Junos OS Release Notes for MX Series
These release notes accompany Junos OS Release 20.2R3 for the MX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
What's New
Learn about new features introduced in the Junos OS main and maintenance releases for MX Series routers.
What’s New in Release 20.2R3
There are no new features or enhancements to existing features for MX Series routers in Junos OS Release 20.2R3.
What’s New in Release 20.2R2-S3
OAM
Inline CCM Support for MPC10E (MX Series)—Starting in Junos OS Release 20.2R2S3, Junos OS extends support for inline continuity check messages (CCM) on the MPC10E (MPC10E-10C-MRATE and MPC10E-15C-MRATE) line cards. You can configure inline CCM for both UP MEP and Down MEP to monitor services provided by currently deployed topologies such as INET, CCC/VPWS, Bridge, VPLS, EVPN, and others. Junos OS extends MIP support for all current supported topologies.
[See Inline Transmission Mode.]
What’s New in Release 20.2R2-S2
Services Applications
AMS support (MX240, MX480, MX960, MX2010, and MX2020 routers)—In Release 20.2R2S2, Junos OS supports AMS (Aggregated Multiservices Interfaces on the MPC10E and MX2K-MPC11E line cards to provide load balancing (LB) and high availability (HA) features for stateful firewall and NAT services. You can configure AMS with next-hop style service-sets and with MS-MPC only.
What’s New in Release 20.2R2
There are no new features or enhancements to existing features for MX Series routers in Junos OS Release 20.2R2.
What’s New in Release 20.2R1-S1
Software Installation and Upgrade
Zero touch provisioning (ZTP) with IPv6 support (EX3400, EX4300, QFX5100 and QFX5200 switches, MX-Series routers)—Starting in Junos OS Release 20.2R1-S1, ZTP supports the DHCPv6 client. During the bootstrap process, the device first uses the DHCPv4 client to request for information regarding image and configuration file from the DHCP server. The device checks the DHCPv4 bindings sequentially. If there is a failure with one of the DHCPv4 bindings, the device will continue to check for bindings until provisioning is successful. If there are no DHCPv4 bindings, however, the device will check for DHCPv6 bindings and follow the same process as for DHCPv4 until the device can be provisioned successfully. Both DHCPv4 and DHCPv6 clients are included as part of the default configuration on the device.
The DHCP server uses DHCPv6 options 59 and 17 and applicable suboptions to exchange ZTP-related information between itself and the DHCP client.
Note Only HTTP and HTTPS transport protocols are supported EX3400, EX4300, QFX5100, and QFX5200 devices.
[See Zero Touch Provisioning.]
What’s New in Release 20.2R1
Class of Service (CoS)
Support for rewrite rules on a per-customer basis on MPC10 and MPC11 (MX Series)—Starting in Junos OS Release 20.2R1, we support creating rewrite rules on a per-customer basis on MPC10 and MPC11 cards. You can create rewrite rules on a per-customer basis through a policy map. You define policy maps at the [edit class-of-service policy-map] hierarchy level, and assign the policy map to a customer through a firewall action, an ingress interface, or a routing policy.
[See Assigning Rewrite Rules on a Per-Customer Basis Using Policy Maps Overview.]
EVPN
IPv4 unicast VXLAN encapsulation optimization (MX204, MX240, MX480, MX960, MX2008, MX2010, MX2020, MX10003, MX10008, and MX10016)—Starting in Junos OS Release 20.2R1, by default, the listed MX Series routers optimize the IPv4 unicast VXLAN encapsulation process for the following tunnel types:
PIM-based VXLAN
EVPN-VXLAN
Static VXLAN
The optimized encapsulation process results in an increased throughput rate for IPv4 unicast packets between 512 to 1500 bytes in size.
The optimization feature does not support the following:
EVPN Type-5 tunnels, which are already optimized
Forwarding table filters
[See Understanding VXLANs.]
EVPN on MPLS-over-UDP tunnels (MX Series and vMX)—Starting in Junos OS Release 20.2R1, Junos OS supports an EVPN network with MPLS-over-UDP tunnels. EVPN uses indirect next hop while MPLS-over-UDP tunnels use tunnel composite next hop (TCNH) in resolving routes in the routing table. In Junos OS releases before Release 20.2R1, indirect next hops for EVPN traffic on MPLS-over-UDP tunnels resolve into unicast next hops. With this release, the indirect next hops for EVPN traffic on MPLS-over-UDP tunnels will resolve into TCNH.
[See EVPN Overview and Example: Configuring Next-Hop-Based MPLS-Over-UDP Dynamic Tunnels.]
Support for inline performance monitoring services on EVPN (MX Series)—Starting in Junos OS Release 20.2R1, you can enable inline performance monitoring services on an EVPN network. With inline performance monitoring, you can configure a greater number of performance monitoring sessions. Inline performance monitoring applies only to delay measurements and synthetic loss measurements. You must also enable both enhanced IP network services and enhanced CFM mode in the device.
To enable inline performance monitoring, include the following statements:
hardware-assisted-pm and hardware-assisted-keepalives enable statements at the [edit protocols oam ethernet connectivity-fault-management performance-monitoring] hierarchy level.
enhanced-ip statement at the [edit chassis network-services] hierarchy level.
enhanced-cfm-mode statement at the [edit protocols oam ethernet connectivity-fault-management] hierarchy level.
[See Connectivity Fault Management Support for EVPN and Layer 2 VPN Overview.]
Noncolored SR-TE LSPs with EVPN-MPLS (ACX5448, EX9200, MX Series, and vMX)—Starting in Junos OS Release 20.2R1, ACX5448, EX9200, MX Series, and vMX routers support noncolored static segment routing-traffic engineered (SR-TE) label-switched paths (LSPs) with an EVPN-MPLS core network and the following Layer 2 services running at the edges of the network:
E-LAN
EVPN-ETREE
EVPN-VPWS with E-Line
Without color, all LSPs resolve using a BGP next hop only.
The Juniper Networks routers support noncolored SR-TE LSPs in an EVPN-MPLS core network with the following configurations:
EVPN running in a virtual switch routing instance
Multihoming in active/active and active/standby modes
The Juniper Networks routers also support noncolored SR-TE LSPs when functioning as a Data Center Interconnect (DCI) device that handles EVPN Type 5 routes.
Layer 3 gateway in an EVPN-MPLS environment (MPC10 and MPC11 line cards with MX240, MX480, and MX960)—Starting in Junos OS Release 20.2R1, the supported MX Series routers with MPC10 and MPC11 line cards can act as a default Layer 3 gateway for an EVPN instance (EVI), which can span a set of routers. In this role, the MX Series routers can perform inter-subnet forwarding. With inter-subnet forwarding, each subnet represents a distinct broadcast domain.
The Layer 3 gateway supports the following features:
IRB interfaces through which the default gateway routes IPv4 and IPv6 traffic from one bridge domain to another [See Example: Configuring EVPN with IRB Solution.]
Dynamic list next hop [See Configuring Dynamic List Next Hop.]
EVPN proxy ARP and ARP suppression, and proxy NDP and NDP suppression on IRB interfaces [See EVPN Proxy ARP and ARP Suppression, and Proxy NDP and NDP Suppression.]
The substitution of a source MAC address with a proxy MAC address in an ARP or NDP reply [See ARP and NDP Request with a Proxy MAC Address.]
Data center interconnectivity using EVPN Type 5 routes [See EVPN Type-5 Route with MPLS encapsulation for EVPN-MPLS.]
Multihoming in an EVPN-MPLS environment (MPC10 and MPC11 line cards with MX240, MX480, and MX960)—Starting in Junos OS Release 20.2R1, you can multihome a customer edge (CE) device to two or more provider edge (PE) devices (the supported MX Series routers with MPC10 and MPC11 line cards) in an EVPN-MPLS network. We support the following multihoming features:
Single-active and all-active modes
The configuration of an Ethernet segment identifier (ESI) per interface
Preference-based designated forwarder election
[See EVPN Multihoming Overview.]
EVPN-VXLAN (MPC10 and MPC11 line cards with MX2010, MX2020)—Starting in Junos OS Release 20.2R1, the MX2010 and MX2020 routers with MPC10 and MPC11 line cards installed support the following EVPN-VXLAN features:
Layer 2 VXLAN
Multihoming with active/active and active/standby modes, an Ethernet segment identifier (ESI) per interface, and preference-based designated forwarder (DF) election
MAC pinning, MAC move, MAC limiting, and MAC aging
QoS
DHCP and DHCP relay
Prevention of broadcast, unknown unicast, and multicast (BUM) traffic loops when a leaf device is multihomed to more than one spine device
Layer 3 VXLAN
IRB interfaces
IPv6 over IRB interfaces
Support for OSPF, IS-IS, BGP, and static routing over IRB interfaces
Proxy ARP and ARP suppression, and proxy NDP and NDP suppression with and without IRB interfaces
IPv6 underlay
Virtual machine traffic optimization (VMTO) for ingress traffic
Data Center Interconnect (DCI)
Nonpure and pure EVPN Type-5 routes
High availability
Nonstop active routing (NSR)
Graceful Routing Engine switchover (GRES)
Graceful restart from a routing process restart or Routing Engine switchover without NSR enabled
Operations and management
Core isolation feature
Ping over EVPN Type-5 tunnel
Static VXLAN
Overlay ping and traceroute
[See EVPN User Guide.]
High Availability (HA) and Resiliency
Support for VRRP on the MPC11 (MX2010 and MX2020)—Starting in Junos OS Release 20.2R1, VRRP is supported on the MPC11 line card. All VRRP features are supported.
[See Understanding VRRP.]
LACP inline support during unified ISSU for multivendor networks (MX104, MX240, MX480, MX960, and MX10003)—Starting with Junos OS Release 20.2R1, unified ISSU supports LACP interoperability with other vendor devices for fast periodic interval sessions. LACP sessions in full-scale scenarios with interoperability will no longer experience timeouts during unified ISSU.
Use the set protocols lacp ppm inline command to enable LACP inline support.
[See Getting Started with Unified In-Service Software Upgrade.]
Support for failover configuration synchronization for the ephemeral database (EX Series, MX Series, MX Series Virtual Chassis, PTX Series, and QFX Series)—Starting in Junos OS Release 20.2R1, when you configure the commit synchronize statement at the
[edit system]hierarchy level in the static configuration database of an MX Series Virtual Chassis or dual Routing Engine device, the backup Routing Engine will synchronize both the static and ephemeral configuration databases when it synchronizes its configuration with the master Routing Engine. This happens, for example, when a backup Routing Engine is newly inserted, comes back online, or changes roles. On a dual Routing Engine system, the backup Routing Engine synchronizes both configuration databases with the master Routing Engine. In an MX Series Virtual Chassis, the master Routing Engine on the protocol backup synchronizes both configuration databases with the master Routing Engine on the protocol master.Support for VRRP on the MPC10 and MPC11 (MX240, MX480, and MX960)—Starting in Junos OS Release 20.2R1, VRRP is supported on the MPC11 and MPC10 line cards. All VRRP features are supported.
[See Understanding VRRP.]
Unsupported hardware for unified ISSU (MX240, MX480, MX960, MX10003, and PTX3000)—The following cards do not support unified ISSU upgrading to Junos OS Release 20.2R1:
MPC7E-MRATE
MPC8E with MRATE MIC
MPC9E with MRATE MIC
MPC10E-10C-MRATE
MPC10E-15C-MRATE
PTX5000 with 24-Port 10-Gigabit Ethernet, 40-Gigabit Ethernet PIC with QSFP+ or 15-Port 10-Gigabit, 40-Gigabit Ethernet, 100-Gigabit Ethernet PIC with QSFP28
MX10003 with QSFP28 Ethernet TIC
Interfaces and Chassis
Transparent forwarding of CFM packets over VPLS (MX Series)—In Junos OS Release 20.2R1 and later, MX Series router supports VLAN transparency for connectivity fault management (CFM) packets over Virtual private LAN service (VPLS). If the incoming CFM packets have more vlan-tags than the configured interface vlan-tags, then CFM PDU is treated transparent. In the earlier Junos OS releases, CFM frame filtering was applied on all CFM PDU including on CFM PDU that had more number of tags than the interface configuration.
We do not support the following on MX Series routers:
Transparency for tagged CFM PDU incoming on untagged interface.
Transparency for untagged CFM PDU on interface with native VLAN configuration.
Support for 400-Gbps port speed (MX240, MX480, and MX960)—In Junos OS Release 20.2R1, you can configure port speed of 400-Gbps for MPC10E (MPC10E-10C-MRATE and MPC10E-15C-MRATE) on MX240, MX480, and MX960 routers. Use the QSFP56-DD optics to configure 400-Gbps port speed on:
MPC10E-10C-MRATE: Port 4 of the MPC
MPC10E-15C-MRATE: Port 4 of the MPC
[See Port Speed.]
Support for monitoring link degradation (MX Series routers with MPC10E)—Starting in Junos OS Release 20.2R1, you can monitor link degradation of the 10-Gigabit Ethernet interfaces, 40-Gigabit Ethernet interfaces, and 100-Gigabit Ethernet interfaces on the MPC10E (MPC10E-15C-MRATE and MPC10E-10C-MRATE) line cards. Link degradation monitoring enables you to monitor the quality of physical links on interfaces and take corrective action when the link quality degrades beyond a certain value.
To enable your device to monitor the links, use the link-degrade-monitor statement at the [edit interfaces interface-name] hierarchy level.
Targeted broadcast support (MPC10E and MX2K-MPC11E)—Starting in Junos OS Release 20.2R1, you can configure targeted broadcast on broadcast interfaces on the MPC10E and MX2K-MPC11E line cards. Targeted broadcast enables a broadcast packet, destined for a remote network, to transit across networks until the destination network is reached. In the destination network, the packet is broadcast as a normal broadcast packet. This feature is useful when the Routing Engine is flooded with packets to process. You can configure targeted broadcast to forward the packets to :
Both the egress interface and the Routing Engine.
Egress interface only.
To configure targeted broadcast on an interface, include the targeted-broadcast statement at the [edit interfaces interface-name unit logical-unit-number family inet] hierarchy level.
Juniper Extension Toolkit (JET)
RIB service APIs support dynamic next-hop interface binding (MX Series, PTX Series, and vMX)—Starting in Junos OS Release 20.2R1, programmed RIB routes react to Up, Down, Add, and Delete events for direct next-hop interfaces. When all direct next-hop interfaces are unusable, the route becomes inactive. This prevents traffic from being dropped and keeps inactive routes from being propagated through the network.
This feature applies to all routes programmed using the rib_service JET API where an interface is configured as a direct next hop, including interfaces that are part of a flexible tunnel. It also applies to tunnels configured with the flexible_tunnel_service JET API.
To disable this feature, use edit routing-options programmable-rpd rib-service dynamic-next-hop-interface disable.
[See rib-service (programmable-rpd), Juniper Extension Toolkit Developer Guide, and Juniper Engineering Network website.]
Python 3 support for JET (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS can use Python 3 to execute JET scripts. To enable unsigned JET Python applications that support Python 3 to run on devices running Junos OS, use the set system scripts language python3 command.
[See language (Scripts), Develop Off-Device JET Applications, and Develop On-Device JET Applications.]
Junos Telemetry Interface
Network instance (policy) statistics and OpenConfig configuration enhancements on JTI (ACX1100, ACX2100, ACX5448, ACX6360, EX4300, MX240, MX480, MX960, MX10003, PTX10008, PTX10016, QFX5110, and QFX10002)—Junos OS Release 20.2R1 provides enhancements to support the OpenConfig data models
openconfig-local-routing.yangandopenconfig-network-instance.yang.[See Mapping OpenConfig Routing Policy Commands to Junos Configuration and Mapping OpenConfig Network Instance Commands to Junos Operation.]
ON-CHANGE BGP peer information statistics support for JTI (MX960, MX2008, MX2010, MX2020, PTX1000, PTX5000, PTX10000, QFX5100, and QFX5200)—Junos OS Release 20.2R1 provides BGP peer sensor support using Junos telemetry interface (JTI) and remote procedure call (gRPC) services or gRPC Network Management Interface (gNMI) services. ON_CHANGE statistics are sent to an outside collector.
The following resource paths are supported:
/network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/active(ON_CHANGE)/network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes(ON_CHANGE)/network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes/received(ON_CHANGE)/network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes/sent(ON_CHANGE)/network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/afi-safis/afi-safi/state/prefixes/rejected(ON_CHANGE)/network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/admin-state(ON_CHANGE)/network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/established-transitions(ON_CHANGE)/network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/last-established(ON_CHANGE)/network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/messages/received/notification(stream)/network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/messages/received/update(stream)/network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/messages/sent/notification(stream/network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/messages/sent/update(stream)/network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/session-state(ON_CHANGE)/network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/supported-capabilities(ON_CHANGE)/network-instances/network-instance/protocols/protocol/bgp/transport/state/local-address(ON_CHANGE)/network-instances/network-instance/protocols/protocol/bgp/transport/state/remote-address(ON_CHANGE)/network-instances/network-instance/protocols/protocol/bgp/transport/state/remote-port(ON_CHANGE)
[See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]
Telemetry support for LDP and MLDP traffic statistics (MX Series and PTX Series)—Starting in Junos OS Release 20.2R1, the following LDP and multipoint LDP native sensors are added for the Junos telemetry interface:
/junos/services/ldp/label-switched-path/ingress/usage/
/junos/services/ldp/label-switched-path/transit/usage/
/junos/services/ldp/p2mp/interface/receive/usage/
/junos/services/ldp/p2mp/interface/transmit/usage/
/junos/services/ldp/p2mp/label-switched-path/usage/
You must enable telemetry streaming with the sensor-based-stats option at the [edit protocols ldp traffic-statistics] hierarchy level.
The show ldp traffic-statistics command is enhanced to display upstream LDP traffic statistics and to display multipoint LDP traffic statistics per interface.
On PTX Series routers, this feature is not supported for the following variants:
PTX3000 and PTX5000 with the RE-DUO-C2600-16G Routing Engine
PTX10003
PTX10008 with the PTX10K-LC1201-36CD line card
FPC2 line cards do not support ingress multipoint LDP statistics.
gRPC telemetry support for LDP and MLDP traffic statistics (MX Series)—Starting in Junos OS Release 20.2R1, gRPC support is available to export LDP and multipoint LDP traffic statistics. You can use the following resource paths to export sensor data:
LDP LSP transit traffic—
/mpls/signaling-protocols/ldp/lsp-transit-policies/lsp-transit-policy/state/countersLDP LSP ingress traffic—
/mpls/signaling-protocols/ldp/lsp-ingress-policies/lsp-ingress-policy/state/countersMultipoint LDP traffic—
/mpls/signaling-protocols/ldp/p2mp-lsps/p2mp-lsp/state/countersMultipoint LDP egress traffic per-interface—
/mpls/signalling-protocols/ldp/p2mp-interfaces/p2mp-interface/state/countersMultipoint LDP ingress traffic per-interface—
/mpls/signalling-protocols/ldp/p2mp-interfaces/p2mp-interface/
[See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]
JTI sensor support for Packet Forwarding Engine and Routing Engine sensors (MX Series Virtual Chassis and MX Series routers with dual Routing Engines)—Junos OS Release 20.2R1 extends Junos telemetry interface (JTI) sensor support for all Packet Forwarding Engine and Routing Engine sensors currently supported on MX Series routers to include MX routers with dual Routing Engines or MX Series Virtual Chassis. The level of sensor support currently available for MX Series routers applies, whether through streaming or ON_CHANGE statistics export, using UDP, remote procedure call (gRPC) services or gRPC Network Management Interface (gNMI) services. Additionally, JTI operational mode commands will provide details for all Routing Engines and MX Series Virtual Chassis, too.
[See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]
JTI sensor support for standby Routing Engine statistics (MX480, MX960, MX10003, MX2010, and MX2020)—Junos OS Release 20.2R1 provides Junos telemetry interface (JTI) sensor support for standby Routing Engine statistics using remote procedure call (gRPC) services. This feature is supported on both single chassis and virtual chassis unless otherwise indicated. Use this feature to better track the state of software components running on a standby Routing Engine. Statistics exported to an outside collector through the following sensors (primarily under subscriber management) provide a more complete view of the system health and resiliency state:
Chassis role (backup or master) sensor
/junos/system/subscriber-management/chassisand/junos/system/subscriber-management/chassis[chassis-index=chassis-index](for specifying an index for an MX Series Virtual Chassis)Routing Engine status and GRES notification sensor
/junos/system/subscriber-management/chassis/routing-engines/routing-engineand/junos/system/subscriber-management/chassis/routing-engines/routing-engine[re-index=RoutingEngineIndex](to specify an index number for a specific Routing Engine)Subscriber management process sensor
/junos/system/subscriber-management/chassis/routing-engines/process-status/subscriber-management-processes/subscriber-management-processand/junos/system/subscriber-management/chassis/routing-engines/process-status/subscriber-management-processes/subscriber-management-process[pid=ProcessIdentifier](to specify a PID for a specific process)Per Routing Engine DHCP binding statistics for server or relay sensor
/junos/system/subscriber-management/chassis/routing-engines/routing-engine/dhcp-bindings/dhcp-element[dhcp-type-name=RelayOrServer/v4]and/junos/system/subscriber-management/chassis/routing-engines/routing-engine/dhcp-bindings/dhcp-element[dhcp-type-name=RelayOrServer/v6]Virtual Chassis port counter sensor
/junos/system/subscriber-management/chassis/virtual-chassis-ports/virtual-chassis-portand/junos/system/subscriber-management/chassis/virtual-chassis-ports/virtual-chassis-port[vcp-interface-name=vcp-interface-port-string] (to specify the interface name). This resource path is only supported on a virtual chassis.
[See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface) and Understanding OpenConfig and gRPC on Junos Telemetry Interface.]
CPU statistics support on JTI (MX960, MX2010, MX2020, PTX1000, PTX5000, PTX10000, QFX5100, and QFX5200)—Junos OS Release 20.2R1 supports streaming various CPU statistics and process parameters using remote procedure call (gRPC) or gRPC Network Management Interface (gNMI) services and Junos telemetry interface (JTI). You can stream CPU usage per process (statistics are similar to output from the show system process detail operational mode command), as well as CPU usage per Routing Engine core.
This feature supports the private data model openconfig-procmon.yang.
To stream statistics to an outside collector, include the following resource paths in a gRPC or gNMI subscription:
Individual process level information (resource path
/system/processes/process/)Individual Routing Engine core information (resource path
/components/component/cpu/)
[See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]
TARGET_DEFINED subscription mode support with JTI (MX5, MX10, MX40, MX80, MX104, MX150, MX204, MX240, MX480, MX960, MX2008, MX2010, MX2020, MX10003, MX10008, and MX10016)—Junos OS Release 20.2R1 adds support for TARGET-DEFINED mode for subscriptions made using gRPC Network Management Interface (gNMI) services.
Using a gNMI subscription, an external collector stipulates how sensor data should be delivered:
STREAMING mode periodically streams sensor data from the DUT at a specified interval.
ON_CHANGE mode sends updates for sensor data from the DUT only when data values change.
Newly supported TARGET_DEFINED mode (submode 0) instructs the DUT to select the relevant mode (STREAMING or ON_CHANGE) to deliver each element (leaf) of sensor data to the external collector. When a subscription for a sensor with submode 0 is sent from the external collector to the DUT, the DUT responds, activating the sensor subscription so that periodic streaming does not include any of the ON_CHANGE updates. However, the DUT will notify the collector whenever qualifying ON_CHANGE events occur.
[See Understanding OpenConfig and gRPC and gNMI on Junos Telemetry Interface.]
Packet Forwarding Engine sensor support with INITIAL_SYNC on JTI (MX960, MX2008, MX2010, MX2020, PTX1000, PTX5000, PTX10000 line of routers, QFX5100, and QFX5200)—Starting in Junos OS Release 20.2R1, you can use Junos telemetry interface (JTI) and gRPC Network Management Interface (gNMI) services to export Packet Forwarding Engine statistics from devices to an outside collector using gNMI submode INITIAL_SYNC. When an external collector sends a subscription request for a sensor with INITIAL_SYNC (gnmi-submode 2), the host sends all supported target leaves (fields) under that resource path at least once to the collector with the current value. This is valuable because:
The collector has a complete view of the current state of every field on the device for that sensor path.
Event-driven data (ON_CHANGE) is received by the collector at least once before the next event is seen. In this way, the collector is aware of the data state before the next event happens.
Packet Forwarding Engine sensors that contain zero counter values (zero-suppressed) that normally do not show up in streamed data are sent, ensuring that all fields from each line card (also referred to as source) are known to the collector.
Note ON_CHANGE data is not available for native (UDP) Packet Forwarding Engine Sensors.
INITIAL_SYNC submode requires that at least one copy to be sent to the collector; however, sending more than one is acceptable.
INITIAL_SYNC submode is supported for the following sensors:
Sensor for CPU (ukernel) memory (resource path
/junos/system/linecard/cpu/memory/)Sensor for firewall filter statistics (resource path
/junos/system/linecard/firewall/)Sensor for physical interface traffic (resource path
/junos/system/linecard/interface/)Sensor for logical interface traffic (resource path
/junos/system/linecard/interface/logical/usage/)Sensor for physical interface queue traffic (resource path
/junos/system/linecard/interface/)
queue/Sensor for physical interface traffic except queue statistics (resource path
/junos/system/linecard/interface/traffic/)Sensor for NPU memory (resource path
/junos/system/linecard/npu/memory/)Sensor for NPU utilization (resource path
/junos/system/linecard/npu/utilization/)Sensor for packet statistics (resource path
/junos/system/linecard/packet/usage/)Sensor for software-polled queue-monitoring statistics (resource path
/junos/system/linecard/qmon-sw/)
[See Understanding OpenConfig and gRPC and gNMI on Junos Telemetry Interface and Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]
Export data using JSON encoding format with JTI (MX5, MX10, MX40, MX80, MX104, MX150, MX204, MX240, MX480, MX960, MX2008, MX2010, MX2020, MX10003, MX10008, and MX10016)—Junos OS Release 20.2R1 adds support for JavaScript Object Notation (JSON) encoding to export telemetry data using gRPC network management interface (gNMI) services and Junos telemetry interface (JTI). JSON is an open standard file format and data interchange format that provides a good balance of usability and performance. It uses human-readable text to store and transmit data objects consisting of attribute–value pairs and array data types.
To export telemetry data using JSON encoding, include format json-gnmi at the [edit services analytics export-profile profile-name] hierarchy level. This is part of the export profile CLI configuration used to configure collector and sensor details in Junos OS.
SR-TE statistics for uncolored SR-TE policies streaming on JTI (MX240. MX480, MX960, MX2010, and MX2020 with MPC-10E or MPC-11E)—Junos OS Release 20.2R1 provides segment routing-traffic engineering (SR-TE) per label-switched path (LSP) route statistics using Junos telemetry interface (JTI) and remote procedure call (gRPC) services. Using JTI and gRPC services, you can stream SR-TE telemetry statistics for uncolored SR-TE policies to an outside collector.
Ingress statistics include statistics for all traffic steered by means of an SR-TE LSP. Transit statistics include statistics for traffic to the binding SID (BSID) of the SR-TE policy.
To enable these statistics, include the per-source per-segment-list statement at the [edit protocols source-packet-routing telemetry statistics] hierarchy level.
If you issue the set protocols source-packet-routing telemetry statistics no-ingress command, ingress sensors are not created.
If you issue the set protocols source-packet-routing telemetry statistics no-transit command, transit sensors are not created. Otherwise, if BSID is configured for a tunnel, transit statistics are created.
The following resource paths (sensors) are supported:
/junos/services/segment-routing/traffic-engineering/tunnel/lsp/ingress/usage//junos/services/segment-routing/traffic-engineering/tunnel/lsp/transit/usage/
To provision the sensor to export data through gRPC services, use the telemetrySubscribe RPC.
Streaming telemetry data through gRPC or gNMI also requires the OpenConfig for Junos OS module.
[See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface), source-packet-routing, and show spring-traffic-engineering lsp detail name name.]
Layer 2 VPN
Support for Layer 2 interworking (iw0) interface on the MPC10E and MPC11E line cards (MX Series)—Starting in Junos OS Release 20.2R1, you can connect Layer 2 networks together by configuring a Layer 2 interworking (iw0) route with iw0 interfaces. This feature supports the following interconnections:
Layer 2 circuit to Layer 2 circuit
Layer 2 circuit to Layer 2 VPN
Layer 2 VPN to Layer 2 circuit
Layer 2 VPN to Layer 2 VPN
[See Using the Layer 2 Interworking Interface to Interconnect a Layer 2 Circuit to a Layer 2 VPN and Layer 2 VPN to Layer 2 VPN Connections.]
Layer 3 Features
MPC10E interoperates with MS-MPC/MS-MICs for Layer 3 Services (MX240,MX480, and MX960)—Starting in Junos OS Release 20.2, the MPC10E interoperates with MS-MPC/MS-MICs for Layer 3 Services such as active flow monitoring, IPSec, NAT, RPM, and stateful firewall. [See Layer 2 and Layer 3 Features on MX Series Routers.]
Management
Error recovery, fault handling, and resiliency support for MX2K-MPC11E (MX2010 and MX2020)—Starting in Junos OS Release 20.2R1, the MX2010 and MX2020 routers with the MX2K-MPC11E line card support error recovery, fault handling, and software resiliency. The MX2K-MPC11E line cards support detecting errors, reporting them through alarms, and triggering resultant actions. To view application-level errors, use the show trace node fpc<#> application fabspoked-pfe command. To check the status of the card, use the show chassis fpc pic-status command. Use the show chassis errors active command to view the fault details and the show system alarm command to view the alarm details.
[See show chassis fpc pic-status and clear chassis fpc errors.]
MPLS
Support to change the default re-merge behavior on the P2MP LSP (MX Series)—Starting with Junos OS Release 20.2R1, you can change the default re-merge behavior on RSVP P2MP LSP. The term re-merge refers to the case of an ingress (headend) or transit node (re-merge node) that creates a re-merge branch intersecting the P2MP LSP at another node in the network. This may occur due to events such as an error in path calculation, an error in manual configuration, or network topology changes during the establishment of the P2MP LSP.
You can configure the no re-merge behavior on P2MP LSPs by enabling the newly introduced no-re-merge and no-p2mp-re-merge CLI commands at the ingress (headend) and transit devices (re-merge nodes), respectively.
[See Re-merge Behavior on Point-to-Multipoint LSP Overview.]
Support for MPLS ping and traceroute for segment routing (ACX Series, MX Series, and PTX Series)—Starting in Junos OS Release 20.2R1, we extend the MPLS ping and traceroute support for all types segment routing--traffic engineering (SR-TE) tunnels, including static segment routing tunnels, BGP-SR-TE tunnels, and PCEP tunnels.
We also support the following features:
FEC validation support, as defined in RFC 8287, for paths consisting of IGP segments. Target FEC stack contains single or multiple segment ID sub-TLVs. This involves validating IPv4 IGP-Prefix Segment and IGP-Adjacency Segment ID FEC-stack TLVs.
ECMP traceroute support for all types of SR-TE paths.
We do not support the following:
Ping and traceroute for SR-TE tunnel for non-enhanced-ip mode.
OAM for IPv6 prefix.
BFD
[See traceroute mpls segment-routing spring-te and ping mpls segment routing spring-te.]
MPLS support (MX Series routers with MPC10E and MPC11E)—Starting in Junos OS Release 20.2R1, some of the MPLS features are supported on MX Series routers with MPC10E (MPC10E-15C-MRATE and MPC10E-10C-MRATE) and MX2K-MPC11E line cards.
[See Protocols and Applications Supported by the MPC10E and Protocols and Applications Supported by the MX2K-MPC11E.]
Multicast
Fast failover according to flow rate (MX Series with MPC10E or MPC11E line cards)—Starting in Junos OS Release 20.2R1, for routers operating in Enhanced IP Network Services mode, you can configure a threshold that triggers fast failover in next-generation MVPNs with hot-root standby on the basis of aggregate flow rate. For example, fast failover (as defined in Draft Morin L3VPN Fast Failover 05) is triggered if the flow rate of monitored multicast traffic from the provider tunnel drops below the set threshold.
[See min-rate.]
Network Management and Monitoring
SNMP support for multicast LDP MIB objects (MX Series and PTX Series)—Starting in Junos OS Release 20.2R1, Junos OS SNMP extends support for the following multicast LDP MIB tables and objects:
mplsMldpInterfaceStatsTable
mplsMldpFecUpstreamSessPackets
mplsMldpFecUpstreamSessBytes
mplsMldpFecUpstreamSessDiscontinuityTime
The multicast LDP standard MIB builds on the objects and tables that are defined in RFC3815, which only supports LDP point-to-point label-switched paths (LSPs). This multicast LDP MIB provides support for managing multicast LDP point-to-multipoint (P2MP) and multipoint-to-multipoint (MP2MP) LSPs.
[See Standard SNMP MIBs Supported by Junos OS and SNMP MIB Explorer.]
Python 3 support for YANG scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS uses Python 3 to execute YANG action and translation scripts that are written in Python. Junos OS does not support using Python 2.7 to execute YANG Python scripts as of this release.
[See Understanding Python Automation Scripts for Devices Running Junos OS.]
NETCONF sessions over outbound HTTPS (EX Series, MX Series, PTX1000, PTX3000, PTX5000, PTX10001, PTX10002, PTX10008, PTX10016, QFX Series, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX)—Starting in Junos OS Release 20.2R1, the Junos OS with upgraded FreeBSD software image includes a Juniper Extension Toolkit (JET) application that supports establishing a NETCONF session using outbound HTTPS. The JET application establishes a persistent HTTPS connection with a gRPC server over a TLS-encrypted gRPC session and authenticates the NETCONF client using an X.509 digital certificate. A NETCONF session over outbound HTTPS enables you to remotely manage devices that might not be accessible through other protocols, for example, if the device is behind a firewall.
Enhanced on-box monitoring support on the control plane (MX Series and PTX Series)—Starting in Junos OS Release 20.2R1, you can configure traceoptions to track all events related to system-level and process-level memory monitoring. You can also view the history of the actions taken for system-level and process-level memory monitoring by using the show system monitor memory actions command.
Next Gen Services
Support for Dual Stack Lite (DS-Lite) Softwires—Starting in Junos OS Release 20.2R1, Dual Stack Lite (DS-Lite) softwires are supported for CGNAT Next Gen Services. DS-Lite allows service providers to migrate to an IPv6 network while continuing to support IPv4 services; even after the exhaustion of the IPv4 address space. You can natively allocate IPv6 addresses to customers while legacy end-user devices accessing the IPv4 Internet remain same. Thus, IPv4 devices continue to access the IPv4 Internet with minimum disruption on their home networks. DS-Lite also de-couples IPv6 deployment in the service provider network from the rest of the Internet, making incremental deployment easier.
[See DS-Lite Softwires—IPv4 over IPv6 for Next Gen Services.]
Support for HTTP Content Manager (HCM)—Starting in Junos OS Release 20.2R1, HTTP Content Manager (HCM) is supported under Next Gen Services. HCM is an application that inspects the HTTP traffic transmitted through port 80 (default) or any other port you use to transmit HTTP traffic. HCM inspects HTTP traffic even if the default port 80 is not used for HTTP traffic and is interoperable with ms, rms, and ams interface types. It supports fragmented HTTP request packets and GET, PUT, and POST requests.
[See HTTP Content Manager (HCM).]
Support for Mapping of Address and Port with Encapsulation (MAP-E) Softwires for CGNAT Next Gen Services—Starting in Junos OS Release 20.2R1, Mapping of Address and Port with Encapsulation (MAP-E) softwires are supported for CGNAT Next Gen Services. MAP-E is an automatic tunneling mechanism tailored for deployment of IPv4 to end users via a service provider's IPv6 network infrastructure. Using MAP-E technology, islands of v4 networks can be connected via v6 tunnels. The IPV4 packets are carried in IPV4-over-IPV6 tunnels from the MAP-E Customer Edge (CE) routers to the MAP-E Border Relay(s) (BR) (through IPV6 routing topology), where they are de-tunneled for further processing. MAP-E can be used by Service Providers to provide IPv4 connectivity to their subscribers over the ISP's IPv6 access network.
[See Mapping of Address and Port with Encapsulation (MAP-E) for Next Gen Services.]
Support for Network Address Translation and Protocol Translation for CGNAT Next Gen Services—Starting in Junos OS Release 20.2R1, Network Address Translation and Protocol Translation (NAT-PT) [RFC2766] are supported for CGNAT Next Gen Services. NAT-PT is a IPv4-to-IPv6 transition mechanism that provides a way for end-nodes in IPv6 realm to communicate with end-nodes in IPv4 realm and vice versa. This is achieved using a combination of Network Address Translation and Protocol Translation.
Support for Port Control Protocol Support (PCP) for DS-Lite for CGNAT Next Gen Services—Starting in Junos OS Release 20.2R1, Port Control Protocol Support (PCP) for DS-Lite is supported for CGNAT Next Gen Services. DS-Lite is a technology which enables a broadband service provider to share IPv4 addresses among customers by combining two well-known technologies: IP in IP (IPv4-in-IPv6) and Network Address Translation (NAT).
Typically, the home gateway embeds a Basic Bridging BroadBand (B4) capability that encapsulates IPv4 traffic into a IPv6 tunnel to the CGNAT, named the Address Family Transition Router (AFTR). AFTRs are run by service providers.
PCP allows customer applications to create mappings in a NAT for new inbound communications destined to machines located behind a NAT. In a DS-Lite environment, PCP servers control AFTR devices.
Operation, Administration, and Maintenance (OAM)
Support for connectivity fault management (CFM) on MPC10E and MX2K-MPC11E—Starting in Junos OS Release 20.2R1, you can configure the IEEE 802.1ag OAM CFM Down maintenance association end points (MEPs) on MPC10E and MX2K-MPC11E to monitor Ethernet networks for connectivity faults.
Junos OS supports the continuity check messages (CCM) and loopback messages as defined in IEEE 802.1ag.
Routing Policy and Firewall Filters
ARP policer support on pseudowire interfaces (MX Series)—Starting in Junos OS Release 20.2R1, you can create policers for ARP traffic on pseudowire interfaces. Configure rate limiting for the policer by specifying the bandwidth and the burst-size limit of a firewall policer and attaching the policy to a pseudowire interface, just like you would any other interface. Traffic that exceeds the specified rate limits can be dropped or marked as low priority and delivered when congestion permits.
In the case of denial of service (DoS) or ARP broadcast storms, ARP policers protect the Routing Engine against malicious traffic intended to degrade the network.
Apply the ARP policer to a pseudowire interface at the [edit interfaces interface-name unit unit-number family inet policer arp policy-name] level of the hierarchy.
[See ARP Policer Overview.]
Support for P2MP and P2P automatic LSP policers (MX Series)—Starting in Junos OS Release 20.2R1, support for automatic policers on point-to-multipoint (P2MP) label-switched paths (LSPs) is available on MX240, MX480, MX960, MX2010, and MX2020 routers with MPC10E and MPC11E line cards.
P2MP MPLS LSP is either an LDP-signaled, or RSVP-signaled, LSP with a single source and multiple destinations that can optimize packet replication at the ingress router. With it, packet replication only occurs for packets being forwarded to two or more different destinations requiring different network paths. Automatic LSP policing lets you provide strict service guarantees for network traffic in accordance with the bandwidth configured for the LSPs.
Also supported with this release are the following features:
Graceful Routing Engine switchover (GRES) at the ingress and egress
Load balancing over aggregated links
P2MP statistics
Multiprotocol BGP-based multicast VPNs (or Layer 3 VPN multicast)
Support for firewall forwarding (MX Series)—Starting in Junos OS Release 20.2R1, the following traffic policers are supported on MX240, MX480, MX960, MX2010, and MX2020 routers with MPC10E or MPC11E line cards:
GRE tunnels, including encapsulation (family any), de-encapsulation, GRE-in-UDP over IPv6, and the following sub-options: sample, forwarding class, interface group, and no-ttl-decrement
Input and output filter chains
Actions, including policy-map filters, do-not-fragment, and prefix
Layer 2 policers
Policer overhead adjustment
Hierarchical policers
Shared bandwidth
Percentages
Logical interfaces
[See Traffic Policer Types.]
Routing Protocols
TI-LFA SRLG protection for IS-IS (MX Series and PTX Series)—Starting in Junos OS Release 20.2R1, you can configure Shared Risk Link Group (SRLG) protection for segment routing to choose a fast reroute path that does not include SRLG links in the topology-independent loop-free alternate (TI-LFA) backup paths. This is in addition to existing fast reroute options such as link-protection, node protection, and fate-sharing protection for segment routing. IS-IS computes the fast reroute path that is aligned with the post-convergence path and excludes the SRLG of the protected link. All local and remote links that are from the same SRLG as the protected link are excluded from the TI-LFA back up path. The point of local repair (PLR) sets up the label stack for the fast reroute path with a different outgoing interface.
To enable TI-LFA SRLG protection with segment routing for IS-IS, include the srlg-protection statement at the [edit protocols isis interface name level number post-convergence-lfa] hierarchy level.
[See Understanding Topology-Independent Loop-Free Alternate with Segment Routing for IS-IS.]
Support for BGP-LU over SR-TE for color-based mapping of VPN Services (MX Series and PTX Series)—Starting in Junos OS Release 20.2R1, we are extending support to BGP labeled unicast service for color-based mapping of VPN services over Segment Routing-Traffic Engineering (SR-TE). This enables you to advertise BGP-LU IPv6 and IPv4 prefixes with an IPv6 next-hop address in IPv6-only networks where routers do not have any IPv4 addresses configured. With this feature, BGP-LU can now resolve IPv4 and IPv6 routes over SR-TE core. BGP-LU constructs a colored protocol next hop, which is resolved on a colored SR-TE tunnel in the inetcolor.0 or inet6color.0 table. Currently we support BGP IPv6 LU over SR-TE with IS-IS underlay.
See [Understanding Static Segment Routing LSP in MPLS Networks.]
Support for AIGP metric to MED translation (MX2010 and MX2020)—Starting in Release 20.2R1, Junos OS supports the translation of AIGP metric to MED. You can enable this feature when you want the end to end effective AIGP metric in order to choose the best path. Effective AIGP is the AIGP value advertised with the route plus the IGP cost to reach the nexthop. This is especially useful in Inter-AS MPLS VPNs solution, where customer sites are connected via two different service providers, and customer edge routers want to take IGP metric based decision. You can configure a minimum-aigp to prevent unnecessary update of route when effective-aigp changes past the previously known lowest value.
The following configuration statements are introduced at the [edit protocols bgp group <group-name> metric-out] hierarchy level:
effective-aigp to track the effective AIGP metric
minimum-effective-aigp to track the minimum effective AIGP metric.
[See effective-aigp and minimum-effective-aigp.]
Support for Layer 2 circuit, Layer 2 VPN, and VPLS services with BGP labeled unicast (MX Series, EX9204, EX9208, EX9214, EX9251, and EX9253 devices)—Starting with Junos OS Release 20.2R1, MX Series, EX9204, EX9208, EX9214, EX9251, and EX9253 devices support BGP PIC Edge protection for Layer 2 circuit, Layer 2 VPN, and VPLS (BGP VPLS, LDP VPLS and FEC 129 VPLS) services with BGP labeled unicast as the transport protocol. BGP PIC Edge using the BGP labeled unicast transport protocol helps to protect traffic failures over border nodes (ABR and ASBR) in multi-domain networks. Multi-domain networks are typically used in metro-aggregation and mobile backhaul networks designs.
A prerequisite for BGP PIC Edge protection is to program the Packet Forwarding Engine (PFE) with expanded next-hop hierarchy.
To enable BGP PIC Edge protection, use the following CLI configuration statements:
Expand next-hop hierarchy for BGP labeled unicast family:
[edit protocols]user@host#set bgp group group-name family inet labeled-unicast nexthop-resolution preserve-nexthop-hierarchy;BGP PIC for MPLS load balance nexthops:
[edit routing-options]user@host#set rib routing-table-name protect core;Fast convergence for Layer 2 circuit and LDP VPLS:
[edit protocols]user@host#set l2circuit resolution preserve-nexthop-heirarchy;Fast convergence for Layer 2 VPN, BGP VPLS, and FEC129:
[edit protocols]user@host#set l2vpn resolution preserve-nexthop-heirarchy;
Support for dynamic peer AS range for BGP groups (ACX Series, MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 20.2R1, you can configure acceptable autonomous system (AS) ranges for EBGP groups that can be used for bringing up BGP peers while establishing a BGP session. BGP accepts a peer request based on the configured AS range and rejects a peer request if the AS does not fall into the specified range. This allows you to control BGP peering when the neighbor’s exact IP address is not known.
To define peer AS range for BGP groups through policy, you can include the as-list statement at the [edit policy-options] hierarchy level. To include the specified peer AS list, include the peer-as-list peer-as-list statement at the [edit protocols bgp group group-name] hierarchy level.
See [peer-as-list and as-list.]
Support for BGP-SR-TE rearchitecture (MX Series and PTX Series)—Starting in Junos OS Release 20.2R1, Junos OS provides support for controller-based BGP segment routing--traffic engineering (SR-TE) routes to be installed as source packet routing traffic-engineered (SPRING-TE) routes. BGP installs the SR-TE policy in the routing tables bgp.inetcolor.0 and bgp.inet6color.0, and these routes are subsequently installed in the routing tables inetcolor.0 or inet6color.0 by SPRING-TE.
In releases before Junos OS Release 20.2R1, controller-based BGP SR-TE routes are installed as BGP routes in the routing table. To maintain consistency and for easy maintenance, all SR-TE based routes appear as SPRING-TE routes irrespective of the source.
You need to enable source-packet-routing at the [edit protocols] hierarchy level to see the routes installed in inetcolor.0 or inet6color.0. A new option detail is introduced under traceoptions (Protocols Spring-TE) to trace the detailed information.
See [Segment Routing Traffic Engineering at BGP Ingress Peer Overview.]
Support for egress protection and BGP PIC features (MX Series Routers with MPC10E and MPC11E)—Starting in Junos OS Release 20.2R1, you can configure the following egress link protection and BGP Prefix Independent Convergence (PIC) features on MX Series devices with MPC10E and MPC11E.
Egress protection for BGP labeled unicast —Fast protection for egress nodes is available to services in which BGP labeled unicast interconnects IGP areas, levels, or autonomous systems (ASs). If a provider router detects that an egress router (AS or area border router) is down, it immediately forwards the traffic destined to that router to a protector router that forwards the traffic downstream to the destination.
Provider-edge link protection for BGP labeled unicast paths—You can configure a precomputed protection path in a Layer 3 VPN such that if a BGP labeled-unicast path between an edge router in one AS and an edge router in another AS goes down, you can use the protection path (also known as the backup path) between alternate edge routers in the two ASs. This is useful in a carrier-of-carriers deployments, where a carrier can have multiple labeled-unicast paths to another carrier. In this case, the protection path avoids disruption of service if one of the labeled-unicast paths goes down.
BGP PIC for inet —We’ve extended the BGP Prefix Independent Convergence (PIC) support to BGP with multiple routes in the global tables such as inet and inet6 unicast, and inet and inet6 labeled unicast. When you enable the BGP PIC feature on a router, BGP installs to the Packet Forwarding Engine the second best path in addition to the calculated best path to a destination. When an IGP loses reachability to a prefix, the router uses this backup path to reduce traffic loss until the global convergence through BGP is resolved, thereby drastically reducing the outage duration.
BGP (PIC Edge for RSVP —With BGP PIC Edge in an MPLS VPN network, IGP failure triggers a repair of the failing entries and causes the Packet Forwarding Engine to use the prepopulated protection path until global convergence has re-resolved the VPN routes. The convergence time is no longer dependent on the number of prefixes. When RSVP receives a tunnel down notification at the ingress PE router, it sends a notification to the Packet Forwarding Engine to start making use of the tunnel to the alternate egress PE router.
[See Egress Protection for BGP Labeled Unicast ,Understanding Provider Edge Link Protection for BGP Labeled Unicast Paths, Use Case for BGP PIC for Inet, and show rsvp version.]
Services Applications
Interoperability of MPC10E with MS-MPC and MS-MIC for Layer 3 Services ( MX240, MX480,and MX960)—Starting in Junos OS Release 20.2R1, the MPC10E-15C-MRATE interoperates with MS-MPC and MS-MIC-16G to support the following Layer 3 Services:
Stateful firewall
NAT
IPSec
RPM
MS-MPC/MS-MIC based Inline flow monitoring services
Support for RFC 2544-based benchmarking tests (MX Series routers with MPC10E and MX2K-MPC11E)—Junos OS Release 20.2 extends support for the reflector function and the corresponding RFC 2544-based benchmarking tests on MX240, MX480, and MX960 routers with MPC10E (MPC10E-15C-MRATE and MPC10E-10C-MRATE) and MX2010 and MX2020 routers with MX2K-MPC11E. The RFC 2544 tests are performed to measure and demonstrate the service-level agreement (SLA) parameters before activation of the service. The tests measure throughput, latency, frame loss rate, and back-to-back frames.
RFC 2544-based benchmarking tests on MX Series routers support the following reflection functions:
Ethernet pseudowire reflection (ingress and egress direction) (ELINE service—supported for family ccc)
Layer 2 reflection (egress direction) (ELAN service—supported for family bridge, vpls)
Layer 3 IPv4 reflection (limited support)
To run the benchmarking tests on the MX Series routers, you must configure reflection (Layer 2 or pseudowire) on the supported MPC. To configure the reflector function on the MPC, use the fpc fpc-slot-no slamon-services rfc2544 statement at the [edit chassis] hierarchy level.
[See Understanding RFC2544-Based Benchmarking Tests on MX Series Routers].
Support for random load balancing (MX Series routers with MPC10E and MX2K-MPC11E)—Starting in Junos OS Release 20.2R1, you can configure per packet random load balancing on MX240, MX480, and MX960 routers with MPC10E (MPC10E-15C-MRATE and MPC10E-10C-MRATE) and MX2010 and MX2020 routers with MX2K-MPC11E. Per-packet random spray load balancing ensures that the members of ECMP are equally loaded without taking bandwidth into consideration. Random load balancing also eliminates traffic imbalance that occurs as a result of software errors, except for packet hash.
To configure random load balancing on the MPC, include the load-balance random statement at the [edit policy-options policy-statement policy-name term term-name then] hierarchy level.
[See Understanding the Algorithm Used to Load Balance Traffic on MX Series Routers].
Support for static IP tunnels (MX Series routers with MPC10E and MX2K-MPC11E)—Starting in Junos OS Release 20.2R1, MX240, MX480, and MX960 routers with MPC10E (MPC10E-15C-MRATE and MPC10E-10C-MRATE) and MX2010 and MX2020 routers with MX2K-MPC11E support static IP tunnels with:
Encapsulation support of the following types:
IPv4-over IPv4
IPv6-over-IPv4
IPv4-over-IPv6
IPv6-over-IPv6
Scaling upto 4000 tunnels per PIC
Graceful Routing Engine switchover (GRES)
Software-Defined Networking (SDN)
Manual (PIM-based) VXLAN support (MPC10 and MPC11 line cards with MX2010 and MX2020)—Starting in Junos OS Release 20.2R1, the MX2010 and MX2020 routers with MPC10 and MPC11 line cards installed support manual (PIM-based) VXLAN.
[See Understanding VXLANs.]
GNFs with MX-SPC3 support carrier-grade NAT services over abstracted fabric interfaces (MX480 and MX960)—Starting in Junos OS Release 20.2R1, guest network functions running Next Gen Services with the MX-SPC3 card support carrier-grade NAT services.
The support includes the following:
NAT translation types—dnat-44, dynamic-nat44, basic-nat44, basic-nat66, twice-basic-nat-44, twice-dynamic-nat44, deterministic NAT. Support for interface and next-hop style service sets, EIM/EIF, PBA, XLAT464, and port forwarding are available. Support for basic-nat44, basic-nat66 over layer 3 VPN is also available.
SIP and RTSP Application Layer Gateways
carrier-grade events logging, using the Junos Traffic Vision (J-Flow).
Class of service (CoS)
Note To support the services traffic over abstracted fabric interfaces, a GNF that has an MX-SPC3 card assigned to it must also have a line card linked to it.
GNFs with MX-SPC3 support various services over abstracted fabric interfaces (MX480 and MX960)—Starting in Junos OS Release 20.2R1, guest network functions (GNFs) running Next Gen Services with the MX-SPC3 card support the following services over abstracted fabric interfaces:
DNS filtering to identify DNS requests for blacklisted website domains.
URL filtering to determine which Web content is not accessible to users.
To support the services traffic over abstracted fabric interfaces, a GNF that has an MX-SPC3 card assigned to it must also have a line card linked to it.
[See DNS Request Filtering for Blacklisted Website Domains and Configuring URL Filtering]
Subscriber Management and Services
RADIUS-sourced connection status updates to CPE devices (MX Series)—Starting in Junos OS Release 20.2R1, you can use RADIUS-sourced messages to convey information, such as upstream bandwidth or connection rates, that the BNG transparently forwards to CPE devices. Configure RADIUS to send the router the Juniper Networks Connection-Status-Message VSA (26-4874–218) in Access-Accept or CoA messages. Include the lcp-connection-update PPP option in the client dynamic profile to enable PPP to send the VSA contents to the CPE device in the Connection-Status-Message option of an LCP Connection-Update-Request message.
[See RADIUS-Sourced Connection Status Updates to CPE Devices.]
Identifying dynamic profile versions with version aliases (MX Series)—Starting in Junos OS Release 20.2R1, you can use the versioning-alias statement to configure a text description that identifies a particular variation of a dynamic client profile. The version alias is conveyed to the RADIUS server in the Access-Accept message in the Juniper Networks Client-Profile-Name VSA (26–4874–174).
IPFIX support for per-subscriber queue statistics (MX Series)—Starting in Junos OS Release 20.2R1, you can configure the input-jti-ipfix plug-in to collect per–subscriber interface queue statistics. The output ipfix-plugin can then export the statistics as IPFIX template and data records.
[See Telemetry Data Collection on the IPFIX Mediator for Export to an IPFIX Collector.]
Junos Multi-Access User Plane support (MX204, MX10003)—Starting with Junos OS Release 20.2R1, you can configure Junos Multi-Access User Plane on MX204 and MX10003 routers. Junos Multi-Access User Plane is a software solution that turns your MX Series router into a high-capacity user plane function called a System Architecture Evolution Gateway-User Plane (SAEGW-U). This MX Series SAEGW-U interoperates with a third-party SAEGW-C (control plane function), according to the 3GPP Release 14 Control User Plane Separation (CUPS) architecture, to provide high-throughput 4G fixed-wireless access service. CUPS enables independent scaling of the user and control planes, network architecture flexibility, operational flexibility, and an easier migration path from 4G to 5G services. The CUPS architecture is optional for 4G but inherent in 5G architecture.
System Logging
Support to track the maximum number of routing and forwarding (RIB/FIB) routes and VRFs (MX Series and PTX Series)—Starting in Junos OS Release 20.2R1, you can track and display the high-water mark data of routing and forwarding (RIB/FIB) table routes and VRFs in a system (RPD) using the show route summary CLI command. High-water mark refers to the maximum number of routing and forwarding (RIB/FIB) table routes and VRFs that was present in the RPD system. The high-water mark data can also be viewed in the syslog at the LOG_NOTICE level.
You can configure the interval of the high-water mark data using the highwatermark-log-interval CLI configuration statement at the [edit routing-options] hierarchy level. The minimum time gap at which the high-water mark data logged in the syslog is 30 seconds. You can configure the value for highwatermark-log-interval CLI configuration statement between 5 to 1200 seconds.
[See routing-options and show route summary.]
System Management
Support for the G.8275.1 Profile (MX10008 and MX10016 with line card JNP10K-LC2101)—Starting in Junos OS Release 20.2R1, we support ITU-T G.8275.1 Full path Timing Support (FTS) Profile and G.8273.2 Telecom Boundary Clock. The G.82751.5 Profile is a phased profile that operates with PTP-based packet exchange for Phase and Time recovery, and Synchronous-Ethernet-based based frequency recovery (also called Synchronous-Ethernet-based assisted PTP mode of operation). This profile is required in TDD application deployment in both 4G and 5G networks.
The PTP operation must be two-way in this profile in order to transport phase/time synchronization because propagation delay must be measured. Hybrid mode must be enabled for the G.8275.1 profile.
[See profile-type.]
Virtual Chassis
MX Series Virtual Chassis support for the ephemeral database (MX480 and MX960)—Starting in Junos OS Release 20.2R1, MX Series Virtual Chassis support configuring the ephemeral database. The ephemeral database is an alternate configuration database that provides a fast programmatic interface for performing configuration updates on devices running Junos OS.
What's Changed
Learn about what changed in Junos OS main and maintenance releases for MX Series routers.
What’s Changed in Release 20.2R3
General Routing
Updates to ON-CHANGE and periodic dynamic subscriber interface metadata sensors (MX Series routers and EX9200 line of switches)—We've made the following updates to the /junos/system/subscriber-management/dynamic-interfaces/interfaces/meta-data/interfacesid='sid-value'/ sensor:
Notifications are sent when subscribers log in on either IP demux or VLAN demux interfaces. In earlier releases, login notifications are sent only for IP demux logins.
The
interface-setend path has been added to the logical interface metadata. The interface-set field appears in both ON-CHANGE and periodic notifications. In earlier releases, this field is not included in the sensor metadata or notifications.
New commit check for MC-LAG (MX Series)—We've introduced a new commit check to check the values assigned to the redundancy group identification number on the mc-ae interface (redundancy-group-id) and ICCP peer (redundancy-group-id-list) when you configure multichassis aggregation groups (MC-LAGs). If the values are different, the system reports a commit check error. In previous releases, if the configured values were different, the l2ald process would crash.
[See iccp.]
Junos XML API and Scripting
Refreshing scripts from an HTTPS server requires a certificate (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—When you refresh a local commit, event, op, SNMP, or Juniper Extension Toolkit (JET) script from an HTTPS server, you must specify the certificate (Root CA or self-signed) that the device uses to validate the server's certificate, thus ensuring that the server is authentic. In earlier releases, when you refresh scripts from an HTTPS server, the device does not perform certificate validation.
When you refresh a script using the
request system scripts refresh-fromoperational mode command, include thecert-fileoption and specify the certificate path. Before you refresh a script using theset refreshor setrefresh-fromconfiguration mode command, first configure thecert-filestatement under the hierarchy level where you configure the script. The certificate must be in Privacy-Enhanced Mail (PEM) format.[See request system scripts refresh-from and cert-file.]
The
jcs:invoke()function supports suppression of root login and logout events in system log files for SLAX commit scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Thejcs:invoke()extension function supports theno-login-logoutparameter in SLAX commit scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified RPC. If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.The
jcs:invoke()function supports suppression of root login and logout events in system log files for SLAX event scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Thejcs:invoke()extension function supports theno-login-logoutparameter in SLAX event scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified RPC. If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.
Layer 2 Ethernet Services
Active leasequery based bulk leasequery (MX Series)—The overrides always-write-option-82 and relay-option-82 circuit-id configuration at the edit forwarding-options dhcp-relay hierarchy level is not mandatory for active leasequery based bulk leasequery. Earlier to this release, the overrides always-write-option-82 and circuit-id configurations are mandatory for active leasequery based bulk leasequery. For regular bulk leasequery between relay and server without any active leasequery, the overrides always-write-option-82 and relay-option-82 circuit-id configurations are mandatory.
Network Management and Monitoring
Changes to
<commit>RPC responses in RFC-compliant NETCONF sessions (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—When you configure therfc-compliantstatement at the [edit system services netconf] hierarchy level, the NETCONF server's response for<commit>operations includes the following changes:If a successful
<commit>operation returns a response with one or more warnings, the warnings are redirected to the system log file, in addition to being omitted from the response.The NETCONF server response emits the
<source-daemon>element as a child of the<error-info>element instead of the<rpc-error>element.If you also configure the
flatten-commit-resultsstatement at the [edit system services netconf] hierarchy level, the NETCONF server suppresses any<commit-results>XML subtree in the response and emits only an<ok>or<rpc-error>element.
Support for specifying the YANG modules to advertise in the NETCONF capabilities and supported schema list (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—You can configure devices to emit third-party, standard, and Junos OS native YANG modules in the capabilities exchange of a NETCONF session by configuring the appropriate statements at the edit system services netconf hello-message yang-module-capabilities hierarchy level. In addition, you can specify the YANG schemas that the NETCONF server should include in its list of supported schemas by configuring the appropriate statements at the edit system services netconf netconf-monitoring netconf-state-schemas hierarchy level.
[See hello-message. and netconf-monitoring..]
User Interface and Configuration
Verbose format option to export JSON configuration data (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The Junos OS CLI exposes the verbose statement at the [edit system export-format json] hierarchy level. We changed the default format to export configuration data in JSON from verbose to ietf starting in Junos OS Release 16.1R1. You can explicitly specify the default export format for JSON configuration data by configuring the appropriate statement at the [edit system export-format json] hierarchy level. Although the verbose statement is exposed in the Junos OS CLI as of the current release, you can configure this statement starting in Junos OS Release 16.1R1.
[See export-format.]
What’s Changed in Release 20.2R2
EVPN
New output flag for the show bridge mac-ip table command (MX Series)—The Layer 2 address learning process does not send updated MAC and IP address advertisements to the routing protocol process when an IRB interface is disabled in an EVPN-VXLAN network. We have added the NAD flag in the output of the show bridge mac-ip-table command to identify the disabled IRB entries where the MAC and IP address advertisement will not be sent.
[See show bridge mac-ip-table.]
Warning message for proxy MAC advertisement (MX Series)—When proxy-macip-advertisement is enabled, the Layer 3 gateway advertises MAC and IP routes (MAC+IP type 2 routes) on behalf of Layer 2 VXLAN gateways in EVPN-VXLAN networks. This behavior is not supported on EVPN-MPLS. Starting in Junos OS Release 20.2R2, the warning message, WARNING: Only EVPN VXLAN supports proxy-macip-advertisement configuration, appears when you enable proxy-macip-advertisement. The message appears when you change your configuration, save your configuration, or use the show command to display your configuration.
[See proxy-macip-advertisement.]
General Routing
MS-MPC and MS-MIC service package (MX240, MX480, MX960, MX2008, MX2010, and MX2020)—PICs of MS-MPC and MS-MIC do not support any other service package than extension-provider. These PICs always come up with the extension-provider service-package, regardless of the configuration. If you try to configure any other service package for these PICs by using the command set chassis fpc slot-number pic pic-number adaptive-services service-package, an error is logged. Use the show chassis pic fpc-slot slot pic-slot slot command to view the service package details of the PICs of MS-MPC and MS-MIC.
[See extension-provider.]
Round-trip time load throttling for pseudowire interfaces (MX Series)—The Routing Engine supports round-trip time load throttling for pseudowire (ps) interfaces. In earlier releases, only Ethernet and aggregated Ethernet interfaces were supported.
[See Resource Monitoring for Subscriber Management and Services.]
Changes to Junos XML operational RPC request tag names (MX480)—Starting in Junos OS Release, we've updated the Junos XML request tag name for the below operational RPCs. The changes include:
<get-security-associations-information> is changed to <get-re-security-associations-information>.
<get-ike-security-associations-information> is changed to <get-re-ike-security-associations-information>.
High Availability (HA) and Resiliency
IPv6 address in the prefix TIEs displayed correctly—The IPv6 address in the prefix TIEs are displayed correctly in the show rift tie output.
Infrastructure
Change in support for interface-transmit-statistics statement (MX Series)—You cannot configure aggregated Ethernet interfaces to capture and report the actual transmitted load statistics by using the interface-transmit-statistics statement. Aggregated Ethernet interfaces do not support reporting of the transmitted load statistics. In Junos OS Release 20.2R2, the interface-transmit-statistics statement is not supported in the aggregated Ethernet interfaces hierarchy. In earlier releases, the interface-transmit-statistics statement was available in the aggregated Ethernet interfaces hierarchy but not supported.
Interfaces and Chassis
Change in support for interface-transmit-statistics statement (MX Series)—You cannot configure aggregated Ethernet interfaces to capture and report the actual transmitted load statistics by using the interface-transmit-statistics statement. Aggregated Ethernet interfaces do not support reporting of the transmitted load statistics. In Junos OS Release 20.2R2, the interface-transmit-statistics statement is not supported in the aggregated Ethernet interfaces hierarchy. In earlier releases, the interface-transmit-statistics statement was available in the aggregated Ethernet interfaces hierarchy but not supported.
Juniper Extension Toolkit (JET)
Set the trace log to only show error messages (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series)—You can set the verbosity of the trace log to only show error messages using the error option at the [edit system services extension-service traceoptions level] hierarchy.
[See traceoptions (Services).]
Routing Protocols
Advertising 32 secondary loopback addresses to traffic engineering database as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, multiple secondary loopback addresses in the traffic engineering database were added to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised as router IDs.
Subscriber Management and Services
Improved tunnel session limits display (MX Series)—Starting in Junos OS Release 20.2R2, the show services l2tp tunnel extensive command displays the configured value for maximum tunnel sessions. On both the LAC and the LNS, this value is the minimum from the global chassis value, the tunnel profile value, and the value of the Juniper Networks VSA, Tunnel-Max-Sessions (26–33). On the LNS, the configured host profile value is also considered.
In earlier releases, the command displayed the value 512,000 on the LAC and the configured host profile value on the LNS.
[See Limiting the Number of L2TP Sessions Allowed by the LAC or LNS.]
What’s Changed in Release 20.2R1
Class of Service (CoS)
We’ve corrected the output of the show class-of-service interface | display xml command. Output of the following sort: <container> <leaf-1> data </leaf-1><leaf-2>data </leaf-2> <leaf-3> data</leaf-3> <leaf-1> data </leaf-1> <leaf-2> data </leaf-2> <leaf-3> data </leaf-3> </container> will now appear correctly as <container> <leaf-1> data </leaf-1><leaf-2>data </leaf-2> <leaf-3> data</leaf-3></container> <container> <leaf-1> data </leaf-1> <leaf-2> data </leaf-2> <leaf-3> data </leaf-3> </container>.
General Routing
Support for full inheritance paths of configuration groups to be built into the database by default (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting with Junos OS Release 20.2R1, the persist-groups-inheritance option at the [edit system commit] hierarchy level is enabled by default. To disable this option, use no-persist-groups-inheritance.
[See commit (System).]
Install or activate the RIFT package to include the request rift package activate-as-top-of-fabric option—Install or activate the RIFT package to include the request rift package activate-as-top-of-fabric option. This option is same as the activate option but it adds additional configuration to act as a top-of-fabric node.
Command to view summary information for resource monitor (EX9200 line of switches and MX Series)—You can use the show system resource-monitor command to view statistics about the use of memory resources for all line cards or for a specific line card in the device. The command also displays information about the status of load throttling, which manages how much memory is used before the device acts to reduce consumption.
[See show system resource-monitor and Resource Monitoring for Subscriber Management and Services.]
Juniper Extension Toolkit (JET)
PASS keyword required for Python 3 JET applications (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—If you are writing a JET application using Python 3, include the PASS keyword in the Exception block of the script. Otherwise, the application throws an exception when you attempt to run it.
[See Develop Off-Device JET Applications and Develop On-Device JET Applications.]
Updates to IDL for RIB service API bandwidth field (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The IDL for the RouteGateway RIB service API has been updated to document additional rules for the bandwidth field. You must set bandwidth only if a next hop has more than one gateway, and if you set it for one gateway on a next hop, you must set it for all gateways. If you set bandwidth when there is only a single usable gateway, it is ignored. If you set bandwidth for one or more gateways but not all gateways on a next hop, you see the error code BANDWIDTH_USAGE_INVALID.
[See Juniper EngNet.]
Network Management and Monitoring
Support for new SNMP object for the ifJnx MIB—Starting in Junos OS Release 20.2R1, we introduce a new SNMP object, ifJnxInputErrors, that tracks all input errors except the L3 incomplete errors. The ifJnxInErrors object continues to track the L3 incomplete errors.
Support for Clearing the Event at MEP Level (MX Series)—In Junos OS 20.2R1, you can define an action profile for connectivity fault management at the local MEP level or at the remote MEP level. You define an action profile to monitor events and thresholds and specify an action that the device performs when the configured event occurs. When you define the action profile at the local MEP level, you can clear the event for the configured action profile at the local MEP level by specifying only the local MEP numeric identifier. When you define the action profile at the remote MEP level, you can clear the event for the configured action profile at the remote MEP level by specifying the local MEP numeric identifier as well as the remote MEP numeric identifier.
See [clear oam ethernet connectivity-fault-management event.]
Request support information for IPsec function (MX Series)—Starting in Release 20.2R1, Junos OS introduces ipsec-vpn option to the existing request support information command. The request support information ipsec-vpn command displays all the configurations, states, and statistics at Routing Engine and Service Card level. This new option helps in debugging IPsec-VPN related issues. The information collection is streamlined and reduces the output file size.
See [Request support information.]
Junos OS only supports using Python 3 to execute YANG Python scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.2R1, Junos OS uses Python 3 to execute YANG action and translation scripts that are written in Python. In earlier releases, Junos OS uses Python 2.7 to execute these scripts.
[See Understanding Python Automation Scripts for Devices Running Junos OS.]
Services Applications
New option for configuring delay in IPSec SA installation—In Junos OS Releases 20.2R1 and 20.2R2, you can configure the natt-install-interval seconds option under the [edit services ipsec-vpn rule rule-name term term-name then dynamic] hierarchy to specify the duration of delay in installing IPSec SA in a NAT-T scenario soon after the IPSec SA negotiation is complete. The default value is 0 seconds.
Software-Defined Networking (SDN)
JDM install and configuration do not impact host SNMP—Starting in Junos OS Release 20.2R1, JDM does not write any configuration to the host SNMP configuration file (
/etc/snmp/snmpd.conf). Hence, JDM installation and subsequent configuration do not have any impact on the host SNMP. The SNMP configuration CLI command in JDM is used only to configure JDM'ssnmpd.conffile, which is present within the container.[See SNMP Trap Support: Configuring NMS Server (External Server Model).]
Known Limitations
Learn about known limitations in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
General Routing
On the MPC11E line card, the number-of-sub-ports configuration on the 4x10GbE channelized ports might cause the channels to go down. PR1442439
On the MPC11E line card, the following error messages are observed when the line card is online: i2c transaction error (0x00000002). PR1457655
Traffic stops after reaching the volume limit but the traffic resumes after the Packet Forwarding Engine fails. PR1463723
The MPC11E line card might take additional time to come during the movement from one GNF to another GNF. PR1469729
On the MX10003 or MX204 routers, BFD or LACP might flap during the BGP convergence. PR1472587
Dynamic SR-TE tunnels do not get automatically recreated at the new primary Routing Engine after the Routing Engine switchover. PR1474397
Packet Forwarding Engine lookup loop occurs when the firewall based redirection under forwarding-options is used to perform route-lookup in a non-default routing instance for destinations reachable over MPLSoUDP tunnels. PR1478000
The following message might be observed while configuring MTU: SNMP_TRAP_LINK_DOWN. PR1486542
The rpd process might generate core files in the absence of an explicit route-distinguisher configuration. PR1486922
After executing the clear interfaces statistics all command, the value might be different from the values of the output of the show interfaces command. PR1488758
It takes nearly 20 minutes to display IP-IP tunnel statistics on the backup Routing Engine after GRES at full scale of 4000 tunnels. PR1489067
Packets do not get fragmented based on FTI interface MTU in the data path. PR1489526
Traffic drop of around 2.5 seconds on switchover from primary physical interface is observed to backup FTI interface with the scaled routes. PR1490070
The sequence-numbers (initial-synchronization and regular streaming) might be in the wrong order when multiple collectors are present. PR1490798
The basic service set identifier (BSSID) scaling limits for IPv6 policies are 16,000 per ECMP. PR1495330
The ppmd restart does not clear the active RFC2544 reflection sessions. PR1499285
Active reflection sessions are not aborted when the delete interfaces and the delete services configuration is committed. PR1499628
One hundred percent traffic drop at tunnel destination is observed if fragmentation is enabled when the incoming packet size is greater than the egress WAN MTU. PR1505209
Changing the scaled firewall profiles on the fly does not release the TCAM resources as expected. PR1512242
Infrastructure
On Juniper Networks Routing Engines with Hagiwara CompactFlash card installed, after the upgrade to Junos OS Release 15.1 and later, the following error message might appear: smartd[xxxx]: Device: /dev/ada1, failed to read SMART Attribute Data. PR1333855
Interfaces and Chassis
Session fails to come up after the outer tag pop when ingress and egress logical interfaces are on the same Packet Forwarding Engine. PR1487351
On the MPC10 or MPC11 line card, the convergence goes up to 38 seconds for a highly scaled configuration. PR1519373
MPLS
The P2MP branches stay on bypass even after the link becomes functional after failure. PR1486813
The RPD process might crash. PR1461468
After enabling the MPLS p2mp-lsp no-re-merge set protocols on ingress, the P2MP branches fail to come up. PR1487007
Branches do not select the common ASBR from the available list with the single-asb command enabled after the common ASBR failure. PR1490637
Network Management and Monitoring
On the MPC11E line card, the following trap message is not observed after a line card reboot when the scaled interfaces are present: SNMP Link up. PR1507780
Platform and Infrastructure
PIM join message (S,G) might not be created after GRES. PR1457166
Unknown unicast filter applied in the EVPN routing instance blocks unexpected traffic. PR1472511
The JTI sensor subscription and the related TCP session are still present after the interface is deleted, deactivated, or disabled. PR1477790
Routing Protocols
RPKI validation is broken. PR1464931
Open Issues
Learn about open issues in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Class of Service (CoS)
The following syslog error message is observed: cosd[10290]: LIBCOS_COS_ATTRIBUTE_RETRIEVE_FAILED: FAILED to retrieve cos field (cos_fc_defaults_0_fc_no_loss). PR1470252
The mpls-inet-both-non-vpn command does not work as expected. PR1479575
When an interface attached to the aggregated Ethernet interface is decoupled and an IP address is assigned to it, ARP resolution issues are observed. PR1504287
EVPN
There might be a few duplicate packets seen in an active/active EVPN scenario when the remote PE device sends packets with IM label due to MAC not being learned on remote PE device but being learned on the active/active local PE device. The non-DF sends the IM-labeled encapsulated packet to the PE-CE interface after MAC looks up instead of dropping the packet, which causes duplicate packets on the CE side. PR1245316
The VXLAN OAM host-bound packets are not throttled with DDoS policers. PR1435228
The mustd.core process generates core file during upgrading or while committing a configuration. PR1577548
Forwarding and Sampling
Packet length for ICMPv6 is shown as 0 in the output of the show firewall log detail command. PR1184624
The log message of Prefix-List [] in Filter [] that does not have any relevant prefixes might not be seen when the IPv4 prefix is added on a prefix list referred by the IPv6 firewall filter. PR1395923
The following syslog error message might be observed due to SSD hardware failure: Failed connecting to DFWD, error checking reply - Operation timed out. PR1397171
After restarting the router, the remote mask (indicating from which remote PE devices MAC IP addresses are learned), that the routing daemon sends might be different from the existing remote mask compared to the Layer 2 learning daemon had prior to restart. This causes a mismatch between the Layer 2 learning and routing daemon interpretation as to where the MAC IP address entries are learned (either local or remote) leading to the MAP IP table being out of synchronization. PR1452990
General Routing
The host root file system and the node boot with the previous vmhost software instead of the alternate disk. PR1281554
Not using the chained CNH does not bring in a lot of gain because TCNH is based on an ingress rewrite premise. Without this feature, things work just fine. PR1318984
With regards to FPC restarts or Virtual Chassis splits, the design of MX Series Virtual Chassis infra relies on the integrity of the TCP connections. The reactions to failure situations might not be handled gracefully, resulting in TCP connection timeouts because of jlock hog crossing the boundary value (5 seconds), which causes bad consequences in MX Series Virtual Chassis. Currently, there is no other easy solution to reduce this jlock hog besides enabling marker infra in the MX Series Virtual Chassis setup. PR1332765
In an MS-MPC or MS-MIC in ALG scenario, the MAC_STUCK message might be observed and traffic might be dropped. PR1335956
The backup Routing Engine might crash after GRES occurs continuously for more than 10 times. PR1348806
The following error messages are observed with Junos OS Release 17.3 throttle image: localttp_offload_tx_errcheck: failed to send packet 4 times in last one second. PR1359149
On the MX204 and MX10003 routers, the following garbage value on syslog messages from craftd demon is observed: craftd[xxxx]: fatal error, failed to open smb device: JÎÈ. PR1359929
On the MX2010 and MX2020 routers equipped with SFB2, some error logs might be seen. PR1363587
Due to transient hardware condition, single-bit error (SBE) events are corrected and have no operational impact. Reporting of those events are disabled to prevent alarms and possibly unnecessary hardware replacements. PR1384435
The virtio throughput remains the same for the multi-queue and single-queue deployments. PR1389338
Revert of RLT to primary might silently discard traffic for around 10 minutes after the primary FPC is online with primary RLT up. PR1394026
The FPC generates core files under certain circumstances on addition and deletion of hierarchical CoS from pseudowire devices. PR1414969
Traffic statistics are not displayed for the hybrid access gateway session and tunnel traffic. PR1419529
With the HTTP header enrichment function enabled, the processing of the window scaling option significantly reduces the performance of HTTP sessions from 65 Mbps to less than 40 Mbps, which results in decrease of traffic throughput. The download rate also drops. PR1420894
Dynamic tunnel summary displays wrong count of up and total tunnels. PR1429949
The ike-esp session are not created after enabling ike-esp-nat. PR1516655
The ALG timeout value is displayed as default value for the child data sessions even after the configured service set timeout values. PR1516697
Need to show which shard a given route is hashed to. PR1430460
Layer 2 over GRE is not supported in Junos OS Release 19.3R1. Although, the configuration gets committed, the feature does not work. PR1435855
The FPC process might crash when the Packet Forwarding Engine memory is exhausted. PR1439012
Interface hold-down timers cannot be achieved for less than 15 seconds on the MPC11E line card. PR1444516
The vehostd application fails to generate a minor alarm. PR1448413
Physical interface policers are not supported in Junos OS Release 19.3R1 for the MPC11 line card. PR1452963
After more than 2 million multicast subscribers are activated without performing GRES or bbe-smgd restart, further multicast subscribers might be unable to log in. PR1459340
The following CDA error message is observed: LkupAsicClient: Index Dmem block read failed, PFE:0.0. PR1459665
The CFM REMOTE MEP does not come up after configuration or if the MEP remains in the Start state. PR1460555
Need to add the Backport jemalloc profiling CLI support to all Junos OS releases where jemalloc is present. PR1463368
In DNS filtering when DNS requests are sent from the server and implicit filters as well as routes to the service PIC are configured, it causes the DNS packets to loop. PR1468398
With the BGP rib-sharding and update-threading, traffic drops 100 percent in the BGP Layer 3 VPN streams, post the removal or restoration configuration. PR1469873
For the MPC10E line card, the IS-IS and micro-BFD sessions do not come up during baseline. PR1474146
Expected number of 512,000 MAC entries are not relearned in the bridge table after clearing 512,000 MAC entries from the table. PR1475205
On the MX480 router, the following error message is seen after restore or removal with IP and MPLS configurations: [Error] L2alm : l2alm_mac_process_hal_delete_msg:667 Ignoring MAC delete with ifl index 355, fwd_entry has 7888. PR1475785
A 64-bit cMGD should be used if cMGD is running on a 64-bit OS to avoid random issues. PR1481335
Invalid packets are dropped by dut with TCC encapsulation configuration as intended, but the statistics counters are incremented. PR1481698
The following critical syslog error messages at FPC3 user.crit aftd-trio are seen during baseline: [Critical] Em: Possible out of order deletion of AftNode #012#012#012 AftNode details - AftIndirect token:230791 group:0 nodeMask:0xffffffffffffffff indirect:333988 hwInstall:1#012. PR1486158
Next-hop learning command is enabled by default in the MPC10 and MPC11 line cards irrespective of the command configuration. PR1489121
Login or logout of high scale (around 1 million bearers) causes some sessions not to re-login. PR1489665
Need to support upgrading of the PSM firmware on the MX2000 line of devices. PR1489939
On the MPC10 line card, AFT crash is seen at std::default_delete< AftTermAction>::operator() (this=< optimized out>, __ptr=0x7fb0bc5d5910) at
/volume/evo/files/opt/poky/2.2.1-22/sysroots/core2-64-poky-linux/usr/include/c++/6.2.0/bits/unique_ptr.h:76. PR1491527The following error message is observed: unable to set line-side lane config (err 30). PR1492162
The delta PSM firmware upgrade status is incorrectly displayed. PR1493045
On the MX2020 router, the AER image for non-correctable or correctable PCI error is needed. PR1493065
Component sensor does not export data under components CB0 or CB1 in the expected time. PR1493579
Backup Routing Engine reboots because of power cycle or failure when the offline and online operations are performed on CB1. PR1497592
The MPC11 line card is not supported in Junos OS Release 19.4R1. PR1503605
The WAN-PHY interface continuously flaps with the default hold-time down of value 0. PR1508794
For EVPN-VXLAN feature verification, the set chassis loopback-dynamic-tunnel command is used. PR1509690
On the MPC11 line card, dfw crash is seen after removing and restoring configurations on the backup Routing Engine. PR1512770
Sometimes external 1 pps cTE is slightly above Class B requirement of the ITU-T G.8273.2 specification. PR1514066
On the MX960 router, expected traffic is not received with multicast and PIM scaling configurations. PR1514646
The NGMPC2 process generates the core file at bv_entry_active_here::bv_vector_op:: gmph_reevaluate_group:: gmph_destroy_client_group. PR1537846
On the MX480 routers, in an EVPN-VLAN scenario, the set routing-instances protocols evpn mac-table-aging-time 30 statement does not work. PR1543238
Even though enhanced-ip is active, the following alarm is observed during ISSU: RE0 network-service mode mismatch between configuration and kernel setting. PR1546002
The LACP state is in the Down state after enabling and disabling the exclude protocol LACP under Set security. PR1331412
Disabled interfaces might still transmit power after the device reboots. PR1487554
In the output of the show interface command, the smart-sfp-present leaf is missed. PR1492551
Traffic loss might be seen if the routing-instance is deactivated and then re-activated quickly. PR1498087
Set of Info level cron logs is displayed from FPC every 1 minute. PR1527266
CFM do not consider the 8021AD configuration for the rewrite and classification tables. PR1527303
MACSEC PIC stays offline in new primary after ISSU in GNF alone. PR1534225
On the MX2020 router, the next hops are less than a total of nhdb 4MPOST GRES. PR1539305
On the MX480 routers, COS shaping is not adjusted as per the ANCP actual down stream rate. PR1544713
Commit error is introduced during deactivate chassis synchronization source and smc-transmit are all configured. PR1549051
IGMP joins are more than the expected value while verifying the IGMP snooping membership in the CE router. PR1560588
Some BFD sessions get stuck in the Down or Init state after an iterative operations triggers on DUT. PR1560772
On the MX2010 or MX2020 routers, the following error message might be observed after switchover with GRES/NSR: CHASSISD_IPC_FLUSH_ERROR. PR1565223
On the MX480 routers, traffic loss is observed with a scale of 4000 tunnels 800 vrf test. PR1568414
The mspmand process might crash if the packet flow-control issue occurs on MS-MPC/MS-MIC. PR1569894
CFP unplugged message is not logged in Junos OS Release 17.3 and later. PR1573209
The rpd process on the transit node might crash when MPLS traceroute on the ingress node is performed. PR1573517
From the regress user shell prompt, vhclient access does not display the following error message: rcmd: socket: Operation not permitted. PR1574240
PIM rib-group fails to add in VR. PR1574497
On the MX150 routers, the interface might take a long time to power down while rebooting, powering-off, halting, or upgrading. PR1575328
FPC CPU utilization gets stuck at 100 percent during the longevity case. PR1575355
The show services service-sets statistics syslog command returns an error when the service-set does not have a syslog configuration: usp_ipc_client_recv_ 1237: ipc_pipe_read fails! error:No error: 0(0), tries:. PR1576044
On the MX10016 routers, when Fan Tray 1 fan fails the alarm is cleared, the Fan/Blower OK SNMP traps are generated for the Fan Tray 0 [Fan 31 - 41] and Fan Tray 1 [Fan 11 - 41]. PR1576521
In the NAT64 scenario during session creation, the IPv6 atomic fragments are not processed correctly. PR1581348
MS-MIC or MS-MPC based jflow (flow-sampling) on the logical systems is not supported. PR1585824
High Availability (HA) and Resiliency
Unexpected XML structure change with the show system switchover command is observed. PR1158986
Performing GRES with the interface em0 (or fxp0) disabled on the primary Routing Engine; when you enable the interface on the new backup Routing Engine, you might not be able to access the network. PR1372087
During ZPL ISSU, traffic loss is observed with the IGP or BGP protocol session. PR1487144
Infrastructure
The HSRPv2 IPv6 packets might get dropped if IGMP-snooping is enabled. PR1232403
The following error message is seen during FTP: ftpd[14105]: bl_init: connect failed for /var/run/blacklistd.sock(No such file or directory). PR1315605
The following error message is observed continuously in AD with base configurations: IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) failed. PR1485038
Memory corruption of any binary in
/usr/bin/ or /usr/sbin/can be triggered by the execution of the binary when a recovery snapshot is being copied to the OAM volume. PR1563647
Interfaces and Chassis
The cfmd process might continuously crash after the upgrade. PR1281073
The SFP index in the Packet Forwarding Engine starts at 1, while the port numbering starts at 0. This causes confusion in the log analysis. PR1412040
Changing the framing modes on a CHE1T1 MIC between E1 and T1 on an MPC3E NG HQoS line card causes the PIC to go offline. PR1474449
MPLS VPN label can point to the discarded next hop after a Routing Engine switchover without NSR if the egress interface is pp0. PR1488302
The show interface x extensive command might not be accurate. PR1505100
LB fails to MIP on VT with a default md. PR1516583
After DUT with MPC10 or MPC11 line card takes over as vrrp primary role, the logical interface undergoes 100 seconds of traffic loss. PR1519374
The following error message is observed while removing or adding the configurations: xolo-fpc0 ppman: [Error] CTRL:RPC:: Cos8021pRwTableCb)::< lambda: RPC to Aftman CoS FC table request failed for key:16783744 iflIndex:23238 status:Invalid argument. PR1527032
The input errors counter command on the monitor interface command does not work. PR1561065
Layer 2 Ethernet Services
The DHCP decline packets are not forwarded to the DHCP server when forward-only is set within dhcp-reply. PR1429456
the OSPF and OSPF3 adjacency uptime is more than expected after the NSSU upgrade and outage is higher than the expected. PR1551925
MPLS
Aggressive switchovers due to MBB or CSPF computations causes traffic loss on all branches of the tree even if a single branch fails to come up due to remerge detection on the transit router. PR1487916
The GRES or NSR Routing Engine switchovers followed by restart routing on the primary Routing Engine does not honor the remerge behavior. PR1489168
Extended-admin-groups on links are shown as SRLG attribute in TED. PR1575060
Platform and Infrastructure
The Packet Forwarding Engine might produce error messages during interface deletions in configurations with IRB interfaces. PR1054798
The following error message is observed during ISSU from 19.1-20190325.0 to 19.3I-20190324_dev_common.0.1957: Async XTXN Error PPE/Context 9/13 @ PC 0x6f77: sampling_li_launch_nh PR1426438
For the bridge-domains configured under an EVPN instance, the ARP suppression is enabled by default. This enables the EVPN to proxy the ARP and reduces the flooding of ARP in the EVPN networks. As a result, storm-control does not effect the ARP packets on the ports under such bridge-domain. PR1438326
The npc process generates the core file at trinity_rt_iff_attach,pfe_ifl_family_attach,ifrt_ifl_family_adder,ifrt_ifl_family_add_vector,ifrt_command_handler. PR1461892
The cosmetic error messages of NTP time synchronization might be observed during device booting. PR1463622
A few OAM sessions are not established with the scaled EVPN E-Tree and CFM configurations. PR1478875
If the interface is newly added as the CE interface, the existing broadcast, unknown unicast, and multicast (BUM) traffic can be looped. The loop prevention feature is designed to start working whenever a new CE interface is added by configuration. But the existing BUM traffic can be distributed to a new CE interface earlier before enabling the loop prevention feature. PR1493650
Traffic loss might be observed after ISSU. PR1493723
Upgrading satellite devices might lead to some SDs in the SyncWait state. PR1556850
On the MX480 router, during the verification of GRES and NSR functionality with VXLAN feature, the convergence is not as expected L2-DOMAIN-TO-L3VXLAN. PR1520626
The vmxt_lnx process generates core file at KtreeSpace::FourWayLeftAttachedNode::getNextDirty Trinity_Ktree::walkSubTree Trinity_Ktree::walkSubTree. PR1525594
IPv6 VRRP sessions are not established when Duplicate Address Detection (DAD) is enabled. PR1534835
Upgrading satellite devices might lead to some SDs in the SyncWait state. PR1556850
Monitor traffic interface fxp0 resets the last flapped time for the interface. PR1564323
The FPC process might crash when the next-hop memory of ASIC is exhausted in the EVPN-VXLAN scenario. PR1571439
Routing Policy and Firewall Filters
The routing policy actions fail to configure neighbor-sets and tag-sets. PR1491795
Routing Protocols
While interoperating with other vendors in a draft-rosen multicast VPN, by default Junos OS attaches a route target to the multicast distribution tree (MDT), subsequent address family identifier (SAFI), and network layer reachability information (NLRI) route advertisements. But some vendors do not support attaching the route targets to the MDT-SAFI route advertisements. In this case, the MDT-SAFI route advertisement without route-target extended communities are prevented from propagating of the route-target fil. PR993870
Certain BGP traceoption flags (for example, open, update, and keepalive) might result in trace logging of debugging messages that do not fall within the specified traceoption category, which results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294
LDP OSPFs are in the Synchronization state because the IGP interface is down with ldp-synchronization enabled for OSPF. PR1256434
In rare cases, RIP replication might fail as a result of performing NSR Routing Engine switchovers when the system is not NSR ready. PR1310149
The show version detail command triggers the following severity error logs: mcsnoopd: INFO: krt mode is 1" "JUNOS SYNC private vectors set". PR1315429
SCP command with routing option (-JU) is not supported. PR1364825
On the MX2010 Series routers, the BFD session on the IS-IS step up flaps during the ISSU - FRU upgrade stage. PR1453705
Even when protocols mpls traffic-engineering bgp-igp command is configured, the UDP tunnel routes are not added to inet.0. The UDP tunnel routes are added only to inet.3 table whether the command is configured or not. PR1457426
BGP graceful restart might have some traffic loss when sharding is enabled. PR1475773
Some PIM join or prune packets might not be processed in the first attempt in the scaling scenario where the PIM routers establish neighborship and immediately join the multicast group. PR1500125
The BFD sessions might flap continuously after disruptive switchover followed by GRES. PR1518106
BFD with authentication for BGP flaps after GRES or NSR switchover on the NG-RE and SCBE2 setup. PR1522261
The virtual-router option is not supported under a routing-instance in a lean RPD image. PR1494029
Dynamic tunnels are still up after deactivatingthe BGP nexthop type UDP policy. PR1579225
Services Applications
All the unreachable destinations are not kept in the Locked out state post GRES. PR1541271
The Tunnel-Assignment-Id string is not present while checking the packets from coming in for the attributes. PR1543628
Subscriber Access Management
BBE-SMGD configures in-correct vbf_accurate_accounting_bits to the Packet Forwarding Engine. PR1515899
Subscriber might get stuck in the Terminating state if the Access-Challenge packet is received from the RADIUS server during the subscriber authentication. PR1583090
User Interface and Configuration
A 64-bit cMGD must be used if cMGD runs on a 64-bit OS to avoid random issues. PR1481335
The port_speed configuration details not present in the picd configuration for ports et-0/0/128 and et-0/0/129. PR1510486
VPNs
In an MVPN environment with SPT-only option, if the source or receiver is connected directly to c-rp PE and the MVPN data packets arrive at the c-rp PE before its transition to SPT, the MVPN data packets might be dropped. PR1223434
The output value of the show mvpn c-multicast inet source-pe | display xml command is not proper. PR1509948
Interface statistics do not match for the Mroute VPN-B. PR1517039
The PIM (S,G) join state might stay forever when there are no MC receivers and source is inactive. PR1536903
Resolved Issues
Learn which issues were resolved in Junos OS main and maintenance releases for MX Series routers.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Resolved Issues: 20.2R3
Class of Service (CoS)
On the MPC7E line card, the BPS counter of the egress queue displays wrong BPS value when the cell mode is configured on the static interface. PR1568192
EVPN
With dynamic list next hop configured, a forwarding problem occurs after graceful switchover. PR1513759
no-arp-suppression is required for MAC learning across the EVPN domain on the static VTEP. PR1517591
The BUM traffic might get dropped in the EVPN-VXLAN setup. PR1525888
The route table shows additional paths for the same EVPN or VXLAN Type 5 destination after upgrading from Junos OS Release 18.4R2-S3 to Junos OS Release19.4R1-S2. PR1534021
All the ARP reply packets toward some address are flooded across the entire fabric. PR1535515
Rpd memory leak might occur when the EVPN configuration is changed. PR1540788
The l2ald process might generate the core file after changing the EVPN or VXLAN configuration. PR1541904
The rpd process might crash after adding route-target on a dual-Routing Engine system under the EVPN multihoming scenario. PR1546992
VLAN ID information is missed while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from instance-type EVPN to instance-type virtual-switch. PR1547275
The ARP replies from the EVPN CE device might get dropped incorrectly if the EVPN routes are resolved through the MPLS-over-UDP tunnels. PR1563802
Forwarding and Sampling
The srrd process might crash in a high route churns scenario or if the process flaps. PR1517646
The commit might fail if a filter enabled with enhanced-mode to et- interface is configured. PR1524836
The l2ald process might crash when a device configuration flaps frequently. PR1529706
MAC learning issue might occur when EVPN-VXLAN is enabled. PR1546631
All traffic are dropped on the aggregated Ethernet interface bundle without the VLAN configuration if the bandwidth-percent policer is configured. PR1547184
The l2ald process might crash due to next-hop issue in the EVPN-MPLS. PR1548124
In the VXLAN scenario, the locally originated packets have UDP source port 0. PR1571970
General Routing
The max-drop-flows statement is not available. PR1375466
The MPC2E-NG or MPC3E-NG line card with specific MIC might crash after a high rate of interface flaps. PR1463859
The following error message is observed after GRES: [user.err aftd-trio: [Error] IF:Unable to add member to aggregate member list, member already exists, aggIflName:ps1.0 memberIflName:lt-3/0/0.32767]. PR1466531
The following line card errors are seen: HALP-trinity_nh_dynamic_mcast_add_irb_topo:3520 snooping-error: invalid IRB topo/ IRB ifl zero in l2 nh 40495 add IRB. PR1472222
Dynamic SR-TE tunnels do not get automatically recreated at the new primary Routing Engine after the Routing Engine switchover. PR1474397
Fabric healing logic incorrectly makes all MPC line cards go offline in the MX2000 router while the hardware fault is located on one specific MPC line-card slot. PR1482124
The vmcore process crashes sometimes along with the mspmand process on MS-MPC or MS-MIC if large-scale traffic flows are processed. PR1482400
SNMP index in the Packet Forwarding Engine reports as 0, causing sFlow to report either IIF or OIF (not both) as 0 in the sFlow record data at the collector. PR1484322
False positive TSensor errors are reported on vjunos0. PR1508580
Not able to forward traffic to VCP FPC after the MX Virtual Chassis reboots, FPC reboots, or adding VCP link. PR1514583
On the MX960 routers, the show interfaces redundancy RLT0 statement shows current status as primary down as FPC is still in the Ready state after RLT failover (restart FPC). PR1518543
During an upgrade, vSRX3.0 displays the following incorrect license warnings when utilizing licensable features even if the license is present on the device: requires 'idp-sig' license. PR1519672
The BFD session status remains down at the non-anchor FPC even though the BFD session is up after anchor the FPC reboots. PR1523537
Problem with static VLAN deletion with active subscribers and the FPC might be stuck at the Ready state during restart. PR1525036
The following error message is observed during GRES if an IRB interface is configured without a profile: RPD_DYN_CFG_GET_PROF_NAME_FAILED. PR1526481
The transit PTP packet might be modified unexpectedly while passing through MPC2E-NG, MPC3E-NG, and MPC5E line cards. PR1527612
The speed command cannot be configured under the interface hierarchy on an extended port when the MX204 or MX10003 router works as an aggregation device. PR1529028
The SFP-LX or SFP-SX optics on MIC-3D-20GE-SFP-E/EH might show as unsupported after ISSU. PR1529844
On the MX204 and MX10003 routers, PEM0 always shows as Absent or Empty even if PEM0 is present. PR1531190
Commit might fail after Routing Engine switchovers. PR1531415
On the MX150 routers, configuring the no-flow-control command under gigether-options does not work. PR1531983
Wavelength unlocked alarm is set as On while using the SFP+-10G-T-DWDM-ZR optics. PR1532593
The interface with the pic-mode 10GE configuration might not come up if upgraded to Junos OS Release 18.4R3-S4 or later. PR1534281
Some routes might get incorrectly programmed in the forwarding table in the kernel, which is no longer present in rpd. PR1534455
Snmp mib walk for jnxSubscriber OIDs returns a general error. PR1535754
All SFBs might go offline due to fabric failure and fabric self-ping probes performing the disable-pfe action. PR1535787
Enhancements are needed for debugging l2ald. PR1536530
The chassisd memory leak might cause traffic loss. PR1537194
The following error message might be observed when the JAM packages for the MX204, MX10003, and MX10008 are installed: JAM: Plugin installed for summit_xxx PIC. PR1537389
Version-alias gets missed for the subscribers that are configured with the dynamic profiles after ISSU. PR1537512
Deactivating or activating PTP or synchronized Ethernet in the upstream router causes the 100GbE links on the LC2103 to flap. PR1538122
On the AFT based FPCs (MPC10 and MPC11 line cards), the show jnh exceptions inst command of the Packet Forwarding Engine might cause the FPC process to crash. PR1538138
Traffic drop might be seen while executing the request system reboot command. PR1538252
After configuring the global system name-server configuration, commit should fail but instead the commit is successful. PR1538514
Upon receiving of a specific BGP FlowSpec message, network traffic might be disrupted. PR1539109
The accounting interim-updates for subscriber does not work after GRES and subsequent reboot of FPCs in the node-slicing setup. PR1539474
The rpd memory leak might be observed on the backup Routing Engine due to the flapping of the link. PR1539601
The mspmand process leaks memory in relation to the MX Series telemetry reporting the following error message: RLIMIT_DATA exceed. PR1540538
With hold time configuration, the ge interfaces remain down on reboot. PR1541382
Subscriber might not come up on some dynamic VLAN ranges in a subscriber management environment. PR1541796
The KRT queue might get stuck after the Routing Engine switchovers. PR1542280
Port mirroring with the maximum-packet-length configuration does not work over the GRE interface. PR1542500
The license errors might get returned on the backup Routing Engine while trying to commit the configuration. PR1543037
The mspmand process might generate the core file on activating or deactivating the interface. PR1544794
Traffic loss might be observed when the Switch Fabric Board 3 and MPC8E 3D combination is used in the MX2010 and MX2020 routers. PR1544953
Continuous rpd errors might be seen and new routes fails to be programmed by the rpd process. PR1545463
Backup Routing Engine vmcore might be seen due to the absence of the next-hop acknowledgement infra. PR1547164
In the syslog output, the sylog-local-tag name is truncated as SYSLOG_SF when the sylog-local-tag name is configured as SYSLOG_SFW. PR1547505
The verbose command unexpectedly becomes hidden after Junos OS Release 16.1 for set system export-format json. PR1547693
The SENSOR APP DWORD leak is observed during the period of churn for routes bound to the sensor group. PR1547698
Multicast traffic drop might be seen after ISSU. PR1548196
The adapted sample rate might get reset to the configured sample rate without changing the sampling rate information in sFlow datagrams after enabling sFlow technology on a new interface. PR1550603
The rpd crash might be seen when the BGP service route is resolved over the color-only SR-TE policy. PR1550736
The PPPoE subscribers might fail to login. PR1551207
The LCM Peer Absent message might be seen. PR1551760
The fabric errors are observed and the FPC processes might get offline with the SCBE3, MPC3E-NG, or MPC3E and MPC7 or MPC10 line card in the increased-bandwidth fabric mode. PR1553641
Configuring HFRR (link-protection) on an interface might cause rpd to crash. PR1555866
The following message is not generated on the MPC11E line card due to no power: Chassisd SNMP trap Fru Offline. PR1556090
On the MX150 routers, the following continuous license error is observed: [licinfra_set_usage_nextgen_async:1733] Invalid input parameters. PR1559361
The request system software validate command might corrupt installation of the junos-openconfig package. PR1560234
The rpd crash might be observed during processing a huge amount of PIM prune messages. PR1561984
MX platforms with MX-SCBE3 might reboot continuously. PR1564539
PPPoE service-name-tables does not correctly count active sessions that matches agent-specifier aci/ari used for delay. PR1565258
On the MX150 routers, the request system software add command is disabled in Junos OS Release 19.4R3-S1, 20.1R2, and 20.4R1. PR1568273
Family IPv6 does not come up for Layer 2 TP subscriber when additional attributes are not passed in the Framed-IPv6-Route VSA. PR1526934
DHCP discover packet might be dropped if the DHCP inform packet is received first. PR1542400
The show dynamic-profile session client-id command displays only one IPv6 framed-route information. PR1555476
Slow response might be observed when the show | compare or commit check action in a large-scale configuration environment is committed. PR1500988
Transit IPv4 traffic forwarding over BGP SR-TE might not work. PR1505592
The No response from the other routing engine for the last 2 seconds error triggers the SNMP trap generated Fru Offline messages. PR1524390
Multiple FRUs disconnection alarms might be displayed post the firmware upgrade. PR1529710
The following error message for port might be observed: FAILED(-1) read of SFP eeprom. PR1529939
The unilists are incorrectly formed and the list of forwarded next hops are not resolved properly if the ECMP is set to 128. PR1530803
BGP SR-TE IPv6 routes might get hidden after the chassisd restarts. PR1534511
Multiple vmxt processes might generate core files. PR1534641
Snmp mib walk for jnxSubscriber OIDs returns a general error. PR1535754
The kmd process might crash when the interface flaps. PR1544800
The l2ald process might crash due to next-hop issue in the EVPN-MPLS. PR1548124
The Broadcom chip FPC might crash during the system booting. PR1545455
The performance of the Packet Forwarding Engine process on the MX204 routers might be degraded after Junos OS Release 19.3R1. PR1545989
Unexpected log messages appears related to the Neighbor Solicitation (NS) messages with multicast as source address. PR1546501
The nsd daemon might crash after configuring the inline NAT in the USF mode. PR1547647
SR-TE might stay in the Up state when the routes are deleted through policy. PR1547933
Validation of the OCSP certificate might not go through in case of certain CA servers. PR1548268
The l2alm processes high CPU utilization might be observed in the EVPN-VXLAN environment. PR1551025
The following error messages are observed: Disable-pfe with intermittent ipc_pipe_get_packet(): packet_get() failed error message and CM_CMERROR_FABRIC_SELFPING failure. PR1554209
During ISSU, BNG losses subscriber sessions without sending the Session Stop message but stay in authd. PR1554539
The framed route installed for a demux Interface has no MAC address. PR1556980
ISSU are aborted and the chassisd process generates core file on the backup Routing Engine during the Junos OS upgrade to version Junos OS Release 20.2R2-S1. PR1557413
Packets corruption on 100G or 40G interface are configured with protocol PTP. PR1557758
Need to allow the tunnel interface as the peer-address for ALQ. PR1567735
On the MX204 routers, FPC might display high CPU utilization because of the JGCI background thread that runs for a long period. PR1567797
Core files are generated at export_svc_set_nat_idl@nsd_calloc while verifying the no-translation with destination-nat. PR1568997
The RPD process might crash while using BFD API to bring up the BFD sessions. PR1569040
The agent sensor __default_fabric_sensor__ are partly applied to some FPCs, which causes zero payload issue AGENTD received empty payload for pfe sensor __default_fabric_sensor__. PR1569167
The MPLS traffic passed through the back-to-back PE topology might match the wrong CoS queue. PR1569715
OAM might not work as expected after FPC reboots or flaps. PR1569790
The following log message might be observed: /tmp//mpci_info: No such file or directory :error[1]. PR1570135
On the MX960 routers, the Require a Fan Tray upgrade alarm is raised when the top Fan Tray 0 is removed, even though the enhanced Fan Tray is already used. PR1572778
Fabric errors are observed and FPC processes might get offline when the MPC3-NG/MPC3E/SRX5K-IOC2 line cards are installed along with the MPC7/MPC10/SRX5K-IOC04 and SCBE3/SCB4 line cards operating in an increased-bandwidth fabric mode. PR1573360
Slow FPC heap memory leak might be triggered by flapping the subscribers terminated over multiple pseudowires. PR1574383
On the EA-based cards igmp group membership is displayed incorrectly. PR1575031
The LLDP neighbor information displays hex string instead of chassis ID when subtype 1 is used. PR1576721
Infrastructure
The output of the show interfaces extensive command might display 0 temporarily during a race condition when SNMP query for JnxCos is issued. PR1533314
Interfaces and Chassis
The configuration might not be applied after deleting all existing logical interfaces and adding a new logical interface for an IFD in a single commit. PR1534787
Inline Y.1731 SLM or DM does not work in enhanced-cfm-mode for the EVPN UP MEP scenario. PR1537381
The following error message might occur after commit for configuration under interface hierarchy: should have at least one member link on a different FPC. PR1539719
After VRRP failover, the VRRP backup router keeps receiving traffic for about 2 minutes. PR1546635
The following commit error is observed while trying to delete unit 1 logical system interfaces: ae2.1: Only unit 0 is valid for this encapsulation. PR1547853
An IRB interface that has large unit value over 32767 cannot be an active group for the inheriting VRRP. PR1550993
The VCP port is marked as administratively down on the wrong MX-VC member. PR1552588
The dcd process might leak memory on pushing the configuration to the ephemeral database. PR1553148
Junos device might send VRRP advertisement packets in the VRRP Init or Idle state before startup-silent-period timer expiry on the VRRP primary device with NSR disabled after GRES. PR1558560
MAC address entry issue might be observed after the MC-LAG interface. PR1562535
Layer 2 Ethernet Services
The jnxJdhcpLocalServerMacAddress (.1.3.6.1.4.1.2636.3.61.61.1.4.3) returns incorrect format of the MAC address. PR1565540
DHCP packet drop might be seen when the DHCP relay is configured on a leaf device. PR1554992
The Option 82 information is incorrectly cleared by the DHCP Relay agent. PR1568344
MPLS
The rpd scheduler might slip after the link flaps. PR1516657
The rpd process might crash when the LDP route with indirect next hop is deleted on the aggregated Ethernet interface. PR1538124
If link-protection is enabled for an externally provisioned LSP, any commit for the first time after provisioning causes a break (MBB) even if the configuration is not related to the LSP. PR1546824
A new LSP might not be up even if bypass LSP is up and setup-protection is configured. PR1555774
Network Management and Monitoring
Commit error occurs while deleting the routing instance when the SNMP trap-group also have the same routing instance referred. PR1555563
Platform and Infrastructure
The state of the flow detection configuration might not be displayed properly if DDoS-SCFD is configured globally. PR1519887
An internal timer on the backup Routing Engine might cause an ARP storm upon GRES switchover on the new primary (old backup) Routing Engine. PR1547583
The following major error message might cause the Packet Forwarding Engine(s) to disable: XQ_CMERROR_SCHED_L3_PERR_ERR. PR1538960
The VXLAN encapsulation over IPv6 underlay might not work. PR1532144
PE-CE OAM CFM might have issues in the aggregated Ethernet interface. PR1501656
Flow programming issue for lt- interface in the Packet Forwarding Engine level is observed. PR1525188
The following error message is observed when alarms after interface reset: 7836 ifl 567 chan_index 8 NOENT & jnh_ifl_topo_handler_pfe(13015): ifl=567 err=1 updating channel table nexthop. PR1525824
PPE errors or traps might be observed in the Layer 2 flooding scenarios. PR1533767
The FPC process might crash when the next-hop memory of ASIC is exhausted in the EVPN-MPLS scenario. PR1533857
The npc process generates the core file in igmp_process_wakeup_events,igmp_pfe_thread,thread_detach_tty. PR1534542
Subscribers do not come up on VPLS in the PS interface. PR1536043
Packet loss might be observed when the RFC2544 egress reflector session is configured on the non-zero Packet Forwarding Ethernet interface. PR1538417
The rmopd process memory leak might be seen if the TWAMP client is configured. PR1541808
FPC might crash when the underlying Layer 2 interface for ARP over IRB interface is changed from the physical interface to the LSI interface. PR1542211
The RP expired timer on the backup Routing Engine is not the same as the primary Routing Engine if the aging-timer is configured. PR1544398
The kernel might crash if GRES is performed on either new iteration or after swapping the Routing Engine and restoring the HA configuration. PR1549656
The BGP session replication might fail to start after the session crashes on a backup Routing Engine. PR1552603
Traffic is not forwarded over IRB to a Layer 2 circuit on the lt interfaces. PR1554908
The IPv4 EXP rewrite might not work properly when inet6-vpn is enabled. PR1559018
The BUM frame might be duplicated on an aggregate device if the extended-port on the satellite device is an aggregated Ethernet interface. PR1560788
The DHCPv4 request packets might be wrongly dropped when DDoS attack occurs. PR1562474
The enforce-strict-scale-limit-license configuration enforces subscriber license incorrectly in the ESSM subscriber scenario. PR1563975
Routing Policy and Firewall Filters
The policy configuration might be mismatched between the rpd and mgd processes when deactivating the policy-options prefix-list in the configuration sequence. PR1523891
Generated route goes to the Hidden state when the protect core command is enabled. PR1562867
Global variable policy_db_type is not set to the correct value on failure. PR1561931
Routing Protocols
The BFD session might get stuck in the Init or Down state after the BFD session flaps. PR1474521
With BGP rib-sharding enabled, the RPD memory exhaustion might be observed. PR1546347
Traffic loss might be seen in the next-hop-based dynamic tunnels of the Layer 3 VPN scenario after changing the dynamic-tunnel preference. PR1542123
Traffic loss might occur during VRF route resolution over indirect next hop. PR1525363
Traffic might be silently discarded when the BGP route gets deleted, which is part of multipath. PR1514966
The output of the show isis interface detail command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long. PR1482983
The rpd might crash with BGP RPKI enabled in a race condition. PR1487486
The ppmd process generates the core file after MS-MPC restarts. PR1490918
The BGP session with VRRP virtual address might not come up after the session flaps. PR1523075
The VRF label is not assigned at ASBR when the inter AS is implemented. PR1523896
The IS-IS LSP database synchronization issue might be seen while using the flood-group feature. PR1526447
Transit labels for Layer 3 VPN routes are pushed momentarily to the MPLS.0 table. PR1532414
Configuring the next hop and then rejecting it on a route policy for the same route might cause the rpd process to crash. PR1538491
After the peer is moved out of the protection group, the path protection is not removed from the PE device. Multipath route is still present. PR1538956
The rpd process generates the core file at gp_rtarget_tsi_update,bgp_rtarget_flash_rt,bgp_rtarget_flash. PR1541768
Continuous rpd crash might be observed if a static group is added to protocol PIM. PR1542573
The metric of prefixes in intra-area-prefix LSA might be changed to 65535 when the metric of one of the OSPFv3 P2P interfaces is set to 65535. PR1543147
The neighbor shutdown configuration of the BGP session does not effect the non-established peer. PR1554569
The changes do not get effective when the values are set under the static default hierarchy. PR1555187
Sending multicast traffic to downstream receiver on the Trio based Virtual Chassis platforms might fail. PR1555518
Multipath information is displayed for BGP route even after disabling the interface for one path. PR1557604
All the Layer 3 VPN route resets when a VRF is added or removed. PR1560827
Duplicate LSP next hop is shown on inet.0, inet.3, and mpls.0 route table when OSPF Traffic-Engineering shortcuts and mpls bgp-igp-both-ribs are enabled. PR1561207
SNMP MIB ospfv3NbrState returns a drifted value. PR1571473
Six PE device prefixes might not be removed from RIB upon the reception of withdrawal from a BGP neighbor when RIB sharding is enabled. PR1556271
Wrong SPF calculation might be observed for OSPF with ldp-synchronization hold-time configured after the interface flaps. PR1561414
BGP routes might be stuck in routing table in the Accepted DeletePending state when the BGP peering session goes down. PR1562090
VRF table does not get refreshed after a change made to maximum-prefixes in the VRF. PR1564964
Traffic might be lost during mirror data transmit from primary ppmd/bfdd. PR1570228
SNMP MIB ospfv3NbrState returns drifted value. PR1571473
BGP session flap might be observed after the Routing Engine switchovers when the VRRP virtual address is used as the local address for the BGP session. PR1576959
Services Applications
Layer 2 TP subscribers might fail to establish a session on MX if the CPE is a virtual host. PR1527343
The following error message is observed: SPD_CONN_OPEN_FAILURE: spd_pre_fetch_query: unable to open connection to si-1/0/0. PR1550035
User Interface and Configuration
The configuration under groups stanza is not inherited properly. PR1529989
Commit might fail after the Routing Engine switchovers. PR1531415
The license errors might be returned on the backup Routing Engine when you try to commit the configuration. PR1543037
The verbose command unexpectedly becomes hidden after Junos OS Release 16.1 for set system export-format json. PR1547693
VPNs
MVPN multicast route entry might not be properly updated with the actual downstream interfaces list. PR1546739
Resolved Issues: 20.2R2
Application Layer Gateways (ALGs)
The srxpfe or mspmand process might crash if FTPS is enabled in a specific scenario. PR1510678
EVPN
EVPN-VXLAN core isolation does not work when the system is rebooted or the routing is restarted. PR1461795
When a dynamic-list next-hop is referenced by more than one route, it might result in an early deletion of the next-hop from the kernel, thereby assigning the next-hop index as 0 (next-hop type: dynamic List, next-hop index: 0 in the output of the show route command). This would not result in a crash but an early delete from the kernel. PR1477140
Configuring the proxy-macip-advertisement command for EVPN-MPLS leads to functionality breakage. PR1506343
With the EVPN-VXLAN configurations, the IRB MAC does not get removed from the route table after disabling IRB. PR1510954
ARP might break when multicast snooping is enabled in EVPN for the VLAN-based and VLAN-bundle service scenarios. PR1515927
Unable to create a new VTEP interface. PR1520078
The rpd process might crash when auto-service-id is configured in the EVPN-VPWS scenario. PR1530991
All the ARP reply packets towards to some address are flooded across the entire fabric. PR1535515
Forwarding and Sampling
The DHCP subscribers might get stuck in the Terminated state for around 5 minutes after disabling cascade ports. PR1505409
UTC timestamp is used in the flat-file-accounting files when a profile is configured. PR1509467
Traffic might be dropped for not exceeding the configured bandwidth under policer. PR1511041
The pfed process might crash while running the show pfe FPC x command. PR1509114
The l2ald process generates core file at
libl2_trigger_flush libl2_enqueue_pkt libl2_send_keepalive. PR1529706
General Routing
In some MX Series deployments running Junos OS, the following random syslog messages are observed for FPCs: FPCx ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM - xxx left. These messages might not have a service impact. These messages are addressed as INFO level messages. On a Packet Forwarding Engine, there are dedicated UMEM and shared GUMEM memory blocks. This informational message indicates some evicting events between UMEN and GUMEN and can be safely ignored. PR1298161
The show security group-vpn member IPsec security-associations detail | display xml command is not in the expected format. PR1349963
On the MX2000 router, the following error message might be observed if the MPC7 line card is offline when Routing Engine switchover occurs: Failed to get xfchip. PR1388076
The rpd scheduler might slip upon executing the show route resolution extensive 0.0.0.0/0 | no-more command if the number of routes in the system is large (several million). PR1425515
The MPC9E line card does not get offline due to unreachable destinations in the phase 3 stage. PR1443803
The FPC process or Packet Forwarding Engine might crash with the ATM MIC installed in the FPC. PR1453893
Application and removal of 1-Gbps speed results in the channel being down. PR1456105
In an MVPN instance, the traffic drops on multicast receivers within the range of 0.1 to 0.9 percent. PR1460471
On the MX960 router, the following error message might be observed: SCHED L4NP[0] Parity errors. PR1464297
On the MX150 routers, the request system halt and request system power-off commands do not work as expected. PR1468921
The syslog message reports simultaneous zone change reporting for all green, yellow, orange, red zones for one or more service PICs. PR1475948
All PPPoE subscribers might not log in after the FPC restarts. PR1479099
Fabric healing logic incorrectly makes all MPC line cards to go offline in the MX2000 router while the hardware fault is located on one specific MPC line card slot. PR1482124
Traffic decreases during throughput testing. PR1483100
Any change in the nested groups might not be detected on commit and does not take effect. PR1484801
XML is not properly formatted. PR1488036
Prolonged flow control might occur with MS-MPC or MS-MIC. PR1489942
The following error message is observed on the MPC line card in the manual mode: clksync_as_evaluate_synce_ref: 362 - Failed to configure clk. PR1490138
The MX10003 RCB always detects the fire temperature and shuts down in a short time after downgrade. PR1492121
The MPC10 or MPC11 line card might crash if the interface is configured with the firewall filter referencing shared-bandwidth policer. PR1493084
VPLS flood next-hop might not get programmed correctly. PR1495925
B4 might not be able to establish the softwire with AFTR. PR1496211
Heap memory leak might be seen on the MPC10 and MPC11 line cards. PR1499631
Some of the virtual services might not come up after GRES or rpd restart. PR1499655
After disabling and enabling the ams0 interfaces, the NAT sessions do not get synchronized back to the current standby SDG. PR1500147
Unexpected behavior during the show | display inheritance command is observed when the foreground is deactivated. PR1500569
The show services alg conversations and show services alg sip-globals commands are not supported in the USF mode. PR1501051
VPN traffic gets silently discarded in a cornered Layer 3 VPN scenario. PR1501935
The chassisd process might become nonresponsive. PR1502118
The packets from a non-existing source on the GRE or UDP designated tunnel might be accepted. PR1503421
Configuring the ranges statement for autosensed VLANs might not work on the vMX platforms. PR1503538
MIBS is added as part of jnxLicenseInstallTable: jnxLicenseStartDate jnxLicenseEndDate. PR1503790
The gNMI stream does not follow the frequency on the subscription from the collector. PR1504733
The rpd process might crash in case of a network churn when the telemetry streaming is in progress. PR1505425
After sending the Layer 4 or Layer 7 traffic, the HTTP redirect messages are not captured as expected. PR1505438
The l2cpd process might crash if the ERP configuration is added or removed, and the l2cpd process is restarted. PR1505710
VRRPv6 might not work in an EVPN scenario. PR1505976
GnmiJuniperTelemetryHeader incompatibility is introduced in Junos OS Release 19.3. PR1507999
The heap memory utilization might increase after extensive subscriber login or logout. PR1508291
Outbound SSH connection flap or memory leak issues is observed during push configuration to the ephemeral database with a high rate. PR1508324
The host-generated packets might be dropped if the force-control-packets-on-transit-path statement is configured. PR1509790
The disabled QSFP transceiver might fail to switch on. PR1510994
PFCP message acknowledgment or non-acknowledgment responses are not tracked without the fix. If the CPF peer drops an acknowledged UPF response message and CPF retries the request, the reattempts do not get an acknowledgment by the response cache at UPF and get silently dropped. This causes the CPF state machine to constantly retry requests with those messages being dropped at UPF, which leads to the Established state at both CPF and UPF. PR1511708
Static subscribers are logged out after creating a unit under the demux0 interface. PR1511745
Memory leak on l2ald might be seen when adding or deleting the routing-instances or bridge-domains configuration. PR1512802
The wavelength configured through the CLI might not be set on the SFP+-10G-T-DWDM-ZR optics when the optics is used on the MPC7E line card. PR1513321
Modifying the segment list of the segment-routing LSP might not work. PR1513583
Subscribers might not be able to bind again after performing back-to-back GRES followed by an FPC restart. PR1514154
The MACsec session might fail to establish if the 256-bit cipher suite is configured for MACsec connectivity association assigned to a logical interface. PR1514680
On the MX2010 and MX2020 routers, the SPMB CPU is elevated when an SFB3 is installed. PR1516287
Active sensor check fails while checking the show agent sensors|display xml command. PR1516290
Used-Service-Unit of the CCR-U has Output-Bytes counter zero. PR1516728
The MPC7E line card with QSFP installed might get rebooted when the show mtip-chmac <1|2> registers vty command is executed. PR1517202
There might be memory leak in cfmd if both the CFM and inet or IPv4 interfaces are configured. PR1518744
The vgd process might generate a core file when the OVSDB server restarts. PR1518807
The PADI packets might be dropped when the interface encapsulation VPLS is set along with the accepted protocol configured as PPPoE. PR1523902
The PSM firmware upgrade must not allow multiple PSM upgrades in parallel to avoid the firmware corruption and support multiple firmwares for different hardware. PR1524338
Commit is successful while deactivating CB0 and CB1 interfaces with a running GNF. PR1524766
According to the OC data model, the openconfig-alarms.yang subscription path must be used as a system, alarms, or alarm. PR1525180
Addition and removal of an aggregated Ethernet interface member link might cause the PPPoE subscriber session and traffic to drop. PR1525585
WAG control route prefix length is observed. PR1526666
Commit error messages comes twice while validating the physical-cores statement. PR1527322
The cpcdd process might generate the core file after upgrading to Junos OS Release 19.4 and later. PR1527602
The transit PTP packet might be modified unexpectedly when the packet is passed through MPC2E-NG, MPC3E-NG, and MPC5E. PR1527612
The commit confirm command might not roll back the previous configuration when the commit operation fails. PR1527848
Non-impacting error message is seen in the message logs: IFP error> ../../../../../../../../../src/pfe/usp/control/applications/interface/ifp.c@3270:(errno=1000) tunnel session add failed. PR1529224
In the subscriber management environment, the RADIUS interim accounting records does not get populated with the subscriber statistics. PR1529602
Deletion of the address of the jmgmt0 interface might fail if the shortened version of the CLI command is used. PR1532642
The clear ike statistics with remote gateway does not work. PR1535321
Multicast traffic might be sent out through unexpected interfaces with distributed IGMP enabled. PR1536149
Version-alias is missed for subscribers configured with dynamic profiles after ISSU. PR1537512
With hold time configuration, the ge interfaces remain down on reboot. PR1541382
Port mirroring with the maximum-packet-length configuration does not work over GRE interface. PR1542500
MPC10 or MPC11 line card might crash in case of Composite Chain Nexthop creation failures. PR1538559
During an upgrade, vSRX3.0 would display the following incorrect license warnings when utilizing licensable features even if the license is present on the device: warning: requires 'idp-sig' license. PR1519672
On the MX150 router, the logical interfaces stay up during vmhost halt or power-off. PR1526855
ERO update by the controller for branch LSP might cause issues. PR1508412
PEM 0 always shows as absent or empty even if PEM 0 is present on the MX10003 router. PR1531190
Infrastructure
If the serial number of the PEM starts with 1F1, the following alarm might be generated: Minor FPC PEM Temp Sensor Failed. PR1398128
Unknown MIB OID 1.3.6.1.2.1.47.2.0.30 are referenced in the SNMP trap after upgrading to Junos OS Release 18.4R3. PR1508281
SNMP polling might return an unexpected high value for the ifHCOutOctets counter for a physical interface when any jnxDom OID is processed at the same time. PR1508442
Interfaces and Chassis
The sonet-options configuration statement is disabled for the xe interface that works in the wan-phy mode. PR1472439
Failure to configure proactive ARP detection. PR1476199
Control logical interface 32767 is not created on the VLAN-tagged IFD even after removing the VLAN 0 configuration. PR1483395
Some of the logical interfaces might not come up with the configured vlan-bridge encapsulation. PR1501414
Unexpected dual VRRP backup state might occur after performing two subsequent Routing Engine switchovers with the track priority-hold-time configured. PR1506747
The vrrpd process might crash when the dual VLAN on VRRP interfaces is configured. PR1512658
Commit failure is observed while deleting all the units under the ps0 interface. PR1514319
When multiple CFM sessions are configured on IFD, the SNMP walk of ieee8021CFMStack table fails. PR1517046
Inline Y.1731 SLM or DM does not work in enhanced-cfm-mode for the EVPN UP MEP scenario. PR1537381
Buffer overflow vulnerability in a device control daemon is observed. PR1519334
FPC crash might be observed with an inline mode with CFM configured. PR1500048
Intrusion Detection and Prevention (IDP)
When creating the custom IDP signatures that match the raw bytes (hexadecimal), the commit check fails if the administrator configures the depth parameter. PR1506706
Junos Fusion for Provider Edge
The statistics of the extended ports on the satellite device cluster might show wrong values from the aggregation device. PR1490101
Layer 2 Ethernet Services
The aggregated Ethernet interface sometimes might not come up after the switch is rebooted. PR1505523
The DHCPv6 lease query is not as expected while verifying the DHCPv6 server statistics. PR1506418
The show dhcp relay statistics command displays DHCPLEASEUNASSIGNED instead of DHCPLEASEUNASSINGED, which is spelling error. PR1512239
The show dhcpv6 relay statistics command must display DHCPV6_LEASEQUERY_REPLY instead of DHCPV6_LEASEQUERY_REPL for the messages sent. PR1512246
The DHCP6 lease query is not as expected while verifying the DHCPV6v relay statistics. PR1521227
Memory leak in jdhcpd might be seen if access-profile is configured under the dhcp-relay or dhcp-local-server statement. PR1525052
Receipt of the malformed DHCPv6 packets causes the jdhcpd process to crash. PR1511782
The jdhcpd process crashes when a specific DHCPDv6 packet is processed in the DHCPv6 relay configuration. PR1512765
MPLS
The RSVP interface bandwidth calculation rounds up. PR1458527
The same device responds twice for traceroute if it goes through the MPLS network under specific conditions. PR1494665
Traffic loss might occur if ISSU is performed when P2MP is configured for an LSP. PR1500615
The CSPF job might get stalled for a new or an existing LSP in a high-scale LSP setup. PR1502993
The auto-bandwidth feature might not work correctly in an MPLS scenario. PR1504916
Activating or deactivating the LDP-sync under OSPF might cause the LDP neighborship to go down and stay down. PR1509578
The rpd process might crash after upgrading Junos OS Release 18.1 to a later release. PR1517018
The SNMP trap is sent with the incorrect OID jnxSpSvcSetZoneEntered. PR1517667
The LDP session-group might throw a commit error and flap. PR1521698
ping mpls rsvp does not take into account for the lower MTU in the path. PR1530382
The rpd process might crash when the LDP route with the indirect next-hop is deleted on the aggregated Ethernet interface. PR1538124
The inter-domain LSP with loose next-hops path might get stuck in the Down state. PR1524736
The RPD scheduler might slip after the link flaps. PR1516657
Network Address Translation (NAT)
Need to improve the maximum eNode connections for one persistent NAT binding from 8 to 32. PR1532249
Network Management and Monitoring
The SNMPv3 informs might not work properly after rebooting. PR1497841
Platform and Infrastructure
Packets are dropped when next-hop is IRB over an lt interface. PR1494594
Traffic to VRRP virtual IP or MAC addresses might be dropped when ingress queuing is enabled. PR1501014
Traffic that originates from another subnet is sent out with 0x8100 instead of 0x88a8. PR1502867
MPCs might crash when there is a change on routes learnt on the IRB interface configured in the VPLS or EVPN instances. PR1503947
Traffic loss might be seen in certain conditions under an MC-LAG setup. PR1505465
The kernel might crash causing the router or the Routing Engine to reboot when performing virtual IP related change. PR1511833
During the route table object fetch failure, the FPC process might crash. PR1513509
The output value of the show jnh qmon queues-sensor stats 0 command has no content. PR1514881
VPLS connection might be stuck in the primary fail status when a dynamic profile is used on the VPLS pseudowire logical interface. PR1516418
Configured scheduler-map is not applied on the ms- interface if the service PIC is in the Offline state during commit. PR1523881
TWAMP interoperability issue between Junos OS releases is observed. PR1533025
Packet loss might be observed when the RFC2544 egress reflector session is configured on the non-zero Packet Forwarding Ethernet interface. PR1538417
Trio-based FPC might crash when the underlying layer 2 interface for ARP over IRB interface is changed from the physical interface to LSI interface. PR1542211
Routing Protocols
Multicast traffic loss might be seen in certain conditions while enabling IGMP snooping under the EVPN-VXLAN ERB scenario. PR1481987
The output value of the show isis interface detail command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters. PR1482983
BGP RPKI ROA withdrawal might lead to an unexpected BGP route flap. PR1483097
There might be rpd memory leak in a certain looped MSDP scenario. PR1485206
The rpd process might crash in a multicast scenario with the configured BGP. PR1501722
On all Junos OS dual-Routing Engine GRES or NSR enabled routers, the rpd process might crash on a new primary Routing Engine if the Routing Engine switchover occurs right after massive routing-instance deletion. PR1507638
The rpd process might crash due to RIP updates being sent on an interface in the Down state. PR1508814
The rpd process might crash on the backup Routing Engine if the BGP (standby) receives a route from the peer, which is rejected due to an invalid target community. PR1508888
The rpd process might report 100 percent CPU usage with the BGP route damping enabled. PR1514635
ISIS-SR routes might not be updated to reflect the change in the SRMS advertisements. PR1514867
The rpd process might crash after deleting and re-adding a BGP neighbor. PR1517498
The rpd process might crash if there is a huge number of SA messages in the MSDP scenario. PR1517910
Tag matching in the VRF policy does not work properly when the independent-domain option is configured. PR1518056
The BGP-LS NLRI handling improvements are needed for BGP-LS ID TLV. PR1521258
The IS-IS LSP database synchronization issue might be seen while using the flood-group feature. PR1526447
Configuring then next-hop and then reject on a route policy for the same route might cause rpd to crash. PR1538491
After moving the peer out of protection group, the path protection not removed from the PE router. PR1538956
Services Applications
The FPC process might crash with the npc core file if the service interface is configured under service-set in the USF mode. PR1502527
The output value of the show services l2tp tunnel extensive command does not show the configured session limit. PR1503436
Destination lockout functionality does not work at the tunnel session level when CDN code is received. PR1532750
Subscriber Access Management
Subscriber accounting message retransmissions exist even after configuring accounting retry 0. PR1405855
The LTS incorrectly sends the access-request with the Tunnel-Assignment-ID, which is not compliant with RFC 2868. PR1502274
CCR-T does not contain the usage monitoring information. PR1517507
The show network-access aaa subscribers statistics username "<>" command fails to fetch the subscriber-specific AAA statistics information if the user name of the subscriber contains space. PR1518016
User Interface and Configuration
The version information under the configuration changes from Junos OS Release 19.1 and onward. PR1457602
VPNs
MPLS label manager might allow configuration of a duplicated VPLS static label. PR1503282
The rpd process might crash after removing the last interface configured under the Layer 2 circuit neighbor. PR1511783
The rpd process might crash when deleting the Layer 2 circuit configuration in a specific sequence. PR1512834
Resolved Issues: 20.2R1
Application Layer Gateways (ALGs)
SIP messages that need to be fragmented might be dropped by the SIP ALG. PR1475031
FTPS traffic might be dropped on MX Series platforms if FTP ALG is used. PR1483834
Class of Service (CoS)
The MX Series generated OAM/CFM LTR messages are sent with a different priority than the incoming OAM/CFM LTM messages. PR1466473
The MX10008 and MX100016 routers might generate cosd core files after executing the commit/commit check command if the policy-map configuration is set. PR1475508
Error message GENCFG write failed (op, minor_type) = (delete, Scheduler map definition) for tbl id 2 ifl 0 TABLE Reason: No such file or directory is observed. PR1476531
MX Series platforms with MPC1-Q and MPC2-Q line cards might report memory errors. PR1500250
EVPN
Remote MAC address present in EVPN database might be unreachable. PR1477140
Deleting a Layer 2 logical interface generates an error if the interface is not deleted first from EVPN. PR1482774
The ESI of IRB interface does not update after autonomous-system number change if the interface is down. PR1482790
Dead next-hops might flood in a rare scenario after remote PE devices are bounced. PR1484296
The ARP entry gets deleted from the kernel after adding and deleting the virtual-gateway-address. PR1485377
The rpd core file might be generated when doing Routing Engine switchover after disabling BGP protocol globally. PR1490953
VXLAN bridge domain might lose VTEP logical interface after restarting chassisd. PR1495098
The VXLAN function might be broken due to a timing issue. PR1502357
The MAC address of the LT interface might not be installed in the EVPN database. PR1503657
Forwarding and Sampling
IP-IP de-encapsulation fails if de-encapsulation filter is applied on loopback interface. PR1469219
Traffic might be forwarded into the default queue instead of the correct queue when the VPLS traffic has three or more VLAN tags with VLAN priority 5. PR1473093
The filter might not be installed if the policy-map xx is present under the filter. PR1478964
General Routing
Syslog error message PFEIFD: Could not decode media address with length 0 might be generated by the Packet Forwarding Engine. PR1341610
The nondefault routing instance is not supported correctly for NTP packets in a subscriber scenario. PR1363034
Egress monitored traffic is not mirrored to destination for analyzers on MX Series routers. PR1411871
FPC x Voltage Tolerance Exceeded alarm raised and cleared upon bootup of JNP10K-LC2101. PR1415671
The pccd starts running from the system start. PR1417052
Resetting the Playback Engine logs are seen on the MPC5E line cards. PR1420335
PF core voltage is not set according to the required e-fuse value and remains as default value of 0.9V on the JNP10008-SF and JNP10016-SF Switch Interface Boards (SIBs). PR1420864
FPC might crash after GRES when you commit the changes in firewall filter with the next term statement in the subscriber scenario. PR1421541
PTP might not work on the MX104 platform if phy-timestamping is enabled. PR1421811
When you run the show route label X | display json command, two nh keys are present in the output. PR1424930
PTP and show warning are disabled when hyper mode is configured. PR1429527
Interfaces on the MPC-3D-16XGE-SFPP might go down due to CB0 clock failure. PR1433948
ZF interrupts for out-of-range destination Packet Forwarding Engine INTR for Gnt are observed when the MPC6 or MPC9 line card is brought up. PR1436148
System reboot is required when GRES is enabled or disabled with the mobile-edge configuration. PR1444406
On the MPC10E-15C-MRATE with 25-Gigabit Ethernet ports, FEC statistics are not getting reset after changing FEC mode. PR1449088
RE-MX2008-X8-128G secure BIOS version mismatch alarms. PR1450424
Need to add support for drop flows when the packet drops. PR1451921
When MVLAN interface (OIF map) is changed, the existing multicast subscribers with membership reports in place experience loss of multicast traffic until traffic is forwarded to a new OIF map. PR1452644
Interfaces shutdown by the disable-pfe action might not be up using MIC offline or online command. PR1453433
When scale configurations are applied from approximately 10 minutes, chassisd CLI will either have a delay in response or will time out. PR1454638
On 4-port 1-Gigabit Ethernet using QSFP28 optics, continuous logging in chassisd process occurs when speed 1-Gigabit Ethernet is configured with pic_get_nports_inst and ch_fru_db_key. PR1456253
On the MPC11E line card, need to add the support of optics-options low light. PR1456894
LSP statistics are not getting reset after restart routing. PR1458107
Inline S-BFD packets are dropped on MPC6E MIC1/PIC1 ports: 0-11. PR1459529
Occasional warning message such as TCP Connect error can be seen during FPC reboot. PR1460153
Multiple leaf devices and prefixes are missing when LLDP neighbor is added after streaming is started at the global level. PR1460347
Support of del_path for the LLDP neighbor change at various levels. PR1460621
When you receive IPv6 over IPv4 IBGP session, the IPv6 prefix is hidden. PR1460786
Explicit deletion notification (del_path) is not received when LLDP neighbor is lost as a result of disabling local interface on the DUT through CLI (gNMI). PR1461236
On the MPC10E line cards, more output packets than expected are seen when ping function is performed. PR1461593
The show dynamic-tunnel database CLI command output does not filter IP-IP tunnels based on destination. PR1461659
The CHASSISD_SNMP_TRAP6: SNMP trap generated: Power Supply failed message appears when both DIP switches and power switch are turned off. PR1462065
Inline BFD session might flap on renegotiation of timers from slow to aggressive interval. PR1462775
The MVPN traffic might be dropped after performing switchover. PR1463302
The native-vlan-id functionality does not work and untagged traffic does not pass with the native-vlan-id configuration. PR1463544
The jdhcpd process might consume high CPU use, and no further subscribers can be brought up if there are more than 4000 dhcp-relay clients in the MAC-MOVE scenario. PR1465277
On the MPC10E and MPC11E line cards, the bandwidth-percent with shaping-rate might not work as expected on aggregated Ethernet interfaces after shaping-rate change. PR1465766
The bbe-smgd process generates core files on the backup Routing Engine. PR1466118
ICMP error messages are still unreceived after enabling the enable-asymmetric-traffic-processing configuration statement. PR1466135
A few DHCP INFORM packets specific to a particular VLAN might be taking the incorrect resolve queue. PR1467182
On the MPC11E line card, the DOM MIB alarm for the channelized 10-Gigabit Ethernet interface is not showing any alarm for LF/RF. PR1467446
Daemons might not be started if commit is executed after commit check. PR1468119
PPP IPv6 NCP fails to negotiate during the PPP login. PR1468414
The rpd process might crash if BGP sharding is enabled. PR1468676
The tcp-log connections fail to reconnect and get stuck in the Reconnect-In-Progress state. PR1469575
Unable to set up 26M sessions (NAPT44) at 900,000 pps. PR1470833
In rare occasions, the router might send out one extra URR quota value for a bearer. PR1470890
Syslog message FPCX user.notice logrotate: ALERT exited abnormally with [1] pops at 04:02:01. PR1471006
DHCP relay with forward-only might fail to send OFFER messages when DHCP client is terminated on logical tunnel interface. PR1471161
Sudden FPC shutdown due to hardware failure or ungraceful removal of line card might cause major alarms on other FPCs in the system. PR1471372
The clksyncd crash might be seen when PTP over aggregated Ethernet is configured on the MX104 platform. PR1471466
On the MPC11E line card, locating a specific 100-Gigabit Ethernet, 40-Gigabit Ethernet, and 10-Gigabit Ethernet port in the card by blinking the corresponding port LED does not work. PR1471894
Chassis alarm on BSYS might be observed: RE0 to one or many FPCs is via em1: Backup RE. PR1472313
Performing back-to-back rpd restarts might cause rpd to crash. PR1472643
Manually configured ERO on NS controller might be lost when PCEP session bounces. PR1472825
SDB goes down very frequently if the reauthenticate lease-renewal statement is enabled for DHCP. PR1473063
Some routes might not be installed into the FPC after it gets restarted. PR1473079
On the MPC11E line card, show dynamic-tunnels database command does not show traffic statistics. PR1473096
On MPC11, oversubscription drops are not accounted in Routing Engine CLI under resource drops when Flow control is disabled. PR1473191
Dynamic-profile for VPLS-PW pseudowire incorrectly reports Dynamic Static Subscriber Base Feature license alarm. PR1473412
On the MPC11E line card, after doing Routing Engine switchover on BSYS, the AF interface on peer router shows status as down with the reason being that the Packet Forwarding Engine is down on the GNF. PR1473555
When both MSTP and ERP are enabled on the same interface, then ERP does not come up properly. PR1473610
Drops counter does not increment for the aggregated Ethernet even after the member link shows the drops. PR1473665
Ingress multicast replication does not work with GRES configuration. PR1474094
DHCP-server RADIUS-given mask is being reversed. PR1474097
On the MX150 platform, core files are not seen under show system core-dumps. PR1474118
A newly added LAG member interface might forward traffic even though its micro BFD session is down. PR1474300
Upon external X86 node slicing server reboot, the host SNMP configuration gets overwritten by the JDM SNMP configuration settings. PR1474349
When traffic loss is observed on a 100-Gigabit Ethernet logical interface, the MACsec sessions are up and live. PR1474714
On the MPC11E line card, basic circuit cross-connect traffic flow does not occur with the logical systems. PR1474983
The clksyncd process generates core file after the GRES. PR1474987
Memory leak leads to restart of the MPC10E line card. PR1475036
Stateful firewall rule configuration deletion might lead to memory leak. PR1475220
The full list should be returned. A leaf should be considered atomic, regardless of whether it is a single value or a list for on-change event. PR1475293
The RADIUS accounting updates of the service session have incorrect statistic data. PR1475729
When xSTP protocols are enabled on interface all, it might run on vlan-tagging/flexible-vlan-tagging Layer 3 interfaces and lead to blocking of SXE interface. PR1475854
Traffic loss might be seen as backup Routing Engine takes around 20 seconds to acquire the primary role. PR1475871
Traffic drop might be observed while performing a unified ISSU on the MX2020, MX2010, and MX960 platforms. PR1476505
The bbe-mibd might crash on an MX Series platform in subscriber environment. PR1476596
On the MPC10 or MPC11 line cards, Routing Engine might not be able to send packets with traffic-manager enhanced-priority-mode configuration enabled. PR1476683
The host-generated packets which might get dropped at the other end. PR1476764
Traffic loss might occur to the LNS subscribers in case the routing-service statement is enabled under the dynamic profile. PR1476786
Traffic loss might be seen in SAEGW scenario after the daemon restarts or after the GRES operation. PR1477461
In NAT-T scenario, IKE version 2 IPsec tunnel flaps if the tunnel initiator is not behind NAT. PR1477483
The rpd process might crash when the JET RIB API is used to set the "bandwidth" attribute. PR1477745
On the MX2010 platform, syslog message spmb0 cmty_sfb_temp_check: sfb[0] is powered OFF" & "spmb0 cmty_sfb_voltage_check_one: sfb[0] is powered OFF is flooding even though SFBs are online. PR1477924
Error log message chassisd[7836]: %DAEMON-3-CHASSISD_IOCTL_FAILURE: acb_get_fpga_rev: unable to get FPGA revision for Control Board (Inappropriate ioctl for device) is observed after every commit. PR1477941
The Packet Forwarding Engine might be disabled because of the major error on MPC2E-NG, MPC3E-NG, MPC5, MPC6, MPC7, MPC8, and MPC9. PR1478028
The show evpn statistics instance command gets stuck in a multihomed scenario. PR1478157
At-scale logins of both default and dedicated bearers might require retries from the control plane. PR1478191
The ukern-platformd process might crash on MX2000 platforms with MPC11 line card. PR1478243
Output chain filter counters are not proper. PR1478358
MX Series-based MPC line card might crash when there is bulk route update failure in a corner case. PR1478392
The FPC with vpn-localization vpn-core-facing-only configuration might be stuck in ready state. PR1478523
On MX240, MX480, MX960, MX2000, MX10003, MX10008, and MX10016 with the MPC7E, MPC8E, and MPC9E line cards, hardware sensor information is logged every 30 minutes. PR1478816
The protocol MTU might not be changed on lt- interface from the default value. PR1478822
The TCP-log sessions might be in Established state but no logs are sent out to the syslog server. PR1478972
Mobile-edge sessions might be lost if GRES is being performed while sessions are logged in with URR enabled. PR1478985
The SCBE3 fabric plane gets into check state in MX Series Virtual Chassis. PR1479363
Interface states are not showing correctly between main and shards on one of the interfaces. PR1479801
After kmd restarts, IPsec SA comes up but the traffic fails for some time in certain scenarios. PR1480692
100-Gigabit interface might randomly fail to come up after maintenance operations. PR1481054
Issue with binding non-default routing instance to existing soft-gre group. PR1481278
After unified ISSU on the primary and the backup Routing Engine, ISSU enhanced-mode: Performing action get-state for error /FPC/5/pfe/0/cm/0/PCIe_Error/0/PCIE_CMERROR_UNCORRECTABLE (0x190001) error message is generated. PR1481859
The rpd might crash when you execute the show route protocol l2-learned-host-routing or show route protocol rift CLI command on a router. PR1481953
Log in to some PPPoE subscribers through aggregate Ethernet interface might cause the device to reboot. PR1482431
Fragmentation limit and reassembly timeout configuration under services option is missing for SPC3. PR1482968
When checking the BFD functionality over Layer 2 VPN client, BFD session is not coming up. PR1483014
Link errors might be seen after restarting the FPC or fabric plane. PR1483124
Traffic impact might be seen when the policy-multipath is configured without LDP on the SPRING-TE scenario. PR1483585
The downstream IPv4 packet greater than BR MTU are getting dropped in MAP-E. PR1483984
Traffic rate is not as expected on aggregated Ethernet interface when child links are from MPC11 and MPC9 line card after applying a policer. PR1484193
ARP entry might not be created in the EVPN-MPLS environment. PR1484721
The logical tunnel interface might not work on the MPC10 line card. PR1484751
Fix and enhancement has been done for request rift package activate for the junos-rift package. PR1485098
Attribute sending zero value should be compressed because it uses too much bandwidth in periodic streaming. PR1485257
Interface input error counters are not increasing on the MX150 platforms. PR1485706
The krt-nexthop-ack-timeout command might not automatically be picked up on restarting the rpd process. PR1485800
MPC10E line card installed in the FPC slot 4 might drop host outbound traffic. PR1485942
Command completion help text for LLDP-MED coordinate configuration statement contains spelling errors. PR1486327
The aftd process might crash when MPC10 line card is installed. PR1487416
Incorrect frame length of 132 bytes might be captured in packet header. PR1487876
XML is not properly formatted. PR1488036
Add support for PSM firmware upgrade on the MX2000 platform. PR1488575
During multiple login and logout of 250,000 sessions, there can be daemon restart due to mishandling of data. PR1489512
NAT rule-sets processing order is not getting processed based on the order configured under service-set. It is getting processed based on the NAT rules defined under [services nat source] hierarchy level configuration. PR1489581
With 4-member AMS used in the service-set, commit check fails when /30 subnet address is used as NAT pool IP. PR1489885
Error syslog message Failed to connect to the agentx primary agent (/var/agentx/primary): Unknown host (/var/agentx/primary) (No such file or directory) is continuously being generated with dns-sinkholing. PR1490487
When NAT/SFW rule is configured with application-set with multiple applications having different TCP inactivity-timeout, sessions are not getting TCP inactivity-timeout as per the configured application order. PR1491036
The DAC cable is not detected after reboot or plug out or plug in. PR1491116
The unified ISSU is not supported on next-generation MPC cards. PR1491337
Multiple deactivating and activating of security traceoptions along with clear single NAPT44 session could result in generation of flowd core file. PR1491540
MS-MIC is down after loading some releases in the MX Virtual Chassis scenario. PR1491628
FPCs might stay down or restart when you swap the MPC7, MPC8, and MPC9 line cards with the MPC10 and MPC11 line cards or vice versa in the same slot. PR1491968
User-configured MTU might be ignored after the unified ISSU upgrade uses request vmhost software in-service-upgrade. PR1491970
Behavior change in clients with multiple gRPC channels to same target. PR1492088
The delay of LT interfaces coming up is seen on MPC11E line card after you configure scaled PS interfaces anchoring to RLT. PR1492330
On the MX10008 platform, SNMP table entPhysicalTable does not match the PICs shown for the show chassis hardware command. PR1492996
DHCP subscribers do not come up as expected after deactivating the Virtual Chassis port. PR1493699
The ptp-clock-global-freq-tracable leaf value becomes false and does not change to true when the internal lock is in the Acquiring state. PR1493743
The LSP might not come up in LSP externally-provisioned scenario. PR1494210
Error message PFE_ERROR_FAIL_OPERATION: Unable to unbind cos scheduler from physical interface 147 is observed on the MPC9E line card after restarting the MPC11E line card. PR1494452
Missing firmware image file in
usr/share/pfe/firmware. PR1494557In node slicing setup after GRES, RADIUS interim updates might not carry actual statistics. PR1494637
Group address is not programmed back after deactivating and activating the bridge domain. PR1495480
Flood next-hop ID is not same in both the primary and backup Routing Engines. PR1495925
Error message PFEIFD: Could not decode media address with length 0 is generated by the Packet Forwarding Engine when subscribers come up over a pseudowire interface. PR1496265
Port numbers logged in ALG syslog are incorrect. PR1497713
Subscribers might be disconnected after one of the aggregated Ethernet participating FPCs comes online in a Junos OS node slicing scenario. PR1498024
SNMP polling does not show correct PSM jnxOperatingState when one of the PSM inputs failed. PR1498538
The rpd might crash when multiple VRFs with 'IFLs link-protection' are deleted at a single time. PR1498992
The commit check might fail when adding IFL into a routing instance with the no-normalization statement enabled under the [routing-instances] hierarchy. PR1499265
The heap memory leak might be seen on the MPC10 and MPC11 line cards. PR1499631
The SPC3 card might crash if SIP ALG is enabled. PR1500355
On the MX2010 and MX2020 routers, the pem_tiny_power_remaining message will be continuously logged in chassisd log. PR1501108
Application ID does not display under NAT/SFW rule configured with application ’any’ rule. PR1501109
Support license start and end date in MIBs. PR1503790
The show bridge statistics command does not display the statistics information for pseudowire subscriber interfaces. PR1504409
The l2cpd crash might be seen if you add or delete ERP configuration and then restart l2cpd. PR1505710
GnmiJuniperTelemetryHeader incompatibility is introduced in Junos OS Release 19.3. PR1507999
The host generated packets might get dropped if the force-control-packets-on-transit-path statement is configured. PR1509790
The multicast traffic might be dropped if ALB is enabled on the aggregated Ethernet interface. PR1512157
High Availability (HA) and Resiliency
Unified ISSU might fail on MX204 and MX10003 Virtual Chassis with an error message. PR1480561
Infrastructure
Slow response from SNMP might be observed after an upgrade to Junos OS Release 19.2R1 and later. PR1462986
F-label veto code checks for per-pfe f-label pools. PR1466071
Interfaces and Chassis
Syslog error scchassisd[ ]: CHASSISD_IPC_WRITE_ERR_NULL_ARGS: FRU has no connection arguments fru_send_msg Global FPC x is observed after MX Virtual Chassis local or global switchover. PR1428254
Decoupling of Layer 2 logical interfaces from bridge and EVPN configurations. PR1438172
The MC-LAG configuration-consistency ICL configuration might fail after committing some changes. PR1459201
On the MPC11E line card, the IPv6 local stats are counted against the IPv6 transit traffic statistics as well. PR1467236
When you configure ESI on a physical interface, the traffic drops when you disable the logical interface under the physical interface. PR1467855
Executing commit might hang because of stuck dcd process. PR1470622
Traffic is not forwarded properly when traffic-control-profiles with logical interface queues are configured. PR1475350
Commit error is not thrown when member link is added to multiple aggregation group with different interface specific options. PR1475634
The interface on MIC3-100G-DWDM might go down after performing an interface flap. PR1475777
When you delete and add a logical interface (both the logical interfaces with the same VLAN ID) in a single commit, the configuration check fails with the error duplicate VLAN-ID. PR1477060
A stale IP address might be seen after a specific order of configuration changes in logical systems scenario. PR1477084
Traffic is seen for 248 seconds when an aggregated Ethernet member link is brought down with minimum link configuration. PR1477821
MC-AE interface might be shown as unknown status if you add the subinterface as part of the VLAN on the peer MC-AE node. PR1479012
For ATM interfaces configuration, if any logical interface has the allow-any-vci configuration, then the commit operation might fail. PR1479153
PPPoE subscribers are not up while verifying static IPv4 subscriber in passive mode. PR1483395
CFM over BD along with negative events lead to restart and CFM DM two-way verification fails. PR1489196
The vrrp-inherit-from change operation leads to packet loss when traffic is forwarded to the VIP gateway. PR1489425
Intrusion Detection and Prevention (IDP)
The CLI now provides helpful remarks about IDP's tunable detector parameters. PR1490436
When creating custom IDP signatures that match on raw bytes (hexadecimal), the commit check fails if the administrator has configured the depth parameter. PR1506706
J-Web
Junos OS security vulnerability in J-Web and Web-based (HTTP/HTTPS) services. PR1499280
Junos Fusion for Enterprise
SDPD core file is found at vFPC_all_eports_deletion_complete vFPC_dampen_FPC_timer_expiry. PR1454335
Loop detection might not work on extended ports in Junos fusion scenarios. PR1460209
Junos Fusion Satellite Software
Temperature sensor alarm is seen in Junos fusion scenarios. PR1466324
Layer 2 Ethernet Services
On MX2010 and MX2020 platforms, no alarm is generated when FPC is connected to primary Routing Engine through backup Routing Engine/CB. PR1461387
Member links state might be unsynchronized on a connection between a PE device and a CE device in an EVPN active/active scenario. PR1463791
Telemetry data for relay/bindings/binding-state-v4relay-binding and relay/bindings/binding-state-v4relay-bound is not correct. PR1475248
On the MX204 platform, the Vendor-ID is set as MX10001 in factory-default configuration and DHCP client messages. PR1488771
With ALQ and VRRP configurations, DHCP subscribers are not coming up. PR1490907
Issues with DHCPv6 relay processing confirm and reply packets. PR1496220
The MC-LAG might become down after disabling and then enabling the force-up. PR1500758
Layer 2 Features
Connectivity is broken through LAG because of the members configured with hold-time and force-up. PR1481031
MPLS
Traffic loss might be seen if P2MP with NSR is enabled. PR1434522
P2MP LSP might flap after VT interface in MVPN routing instance is reconfigured. PR1454987
The RSVP interface bandwidth calculation rounds up. PR1458527
The rpd might crash in PCEP for the RSVP-TE scenario. PR1467278
The fast reroute detour next-hop down event might cause the primary LSP go in the Down state in a particular scenario. PR1469567
The rpd process might crash during shutdown. PR1471191
The LDP and BFD sessions are not coming up in a scaled setup. PR1474204
The RSVP LSPs might not come up in a scaled network with a very high number of LSPs if NSR is used on the transit router. PR1476773
PCC might flood with event logs to controller. PR1476822
Kernel crashes and device might restart. PR1478806
The rpd process crashes on the backup Routing Engine when LDP tries to create LDP P2MP tunnel upon receiving corrupted data from the primary Routing Engine. PR1479249
On MX Series with MPC10E line card, rpd core files in rsvp_copy_route (rt=< optimized out>, rtparms_p=< optimized out>) at ../../../../../../../../../../src/junos/usr.sbin/rpd/mpls_te/proto/rsvp/proto/rsvp_route.c:3033 are seen after GRES. PR1485985
The rpd might crash on restart of primary Routing Engine or backup Routing Engine when chain-NH has inner and outer labels in the SR-TE scenario. PR1486077
High CPU utilization for rpd might be seen if RSVP is implemented. PR1490163
The rpd might crash when BGP with FEC 129 VPWS enabled flaps. PR1490952
BGP session might keep flapping between two directly connected BGP peers because of the incorrect TCP-MSS in use. PR1493431
The rpd might crash in a rare condition under SR-TE scenario. PR1493721
The rpd core files are generated during unified ISSU. PR1493969
The rpd process might crash when SNMP polling is done using OID jnxMplsTeP2MPTunnelDestTable. PR1497641
The rpd process might crash with RSVP configured in a rare timing case. PR1505834
Platform and Infrastructure
Core.vmxt.mpc0 is seen at 0x096327d5 in l2alm_sync_entry_in_pfes (context=0xd92e7b28, sync_info=0xd92e7a78) at ../../../../../src/pfe/common/applications/l2alm/l2alm_common_hw_api.c:1727. PR1430440
With chained composite next-hop enabled, the MPLS CoS rewrite does not work for IPv6 PE device traffic. PR1436872
Traffic loss might be seen in case of Ethernet frame padding with VLAN. PR1452261
Modifying the REST configuration might cause the system to become unresponsive. PR1461021
On the MX204 platform, Packet Forwarding Engine errors might occur when incoming GRE tunnel fragments get sampled and undergo inline reassembly. PR1463718
The CoS might not work on MPC10E and MPC11E line cards. PR1465870
VXLAN packet might be discarded with flow caching enabled on MX150 and vMX. PR1466470
All the subscriber services might be unavailable on vBNG running on MX150 and vMX running in payg mode. PR1467368
The JNH memory leaks after CFM session flap for LSI and VT interfaces. PR1468663
The switch might not be able to learn MAC address with dot1x and interface-mac-limit configured. PR1470424
SSH login might hang and the TACACS+ server closes the connection without sending any authentication failure response. PR1478959
Remote MEPs are not coming up as expected while verifying MIP functionality with bridge domains. PR1484303
The show system buffer command displays all zeros in the MX104 chassis. PR1484689
MAC learning under bridge domain stops after MC-LAG interface flaps. PR1488251
MAC malformation might happen in a rare scenario under MX Series Virtual Chassis setup. PR1491091
In node slicing setup, MPLS TTL might be set to zero when the packet goes through af interface configured with CCC family. PR1492639
A specific IPv4 packet might lead to FPC restart. PR1493176
Python or SLAX script might not be executed. PR1501746
MPCs might crash when there is a change on routes learned on IRB interface configured in VPLS and EVPN instances. PR1503947
Traffic convergence failed with ICL failure case. PR1505465
Routing Policy and Firewall Filters
The router-id from martian address range cannot be committed even if the range is allowed by configuration. PR1480393
Routing Protocols
The BGP session might be stuck with high BGP OutQ value after GRES on both sides. PR1323306
PIM RPF selection for the specific multicast group might get incorrectly applied to other multicast groups. PR1443056
TI-LFA might be unable to install backup path in the routing table in a specific case. PR1458791
BGP NSR with more than 40,000 IPv6 peers is not qualified or supported. PR1461436
IS-IS IPv6 routes might flap when there is an unrelated commit under protocol stanza. PR1463650
The rpd might crash if IPv4 routes are programmed with IPv6 next-hop through JET APIs. PR1465190
BGP peers might flap if the parameter of hold-time is set small. PR1466709
The configured BGP damping policy might not take effect after BGP is disabled and then enabled followed by commit. PR1466734
The rpd might stop when both instance-import and instance-export policies contain the as-path-prepend action. PR1471968
Removing cluster from BGP group might cause prolonged convergence time. PR1473351
Adjacency SID might be missed and not be advertised to peer/controller/BMP monitor in BGP-LS NLRI. PR1473362
SFTP does not connect properly and the following error is displayed: Received message too long. PR1475255
BGP TCP MD5 authentication support is not available. PR1476669
The rpd process might crash with BGP multipath and route withdraw occasionally. PR1481589
The rpd process crashes due to specific BGP UPDATE packets. PR1481641
The rpd process might crash when deactivating logical systems. PR1482112
BGP multipath traffic might not fully load-balance for a while after adding a new path for load sharing. PR1482209
The rpd might be crashed after BGP peer flapping. PR1482551
RIPv2 packets stop transmitting when changing interface-type configuration from P2MP to broadcast. PR1483181
The rpd process crashes if the same neighbor is set in different RIP groups. PR1485009
On MX Series, MSDP memory leak is observed. PR1485206
The BGP-LU routes do not have the label when BGP sharding is used. PR1485422
Removal of the BGP and rib-sharding configuration might cause routing protocols to become unresponsive. PR1485720
Layer 3 VPN RR with family route-target and no-client-reflect statements does not work as expected. PR1485977
Traffic loss is seen on a scaled MPLS setup after unified ISSU in enhanced mode. PR1486657
The rpd process crashes if the BGP LLGR with RIB sharding and traceoptions for graceful-restart are configured. PR1486703
The rpd might crash when you perform GRES with MSDP configured. PR1487636
High CPU utilization might be observed when the outgoing BGP updates are sent slowly. PR1487691
The rpd process might generate core file after always-compare-med is configured for BGP path-selection. PR1487893
BGP RIB sharding feature cannot be run on a system with a single CPU. PR1488357
The rpd crashes when reset OSPF neighbors. PR1489637
The BGP route target family might prevent route reflector from reflecting Layer 2 VPN and Layer 3 VPN routes. PR1492743
The rpd might crash because of rpd resolver problem of INH. PR1494005
The static route in inet6.0 or inet6.3 RIB might fail to delete. PR1495477
For SPRING support SRv6, continuous rpd core files are generated at isis_set_rt_pfx_sid_tsi,isis_route_change_rt after configuring [set protocols isis topologies ipv6-unicast]. PR1495994
Receipt of certain genuine BGP packets from any BGP speaker causes rpd to crash. PR1497721
The rpd might crash if the import policy is changed to accept more routes that exceed the teardown function threshold. PR1499977
The rpd process crashes when processing a specific BGP packet. PR1502327
The show bgp neighbors command shows change in x-path output for input-updates value. PR1504399
BGP might not advertise routes to peers after a peer flap. PR1507195
Services Applications
flow-tap add function might not work after the dynamic flow capture services process is restarted. PR1472109
On an MX Series router, L2TP LTS fails to forward the
agentCircuitIdandagentRemoteIdAVP toward the LNS. PR1472775The kmd might crash due to the incorrect IKE SA establishment after the remote peer's NAT mapping address has been changed. PR1477181
NPC core files are found at
services_inline_handle_svc_set_add services_inline_gencfg_handler gencfg_specific_handler. PR1502527
Subscriber Access Management
The authd process might crash after the unified ISSU from Junos OS Release 18.3 and earlier to Junos OS Release 18.4 and later. PR1473159
Syslog messages pfe_tcp_listener_open_timeout: Peer info msg not received from addr: 0x6000080. Socket 0xfffff804ad23c2e0 closed is observed. PR1474687
The delete request of a specified service session through CoA could fail. PR1479486
The CoA request might not be processed if it includes the proxy-state attribute. PR1479697
The mac-address CLI option is hidden under the access profile profile-name radius options calling-station-id-format statement. PR1480119
The authd log events might not be sent to syslog host when destination-override is used. PR1489339
VPNs
Traffic loss might be observed when the inter-AS next-generation MVPN VRF is disabled on one of the ASBRs. PR1460480
The rpd might crash when "link-protection" is added or deleted from LSP for MVPN ingress replication selective provider tunnel. PR1469028
On MVPN scenario, the LSP might stay down on removing all VT interfaces from a single hop egress. PR1474830
The MPC10E-15C-MRATE next-generation MPVN ingress replication flushing out is not proper when in egress the ingress replication configuration is deactivated. PR1475834
The Layer 2 circuit neighbor might be stuck in RD state at one end of MG-LAG peer. PR1498040
The rpd core files are generated while disabling Layer 2 circuit with connection protection, backup neighbor configuration, and Layer 2 circuit trace logs enabled. PR1502003
The rpd might crash when you delete l2circuit configuration in a specific sequence. PR1512834
Documentation Updates
This section lists the errata and changes in Junos OS Release 20.2R3 documentation for MX Series.
Advanced Subscriber Management Provider
The Broadband Subscriber Services User Guide incorrectly stated that for Routing Engine-based, converged HTTP redirect services, a CPCD service rule can include both a redirect term and a rewrite term. It also incorrectly stated that you can include separate rewrite and redirect rules in the same service profile.
Migration, Upgrade, and Downgrade Instructions
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.
Starting in Junos OS 17.4R1 release, FreeBSD 11.x is the underlying OS for all Junos OS platforms which were previously running on FreeBSD 10.x based Junos OS. FreeBSD 11.x does not introduce any new Junos OS related modifications or features but is the latest version of FreeBSD.
The following table shows detailed information about which Junos OS can be used on which products:
Platform | FreeBSD 6.x-based Junos OS | FreeBSD 11.x-based Junos OS |
MX5,MX10, MX40,MX80, MX104 | YES | NO |
MX240, MX480, MX960, MX2010, MX2020 | NO | YES |
Basic Procedure for Upgrading to Release 20.2R3
Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:
The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Installation and Upgrade Guide.
For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.
Procedure to Upgrade to FreeBSD 11.x-Based Junos OS
Products impacted: MX240, MX480, MX960, MX2010, and MX2020.
To download and install FreeBSD 11.x-based Junos OS:
- Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:
- Select the name of the Junos OS platform for the software that you want to download.
- Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
- Select the Software tab.
- In the Install Package section of the Software tab, select the software package for the release.
- Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
- Review and accept the End User License Agreement.
- Download the software to a local host.
- Copy the software to the routing platform or to your internal software distribution site.
- Install the new jinstall package on the routing platform.
Note We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.
All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:
For 32-bit Routing Engine version:
user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-20.2R3.9-signed.tgz
For 64-bit Routing Engine version:
user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-20.2R3.9-signed.tgz
Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos package):
For 32-bit Routing Engine version:
user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-20.2R3.x-limited.tgz
For 64-bit Routing Engine version:
user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-20.2R3.9-limited.tgz
Replace source with one of the following values:
/pathname—For a software package that is installed from a local directory on the router.For software packages that are downloaded and installed from a remote location:
ftp://hostname/pathnamehttp://hostname/pathnamescp://hostname/pathname
Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 11.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 11.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.
Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.
Starting in Junos OS Release 20.2R3, in order to install a VM host image based on Wind River Linux 9, you must upgrade the i40e NVM firmware on the following MX Series routers:
MX240, MX480, MX960, MX2010, MX2020, MX2008, MX10016, and MX10008
After you install a Junos OS Release 20.2R3 jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.x) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.
Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.
Procedure to Upgrade to FreeBSD 6.x-Based Junos OS
Products impacted: MX5, MX10, MX40, MX80, MX104.
To download and install FreeBSD 6.x-based Junos OS:
- Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:
- Select the name of the Junos OS platform for the software that you want to download.
- Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
- Select the Software tab.
- In the Install Package section of the Software tab, select the software package for the release.
- Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
- Review and accept the End User License Agreement.
- Download the software to a local host.
- Copy the software to the routing platform or to your internal software distribution site.
- Install the new jinstall package on the routing platform.
Note We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.
All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:
user@host> request system software add validate reboot source/jinstall-ppc-20.2R3.9-signed.tgz
Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos OS package):
user@host> request system software add validate reboot source/jinstall-ppc-20.2R3.9-limited-signed.tgz
Replace source with one of the following values:
/pathname—For a software package that is installed from a local directory on the router.For software packages that are downloaded and installed from a remote location:
ftp://hostname/pathnamehttp://hostname/pathnamescp://hostname/pathname
The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.
Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
After you install a Junos OS Release 20.2R3 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.
Upgrade and Downgrade Support Policy for Junos OS Releases
We have two types of releases, EOL and EEOL:
End of Life (EOL) releases have engineering support for twenty four months after the first general availability date and customer support for an additional six more months.
• Extended End of Life (EEOL) releases have engineering support for thirty six months after the first general availability date and customer support for an additional six more months.
For both EOL and EEOL releases, you can upgrade to the next three subsequent releases or downgrade to the previous three releases. For example, you can upgrade from 19.2 to the next three releases – 19.3, 19.4 and 20.1 or downgrade to the previous three releases – 19.1, 18.4 and 18.3.
For EEOL releases only, you have an additional option - you can upgrade directly from one EEOL release to the next two subsequent EEOL releases, even if the target release is beyond the next three releases. Likewise, you can downgrade directly from one EEOL release to the previous two EEOL releases, even if the target release is beyond the previous three releases. For example, 19.2 is an EEOL release. Hence, you can upgrade from 19.2 to the next two EEOL releases – 19.3 and 19.4 or downgrade to the previous two EEOL releases – 19.1 and 18.4.4.
Release Type | End of Engineering (EOE) | End of Support (EOS) | Upgrade and Downgrade to subsequent 3 releases | Upgrade and Downgrade to subsequent 2 EEOL releases |
End of Life (EOL) | 24 months | End of Engineering + 6 months | Yes | No |
Extended End of Life (EEOL) | 36 months | End of Engineering + 6 months | Yes | Yes |
For more information about EOL and EEOL releases, see https://www.juniper.net/support/eol/junos.html.
For information about software installation and upgrade, see the Installation and Upgrade Guide.
Upgrading a Router with Redundant Routing Engines
If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:
Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.
Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.
After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.
Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.
For the detailed procedure, see the Installation and Upgrade Guide.
Downgrading from Release 20.2R3
To downgrade from Release 20.2R3 to another supported release, follow the procedure for upgrading, but replace the 20.2R3 jinstall package with one that corresponds to the appropriate release.
You cannot downgrade more than three releases.
For more information, see the Installation and Upgrade Guide.