Junos OS Evolved Release Notes for PTX10003 and PTX10008 Devices
These release notes accompany Junos OS Evolved Release 20.3R1 for PTX10003 and PTX10008 (with the JNP10008-SF3 SIB) Packet Transport Routers. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
What's New
Learn about new features introduced in Junos OS Evolved Release 20.3R1 for the PTX10003 and PTX10008.
Hardware
We've added the following features to the PTX10008 for JNP10008-SF3 fabric in Junos OS Evolved Release 20.3R1.
Table 1: Features Supported by the PTX10008
Feature
Description
Hardware
This release introduces a limited encryption version Routing Engine, the JNP10K-RE1-ELT. This Routing Engine supports 400-Tbps line cards and JNP10008-SF3 switch fabric. The Routing Engine runs a Junos OS Evolved limited image that does not support data plane encryption and is intended only for the countries of the Eurasian Customs Union (EACU). [See PTX10008 Routing and Control Boards Components and Descriptions.]
Two new configuration models, and PTX10008-PREM2, are now available for sites that do not require a fully-populated chassis. These configurations allow the PTX10008 to operate with fewer Switch Interface Boards (SIBs). The configurations consist of:
PTX10008-BASE3—One routing engines, two fan trays, two fan tray controllers, six JNP10K-PWR-AC2 or JNP10K-PWR-DC2 power supplies, three SIBs, three SIB covers, and eight line-card slot covers.
PTX10008-PREM2—Two routing engines, two fan trays, two fan tray controllers, six JNP10K-PWR-AC2 or JNP10K-PWR-DC2 power supplies, four SIBs, two SIB covers, and eight line-card slot covers.
High availability (HA) and resiliency
Platform resiliency enables the router to handle failures and faults related to the hardware components such as line cards, switch fabric, control boards, fan trays, fan tray controllers, and power supply units. Fault handling includes detecting and logging the error, raising alarms, sending SNMP traps, providing indication about the error through LEDs, self-healing, and taking components out of service. [See show system errors active.]
Support for VRRP. The following features are not supported for VRRP on Junos OS Evolved:
ISSU
Proxy ARP
MC-LAG
Distribution support on aggregated Ethernet interface (ae)
IRB
Inline delegation
VRRP sessions might flap during GRES in centralized mode. [See Understanding VRRP.]
Interfaces and chassis
Support to upgrade the optic drivers on the PTX10K-LC1201 line card without a full Junos OS Evolved upgrade. You can upgrade the optics drivers by running the request system software add package_name command. [See Hardware Supported by Junos Continuity Software.]
Unicast RPF support for both IPv4 and IPv6 traffic flows. [See Example: Configuring Unicast Reverse-Path-Forwarding Check.]
Support for configuring GRE tunnel encapsulation on FTIs using the loopback interface. You can configure encapsulation by using the command tunnel encapsulation gre source address destination address at the [edit interfaces fti0 unit unit ] hierarchy.
Keep in mind the following when configuring this feature:
Adding tunnel-termination makes the tunnel decap-only tunnel and encapsulation will be disabled.
Both the source and destination address is mandatory when you don’t configure the tunnel-termination command.
Configuring a variable prefix mask on the source address isn’t allowed.
[See Tunnel and Encryption Services Interfaces User Guide for Routing Devices.]
Native VLAN ID on Layer 3 interfaces enables the logical interface whose VLAN ID matches the native VLAN ID configured for that interface to accept untagged packets as well as tagged packets. The same logical interface with native VLAN ID enabled ensures that any packet going out of that interface does not have a tag attached. Packets can be outbound control packets or transit data packets. [See native-vlan-id.]
Support for the discard interface. [See Discard Interfaces.]
Support for the following transceivers:
QSFP-100G-FR—These transceivers interoperate with the QDD-4X100G breakout optics. For example, the QDD-4X100G-FR interconnects with up to four QSFP-100G-FR transceivers. The QSFP-100G-FR transceivers interconnect in single links (QSFP-100G-FR to QSFP-100G-FR or to QSFP-100G-DR) and interoperate at the shortest link length.
QSFP-100G-DR—These transceivers interoperate with 400-Gbps breakout optics. For example, the QDD-400G-DR4 interconnects with up to four QSFP-100G-DR transceivers. The QSFP-100G-DR transceivers interconnect in single links (QSFP-100G-DR to QSFP-100G-DR or to QSFP-100G-FR) and interoperate at the shortest link length.
QSFP-100G-LR—These transceivers interoperate with the QDD-4X100G breakout optics. For example, the QDD-4X100G-FR interconnects with up to four QSFP-100G-LR transceivers. The QSFP-100G-LR transceivers interconnect in single links (QSFP-100G-LR to QSFP-100G-LR or to QSFP-100G-FR) and interoperate at the shortest link length.
Note: These transceivers are not compatible with earlier-generation 100-Gbps transceivers (for example, QSFP-100G-CWDM4 and QSFP-100G-LR4).
[See the Hardware Compatibility Tool (HCT) for details.]
Support for adaptive load balancing (ALB) on multiple Packet Forwarding Engines for aggregated Ethernet bundles.
Note: With ALB configured, the show interfaces ae0 extensive command displays adaptive statistics information under the physical interface, not the logical interface.
Aggregated Ethernet interfaces support mixed rates and mixed modes. The aggregated Ethernet supports member links of different modes (WAN and LAN) for 10GbEt links and member links of different rates for WAN and LAN aggregated Ethernet bundles. [See Configuration Guidelines for Aggregated Ethernet Interfaces.]
Junos telemetry interface (JTI)
Support for export of physical interface queue statistics to an outside collector using UDP (native) streaming, remote procedure call (gRPC) services, or gRPC network management interface (gNMI) services.
To export statistics through UDP, gRPC, or gNMI, use the sensor
/junos/system/linecard/interface/queue/.Each physical interface has 8 queues. The following counters are exported as part of this sensor for all configured physical interfaces:
Transmitted packets and transmitted bytes
Red drop packets and bytes
Tail drop packets and bytes
This feature includes zero suppression support. It does not include support for summed up counters on aggregated Ethernet (ae) interfaces.
[See sensor (Junos Telemetry Interface) and Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface.]
Supports ON_CHANGE export of ARP and NDP table states to an outside collector using Junos telemetry interface (JTI) and remote procedure call (gRPC) services. Junos OS Evolved already supports ARP and NDP periodic streaming and ON_CHANGE. This feature adds interface address (IPv4, IPv6) telemetry data.
The supported resource paths (sensors) are:
/interfaces/interface/subinterfaces/subinterface/ipv4/neighbors/neighbor/state/supporting leafs ip, link-layer-address, and origin/interfaces/interface/subinterfaces/subinterface/ipv6/neighbors/neighbor/state/supporting leafs ip, ink-layer-address, origin, is-router, neighbor-state, and is-publish/interfaces/interface/subinterfaces/subinterface/ipv4/addresses/address/state/supporting leafs ip, prefix-length, and origin/interfaces/interface/subinterfaces/subinterface/ipv4/addresses/address/state/supporting leafs ip, prefix-length, and origin/interfaces/interface/subinterfaces/subinterface/ipv4/unnumbered/state/supporting leafs enabled, interface-ref/state/interface, and interface-ref/state/subinterface/interfaces/interface/subinterfaces/subinterface/ipv4/state/supporting leafs enabled and mtu/interfaces/interface/subinterfaces/subinterface/ipv6/addresses/address/state/supporting leafs ip, prefix-length, origin, and status/interfaces/interface/subinterfaces/subinterface/ipv6/unnumbered/state/enabled/interfaces/interface/subinterfaces/subinterface/ipv4/unnumbered/state/supporting leafs enabled, interface-ref/state/interface, and interface-ref/state/subinterface/interfaces/interface/subinterfaces/subinterface/ipv6/unnumbered/interface-ref/state/interface/subinterface//interfaces/interface/subinterfaces/subinterface/ipv6/state/supporting leafs enabled and mtu
[See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface.]
This release supports export of Source Packet Routing in Networking (SPRING) statistics to an outside collector using remote procedure call (gRPC) services.
This feature provides the per-segment identifier (SID) level and interface level traffic counts for SPRING traffic. These statistics reflect the SPRING LSP utilization in the TED, which aids to correctly re-route the RSVP LSPs.
To enable SPRING statistics include the following statements on the client device:
For egress (per-interface egress) use the set protocols isis source-packet-routing sensor-based-stats per-interface-per-member-link egress at the [edit] hierarchy level.
For egress (per-SID egress) use the set protocols isis source-packet-routing sensor-based-stats per-sid egress at the [edit] hierarchy level.
For ingress (per-SID ingress) use the set protocols isis source-packet-routing sensor-based-stats per-sid ingress statement at the [edit] hierarchy level.
Use the following sensors to export statistics by means of gRPC services to an outside collector:
/junos/services/segment-routing/interface/egress/usage/for egress (per-interface egress) aggregate SPRING traffic./junos/services/segment-routing/sid/usage/for egress (per-SID egress) and ingress (per-SID ingress) aggregate SPRING traffic.
[See source-packet-routing and Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface.]
Multicast
IPv4 and IPv6 multicast support including MSDP. This release also includes support for PIM-SM as the first-hop router (FHR) or last-hop router (LHR), and anycast, static, or local rendezvous point (RP).
Network management and monitoring
Remote port mirroring with ToS or DSCP settings enables you to send sampled copies of incoming packets to remotely connected network management software. You send the packets through GRE encapsulation, which is supported by FTIs. You can set ToS and DSCP values to provide necessary priorities in the network for these packets. You can also apply policing to sampled packets that are leaving the FTI. Configure the settings you need in the [edit forwarding-options port-mirroring instance instance-name output] hierarchy. [See instance (Port Mirroring).]
Port security
Support for fallback preshared key (PSK) for MACsec. [See Configuring MACsec with Fallback PSK.]
Routing policy and firewall filters
Nested filters enable you to reference a common firewall filter by attaching it to multiple firewall policies (a filter being one or more match conditions and corresponding actions). You can bind nested filters to the following interface types:
inet—Both input and output directions
inet6—Both input and output directions
mpls—Input direction only
You can also bind them to routing instances, and in the input direction, the output direction, or both directions. [See Guidelines for Nesting References to Multiple Firewall Filters and Example: Nesting References to Multiple Firewall Filters.]
Support for configuring priority for route prefixes through existing import policy in protocols. [See Configuring Priority for Route Prefixes in RPD Infrastructure.]
Routing protocols
Support for inline BFD. [See Understanding Bidirectional Forwarding Detection (BFD).]
BGP flow specification support. The following match conditions are not supported:
ICMP codes alone inet/inet6
Source/destination prefix with offset for inet6
Flow label for inet6
Fragment for inet6
The following action is not supported:
Traffic marking
Support for BGP-LU over SR-TE for color-based mapping of VPN services. [See Understanding Static Segment Routing LSP in MPLS Networks.]
Support for BGP routes with n-multipath primary and 1-protection backup gateway. [See multipath (Protocols BGP), delay-route-advertisements, and egress-te.]
Support for BGP PIC edge with BGP Labeled Unicast (BGP-LU) as the transport protocol, which helps to protect traffic failures over border nodes (ABR and AS boundary router) in multidomain networks. [See BGP PIC Edge Using BGP Labeled Unicast Overview.]
Services applications
Support for multiple collectors in inline active flow monitoring. You can configure inline active flow monitoring to export flow records to up to four different collectors. Previously, inline flow monitoring could only export flow records to a single collector. [See Configuring Inline Active Flow Monitoring on PTX Series Routers.]
Reporting of the true incoming interface for the sample packets for inline active flow monitoring. Inline active flow monitoring now reports the true incoming interface for the GRE-de-encapsulated packets entering the router for the configured inline active flow monitoring filter criteria. [See Understanding Inline Active Flow Monitoring and Configuring Flow Aggregation to Use IPFIX Flow Templates on PTX Series Routers.]
Software installation and upgrade
Incompatible database support for upgrade prepare notifications and multinode software life-cycle management. [See request system software add.]
Support for Junos OS Evolved limited image. The Junos OS Evolved limited image does not support data plane encryption and is intended only for the countries of the EACU. [See Junos OS Installation Package Names.]
All models of the QFX10008 are now eligible for upgrade to PTX10008 Packet Transport Router models. Upgrade kits can be ordered to convert QFX10008 models to PTX10008-BASE3, PTX10008-PREM2, or PTX10008-PREM3. [See QFX10008 Configurations and Upgrades.]
All models of the MX10008 are now eligible for upgrade to PTX10008 Packet Transport Router models. Upgrade kits can be ordered to convert MX10008 models to PTX10008-BASE3, PTX10008-PREM2, or PTX10008-PREM3. [See MX10008 Components and Configurations.]
Support for ZTP on WAN interfaces. [See Zero Touch Provisioning Overview.]
ZTP supports the DHCPv6 client. [See Zero Touch Provisioning Overview.]
Support for QSFP-100G-FR, QSFP-100G-DR, and QSFP-100G-LR transceivers (PTX10003)—Starting in Junos OS Evolved Release 20.3R1, we provide support for these transceivers:
QSFP-100G-FR—These transceivers interoperate with the QDD-4X100G breakout optics. For example, the QDD-4X100G-FR interconnects with up to four QSFP-100G-FR transceivers. The QSFP-100G-FR transceivers interconnect in single links (QSFP-100G-FR to QSFP-100G-FR or to QSFP-100G-DR) and interoperate at the shortest link length.
QSFP-100G-DR—These transceivers interoperate with 400-Gbps breakout optics. For example, the QDD-400G-DR4 interconnects with up to four QSFP-100G-DR transceivers. The QSFP-100G-DR transceivers interconnect in single links (QSFP-100G-DR to QSFP-100G-DR or to QSFP-100G-FR) and interoperate at the shortest link length.
QSFP-100G-LR—These transceivers interoperate with the QDD-4X100G breakout optics. For example, the QDD-4X100G-FR interconnects with up to four QSFP-100G-LR transceivers. The QSFP-100G-LR transceivers interconnect in single links (QSFP-100G-LR to QSFP-100G-LR or to QSFP-100G-FR) and interoperate at the shortest link length.
Note These transceivers are not compatible with earlier-generation 100-Gbps transceivers (for example, QSFP-100G-CWDM4 and QSFP-100G-LR4).
[See the Hardware Compatibility Tool (HCT) for details.]
Authentication, Authorization, and Accounting
Support for remote TACACS+ authorization for locally authenticated users (PTX10003)—Starting in Junos OS Evolved Release 20.3R1, you can configure remote authorization on the TACACS+ server for locally authenticated users by using their locally configured parameters.
[See password-options.]
Interfaces and Chassis
Support for bringing line cards online parallelly (PTX10008)—The PTX10008 with Junos OS Evolved Release 20.3R1 or later brings the line cards online parallelly (independent of each other), not sequentially. This change eliminates the dependency of a line card on a higher priority line card to come online. However, the router allocates power to the line cards based on the priority configured in the system. The parallel bring-up behavior does not have a visible effect when there is sufficient power in the system. But when the system power capacity is degraded because of some reason, the system takes down the lowest priority line cards to power up the highest priority line cards. If the system is booting up with insufficient power, power is allocated only to the high-priority line cards.
[See fru-poweron-sequence.]
VLAN tag manipulation: pop, push, and swap (PTX10003)—Starting in Junos OS Evolved Release 20.3R1, you can configure your VLAN circuit cross-connect (CCC) logical interface on a Layer 2 circuit to handle single-tag packets. You can also use the l2circuit-control-passthrough statement at the [edit forwarding-options] hierarchy level to enable passthrough of certain Ethertype/DMAC-matched frames over the Layer 2 circuit after successful VLAN tag manipulation on the VLAN CCC logical interface. The VLAN CCC logical interface can be on a single Ethernet interface or on an aggregated Ethernet interface.
Note You cannot configure flexible-vlan-tagging or flexible-ethernet-services on PTX10003.
[See Configuring an MPLS-Based VLAN CCC with Pop, Push, and Swap and Control Passthrough.]
Support for QSFP28 100GE DWDM transceivers (PTX10003)—Starting in Junos OS Evolved Release 20.3R1, the PTX10003 router supports the QSFP28 100GE DWDM optical transceiver module (shown in the CLI as QSFP-100GE-DWDM2) for 100GbE applications. This transceiver is suited for data center interconnect, which requires high-fiber capacity for links up to 80 km.
The Junos OS Evolved features supported by the QSFP28 100GE DWDM transceiver include the following:
View the optics inventory information. [See show chassis hardware and show chassis pic fpc-slot slot pic-slot slot.]
View the diagnostics data, warnings, and alarms for interfaces. [See show interfaces diagnostics optics.]
Configure the optics loopback mode. [See optics-options.]
Junos OS XML API and Scripting
Routing instance support in Python 3 applications (PTX Series and QFX Series)—Starting in Release 20.3R1, devices running Junos OS Evolved support specifying the routing instance used by a process or socket in Python 3 applications that are executed from the Linux shell. Python 3 applications can import the
libpyvrfmodule and use the module’s functions to set the Linux VRF corresponding to the Junos OS routing instance for a specific context.[See How to Specify the Routing Instance in Python 3 Applications on Devices Running Junos OS Evolved.]
Junos Telemetry Interface
IS-IS sensor support for JTI (PTX10003 routers)—Starting in Junos OS Evolved Release 20.3R1, Junos telemetry interface (JTI) supports OpenConfig Version v0.3.3 (from v0.2.1) for resource paths related to IS-IS link-state database (LSDB) streaming. The difference between the two versions results in changes, additions, deletions, or non-support for leaf devices related to the following IS-IS type length value (TLV) parameters and IS-IS areas:
TLV 135: extended-ipv4-reachability
TLV 236: ipv6-reachability
TLV 22: extended-is-reachability
TLV 242: router-capabilities
IS-IS interface attributes
IS-IS adjacency attributes
To stream data for the IS-IS routing protocol to an outside collector using remote procedure call (gRPC) services and Junos telemetry interface, include the following resource paths in a subscription:
/network-instances/network-instance[name_'instance-name']/protocols/protocol/isis/levels/level//network-instances/network-instance[name_'instance-name']/protocols/protocol/isis/interfaces/interface/levels/level/
To stream or export ON-CHANGE data for IS-IS adjacency and link-state database (LSDB) statistics to an outside collector using remote procedure call (gRPC) services or gRPC Network Management Interface (gNMI) services and JTI, include the following resource paths in a subscription:
/network-instances/network-instance/protocols/protocol/isis/interfaces/interfaces/circuit-counters/state/(stream)/network-instances/network-instance/protocols/protocol/isis/interfaces/interface/levels/level/packet-counters/(stream)/network-instances/network-instance/protocols/protocol/isis/levels/level/system-level-counters/state/(stream)/network-instances/network-instance/protocols/protocol/isis/interfaces/interfaces/levels/level/adjacencies/adjacency/state/(ON_CHANGE)/network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/extended-ipv4-reachability/prefixes/prefix/state/(ON_CHANGE)/network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/extended-ipv4-reachability/prefixes/prefix/subtlvs/subtlv/(ON_CHANGE)/network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/ipv6-reachability/prefixes/prefix/state/(ON_CHANGE)/network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/ipv6-reachability/prefixes/prefix/subtlvs/subtlv/(stream)/network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/extended-is-reachability/neighbors/neighbors/subTLVs/subTLVs/adjacency-sid/sid/state/(ON-CHANGE)/network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/extended-is-reachability/neighbors/neighbors/subTLVs/subTLVs/lan-adjacency-sid/(ON_CHANGE)/network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/ipv4-interfaces-addresses/state/(ON_CHANGE))/network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/ipv4-srlg/state/(ON_CHANGE)/network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/ipv4-te-router-id/state/(ON_CHANGE)/network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/ipv6-interfaces-addresses/state/(ON_CHANGE)/network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/router-capabilities/router-capability/subtlvs/subtlv/segment-routing-capability/state/(ON_CHANGE)/network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/state(stream)/network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/area-address/state/address(stream)/network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/nlpid/state/nlpid(stream)/network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/lsp-buffer-size/state/size(stream)/network-instances/network-instance/protocols/protocol/isis/levels/level/link-state-database/lsp/tlvs/tlv/hostname/state/hname(stream)
[See Configuring a Junos Telemetry Interface Sensor (CLI Procedure) and Guidelines for gRPC Sensors (Junos Telemetry Interface).]
Support for BGP neighbor and MPLS sensors on JTI with gNMI (PTX10003)—Starting in Junos OS Evolved Release 20.3R1, Junos telemetry interface (JTI) supports streaming BGP neighbors, label-switched path (LSP), and RSVP statistics to a remote collector. In prior releases, these statistics were supported on PTX10003 routers using remote procedure call (gRPC) services. This feature now adds support for streaming these statistics using gRPC network management interface (gNMI) services.
To stream data, include the following resource paths in a subscription:
/network-instances/network-instance[name='instance-name']/mpls//network-instances/network-instance/protocols/protocol/bgp/
[See Guidelines for gRPC Sensors (Junos Telemetry Interface).]
Physical interface queue statistics sensor support for JTI (PTX10003)—Junos OS Evolved Release 20.3R1 supports export of physical interface queue statistics to an outside collector using UDP (native) streaming, remote procedure call (gRPC) services, or gRPC network management interface (gNMI) services.
To export statistics through UDP, gRPC, or gNMI, use the sensor
/junos/system/linecard/interface/queue/.Each physical interface has 8 queues. The following counters are exported as part of this sensor for all configured physical interfaces:
Transmitted packets and transmitted bytes
Red drop packets and bytes
Tail drop packets and bytes
This feature includes zero suppression support. It does not include support for summed up counters on aggregated ethernet (ae) interfaces.
[See sensor (Junos Telemetry Interface) and Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface.]
Layer 2 Features
Proxy ARP (PTX10003)—Starting in Junos OS Evolved Release 20.3R1, PTX10003, both restricted and unrestricted ARP are supported. With restricted ARP, the device responds to the ARP requests in which the physical networks of the source and target are not the same and the device has an active route to the target address in the ARP request. The device does not reply if the target address is on the same subnet and the same interface as the ARP requestor. With unrestricted ARP, the device responds to any ARP request, on the condition that the device has an active route to the destination address of the ARP request. The route is not limited to the incoming interface of the request, nor is it required to be a direct route.
By default, proxy ARP is unrestricted, supported on et and ae interfaces, and supported on active routes.
To enable unrestricted proxy ARP, enable the unrestricted statement at the [edit interfaces interface-name proxy-arp] CLI hierarchy.
To enable restricted proxy ARP, enable the restricted statement at the [edit interfaces interface-name proxy-arp] CLI hierarchy.
To enable default mode (unrestricted), enable the proxy-arp statement at the [edit interfaces interface-name] CLI hierarchy.
Routing Policy and Firewall Filters
Filter-based GRE encapsulation and de-encapsulation and filter-based MPLS-in-UDP de-encapsulation (PTX10003)—Starting in Junos OS Evolved Release 20.3R1, we’ve enabled the following encapsulation and de-encapsulation workflow:
- An incoming packet matches a filter term with an encapsulate
action. The packet is encapsulated in an IP+GRE header and is forwarded
to the endpoint’s destination.set firewall tunnel-end-point tunnel-name ipv4|ipv6 source-address addressset firewall tunnel-end-point tunnel-name ipv4|ipv6 destination-address addressset firewall tunnel-end-point tunnel-name greset firewall family inet|inet6 filter name term name from source-address addressset firewall family inet|inet6 filter name term name then encapsulate tunnel-nameset firewall family inet|inet6 filter name term last then acceptset interfaces interface-name unit number family inet|inet6 filter inputset interfaces interface-name unit number family inet|inet6 address address
# This source address differs from the one for the tunnel endpoint. - At the destination, the packet matches a filter term with
a de-encapsulate action. The GRE header or MPLS-in-UDP header is stripped
from the packet. The inner packet is routed to its destination.set firewall family inet|inet6 filter name term name from source-address addressset firewall family inet|inet6 filter name term name from protocol greset firewall family inet|inet6 filter name term name then decapsulate gre
# Optionally de-encapsulate mpls-in-udp.set firewall family inet|inet6 filter name term last then acceptset interfaces interface-name unit number family inet|inet6 filter input filter-nameset interfaces interface-name unit number family inet|inet6 address address# This is the destination address.
[See Components of Filter-Based Tunneling Across IPv4 Networks and tunnel-end-point .]
- An incoming packet matches a filter term with an encapsulate
action. The packet is encapsulated in an IP+GRE header and is forwarded
to the endpoint’s destination.
Support for unicast RPF strict mode and fail-filters (PTX10003)—Starting in Junos OS Evolved Release 20.3R1, you can use unicast reverse path forwarding (RPF) strict mode, and fail filters, to prevent IP spoofing on IPv4 and IPv6 packet flows (unicast RPF loose mode is already supported).
With unicast RPF enabled, the PTX 10003 forwards packets from a valid path to the destination address, and either discards packets from an invalid path or sends them on to the fail-filter for further processing. This can be an effective way to mitigate denial-of service (DoS) attacks. In strict mode, the router interface only accepts packets if the source address matches a route (default or learned) that is reachable through the interface.
[See Understanding How Unicast RPF Prevents Spoofed IP Packet Forwarding.]
Routing Protocols
VRRP Support (PTX10003)—Starting in Junos OS Evolved Release 20.3R1, PTX10003 routers support VRRP. The following features are not supported for VRRP on Junos OS Evolved: GRES, NSR, ISSU, ProxyArp, MC-LAG, IRB.
[See Understanding VRRP]
Support for multiple MD5 for RIPv2 (PTX10008)—Starting in Junos OS Evolved Release 20.3R1, you can define multiple MD5 authentication keys for RIPv2. This feature supports adding of MD5 keys with their start-time. RIPv2 packets are transmitted with MD5 authentication using the first configured key. RIPv2 authentication switches to the next key based on its configured respective key start-time. This provides auto-key switching without user intervention to change the MD5 keys as in the case of having only one MD5 key.
To enable multiple MD5 support for RIPv2, include the authentication-selective-md5 statement at the [edit protocols rip] hierarchy level.
Routing Protocol feature support (PTX10003)—We’ve added the following routing protocols features to the PTX10003 routers in Junos OS Release Evolved 20.3R1.
Table 2: Routing Protocol Features Supported by the PTX10003
Technology
Supported Features
BGP
BGP flowspec redirect to IP
BGP prefix-based outbound route filter (ORF)
BGP over IPv6
EBGP peering using link-local addresses (IPv6)
Regular expressions for BGP extended communities
BGP AS path lists
Option for link bandwidth in BGP multipath path selection
SNMP objects for BGP peer received prefix counters
BGP route target filtering
Label aggregation using BGP site of origin community attribute
Option to limit the number of active prefixes on BGP peering session
TCP MSS per BGP peer option
Timer-based solution to periodically advertise MED updates
Fast connectivity restoration using add-path
Router reflector with dynamic policies
End-to-end restoration: BGP convergence in case of multihoming
Software-defined networking (SDN): BGP monitoring protocol v3 compliance
Static route target-C entries
Software-defined networking (SDN): BGP-TE
End-to-end restoration: Tail end protection for BGP Labeled Unicast (BGP-LU)
End-to-end restoration: BGP-LU PE-CE link protection
End-to-end restoration: edge node-failure protection of BGP signaled pseudowires
BGP persistence
BGP graceful shutdown (RFC 6198)
BGP administrative shutdown communication (RFC 8203)
Advertise statically inactive route via BGP
End-to-end restoration: multihoming BGP
Entropy label support for BGP-LU
End-to-end restoration: BGP prefix-independent convergence in RSVP
Multiprotocol BGP over IPv6 (IPv4 over IPv6)
BGP prefix prioritization
BGP-LU FRR
BGP optimal route reflector with IS-IS
BGP-LU support to include a stack of labels
BGP flowspec
BGP optimal route reflector with OSPF
BGP add path support for community
Paths to resolve a BGP prefix when using another BGP prefix for penultimate next-hop resolution
BGP 64-way add-path
BGP multipath
Enable BGP multipath configuration in global hierarchy
AS number count
BGP add-path support for VPN
BGP peer
BGP link bandwidth community aggregation
BGP LU (top label) statistics
BGP add path support for eBGP
Import IGP topology into BGP-LS
Performance enhancement for BGP reconfiguration
BGP remote next hop support for single-hop EBGP peers
Enterprise-specific BGP trap support for BGP clients with IPv6 address
Advertising multiple paths in BGP (upto 20 BGP add-paths for prefixes)
EBGP route server functionality
BGP route API support for EBGP
Add-path or multipath optimization to improve RIB learning rate
[See BGP User Guide.]
Bidirectional Forwarding Detection (BFD)
Static routes and MPLS PE to CE links
MPLS LSPs
PE-PE with ECMP awareness
PPMD and single-hop BFD to Packet Forwarding Engine
MIB
IPv6 static route
OSPFv3
Distributed BFD over aggregated interface
BFD-triggered fast reroute
Distributed BFD for BGP multihop
BFD over child links of aggregated Ethernet interface (ae) or LAG bundle
Control plane scaling
Support for IS-IS IPv6
Dampening for OSPF
Infrastructure
64-bit RPD support
End-to-end restoration: host fast reroute (HFRR)
Interior Gateway Protocol (IGP)
Prefix limit of imported external routes
Shared Risk Link Group (SRLG) support
IS-IS prioritized route installation in FIB
Policy-based support for loop-free alternate (LFA) in IS-IS and OSPF
IS-IS flooding group
Remote LFA (rLFA) support in OSPF
OSPFv3 for IPv6
IPv6
BGP flowspec for IPv6
[See Multiprotocol BGP.]
IS-IS
Option to turn off IS-IS hello and/or SNP authentication
Route tagging
IPv6 multitopology extensions
LFAs
MIB according to RFC4444
Per-prefix LFA
FRR route convergence
Link down microloop avoidance
Option to overload stub networks through IS-IS overload
IGP shortcut selection by protocol for weighted equal-cost multipath (WECMP)
[See IS-IS User Guide.]
Layer 2 Circuit
LSP ping for Layer 2 VPN and Layer 2 circuits
Null control word processing for Layer 2 frames over MPLS
Traffic engineering of Layer 2 circuits over multiple LSPs
Layer 2 VPN
End-to-end restoration: Layer 2 VPN service mirroring
Inet and inet6 family support on PS (cross-functional)
FEC 129 multisegment pseudowire
FAT pseudowire support for BGP L2VPN and VPLS
Chained composite next hop for L2CKT and L2VPN
MPLS converged services: stitching of pseudowire segments (multisegment pseudowires with BGP-L2VPN)
Layer 3 VPN
OSPF sham links for MPLS VPNs
MIBs for RFC 2547 VPNs
Loopback interfaces for each VRF
Simplified policy configuration for BGP community per-VRF
LDP-IGP as PE-CE device routing for carrier-of-carriers
IPv6 VPNs
Automatic configuration of route distinguishers on VPN PE routers
vrf-table-label for Layer 3 VPNs and Frame Relay uplinks
BGP and VRF option for vpn-apply-export statement
vrf-table-label for (non-VLAN) Ethernet P-PE uplinks
Path MTU discovery on IPv4 and IPv6 VPNs
IPv6 and OSPFv3 on VRF instances and running over tunnels
Peering with family inet unicast and inet label-unicast on the same session
VPN load-balancing between PE devices that have different route distinguishers
vrf-table-label for Layer 3 VPNs and ATM uplinks
Support for no-propagate-ttl on a per-VRF basis
CLI usability features for Layer 3 VPN
GRE tunnel through VRF
BGP policy to control VPN label allocation mode
MIB for route entries in VRF (RFC 4382)
PWT into VRF: logical tunnel redundancy
Increasing the number of Layer 3 VPNs with vrf-table-label configured
IRB in MPLS VRF
Multicast VRF route leaking
LSP ping for VPN LSPs
LSP ping for labeled BGP
CLI command show route bgp route-distiguisher for prefix
Label Distribution Protocol (LDP)
Client or server LDP mapping
LDP native IPv6 support
[See MPLS Applications User Guide.]
MPLS
LSP ping for CCC and CCC secondary standby LSP
LSP ingress traceroute
Advertising MPLS labels in IS-IS
Flexible MPLS label stack depth for segment routing
Point-to-point traceroute (support RSVP FEC at ingress and transit)
Leaking MPLS.0 routes between virtual routers and VRFs
Cross-connect logical interface to two unsignaled virtual circuits terminating on different egresses
RSVP automatic mesh: full mesh based on the need to resolve a BGP next hop
Edge node-failure protection of LDP signaled pseudowires
Label operations: push and swap push
Static Ethernet pseudowires double-label operation
PE devices
CLI support for monitoring MPLS label usage
[See MPLS Applications User Guide.]
MPLS-RSVP Point-to-Multipoint
Traffic-engineered LSPs with static explicit route object (ERO)
Traffic-engineered LSPs with link protection
Ultimate-hop popping for LSPs
Ingress PE redundancy for LSPs
Traffic engineering MIB
Interarea point-to-multipoint LSP
Load balancing over aggregated links
Multicast make-before-break
Admin-group for bypass LSPs
[See MPLS Applications User Guide.]
Multipoint LDP
Inband signalling
MIB
[See MPLS Applications User Guide.]
OCST: OpenConfig
BGP configuration to become network-instance compliant (v4.0.1)
[See OpenConfig User Guide.]
OpenConfig
BGP configuration model (v2.1.1)
[See OpenConfig User Guide.]
OSPF
Policy-based inbound route filtering
Active backbone detection
Multitopology routing OSPF
Export external route to multiple area scoped type 7 LSAs
OSPFv3 SNMP MIB
Route install prioritization
Database protection
Per-prefix LFA
Option to overload stub networks through OSPF overload
[See OSPF User Guide.]
OSPFv3
Address family support
MIB support according to RFC5643
Path Computation Element Protocol (PCEP)
MD5 authentication for PCC/PCEP
Point-to-multipoint
No-ERO or loose ERO support
Path computation for segment routing LSP
Support for PCEP MIB
Support for latest version of PCEP RFC 8231
PCE support for RSVP-TE
Programmable Routing Protocol (PRPD)
gRIBI RIB programming interface
BGP SR-TE policy AFI
BGP flowspec AF
Move programmed routes to hidden state upon next-hop interface failure
Segment Routing
Advertising MPLS labels in OSPF
BGP-LS with SPRING extensions
LDP mapping client
Advertising MPLS labels in IS-IS
RSVP interoperability
Static LSP with label stack
Adjacency SID support for different use cases (IS-IS)
Anycast and prefix segments and interarea (OSPF)
TI-LFA procedures for link and node protection (IS-IS and OSPF)
Static adjacency SID support for different use cases (OSPF)
Enabling first hop as segment ID instead of IP address
LDP mapping server
BGP triggered dynamic creation of colored SR-TE tunnels
Policy-based multipath routes
TI-LFA using SRMS routes (IS-IS)
Advertise traffic engineering attributes for segment routing irrespective of RSVP-TE
Flexible algorithm (IS-IS only)
MPLS-SR for IPv6 prefix and adjacency SID (IS-IS)
Segment routing global block (SRGB) for OSPF
MPLS ping and traceroute (IS-IS and OSPF for IPv4 only)
BGP binding SID (draft-previdi-idr-segment-routing-te-policy)
Segment list path ERO support using IP address as next hop and loose mode
[See Understanding Source Packet Routing in Networking (SPRING).]
VPN
Graceful restart for CCC
Generalized VPN MIB
Services Applications
Support for multiple collectors in inline active flow monitoring (PTX10003)—Starting in Junos OS Evolved Release 20.3R1, you can configure inline active flow monitoring to export flow records to up to four different collectors. Previously, inline active flow monitoring could only export flow records to a single collector.
[See Configuring Inline Active Flow Monitoring on PTX Series Routers.]
Reporting of the true incoming interface for the sample packets for inline active flow monitoring (PTX10003)—Starting in Junos OS Evolved Release 20.3R1, inline active flow monitoring reports the true incoming interface for the GRE-de-encapsulated packets entering the router for the configured inline active flow monitoring filter criteria.
[See Understanding Inline Active Flow Monitoring and Configuring Flow Aggregation to Use IPFIX Flow Templates on PTX Series Routers.]
Support for RFC 5357 Two-Way Active Measurement Protocol (TWAMP) monitoring service (PTX10003)—Starting in Junos OS Evolved 20.3R1, you can configure the TWAMP monitoring service on PTX10003 routers. This service sends out probes to measure network performance. TWAMP is often used to check compliance with service-level agreements. For Junos OS Evolved, TWAMP is configured at the [edit services monitoring twamp] hierarchy level. The support for this service is limited to the following:
IPv4 traffic only for control sessions and test sessions
Probe statistics and history
Control and test session status
Test session probe generation and reception, as well as reflection
Timestamps set by the Routing Engine or the Packet Forwarding Engine
Error reporting through system log messages only
Unauthenticated mode only
[See Understanding Two-Way Active Measurement Protocol on Routers.]
Software Licensing
Juniper Agile Licensing (QFX5220-32CD, QFX5220-128C, PTX10003-80C, and PTX10003-160C) —Starting in Junos OS Evolved Release 20.3R1, we’re moving toward license-based software features. We now use Juniper Agile Licensing to support soft enforcement for software features on the listed devices.
Juniper Agile Licensing provides simplified and centralized license administration and deployment. You can install and manage licenses for hardware and software features using Juniper Agile Licensing.
From this release onwards, you can now opt to use the Juniper Agile License Manager to significantly improve the ease of license management for an entire network of supported devices.
If you are upgrading to this release, you need new license keys to use the features on the listed devices. Contact Customer Care to exchange license keys for Junos OS releases earlier than Junos OS Evolved Release 20.3R1.
Table 3 describes the licensing support on the QFX5220-32CD and QFX5220-128C devices.
Table 3: Licensed Features on the QFX5220-32CD and QFX5220-128C
QFX Switch License Model
Detailed Features
Standard license for integrated SKUs (standard hardware and software platform)
Filters (Layer 2 and Layer 3), Layer 2 (xSTP, 802.1Q, LAG), Layer 3 (static), QoS (Layer 2 and Layer 3), and SNMP
Advanced license for integrated and advanced SKUs
Advanced 1: BGP, FBF, GRE, IS-IS, JTI, MC-LAG, OSPF, sFlow, VRF, and VRRP
Advanced 2: Includes Advanced 1 features + CFM, Layer 2 and Layer 3 multicast, OAM, Packet Timestamping, PTP, and Q-in-Q
Premium license for integrated and premium SKUs
Includes Advanced 2 features + EVPN-MPLS, MPLS, Layer 2 circuit, Layer 3 VPN, LDP, RSVP, segment routing, and SR-TE
Table 4 describes the licensing support for the PTX10003-80C and PTX10003-160C devices.
Table 4: Licensed Features on the PTX10003-80C and PTX10003-160C
License Model
Detailed Features for Fabric Management
Scale
Security License
Standard
Filters (Layer 2 and Layer 3), Layer 2 (xSTP, 802.1Q, LAG), Layer 3 (static), quality of service or QoS (Layer 2 and Layer 3), and SNMP
64K FIB
K stands for 1000.
The PTX10003 router supports the MACsec feature, but you must purchase a license separately to use the feature.
Advanced
Advanced 1
BGP, FBF, GRE, IS-IS, Junos telemetry interface (JTI), OSPF, sFlow, VRF, and VRRP
256K FIB, 3M RIB, and 1K VR
M stands for million.
Advanced 2
Advanced 1 features, CFM, EVPN-VXLAN, Multicast, OAM, PTP, and Q-in-Q
256K FIB, 3M RIB, and 1K VRs/VRF (VXLAN)
Premium
Premium 1
Advanced 2 features, EVPN-MPLS, IPFIX, Layer 2 circuit, Layer 3 VPN, LDP, RSVP, SR, and SR-TE
2M FIB, 6M RIB, 1K VRs/VRF (VXLAN), 32 VRF (MPLS Layer 3 VPN), and 32K LSP
Premium 2
Premium 1 features and fine-grained QoS
2M to 4M FIB, 60M to 80M RIB, 1K+ VRs/VRF (VXLAN), 32+ VRF (MPLS Layer 3 VPN), and 32K+ LSP
* Scaling is based on the device capacity.
[See Supported Features on QFX5220-32CD and QFX5220-128C device, Supported Features on PTX10003-80C and PTX10003-160C device, Juniper Agile Licensing Guide, and Configuring Licenses in Junos OS.]
User Interface and Configuration
Support for virtual routing and forwarding (VRF) and source address (PTX10008)—Starting in Junos OS Evolved release 20.3R1, VRF and source address is supported for NTP.
[See Virtual Routing Instances and source-address.]
What's Changed
Learn about what changed in Junos OS Evolved Release 20.3R1 for the PTX10003 and PTX10008.
Interfaces and Chassis
Change in support for interface-transmit-statistics statement—You cannot configure aggregated Ethernet interfaces to capture and report the actual transmitted load statistics by using the interface-transmit-statistics statement. Aggregated Ethernet interfaces do not support reporting of the transmitted load statistics. In Junos OS Evolved release 20.3R1, the interface-transmit-statistics statement is not supported in the aggregated Ethernet interfaces hierarchy. In earlier releases, the interface-transmit-statistics statement was available in the aggregated Ethernet interfaces hierarchy but not supported.
Junos OS XML API and Scripting
Changes to Junos XML RPC request tag names (PTX Series, QFX Series)—The Junos XML request tag name for some operational RPCs has been updated to ensure consistency across the Junos XML API. Devices running Junos OS will still accept the old request tag names, but we recommend using the new names going forward. The following changes have been made:
Most, but not all, request tag names that start with
showreplaceshowwithgetin the name.Any uppercase characters are converted to lowercase.
Known Limitations
Learn about limitations in this release for the PTX10003 and PTX10008.
For the most complete and latest information about known Junos OS Evolved defects, use the Juniper Networks online Junos Problem Report Search application.
General Routing
Some XML tags for the show system buffers command are missing in Junos OS Evolved. PR1429626
On PTX Series devices running Junos 19.3R1, the show ddos-protection protocols eoam oam-cfm command returns blank output. This command is supposed to be disabled on PTX Series devices. There is no functional impact; it is just an extra visible command option that has no functionality. PR1456043
During fabric link bringup/fabspoked-fchip restart/sib offline or sib online, /re0/fabspoked-fchip might not respond to CLI commands (show chassis sibs). This is indicated by the following output on CLI error: communication failure with /re0/fabspoked-fchip/.
1. The producer app is either down or unresponsive. Run the show system processes node node | grep app command to check if the app is running. Run the show system application app to check the state of the app.
2. If there is a change in mastership recently, wait for the switchover to complete for the app to be online. Run request chassis routing-engine master switch check to check the status of switchover. If the command is reissued after training or detraining reaches a steady state, valid output shows up in the CLI. PR1459430
On PTX10008 routers, the subsystem within the Packet Forwarding Engine continues to monitor the ASIC for new interrupts even for the ASIC for which all the interfaces are disabled. On an ASIC that has all the interfaces disabled due to a fatal error, all the new interrupts that are reported after the fatal event should be ignored. PR1470391
PTX10008 graceful OIR leads to missing of sensor data for power and temperature. Follow the optimized step given as a workaround to have OIR working. PR1478951
Restarting the fabspoked-pfe application for the line card restarts the line card. PR1486023
The local repair time for fast reroute is 50 ms. If the system has a scaling configuration or is heavily loaded for processing, the local repair time may be longer than 50 ms. In this case, it gets 65 ms local repair time. PR1489139
Fabric drops counter shows 0 in the show pfe statistics traffic CLI command output. PR1494226
On the PTX10003 router, it takes around 40 seconds for traffic to flow through all 4093 VLANs after the configuration is committed. PR1496757
On PTX10003, with a MAC scale of 32,000, the MAC learning rate achieved is 15,000 MAC entries per second and with a MAC scale of 64,000, it is 6000 MAC entries per second. PR1498568
SA and DA reject interface filters are not supported on PTX10008. PR1500789
PCIe AER uncorrectable errors might be seen on the console when SIBs are powered off during system boot, when CLI is offline or when a new Routing Engine connects to the SIBs after mastership switchover. These errors are expected and are not indicative of underlying functional issues. PR1501647
When an FPC is removed ungracefully, an alarm is generated indicating Fpcx Node unreachable. This alarm is cleared only when the FPC is plugged back into the same slot. PR1503450
It was found that DSCP mark action for inet6 is not supported in Junos OS Evolved Packet Forwarding Engine. We might observe unexpected behavior if a filter is configured with IPv6 DSCP mark action. PR1504463
MAC entries are stuck in l2ald or l2alm for some time after the clear ethernet switching command is executed. PR1507812
Software works as designed. For a faulty link, after autoheal was triggered by jresil and before the action is completed, if fabspoked-fchip restarts, the link stays in fault state, after the app restarts. PR1508915
Once the FPC restarts, the related FPC UDP statistics are not exported and the only way to recover from this state is to reboot the device under test and resubscribe to UDP sensor again. PR1516432
MPLS ping does not work for RSVP LSP with UHP configured. PR1517870
If a ZF pio fault is hit followed by a second ZF pio fault on the same sib before the sib has completely recovered from the first one, it may result in nondeterministic state of fabric links to/from the impacted sib. PR1519855
For PTX10008 platforms, input or output bytes under ifd statistics include Layer 2 header. PR1524650
In Junos OS Evolved 20.3, fabsopke-fchip generates a core file if fabsopke-fchip restarts and SIB offline happens one after other with in the same minute. Any previous alarm does not get cleared. PR1525577
We see 34% when we set to have 50%. For example: the following configuration is meant to see 50% traffic mirrored; however, we see 34% mirrored:
set forwarding-options port-mirroring instance Ins1 input run-length 10
set forwarding-options port-mirroring instance Ins1 input rate 20 PR1527129
Interfaces and Chassis
When highly accelerated life test is carried out on PTX10003, FPC error messages egp_intr_pkt_trapcode are seen on the console. There is no direct impact on control plane protocol or to data traffic. PR1425508
On PTX10003, when the Picd app restarts, sometimes the 10GbE link status remains down. The link can be recovered by disabling or enabling the remote end. PR1488146
When the loopback configuration is applied to a LAG (aggregated Ethernet) interface, the interface goes down. PR1497591
MPLS
LMP is not supported on Junos OS Evolved platforms PR1524699
User Interface and Configuration
For large YANG files, augmentation might not work. PR1416972
Open Issues
Learn about open issues in this release for the PTX10003 and PTX10008.
For the most complete and latest information about known Junos OS Evolved defects, use the Juniper Networks online Junos Problem Report Search application.
Class of Service (CoS)
Support import - Classifier/Rewrite. PR1483505
While configuring WRED profile to a scheduler, Please use either of a) any/any b) not-any/not-any combination of protocol and Loss priority.. PR1524259
Fault Management
CRC errors on interface might result in Cmerror and ASIC errors in logs. PR1499291
General Routing
The convergence time is of the order of 3508 ms for OSPF or IS-IS (50,000 routes scale, which is equivalent to 14,253 routes per second). In case of BGP, it is of the order of around 17,000 routes per second. PR1379961
On disabling both the primary and secondary commit and then rollback and getting them up, traffic does not resume on primary. PR1382695
No application detected during unified ISSU in case the same application is in offline state in the base image. PR1438686
Traffic loss of up to 400 ms can be seen in MPLS FRR scenario. PR1472908
The JFlow sampled traffic might not get rate limited in host-pipe and cause drop in throughput of interfaces on PTX10008 routers. This issue is seen due to the missing code for rate-limiters specifically on PTX10008. PR1473844
Use traffic statistics instead of Packet Forwarding Engine statistics to understand the flow of traffic. PR1478244
UDP sensor streaming does not currently support FPC restart and Junos OS Evolved apps restart. PR1492096
On PTX10003-80C and PTX10003-160C systems, with sampling enabled and a FIB scale of 2 million, the rpd agent takes 8 minutes to complete restart after restart. PR1493882
The copying of files to the RCB over WAN ports is slow. This is observed across all platforms running Junos OS Evolved platforms.. PR1496895
On a PTX10008, six SIBs are required to carry line-rate traffic, with no fabric redundancy. Even when ingress traffic rate is such that five SIBs are sufficient to carry ingress traffic (for example, traffic is less than 1280 Gbps), ungraceful SIB failures result in transient loss of traffic, till system failure handling is triggered. In Junos OS Release 20.1R2, failure handling may result in about 4-6 seconds of traffic loss. We recommend that you take the fabric cards offline by using the request chassis sib offline command before removing the SIBs for maintenance.
The hwdre: HWD_FIRMWARE_VERSION_READ_ERROR_NOTICE: Failed to get firmware version for fru Sib message is seen for each SIB after it is gracefully taken offline and brought online. This is expected behavior as the SIB version is read correctly during an online transition. Check that the SIB versions are being displayed correctly using show system firmware after the SIBs are online. PR1504156
Updates to fabric resiliency FS needed. PR1504567
When you add or delete IPv6 hash-key, the IPv4 and IPv6 source+destination address pair hashing is also disabled. Hence traffic load balancing does not work correctly.. PR1509694
BGP-SRTE binding-sid with more than one label stack needs enhancement for PTX10003-80C PTX10003-160C.
There is a small window during BGP neighbor or BGP RIB periodic streaming when the background telemetry job gets suspended, there is a possibility that the node which is being rendered is deleted or modified. If we are in middle of rendering value for that particular node, RPD might crash when telemetry job resumes since the node is no more valid. PR1512773
When upgrading from 20.3R1 to a future release which has an FPC type which is incompatible for restart upgrade, the user is prompted in CLI whether to offline the FPC or abort the upgrade. The cli command waits for one hour for the user to respond. In case the user does not respond in an hour, the CLI command request system software add | var | tmp | ptx.iso restart times out. Subsequent CLI software add or delete or rollback commands fail with software upgrade in progress. The workaround for this is to restart orchestratord, the application responsible for managing cli upgrade operations. Restarting orchestratord has no impact on the functioning of the system. The command is request system application app orchestratord node master re restart. PR1516384
When all 5X400 g ports are used inside 1 portion of Chip, there can be impact on the traffic throughput performace.. PR1518368
On all Junos OS Evolved systems with the scaled setup of 4k logical interfaces on the aggregated Ethernet interface and 8k policers on the firewall filter, the aggregated Ethernet interface might stay down after deactivating and then activating the firewall filter and the aggregated Ethernet interface. Traffic loss might be seen due to the aggregated Ethernet interface is down. PR1518601
[cos] [scheduler]When exact-rate is used along with strict- high scheduler priority, then interface queue rate might not be as expected. PR1519313
There is a delay enforced between back to back switchover. This is 360 seconds unless overridden by platform specific values. So, if the last switchover happened within the last 360 seconds, then it will give this error: Not ready for mastership switch, try after x seconds?. The show system switchover CLI output might show switchover Status: Ready. However, this field indicates the ready status of all applications on backup Routing Engine. This does not consider the back-to-back switchover delay. PR1519364
Command request system application restart app packetio-bt is no longer available. The way to restart packet I/O is by restarting entire line card. PR1527140
request system software sync command will fails if junos-evo-install-ptx-x86-64-19.4R2-S2.5-EVO is one of the installed version on master Routing Engine. PR1528163
PTX10008 Doon RCB does not raise alarm "Mixed Master and Backup RE types" when RE0 and RE1 have different FRU types. PR1529042
BGP switchover convergence rate is degraded by 42% on Junos OS Evolved 20.3R1. PR1529365
PTX10008 does not deploy on 19.4. With later images this issue is not seen. PR1529876
Software rollback from junos-evo-install-ptx-x86-64-19.4R2-S2.5-EVO is not supported to latest image. New release should be scratch installed even if image is available as rollback image. PR1529884
SR-TE label with BSID traffic gets dropped in PTX10003. Use the following configuration protocols source-packet-routing no-chained-composite-next-hop. PR1529933
For initial syncronization, carrier transition field is only valid for Mib2D. PR1530864
HTTP file transfers through wan ports could be slow resulting in longer file transfer times. PR1531192
FPC vmcore files can be stored at /var/lib/ftp/in/fpc_slot/ on RE0/RE1. PR1531214
Sometimes, an individual line card restart might render some of the interfaces on that FPC getting blocked. PR1536037
Interfaces and Chassis
[chassisd] [generic_evo] Junos OS Evolved PTX10003-80C and PTX10003-160C - fabspoked generates a core file on configuration and deletion fpc power off or on. PR1395788
MPLS
When no-propagate-ttl configuration is present on the router and we are doing an activate and deactivate of the MPLS configuration, RPD can core rarely at times generate a core file if the interface change messages arrive before TTL configuration change could take effect on the ingress Static LSP. This is due to the mismatch between the no-propagate-ttl values in the gateway in the route table and the gateway in the Next-Hop attached to the Static LSP . PR1528460
Network Management and Monitoring
PTX10001-36MR supports puppet agent version 3.6.1. Puppet does not work if master version is not 3.x since this is not backward compatible. PR1491329
Routing Protocols
Junos OS Evolved does not support for configuring interface name as next hop. PR1497012
User Interface and Configuration
In 19.4R1-EVO, this is a product limitation. Workaround is to use commit without any configuration changes from master Routing Engine in this use case. PR1465291
When changing the configuration between scale configuration and configuration containing no filter or apply-path, sometimes there is a delay in deleting the apply-path addresses. PR1492765
Compressed /var/log/ creation through file archive compress might fail on certain PTX platforms running Junos Evolved. PR1522339
Resolved Issues
Learn which issues were resolved in Junos OS Evolved Release 20.3R1 for the PTX10003 and PTX10008.
For the most complete and latest information about known Junos OS Evolved defects, use the Juniper Networks online Junos Problem Report Search application.
General Routing
LSP statistics CLI is slow in a scaled scenario during installation time. PR1416363
A configuration command to modify PCIe correctable and uncorrectable error thresholds on PTX10008 FPC. PR1462953
The telemetry cannot export the data of MPLS LSP. PR1489605
Traffic statistics are not updated for bypass LSP even though the traffic is flowing through the bypass LSP. PR1491467
Unexpected incomplete object notified by application controller causes aftmand crash. PR1491548
The evoaft-jvisiond core file is generated after GRES. PR1492059
sFlow ingress sampling reports wrong next hop in case IPv6 traffic is routed through LSP at ingress provider edge (PE) router. PR1492076
Traffic loss might be observed when CBF is configured on Junos OS Evolved PTX Series platforms. PR1492707
cmdd crashes when request system shutdown reboot disk1 command is executed. PR1492955
[cos] [scheduler] PTX10008:scheduler ingress Packet Forwarding Engine VOQ drop counters does not match egress queue drop counters, if difference is greater than 100,000. PR1494785
The CBF functionality does not work correctly on PTX10008 platform with Junos OS Evolved 20.1R1. PR1495119
Block software upgrade when image that is not compatible with the platform is used. PR1495655
The aftmand might crash when MPLS is enabled. PR1496057
Consistent hash information is missing : error: timeout communicating with Evo-Aft BT daemon. PR1496077
Sensor for physical Ethernet interface statistics is missing, for example: in-oversize-frame. PR1496275
The logical interface might disappear after switchover. PR1496887
Longevity: aggregated Ethernet logical interface disappears after switchover. PR1497285
There is a discrepancy of 22 bytes for the same packets between the firewall filter in Junos OS Evolved and in Junos OS. PR1503145
PTX10008: Aggregated Ethernet (AE) interface flaps causing next hops to contain wrong encapsulation information, with router having 800,000 IP routes, 2000 ingress LSPs, around 500 L3VPNs and LSPs have link protection enabled. PR1503260
The packetio crashes during the initialization and this might result in a second reboot. PR1505150
set system processes app failover other-routing-engine configuration not supported. PR1506480
Shapers applied on interface output queues, either through the transmit-rate exact or rate-limit configuration might not sometimes draw the expected output scheduler accuracy. PR1506855
On a PTX10008 router, we observe small packet loss randomly during SIB offline. PR1506866
The firewalld process would take too a long time to come online. PR1507433
The evo-aftmand process might be stuck at 100% CPU usage in a scaled setup. PR1511597
Packet Forwarding Engine generates MLP's with global-no-mac-learning enabled. PR1511601
Firewalld generates a core file after deleting and adding the filter back in a single commit. PR1512065
SIB <> FPC link errors seen prior to switchover do not get cleared when switchover is followed by SIB restart. PR1512272
Under rare circumstances, when multiple fabric cards go offline and are brought online in quick succession, the device might crash and reboot after reporting a kernel msmi error or zookeeper session failed error. PR1512633
The evo-aftmand-bt might crash if FPC offline is performed when the system comes up. PR1514722
Continuous evo-cda-bt CDA syslog error messages are observed during the negative triggers (AE configurations disable/enable and FPC restart). PR1515806
show system License detail does not reflect correct license usages after reboot. PR1515896
SNMP traps are not seen for 'fpc_link_to_sib_fault' when CCL link is brought down from ZF->BT. PR1516487
PTX10008: Do not configure confidentiality offset other than 0. PR1517985
request system zeroize command does not reboot the device. PR1518946
After request system application node re0 app fabricHub restart , interface drop and major dp_1_zfo_intr_dp1_fabcell_drop error. PR1519402
A large number of publish-deleted hwdre anomalies are dumped after 2nd iteration of switchover from re1 (master) to re0. PR1519427
The show interfaces voq intf | ae non-zero command is not working as expected and displays incorrect output. PR1521281
With traffic running, if the FPC that is connected to the traffic generator reboots, it might lead to stuck traffic scenario on certain ports post resumption. PR1523066
Hwdre generates a core file when trying to take faulty SIB to offline state. PR1527790
Multiple l2cpd core files are seen during commit. PR1528024
FCP will not boot if primary BIOS is corrupted (With FPC Primary BIOS corruption Golden BIOS failed to reprogram Primary). PR1528469
Infrastructure
ping does not work when we set record-route. PR1474649
Telnet login related issue with template (TACACS and Radius). PR1482363
Interfaces and Chassis
ssd information gets removed from show chassis hardware detail after hwdre app restart. PR1488706
After application restart - false optics alarms continue to persist although underlying optics does not have failures. PR1493230
PTX10008 with LC1201 - the ifmand process restarts at IFAManager::findIfaoInSameSubnet. PR1496361
Rarely can see fan not getting detected post system reboot. PR1517476
Minimum IFD MTU recommended with IPv6 configuration. PR1518692
Last Flapped of virtual interfaces like aggregated Ethernet is not updated when aggregated Ethernet transitions from DOWN to UP state PR1521978
Routing Policy and Firewall Filters
The system crashes after configuring filter with ICMP match conditions. PR1496740