPLS VPN label points to the discard next hop after a Routing Engine switchover without NSR if the egress interface is pp0. PR1488302

  • Input and output bytes count mismatch is observed in the IPv6 traffic statistics while issuing the show interface extensive command. PR1505100

  • LB fails to MIP on VT with a default md. PR1516583

  • The following error message is observed while removing or adding configurations: xolo-FPC0 ppman: [Error] CTRL:RPC:: Cos8021pRwTableCb)::< lambda: RPC to Aftman CoS FC table request failed for key:16783744 iflIndex:23238 status:Invalid argument. PR1527032

  • After DUT with MPC10 or MPC11 line card takes over as vrrp master-some, the logical interface undergoes 100 seconds of traffic loss. PR1519374

  • The following the commit error is observed while trying to delete unit 1 logical systems interfaces: ae2.1: Only unit 0 is valid for this encapsulation. PR1547853

Layer 2 Ethernet Services

  • DHCP declined packets are not forwarded to the DHCP server when forward-only is set within dhcp-reply. PR1429456

MPLS

  • Aggressive switchovers due to MBB or CSPF computations causes traffic loss on all branches of the tree even if a single branch fails to come up due to remerge detection on the transit router. PR1487916

  • The GRES or NSR Routing Engine switchovers followed by restart routing on the master Routing Engine does not honor the remerge behavior. PR1489168

Platform and Infrastructure

  • In configurations with IRB interfaces, during times of interface deletion (for example, FPC reboot), the Packet Forwarding Engine might log the following error: nh_ucast_change:291Referenced l2ifl not found. This condition should be transient, with the system re-converging on the expected state. PR1054798

  • For the bridge-domains configured under an EVPN instance, the ARP suppression is enabled by default. This enables the EVPN to proxy the ARP and reduces the flooding of ARP in the EVPN networks. As a result, the storm-control does not affect the ARP packets on the ports under such bridge-domain. PR1438326

  • CFM REMOTE MEP does not come up after configuration or if the MEP remains in the Start state. PR1460555

  • The npc process generates core file at trinity_rt_iff_attach,pfe_ifl_family_attach,ifrt_ifl_family_adder,ifrt_ifl_family_add_vector,ifrt_command_handler. PR1461892

  • In NTP with the boot server scenario, when the router or switch boots, the NTP daemon sends an ntpdate request to poll the configured NTP boot-server to determine the local date and time. If the ntpdate is not activated correctly while the device is booting, the ntpdate might not work successfully. Then, some cosmetic error messages of time synchronization might be seen, but there is no impact on the time update because the ntp daemon updates the time eventually. PR1463622

  • The following line card errors are seen: HAL3520 snooping-error: invalid IRB topo/ IRB ifl zero in l2 nh 40495 add IRB. PR1472222

  • A few OAM sessions are not established with the scaled EVPN E-Tree and CFM configurations. PR1478875

  • If the interface is newly added as the CE interface, the existing broadcast, unknown unicast, and multicast (BUM) traffic can be looped. The loop prevention feature is designed to start working whenever a new CE interface is added by configuration. But the existing BUM traffic can be distributed to a new CE interface earlier before enabling the loop prevention feature. PR1493650

  • Traffic loss is observed after ISSU, while enabling or disabling, and activating or deactivating the interface. PR1493723

  • The following error message is observed when alarms after interface reset: 7836 ifl 567 chan_index 8 NOENT & jnh_ifl_topo_handler_pfe(13015): ifl=567 err=1 updating channel table nexthop. PR1525824

  • The npc process generates core file in igmp_process_wakeup_events,igmp_pfe_thread,thread_detach_tty. PR1534542

Routing Policy and Firewall Filters

  • The routing policy actions fail to configure neighbor-sets and tag-sets. PR1491795

Routing Protocols

  • While interoperating with other vendors in a draft-rosen multicast VPN, by default Junos OS attaches a route target to the multicast distribution tree (MDT), subsequent address family identifier (SAFI), and network layer reachability information (NLRI) route advertisements. But some vendors do not support attaching route targets to the MDT-SAFI route advertisements. In this case, the MDT-SAFI route advertisement without route-target extended communities are prevented from propagating of the route-target filtering. PR993870

  • On the MX2010 routers, the BFD session on the IS-IS step up flaps during the ISSU-FRU upgrade stage. PR1453705

  • Even when the protocols MPLS traffic-engineering bgp-igp command is configured, the UDP tunnel routes are not added to inet.0. The UDP tunnel routes are added only to the inet.3 table irrespective of whether the command is configured or not. PR1457426

  • BFD with authentication for BGP flaps after GRES or NSR switchover on the NG-RE and SCBE2 setups. PR1522261

  • The rpd process generates the core file at gp_rtarget_tsi_update,bgp_rtarget_flash_rt,bgp_rtarget_flash. PR1541768

  • The Layer 3 VPN routes might be added to FIB on the route reflector. PR1532414

Services Applications

  • All the unreachable destinations are not put in the Locked out state post GRES. PR1541271

  • The Tunnel-Assignment-Id string is not present while checking the packets from coming in for the attributes. PR1543628

VPNs

  • In an MVPN environment with the SPT-only option, if the source or receiver is connected directly to the candidate RP PE and the MVPN data packets arrive at the candidate RP PE before its transition to SPT, the MVPN data packets might be dropped. PR1223434

  • The output value of the show mvpn c-multicast inet source-pe | display xml command is not proper. PR1509948

  • Interface statistics do not match for the Mroute VPN-B (162.168.1.6, 226.1.1.1) on 10.53.194.58. PR1517039

  • MVPN multicast route entry might not be properly updated with the actual downstream interfaces list. PR1546739

Resolved Issues

Learn which issues were resolved in Junos OS main and maintenance releases for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 20.2R2

Application Layer Gateways (ALGs)

  • The srxpfe or mspmand process might crash if FTPS is enabled in a specific scenario. PR1510678

EVPN

  • EVPN-VXLAN core isolation does not work when the system is rebooted or the routing is restarted. PR1461795

  • When a dynamic-list next-hop is referenced by more than one route, it might result in an early deletion of the next-hop from the kernel, thereby assigning the next-hop index as 0 (next-hop type: dynamic List, next-hop index: 0 in the output of the show route command). This would not result in a crash but an early delete from the kernel. PR1477140

  • Configuring the proxy-macip-advertisement command for EVPN-MPLS leads to functionality breakage. PR1506343

  • With the EVPN-VXLAN configurations, the IRB MAC does not get removed from the route table after disabling IRB. PR1510954

  • ARP might break when multicast snooping is enabled in EVPN for the VLAN-based and VLAN-bundle service scenarios. PR1515927

  • Unable to create a new VTEP interface. PR1520078

  • The rpd process might crash when auto-service-id is configured in the EVPN-VPWS scenario. PR1530991

  • All the ARP reply packets towards to some address are flooded across the entire fabric. PR1535515

Forwarding and Sampling

  • The DHCP subscribers might get stuck in the Terminated state for around 5 minutes after disabling cascade ports. PR1505409

  • UTC timestamp is used in the flat-file-accounting files when a profile is configured. PR1509467

  • Traffic might be dropped for not exceeding the configured bandwidth under policer. PR1511041

  • The pfed process might crash while running the show pfe fpc x command. PR1509114

  • The l2ald process generates core file at libl2_trigger_flush libl2_enqueue_pkt libl2_send_keepalive. PR1529706

General Routing

  • In some MX Series deployments running Junos OS, the following random syslog messages are observed for FPCs: FPCx ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM - xxx left. These messages might not have a service impact. These messages are addressed as INFO level messages. On a Packet Forwarding Engine, there are dedicated UMEM and shared GUMEM memory blocks. This informational message indicates some evicting events between UMEN and GUMEN and can be safely ignored. PR1298161

  • The show security group-vpn member IPsec security-associations detail | display xml command is not in the expected format. PR1349963

  • On the MX2000 router, the following error message might be observed if the MPC7 line card is offline when Routing Engine switchover occurs: Failed to get xfchip. PR1388076

  • The rpd scheduler might slip upon executing the show route resolution extensive 0.0.0.0/0 | no-more command if the number of routes in the system is large (several million). PR1425515

  • The MPC9E line card does not get offline due to unreachable destinations in the phase 3 stage. PR1443803

  • The FPC process or Packet Forwarding Engine might crash with the ATM MIC installed in the FPC. PR1453893

  • Application and removal of 1-Gbps speed results in the channel being down. PR1456105

  • In an MVPN instance, the traffic drops on multicast receivers within the range of 0.1 to 0.9 percent. PR1460471

  • On the MX960 router, the following error message might be observed: SCHED L4NP[0] Parity errors. PR1464297

  • On the MX150 routers, the request system halt and request system power-off commands do not work as expected. PR1468921

  • The syslog message reports simultaneous zone change reporting for all green, yellow, orange, red zones for one or more service PICs. PR1475948

  • All PPPoE subscribers might not log in after the FPC restarts. PR1479099

  • Fabric healing logic incorrectly makes all MPC line cards to go offline in the MX2000 router while the hardware fault is located on one specific MPC line card slot. PR1482124

  • Traffic decreases during throughput testing. PR1483100

  • Any change in the nested groups might not be detected on commit and does not take effect. PR1484801

  • XML is not properly formatted. PR1488036

  • Prolonged flow control might occur with MS-MPC or MS-MIC. PR1489942

  • The following error message is observed on the MPC line card in the manual mode: clksync_as_evaluate_synce_ref: 362 - Failed to configure clk. PR1490138

  • The MX10003 RCB always detects the fire temperature and shuts down in a short time after downgrade. PR1492121

  • The MPC10 or MPC11 line card might crash if the interface is configured with the firewall filter referencing shared-bandwidth policer. PR1493084

  • VPLS flood next-hop might not get programmed correctly. PR1495925

  • B4 might not be able to establish the softwire with AFTR. PR1496211

  • Heap memory leak might be seen on the MPC10 and MPC11 line cards. PR1499631

  • Some of the virtual services might not come up after GRES or rpd restart. PR1499655

  • After disabling and enabling the ams0 interfaces, the NAT sessions do not get synchronized back to the current standby SDG. PR1500147

  • Unexpected behavior during the show | display inheritance command is observed when the foreground is deactivated. PR1500569

  • The show services alg conversations and show services alg sip-globals commands are not supported in the USF mode. PR1501051

  • VPN traffic gets silently discarded in a cornered Layer 3 VPN scenario. PR1501935

  • The chassisd process might become nonresponsive. PR1502118

  • The packets from a non-existing source on the GRE or UDP designated tunnel might be accepted. PR1503421

  • Configuring the ranges statement for autosensed VLANs might not work on the vMX platforms. PR1503538

  • MIBS is added as part of jnxLicenseInstallTable: jnxLicenseStartDate jnxLicenseEndDate. PR1503790

  • The gNMI stream does not follow the frequency on the subscription from the collector. PR1504733

  • The rpd process might crash in case of a network churn when the telemetry streaming is in progress. PR1505425

  • After sending the Layer 4 or Layer 7 traffic, the HTTP redirect messages are not captured as expected. PR1505438

  • The l2cpd process might crash if the ERP configuration is added or removed, and the l2cpd process is restarted. PR1505710

  • VRRPv6 might not work in an EVPN scenario. PR1505976

  • GnmiJuniperTelemetryHeader incompatibility is introduced in Junos OS Release 19.3. PR1507999

  • The heap memory utilization might increase after extensive subscriber login or logout. PR1508291

  • Outbound SSH connection flap or memory leak issues is observed during push configuration to the ephemeral database with a high rate. PR1508324

  • The host-generated packets might be dropped if the force-control-packets-on-transit-path statement is configured. PR1509790

  • The disabled QSFP transceiver might fail to switch on. PR1510994

  • PFCP message acknowledgment or non-acknowledgment responses are not tracked without the fix. If the CPF peer drops an acknowledged UPF response message and CPF retries the request, the reattempts do not get an acknowledgment by the response cache at UPF and get silently dropped. This causes the CPF state machine to constantly retry requests with those messages being dropped at UPF, which leads to the Established state at both CPF and UPF. PR1511708

  • Static subscribers are logged out after creating a unit under the demux0 interface. PR1511745

  • Memory leak on l2ald might be seen when adding or deleting the routing-instances or bridge-domains configuration. PR1512802

  • The wavelength configured through the CLI might not be set on the SFP+-10G-T-DWDM-ZR optics when the optics is used on the MPC7E line card. PR1513321

  • Modifying the segment list of the segment-routing LSP might not work. PR1513583

  • Subscribers might not be able to bind again after performing back-to-back GRES followed by an FPC restart. PR1514154

  • The MACsec session might fail to establish if the 256-bit cipher suite is configured for MACsec connectivity association assigned to a logical interface. PR1514680

  • On the MX2010 and MX2020 routers, the SPMB CPU is elevated when an SFB3 is installed. PR1516287

  • Active sensor check fails while checking the show agent sensors|display xml command. PR1516290

  • Used-Service-Unit of the CCR-U has Output-Bytes counter zero. PR1516728

  • The MPC7E line card with QSFP installed might get rebooted when the show mtip-chmac <1|2> registers vty command is executed. PR1517202

  • There might be memory leak in cfmd if both the CFM and inet or IPv4 interfaces are configured. PR1518744

  • The vgd process might generate a core file when the OVSDB server restarts. PR1518807

  • The PADI packets might be dropped when the interface encapsulation VPLS is set along with the accepted protocol configured as PPPoE. PR1523902

  • The PSM firmware upgrade must not allow multiple PSM upgrades in parallel to avoid the firmware corruption and support multiple firmwares for different hardware. PR1524338

  • Commit is successful while deactivating CB0 and CB1 interfaces with a running GNF. PR1524766

  • According to the OC data model, the openconfig-alarms.yang subscription path must be used as a system, alarms, or alarm. PR1525180

  • Addition and removal of an aggregated Ethernet interface member link might cause the PPPoE subscriber session and traffic to drop. PR1525585

  • WAG control route prefix length is observed. PR1526666

  • Commit error messages comes twice while validating the physical-cores statement. PR1527322

  • The cpcdd process might generate the core file after upgrading to Junos OS Release 19.4 and later. PR1527602

  • The transit PTP packet might be modified unexpectedly when the packet is passed through MPC2E-NG, MPC3E-NG, and MPC5E. PR1527612

  • The commit confirm command might not roll back the previous configuration when the commit operation fails. PR1527848

  • Non-impacting error message is seen in the message logs: IFP error> ../../../../../../../../../src/pfe/usp/control/applications/interface/ifp.c@3270:(errno=1000) tunnel session add failed. PR1529224

  • In the subscriber management environment, the RADIUS interim accounting records does not get populated with the subscriber statistics. PR1529602

  • Deletion of the address of the jmgmt0 interface might fail if the shortened version of the CLI command is used. PR1532642

  • The clear ike statistics with remote gateway does not work. PR1535321

  • Multicast traffic might be sent out through unexpected interfaces with distributed IGMP enabled. PR1536149

  • Version-alias is missed for subscribers configured with dynamic profiles after ISSU. PR1537512

  • With hold time configuration, the ge interfaces remain down on reboot. PR1541382

  • Port mirroring with the maximum-packet-length configuration does not work over GRE interface. PR1542500

  • MPC10 or MPC11 line card might crash in case of Composite Chain Nexthop creation failures. PR1538559

  • During an upgrade, vSRX3.0 would display the following incorrect license warnings when utilizing licensable features even if the license is present on the device: warning: requires 'idp-sig' license. PR1519672

  • On the MX150 router, the logical interfaces stay up during vmhost halt or power-off. PR1526855

  • ERO update by the controller for branch LSP might cause issues. PR1508412

  • PEM 0 always shows as absent or empty even if PEM 0 is present on the MX10003 router. PR1531190

Infrastructure

  • If the serial number of the PEM starts with 1F1, the following alarm might be generated: Minor FPC PEM Temp Sensor Failed. PR1398128

  • Unknown MIB OID 1.3.6.1.2.1.47.2.0.30 are referenced in the SNMP trap after upgrading to Junos OS Release 18.4R3. PR1508281

  • SNMP polling might return an unexpected high value for the ifHCOutOctets counter for a physical interface when any jnxDom OID is processed at the same time. PR1508442

Interfaces and Chassis

  • The sonet-options configuration statement is disabled for the xe interface that works in the wan-phy mode. PR1472439

  • Failure to configure proactive ARP detection. PR1476199

  • Control logical interface 32767 is not created on the VLAN-tagged IFD even after removing the VLAN 0 configuration. PR1483395

  • Some of the logical interfaces might not come up with the configured vlan-bridge encapsulation. PR1501414

  • Unexpected dual VRRP backup state might occur after performing two subsequent Routing Engine switchovers with the track priority-hold-time configured. PR1506747

  • The vrrpd process might crash when the dual VLAN on VRRP interfaces is configured. PR1512658

  • Commit failure is observed while deleting all the units under the ps0 interface. PR1514319

  • When multiple CFM sessions are configured on IFD, the SNMP walk of ieee8021CFMStack table fails. PR1517046

  • Inline Y.1731 SLM or DM does not work in enhanced-cfm-mode for the EVPN UP MEP scenario. PR1537381

  • Buffer overflow vulnerability in a device control daemon is observed. PR1519334

  • FPC crash might be observed with an inline mode with CFM configured. PR1500048

Intrusion Detection and Prevention (IDP)

  • When creating the custom IDP signatures that match the raw bytes (hexadecimal), the commit check fails if the administrator configures the depth parameter. PR1506706

Junos Fusion for Provider Edge

  • The statistics of the extended ports on the satellite device cluster might show wrong values from the aggregation device. PR1490101

Layer 2 Ethernet Services

  • The aggregated Ethernet interface sometimes might not come up after the switch is rebooted. PR1505523

  • The DHCPv6 lease query is not as expected while verifying the DHCPv6 server statistics. PR1506418

  • The show dhcp relay statistics command displays DHCPLEASEUNASSIGNED instead of DHCPLEASEUNASSINGED, which is spelling error. PR1512239

  • The show dhcpv6 relay statistics command must display DHCPV6_LEASEQUERY_REPLY instead of DHCPV6_LEASEQUERY_REPL for the messages sent. PR1512246

  • The DHCP6 lease query is not as expected while verifying the DHCPV6v relay statistics. PR1521227

  • Memory leak in jdhcpd might be seen if access-profile is configured under the dhcp-relay or dhcp-local-server statement. PR1525052

  • Receipt of the malformed DHCPv6 packets causes the jdhcpd process to crash. PR1511782

  • The jdhcpd process crashes when a specific DHCPDv6 packet is processed in the DHCPv6 relay configuration. PR1512765

MPLS

  • The RSVP interface bandwidth calculation rounds up. PR1458527

  • The same device responds twice for traceroute if it goes through the MPLS network under specific conditions. PR1494665

  • Traffic loss might occur if ISSU is performed when P2MP is configured for an LSP. PR1500615

  • The CSPF job might get stalled for a new or an existing LSP in a high-scale LSP setup. PR1502993

  • The auto-bandwidth feature might not work correctly in an MPLS scenario. PR1504916

  • Activating or deactivating the LDP-sync under OSPF might cause the LDP neighborship to go down and stay down. PR1509578

  • The rpd process might crash after upgrading Junos OS Release 18.1 to a later release. PR1517018

  • The SNMP trap is sent with the incorrect OID jnxSpSvcSetZoneEntered. PR1517667

  • The LDP session-group might throw a commit error and flap. PR1521698

  • ping mpls rsvp does not take into account for the lower MTU in the path. PR1530382

  • The rpd process might crash when the LDP route with the indirect next-hop is deleted on the aggregated Ethernet interface. PR1538124

  • The inter-domain LSP with loose next-hops path might get stuck in the Down state. PR1524736

  • The RPD scheduler might slip after the link flaps. PR1516657

Network Address Translation (NAT)

  • Need to improve the maximum eNode connections for one persistent NAT binding from 8 to 32. PR1532249

Network Management and Monitoring

  • The SNMPv3 informs might not work properly after rebooting. PR1497841

Platform and Infrastructure

  • Packets are dropped when next-hop is IRB over an lt interface. PR1494594

  • Traffic to VRRP virtual IP or MAC addresses might be dropped when ingress queuing is enabled. PR1501014

  • Traffic that originates from another subnet is sent out with 0x8100 instead of 0x88a8. PR1502867

  • MPCs might crash when there is a change on routes learnt on the IRB interface configured in the VPLS or EVPN instances. PR1503947

  • Traffic loss might be seen in certain conditions under an MC-LAG setup. PR1505465

  • The kernel might crash causing the router or the Routing Engine to reboot when performing virtual IP related change. PR1511833

  • During the route table object fetch failure, the FPC process might crash. PR1513509

  • The output value of the show jnh qmon queues-sensor stats 0 command has no content. PR1514881

  • VPLS connection might be stuck in the primary fail status when a dynamic profile is used on the VPLS pseudowire logical interface. PR1516418

  • Configured scheduler-map is not applied on the ms- interface if the service PIC is in the Offline state during commit. PR1523881

  • TWAMP interoperability issue between Junos OS releases is observed. PR1533025

  • Packet loss might be observed when the RFC2544 egress reflector session is configured on the non-zero Packet Forwarding Ethernet interface. PR1538417

  • Trio-based FPC might crash when the underlying layer 2 interface for ARP over IRB interface is changed from the physical interface to LSI interface. PR1542211

Routing Protocols

  • Multicast traffic loss might be seen in certain conditions while enabling IGMP snooping under the EVPN-VXLAN ERB scenario. PR1481987

  • The output value of the show isis interface detail command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters. PR1482983

  • BGP RPKI ROA withdrawal might lead to an unexpected BGP route flap. PR1483097

  • There might be rpd memory leak in a certain looped MSDP scenario. PR1485206

  • The rpd process might crash in a multicast scenario with the configured BGP. PR1501722

  • On all Junos OS dual-Routing Engine GRES or NSR enabled routers, the rpd process might crash on a new master Routing Engine if the Routing Engine switchover occurs right after massive routing-instance deletion. PR1507638

  • The rpd process might crash due to RIP updates being sent on an interface in the Down state. PR1508814

  • The rpd process might crash on the backup Routing Engine if the BGP (standby) receives a route from the peer, which is rejected due to an invalid target community. PR1508888

  • The rpd process might report 100 percent CPU usage with the BGP route damping enabled. PR1514635

  • ISIS-SR routes might not be updated to reflect the change in the SRMS advertisements. PR1514867

  • The rpd process might crash after deleting and re-adding a BGP neighbor. PR1517498

  • The rpd process might crash if there is a huge number of SA messages in the MSDP scenario. PR1517910

  • Tag matching in the VRF policy does not work properly when the independent-domain option is configured. PR1518056

  • The BGP-LS NLRI handling improvements are needed for BGP-LS ID TLV. PR1521258

  • The IS-IS LSP database synchronization issue might be seen while using the flood-group feature. PR1526447

  • Configuring then next-hop and then reject on a route policy for the same route might cause rpd to crash. PR1538491

  • After moving the peer out of protection group, the path protection not removed from the PE router. PR1538956

Services Applications

  • The FPC process might crash with the npc core file if the service interface is configured under service-set in the USF mode. PR1502527

  • The output value of the show services l2tp tunnel extensive command does not show the configured session limit. PR1503436

  • Destination lockout functionality does not work at the tunnel session level when CDN code is received. PR1532750

Subscriber Access Management

  • Subscriber accounting message retransmissions exist even after configuring accounting retry 0. PR1405855

  • The LTS incorrectly sends the access-request with the Tunnel-Assignment-ID, which is not compliant with RFC 2868. PR1502274

  • CCR-T does not contain the usage monitoring information. PR1517507

  • The show network-access aaa subscribers statistics username "<>" command fails to fetch the subscriber-specific AAA statistics information if the user name of the subscriber contains space. PR1518016

User Interface and Configuration

  • The version information under the configuration changes from Junos OS Release 19.1 and onward. PR1457602

VPNs

  • MPLS label manager might allow configuration of a duplicated VPLS static label. PR1503282

  • The rpd process might crash after removing the last interface configured under the Layer 2 circuit neighbor. PR1511783

  • The rpd process might crash when deleting the Layer 2 circuit configuration in a specific sequence. PR1512834

Resolved Issues: 20.2R1

Application Layer Gateways (ALGs)

  • SIP messages that need to be fragmented might be dropped by the SIP ALG. PR1475031

  • FTPS traffic might be dropped on MX Series platforms if FTP ALG is used. PR1483834

Class of Service (CoS)

  • The MX Series generated OAM/CFM LTR messages are sent with a different priority than the incoming OAM/CFM LTM messages. PR1466473

  • The MX10008 and MX100016 routers might generate cosd core files after executing the commit/commit check command if the policy-map configuration is set. PR1475508

  • Error message GENCFG write failed (op, minor_type) = (delete, Scheduler map definition) for tbl id 2 ifl 0 TABLE Reason: No such file or directory is observed. PR1476531

  • MX Series platforms with MPC1-Q and MPC2-Q line cards might report memory errors. PR1500250

EVPN

  • Remote MAC address present in EVPN database might be unreachable. PR1477140

  • Deleting a Layer 2 logical interface generates an error if the interface is not deleted first from EVPN. PR1482774

  • The ESI of IRB interface does not update after autonomous-system number change if the interface is down. PR1482790

  • Dead next-hops might flood in a rare scenario after remote PE devices are bounced. PR1484296

  • The ARP entry gets deleted from the kernel after adding and deleting the virtual-gateway-address. PR1485377

  • The rpd core file might be generated when doing Routing Engine switchover after disabling BGP protocol globally. PR1490953

  • VXLAN bridge domain might lose VTEP logical interface after restarting chassisd. PR1495098

  • The VXLAN function might be broken due to a timing issue. PR1502357

  • The MAC address of the LT interface might not be installed in the EVPN database. PR1503657

Forwarding and Sampling

  • IP-IP de-encapsulation fails if de-encapsulation filter is applied on loopback interface. PR1469219

  • Traffic might be forwarded into the default queue instead of the correct queue when the VPLS traffic has three or more VLAN tags with VLAN priority 5. PR1473093

  • The filter might not be installed if the policy-map xx is present under the filter. PR1478964

General Routing

  • Syslog error message PFEIFD: Could not decode media address with length 0 might be generated by the Packet Forwarding Engine. PR1341610

  • The nondefault routing instance is not supported correctly for NTP packets in a subscriber scenario. PR1363034

  • Egress monitored traffic is not mirrored to destination for analyzers on MX Series routers. PR1411871

  • FPC x Voltage Tolerance Exceeded alarm raised and cleared upon bootup of JNP10K-LC2101. PR1415671

  • The pccd starts running from the system start. PR1417052

  • Resetting the Playback Engine logs are seen on the MPC5E line cards. PR1420335

  • PF core voltage is not set according to the required e-fuse value and remains as default value of 0.9V on the JNP10008-SF and JNP10016-SF Switch Interface Boards (SIBs). PR1420864

  • FPC might crash after GRES when you commit the changes in firewall filter with the next term statement in the subscriber scenario. PR1421541

  • PTP might not work on the MX104 platform if phy-timestamping is enabled. PR1421811

  • When you run the show route label X | display json command, two nh keys are present in the output. PR1424930

  • PTP and show warning are disabled when hyper mode is configured. PR1429527

  • Interfaces on the MPC-3D-16XGE-SFPP might go down due to CB0 clock failure. PR1433948

  • ZF interrupts for out-of-range destination Packet Forwarding Engine INTR for Gnt are observed when the MPC6 or MPC9 line card is brought up. PR1436148

  • System reboot is required when GRES is enabled or disabled with the mobile-edge configuration. PR1444406

  • On the MPC10E-15C-MRATE with 25-Gigabit Ethernet ports, FEC statistics are not getting reset after changing FEC mode. PR1449088

  • RE-MX2008-X8-128G secure BIOS version mismatch alarms. PR1450424

  • Need to add support for drop flows when the packet drops. PR1451921

  • When MVLAN interface (OIF map) is changed, the existing multicast subscribers with membership reports in place experience loss of multicast traffic until traffic is forwarded to a new OIF map. PR1452644

  • Interfaces shutdown by the disable-pfe action might not be up using MIC offline or online command. PR1453433

  • When scale configurations are applied from approximately 10 minutes, chassisd CLI will either have a delay in response or will time out. PR1454638

  • On 4-port 1-Gigabit Ethernet using QSFP28 optics, continuous logging in chassisd process occurs when speed 1-Gigabit Ethernet is configured with pic_get_nports_inst and ch_fru_db_key. PR1456253

  • On the MPC11E line card, need to add the support of optics-options low light. PR1456894

  • LSP statistics are not getting reset after restart routing. PR1458107

  • Inline S-BFD packets are dropped on MPC6E MIC1/PIC1 ports: 0-11. PR1459529

  • Occasional warning message such as TCP Connect error can be seen during FPC reboot. PR1460153

  • Multiple leaf devices and prefixes are missing when LLDP neighbor is added after streaming is started at the global level. PR1460347

  • Support of del_path for the LLDP neighbor change at various levels. PR1460621

  • When you receive IPv6 over IPv4 IBGP session, the IPv6 prefix is hidden. PR1460786

  • Explicit deletion notification (del_path) is not received when LLDP neighbor is lost as a result of disabling local interface on the DUT through CLI (gNMI). PR1461236

  • On the MPC10E line cards, more output packets than expected are seen when ping function is performed. PR1461593

  • The show dynamic-tunnel database CLI command output does not filter IP-IP tunnels based on destination. PR1461659

  • The CHASSISD_SNMP_TRAP6: SNMP trap generated: Power Supply failed message appears when both DIP switches and power switch are turned off. PR1462065

  • Inline BFD session might flap on renegotiation of timers from slow to aggressive interval. PR1462775

  • The MVPN traffic might be dropped after performing switchover. PR1463302

  • The native-vlan-id functionality does not work and untagged traffic does not pass with the native-vlan-id configuration. PR1463544

  • The jdhcpd process might consume high CPU use, and no further subscribers can be brought up if there are more than 4000 dhcp-relay clients in the MAC-MOVE scenario. PR1465277

  • On the MPC10E and MPC11E line cards, the bandwidth-percent with shaping-rate might not work as expected on aggregated Ethernet interfaces after shaping-rate change. PR1465766

  • The bbe-smgd process generates core files on the backup Routing Engine. PR1466118

  • ICMP error messages are still unreceived after enabling the enable-asymmetric-traffic-processing configuration statement. PR1466135

  • A few DHCP INFORM packets specific to a particular VLAN might be taking the incorrect resolve queue. PR1467182

  • On the MPC11E line card, the DOM MIB alarm for the channelized 10-Gigabit Ethernet interface is not showing any alarm for LF/RF. PR1467446

  • Daemons might not be started if commit is executed after commit check. PR1468119

  • PPP IPv6 NCP fails to negotiate during the PPP login. PR1468414

  • The rpd process might crash if BGP sharding is enabled. PR1468676

  • The tcp-log connections fail to reconnect and get stuck in the Reconnect-In-Progress state. PR1469575

  • Unable to set up 26M sessions (NAPT44) at 900,000 pps. PR1470833

  • In rare occasions, the router might send out one extra URR quota value for a bearer. PR1470890

  • Syslog message FPCX user.notice logrotate: ALERT exited abnormally with [1] pops at 04:02:01. PR1471006

  • DHCP relay with forward-only might fail to send OFFER messages when DHCP client is terminated on logical tunnel interface. PR1471161

  • Sudden FPC shutdown due to hardware failure or ungraceful removal of line card might cause major alarms on other FPCs in the system. PR1471372

  • The clksyncd crash might be seen when PTP over aggregated Ethernet is configured on the MX104 platform. PR1471466

  • On the MPC11E line card, locating a specific 100-Gigabit Ethernet, 40-Gigabit Ethernet, and 10-Gigabit Ethernet port in the card by blinking the corresponding port LED does not work. PR1471894

  • Chassis alarm on BSYS might be observed: RE0 to one or many FPCs is via em1: Backup RE. PR1472313

  • Performing back-to-back rpd restarts might cause rpd to crash. PR1472643

  • Manually configured ERO on NS controller might be lost when PCEP session bounces. PR1472825

  • SDB goes down very frequently if the reauthenticate lease-renewal statement is enabled for DHCP. PR1473063

  • Some routes might not be installed into the FPC after it gets restarted. PR1473079

  • On the MPC11E line card, show dynamic-tunnels database command does not show traffic statistics. PR1473096

  • On MPC11, oversubscription drops are not accounted in Routing Engine CLI under resource drops when Flow control is disabled. PR1473191

  • Dynamic-profile for VPLS-PW pseudowire incorrectly reports Dynamic Static Subscriber Base Feature license alarm. PR1473412

  • On the MPC11E line card, after doing Routing Engine switchover on BSYS, the AF interface on peer router shows status as down with the reason being that the Packet Forwarding Engine is down on the GNF. PR1473555

  • When both MSTP and ERP are enabled on the same interface, then ERP does not come up properly. PR1473610

  • Drops counter does not increment for the aggregated Ethernet even after the member link shows the drops. PR1473665

  • Ingress multicast replication does not work with GRES configuration. PR1474094

  • DHCP-server RADIUS-given mask is being reversed. PR1474097

  • On the MX150 platform, core files are not seen under show system core-dumps. PR1474118

  • A newly added LAG member interface might forward traffic even though its micro BFD session is down. PR1474300

  • Upon external X86 node slicing server reboot, the host SNMP configuration gets overwritten by the JDM SNMP configuration settings. PR1474349

  • When traffic loss is observed on a 100-Gigabit Ethernet logical interface, the MACsec sessions are up and live. PR1474714

  • On the MPC11E line card, basic circuit cross-connect traffic flow does not occur with the logical systems. PR1474983

  • The clksyncd process generates core file after the GRES. PR1474987

  • Memory leak leads to restart of the MPC10E line card. PR1475036

  • Stateful firewall rule configuration deletion might lead to memory leak. PR1475220

  • The full list should be returned. A leaf should be considered atomic, regardless of whether it is a single value or a list for on-change event. PR1475293

  • The RADIUS accounting updates of the service session have incorrect statistic data. PR1475729

  • When xSTP protocols are enabled on interface all, it might run on vlan-tagging/flexible-vlan-tagging Layer 3 interfaces and lead to blocking of SXE interface. PR1475854

  • Traffic loss might be seen as backup Routing Engine takes around 20 seconds to acquire the primary role. PR1475871

  • Traffic drop might be observed while performing a unified ISSU on the MX2020, MX2010, and MX960 platforms. PR1476505

  • The bbe-mibd might crash on an MX Series platform in subscriber environment. PR1476596

  • On the MPC10 or MPC11 line cards, Routing Engine might not be able to send packets with traffic-manager enhanced-priority-mode configuration enabled. PR1476683

  • The host-generated packets which might get dropped at the other end. PR1476764

  • Traffic loss might occur to the LNS subscribers in case the routing-service statement is enabled under the dynamic profile. PR1476786

  • Traffic loss might be seen in SAEGW scenario after the daemon restarts or after the GRES operation. PR1477461

  • In NAT-T scenario, IKE version 2 IPsec tunnel flaps if the tunnel initiator is not behind NAT. PR1477483

  • The rpd process might crash when the JET RIB API is used to set the "bandwidth" attribute. PR1477745

  • On the MX2010 platform, syslog message spmb0 cmty_sfb_temp_check: sfb[0] is powered OFF" & "spmb0 cmty_sfb_voltage_check_one: sfb[0] is powered OFF is flooding even though SFBs are online. PR1477924

  • Error log message chassisd[7836]: %DAEMON-3-CHASSISD_IOCTL_FAILURE: acb_get_fpga_rev: unable to get FPGA revision for Control Board (Inappropriate ioctl for device) is observed after every commit. PR1477941

  • The Packet Forwarding Engine might be disabled because of the major error on MPC2E-NG, MPC3E-NG, MPC5, MPC6, MPC7, MPC8, and MPC9. PR1478028

  • The show evpn statistics instance command gets stuck in a multihomed scenario. PR1478157

  • At-scale logins of both default and dedicated bearers might require retries from the control plane. PR1478191

  • The ukern-platformd process might crash on MX2000 platforms with MPC11 line card. PR1478243

  • Output chain filter counters are not proper. PR1478358

  • MX Series-based MPC line card might crash when there is bulk route update failure in a corner case. PR1478392

  • The FPC with vpn-localization vpn-core-facing-only configuration might be stuck in ready state. PR1478523

  • On MX240, MX480, MX960, MX2000, MX10003, MX10008, and MX10016 with the MPC7E, MPC8E, and MPC9E line cards, hardware sensor information is logged every 30 minutes. PR1478816

  • The protocol MTU might not be changed on lt- interface from the default value. PR1478822

  • The TCP-log sessions might be in Established state but no logs are sent out to the syslog server. PR1478972

  • Mobile-edge sessions might be lost if GRES is being performed while sessions are logged in with URR enabled. PR1478985

  • The SCBE3 fabric plane gets into check state in MX Series Virtual Chassis. PR1479363

  • Interface states are not showing correctly between main and shards on one of the interfaces. PR1479801

  • After kmd restarts, IPsec SA comes up but the traffic fails for some time in certain scenarios. PR1480692

  • 100-Gigabit interface might randomly fail to come up after maintenance operations. PR1481054

  • Issue with binding non-default routing instance to existing soft-gre group. PR1481278

  • After unified ISSU on the master and the backup Routing Engine, ISSU enhanced-mode: Performing action get-state for error /FPC/5/pfe/0/cm/0/PCIe_Error/0/PCIE_CMERROR_UNCORRECTABLE (0x190001) error message is generated. PR1481859

  • The rpd might crash when you execute the show route protocol l2-learned-host-routing or show route protocol rift CLI command on a router. PR1481953

  • Log in to some PPPoE subscribers through aggregate Ethernet interface might cause the device to reboot. PR1482431

  • Fragmentation limit and reassembly timeout configuration under services option is missing for SPC3. PR1482968

  • When checking the BFD fuctionality over Layer 2 VPN client, BFD session is not coming up. PR1483014

  • Link errors might be seen after restarting the FPC or fabric plane. PR1483124

  • Traffic impact might be seen when the policy-multipath is configured without LDP on the SPRING-TE scenario. PR1483585

  • The downstream IPv4 packet greater than BR MTU are getting dropped in MAP-E. PR1483984

  • Traffic rate is not as expected on aggregated Ethernet interface when child links are from MPC11 and MPC9 line card after applying a policer. PR1484193

  • ARP entry might not be created in the EVPN-MPLS environment. PR1484721

  • The logical tunnel interface might not work on the MPC10 line card. PR1484751

  • Fix and enhancement has been done for request rift package activate for the junos-rift package. PR1485098

  • Attribute sending zero value should be compressed because it uses too much bandwidth in periodic streaming. PR1485257

  • Interface input error counters are not increasing on the MX150 platforms. PR1485706

  • The krt-nexthop-ack-timeout command might not automatically be picked up on restarting the rpd process. PR1485800

  • MPC10E line card installed in the FPC slot 4 might drop host outbound traffic. PR1485942

  • Command completion help text for LLDP-MED coordinate configuration statement contains spelling errors. PR1486327

  • The aftd process might crash when MPC10 line card is installed. PR1487416

  • Incorrect frame length of 132 bytes might be captured in packet header. PR1487876

  • XML is not properly formatted. PR1488036

  • Add support for PSM firmware upgrade on the MX2000 platform. PR1488575

  • During multiple login and logout of 250,000 sessions, there can be daemon restart due to mishandling of data. PR1489512

  • NAT rule-sets processing order is not getting processed based on the order configured under service-set. It is getting processed based on the NAT rules defined under [services nat source] hierarchy level configuration. PR1489581

  • With 4-member AMS used in the service-set, commit check fails when /30 subnet address is used as NAT pool IP. PR1489885

  • Error syslog message Failed to connect to the agentx master agent (/var/agentx/master): Unknown host (/var/agentx/master) (No such file or directory) is continuously being generated with dns-sinkholing. PR1490487

  • When NAT/SFW rule is configured with application-set with multiple applications having different TCP inactivity-timeout, sessions are not getting TCP inactivity-timeout as per the configured application order. PR1491036

  • The DAC cable is not detected after reboot or plug out or plug in. PR1491116

  • The unified ISSU is not supported on next-generation MPC cards. PR1491337

  • Multiple deactivating and activating of security traceoptions along with clear single NAPT44 session could result in generation of flowd core file. PR1491540

  • MS-MIC is down after loading some releases in the MX Virtual Chassis scenario. PR1491628

  • FPCs might stay down or restart when you swap the MPC7, MPC8, and MPC9 line cards with the MPC10 and MPC11 line cards or vice versa in the same slot. PR1491968

  • User-configured MTU might be ignored after the unified ISSU upgrade uses request vmhost software in-service-upgrade. PR1491970

  • Behavior change in clients with multiple gRPC channels to same target. PR1492088

  • The delay of LT interfaces coming up is seen on MPC11E line card after you configure scaled PS interfaces anchoring to RLT. PR1492330

  • On the MX10008 platform, SNMP table entPhysicalTable does not match the PICs shown for the show chassis hardware command. PR1492996

  • DHCP subscribers do not come up as expected after deactivating the Virtual Chassis port. PR1493699

  • The ptp-clock-global-freq-tracable leaf value becomes false and does not change to true when the internal lock is in the Acquiring state. PR1493743

  • The LSP might not come up in LSP externally-provisioned scenario. PR1494210

  • Error message PFE_ERROR_FAIL_OPERATION: Unable to unbind cos scheduler from physical interface 147 is observed on the MPC9E line card after restarting the MPC11E line card. PR1494452

  • Missing firmware image file in usr/share/pfe/firmware. PR1494557

  • In node slicing setup after GRES, RADIUS interim updates might not carry actual statistics. PR1494637

  • Group address is not programmed back after deactivating and activating the bridge domain. PR1495480

  • Flood next-hop ID is not same in both the primary and backup Routing Engines. PR1495925

  • Error message PFEIFD: Could not decode media address with length 0 is generated by the Packet Forwarding Engine when subscribers come up over a pseudowire interface. PR1496265

  • Port numbers logged in ALG syslog are incorrect. PR1497713

  • Subscribers might be disconnected after one of the aggregated Ethernet participating FPCs comes online in a Junos OS node slicing scenario. PR1498024

  • SNMP polling does not show correct PSM jnxOperatingState when one of the PSM inputs failed. PR1498538

  • The rpd might crash when multiple VRFs with 'IFLs link-protection' are deleted at a single time. PR1498992

  • The commit check might fail when adding IFL into a routing instance with the no-normalization statement enabled under the [routing-instances] hierarchy. PR1499265

  • The heap memory leak might be seen on the MPC10 and MPC11 line cards. PR1499631

  • The SPC3 card might crash if SIP ALG is enabled. PR1500355

  • On the MX2010 and MX2020 routers, the pem_tiny_power_remaining message will be continuously logged in chassisd log. PR1501108

  • Application ID does not display under NAT/SFW rule configured with application ’any’ rule. PR1501109

  • Support license start and end date in MIBs. PR1503790

  • The show bridge statistics command does not display the statistics information for pseudowire subscriber interfaces. PR1504409

  • The l2cpd crash might be seen if you add or delete ERP configuration and then restart l2cpd. PR1505710

  • GnmiJuniperTelemetryHeader incompatibility is introduced in Junos OS Release 19.3. PR1507999

  • The host generated packets might get dropped if the force-control-packets-on-transit-path statement is configured. PR1509790

  • The multicast traffic might be dropped if ALB is enabled on the aggregated Ethernet interface. PR1512157

High Availability (HA) and Resiliency

  • Unified ISSU might fail on MX204 and MX10003 Virtual Chassis with an error message. PR1480561

Infrastructure

  • Slow response from SNMP might be observed after an upgrade to Junos OS Release 19.2R1 and later. PR1462986

  • F-label veto code checks for per-pfe f-label pools. PR1466071

Interfaces and Chassis

  • Syslog error scchassisd[ ]: CHASSISD_IPC_WRITE_ERR_NULL_ARGS: FRU has no connection arguments fru_send_msg Global FPC x is observed after MX Virtual Chassis local or global switchover. PR1428254

  • Decoupling of Layer 2 logical interfaces from bridge and EVPN configurations. PR1438172

  • The MC-LAG configuration-consistency ICL configuration might fail after committing some changes. PR1459201

  • On the MPC11E line card, the IPv6 local stats are counted against the IPv6 transit traffic statistics as well. PR1467236

  • When you configure ESI on a physical interface, the traffic drops when you disable the logical interface under the physical interface. PR1467855

  • Executing commit might hang because of stuck dcd process. PR1470622

  • Traffic is not forwarded properly when traffic-control-profiles with logical interface queues are configured. PR1475350

  • Commit error is not thrown when member link is added to multiple aggregation group with different interface specific options. PR1475634

  • The interface on MIC3-100G-DWDM might go down after performing an interface flap. PR1475777

  • When you delete and add a logical interface (both the logical interfaces with the same VLAN ID) in a single commit, the configuration check fails with the error duplicate VLAN-ID. PR1477060

  • A stale IP address might be seen after a specific order of configuration changes in logical systems scenario. PR1477084

  • Traffic is seen for 248 seconds when an aggregated Ethernet member link is brought down with minimum link configuration. PR1477821

  • MC-AE interface might be shown as unknown status if you add the subinterface as part of the VLAN on the peer MC-AE node. PR1479012

  • For ATM interfaces configuration, if any logical interface has the allow-any-vci configuration, then the commit operation might fail. PR1479153

  • PPPoE subscribers are not up while verifying static IPv4 subscriber in passive mode. PR1483395

  • CFM over BD along with negative events lead to restart and CFM DM two-way verification fails. PR1489196

  • The vrrp-inherit-from change operation leads to packet loss when traffic is forwarded to the VIP gateway. PR1489425

Intrusion Detection and Prevention (IDP)

  • The CLI now provides helpful remarks about IDP's tunable detector parameters. PR1490436

  • When creating custom IDP signatures that match on raw bytes (hexadecimal), the commit check fails if the administrator has configured the depth parameter. PR1506706

J-Web

  • Junos OS security vulnerability in J-Web and Web-based (HTTP/HTTPS) services. PR1499280

Junos Fusion for Enterprise

  • SDPD core file is found at vFPC_all_eports_deletion_complete vFPC_dampen_FPC_timer_expiry. PR1454335

  • Loop detection might not work on extended ports in Junos fusion scenarios. PR1460209

Junos Fusion Satellite Software

  • Temperature sensor alarm is seen in Junos fusion scenarios. PR1466324

Layer 2 Ethernet Services

  • On MX2010 and MX2020 platforms, no alarm is generated when FPC is connected to master Routing Engine through backup Routing Engine/CB. PR1461387

  • Member links state might be unsynchronized on a connection between a PE device and a CE device in an EVPN active/active scenario. PR1463791

  • Telemetry data for relay/bindings/binding-state-v4relay-binding and relay/bindings/binding-state-v4relay-bound is not correct. PR1475248

  • On the MX204 platform, the Vendor-ID is set as MX10001 in factory-default configuration and DHCP client messages. PR1488771

  • With ALQ and VRRP configurations, DHCP subscribers are not coming up. PR1490907

  • Issues with DHCPv6 relay processing confirm and reply packets. PR1496220

  • The MC-LAG might become down after disabling and then enabling the force-up. PR1500758

Layer 2 Features

  • Connectivity is broken through LAG because of the members configured with hold-time and force-up. PR1481031

MPLS

  • Traffic loss might be seen if P2MP with NSR is enabled. PR1434522

  • P2MP LSP might flap after VT interface in MVPN routing instance is reconfigured. PR1454987

  • The RSVP interface bandwidth calculation rounds up. PR1458527

  • The rpd might crash in PCEP for the RSVP-TE scenario. PR1467278

  • The fast reroute detour next-hop down event might cause the primary LSP go in the Down state in a particular scenario. PR1469567

  • The rpd process might crash during shutdown. PR1471191

  • The LDP and BFD sessions are not coming up in a scaled setup. PR1474204

  • The RSVP LSPs might not come up in a scaled network with a very high number of LSPs if NSR is used on the transit router. PR1476773

  • PCC might flood with event logs to controller. PR1476822

  • Kernel crashes and device might restart. PR1478806

  • The rpd process crashes on the backup Routing Engine when LDP tries to create LDP P2MP tunnel upon receiving corrupted data from the master Routing Engine. PR1479249

  • On MX Series with MPC10E line card, rpd core files in rsvp_copy_route (rt=< optimized out>, rtparms_p=< optimized out>) at ../../../../../../../../../../src/junos/usr.sbin/rpd/mpls_te/proto/rsvp/proto/rsvp_route.c:3033 are seen after GRES. PR1485985

  • The rpd might crash on restart of master Routing Engine or backup Routing Engine when chain-NH has inner and outer labels in the SR-TE scenario. PR1486077

  • High CPU utilization for rpd might be seen if RSVP is implemented. PR1490163

  • The rpd might crash when BGP with FEC 129 VPWS enabled flaps. PR1490952

  • BGP session might keep flapping between two directly connected BGP peers because of the incorrect TCP-MSS in use. PR1493431

  • The rpd might crash in a rare condition under SR-TE scenario. PR1493721

  • The rpd core files are generated during unified ISSU. PR1493969

  • The rpd process might crash when SNMP polling is done using OID jnxMplsTeP2MPTunnelDestTable. PR1497641

  • The rpd process might crash with RSVP configured in a rare timing case. PR1505834

Platform and Infrastructure

  • Core.vmxt.mpc0 is seen at 0x096327d5 in l2alm_sync_entry_in_pfes (context=0xd92e7b28, sync_info=0xd92e7a78) at ../../../../../src/pfe/common/applications/l2alm/l2alm_common_hw_api.c:1727. PR1430440

  • With chained composite next-hop enabled, the MPLS CoS rewrite does not work for IPv6 PE device traffic. PR1436872

  • Traffic loss might be seen in case of Ethernet frame padding with VLAN. PR1452261

  • Modifying the REST configuration might cause the system to become unresponsive. PR1461021

  • On the MX204 platform, Packet Forwarding Engine errors might occur when incoming GRE tunnel fragments get sampled and undergo inline reassembly. PR1463718

  • The CoS might not work on MPC10E and MPC11E line cards. PR1465870

  • VXLAN packet might be discarded with flow caching enabled on MX150 and vMX. PR1466470

  • All the subscriber services might be unavailable on vBNG running on MX150 and vMX running in payg mode. PR1467368

  • The JNH memory leaks after CFM session flap for LSI and VT interfaces. PR1468663

  • The switch might not be able to learn MAC address with dot1x and interface-mac-limit configured. PR1470424

  • SSH login might hang and the TACACS+ server closes the connection without sending any authentication failure response. PR1478959

  • Remote MEPs are not coming up as expected while verifying MIP functionality with bridge domains. PR1484303

  • The show system buffer command displays all zeros in the MX104 chassis. PR1484689

  • MAC learning under bridge domain stops after MC-LAG interface flaps. PR1488251

  • MAC malformation might happen in a rare scenario under MX Series Virtual Chassis setup. PR1491091

  • In node slicing setup, MPLS TTL might be set to zero when the packet goes through af interface configured with CCC family. PR1492639

  • A specific IPv4 packet might lead to FPC restart. PR1493176

  • Python or SLAX script might not be executed. PR1501746

  • MPCs might crash when there is a change on routes learned on IRB interface configured in VPLS and EVPN instances. PR1503947

  • Traffic convergence failed with ICL failure case. PR1505465

Routing Policy and Firewall Filters

  • The router-id from martian address range cannot be committed even if the range is allowed by configuration. PR1480393

Routing Protocols

  • The BGP session might be stuck with high BGP OutQ value after GRES on both sides. PR1323306

  • PIM RPF selection for the specific multicast group might get incorrectly applied to other multicast groups. PR1443056

  • TI-LFA might be unable to install backup path in the routing table in a specific case. PR1458791

  • BGP NSR with more than 40,000 IPv6 peers is not qualified or supported. PR1461436

  • IS-IS IPv6 routes might flap when there is an unrelated commit under protocol stanza. PR1463650

  • The rpd might crash if IPv4 routes are programmed with IPv6 next-hop through JET APIs. PR1465190

  • BGP peers might flap if the parameter of hold-time is set small. PR1466709

  • The configured BGP damping policy might not take effect after BGP is disabled and then enabled followed by commit. PR1466734

  • The rpd might stop when both instance-import and instance-export policies contain the as-path-prepend action. PR1471968

  • Removing cluster from BGP group might cause prolonged convergence time. PR1473351

  • Adjacency SID might be missed and not be advertised to peer/controller/BMP monitor in BGP-LS NLRI. PR1473362

  • SFTP does not connect properly and the following error is displayed: Received message too long. PR1475255

  • BGP TCP MD5 authentication support is not available. PR1476669

  • The rpd process might crash with BGP multipath and route withdraw occasionally. PR1481589

  • The rpd process crashes due to specific BGP UPDATE packets. PR1481641

  • The rpd process might crash when deactivating logical systems. PR1482112

  • BGP multipath traffic might not fully load-balance for a while after adding a new path for load sharing. PR1482209

  • The rpd might be crashed after BGP peer flapping. PR1482551

  • RIPv2 packets stop transmitting when changing interface-type configuration from P2MP to broadcast. PR1483181

  • The rpd process crashes if the same neighbor is set in different RIP groups. PR1485009

  • On MX Series, MSDP memory leak is observed. PR1485206

  • The BGP-LU routes do not have the label when BGP sharding is used. PR1485422

  • Removal of the BGP and rib-sharding configuration might cause routing protocols to become unresponsive. PR1485720

  • Layer 3 VPN RR with family route-target and no-client-reflect statements does not work as expected. PR1485977

  • Traffic loss is seen on a scaled MPLS setup after unified ISSU in enhanced mode. PR1486657

  • The rpd process crashes if the BGP LLGR with RIB sharding and traceoptions for graceful-restart are configured. PR1486703

  • The rpd might crash when you perform GRES with MSDP configured. PR1487636

  • High CPU utilization might be observed when the outgoing BGP updates are sent slowly. PR1487691

  • The rpd process might generate core file after always-compare-med is configured for BGP path-selection. PR1487893

  • BGP RIB sharding feature cannot be run on a system with a single CPU. PR1488357

  • The rpd crashes when reset OSPF neighbors. PR1489637

  • The BGP route target family might prevent route reflector from reflecting Layer 2 VPN and Layer 3 VPN routes. PR1492743

  • The rpd might crash because of rpd resolver problem of INH. PR1494005

  • The static route in inet6.0 or inet6.3 RIB might fail to delete. PR1495477

  • For SPRING support SRv6, continuous rpd core files are generated at isis_set_rt_pfx_sid_tsi,isis_route_change_rt after configuring [set protocols isis topologies ipv6-unicast]. PR1495994

  • Receipt of certain genuine BGP packets from any BGP speaker causes rpd to crash. PR1497721

  • The rpd might crash if the import policy is changed to accept more routes that exceed the teardown function threshold. PR1499977

  • The rpd process crashes when processing a specific BGP packet. PR1502327

  • The show bgp neighbors command shows change in x-path output for input-updates value. PR1504399

  • BGP might not advertise routes to peers after a peer flap. PR1507195

Services Applications

  • flow-tap add function might not work after the dynamic flow capture services process is restarted. PR1472109

  • On an MX Series router, L2TP LTS fails to forward the agentCircuitId and agentRemoteId AVP toward the LNS. PR1472775

  • The kmd might crash due to the incorrect IKE SA establishment after the remote peer's NAT mapping address has been changed. PR1477181

  • NPC core files are found at services_inline_handle_svc_set_add services_inline_gencfg_handler gencfg_specific_handler. PR1502527

Subscriber Access Management

  • The authd process might crash after the unified ISSU from Junos OS Release 18.3 and earlier to Junos OS Release 18.4 and later. PR1473159

  • Syslog messages pfe_tcp_listener_open_timeout: Peer info msg not received from addr: 0x6000080. Socket 0xfffff804ad23c2e0 closed is observed. PR1474687

  • The delete request of a specified service session through CoA could fail. PR1479486

  • The CoA request might not be processed if it includes the proxy-state attribute. PR1479697

  • The mac-address CLI option is hidden under the access profile profile-name radius options calling-station-id-format statement. PR1480119

  • The authd log events might not be sent to syslog host when destination-override is used. PR1489339

VPNs

  • Traffic loss might be observed when the inter-AS next-generation MVPN VRF is disabled on one of the ASBRs. PR1460480

  • The rpd might crash when "link-protection" is added or deleted from LSP for MVPN ingress replication selective provider tunnel. PR1469028

  • On MVPN scenario, the LSP might stay down on removing all VT interfaces from a single hop egress. PR1474830

  • The MPC10E-15C-MRATE next-generation MPVN ingress replication flushing out is not proper when in egress the ingress replication configuration is deactivated. PR1475834

  • The Layer 2 circuit neighbor might be stuck in RD state at one end of MG-LAG peer. PR1498040

  • The rpd core files are generated while disabling Layer 2 circuit with connection protection, backup neighbor configuration, and Layer 2 circuit trace logs enabled. PR1502003

  • The rpd might crash when you delete l2circuit configuration in a specific sequence. PR1512834

Documentation Updates

This section lists the errata and changes in Junos OS Release 20.2R2 documentation for MX Series.

Advanced Subscriber Management Provider

  • The Broadband Subscriber Services User Guide incorrectly stated that for Routing Engine-based, converged HTTP redirect services, a CPCD service rule can include both a redirect term and a rewrite term. It also incorrectly stated that you can include separate rewrite and redirect rules in the same service profile.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

Starting in Junos OS 17.4R1 release, FreeBSD 11.x is the underlying OS for all Junos OS platforms which were previously running on FreeBSD 10.x based Junos OS. FreeBSD 11.x does not introduce any new Junos OS related modifications or features but is the latest version of FreeBSD.

The following table shows detailed information about which Junos OS can be used on which products:

Platform

FreeBSD 6.x-based Junos OS

FreeBSD 11.x-based Junos OS

MX5,MX10, MX40,MX80, MX104

YES

NO

MX240, MX480, MX960,

MX2010, MX2020

NO

YES

Basic Procedure for Upgrading to Release 20.2R2

Note

Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Installation and Upgrade Guide.

For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.

Procedure to Upgrade to FreeBSD 11.x-Based Junos OS

Products impacted: MX240, MX480, MX960, MX2010, and MX2020.

To download and install FreeBSD 11.x-based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-20.2R2.9-signed.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-20.2R2.9-signed.tgz

    Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos package):

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-20.2R2.x-limited.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-20.2R2.9-limited.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 11.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 11.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note
  • You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.

  • Starting in Junos OS Release 20.2R2, in order to install a VM host image based on Wind River Linux 9, you must upgrade the i40e NVM firmware on the following MX Series routers:

    • MX240, MX480, MX960, MX2010, MX2020, MX2008, MX10016, and MX10008

    [See https://kb.juniper.net/TSB17603.]

Note

After you install a Junos OS Release 20.2R2 jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.x) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.

Note

Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.

Procedure to Upgrade to FreeBSD 6.x-Based Junos OS

Products impacted: MX5, MX10, MX40, MX80, MX104.

To download and install FreeBSD 6.x-based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    • All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

      user@host> request system software add validate reboot source/jinstall-ppc-20.2R2.9-signed.tgz
    • Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos OS package):

      user@host> request system software add validate reboot source/jinstall-ppc-20.2R2.9-limited-signed.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 20.2R2 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 19.3, 19.4, and 20.1 are EEOL releases. You can upgrade from Junos OS Release 19.3 to Release 19.4 or from Junos OS Release 19.3 to Release 20.1.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:

  1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.

  2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

  3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

  4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Downgrading from Release 20.2R2

To downgrade from Release 20.2R2 to another supported release, follow the procedure for upgrading, but replace the 20.2R2 jinstall package with one that corresponds to the appropriate release.

Note

You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.