Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for MX Series

 

These release notes accompany Junos OS Release 20.3R3 for the MX Series 5G Universal Routing Platforms. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

Learn about new features introduced in the Junos OS main and maintenance releases for MX Series routers.

.

New and Changed Features: 20.3R3

There are no new features or enhancements to existing features for MX Series in Junos OS Release 20.3R3.

New and Changed Features: 20.3R2

There are no new features or enhancements to existing features for MX Series in Junos OS Release 20.3R2.

New and Changed Features: 20.3R1

Hardware

  • We've added the following features to the MX Series routers in Junos OS Release 20.3R1.

    Table 4: Features Supported by MPC10E and MPC11E Line Cards on MX Series Routers

    Feature

    Description

    Interfaces and chassis

    • Support for MS-MPC on the MX2000-SFB3 Switch Fabric Board (SFB). The MS-MPC interoperates with MX2K-MPC11E, MPC9E, MPC8E, and MPC6E Modular Port Concentrators on MX2020 and MX2010 routers.

    • On MX2K-MPC11E line cards, you can configure Port 0 of every PIC as 400GbE ports or 200GbE ports using either QSFP56-DD optics or QSFP28-DD optics. You can channelize each of the 400GbE-capable ports either as four 100GbE interfaces or as two 100GbE interfaces. [See Port Speed on MX2K-MPC11E Overview.]

    General routing

    • Support for IP reassembly on GRE tunnel interfaces on:

      • MPC10E-15C-MRATE and MPC10E-10C-MRATE on MX240, MX480, and MX960 routers.

      • MX2K-MPC11E on MX2010 and MX2020 routers.

      [See Configuring Unicast Tunnels.]

    • Support for Mapping of Address and Port with Encapsulation (MAP-E) and IPv6 rapid deployment (inline 6rd) on:

      • MPC10E-15C-MRATE and MPC10E-10C-MRATE on MX240, MX480, and MX960 routers.

      • MX2K-MPC11E on MX2010 and MX2020 routers.

    [See Configuring Mapping of Address and Port with Encapsulation (MAP-E) and Configuring Inline 6rd.]

    Juniper telemetry interface

    Layer 3 features

    • Support for Layer 3 features. The MX2K-MPC11E interoperates with MS-MPC and MS-MIC-16G on MX2020 and MX2010 routers to support the following Layer 3 features: stateful firewall, NAT, IPsec, real-time performance monitoring (RPM), and MS MPC/MS-MIC-based inline flow monitoring services. [See Adaptive Services Overview.]

    Multicast

    • Support for bidirectional Protocol Independent Multicast (PIM) on MPC10E and MX2K-MPC11E line cards running on MX240, MX480, MX960, MX2010 and MX2020 routers. These routers support GRES with NSR. [See Understanding Bidirectional PIM.]

      Note: Junos OS Release 20.3R1 does not support anycast rendezvous point (RP) functionality and bidirectional PIM over next-generation multicast VPN (MVPN).

    • Support for Automatic Multicast Tunneling (AMT) relay on MPC10E and MX2K-MPC11E line cards running on MX240, MX480, MX960, MX2010, and MX2020 routers for IPv4 traffic. To identify a gateway, AMT relay uses a combination of the device IP address and port. [See Understanding AMT.]

      Note: Junos OS Release 20.3R1 does not support AMT gateway.

    Network management and monitoring

    • Support for monitoring link degradation. You can monitor link degradation of the 10GbE, 40GbE, 100GbE, and 400GbE interfaces on the MX2K-MPC11E line cards. [See Link Degrade Monitoring Overview.]

    • Support for inline continuity check messages (CCM) on MPC10E-10C-MRATE and MPC10E-15C-MRATE line cards. You can configure inline CCM for up MEPs, down MEPs, and MIPs for all current supported topologies. [See Inline Transmission Mode.]

    Security

    • Support for Media Access Control Security (MACsec) on logical interfaces (MPC10E only). VLAN tags are transmitted in cleartext, which allows intermediate switches that are MACsec-unaware to switch the packets based on the VLAN tags. [See Media Access Control Security (MACsec) over WAN.]

    Services applications

    SNMP

    • Support for Junos OS SNMP on MPC10E-15C-MRATE, MPC10E-10C-MRATE, and MX2K-MPC11E line cards for the following multicast LDP MIB tables and objects:

      • mplsMldpInterfaceStatsTable

      • mplsMldpFecUpstreamSessPackets

      • mplsMldpFecUpstreamSessBytes

      • mplsMldpFecUpstreamSessDiscontinuityTime

      [See Standard SNMP MIBs Supported by Junos OS and SNMP MIB Explorer.]

    Subscriber management and services

  • Support for the JNP-SFP-10G-BX10D and JNP-SFP-10G-BX10U bidirectional transceivers (MX240, MX480, MX960, MX2008, MX2010 and MX2020)—Starting in Junos OS Release 20.3R1, the MPC3E-3D-NG (with the MIC3-3D-10XGE-SFPP) and MPC5EQ-100G10G line cards on the MX240, MX480, MX960, MX2008, MX2010 and MX2020 routers support the JNP-SFP-10G-BX10D and JNP-SFP-10G-BX10U bidirectional transceivers.

    [See the Hardware Compatibility Tool (HCT) for details.]

  • Support for the JNP-SFP-10G-BX40D and JNP-SFP-10G-BX40U bidirectional transceivers (MX240, MX480, MX960, MX2008, MX2010 and MX2020)—Starting in Junos OS Release 20.3R1, the MPC3E-3D-NG (with the MIC3-3D-10XGE-SFPP) and MPC5EQ-100G10G line cards on the MX240, MX480, MX960, MX2008, MX2010 and MX2020 routers support the JNP-SFP-10G-BX40D and JNP-SFP-10G-BX40U bidirectional transceivers.

    [See the Hardware Compatibility Tool (HCT) for details.]

Authentication, Authorization, and Accounting

  • Support for TCP authentication option (TCP-AO) for BGP and LDP connections (MX Series and PTX Series)—Starting in Junos OS Release 20.3R1, you can use TCP-AO to authenticate TCP segments exchanged during BGP and LDP sessions. It supports both IPv4 and IPv6 traffic. TCP-AO provides a framework to support multiple stronger algorithms, such as HMAC-SHA1 and AES-128, to create its message digest. TCP-AO supports up to 64 keys that can be used for a BGP or an LDP session. You can configure a new key for a BGP or LDP session during its lifetime without causing any session flap. Each key becomes active based on its configured start time.

    In earlier releases, you could use only the TCP MD5 authentication method. It supports only MD5 algorithm to create its message digest.

    [See TCP Authentication Option (TCP-AO) for BGP and LDP Sessions and authentication-key-chains (TCP-AO).]

Class of Service (CoS)

  • Support for MPLS EXP bits rewrite to all segment labels in segment routing stack (MX Series)—Starting in Junos OS 20.3R1, on segment routing LSPs, creating an EXP rewrite rule for the egress interface on the ingress (provider edge) router imposes the rewrite rule to all transport labels in the stack. As a result, you don't need to configure rewrite rules on every segment in the LSP.

    [See exp.]

EVPN

  • Color-based mapping of EVPN-MPLS and EVPN services over SR-TE (ACX5448, EX9200, MX Series, and vMX)—Starting in Junos OS Release 20.3R1, you can specify a color attribute along with an IP protocol next hop. The color attribute adds another dimension to the resolution of transport tunnels over static colored and BGP segment routing traffic-engineered (SR-TE) label-switched paths (LSPs). This type of resolution is known as the color-IP protocol next-hop resolution. With the color-IP protocol next-hop resolution, you must configure a resolution map and apply it to EVPN-MPLS and EVPN services, which includes E-Line, E-LAN and E-Tree. With this feature, you can enable color-based traffic steering of EVPN-MPLS and EVPN services.

    [See Segment Routing LSP Configuration.]

  • Tunnel endpoint in the PMSI tunnel attribute field for EVPN Type 3 routes (MX Series)—Starting in Junos OS Release 20.3R1, you can set the tunnel endpoint in the Provider Multicast Service Interface (PMSI) tunnel attribute field to use the ingress router’s secondary loopback address. When you configure multiple loopback IP addresses on the local provider edge (PE) router and the primary router ID is not part of the MPLS network, the remote PE router cannot set up a PMSI tunnel route back to the ingress router. To configure the router to use a secondary IP address that is part of the MPLS network, include the pmsi-tunnel-endpoint pmsi-tunnel-endpoint statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level for both EVPN and virtual-switch instance types.

    [See evpn. ]

High Availability (HA) and Resiliency

  • Higher scale and performance in RIFT (MX240, MX480, MX960, vMX, QFX5100, QFX5110, QFX5120-32C, QFX5120-48T, QFX5120-48T-VC, QFX5120-48Y, QFX5120-48Y-VC, QFX5120-24YM, QFX5120-48YM, QFX5130-48C, QFX5200, QFX5210, and QFX10008)— Starting in Junos OS Release 20.3R1, we’ve made the following improvements to increase the scalability and performance in Routing in Fat Tree (RIFT):

    • Prefixes in RIFT

    • Peers in RIFT

    • Convergence improvement with RIFT

    • BFD sessions with RIFT

    [See RIFT Overview.]

Interfaces and Chassis

  • Support for local preference when selecting forwarding next hops for load balancing (MX Series)—Starting in Junos OS Release 20.3R1, we’ve expanded support for traffic to prefer local forwarding next hops rather than remote forwarding next hops for equal-cost multipath (ECMP) traffic flows and on aggregated Ethernet and logical tunnel interfaces for the following devices:

    • MX240, MX480, and MX960 routers with MPC10E (MPC10E-15C-MRATE and MPC10E-10C-MRATE)

    • MX2010 and MX2020 routers with MX2K-MPC11E

    To configure local preference:

    • For ECMP traffic flows, include the ecmp-local-bias statement at the [edit forwarding-options load-balance hierarchy level.

    • For aggregated Ethernet interfaces, include the local-bias statement at the [edit interfaces aex aggregated-ether-options] hierarchy level.

    • For logical tunnel interfaces, include the local-bias statement at the [edit interfaces rlt x logical-tunnel-options load-balance] hierarchy level.

    [See ecmp-local-bias, local-bias (aggregated Ethernet), and local-bias (logical tunnel).]

  • Support for QSFP-100G-FR optical transceivers (MX204 and MX10003)—Starting in Junos OS Release 20.3R1, you can use the QSFP-100G-FR optical transceivers in the MX10003 (installed with the JNP-MIC1 or JNP-MIC1-MACSEC MICs) and MX204 routers. You can use the show chassis pic fpc-slot slot pic-slot slot and show chassis hardware commands to view the details of the transceiver.

    Note

    The MX10003 routers with JNP-MIC1-MACSEC do not support unified in-service software upgrade (ISSU). However, the MX10003 routers with JNP-MIC1 support ISSU.

    [See Hardware Compatibility Tool.]

IP Tunneling

  • Support for IP-over-IP next-hop-based tunneling (MX Series, PTX1000, PTX10000, QFX10000, and QFX10002)—Starting in Junos OS Release 20.3R1, we support an IP-over-IP encapsulation to facilitate IP overlay construction over an IP transport network. An IP network contains edge devices and core devices. To achieve higher scale and reliability among these devices, you need to use an overlay encapsulation to logically isolate the core network from the external network that the edge devices interact with. Among other supported encapsulation methods, only IP-over-IP allows transit devices to parse the inner payload and use inner packet fields for hash computation and customer edge devices to route traffic into and out of the tunnel without any throughput reduction. IP-over-IP relies on a next-hop-based infrastructure to support higher scale.

    On MX Series routers, the routing protocol daemon (rpd) sends the encapsulation header with tunnel composite next hop and the Packet Forwarding Engine finds the tunnel destination address and forwards the packet. On PTX Series routers and QFX10000 switches, rpd sends the fully resolved next-hop-based tunnel to the Packet Forwarding Engine. You can either use static configuration or a BGP protocol configuration to distribute routes and signal dynamic tunnels. You can also configure Interface based firewall filters on any transit or egress device with an action to decapsulate IP-IP packets and forward it to the main instance or to a routing-instance as required.

    [See Next-Hop-Based Dynamic Tunneling Using IP-Over-IP Encapsulation.]

  • Support for filter-based decapsulation of IPv4 and IPv6 unicast traffic encapsulated in IPv4 IP-in-IP tunnels (MX Series, PTX1000, PTX10002, and QFX10002)—Junos OS supports decapsulating IPv4 and IPv6 unicast traffic that has been encapsulated in IPv4 IP-in-IP tunnels using firewall filters. If the outer IPv4 header address matches the firewall configuration and the packet has ipip set as the protocol type, then the outer IPv4 header is removed and the packet is routed based on the inner IPv4 or IPv6 address. If the packet does not have the expected ipip header, the packet is dropped.

    Configure this feature using the following CLI statements at the [edit firewall family inet filter filter-name term term-name] hierarchy:

    • from protocol ipip: Set the protocol type as IP-IP.

    • then decapsulate ipip: Decapsulate the IP-IP packet. The inner IP destination address is routed using the inet.0 routing table by default.

    • then decapsulate ipip routing-instance routing-instance-name: Decapsulate the IP-IP packet and route the inner destination address using the specified routing instance.

    Use show firewall to view the configuration.

    [See filter (Firewall Filters) and Configuring IP Tunnel Interfaces.]

  • IPIP encapsulation for flexible tunnel interfaces (FTIs) (MX Series, PTX Series, and QFX10002)—We've extended flexible tunnel interfaces (FTIs) and existing forwarding constructs to support configuring static IPv4 IP-in-IP tunnels and RIB APIs. To configure an IP-in-IP tunnel on a FTI, use the ipip option at the [edit interfaces interface-name unit logical-unit-number tunnel encapsulation] hierarchy level.

    [See Configuring Flexible Tunnel Interfaces and ipip.]

Juniper Extension Toolkit

  • Juniper Extension Toolkit (JET) supports BFD Service APIs for routing protocol process (rpd) programmability (MX Series, PTX Series, QFX Series, and vMX)—Starting in Junos OS Release 20.3R1, you can use programmable rpd (prpd) BFD APIs to add, update, and delete BFD sessions and subscribe to BFD events from outside applications. These APIs enable the integration of rpd with software-defined networking (SDN) controllers and increase the flexibility of your network. The prpd BFD APIs support BFD Echo-Lite sessions in single-hop IPv4 and IPv6 modes.

    The following BFD Service APIs are supported:

    • Initialize

    • SessionAdd

    • SessionUpdate

    • SessionDelete

    • SessionDeleteAll

    • Subscribe

    • Unsubscribe

    Use the show bfd session extensive command to view BFD sessions. BFD sessions added through prpd BFD APIs are labeled with PRPD:<session-id> in the client field. The <session-id> is 1 for the first BFD session that is added, 2 for the second, and so on.

    [See show bfd session extensive and JET APIs on Juniper EngNet.]

  • Support for static backup paths with IP-in-IP tunnel encapsulation and provisioning APIs (MX Series, PTX Series, and QFX10002)—We’ve enhanced Juniper Extension Toolkit (JET) APIs to enable a controller to set up underlay network backup paths that use IP-in-IP tunnels with IPv4 encapsulation. JET APIs notify the controller of active paths, interfaces, and changes to the interface state. The loop-free backup paths help quickly restore failed core transport networks built with only IP protocols.

    [See JET APIs on Juniper EngNet.]

  • Support for policy match condition to match programmed routes (MX Series, PTX Series, and QFX10002)—We’ve introduced a new option programmed that allows policy matches for routes injected by JET APIs. To allow policy matches for routes injected by JET APIs, use the programmed option at the [edit policy-options policy-statement policy-name term term-name from] hierarchy level. To view details about programmed routes, use the show route programmed (detail | extensive) command.

    [See policy-statement and show route.]

  • RIB service API option to control route distribution (MX Series, PTX Series, and QFX10002)—We’ve added a no-advertise flag to the RIB service API per-route RouteAttributes object to limit re-advertisement of the provisioned route. You can set this flag to TRUE to prevent the route from being redistributed to routing protocols and advertised to peers.

    [See JET APIs on Juniper EngNet.]

Junos OS XML, API, and Scripting

  • Support for REST API over nondefault virtual routing and forwarding (VRF) instance (EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.3R1, you can execute Junos OS operational commands using the REST API over a nondefault VRF instance. The nondefault VRF instance can be a user-defined instance or the management instance, mgmt_junos.

    The REST API allows you to execute Junos OS operational commands over HTTP(S). If you don’t specify a routing instance, REST API requests are sent over the default routing instance. Use a nondefault VRF instance to improve security and make it easier to troubleshoot.

    Use the routing-instance routing-instance statement at the [edit system services rest] hierarchy level to specify a nondefault VRF instance for REST API requests.

    [See Management Interface in a Nondefault Instance and rest.]

Junos Telemetry Interface

  • EVPN statistics export using JTI (MX240, MX480, MX960, MX2008, MX2010, MX2020, MX10003, MX10008, MX10016 and vMX routers, EX4300, EX4600, EX4650, EX9200, EX9204, EX9208, EX9214, EX9251, and EX9253 switches)—Starting in Junos OS Release 20.3R1, you can use Junos telemetry interface (JTI) an remote procedure call (gRPC) services to export EVPN statistics from devices to an outside collector.

    Use the following sensors to export EVPN statistics:

    • Sensor for instance level statistics (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/)

    • Sensor for route statistics per peer (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/peer/)

    • Sensor for Ethernet segment information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/ethernet-segment/). This includes EVPN designated forwarder ON_CHANGE leafs esi and designated-forwarder.

    • Sensor for local interface information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/interfaces/)

    • Sensor for local IRB interface information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/irb-interfaces/)

    • Sensor for global resource counters and current usage (resource path /junos/evpn/evpn-smet-forwarding/)

    • Sensor for EVPN IP prefix (resource path /junos/evpn/l3-context/)

    • Sensor for EVPN IGMP snooping database (type 6) (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/sg-db/)

    • Sensor for EVPN IGMP join sync (type 7) ad leave sync (type 8) (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/sg-db/sgdb-esi)

    • Sensor to relate selected replicator on AR leaf on QFX5100, QFX5110, QFX5120, and QFX5200 switches (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/assisted-replication/)

    • Sensor for EVPN ON_CHANGE notifications (resource path /network-instances/network-instance[instance-name='name']//protocols/protocol/evpn/ethernet-segment)

    • Sensor for overlay VX-LAN tunnel information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/vxlan-tunnel-end-point/). This includes VTEP information ON_CHANGE leafs source_ip_address, remote_ip_address, status, mode, nexthop-index, event-type and source-interface.

    • EVPN MAC table information (resource path /network-instances/network-instance[instance-name='name']/mac_db/entries/entry/)

    • Sensor for MAC-IP or ARP-ND table (resource path /network-instances/network-instance[instance-name='name']/macip_db/entries/entry/)

    • Sensor for MAC-IP ON_CHANGE table information (resource path /network-instances/network-instance[name='name']/macip-table-info/). Statistics include leafs learning, aging-time, table-size, proxy-macip, and num-local-entries.

    • Sensor for MAC-IP ON_CHANGE entry information (resource path /network-instances/network-instance[name='name']/macip-table/entries/entry/). Statistics include leafs ip-address, mac-address, vlan-id and vni.

    • Sensor for bridge domain or VLAN information (resource path /network-instances/network-instance[instance-name='name']/bd/)

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Chassis management configuration and counters support on JTI (MX Series with MPC11E)—Starting in Junos OS Release 20.3R1, Junos telemetry interface (JTI) supports streaming chassis management error (cmerror) configuration and counters to an outside collector using remote procedure calls (gRPC).

    The following base resource paths are supported:

    • /junos/chassis/cmerror/configuration

    • /junos/chassis/cmerror/counters

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Forwarding information base (FIB) sensor support on JTI (MX Series and PTX Series)—Starting in Junos OS Release 20.3R1, you can use the Junos telemetry interface (JTI) and remote procedure calls (gRPC) services to stream or export ON_CHANGE FIB, also known as forwarding table, statistics to outside collectors. This feature supports the OpenConfig YANG model OC-AFT.

    To enable and manage FIB streaming, include the following statements on the client device:

    • set system fib-streaming and delete system fib-streaming statements at the [edit] hierarchy level to launch or terminate the process.

    • set system fib-streaming traceoptions file file-name statement at the [edit] hierarchy level to configure a logging file.

    • set system fib-streaming traceoptions flag flag-name statement at the [edit] hierarchy level to configure various trace parameters.

    • set system fib-streaming traceoptions level level-name statement at the [edit] hierarchy level to configure log levels.

    Use the restart fib-streaming command to restart the process.

    To show information about FIB streaming, use the following operational mode commands on the client device:

    • show fib-streaming

    • show fib-streaming next-hop-groups

    • show fib-streaming next-hops

    • show fib-streaming routes ipv4-unicast

    • show fib-streaming routes ipv6-unicast

    • show fib-streaming routes mpls

    The following table shows supported sensors:

    Table 5: Supported Sensors

    Supported Sensors

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/id

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/state/id

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/state/dscp[]

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/state/next-hop-group

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface/id

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface/state/id

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface/state/interface

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface/state/subinterface

    /network-instances/network-instance/afts/ipv4-unicast/ipv4-entry/prefix

    /network-instances/network-instance/afts/ipv4-unicast/ipv4-entry/state/prefix

    /network-instances/network-instance/afts/ipv4-unicast/ipv4-entry/state/next-hop-group

    /network-instances/network-instance/afts/ipv6-unicast/ipv6-entry/prefix

    /network-instances/network-instance/afts/ipv6-unicast/ipv6-entry/state/prefix

    /network-instances/network-instance/afts/ipv6-unicast/ipv6-entry/state/next-hop-group

    /network-instances/network-instance/afts/mpls/label-entry/label

    /network-instances/network-instance/afts/mpls/label-entry/state/label

    /network-instances/network-instance/afts/mpls/label-entry/state/next-hop-group

    /network-instances/network-instance/afts/mpls/label-entry/state/popped-mpls-label-stack

    This leaf reports the same label value in case of pop or swap.

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/id

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/next-hops/nexthop/index

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/next-hops/nexthop/state/weight

    /network-instances/network-instance/afts/nexthops/nexthop/index

    /network-instances/network-instance/afts/next-hops/next-hop/juniper/state/lsp-id

    This leaf is a new augmentation.

    /network-instances/network-instance/afts/next-hops/next-hop/state/ip-address

    /network-instances/network-instance/afts/next-hops/next-hop/state/mac-address

    /network-instances/network-instance/afts/next-hops/next-hop/state/pushed-mpls-label-stack

    /network-instances/network-instance/afts/next-hops/next-hop/interface-ref/state/interface

    /network-instances/network-instance/afts/next-hops/next-hop/interface-ref/state/subinterface

    /network-instances/network-instance/afts/next-hops/next-hop/juniper/state/mapped-next-hop-index

    This leaf is a new augmentation.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Support for policy forwarding table sensor on JTI (MX Series and PTX Series)—Starting in Junos OS Release 20.3R1, you can use Junos telemetry interface (JTI) and remote procedure calls (gRPC) services to stream policy forwarding table statistics on MX Series and PTX Series routers to outside collectors. The following resource paths are supported:

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/id

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/state/id

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/state/dscp[]

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/state/next-hop-group

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface/id

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface/state/id

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface/state/interface

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface/state/subinterface

    The Junos OS class-of-service (CoS) classifiers do the code-point (CP) to forwarding-class (FC) and loss-priority (LP) mapping. The classifier used depends on the family configured on the logical interface. Devices running Junos OS support the following classifier types:

    • Differentiated Services code point classifier (DSCP)

    • DSCP IPv6

    • MPLS EXP classifier inet-precedence

    • IPv4 precedence classifier

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Support for aggregated Ethernet interface ON_CHANGE with JTI (MX5, MX10, MX40, MX80, MX104, MX150, MX204, MX240, MX480, MX960, MX2008, MX2010, MX2020, MX10003, MX10008, MX10016, PTX1000, PTX3000, PTX5000, PTX10001-36MR, PTX10002, PTX10008, PTX10016, QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, QFX10002, QFX10008, and QFX10016)—Starting in Junos OS Release 20.3R1, Junos telemetry interface (JTI) supports ON-CHANGE statistics for aggregated Ethernet interfaces for minimum links and member interfaces.

    To export these statistics to an outside collector using remote procedure call (gRPC) services and JTI, include the following resource paths in a subscription:

    • /interfaces/interface/aggregation/state/min-links/

    • /interfaces/interface/aggregation/state/member/

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Increase the speed of telemetry sensor subscription installation (MX Series routers)—Starting in Junos OS Release 20.3R1, Junos telemetry interface (JTI) supports enhancements to increase the sensor subscription installation speed for collectors. Whether a dynamic sensor subscribe or unsubscribe request from a collector uses remote procedure calls (gRPC) services or gRPC Network Management Interface (gNMI) services to make the request, resource paths (sensors) in the request are individually validated and committed. The following enhancements shorten the subscription installation process and time:

    • Validation is no longer done using the ephemeral database’s configuration load operation.

    • Network Agent instead uses information from sensor YANGs and the Packet Forwarding Engine’s internal sensor table to validate the paths in a subscribe or unsubscribe request. Using these sources, Network Agent responds back to the collector with system-accepted paths and completes basic checks before proceeding to commit the request.

    • Network Agent performs a single commit per subscribe or unsubscribe request instead of doing commits for each resource path in a request.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Support for fabric, optical, and FPC environment sensor on JTI (MX-2010 and MX-2020 routers with MPC11E)—Starting in Junos OS Release 20.3R1, Junos telemetry interface (JTI) supports streaming fabric, optical, and Flexible PIC Concentrator (FPC) environment statistics to an outside collector using remote procedure calls (gRPC).

    The following base resource paths are supported:

    • /junos/system/linecard/optics/

    • /junos/system/linecard/environment/

    • /junos/system/linecard/fabric/

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

Layer 2 Features

Layer 2 VPN

  • Enable or disable control-word for static pseudowire in LDP VPLS instance and BGP VPLS mesh-group (MX Series)—Starting in Junos OS Release 20.3R1, we’ve introduced the control-word and no-control-word options at the [edit routing-instances routing-instance-name protocols vpls mesh-group mesh-group-name neighbor address static] and [edit routing-instances routing-instance-name protocols vpls neighbor address static] hierarchy levels. The control-word configuration requests the other routers to insert a control word between the label stack and the MPLS payload.

    [See control-word and no-control-word.]

Layer 3 Features

  • Support for BGP Layer 3 VPN over IP-IP Tunnel (MX Series, PTX1000, QFX10002, and QFX10008)—Starting in Junos OS Release 20.3R1, we support BGP Layer 3 VPN over IP over IP (IP-IP) tunnels to create a new transport service. IP-IP tunnels terminate into service-layer VRF, so you do not need to use a service label. This feature allows interoperability between the new VRF and traditional VRF, so both types of overlays can coexist in your network. You can use this feature to transition from an MPLS network to an IP fabric core network and to protect your network from distributed denial-of-service (DDoS) attacks.

    To use VPN over an IP-IP tunnel, configure the tunnel-attribute statement at the [edit policy-options policy-statement policy-name term term-name then] or [edit policy-options policy-statement policy-name then] hierarchy level.

    To configure the receiver to program the dynamic tunnel using the tunnel attribute, use the extended-nexthop-tunnel statement at the [edit routing-instances routing-instance-name protocols bgp group group-name family (inet-vpn | inet6-vpn) unicast] hierarchy level.

    [See BGP Layer 3 VPN over IP-IP Tunnels Overview, family (Protocols BGP), policy-statement, vrf-export, and Configuring IP Tunnel Interfaces.]

MPLS

  • New output fields added in the show path-computation-client lsp extensive command (MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 20.3R1, you’ll see association details such as Association type, ID, and source in the output of the show path-computation-client lsp command when you use the command with the extensive option.

    [See show path-computation-client lsp.]

Multicast

  • Support for virtual tunnels in MVPN (MX240, MX480, and MX960)—Starting in Release 20.3R1, Junos OS supports redundant virtual tunnels (VTs) and fast re-route (FRR) for both active/backup and active/active redundancy models.

    VT interfaces are used in Layer 3 multicast VPNs (MVPN) to facilitate virtual routing and forwarding (VRF) table lookup based on MPLS labels and to provide resiliency.

    [See Resiliency in Multicast L3 VPNs with Redundant Virtual Tunnels.]

Network Management and Monitoring

  • Probe command to query the status of the probed interfaces (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.3R1, you can use the probe command to query the status of the probed interface. The proxy interface resides on the same node as the probed interface, or it can reside on a node to which the probed interface is directly connected.

    The Probe command helps to capture the interface details such as probe packet statistics, and interface state (active/inactive), irrespective of whether the network family address configured is IPv4 or IPv6 on the probed interfaces.

    To enable the probe command, configure the extended-echo statement under the [edit system] hierarchy.

    [See What is the Probe command?.]

  • SNMP support for RIB sharding (MX Series)—Starting in Junos OS Release 20.3R1, you can enable RIB sharding to get network information from BGP MIB-4 and Layer 3 VPN MIB. To enable this feature, configure rib-sharding at the [edit system processes routing bgp] hierarchy level.

    [See Standard SNMP MIBs Supported by Junos OS.]

  • SNMP MIB support for Traffic Load Balancer (MX240, MX480, and MX960)—Starting in Junos OS Release 20.3R1, a new MIB and a few new MIB traps export the statistics of the Traffic Load Balancer application. The new MIB is jnxTLBMIB and the MIB traps are juniperMIB(2636), jnxTraps (4), and jnxTLBNotifications (32).

    [See Enterprise-Specific SNMP MIBs Supported by Junos OS.]

  • Enhancements to sessions over outbound HTTPS (EX Series, MX Series, PTX1000, PTX3000, PTX5000, PTX10001, PTX10002, PTX10008, PTX10016, QFX Series, SRX1500, SRX4100, SRX4200, SRX4600, SRX5600, SRX5800, and vSRX)—Starting in Junos OS Release 20.3R1, devices running Junos OS with upgraded FreeBSD support the following enhancements to sessions over outbound HTTPS:

    • Connecting to multiple outbound HTTPS clients by configuring one or more clients at the [edit system services outbound-https] hierarchy level

    • Configuring multiple backup gRPC servers for a given outbound HTTPS client

    • Establishing a csh session

    • Establishing multiple, concurrent NETCONF and csh sessions between the device running Junos OS and an outbound HTTPS client

    • Configuring a shared secret that the outbound HTTPS client uses to authenticate the device running Junos OS

    • Authenticating the client using certificate chains in addition to self-signed certificates

    [See NETCONF and Shell Sessions over Outbound HTTPS.]

Next Gen Services

  • GNFs support subscriber services (MX480 and MX960 with MX-SPC3)—Starting in Junos OS Release 20.3R1, guest network functions (GNFs) running Next Gen Services with the MX-SPC3 card support the following subscriber services:

    • Captive portal content delivery (CPCD)

    • Logging and reporting function (LRF)

    • Deep packet inspection (DPI)

    • Junos Subscriber Aware policy and charging enforcement function (PCEF)

    • HTTP content management (HCM)

    Note

    To support the services traffic over abstracted fabric interfaces, a GNF that has an MX-SPC3 card assigned to it must also have a line card linked to it.

    [See MX-SPC3 Services Card.]

  • Support for flow tracing of service sets for Next Gen Services (MX240, MX480, and MX960)—Starting in Junos OS Release 20.3R1, you can perform flow tracing at the service-set level, which reduces file size and avoids having to sift through large files for information about a single service set.

    [See traceoptions (Next Gen Services Service-Set Flow).]

  • Support for port block allocation for Next Gen Services (MX240, MX480, and MX960)—Starting in Junos OS Release 20.3R1, we support port block allocation (PBA) for Next Gen Services. PBA reduces logging in the system by allocating blocks of ports to a subscriber instead of a single port at a time. Subscribers are tracked based on their private IP address and this information is logged in the system logs. However, ports are reused at a high rate, making tracking of subscribers’ usage and activity difficult. PBA enables you to easily track subscribers’ usage and activity.

    [See block-allocation.]

Port Security

  • MACsec on logical interfaces (MX240, MX480, and MX960)—Starting in Junos OS Release 20.3R1, you can configure Media Access Control Security (MACsec) at the logical interface level on the MPC7E-10G line card. This configuration enables multiple MACsec Key Agreement (MKA) sessions on a single physical port. VLAN tags are transmitted in cleartext, which allows intermediate switches that are MACsec-unaware to switch the packets based on the VLAN tags.

    [See Media Access Control Security (MACsec) over WAN.]

  • Timer-based MACsec SAK refresh (MX10003, PTX10001, PTX10003, PTX10008, and PTX10016)—Starting in Junos OS Release 20.3R1, you can configure a timer-based refresh of the secure association key (SAK) on a Media Access Control Security (MACsec)-secured link. The key server generates the SAK and refreshes it periodically. The key server also sets a refresh interval, by default, based on packet counter movement. If the refresh does not occur frequently, this can leave the SAK vulnerable to attack. You can enhance security of the SAK by configuring a shorter timer-based refresh interval.

    [See Understanding Media Access Control Security (MACsec).]

Routing Protocols

  • Support for Implicit filter for default EBGP route propagation behavior without policies (ACX Series, JRR200, MX204, vRR and PTX5000)—Starting in Junos OS Release 20.3R1, we’ve introduced a new configuration hierarchy, defaults ebgp no-policy at the existing [edit protocols bgp] hierarchy level. The configuration option separates the default policy for receive and advertise, into separate clauses (accept, reject, or reject-always) to allow the route propagation behavior of EBGP speakers to vary independently from its default behavior.

    In earlier releases, the default behavior of BGP was to receive and advertise all routes. With the introduction of this feature, the default behavior still remains to “accept” all routes for both receive and advertise, but you also have an option to reject routes by default.

    With the reject configuration, you can reject routes of type inet unicast and inet6 unicast in instance types master, vrf, virtual-router, and non-forwarding. With the reject-always configuration, you can reject all routes from being received or getting advertised, irrespective of address family or instance type. By using this feature, you can control traffic in leaf autonomous systems (AS) and thereby, prevent them from having to accidentally function as transit autonomous systems.

    Note

    The introduction of this implicit filter does not affect the existing deployments that rely on the default behavior.

    [See Implicit Filter for Default EBGP route propagation behavior without policies and defaults.]

  • TI-LFA SRLG protection and fate-sharing protection for OSPFv2 (MX Series and PTX Series)—Starting in Junos OS Release 20.3R1, you can configure Shared Risk Link Group (SRLG) protection and fate-sharing protection for segment routing to choose a fast reroute path that does not include SRLG links and fate-sharing groups in the topology-independent loop-free alternate (TI-LFA) backup paths to avoid fate-sharing and SRLG failures. This is in addition to existing fast reroute options such as link-protection and node protection for segment routing.

    To enable TI-LFA SRLG protection and fate-sharing protection with segment routing for OSPFv2, include the srlg-protection statement and the fate-sharing-protection statement respectively at the [edit protocols ospf area area-id interface name post-convergence-lfa] hierarchy level.

    [See Topology-Independent Loop-Free Alternate with Segment Routing for OSPF.]

  • BGP sharding for IPv4 and Ipv6 L3VPN, BGP-LU (MX Series, PTX-Series and vRR)—Starting in Release 20.3R1, Junos OS supports BGP sharding and update IO features for these IPv4 and Ipv6 address families:

    • inet-vpn unicast

    • inet-vpn multicast (vrf.inet.2)

    • inet6-vpn unicast

    • inet6-vpn multicast (vrf.inet.2)

    • inet labeled-unicast

    • inet6 labeled-unicast

    To enable BGP sharding, configure rib-sharding at the [edit system processes routing bgp] hierarchy level. Sharding is dependent on the update I/O thread feature. To enable update I/O, configure update-threading at the [edit system processes routing bgp] hierarchy level.

    BGP Sharding is supported only on 64-bit routing protocol process (rpd) where the Routing Engine has at least 4 CPU cores and 16 GB of memory. To enable your device to always use 64-bit mode, use set force-64-bit at [edit system processes routing] hierarchy level. If you configure rib-sharding on a routing engine, RPD creates sharding threads. By default, the number of sharding threads created is the same as the number of CPU cores on the routing engine. Optionally, you can specify the number-of-shards you want to create. To set the number of sharding threads, use set number-of-shards <number-of-shards> at [edit system processes routing bgp rib-sharding] hierarchy level. To set the number of update threads, use set number-of-threads <number-of-threads> at the [edit system processes routing bgp update-threading] hierarchy level. To enable your device to always use 64-bit mode, use set force-64-bit at [edit system processes routing] hierarchy level.

    [See rib-sharding and update-threading.]

  • ECMP next-hop update rate throttling (MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 20.3R1, you can choose to defer multipath computation for all families during a BGP peering churn. In very large-scale network deployments, during BGP peering churn there is a temporary spike in multipath computation, which takes a toll on the Packet Forwarding Engine resources. This feature allows you to pause the multipath computation and to resume after the peering churn settles down. Note that if there is no BGP peering churn, then multipath computation is not paused.

    To enable the pause option for BGP multipath computation during BGP peering churn, include the pause computation statement at the [edit protocols BGP multipath] hierarchy level.

    [See pause-computation-during-churn.]

  • Support for Faster PFE Acks (MX Series Virtual Chassis)—Starting in Junos OS Release 20.3R1, we support Faster PFE Acks to release Routing Engine kernel resources quicker. This support ensures that resource exhaustion scenarios are avoided

    [See virtual-chassis (MX Series Virtual Chassis). ]

  • Enabling Ifstate, peer infra, and TCP/IP stack parallelization on Virtual chassis (MX240, MX480, MX960, and MX2020)—Starting in Junos OS Release 20.3R1, Virtual Chassis involving the listed MX Series devices support the following BFD features:

    • Ifstate parallelization

    • Peer infra parallelization

    • TCP and IP stack parallelization

    These features are preserved on failover of any chassis when using Virtual Chassis.

    [See Understanding Bidirectional Forwarding Detection (BFD). ]

Segment Routing

  • SRv6 network programming in IS-IS (MX Series with MPC7E, MPC8E and MPC9E line cards)—Starting in Junos OS Release 20.3R1, you can configure segment routing in a core IPv6 network without an MPLS data plane. This feature is useful for service providers whose networks are predominantly IPv6 and have not deployed MPLS. Such networks depend only on the IPv6 headers and header extensions for transmitting data. This feature also benefits networks that need to deploy segment routing traffic through transit routers that do not have segment routing capability yet. In such networks, the SRv6 network programming feature can provide flexibility to leverage segment routing without deploying MPLS.

    To enable SRv6 network programming in an IPv6 domain, include the srv6 statement at the [edit routing-options source-packet-routing] hierarchy level.

    To advertise the Segment Routing Header (SRH) locator with a mapped flexible algorithm, include the algorithm statement at the [edit protocols isis source-packet-routing srv6 locator] hierarchy level.

    To configure a topology-independent loop-free alternate backup path for SRv6 in an IS-IS network, include the transit-srh-insert statement at the [edit protocols isis source-packet-routing srv6] hierarchy level.

    [See How to Enable SRv6 Network Programming in IS-IS Networks.]

  • Support for LDP Tunneling over Segment Routing Traffic Engineering (MX Series, PTX Series, and ACX5448)—Starting in Junos OS Release 20.3R1, you can tunnel LDP LSPs over Segment Routing Traffic Engineering (SR-TE) in your network. Tunneling LDP over SR-TE provides consistency and co-existence of both LDP LSPs and SR-TE LSPs.

    [See Tunneling LDP over SR-TE.]

Services Applications

  • Enhancements to the RFC 2544-based benchmarking tests (MX Series)—Starting in Junos OS Release 20.3R1, we’ve extended support for these tests onto the following devices:

    • MX240, MX480, and MX960 routers with the MPC7E-MRATE or MPC7E-10G line card

    • MX2008, MX2010, and MX2020 routers with the MX2K-MPC8E or MX2K-MPC9E line card

    • MX204 and MX10003 (with the LC2103 line card) routers

    You can use the RFC 2544 tests to measure and demonstrate the service-level agreement (SLA) parameters before service activation. The tests measure throughput, latency, frame loss rate, and link bursts. This enhancement supports the Layer 2 reflector (ingress direction) for family types bridge and vpls. To set the ingress direction of a test, configure the family bridge or family vpls statement and the direction ingress statement at the [edit services rpm rfc2544-benchmarking tests test-name name] hierarchy level.

    To run the tests, you must configure the reflector function on the corresponding MPC. To configure the reflector function, include the fpc fpc-slot-number slamon-services rfc2544 statement at the [edit chassis] hierarchy level.

    [See Understanding RFC2544-Based Benchmarking Tests on MX Series Routers.]

  • Support for sampling and tunneling performance improvement (MX204)—Starting in release 20.3R1, Junos OS allows fabric-bound packets to take a new fabric loopback path, freeing up the WAN bandwidth and thus improving the sampling and tunneling performance of the router. You can configure fabric-side loopback by using the fabric loopback wan off statement or switch to WAN side by using the fabric loopback wan on statement at the [edit chassis fpc slot-number] hierarchy level. By default, Junos OS uses fabric loopback for the loopback packets.

    [See Tunnel Services Overview and Understanding Inline Active Flow Monitoring.]

  • Support for hardware timestamping of Two-Way Active Measurement Protocol (TWAMP) and real-time performance monitoring (RPM) probe messages (MX10008, MX10016, PTX10008, and PTX10016)—Starting in Junos OS Release 20.3R1, we’ve extended support for hardware timestamping of TWAMP and RPM probe messages. Hardware timestamping is enabled by default for TWAMP, but you must configure it for RPM. You use TWAMP and RPM to measure IP performance between two devices in a network. By configuring hardware timestamping for RPM, you can account for the latency in the communication of probe messages and generate more accurate timers in the Packet Forwarding Engine. To configure hardware timestamping for RPM, include the hardware-timestamping statement at the [edit services rpm probe probe-owner test test-name] hierarchy level.

    [See Understanding Two-Way Active Measurement Protocol on Routers, Understanding Using Probes for Real-Time Performance Monitoring on M, T, PTX and MX Series Routers, and Configuring RPM Timestamping on MX, M, T, and PTX Series Routers and EX Series Switches.]

  • New configuration option for displaying descriptive information of session logs (MX Series)—Starting in Junos OS Release 20.3R1, you can configure an option to display more descriptive information of session logs. You can configure the enable-descriptive-session-syslog statement at the [edit services service-set service-set-name service-set-options] hierarchy level to enable syslog to display information related to inside and outside packets, byte count, and the session IDs for both open and close sessions.

    [See[service-set-options.]

Software Defined Networking (SDN)

  • Programmable flexible VXLAN tunnels (MX960 with MPC10E; MX2010 and MX2020 with MPC11E)—Starting in Junos OS Release 20.3R1, we support flexible VXLAN tunnels in a data center environment that includes one or more controllers. In this environment, one or more of the supported MX Series routers can function as data center edge gateways that exchange Layer 2 traffic with hosts in a data center. Through the use of static routes and tunnel encapsulation and de-encapsulation profiles, the Layer 2 traffic is dynamically tunneled over an intervening IPv4 or IPv6 network.

    The controllers enable you to program a large volume of static routes and tunnel profiles on the gateway devices through the Juniper Extension Toolkit (JET) APIs.

    [See Understanding Programmable Flexible VXLAN Tunnels and JET APIs on Juniper EngNet.]

System Management

  • Clock synchronization support (MX240, MX480, MX960, MX2010, and MX2020)—Starting in Junos OS release 20.3R1, we’ve enhanced the clock synchronization (clksync) module. When the CB0 clock failure alarm is raised, automatic Routing Engine switchover occurs. The new primary Routing engine Engine connection is made, the clksync module gets the notification.

    [See Understanding Clock Synchronization. ]

What's Changed

Learn about what changed in Junos OS main and maintenance releases for MX Series routers.

What’s Changed in Release 20.3R3

General Routing

  • Configure internal IPsec authentication algorithm (EX Series)—You can configure the algorithm hmac-sha-256-128 at the [edit security ipsec internal security-association manual direction bidirectional authentication algorithm] hierarchy level for internal IP security (IPsec) authentication. In earlier releases, you could configure the algorithm hmac-sha-256-128 for MX series devices only.

Layer 2 Ethernet Services

  • Active leasequery-based bulk leasequery (MX Series)—The overrides always-write-option-82 and relay-option-82 circuit-id configurations at the [edit forwarding-options dhcp-relay] hierarchy level are not mandatory for active leasequery-based bulk leasequery. For earlier releases, the overrides always-write-option-82 and circuit-id configurations are mandatory for active leasequery-based bulk leasequery.

    For regular bulk leasequery between relay and server without any active leasequery, the overrides always-write-option-82 and relay-option-82 circuit-id configurations are mandatory.

    [See bulk-leasequery (DHCP Relay Agent.]

  • Link selection support for DHCP (QFX Series)—We’ve introduced link-selection statement at the [edit forwarding-options dhcp-relay relay-option-82] hierarchy level, which allows DHCP relay to add suboption 5 to option 82. Suboption 5 allows DHCP proxy clients and relay agents to request an IP address for a specific subnet from a specific IP address range and scope. Earlier to this release, the DHCP relay drops packets during the renewal DHCP process as the DHCP Server uses the leaf's address as a destination to acknowledge DHCP renewal message.

    [See relay-option-82.]

What’s Changed in Release 20.3R2

General Routing

  • Round-trip time load throttling for pseudowire interfaces (MX Series)—The Routing Engine supports round-trip time load throttling for pseudowire (ps) interfaces. In earlier releases, only Ethernet and aggregated Ethernet interfaces are supported.

    [See Resource Monitoring for Subscriber Management and Services]

  • Updates to ON-CHANGE and periodic dynamic subscriber interface metadata sensors (MX Series routers and EX9200 line of switches)—

  • New commit check for MC-LAG (MX Series)—We've introduced a new commit check to check the values assigned to the redundancy group identification number on the MC-AE interface ( redundancy-group-id ) and ICCP peer (redundancy-group-id-list ) when you configure multichassis aggregation groups (MC-LAGs). If the values are different, the system reports a commit check error. In previous releases, if the configured values were different, the l2ald process would crash.

    [See iccp and mc-ae.]

  • Changes to Junos XML operational RPC request tag names (MX480)—Starting in Junos OS Release, we've updated the Junos XML request tag name for the below operational RPCs. The changes include:

    get-security-associations-information is changed to get-re-security-associations-information

    get-ike-security-associations-information is changed to get-re-ike-security-associations-information

    [See Junos XML API Operational Developer Reference  .]

Junos XML API and Scripting

  • The jcs:invoke() function supports suppressing root login and logout events in system log files for SLAX event scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in SLAX event scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified RPC. If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are logged in system log files.

    [See invoke() Function (SLAX and XSLT).]

  • The jcs:invoke() function supports suppressing root login and logout events in system log files for SLAX commit scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in SLAX commit scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified RPC. If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are logged in system log files.

    [See invoke() Function (SLAX and XSLT).]

MPLS

  • The show mpls lsp extensivel and show mpls lsp detail commands display next-hop gateway LSPid—When you use the show mpls lsp extensivel and show mpls lsp detail commands, you'll see next-hop gateway LSPid in the output.

User Interface and Configuration

  • Verbose format option to export JSON configuration data (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The Junos OS CLI exposes the verbose statement at the edit system export-format json hierarchy level. The default format to export configuration data in JSON changed from verbose format to ietf format starting in Junos OS Release 16.1R1. You can explicitly specify the default export format for JSON configuration data by configuring the appropriate statement at the edit system export-format json hierarchy level. Although the verbose statement is exposed in the Junos OS CLI as of the current release, you can configure this statement starting in Junos OS Release 16.1R1.

    [See export-format.]

What’s Changed in Release 20.3R1

EVPN

  • New output flag for the show bridge mac-ip table command 9MX series)—The Layer 2 address learning daemon (l2ald) does not send updated MAC and IP address advertisements to the routing protocol daemon (rpd) when an IRB interface is disabled in an EVPN-VXLAN network. We’ve added the NAD flag in the output of the show bridge mac-ip-table command to identify the disabled IRB entries in which the MAC and IP address advertisement will not be sent.

    [See show bridge mac-ip-table.]

General Routing

  • Change in show oam ethernet connectivity-fault-management mep-statistics command (MX Series)—You can now view the real-time statistics for continuity check messages (CCM) inline sessions for MPC10E (MPC10E-10C-MRATE and MPC10E-15C-MRATE) and MPC11E (MX2K-MPC11E) line cards only when you execute the show oam connectivity-fault-management mep-statistics local-mep local-mep-id maintanance-association name twice in immediate succession. If you execute the command once, the values are incorrectly displayed.

    [See show oam ethernet connectivity-fault-management mep-statistics.]

  • MS-MPC and MS-MIC service package (MX240, MX480, MX960, MX2020, MX2010, and MX2008)—PICs of Multiservices MPCs (MS-MPCs) and Multiservices MICs (MS-MICs) do not support any service package than other extension-provider. These PICs always come up with the extension-provider service-package, irrespective of the configuration. If you try to configure any other service package, for these PICs by using the command set chassis fpc slot-number pic pic-number adaptive-services service-package, an error is logged. Use the show chassis pic fpc-slot slot pic-slot slot command to view the service package details of the PICs of MS-MPC and MS-MIC.

    [See extension-provider.]

High Availability (HA) and Resiliency

  • IPv6 address in the prefix TIEs displayed correctly—The IPv6 address in the prefix TIEs are displayed correctly in the show rift tie output.

Infrastructure

  • Change in support for interface-transmit-statistics statement (MX Series)--You cannot configure aggregated Ethernet interfaces to capture and report the actual transmitted load statistics by using the interface-transmit-statistics statement. Aggregated Ethernet interfaces do not support reporting of the transmitted load statistics. The interface-transmit-statistics statement is not supported in the aggregated Ethernet interfaces hierarchy. In earlier releases, the interface-transmit-statistics statement was available in the aggregated Ethernet interfaces hierarchy but not supported.

    [See interface-transmit-statistics.]

Interfaces and Chassis

  • Change in support for interface-transmit-statistics statement—You cannot configure aggregated Ethernet interfaces to capture and report the actual transmitted load statistics by using the interface-transmit-statistics statement. Aggregated Ethernet interfaces do not support reporting of the transmitted load statistics. In Junos OS Release 20.3R1, the interface-transmit-statistics statement is not supported in the aggregated Ethernet interfaces hierarchy. In earlier releases, the interface-transmit-statistics statement was available in the aggregated Ethernet interfaces hierarchy but not supported.

Junos OS, XML, API, and Scripting

  • Changes to Junos XML RPC request tag names (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've updated the Junos XML request tag name for some operational RPCs to ensure consistency across the Junos XML API. Devices running Junos OS still accept the old request tag names, but we recommend that you use the new names going forward. The changes include:

    • Most, but not all, request tag names that start with show replace show with get in the name.

    • Uppercase characters are converted to lowercase.

    [See Junos XML API Explorer - Operational Tags.]

J-Web

  • Adobe Flash Player support (MX Series)—Adobe Flash Player support will end on December 31, 2020. Due to this, the Flash dependent J-Web monitor pages will not load correctly for Junos OS Release 20.3R1 and earlier releases.

Routing Protocols

  • Advertising 32 secondary loopback addresses to Traffic Engineering Database (TED) as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—In Junos OS Release, multiple loopback addresses export into lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router-ids instead of prefixes. In earlier Junos OS releases, multiple secondary loopback addresses in TED were added into lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router-id.

Services Applications

  • New option for configuring delay in IPsec SA installation—In Junos OS Release 20.3R1, you can configure the natt-install-interval seconds option under the [edit services ipsec-vpn rule rule-name term term-name then dynamic] hierarchy to specify the duration of delay in installing IPSec security association (SA) in a NAT-T scenario soon after the IPsec SA negotiation is complete. The default value is 0 seconds.

Subscriber Management and Services

  • Improved tunnel session limits display (MX Series)—Starting in Junos OS Release 20.3R1, the show services l2tp tunnel extensive command displays the configured value for maximum tunnel sessions. On both the LAC and the LNS, this value is the minimum from the global chassis value, the tunnel profile value, and the value of the Juniper Networks VSA, Tunnel-Max-Sessions (26–33). On the LNS, the configured host profile value is also considered.

    In earlier releases, the command displayed the value 512,000 on the LAC and the configured host profile value on the LNS.

    [See Limiting the Number of L2TP Sessions Allowed by the LAC or LNS.]

  • Command to view summary information for resource monitor (EX9200 line of Ethernet switches and MX Series routers)—The show system resource-monitor command enables you to view many statistics about the use of memory resources for all line cards or for a specific line card in the device. It also displays information about the status of load throttling, which manages how much memory is used before the device acts to reduce consumption.

    [See show system resource-monitor and Resource Monitoring for Subscriber Management and Services.]

Known Limitations

Learn about known limitations in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • EVPN service over scaled SR-TE uncolored is unsupported. PR1499719

General Routing

  • Access facing FPC's CPU stays at 100% for 5-6 minutes after configuration change. PR1447003

  • Upon MPC11 boot up, errors such as following could be seen, but these are harmless and does not have functional impact. Aug 27 22:29:15 sherekhan kernel: i2c i2c-100: (11/1:0x41) i2c transaction error (0x00000002) Aug 28 02:46:06 sherekhan kernel: i2c i2c-64: (7/1:0x41) i2c transaction error (0x00000002). PR1457655

  • The traffic stops when volume quota is reached but resumed incorrectly after APFE failover. Threshold and quota values are not updated to the secondary APFE and if quota is hit on primary APFE and traffic starts dropping due to quota and switchover happens, traffic will continue to flow until quota is hit; no work around. PR1463723

  • If you move the MX2K-MPC11E line card from one guest network function (GNF) to another in an in-chassis Junos node slicing setup, the line card takes longer time than expected to come online. PR1469729

  • During BGP converence, eg full internet table load, the BFD and LACP protocol on the router may flap. PR1472587

  • Line card crashes when there is a change in the ps interfaces which has active subscribers on it. PR1486665

  • When the number of next-hop selectors to be repaired is very high, then time to repair them during FRR would go up and could increase packet losses. This would be observed specially when there are many unilist next hops with different next-hop selectors and each has a member next hop with a logical interface over the same physical interface, which goes down. PR1490070

  • EVPN-VPWS, L3 VPN and L2 VPN FRR convergence time with AE as the active core interface is not meeting <50ms and might be 100ms to 150ms. PR1492730

  • When you switch modes, either from PIC mode to port mode or port mode to PIC mode, the PIC restarts automatically. To change the default speed, you must select a port and configure a different port speed on it and reset both the PICs for the configuration to take effect. For example, select 40GE or 100GE on PIC 0 and 10GE on PIC 1. For this configuration to take effect, you must reset both PICs. The following logs might be seen: chassisd[15345]: should_summit_pic_bounce_for_port_speed_change: FPC 0 PIC 1 Bounce not needed for port speed config change But other PIC configuration change needs the bounce of both PICs, so above log is creating confusion. PR1500429

  • Problem: Few packet loss during MBB with FTI tunnels Actions that trigger problem: If FTI IFL update ( containing underlay NH) reaches PFE prior to underlay NH update, then some packet losses are expected. Details: Kernel sends the underlay NH as part of IFL update to PFE. Based on tunnel destination reachability, kernel sends FTI IFL updates to PFE containing underlay NH. As IFL to NH dependency is not present, FTI IFL update can reach PFE ahead of underlay NH update. In most of the cases, underlay NH is expected to reach first than IFL update. But it is not guaranteed. Hence, as PFE is unaware of new underlay NH, there could be some packet losses during MBB scenarios. Result: MBB can be a challenge & could experience some packet losses. This design limitation exists in all types of FTI tunnels. Workaround: None. PR1507779

  • On a fully scaled system where all the slices are utilized by different families of CLI filters, if we try to call delete for one family and add/change for another family with a higher number of filter terms which requires either expansion of the filter or creation of a new filter, the Packet Forwarding Engine fails to add the new filter as we are getting messages out of sequence?that is, the add/change of filter is called earlier than the delete of another filter that will free up the slices. PR1512242

  • Some memory leaks have been observed in the JET Service Daemon (JSD) process when one or more collectors are connecting and disconnecting to and from the router. These are observed in the gRPC stack code which is third party. The amount of memory leaked is relatively small. However, these leaks could increase with more frequent collector connects and disconnects. As a result of the memory leaks, the JSD process's memory size can increase to a value that is higher than normal (for example, when the gRPC connections are established and stable) but is unlikely to cause any adverse effects to the system with streaming telemetry. PR1512296

  • MX10003 MPC will support a fixed port PIC (6xQSFPP) and a modular TIC (12xQSFP28) which can be of two types - Ethernet TIC and MACSEC TIC. The MACsec TIC doesn't support unified ISSU and hence link flaps are expected on MACsec TIC. PR1514694

  • Currently l2.5 traffic support is only for p2p and not for TS. So Routing Engine traffic doesn't work with traffic selector case. Only transit traffic will work with traffic selector based tunnels. For Routing Engine traffic needs to use p2p tunnels. PR1534248

Interfaces and Chassis

  • Mcae don't update PW state on receiving remote PW state update on the first sync up. PR1503102

MPLS

  • Process rpd might crash after network service configuration changed (like changing the range of MPLS labels) without rebooting all the Routing Engines (which is a system mandatory step). PR1461468

  • As FPC1 is MPC 3D which has 2GB memory and when lot of routes gets injected the memory usage will increase and the below message was seen only once. FPC Resource Monitor: FPC 0 and 1 Heap Memory has crossed free memory watermark of 20. When this message was seen might be at that time the memory usage might have reached to 80% and when the memory usage reaches to 80% it prints this message. In this case maybe for a moment it might have gone to 80% and then when the routes were deleted it came down to 78% and it stays at that number. PR1513436

  • With local reversion ON, there is a possibility of transit router not informing headend of RSVP disabled link when link is flapped more than once. Workaround is to remove local-reversion configuration. PR1576979

Platform and Infrastructure

  • On the MX platform with Protocol Independent Multicast (PIM) implemented and the number of IGMP groups exceeding 15000, join message (S, G) might not be created after graceful Routing Engine switchover (GRES). PR1457166

  • Unknown unicast filter applied in EVPN routing-instance blocks unexpected traffic. PR1472511

  • With sensor being subscribed via Junos Telemetry Interface (JTI), after the interface is deleted/deactivated/disabled, the TCP connection is still established, and the CLI command of "show agent sensors" still shows the subscription. PR1477790

  • EVPN Aliasing and load-balancing for L2 traffic is not working with Dynamic Link Next-Hop. EVPN Alaising with DLNH for L2 traffic is not supported for Junos OS 20.3 and previous releases. PR1504412

  • RPM is a Juniper Networks proprietary feature. In the case of Junos OS, the RPM client never set the DF bit. Hence, we don't see this issue between a Junos OS RPM client and a Junos OS RPM server. Whereas in the case of Junos OS Evolved, the RPM client is setting the DF bit while sending the RPM probes to RPM server. In case of Junos OS TVP-based platforms, the RPM server is not able to decode the DF bit properly. This causes an interwork failure between Junos OS Evolved as the RPM client and TVP platforms as the RPM server (and vice versa). This issue is not applicable for non-TVP-based Junos OS platforms acting as the RPM server. PR1508127

Routing Protocols

  • When enhanced ip is enabled we need to do restart routing else we might see label related issues. PR1577451

Network Management and Monitoring

  • SNMP Support for RIB Sharding and Threading (MX Series)—In Junos OS Release 20.3R1, when you enable RIB Sharding, BGP MIB and L3VPN MIB don’t support the below attributes:

    Unsupported attributes for BGP MIB

    • bgp4PathAttrPeer

    • bgp4PathAttrIpAddrPrefixLen

    • bgp4PathAttrIpAddrPrefix

    • bgp4PathAttrOrigin

    • bgp4PathAttrASPathSegment

    • bgp4PathAttrNextHop

    • bgp4PathAttrMultiExitDisc

    • bgp4PathAttrLocalPref

    • bgp4PathAttrAtomicAggregate

    • bgp4PathAttrAggregatorAS

    • bgp4PathAttrAggregatorAddr

    • bgp4PathAttrCalcLocalPref

    • bgp4PathAttrBest

    • bgp4PathAttrUnknown

    Unsupported attributes for L3VPN MIB

    • mplsL3VpnVrfRteInetCidrDestType

    • mplsL3VpnVrfRteInetCidrDest

    • mplsL3VpnVrfRteInetCidrPfxLen

    • mplsL3VpnVrfRteInetCidrPolicy

    • mplsL3VpnVrfRteInetCidrNHopType

    • mplsL3VpnVrfRteInetCidrNextHop

    • mplsL3VpnVrfRteInetCidrIfIndex

    • mplsL3VpnVrfRteInetCidrType

    • mplsL3VpnVrfRteInetCidrProto

    • mplsL3VpnVrfRteInetCidrAge

    • mplsL3VpnVrfRteInetCidrNextHopAS

    • mplsL3VpnVrfRteInetCidrMetric

    • mplsL3VpnVrfRteXCPointer

    • mplsL3VpnVrfRteInetCidrStatus

Platform and Infrastructure

  • On the MX platform with Protocol Independent Multicast (PIM) implemented and the number of IGMP groups exceeding 15000, join message (S,G) might not be created after graceful Routing Engine switchover (GRES). PR1457166

  • Unknown unicast filter applied in EVPN routing-instance blocks unexpected traffic. PR1472511

  • With sensor being subscribed via Junos Telemetry Interface (JTI), after the interface is deleted/deactivated/disabled, the TCP connection is still established, and the CLI command of show agent sensors still shows the subscription. PR1477790

  • EVPN aliasing and load-balancing for Layer 2 traffic does not work with Dynamic Link Next-Hop. EVPN alaising with DLNH for L2 traffic is not supported for Junos OS Release 20.3 and earlier releases. PR1504412

  • RPM is Juniper propitiatory feature. In case of JUNOS RPM, RPM client never set the DF bit. Hence we didn't see this issue between JUNOS RPM client and JUNOS RPM server. Whereas in case of EVO, EVO RPM client is setting the DF bit while sending the RPM probes to RPM server. In case of JUNOS TVP based platforms, RPM server is not able to decode the DF bit properly. Issue is not applicable for non TVP based JUNOS platforms acting as RPM server. PR1508127

Routing Protocols

  • Commit check fails when rib-sharding is configured with these statements:

    • routing-instances <name> routing-options multipath

    • routing-instances <name> routing-options policy-multipath

    • routing-instances <name> protocols mvpn.

Subscriber Management and Services

  • Subscriber management and services are not supported on MPC10 or MPC11 line cards when you use these cards for subscriber access. MPC10 and MPC11 line cards support subscriber management and services only when you use these cards for uplink purposes to the core.

Open Issues

Learn about open issues in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • If you have to take an interface out of AE bundle and configure it to operate in stand-alone mode, then doing this in a single commit may render the operation ineffective and could lead to connectivity issues. There is a known issue around this and this is seen due to a race condition between RE daemons (CoSD, DCD/Chassisd), Packet Forwarding Engine (PFE) and kernel. The below document link speaks of this issue when there is explicit CoS configuration to be made on the interface - https://www.juniper.net/documentation/en_US/junos/topics/concept/schedulers -cos-ae-sdh-limits-cos-config-guide.html. However, the problem can be seen without explicit CoS too as there is default CoS that is always present. In some cases, it is possible that a single shot commit will send out multiple operational messages down to kernel and might confuse the kernel to do unintended optimization that could lead to a message being consumed at kernel and not being sent to PFE. The result is the same even in this case. PR1504287

EVPN

  • A few duplicate packets might be seen in an A/A EVPN scenario when the remote PE device sends a packet with an IM label due to MAC not learned on the remote PE device, but learned on the A/A local PE device. The nondesignated forwarder sends the IM-labeled encapsulated packet to the PE-CE interface after MAC lookup instead of dropping the packet, which causes duplicate packets to be seen on the CE side. PR1245316

  • With Junos OS Release 19.3R1, VXLAN OAM host-bound packets are not throttled with DDoS policers. PR1435228

Flow-based and Packet-based Processing

  • Use an antireplay window size of 512 for IPv4 or IPv6 in fat-tunnel. The ESP sequence check might otherwise report out-of-order packets if the fat-tunnel parallel encryption is within 384 packets (12 cores * 32 packets in one batch). Hence, there are no out-of-order packets with 512 antireplay window size. PR1470637

Forwarding and Sampling

  • Packet length for ICMPv6 is shown as "0" in the output of the "show firewall log detail" CLI command. PR1184624

  • When GRES is triggered by SSD hardware failure, the syslog error of rpd[2191]: krt_flow_dfwd_open,8073: Failed connecting to DFWD, error checking reply - Operation timed out might be seen. Issue can be recovered by restarting the dfwd daemon. PR1397171

  • After routing restarts, the remote mask, which indicates from which remote PE devices MAC IP addresses are learned, that the routing daemon sends might be different from the existing remote mask that the Layer 2 learning daemon had before restart. This causes a mismatch between Layer 2 learning and routing daemons' interpretation as to where the MAC-IP address entries are learned, either local or remote, leading to the MAP-P table being out of synchronization. PR1452990

  • During -ve scenario like clear MAC table, sometimes expected number of 512K MACs are not re-learnt. PR1475205

  • fast-lookup-filter with match not supported in FLT Hardware might cause traffic drop. PR1573350

General Routing

  • Some non-fatal interrupts (for example, CM cache or AQD interrupts) are logged as fatal interrupts. The following log messages will be shown on CM parity interrupt: fpc0 TQCHIP 0: CM parity Fatal interrupt,Interrupt status:0x10 fpc0 CMSNG: Fatal ASIC error, chip TQ fpc0 TQCHIP 0: CM cache parity Fatal interrupt has occurred 181 time(s) in 180010 msecs TQCHIP 0: CM cache parity Fatal interrupt has occurred 181 time(s) in 180005 msecs PR1089955

  • On MX series and PTX series with FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter a single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. The following syslog message gets reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 The Junos OS chassis management error handling detects such a condition, raises an alarm, and disables the affected Packet Forwarding Engine entity. To recover this Packet Forwarding Engine entity, restart the FPC. Contact your Juniper support representative if the issue persists even after the FPC restarts. PR1254415

  • If a vmhost snapshot is taken on an alternate disk and there is no further vmhost software image upgrade, the expectation is that if the current vmhost image gets corrupted, the system boots with the alternate disk so the user can recover the primary disk to restore the state. However, the host root file system and the node boots with the previous vmhost software instead of the alternate disk. PR1281554

  • On 30-port MACsec-enabled line card (LC1101-M-30C, LC1101-M-30Q, and LC1101-M-96X) of the PTX10008 chassis, when the exclude-protocol lacp statement configured at the [edit security macsec connectivity-association connectivity-association-name] hierarchy level is deleted or deactivated, the LACP protocol's Mux State shown under the output of CLI command show lacp interface, might remain as attached or detached and might not change to distributing state. PR1331412

  • Backup Routing Engine might crash after GRES occurs continuously for more than 10 times. PR1348806

  • When VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter is not installed. PR1362609

  • On MX2010/MX2020 routers equipped with SFB2 (Switch Fabric Board 2), some error messages could be occasionally seen in the logs. There is no operational impact nor an indication of a real issue caused by these messages. PR1363587

  • Due to transient hardware condition, single-bit error (SBE) events are corrected and have no operational impact. Reporting of those events had been disabled to prevent alarms and possibly unnecessary hardware replacements. This change applies to all Platforms using Hybrid Memory Controller (HMC). PR1384435

  • In scaled configurations an FPC can be shown as online and permits revert of a RLT when its actually not yet ready to pass traffic. This can lead to traffic loss for up to 8 minutes. PR1394026

  • FPC core files are generated on multiple additions or deletions of hierarchical CoS from pseudowire devices. As a workaround, remove the pseudowire device without changing the hierarchical CoS configuration. PR1414969

  • If Hypertext Transfer Protocol (HTTP) Header Enrichment function is used, the traffic throughput decreases when traffic passes through Header Enrichment. PR1420894

  • FPC might crash when Packet Forwarding Engine memory usage for a partition such as NH/DFW is high. Under low PFE memory condition log "Safety Pool below 25% Contig Free Space" or "Safety Pool below 50% Contig Free Space" might be observed. PR1439012

  • Interface hold-down timers cannot be achieved for less than 15 seconds on the MPC11E line card. Because of vendor limitations, achieving subsecond hold timers is not possible. Juniper will continue to work with vendors to arrive at a solution for this. PR1444516

  • IPv6 VRRP MAC address is not handled correctly by VFP (virtual forwarding plane). If the IPv6 traffic throughput is beyond the bandwidth of this slow path, the IPv6 packets might be dropped. PR1449014

  • Physical interface policer are not supported in 19.3 for MPC11. PR1452963

  • The CFM remote MEP is not coming up after configuration or remains in Start state. PR1460555

  • Backport jemalloc profiling CLI support to all releases where jemalloc is present. PR1463368

  • Either static routes (or) implicit filters should be configured for forwarding DNS traffic to service pic. It solves DNS packet looping issue. PR1468398

  • For the MPC10E card line, the IS-IS and micro-BFD sessions do not come up during baseline. PR1474146

  • Error messages "[Error] L2alm : l2alm_mac_process_hal_delete_msg:667 Ignoring MAC delete with ifl index 355, fwd_entry has 7888" after performing configuration removal/restore with IPMPLS configurations in MX480 box. PR1475785

  • Possible out of order deletion of AftNode #012#012#012 AftNode details - AftIndirect token:230791 group:0 nodeMask:0xffffffffffffffff indirect:333988 hwInstall:1#012 "during baseline PR1486158

  • NH learning knob is enabled by default in MPC10 and MPC11 irrespective of the knob configuration. The disabling will have no effect on the knob functionality. PR1489121

  • High-scale login and logout (around 1M bearers) can prevent some sessions from logging in again. PR1489665

  • On the MPC10 line card, the following error message is observed on RE1 after doing graceful switchover from RE0 to RE1: user.err aftd-trio: ( [Error] L2ALIPC : L2AL IPC client failed to connect to l2ald). PR1491384

  • This is rarely seen crash after doing multiple switchover (more than 50) with scale configuration. This is race scenario of accessing already free memory and causing the core file. PR1491527

  • On MPC7E/8E/9E/10E, JNP10K-LC2101, and MX204/MX10003, an error syslog saying "unable to set line-side lane config (err 30)" will occasionally appear. This is non-service impacting and can be ignored. PR1492162

  • The smart-sfp-present leaf was removed because this was redundant information. There is a leaf saying the type of smart sfp present on the interface. The present leaf was removed to avoid cluttering of the CLI output. PR1492551

  • Scheduler ingress Packet Forwarding Engine VOQ drop counters do not match egress queue drop counters (diff > 100,000). PR1494785

  • When running the command: show pfe filter hw filter-name <filter name> , the command fails to retrieve the Packet Forwarding Engine programming details of the filter. PR1495712

  • After backup Routing Engine halt, CB1 goes offline and comes back online; this leads to the backup Routing Engine booting up, and it shows the reboot reason as "0x1:power cycle/failure." This issue is only for the RE reboot reason, and there is no other functional impact of this. PR1497592

  • In routing-instance with table next-hop scenario (for example, if EVPN routing-instance is configured, the l2ald process creates a routing table and the EVPN adds a route pointing to this table as table next-hop in the rpd process), if the routing table created within the routing-instance is deleted and then re-added (e.g. deactivated and then re-activated the routing-instance) very fast before the rpd could delete the route pointing to the table next-hop, then the route in the rpd will end up using the staled table next-hop, hence resulting in traffic loss. Sampling configuration which delays the route deleting in the rpd increases the possibility of hitting the issue. PR1498087

  • If MPLS is needed, the CRPD container must be instantiated with the MPLS modules already installed on the host. PR1498632

  • The 'show dynamic-tunnels database statistics' show command is common for many different tunnel. to make common kind of infra, we are showing tunnel encap string. PR1501576

  • SFB3 and MPC11 are not supported in Junos software version 19.4 releases. This change is to disable these components in Junos software version 19.4. PR1503605

  • PR1463859 introduces a software defect that causes a 10GE interface to flap continuously when configuring with the WAN-PHY framing with the default "hold-down" timer (0). Once upgrading a router to an affected software release, the interface may flap continuously. This is not applicable to an interface with the default framing - LAN-PHY. PR1508794

  • On MX platforms with MPC10E/MPC11E, traffic loss (i.e., including Unicast and Multicast traffic) could be seen if along with ECMP (Equal Cost MultiPath) scenario. This defect could only be observed in 20.1R1-S1 and 20.1R1-S2. PR1513898

  • The log file to log the activities associated with the "request rift package activate" command is created with the permissions of the cli user. If multiple users run the command, it may fail due to problems with permissions writing to the log file. PR1514046

  • 35 seconds delay is added in reboot time from 20.2R1 release compared to 19.4R2 release PR1514364

  • Traffic drop observed when Multicast traffic on a group with 4000 egress AE ports is sent. The drop is always on the egress port that are on same PFE as ingress. PPE times-out before the multicast packet is processed and that causes the packet to drop. PR1514646

  • In Junos OS 20.3R1 and 21.2R1: - It is possible that LFM may flap during MX Series Virtual Chassis unified ISSU to/from this release. PR1516744

  • Using sensor path of /mpls/signalling-protocols/segment-routing/aggregate-sid-counters/aggregate -sid-counter/mpls-label "mpls-label" values are not getting reaped out when configured for SR-sid ingress sensors. PR1516811

  • The show configuration command is not displaying the actual version info.PR1517231

  • When an AMS ifd is configured for the first time or any member of the AMS bundle is removed or added, the PICs on which the members of AMS bundle are present go for a reboot. * There is a timer running in the AMS kernel which is used as a delay for the PIC reboot to complete and once that timer expires AMS assumes that the PICs might have been rebooted and it moves into next step of AMS fsm. * In scaled scenarios, this rebooting of the PIC is delayed due to DCD. This is because when a PIC goes down, DCD is supposed to delete the IFDs on that PIC and then the PIC reboot happens. * But DCD is busy processing the scaled config and the IFD deletion is delayed. This delay is much greater than the timer running in AMS kernel. * When the above timer expires, the FSM in AMS kernel wrongly assumes the PIC reboot would be completed by then, but the reboot is still pending. * By the time DCD deletes this IFD the AMS bundles are already UP. Because of this, there is a momentary flap of the bundles. PR1521929

  • In MAC-OS platforms when client connects successfully, client does not get minimized to tray icon and it stays connected and needs to manually minimize it. PR1525889

  • When global port-mirroring configured on DUT and queried for xml info, everything works as expected. When that global port-mirroring configuration is deactivated and xml is queried, display info is missing port-mirroring-instance info. PR1529413

  • During GNF ISSU and if ISSU unsupported FRU is present, then such FRU is to be brought online manually once ISSU finishes. PR1534225

  • Inconsistent core.python2.7.mpc0 core is seen with stacktrace @ea_wi_precl,@ea_macsec_receive() PR1534568

  • In scaled MX2020 router, with vrf localisation enabled, 4 million nexthop scale, 800k route scale. FPCs may go offline on GRES. Post GRES, router continues to report many fabric related CM_ALARMs. FPC may continue to reboot and not come online. Rebooting master and backup Routing Engine will help recover and get router back into stable state. PR1539305

  • A new alarm "network-service mode mismatch between configuration and kernel setting" was introduced by PR 1514840 commit. when unified ISSU is performed from images without PR1514840 commit to images with PR1514840 commit, then the transient false alarm will be seen. PR1546002

  • In synce configuration, Config 1: ESMC transmit is configured Config 2: if deactivated chassis synchronization source configured OR no chassis synchronization source is configuring is active then commit error is given as "'esmc-transmit' requires 'chassis synchronization source' configuration". PR1549051

  • In Junos OS Release 20.4, the return data from get_subscriber_info keyword contains string list instead of element list. PR1560397

  • VE & CE mesh groups are default mesh groups created for a given Routing instance. On vlan/bridge-domain add, flood tokens and routes are created for both VE and CE mesh-group/flood-group. Ideally, VE mesh-group doesn't require on a CE router where IGMP is enabled on CE interfaces. Trinity based CE boxes have unlimited capacity of tokens, so this would not be a major issue. PR1560588

  • On all Junos platforms, all traffic coming from remote end of a dynamic tunnel will not be processed and dropped when GRE based dynamic-tunnel is configured and tunnel preference is configured as 1. This issue is seen because of the missing programming of decapsulation mode in the internal system. PR1561721

  • The problem is with L1 node (IFD) not reflecting correct BW configured for tunnel-services. When baseline configuration has 1G configuration on some fpc/pic in groups global chassis and if we override with local chassis tunnel-service 10G BW in scaled scenario. Out of 10Gbps BW configured only 1Gbps is allowed per 1G speed configured in baseline configuration. PR1568414

  • In SAEGW-u mode, If volume based charging is configured with threshold and quota enabled - in some cases, the threshold report may not be sent to control peer (even after the threshold is reached). This issue is only applicable to 20.3 release, and is not applicable to later major releases starting 20.4. PR1568563

  • [EVPN] flag, source and logical address are not expected in MAC address found in BD BD-3 instance. PR1569546

  • Core files are found @ rpio_die ioctl_send rpio_tunnel_set_ioctl. PR1569912

  • BUM traffic replication over VTEP is sending out more packets than expected and there seems to be a loop also in the topology. PR1570689

  • PIM rib-group failure to add in vrf - PIM: ribgroup vrf not usable in this context; all RIBs are not in instance. PR1574497

  • Native sensors does not work for ldp p2mp based sensor as protobuf definitions are not exported in junos telemetry package. Decoding of the stats data exported from router through udp will not be possible without protobuf definitions. PR1577931

  • When SFP and Periodic ukernel thread fail to read SFP EEPROM data via I2C, threads will retry with 1 second sleep. But threads go to sleep state without yeilding CPU and this causes CPU hogging. Hog event will be logged to Syslog with the message: %PFE-0: fpc0 SCHED: Thread 12 (Periodic) aborted, hogged 5030 ms %PFE-0: fpc0 SCHED: Thread 7 (SFP) aborted, hogged 5014 ms (Time following to "hogged" varies.) In case the total number of CPU hog event reaches 200 times, system assumes thread is in looping condition and reboots to repair looping condition. PR1583281

  • Verification of filter counter statistics failed as received packets are doubled. PR1590009

  • Expected snooping route is not observed after configuring one bridge with snooping & add interface check. PR1590278

High Availability (HA) and Resiliency

  • If performing GRES with the interface em0 (or fxp0) disabled on the master RE, then enabling the interface on the new backup Routing Engine, it isn't able to access network. PR1372087

Infrastructure

  • The following messages are seen during FTP: ftpd[14105]: bl_init: connect failed for `/var/run/blacklistd.sock' (No such file or directory). PR1315605

  • "IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) error message is observed continuously in AD with base configurations. PR1485038

  • User while loading the kernel would see the message "GEOM: mmcsd0s.enh: corrupt or invalid GPT detected.". This message has no impact to functionality and will be resolved in a future release. PR1549754

Interfaces and Chassis

  • Some routers index the SFP transceivers starting at 1, while interface numbering starts from 0; thus, reading the Packet Forwarding Engine-level output can be confusing. PR1412040

  • Changing framing modes on a CHE1T1 MIC between E1 and T1 on a MPC3E NG HQoS line card will cause the PIC to go offline. PR1474449

  • The traffic (which is destined to the hosts behind static PPPoE subscriber's CPE device) drop is seen due to bad MPLS VPN label (which points to discard next-hop) after RE switchover without NSR. The traffic destined to the CPE device itself is not affected. PR1488302

  • Input and output bytes count mismatch in the IPv6 traffic statistics while issuing the "show interface extensive" command. PR1505100

  • mc-ae need to have "prefer-status-control-active" set to avoid flap on the split brain case ( ICCP down or peer node reboot). Please configure it on the "status-control active" PE. PR1505841

  • When configuring CFM sessions on MPC10 and MPC11 line cards, if syslog error "ppman: [Error] PPM:CTRL_CFM: PpmCtrlProtoCfm::getFcPlp: CFM interface is not found in intf table." is seen, the CCM PDUs will not take the configured forwarding class. The CCMs will take forwarding class as "network-control", and queue as 3. PR1527032

  • When configuring CFM sessions on MPC10 and MPC11 line cards, if syslog error "ppman: [Error] PPM:CTRL_CFM: PpmCtrlProtoCfm::getFcPlp: CFM interface is not found in intf table." is seen, the CCM PDUs will not take the configured forwarding class. The CCMs will take forwarding class as "network-control", and queue as 3. PR1534239

Intrusion Detection and Prevention (IDP)

  • The CLI now provides helpful remarks about IDP's tunable detector parameters when executing the command "set security idp sensor-configuration detector protocol-name tunable-name." PR1490436

Layer 2 Ethernet Services

  • On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP packet. Refer to https://kb.juniper.net/JSA11056 for more information. PR1430874

  • The copying of files to the RCB over WAN ports is slow. This is observed across all platforms running Junos OS Evolved platforms. PR1496895

MPLS

  • When some LSPs that request facility backup protection using bypass tunnels are brought up using respective Resv messages that do not contain the mandatory RECORD_ROUTE object, and when such LSPs undergo local repair, then RPD may core with the backtrace specified in this problem. If either the Resv messages originated by egress LERs contain the mandatory RECORD_ROUTE object or if such LSPs brought up with mal-formed Resv do not undergo local repair, then the core will not occur. PR1560059

  • When ISIS-TE or OSPF-TE is enabled without admin-groups-extended-range/admin-groups-extended (which is configured under routing-options) or admin-group-extended configured, if receives the peer-router advertised the extended admin groups and then enable the config of admin-groups-extended-range/admin-groups-extended and admin-group-extended, some LSP with extended admin group constraints will fail to be established. PR1575060

Network Management and Monitoring

  • Issue: Some linkUp traps are missing for physical interfaces. Cause:In the current scenario, one of the FPC is having a scale of 15K IFLs and restarting this FPC triggers a large number of SNMP traps to get generated in a very short time. Since snmp's trap threshold is 500 and the maximum throttle queue size by default is 20K, within a short period, this burst of traps causes the throttle queue to get filled up and snmpd starts dropping the trap packets. So, for higher scale systems, it is advisable to provide a larger threshold and queue size for throttling traps, so that they dont get dropped. Recommendation: In case of such scale, please increase the throttle-threshold size and max queue-size limits using the following config so that drops won't happen. 1. "set snmp trap-options throttle-threshold 10000" 2. "set snmp trap-options queue-size 40000" PR1507780

  • If a node is a 'deviate not-supported' in a Yang model and when that module is installed on a Junos device, Junos device shows (if that statement is configured) " ## Warning: 'knob' is deprecated But this does not convey the right meaning. So as part of this PR the warning message is changed to 'statement ignored unsupported platform'. Example warning message before this PR fix:

    user@router# show test:system bar-system a; ## Warning: 'bar-system' is deprecated {master}[edit]

    Example warning message post this PR fix: user@router# show test:system ? Possible completions:<[Enter]> Execute this commandhost-name Leaf host-nametest-grouping-leaf Test test-grouping| Pipe through a command [edit] user@router# show test:system#### Warning: statement ignored: unsupported platform (mx960)##bar-system a; [edit] PR1516910

  • With Junos OS Release 20.3R1, "Traffic statistics" in the show interface CLI command is displaying incorrect cumulative values. PR1539483

  • Issue: show snmp mib walk alarmModelTable fails Cause: Issue in re-reading the "snmp alarm-management" set of configuration. PR1566597

Platform and Infrastructure

  • Sometimes OSPF flapping occurs during unified ISSU from Junos OS Release 16.2R2 to Release 17.2R3. PR1371879

  • On MX Series platforms with MPC7/8/9 or MX-204/MX-10003 when the packets which exceed the MTU and whose DF-bit is set go into a tunnel (such as GRE, LT), they might be dropped in the tunnel egress queue. PR1386350

  • The traps are the result of PPE commands injected from the host. One possible reason could be Layer 2 BD code, which is trying to decrement BD MAC count in the data plane. It is unlikely that there is a packet loss during this condition. This could happen during ISSU and this may be due to a problem with ISSU counter morphing used for LU-based cards, where certain counters are not disabled or disabled too late during ISSU. PR1426438

  • A few OAM sessions are not established with scaled EVPN ETREE and CFM configurations. PR1478875

  • Due to software implementation firewall filter is re-applied duration graceful switchover (GRES). This may lead to short during when filter is not applied provoking side effects like drop of traffic. PR1487937

  • On all Junos OS platforms that support EVPN-MPLS or EVPN-VXLAN, when an existing ESI interface flaps or is newly added to the configuration, sometimes DF (Designated Forwarder) election happens before the local bias feature is enabled and during this time, existing broadcast, unknown unicast, and multicast (BUM) traffic might be looped for a short time duration (less than several seconds). PR1493650

  • On MX platform running with enhance IP mode or enhanced ethernet mode, also, Operation, Administration and Maintenance (OAM) is enabled with Periodic Packet Management (PPM) mode by default, maintenance association end point (MEP) session might be failed to create. In the end, network connection failure might not be efficiently monitored. This is functional impact. PR1506861

  • On vMX, the blockpointer in the ktree is getting corrupted leading to core-file generation. There is no function impact such as fpc restart or system down and the issue is not seen in hardware setups. PR1525594

  • If you use the source-address NTP configuration parameter and issue the command "set ntp date" from the CLI, packets will be sent with the source address of the outgoing interface rather than the manually configured IP address. Typically the manually configured IP address would be a loopback address. The problem does not apply to automatically generated NTP poll packets. PR1545022

  • This issue might be seen only in back to back GRES in about more than 40 to 50 iterations. No workaround available and FPC gets restarted. PR1579182

  • The issue is due to output byte count not getting updated properly. The script logs shows that there is no packet loss, There is no functional impact and will be taken up in the upcoming releases. PR1579797

Routing Protocols

  • While interoperating with other vendors in a draft-rosen multicast VPN, by default Junos OS attaches a route target to multicast distribution tree (MDT) subsequent address family identifier (SAFI) network layer reachability information (NLRI) route advertisements. But some vendors do not support attaching route targets to the MDT-SAFI route advertisements. In this case, the MDT-SAFI route advertisement without route-target extended communities are prevented from propagating if the BGP route-target filtering is enabled on the device running Junos OS. PR993870

  • Starting in Junos OS Release 13.3R2 and later, if delegated BFD sessions flap continuously, packet buffer memory may be leaked.The automatic memory leak detection process reports this within the syslog once a certain threshold is reached, like "fpc7 SHEAF: possible leak, ID 8 (packet(clones)) (10242/128/1024)" on MX- MPC or "fpc4 SHEAF: possible leak, ID 9 (packet(clones)) (255/1/5)" on other platforms. Note that BFD sessions operating in centralized mode are not exposed. A complete fix is available from Junos OS Release 14.2R1 and later. Prior to Junos OS Release 14.2R1, there was only a partial fix that did not fix the memory leak completely. PR1003991

  • Certain BGP traceoption flags (for example, "open", "update", and "keepalive") might result in (trace) logging of debugging messages that do not fall within the specified traceoption category, which results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294

  • LDP OSPF are in synchronization state because the IGP interface is down with ldp-synchronization enabled for OSPF. user@host> show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1 Type: P2P, Address: 10.0.60.93, Mask: 255.255.255.252, MTU: 9100, Cost: 1050 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 2, Not Stub Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTC Protection type: None Topology default (ID 0) -> Cost: 1050 LDP sync state: in sync, for: 00:04:03, reason: IGP interface down config holdtime: infinity. As per the current analysis, the IGP interface goes down because although LDP notified OSPF that LDP synchronization was achieved, OSPF is not able to take note of the LDP synchronization notification, because the OSPF neighbor is not up yet. PR1256434

  • In rare cases, RIP replication might fail as a result of performing NSR Routing Engine switchovers when the system is not NSR ready. PR1310149

  • On MX platforms, unexpected log message will appear if the CLI command 'show version detail' or 'request support information' is executed: test@test> show version detail *** messages *** Oct 12 12:11:48.406 re0 mcsnoopd: INFO: krt mode is 1 Oct 12 12:11:48.406 re0 mcsnoopd: JUNOS SYNC private vectors set PR1315429

  • SCP command with Routing Instance (-JU) is not supported. PR1364825

  • Bfd session flaps during ISSU only in mpc7e card(Bfd sessions from other cards of DUT to peer routers did not flap during ISSU). Issue is not seen frequently. PR1453705

  • The virtual-router option is not supported under routing-instance in lean rpd image. PR1494029

  • On all Junos platforms with scaling MVPN scenario, some PIM Join/Prune messages may not be processed for the first attempt. For instance, a dedicated PIM router receives more than 2500 PIM hello packets from the new neighbors, followed by PIM Join packets for the same multicast group in a very short period of time. PR1500125

  • In a Layer 3 VPN scenario, the rpd (routing protocol process) on the backup Routing Engine might crash when BGP (standby) received a VPN route from the peer that is rejected due to invalid target community and because the BGP standby peer synchronization is not complete yet. PR1508888

  • TILFA backup path fails to install in LAN scenario and also breaks SR-MPLS tilfa for lan with more than four end-x sids configured per interface. PR1512174

  • On the devices with NG-RE (Next Generation Routing Engine) and SCBE2 (Enhanced Switch Control Board), when BFD authentication for BGP is enabled, the BFD may flap after the NG-RE switchover. The switchover should be GRES or NSR switchover. After the flap, the device could be self recovery. PR1522261

  • Observing Packet loss when primary link is enabled. PR1592884

Subscriber Access Management

  • There is configuration option to set slow interval to 1 minute. By this approach, pfe uses the slow interim which is set to 1 min. PR1515899

User Interface and Configuration

  • On Juniper device running Junos OS Evolved, NETCONF Service over SSH with dedicated TCP port (It is configured with 'system services netconf ssh' and the default port is 830) might not work if in-band management is used (i.e. connection is established via network interface or loopback interface etc.). PR1517160

  • This PR removes Adobe Flash dependent elements from J-Web for EX and MX Series devices. For MX Series Routers, J-Web previously contained Flash elements on the following pages: Monitor-Interfaces Monitor-System view-Process Details Monitor-Routing-OSPF Information For EX Series Switches, J-Web previously contained Flash elements on the following pages: Monitor-Interfaces Monitor-System view-Process Details Monitor-Switching-IGMP Snooping Monitor-Virtual Chassis Monitor-POE Monitor-Security-Port Security Monitor-Routing-OSPF Information Monitor-Service-DHCP -Server Monitor-Service-DHCP -Relay. PR1553176

  • On vmhost platforms, if the xml output from command "request vmhost mode test | display xml rpc" is picked and used in netconf, it will fail. set vmhost mode custom test layer-3-infrastructure cpu count MIN set vmhost mode custom test layer-3-infrastructure memory size MIN set vmhost mode custom test nfv-back-plane cpu count MIN set vmhost mode custom test nfv-back-plane memory size MIN set vmhost mode custom test vnf cpu count MIN. PR1559786

  • There is problem with one corner case, when Tenant_Systems:- "juniper.conf.gz" file creates with empty data when we create Tenant System. PR1584850

Resolved Issues

This section lists the issues fixed in Junos OS Release 20.3R3 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 20.3R3

Class of Service (CoS)

  • On the MPC7E line card, the BPS counter of the egress queue displays wrong BPS value when the cell mode is configured on the static interface. PR1568192

EVPN

  • The rpd process might crash after adding route-target on a dual-Routing Engine system under the EVPN multihoming scenario. PR1546992

  • The multicast traffic loss might be seen in EVPN-VXLAN scenario with CRB multicast snooping. PR1570883

  • The rpd might crash if EVPN routing instances or BGP connections are in flapping. PR1581674

  • Multicast traffic loss might be seen in EVPN setup with IGMP snooping used. PR1582134

  • The BUM traffic might lose after triggering NSR in EVPN-MPLS or EVPN-ETREE scenario. PR1586402

Forwarding and Sampling

  • The configuration archive transfer-on-commit fails when running Junos OS Release 18.2R3-S6.5. PR1563641

  • In the VXLAN scenario, the locally originated packets have UDP source port 0. PR1571970

General Routing

  • Unable to show to which shard a given route is hashed. PR1430460

  • The following error message is observed after GRES: [user.err aftd-trio: [Error] IF:Unable to add member to aggregate member list, member already exists, aggIflName:ps1.0 memberIflName:lt-3/0/0.32767]. PR1466531

  • "re_tvp_builtin_fwinfo_update: Unable to get firmware version" message is seen in chassisd. PR1471938

  • The following line card errors are seen: HALP-trinity_nh_dynamic_mcast_add_irb_topo:3520 snooping-error: invlaid IRB topo/ IRB ifl zero in l2 nh 40495 add IRB. PR1472222

  • MX204 || Summit || Incorrect log message for PIC1 when changing the config from PIC mode to Port Mode. PR1500429

  • MX150 might go into db mode after software upgrade or downgrade. PR1510892

  • Sometimes external 1 pps cTE is slightly above Class B requirement of the ITU-T G.8273.2 specification. PR1514066

  • On the MX960 routers, the show interfaces redundancy rlt0 statement shows current status as primary down as FPC is still in the Ready state after rlt failover (restart FPC). PR1518543

  • The l2cpd process might crash when removing LLDP on an aggregated Ethernet interface. PR1528856

  • On the MX150 routers, configuring the no-flow-control statement under gigether-options does not work. PR1531983

  • Wavelength unlocked alarm is On when using SFP+-10G-T-DWDM-ZR optics. PR1532593

  • The dcpfe process might crash and cause FPC to restart due to the traffic burst. PR1534340

  • BGP SR-TE IPv6 routes might get hidden after the chassisd restarts. PR1534511

  • The BFD neighborship fails with the EVPN_VXLAN configuration after the Layer 2 learning restarts. PR1538600

  • The JNH memory leak could be observed on MPCs or MICs. PR1542882

  • The kmd process might crash when the interface flaps. PR1544800

  • Continuous rpd errors might be seen and new routes fails to be programmed by the rpd process. PR1545463

  • FPC(s) may not boot-up on MX960/EX9214 in a certain condition. PR1545838

  • The performance of PFE process on MX204/SRX4600/EX9251 might be degraded after Junos OS Release 19.3R1. PR1545989

  • Backup Routing Engine vmcore might be seen due to the absence of the next-hop acknowledgement infra. PR1547164

  • FPC crash may occur after flapping the multicast traffic. PR1548972

  • PKI CMPv2 client certificate enrolment does not work on SRX when using root-CA. PR1549954

  • The adapted sample rate might get reset to the configured sample rate without changing the sampling rate information in sFlow datagrams after enabling sFlow technology on a new interface. PR1550603

  • The interface might not come up with 1G optics. PR1554098

  • The subscriber sessions might be missed but stay in the authd after performing ISSU. PR1554539

  • The chassisd may crash with repeated configuration commits on MX204/MX10003 platform. PR1555271

  • The following message is not generated on the MPC11E line card due to no power: Chassisd SNMP trap Fru Offline. PR1556090

  • The framed route installed for a demux Interface has no MAC address. PR1556980

  • On the EX4300 device, script fails while committing the IPSec authentication configuration as the algorithm statement is missing. PR1557216

  • Packets corruption on 100G or 40G interface are configured with protocol PTP. PR1557758

  • The MAC addresses learned in a Virtual Chassis may fail aging out in MAC scaling environment. PR1558128

  • RPD core files are seen after Routing Engine switchover. PR1558814

  • On the MX150 routers, the following continuous license error is observed: [licinfra_set_usage_nextgen_async:1733] Invalid input parameters. PR1559361

  • The request system software validate command might corrupt installation of the junos-openconfig package. PR1560234

  • Interface not able to send/receive packets after repeated link flaps on MPC10/11E. PR1560772

  • The l2cpd process might generate a core file on reboot. PR1561235

  • Client authentication is failing after performing GRES. PR1563431

  • The following error message might be seen after ISSU: Turbotx process not running. PR1564418

  • MX platforms with MX-SCBE3 might reboot continuously. PR1564539

  • Commit error observed when tunnel-service is configured on a PIC without explicit bandwidth. PR1565034

  • On the MX2010 or MX2020 routers, the following error message might be observed after switchover with GRES/NSR: CHASSISD_IPC_FLUSH_ERROR. PR1565223

  • PPPoE service-name-tables does not correctly count active sessions that matches agent-specifier aci/ari used for delay. PR1565258

  • The KRT log file might continue to grow after removing the KRT log configuration. PR1565425

  • The active DHCP subscribers might not get synchronized to backup BNG. PR1567735

  • On the MX204 routers, FPC might display high CPU utilization because of the JGCI background thread that runs for a long period. PR1567797

  • On the MX150 routers, the request system software add command is disabled in Junos OS Release 19.4R3-S1, 20.1R2, and 20.4R1. PR1568273

  • The nsd might crash after turning off the address translation for the NAT rules in the USF scenario. PR1568997

  • The RPD process might crash while using BFD API to bring up the BFD sessions. PR1569040

  • Traffic loss might be observed when SCU accounting is configured and logical-systems is enabled. PR1569047

  • The agent sensor __default_fabric_sensor__ are partly applied to some FPCs, which causes zero payload issue AGENTD received empty payload for pfe sensor __default_fabric_sensor__. PR1569167

  • Wi-Fi mPIM on SRX Series devices is reaching out to NTP and DNS servers. PR1569680

  • The MPLS traffic passed through the back-to-back PE topology might match the wrong CoS queue. PR1569715

  • The mspmand process might crash if the packet flow-control issue occurs on MS-MPC/MS-MIC. PR1569894

  • The log message "/tmp//mpci_info: No such file or directory :error[1]" might be seen on VM Host platform. PR1570135

  • Improve handling deletion of static demux interface with active subscribers. PR1570739

  • The TFEB/FPC may fail to be online after rebooting the system or the FPC if interface-set is configured for CoS. PR1572348

  • On the MX960 routers, the Require a Fan Tray upgrade alarm is raised when the top Fan Tray 0 is removed, even though the enhanced Fan Tray is already used. PR1572778

  • CFP unplugged message is not logged in Junos OS Release 17.3 and later. PR1573209

  • Fabric errors are observed and FPC processes might get offline when MPC3-NG/MPC3E cards are installed along with MPC7/MPC10 and SCBE3/SCB4 operating in increased-bandwidth fabric mode. PR1573360

  • The rpd process on the transit node might crash when MPLS traceroute on the ingress node is performed. PR1573517

  • Only root user is allowed to execute commands on host using vhclient. PR1574240

  • Slow FPC heap memory leak might be triggered by flapping the subscribers terminated over multiple pseudowires. PR1574383

  • On the EA-based cards igmp group membership is displayed incorrectly. PR1575031

  • On the MX150 routers, the interface might take a long time to power down while rebooting, powering-off, halting, or upgrading. PR1575328

  • The show services service-sets statistics syslog command returns the following error message as the service-set does not have the syslog configuration: error: usp_ipc_client_recv_ 1237: ipc_pipe_read fails! error:No error: 0(0), tries:1. PR1576044

  • On the MX10016 routers, when the Fan X Failed alarm is cleared in the Fan Tray 1, the Fan/Blower OK SNMP traps are generated for the Fan Tray 0 [Fan 31 - 41] and Fan Tray 1 [Fan 11 - 41]. PR1576521

  • The LLDP neighbor information displays hex string instead of chassis ID when subtype 1 is used. PR1576721

  • Commit failure-error: Modified IFD "ae0" is in use by targeted BBE subscriber, commit denied - mtu config changed (1522), (1514). PR1577007

  • When line card is booted on RE1 being Master, Nextgen stats failed to fetch the value of backup mac address correctly. PR1577611

  • High FPC CPU usage might be seen when signal on the link is unstable. PR1579173

  • On the MPC11E line cards, system resource monitor does not list some of the available Packet Forwarding Engines. PR1579975

  • MX Series Virtual Chassis: gRPC based /components/ sensor output is missing lot of data. PR1580120

  • When having analyzers mapped to channelized port then the mirror may not happen properly. PR1580473

  • Kernel issue is observed in telemetry when the set services analytics streaming-server <> <> configuration is present and server is not reachable. PR1581192

  • Hitting with vmcore.0 at 0xffffffff80443eef in kern_reboot. PR1581260

  • The rpd process might crash on the new master after performing graceful switchover. PR1581878

  • Changing bandwidth statement does not take affect for SNMP ifHigSpeed oid until a PSX interface is disable/enabled. PR1582060

  • The process rpd may stuck in 100% due to race condition. PR1582226

  • bbe-smgd process on both routing engines may crash due to a rare timing issue after logout of subscribers over pseudowire. PR1582356

  • Node locked license addition fails in EVO. PR1582704

  • Configuring or removing "hierarchical-scheduler" or "per-unit-scheduler" might cause traffic to stop forwarding. PR1582724

  • SNMP SysObjectID.0 is empty with enabled unified-services. PR1583534

  • Traffic might not get filtered properly when security-intelligence profile is configured on the MX platforms. PR1584377

  • The rpd might crash due to a rare timing issue if both BGP Local-RIB and Adjacency-RIB-In route monitoring are enabled in BMP. PR1584560

  • Bridge domain names information is not displayed properly in "show bridge statistics instance". PR1584874

  • After changing configuration, "show bridge statistics" shows extreme larger value. PR1584876

  • QFX5120-48Y (Stage 1), QFX5110-32Q and QFX5110-48S (Stage 2) | Allow default license for FBF, CFM, VRRP, QINQ, MC_LAG, TIMING, IGMP, PIM, GRE_TUNNEL, RIP, OSPF, VC, SFLOW. PR1589920

  • Any mmcq based services might crash due to shared memory queues issue happens in a rare condition. PR1592889

  • The TCP keepalive might not be processed by the private network host. PR1593226

  • MX5/MX40/MX80 TEB stuck in present state. PR1595107

  • CGNAT MX SPC3 AMS warm-standby 1:1 redundancy problem with CLI CPU statistics lost data after PIC failover. PR1596976

Interfaces and Chassis

  • Block duplicate IP across different ifls inside same routing instance. PR1555861

  • The input errors counter command on the monitor interface command does not work. PR1561065

  • MAC address entry issue might be observed after the MC-LAG interface. PR1562535

  • Traffic loss might be seen while verifying VRRP State Machine functionality. PR1564551

  • JDI-RCT:M/Mx: not able to set member-id as Routing Engine is in synching mode forever when its having invalid Virtual Chassis data( error: Command aborted. VC configuration synch to backup Routing Engine in progress, try after 120 seconds. ) PR1569556

  • If-media-type missing from interface XML output on MX platforms. PR1574035

  • The following errors are generated during GRES: VRRPMAN_PATRICIA_GROUP_ADD_FAIL: vrrp_ifcm_send_bulk: Failed to add group to patricia tree key and VRRPMAN_ENTRY_KEY_PRESENT: vrrp_ifcm_send_bulk: Already an entry present with the key. PR1575689

  • MC-AE interfaces may go down if same VRRP group-id is configured on multiple IRB units. PR1575779

  • Configuration for ppp NCP Max-failure number of retry count. PR1584168

  • Unable to configure pseudowire interface on an MX10003 in virtual chassis mode. PR1587499

Layer 2 Ethernet Services

  • AE interface flap might be seen during NSSU. PR1551925

  • DHCP packet drop might be seen when the DHCP relay is configured on a leaf device. PR1554992

  • Junos OS: Receipt of malformed DHCPv6 packets causes jdhcpd to crash and restart. (CVE-2021-0240) PR1564434

  • The jnxJdhcpLocalServerMacAddress (.1.3.6.1.4.1.2636.3.61.61.1.4.3) returns incorrect format of the MAC address. PR1565540

  • The Option 82 information is incorrectly cleared by the DHCP Relay agent. PR1568344

  • JDHCPd doesn't response to any DISCOVER for 30min when it is in "clients waiting to be restored" state. PR1592552

Multicast

  • FPC might crash in a multicast scenario. PR1569957

Network Management and Monitoring

  • The mib2d process crashes and generates a core dump on backup Routing Engine. PR1557384

  • SSH connection might become unresponsive and logs show "kern.maxfiles limit exceeded by uid" messages. PR1567634

Platform and Infrastructure

  • Interwork failure between Junos OS Evolved as RPM client and TVP platforms as RPM server (and vice versa). PR1508127

  • Packet Forwarding Engine errors or traps might be observed in the Layer 2 flooding scenarios. PR1533767

  • The npc process generates the core file in igmp_process_wakeup_events,igmp_pfe_thread,thread_detach_tty. PR1534542

  • CoS queue egress interface forwarding-class might not work as expected. PR1538286

  • The following major error message might cause the Packet Forwarding Engine(s) to disable: XQ_CMERROR_SCHED_L3_PERR_ERR. PR1538960

  • In rare occurrence Routing Engine kernel might crash while handling TCP sessions if GRES/NSR are enabled. PR1546615

  • The kernel might crash if GRES is performed on either new iteration or after swapping the Routing Engine and restoring the HA configuration. PR1549656

  • The BGP session replication might fail to start after the session crashes on the backup Routing Engine. PR1552603

  • Traffic is not forwarded over IRB to a Layer 2 circuit on the lt interfaces. PR1554908

  • The BUM frame might be duplicated on an aggregate device if the extended-port on the satellite device is an aggregated Ethernet interface. PR1560788

  • The DHCPv4 request packets might be wrongly dropped when DDoS attack occurs. PR1562474

  • The enforce-strict-scale-limit-license configuration enforces subscriber license incorrectly in the ESSM subscriber scenario. PR1563975

  • "Last flapped" timestamp for interface fxp0 gets reset every time "monitor traffic interface fxp0" is executed. PR1564323

  • PFEX might crash when soft error recovery feature is enabled on Packet Forwarding Engine. PR1567515

  • pfe err-jnh_physmem_add_resvd_to_cntr(18014): PFE 0 jnh_app 0x08020860, add ox00080000 from 0x00b00000-0x00b80000 to baMask 0x1. PR1570631

  • On all EX9200 platforms with EVPN-VXLAN configured, the next-hop memory leak in MX Series ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in EVPN-VXLAN routing instance. When the ASIC's next-hop memory partition exhausted the FPC might reboot. PR1571439

  • Scale-subscriber license might be not updated properly on the backup RE which leads to "License grace period for feature scale-subscriber(44) is about to expire" alarm after GRES. PR1573289

  • cassxr_err_addr(8593): Uninitialized Read Error @ EDMEM[0x7cb601b0. PR1573920

  • Firewall filter configuration or modification might fail on MX platforms. PR1586817

  • The traffic might not failover with shared-bandwidth-policer enabled on AE. PR1588708

Routing Policy and Firewall Filters

  • Global variable policy_db_type is not set to the correct value on failure. PR1561931

  • Generated route goes to the Hidden state when the protect core command is enabled. PR1562867

  • bbe-smgd - dymanic-profile NACK due to config error reading address mask prefix-length in policy-options/policy-statement. PR1583535

Routing Protocols

  • Traffic might be silently discarded when the BGP route gets deleted, which is part of multipath. PR1514966

  • The BFD sessions might flap continuously after disruptive switchover followed by GRES. PR1518106

  • Continuous rpd crash might be observed if a static group is added to protocol PIM. PR1542573

  • Multipath information is displayed for BGP route even after disabling the interface for one path. PR1557604

  • BGP LU session flap might be seen with the AIGP used scenario. PR1558102

  • When admin-color based policy evaluation happens with the policy lfa configuration, the backup next hop chosen (among the different backup next hops possible) might not be correct. PR1558581

  • All the Layer 3 VPN route resets when a VRF is added or removed. PR1560827

  • Duplicate LSP nexthop is shown on inet.0, inet.3 and mpls.0 route table when ospf traffic-engineering shortcuts and mpls bgp-igp-both-ribs are enabled. PR1561207

  • The rpd process might crash when there is BGP session re-establishing or flapping. PR1567182

  • Traffic might be lost during mirror data transmit from the primary ppmd or bfdd. PR1570228

  • There might be 10 seconds delay to upload the LSP on the point-to-point interface if rpd is restarted on its direct neighbor. PR1571395

  • SNMP MIB ospfv3NbrState is returning drifted value. PR1571473

  • The BFD session of DHCP subscriber does not come up on the MPC2E card and gets stuck in the "Down" state. PR1572577

  • The DHCP packets might be dropped by the QFX5000 in the Static VXLAN scenario. PR1576168

  • BGP session flap might be observed after the Routing Engine switchovers when the VRRP virtual address is used as the local address for the BGP session. PR1576959

  • The dcpfe process might crash when any interface flaps. PR1579736

  • BGP replication might be stuck in rare and timing conditions. PR1581578

  • With IGMP snooping implemented, there is unexpected jitter issue that could cause traffic loss. PR1583207

  • On rare occasion, RPD core may be observed on backup RE after loading a new image. PR1583630

  • The rpd process might crash after committing with the configured static group 224.0.0.0. PR1586631

  • The routing process may crash due to memory corruption while processing BGP multipath route. PR1594626

  • The rpd process might crash when executing the SNMP get command to fetch the MPLS L3VPN MIBs. PR1594664

Services Applications

  • IWF AVP value may not be reflected properly on LTS. PR1581096

  • The "show services l2tp tunnel extensive", "show services l2tp session extensive" and "show subscribers accounting-statistics" commands do not work on LTS. PR1596972

User Interface and Configuration

  • Commit might fail after the Routing Engine switchovers. PR1531415

  • Apply-paths might cause validation failures during Junos upgrade. PR1577626

VPNs

  • Type7 messages may not be sent from egress PE resulting in Type 3/5 messages not created for some S, Gs in source PEs. PR1567584

  • The rpd might crash in the NG-MVPN scenario on all Junos/Evo platforms.PR1579963

  • The ddos-protection reason "packets failed the multicast RPF check" may be seen in NG-MVPN scenario with GRE transport. PR1591228

Resolved Issues: 20.3R2

EVPN

  • With dynamic list next hop configured, a forwarding problem occurs after performing graceful switchover. PR1513759

  • no-arp-suppression is required for MAC learning across the EVPN domain on the static VTEP. PR1517591

  • ARP table might not be updated after performing VMotion or a network loop. PR1521526

  • The BUM traffic might get dropped in the EVPN-VXLAN setup. PR1525888

  • The rpd might crash when auto-service-id is configured in EVPN VPWS scenario. PR1530991

  • The route table shows additional paths for the same EVPN or VXLAN type 5 destination after upgrading from Junos OS Release 18.4R2-S3 to Junos OS Release 19.4R1-S2. PR1534021

  • All the ARP reply packets toward some address are flooded across the entire fabric. PR1535515

  • The GE LOS alarm logs on the change in IFF_CCCDOWN are not logged in the syslog message file. PR1539146

  • Rpd memory leak might occur when changing EVPN configuration. PR1540788

  • The L2ALD process might core-file when changing EVPN/VXLAN configuration. PR1541904

  • The rpd crash might be seen after adding route-target on a dual-RE system under EVPN multihoming scenario. PR1546992

  • VLAN ID information is missed while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from instance-type EVPN to instance-type virtual-switch. PR1547275

Forwarding and Sampling

  • The DHCP subscribers might get stuck in terminated state for around 5 minutes after disabling cascade ports. PR1505409

  • The srrd process might crash in a high route churns scenario or if the process flaps. PR1517646

  • The commit might fail if a filter enabled with enhanced-mode to et- interface is configured. PR1524836

  • The l2ald process might crash when a device configuration flaps frequently. PR1529706

  • VLAN-ID based firewall match conditions might not work for the VPLS service. PR1542092

  • MAC learning issue might happen when EVPN-VXLAN is enabled. PR1546631

  • All traffic would be dropped on AE bundle without VLAN configuration if bandwidth-percent policer is configured. PR1547184

  • l2ald might crash due to next-hop issue in the EVPN-MPLS. PR1548124

General Routing

  • Family IPv6 is not coming up for L2TP subscriber when additional attributes are not passed in the Framed-IPv6-Route VSA. PR1526934

  • DHCP discover packet might be dropped if DHCP inform packet is received first. PR1542400

  • The show dynamic-profile session client-id command displays only one IPv6 framed-route information. PR1555476

  • In some MX Series deployments running Junos OS, the following random syslog messages are observed for FPCs: fpcx ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM - xxx left. These messages might not have a service impact. These messages are addressed as INFO level messages. On a Packet Forwarding Engine, there are dedicated UMEM and shared GUMEM memory blocks. This informational message indicates some evicting events between UMEN and GUMEN and can be safely ignored. PR1298161

  • The max-drop-flows statement is not available. PR1375466

  • Need to be able to show which shard a given route is hashed to. PR1430460

  • The MPC2E-NG or MPC3E-NG card with specific MIC might crash after a high rate of interface flaps. PR1463859

  • Dynamic SR-TE tunnels do not get automatically recreated at the new master Routing Engine after the Routing Engine switchover. PR1474397

  • Traffic decreases during throughput testing. PR1483100

  • SNMP index in the Packet Forwarding Engine reports as 0, causing sFlow to report either IIF or OIF (not both) as 0 in the sFlow record data at the collector. PR1484322

  • The AMS bundle might remain inactive when adding member interface to AMS bundle with scaled service sets. PR1489607

  • The following error messages are observed on the MPC card in the manual mode: clksync_as_evaluate_synce_ref: 362 - Failed to configure clk. PR1490138

  • Some of the virtual services might not up after GRES or rpd restart. PR1499655

  • Prefix is not emitted for the te-lsp-timers/state/cleanup-delay sensor path for OCST. PR1500690

  • Transit v4 traffic forwarding over BGP SR-TE might not work. PR1505592

  • Errors on vjunos0 Regarding TSensor related to PR 1362108. PR1508580

  • Not able to forward traffic to VCP FPC after the MX Virtual Chassis reboots, FPC reboots, or adding VCP link. PR1514583

  • On the MX2020 and MX2010 routers, the SPMB CPU is elevated when an SFB3 is installed. PR1516287

  • The l2cpd might crash if the ERP is deleted after the switchover. PR1517458

  • On the MX960 routers, the show interfaces redundancy rlt0 statement shows current status as primary down as FPC is still in the Ready state after rlt failover (restart FPC). PR1518543

  • Junos OS: Command injection vulnerability in 'request system software' CLI command (CVE-2021-0219). PR1519337

  • Traffic loss might happen when an Uncorrected (Fatal) AER error is detected. PR1519530

  • During an upgrade, vSRX3.0 would display the following incorrect license warnings when utilizing licensable features even if the license was present on the device: such as warning: requires 'idp-sig' license. PR1519672

  • The BFD session status remains down at non-anchor FPC even though bfd session is up after anchor FPC reboot/panic. PR1523537

  • PSM firmware upgrade should not allow multiple PSM upgrade in parallel to avoid the firmware corruption and support multiple firmwares for different hardware Revs. PR1524338

  • No response from the other routing engine for the last 2 seconds" triggers "SNMP trap generated: Fru Offline" messages. PR1524390

  • Commit is successful while deactivating CB0 or CB1 interfaces with GNF. PR1524766

  • Problem With static VLAN deletion with active subscribers and the FPC might be stuck at Ready state during restart. PR1525036

  • The following error message is observed during GRES if an IRB interface is configured without a profile: RPD_DYN_CFG_GET_PROF_NAME_FAILED. PR1526481

  • Commit error messages come twice while validating the physical-cores command. PR1527322

  • The transit PTP packet might be unexpectedly modified when passing through MPC2E-NG, MPC3E-NG, and MPC5E line cards. PR1527612

  • The speed command cannot be configured under the interface hierarchy on an extended port when the MX204 or MX10003 router works as an aggregation device. PR1529028

  • In the subscriber management environment, the RADIUS interim accounting records does not get populated with the subscriber statistics. PR1529602

  • The SFP-LX or SFP-SX optics on MIC-3D-20GE-SFP-E/EH might show as unsupported after unified ISSU. PR1529844

  • BiDi 1G SFP optics giving wrong value in JVision for "optics/laser_rx_power_*_thresholds". PR1530120

  • If the ECMP is set to 128 and a route is learnt from 128 peers, the unilist nexthop might have incorrect ECMP path and traffic might be routed to undesirable paths which could cause traffic drop. PR1530803

  • After performing unified ISSU with a high-scale bridge-domain configuration, less than 0.0254 percent of traffic loss is observed for a single bridge-domain interface. PR1531051

  • On the MX10003 router, PEM 0 always shows as Absent or Empty even if PEM 0 is present. PR1531190

  • Commit may fail after Routing Engine switchover. PR1531415

  • New subscribers might fail to connect due to "Filter index space exhausted" error. PR1531580

  • Deleting the address of the jmgmt0 interface might fail if the shortened version of the CLI command is used. PR1532642

  • The interface with the "pic-mode 10GE" configuration may not come up if upgrading to 18.4R3-S4 or later versions. PR1534281

  • Some routes might get incorrectly programmed in the forwarding table in the kernel which is no longer present in rpd. PR1534455

  • On vMX platform, if vFPC is not getting the required CPU resources from host server, multiple vmxt cores might be generated and vFPC gets rebooted. It is most likely to occur in lite mode while less likely to occur while in performance mode. PR1534641

  • The clear ike statistics command does not work with remote gateway. PR1535321

  • Certain BGP SR-TE segment lists cause the rpd process to generate the core file during tunnel attribute parsing. PR1535632

  • Snmp mib walk for jnxSubscriber OIDs returns General error. PR1535754

  • All SFBs might go offline due to fabric failure and fabric self-ping probes performing the disable-pfe action. PR1535787

  • Junos OS: MX Series: Dynamic filter fails to match IPv6 prefix (CVE-2021-0205). PR1536100

  • Multicast traffic might be observed even through unexpected interfaces with distributed IGMP is enabled. PR1536149

  • Enhancements are needed for debugging l2ald. PR1536530

  • The chassisd memory leak might cause traffic loss. PR1537194

  • The following error message might be observed when the JAM packages for the MX204, MX10003, and MX10008 are installed: JAM: Plugin installed for summit_xxx PIC. PR1537389

  • Version-alias gets missed for subscribers configured with dynamic profiles after unified ISSU. PR1537512

  • Not able to get the sessions after Configure IDS, Add IDS-RULE in the SS in the next-hop style. PR1537609

  • Deactivating/activating PTP/syncE in the upstream router causes the 100G links on the LC2103 to flap. PR1538122

  • AFT based TRIO FPCs (MPC10, 11) PFE cli command "show jnh exceptions inst <inst-number> may cause FPC to crash. PR1538138

  • Traffic drop might be seen when executing "request system reboot". PR1538252

  • Junos OS: Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted. (CVE-2021-0211) PR1539109

  • The accounting interim-updates for subscriber does not work after GRES and subsequent reboot of FPCs in the node-slicing setup. PR1539474

  • The rpd memory leak might be observed on the backup Routing Engine due to link flaps. PR1539601

  • The mspmand process leaks memory in relation to the MX telemetry reporting the following error message: RLIMIT_DATA exceed. PR1540538

  • With hold time configuration, the ge Interfaces remain down on reboot. PR1541382

  • Subscriber might not come up on some dynamic VLAN ranges in a subscriber management environment. PR1541796

  • After changing addresses in the source pool, if the carrier-grade NAT traffic does not stop, the source pool cannot perform the NAT translation from the new pool. PR1542202

  • The KRT queue might get stuck after RE switchover. PR1542280

  • Port mirroring with maximum-packet-length configuration does not work over the GRE interface. PR1542500

  • The license errors may get returned on backup Routing Engine when trying to commit the configuration. PR1543037

  • The mspmand process might generate core file on activating or deactivating the interface. PR1544794

  • Traffic loss might be observed when Switch Fabric Board 3/MPC8E 3D combination is used in MX2010/MX2020. PR1544794

  • In the syslog output, the sylog-local-tag name is truncated ( as SYSLOG_SF) when he sylog-local-tag name is configured as SYSLOG_SFW. PR1547505

  • Continuous rpd errors might be seen and new routes will fail to be programmed by rpd. PR1545463

  • The nsd daemon crashes after configuring the inline NAT44 in the USF mode. PR1547647

  • The verbose command unexpectedly becomes hidden after Junos OS Release 16.1 for set system export-format json. PR1547693

  • SENSOR APP DWORD leak is observed during the period of churn for routes bound to the sensor group. PR1547698

  • SR-TE may stay UP when the routes deleted through policy. PR1547933

  • Multicast traffic drop might be seen after ISSU. PR1548196

  • The rpd crash might be seen when BGP service route is resolved over color-only SRTE policy. PR1550736

  • In the EVPN-VXLAN scenario, as part of fixing 1535515 (All the ARP reply packets toward some address are flooded across the entire fabric), on bd with no irb, the mac+ip ageout is adjusted by +30 seconds. This change exposed an issue in arp expiry handling. This change resulted in high cpu utilization and is fixed through this PR 1551025. PR1551025

  • The PPPoE subscribers might fail to login. PR1551207

  • "LCM Peer Absent" might be seen on all TVP platforms. PR1551760

  • The fabric errors are observed and the FPC processes might get offlined with SCBE3, MPC3E-NG, or MPC3E and MPC7 or MPC10 in the increased-bandwidth fabric mode. PR1553641

  • Configuring HFRR i.e. link-protection on an interface may cause rpd to crash. PR1555866

  • ISSU may be aborted on MX devices for version 20.2R2-S1. PR1557413

  • On MX Platform with any of these linecards -MPC9E/JNP10K-LC2101/JNP10003-LC2103/MX204-MPC, Packets corruption might occur with enabling PTP(Protocol Time protocol) on 100G/40G interfaces mapped to Channelized MAC. PR1557758

  • The l2cpd core files might be seen on reboot. PR1561235

  • The rpd crash might be observed during processing huge amount of PIM prune messages. PR1561984

  • MX platforms with MX-SCBE3 may reboot continuously. PR1564539

  • The ALQ session between the two routers is expecting to have a controlled source and destination address (peer config in both end). To be able to control what this address is used as source on a router with multiple routed interfaces, a good technique is to use a directly connected interface for this communication. In the case where the routers are not directly connected a tunnel interface is equally good technique. But the ALQ need to be allowed to use this. This PR fix this. PR1567735

  • On MX150, "request system software add" CLI is disabled in 19.4R3-S1, 20.1R2, and 20.4R1. PR1568273

  • agent sensor - "__default_fabric_sensor__" seems to be partly applied to some FPCs, which caused zero payload issue - "AGENTD received empty payload for pfe sensor __default_fabric_sensor__. PR1569167

Infrastructure

  • Output drops in 'show interfaces extensive' might display 0 temporarily during a race condition when SNMP query for JnxCos is also issued. PR1533314

Interfaces and Chassis

  • The configuration might not be applied after deleting all existing logical interfaces and adding a new logical interface for an IFD in a single commit. PR1534787

  • Inline Y.1731 SLM or DM does not work in enhanced-cfm-mode for the EVPN UP MEP scenario. PR1537381

  • Backup router generates VRRP_NEW_BACKUP syslog during bringup. PR1539277

  • The following error message might occur after commit for configuration under interface hierarchy: should have at least one member link on a different FPC. PR1539719

  • The following the commit error is observed while trying to delete unit 1 logical systems interfaces: ae2.1: Only unit 0 is valid for this encapsulation. PR1547853

  • The startup-silent-period command might not work in Junos OS Release 20.3R1 or later. PR1548464

  • The VCP port is marked as administratively down on the wrong MX Series Virtual Chassis member. PR1552588

  • The dcd process might leak memory on pushing the configuration to the ephemeral database. PR1553148

MPLS

  • The rpd scheduler might slip after the link flaps. PR1516657

  • The inter-domain LSP with loose next hop path might get stuck in down state. PR1524736

  • The ping mpls rsvp command does not take into account lower MTU in the path. PR1530382

  • The rpd process might crash when the LDP route with indirect next hop is deleted on the aggregated Ethernet interface. PR1538124

  • Performing commit may trigger externally provisioned LSP MBB mechanism. PR1546824

  • A new LSP might not be up even if bypass LSP is up and "setup-protection" is configured. PR1555774

Network Address Translation (NAT)

  • Need to improve the maximum eNode connections for one persistent NAT binding from 8 to 32. PR1532249

Network Management and Monitoring

  • Commit error while deleting the routing instance when snmp trap-group also have the same routing instance referred. PR1555563

Platform and Infrastructure

  • PE-CE OAM CFM might have issues in AE interface case. PR1501656

  • The output of the show jnh qmon queues-sensor stats 0 command has no content. PR1514881

  • The VPLS connection might be stuck in the Primary Fail status when a dynamic profile is used on the VPLS pseudowire logical interface. PR1516418

  • The state of the flow detection configuration might not be displayed properly if DDOS-SCFD is configured globally. PR1519887

  • Flow programming issue for lt- interface in the Packet Forwarding Engine level is observed. PR1525188

  • Junos OS: MX Series: Trio-based MPC memory leak when Integrated Routing and Bridging (IRB) interface is mapped to a VPLS instance or a Bridge-Domain (CVE-2021-0202). PR1525226

  • The following error message is observed when alarms after interface reset: 7836 ifl 567 chan_index 8 NOENT & jnh_ifl_topo_handler_pfe(13015): ifl=567 err=1 updating channel table nexthop. PR1525824

  • The VxLAN encapsulation over IPv6 underlay might not work on MX routers. PR1532144

  • There is a TWAMP interoperability issue between Junos OS releases. PR1533025

  • The fpc process might crash when the next hop memory of ASIC is exhausted in the EVPN-MPLS scenario. PR1533857

  • The ISSU might fail on Junos platforms with LUCHIP based line cards. PR1535745

  • Subscribers are not coming up VPLS on PS interface. PR1536043

  • TWAMP interoperability issue can be seen if the Junos release has only the fixes for PR-1434740, PR-1533025 but not the fix for PR-1536939. PR1536939

  • Packet loss might be observed when the RFC2544 egress reflector session is configured on the non-zero Packet Forwarding Ethernet interface. PR1538417

  • AUTO-CORE-PR : JDI CI ROUTING : vmxt_lnx core found @ l2_metro_bd_host_inject_del bd_platform_delete bd_handle_msg. PR1538516

  • The rmopd process memory leak might be seen if TWAMP client is configured. PR1541808

  • Trio-based FPC might crash when the underlying Layer 2 interface for ARP over IRB interface is changed from the physical interface to the LSI interface. PR1542211

  • ARP expired timer on backup Routing Engine is not same with master Routing Engine if aging-timer is configured. PR1544398

  • On all MX platforms with BNG (Broadband Network Gateway) scenario, an internal timer (re-ARP timer) on backup RE could cause an ARP storm upon GRES switchover since there are lots of arp timeout on the new master RE in 2 minutes. The re-ARP timer is one-tenth of the ARP aging timer (default ARP aging timer is 20 minutes, so 1/10 of 20 minutes is 2 minutes). The fix will automatically adjust the timer based on the scale and the configured aging time avoiding ARP storm on new master. PR1547583

  • The BGP session replication might fail to start after the session crashes on the backup Routing Engine. PR1552603

  • Traffic is not forwarded over IRB to l2circuit on lt interfaces. PR1554908

  • IPv4 EXP rewrite might not work properly when inet6-vpn enabled. PR1559018

  • On MX platform, T4000 platform and EX9200 platform, end-users or end-hosts might not get an IPv4 address from Dynamic Host Configuration Protocol (DHCP) server when Distributed Denial-of-Service (DDOS) attack is happened on DHCP rebind packets or renew packets. In the end, end-users or end-hosts could not access into network after lease time of the IPv4 address expired. PR1562474

Routing Policy and Firewall Filters

  • The policy configuration might be mismatched between the rpd and mgd process when deactivate policy-options prefix-list is involved in the configuration sequence. PR1523891

  • Generate route goes to hidden state when protect core knob is enabled. PR1562867

Routing Protocols

  • The output of the show isis interface detail command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long. PR1482983

  • On NFX-series and MX150 devices the following error messages are seen in the messages log file for the interfaces that have SFP installed in them: fpc0 FAILED(-1) read of SFP eeprom for port: 13. PR1529939

  • The rpd might crash with BGP RPKI enabled in a race condition. PR1487486

  • Ppmd core file generated after MS-MPC restart. PR1490918

  • The rpd might crash after deleting and re-adding a BGP neighbor. PR1517498

  • Tag matching in the VRF policy does not work properly when the independent-domain option is configured. PR1518056

  • The BGP session with VRRP virtual address might not come up after a flap. PR1523075

  • The VRF label is not assigned at ASBR when the inter AS is implemented. PR1523896

  • The IS-IS LSP database synchronization issue might be seen while using the flood-group feature. PR1526447

  • The rpd process generates core file at is_srv6_delete_locator_end_sid_data isis_srv6_end_sid_local_data_delete isis_srv6_locator_config_check. PR1531830

  • Transit labels for Layer 3 VPN routes are pushed momentarily to the MPLS.0 table. PR1532414

  • Configuring then next hop and then reject on a route policy for the same route might cause the rpd process to crash. PR1538491

  • After moving peer out of the protection group, the path protection does not get removed from the PE router. Multipath routes are still present. PR1538956

  • For spring with TE-shortcuts, MPLS S=0 route label is missing in the logical_system r5_lr for label 801007 upon activating mpls label switched path just after deactivating isis TE inet shortcuts. PR1539671

  • The rpd process generates the core file at gp_rtarget_tsi_update,bgp_rtarget_flash_rt,bgp_rtarget_flash. PR1541768

  • Traffic loss might be seen in next-hop-based dynamic tunnels of L3VPN scenario after changing the dynamic-tunnel preference. PR1542123

  • The metric of prefixes in intra-area-prefix LSA might be changed to 65535 when the metric of one of the OSPFv3 p2p interfaces is set to 65535. PR1543147

  • The BGP session neighbor shutdown configuration does not effect the non-established peer. PR1554569

  • The changes do not get effective when the values are set under static default hierarchy. PR1555187

  • The BGP session might not come up if extended-nexthop is enabled by default on the other vendor remote peer. PR1555288

  • Sending multicast traffic to downstream receiver on Trio based Virtual Chassis platforms might fail. PR1555518

  • 6PE prefixes may not be removed from RIB upon reception of withdrawal from a BGP neighbor when RIB sharding is enabled. PR1556271

  • Multipath info still shown for BGP route even after disabling interface for one path. PR1557604

  • 6PE prefixes may not be removed from RIB upon reception of withdrawal from a BGP neighbor when RIB sharding is enabled. PR1556271

  • VPN routes learned from core files were not advertised to CE when bgp sharding is configured. PR1560661

  • All Layer3 VPN route ages reset when adding or deleting a VRF. PR1560827

  • Wrong SPF calculation might be observed for OSPF with ldp-synchronization hold-time configured after interface flap. PR1561414

  • If BGP route flap damping is enabled and some routes received from a BGP peering session are hidden due to damping, the routes which are stored in the route list after the damped routes might be stuck in routing table with "Accepted DeletePending" state and not be removed when the BGP peering session goes down. PR1562090

Services Applications

  • L2TP subscribers might fail to establish a session on MX if the CPE is a virtual host. PR1527343

  • The following error message is observed: SPD_CONN_OPEN_FAILURE: spd_pre_fetch_query: unable to open connection to si-1/0/0. PR1550035

Subscriber Access Management

  • Subscriber accounting messages retransmissions exist even after configuring accounting retry 0. PR1405855

VPNs

  • The Junos image upgrade/installation with 'validate' will fail with XML errors. PR1525862

  • MVPN multicast route entry might not be properly updated with the actual downstream interfaces list. PR1546739

Resolved Issues: 20.3R1

Application Layer Gateways (ALGs)

  • The srxpfe or mspmand process might crash if FTPS is enabled in a specific scenario. PR1510678

Class of Service (CoS)

  • The following error message is observed: GENCFG write failed (op, minor_type) = (delete, Scheduler map definition) for tbl id 2 ifl 0 TABLE Reason: No such file or directory. PR1476531

  • The MX Series routers with MPC1 Q and MPC2 Q line cards might report memory errors. PR1500250

EVPN

  • When a dynamic list next hop is referenced by more than one route, it might result in an early deletion of the next hop from the kernel, thereby assigning the NH index as 0 (Next hop type: Dynamic List, next hop index: 0" in the output of the show route command). This would not result in a crash, but an early delete from kernel. As a workaround, restarting the routing solves the issue and the NH index gets reassigned properly. PR1477140

  • The ARP resolution to the gateway IRB address fails if decapsulate-accept-inner-vlan or encapsulate-inner-vlan is configured. PR1526618

  • The rpd process might crash when auto-service-id is configured in the EVPN-VPWS scenario. PR1530991

  • The rpd process might generate a core file when the Routing Engine switches over after disabling the BGP protocol globally. PR1490953

  • VXLAN bridge domain might lose the VTEP logical interface after restarting chassisd. PR1495098

  • The VXLAN function might be broken due to a timing issue. PR1502357

  • The MAC address of the LT interface might not be installed in the EVPN database. PR1503657

  • Configuring the proxy-macip-advertisement command for EVPN-MPLS leads to functionality breakage. PR1506343

  • With the EVPN-VXLAN configurations, the IRB MAC does not get removed from the route table after disabling IRB. PR1510954

  • ARP might break when multicast snooping is enabled in EVPN for the VLAN-based and VLAN-bundle service scenarios. PR1515927

  • Unable to create a new VTEP interface. PR1520078

  • Packets might not be sent out of the IRB interface if there is no Layer 2 interface in the associated bridge-domains. PR1498534

  • IRB interface might get stuck in the Down state in an EVPN multihome scenario. PR1479681

Forwarding and Sampling

  • UTC timestamp is used in the flat-file-accounting files when a profile is configured. PR1509467

  • DHCP subscribers might get stuck in the Terminated state for around 5 minutes after disabling the cascade ports. PR1505409

  • Traffic might get dropped due to not exceeding the configured bandwidth under policer. PR1511041

  • The DHCP relay might not work normally under EVPN with VXLAN environment. PR1487385

  • The pfed process might crash while running the show pfe fpc x command. PR1509114

General Routing

  • The show security group-vpn member IPsec security-associations detail | display xml command is not in the expected format. PR1349963

  • Constant memory leak might lead to FPC memory exhaustion. PR1381527

  • The chassisd might crash due to hardware-database errors. PR1383246

  • On the MX2000, the following error message might be observed if the MPC7 line card is offline when Routing Engine switchover occurs: Failed to get xfchip. PR1388076

  • After an MX Series router with the JNP10K-LC2101 line card is powered on, a voltage of 1345-1348 mV is read for about 20 seconds, which gets stabilized to 1493 mV. During this period, the FPC x Voltage Tolerance Exceeded major alarm is raised. PR1415671

  • The following Error messages are observed on the MPC card in the manual mode: clksync_as_evaluate_synce_ref: 362 - Failed to configure clk. PR1490138

  • FPC might crash after GRES when committing changes in the firewall filter with the next term statements in a subscriber scenario. PR1421541

  • The RPD scheduler slips might be seen upon executing the show route resolution extensive 0.0.0.0/0 | no-more command if the number of routes in the system is large (several millions). PR1425515

  • Layer 2 over GRE is not supported in Junos OS Release 19.3R1. Even though, the configuration gets committed, the feature does not work. PR1435855

  • The MPC9E line card does not get offline due to unreachable destinations in the phase 3 stage. PR1443803

  • FEC statistics are not reset after changing the FEC mode. PR1449088

  • When an M-VLAN interface (OIF map) is changed, the existing multicast subscribers with membership reports in place experience loss of multicast traffic till traffic is forwarded to the new OIF map. For example, a new M-VLAN interface. PR1452644

  • Interfaces shut down by the disable-pfe action might not come up when you use the MIC offline or online command. PR1453433

  • The FPC or the Packet Forwarding Engine might crash with the ATM MIC installed in the FPC. PR1453893

  • Application and removal of 1-Gbps speed results in the channel being down. PR1456105

  • In the MVPN instance, the traffic drops on multicast receivers within the range of 0.1 to 0.9 percent. PR1460471

  • The bbe-smgd process generates core files on the backup Routing Engine. PR1466118

  • With the BGP rib-sharding and update-threading, traffic drops 100 percent in the BGP Layer 3 VPN streams, post the removal or restoration configuration. PR1469873

  • The following syslog message are observed: fpcX user.notice logrotate: ALERT exited abnormally with [1]. PR1471006

  • When you reboot the external server, the SNMP values configured within the /etc/snmp/snmpd.conf file at the server get overwritten with the content from the JDM SNMP configuration section. The trap configuration changes get completely removed. Restarting or stopping and starting JDM does not change the host /etc/snmp/snmpd.conf file. Only system reboot of the server occurs. PR1474349

  • The kmd process might crash in a specific simultaneous rekey scenario. PR1474797

  • The following error log messages are observed: chassisd[7836]: %DAEMON-3-CHASSISD_IOCTL_FAILURE: acb_get_fpga_rev: unable to get FPGA revision for Control Board (Inappropriate ioctl for device) after every commit. PR1477941

  • The cpcdd process might generate core file after upgrading to Junos OS Release 19.4 and later. PR1527602

  • The ukern-platformd process might crash on the MX2000 router with the MPC11 line card. PR1478243

  • Interface traffic statistics in the show interface command might display incorrect values for a LAG with the MPC10 or MPC11 line card child links. PR1478540

  • All PPPoE subscribers might not log in after FPC restarts. PR1479099

  • Fabric healing logic incorrectly makes all MPC line cards go offline in the MX2000 router while the hardware fault is located on one specific MPC line card slot. PR1482124

  • The downstream IPv4 packet greater than BR MTU gets dropped in MAP-E. PR1483984

  • The traffic rate might not be as expected on the aggregated Ethernet interface after applying a shared-bandwidth policer. PR1484193

  • The peer interface does not go down after the MPC11E line card reboot. PR1485682

  • The input errors on the MX150 router might be zero in the output of the show interfaces extensive command when there are CRC or align errors on the interface. PR1485706

  • The aftd process might crash. PR1487416

  • XML is not properly formatted. PR1488036

  • Daemon might restart due to mishandling of data. PR1489512

  • With the MX-SPC3 service card, NAT might not be processed on an order as setup. PR1489581

  • Prolonged flow control might occur with MS-MPC or MS-MIC. PR1489942

  • The ISSU is not supported on the NG-MPC line cards from Junos OS Release 19.4R1. PR1491337

  • Multiple deactivation or activation of the security traceoptions along with a single NAPT44 session might crash the flowd process. PR1491540

  • MS-MIC goes down after loading some Junos OS releases in an MX-VC scenario. PR1491628

  • User-configured MTU might be ignored after the ISSU upgrade using the request vmhost software in-service-upgrade command. PR1491970

  • There is a delay in the LT interfaces on the MPC11E line card coming up after configuring the scaled PS interfaces anchoring to RLT. PR1492330

  • On the MX10008 router, the SNMP table entPhysicalTable does not match the PICs shown in the output of the show chassis hardware command. PR1492996

  • The MPC10 or MPC11 line card might crash if the interface is configured with the firewall filter referencing a shared-bandwidth policer. PR1493084

  • In an MX Series, setting or deleting a Virtual Chassis C port causes other Virtual Chassis ports on the same FPC or MIC slot to bring the link in the Down state for a few seconds, possibly interrupting the communication with the other member chassis. PR1493699

  • Used-Service-Unit of the CCR-U has Output-Bytes counter zero. PR1516728

  • The LSP might not come up in the LSP externally provisioned scenario. PR1494210

  • The following error message is seen for the AF interfaces on an FPC when the peer FPC is restarted: PFE_ERROR_FAIL_OPERATION: Unable to unbind cos scheduler from physical interface. PR1494452

  • In a node slicing setup, after GRES, the RADIUS interim updates might not carry actual statistics. PR1494637

  • Group address is not programmed back post deactivation and activation of the bridge domain. PR1495480

  • VPLS flood NH might not get programmed correctly. PR1495925

  • B4 might not be able to establish the softwire with AFTR. PR1496211

  • The following error messages are generated by Packet Forwarding Engine when the subscribers come up over a pseudowire interface: PFEIFD: Could not decode media address with length 0. PR1496265

  • The MPC10E line card might restart with sensord crash due to a timing issue. PR1497343

  • Outbound SSH connection flaps or memory leaks during the push configuration to ephemeral database with high rate. PR1497575

  • Port numbers logged in the ALG syslog are incorrect. PR1497713

  • Subscribers might be disconnected after one of the aggregated Ethernet participating FPCs comes online in a Junos node slicing scenario. PR1498024

  • SNMP polling does not show correct PSM jnxOperatingState when one of the PSM inputs fails. PR1498538

  • The rpd process might crash when multiple VRFs with IFLs link-protection are deleted at a single time. PR1498992

  • The commit check might fail when adding a logical interface into a routing-instance, which has no-normalization command enabled under the routing-instances stanza. PR1499265

  • Heap memory leak might be seen on the MPC10 and MPC11 line cards. PR1499631

  • After disabling and enabling the ams0 interfaces, the NAT sessions do not get synchronized back to the current standby SDG. PR1500147

  • The SPC3 card might crash if the SIP ALG is enabled. PR1500355

  • Unexpected behavior during | display inheritance is observed when the foreground is deactivated. PR1500569

  • The show services alg conversations and show services alg sip-globals commands are not supported in USF mode. PR1501051

  • The MX2020 and MX2010 routers continuously log pem_tiny_power_remaining: in the chassisd log. PR1501108

  • Application ID does not get displayed under the nat/sfw rule configured with application any rule. PR1501109

  • The chassisd process might become nonresponsive. PR1502118

  • On the MPC11 line card, the show syslog command in the Packet Forwarding Engine shell might time out. PR1502877

  • The packets from a nonexisting source on the GRE or UDP designated tunnel might be accepted. PR1503421

  • Configuring the ranges statement for autosensed VLANs might not work on the vMX platforms. PR1503538

  • MIBS added as part of jnxLicenseInstallTable: jnxLicenseStartDate jnxLicenseEndDate. PR1503790

  • The show bridge statistics command output does not display the statistics information for the pseudowire subscriber interfaces. PR1504409

  • The gNMI stream does not follow the frequency on the subscription from the collector. PR1504733

  • Fan speed might toggle between full and normal on the MX960 router with an enhanced FRU. PR1504867

  • The rpd process might crash in case of a network churn when the telemetry streaming is in progress. PR1505425

  • The PSM firmware upgrade must not allow multiple PSM upgrades in parallel to avoid the firmware corruption and support mutliple firmwares for different hardware. PR1524338

  • Addition and removal of an aggregated Ethernet interface member link might cause the PPPoE subscriber session and traffic to drop. PR1525585

  • After sending the Layer 4 or Layer 7 traffic, the HTTP redirect messages are not captured as expected. PR1505438

  • The l2cpd process might crash if the ERP configuration is added or removed, and the l2cpd process is restarted. PR1505710

  • VRRPv6 might not work in an EVPN scenario. PR1505976

  • Mapping leaks when the private and public IP addressess are from the same prefix. PR1507477

  • GnmiJuniperTelemetryHeader incompatibility is introduced in Junos OS Release 19.3. PR1507999

  • Outbound SSH connection flap or memory leak issues might be observed during push configuration to the ephemeral database with a high rate. PR1508324

  • JET API RouteMonitorRegister might result in an unresponsive gRPC session. PR1509655

  • The host-generated packets might be dropped if the force-control-packets-on-transit-path statement is configured. PR1509790

  • The disabled QSFP transceiver might fail to get turned on. PR1510994

  • PFCP message acknowledgment or non- acknowledgment responses are not tracked without the fix. If the CPF peer drops an acknowledged UPF response message and CPF retries the request, the reattempts do not get an acknowledgment by the response cache at UPF and get silently dropped. This causes the CPF state machine to constantly retry requests with those message being dropped at UPF, which leads to the Established state at both CPF and UPF. PR1511708

  • Static subscribers are logged out after creating a unit under the demux0 interface. PR1511745

  • The multicast traffic might be dropped if ALB is enabled on the aggregated Ethernet interface. PR1512157

  • Memory leak on l2ald might be seen when adding or deleting the routing-instances or bridge-domains configuration. PR1512802

  • The wavelength configured through the CLI might not be set on the SFP+-10G-T-DWDM-ZR optics when the optics is used on the MPC7E line card. PR1513321

  • Modifying the segment list of the segment routing LSP might not work. PR1513583

  • Subscribers might not be able to bind again after performing back-to-back GRES followed by an FPC restart. PR1514154

  • Active sensor check fails while checking the show agent sensors |display xml command. PR1516290

  • The MPC7E line card with QSFP installed might get rebooted when the show mtip-chmac <1|2> registers vty command is executed. PR1517202

  • There might be memory leak in cfmd if both the CFM and inet/IPv4 interfaces are configured. PR1518744

  • The vgd process might generate a core file when the OVSDB server restarts. PR1518807

  • The PADI packets might be dropped when the interface encapsulation VPLS is set along with accepted protocol configured as PPPoE. PR1523902

  • According to the OC data model, the openconfig-alarms.yang subscription path must be used as system/alarms/alarm. PR1525180

  • WAG control route prefix length are observed. PR1526666

  • Non-impacting error message is seen in the message logs: IFP error> ../../../../../../../../../src/pfe/usp/control/applications/interface/ifp.c@3270:(errno=1000) tunnel session add failed. PR1529224

  • On the MX960 router, the following error message might be observed: SCHED L4NP[0] Parity errors. PR1464297

  • The vmcore process crashes sometimes along with the mspmand process on MS-MPC/MS-MIC if large-scale traffic flows are processed. PR1482400

  • The heap memory utilization might increase after extensive subscriber login or logout. PR1508291

  • On the MPC10 and MPC11 line cards, the heap memory leaks with the MoFRR feature. PR1479024

  • Some of the virtual services might not up after GRES or rpd restart. PR1499655

  • On the MX150 series of routers, the request system halt and request system power-off commands do not work as expected. PR1468921

  • With MPC10 and MPC11 line cards, switchovers are slow to backup the upstream interface. PR1497127

  • The MACsec session might fail to establish if 256 bit cipher suite is configured for MACsec connectivity association assigned to a logical interface. PR1514680

  • The MPC10E line card might crash with the sensord process generating a core file due to a timing issue. PR1526568

  • The commit confirm command might not rollback the previous configuration when the commit operation fails. PR1527848

  • Certain BGP SRTE segment lists cause the rpd process to generate core file during tunnel attribute parsing. PR1535632

  • Any change in the nested groups might not be detected on commit and does not take effect. PR1484801

  • In the MX10003 routers, RCB always detect fire temperature and shutdown in a short time after downgrade. PR1492121

  • Inline JFlow might report wrong value for some fields in the flow records after enabling the next hop-learning and route churn occurs. PR1500179

  • The MACsec delay protection fails to drop or discard the delayed MACsec packets. PR1503010

  • The transit PTP packet might be unexpectedly modified when passing through MPC2E-NG, MPC3E-NG, and MPC5E line cards. PR1527612

  • Not able to get the sessions after configuring IDS, adding IDS-RULE in the SS in the next-hop style. PR1537609

  • The MPC11E line card might get stuck in the Present state during booting in a rare condition. PR1482105

  • The SNMP index in the Packet Forwarding Engine reports as 0, causing sFlow to report either IIF or OIF (not both) as 0 in the sFlow record data at collector. PR1484322

  • The mgd process might become nonresponsive, crash the dcd process, or crash the dcd process commit check process. PR1491363

  • The fpc process might crash in an inline mode with CFM configured. PR1500048

  • On the MX150 router, the logical interfaces stay up during the vmhost halt or power-off senario. PR1526855

Infrastructure

  • If the serial number of the PEM starts with 1F1, the following alarm might be generated: Minor FPC PEM Temp Sensor Failed. PR1398128

  • SNMP polling might return an unexpectedly high value for the ifHCOutOctets counter for a physical interface when any jnxDom OID is processed at the same time. PR1508442

  • Unknown MIB OID 1.3.6.1.2.1.47.2.0.30 are referenced in the SNMP trap after upgrading to Junos OS Release 18.4R3.3. PR1508281

  • Packet counter does not work as expected when SNMP is used. PR1422929

  • Kernel stack data disclosure is observed. PR1485747

Interfaces and Chassis

  • Traffic might get dropped as the next hop points to ICL even though the local MC-LAG is up. PR1486919

  • The sonet-options configuration statement is disabled for the xe interface that works in wan-phy mode. PR1472439

  • The vrrpd might crash when dual VLAN on VRRP interfaces is configured. PR1512658

  • Fail to configure proactive ARP detection. PR1476199

  • A stale IP address might be seen after a specific order of configuration changes under the logical-systems scenario. PR1477084

  • Control logical interface 32767 is not created on the VLAN-tagged IFD even after removing the VLAN 0 configuration. PR1483395

  • On the MPC6 line cards, the CFM DM two way verification fails with invalid timestamp. PR1489196

  • Some of the logical interfaces might not come up with the configured vlan-bridge encapsulation. PR1501414

  • Unexpected dual VRRP backup state might occur after performing two subsequent Routing Engine switchovers with track priority-hold-time configured. PR1506747

  • Commit failure is observed while deleting all the units under the ps0 interface. PR1514319

  • The following error message is observed: Request failed: OID not increasing: ieee8021CfmStackServiceSelectorType. PR1517046

  • Buffer overflow vulnerability in device control process is observed. PR1519334

Intrusion Detection and Prevention (IDP)

  • When creating the custom IDP signatures that match raw bytes (hexadecimal), the commit check fails if the administrator configures the depth parameter. PR1506706

J-Web

  • Security vulnerability in J-Web and Web-based (HTTP/HTTPS) services is observed. PR1499280

Juniper Extension Toolkit (JET)

  • JET application configuration must be disabled before upgrading Junos OS vmhost images. PR1488769

Junos Fusion Provider Edge

  • The statistics of the extended ports on the satellite device cluster might show wrong values from the aggregation device. PR1490101

Layer 2 Ethernet Services

  • For the MX204 router, the vendor ID is set as MX10001 in the factory-default configuration and in the DHCP client messages. PR1488771

  • The DHCP subscribers might not come up when DHCP ALQ and VRRP are configured. PR1490907

  • Issues with the DHCPv6 relay processing confirm and reply packets are observed. PR1496220

  • The MC-LAG might be down after disabling and then enabling the force-up configuration. PR1500758

  • The aggregated Ethernet interface sometimes might not come up after switch is rebooted. PR1505523

  • The DHCPv6 lease query is not as expected while verifying the DHCPv6 server statistics. PR1506418

  • The show dhcp relay statistics display DHCPLEASEUNASSIGNED instead of DHCPLEASEUNASSINGED, which is spelling error. PR1512239

  • The show dhcpv6 relay statistics must display DHCPV6_LEASEQUERY_REPLY instead of DHCPV6_LEASEQUERY_REPL for the messages sent. PR1512246

  • The DHCP6 lease query is not as expected while verifying the DHCPV6v relay statistics. PR1521227

  • The memory leak in jdhcpd might be seen if access-profile is configured under the dhcp-relay or dhcp-local-server statement. PR1525052

  • Receipt of malformed DHCPv6 packets causes jdhcpd to crash. PR1511782

  • The jdhcpd process crashes when processing a specific DHCPDv6 packet in the DHCPv6 relay configuration. PR1512765

MPLS

  • The RSVP interface bandwidth calculation rounds up. PR1458527

  • The rpd process might crash in PCEP for the RSVP-TE scenario. PR1467278

  • The rpd process might crash when the BGP flaps with FEC 129 VPWS enabled. PR1490952

  • If there are two directly connected BGP peers established over MPLS LSP and the MTU of the IP layer is smaller than the MTU of the MPLS layer. Also, if the BGP packets from the host have the DF bit set, the BGP session might keep flapping because of the usage of the wrong TCP-MSS. PR1493431

  • The rpd process might crash in a rare condition in the SR-TE scenario. PR1493721

  • The rpd process saves the core file while performing ISSU from Junos OS Release 19.3R2 or later. PR1493969

  • The same device responds twice for traceroute in case it goes through the MPLS network under specific conditions. PR1494665

  • The rpd process might crash when the SNMP polling is done using the OID jnxMplsTeP2mpTunnelDestTable. PR1497641

  • Traffic loss might occur if ISSU is performed when P2MP is configured for an LSP. PR1500615

  • The CSPF job might get stalled for a new or an existing LSP in a high-scale LSP setup. PR1502993

  • The rpd process might crash with RSVP configured in a rare timing case. PR1505834

  • Activating or deactivating the LDP-sync under OSPF might cause the LDP neighborship to go down and stay down. PR1509578

  • The rpd process might crash after upgrading Junos OS Release 18.1 to a later release. PR1517018

  • The SNMP trap is sent with the incorrect OID jnxSpSvcSetZoneEntered. PR1517667

  • The LDP session-group might throw a commit error and flap. PR1521698

  • The rpd process generates core file on the backup Routing Engine. PR1495746

  • The rpd process might crash when rpd restarts or GRES switchovers. PR1506062

  • The auto-bandwidth feature might not work correctly in the MPLS scenario. PR1504916

  • The inter-domain LSP with loose next-hops path might get stuck in the Down state. PR1524736

Network Management and Monitoring

  • The SNMPv3 informs might not work properly after rebooting. PR1497841

Platform and Infrastructure

  • Configured scheduler-map is not applied on ms- interface if the service PIC is in the Offline state during commit. PR1523881

  • core.vmxt.mpc0 seen at 5 0x096327d5 in the l2alm_sync_entry_in_pfes (context=0xd92e7b28, sync_info=0xd92e7a78) at ../../../../../src/pfe/common/applications/l2alm/l2alm_common_hw_api.c:1727. PR1430440

  • The output of the show jnh qmon queues-sensor stats 0 command has no content. PR1514881

  • On the MX204 router, GRE with sampling causes the following Packet Forwarding Engine error: MQSS(0): MALLOC: Underflow error during reference count read - Overflow 1, Underflow 1, HMCIF 0, Address 0x8d62e0. PR1463718

  • On MX150 and vMX, the VXLAN packet might get discarded because the flow caching does not support VXLAN when flow caching is enabled. PR1466470

  • CFM session malfunctions when it is configured along with the inner and outer native VLAN ID configuration. PR1484303

  • In the MX104 chassis, the show system buffer command displays all zeros. PR1484689

  • Traceroute monitor with MTR version v.69 shows a false 10 percent loss. PR1493824

  • Packets get dropped when next hop is IRB over an lt interface. PR1494594

  • The Routing Engine might crash when a large number of next hops are quickly deleted and added again in a large ARP or ND scaled scenario. PR1496429

  • The rmopd.core process generates core files when committing a configuration replacement of the ms-interface used. PR1499230

  • Traffic to VRRP virtual IP or MAC addresses might be dropped when ingress queuing is enabled. PR1501014

  • Python or SLAX script might not be executed. PR1501746

  • Traffic originated from another subnet is sent out with 0x8100 instead of 0x88a8. PR1502867

  • Traffic loss might be seen in certain conditions under an MC-LAG setup. PR1505465

  • The kernel might crash causing the router or the Routing Engine to reboot when making virtual IP related change. PR1511833

  • During route table object fetch failure, the FPC might crash. PR1513509

  • With multiple different fixed-sized traffic streams configured at 10,000,00 fps (40-Gbps combined rate) on aggregated Ethernet0 along with another independent aggregated Ethernet interface (aggregated Ethernet1, 50 percent line rate 4 streams bidirectional => 118-Gbps combined traffic rate), both hosted on a single Packet Forwarding Engine instruction of the MPC11E line card, small varying packet drops occur for every iteration on aggregated Ethernet1 on disabling aggregated Ethernet0. PR1464549

  • There is a TWAMP interoperability issue between Junos OS releases. PR1533025

  • Arbitrary code execution vulnerability in the Telnet server. PR1502386

Routing Protocols

  • The BGP session might be become nonresponsive with high BGP OutQ value after GRES on both sides. PR1323306

  • Cannot configure set system services ssh protocol-version v1. PR1440476

  • When configuring an alternate incoming interface for a PIM RPF check using rpf-selection, the additional groups outside the configured range might switch to the alternate incoming interface. PR1443056

  • Multicast traffic loss might be seen in certain conditions while enabling the IGMP snooping under EVPN-VXLAN ERB scenario. PR1481987

  • RIPv2 might malfunction when changing the interface type from P2MP to broadcast. PR1483181

  • There might be rpd process memory leak in a certain looped MSDP scenario. PR1485206

  • Layer 3 VPN RR with the family route-target and no-client-reflect statements does not work as expected. PR1485977

  • Traffic loss might be observed while performing GRES in an MPLS setup. PR1486657

  • The BGP route-target family might prevent the RR from reflecting the Layer 2 VPN and Layer 3 VPN routes. PR1492743

  • The rpd process generates core files at rt_nh_resolve_add_gen in ../../../../../../../../src/junos/usr.sbin/rpd/lib/rt/rt_resolve_ind.c: with the evpn-dhcp configurations. PR1494005

  • In all platforms with IPv6 scenario, the last route entry in the inet6.0 or inet6.3 RIB might not get deleted if there is another configuration present under the RIB configuration. (For example, set routing-options rib inet6.0 static defaults active). This might cause a service to still be available that the customer no longer wants to use. PR1495477

  • Receipt of certain genuine BGP packets from any BGP speaker causes the rpd process to crash. PR1497721

  • The IS-IS hello authentication does not generate the correct digest value for hmac_sha1 algorithm. PR1498452

  • The rpd process might crash if the import policy is changed to accept more routes that exceed the teardown function threshold. PR1499977

  • The rpd process might crash in a multicast scenario with BGP configured. PR1501722

  • The rpd process might crash while processing a specific BGP packet. PR1502327

  • The mcsnoopd process generates core files during the execution of an internal script. PR1503211

  • BGP might not advertise routes to peers after a peer flap. PR1507195

  • The rpd process might crash due to RIP updates being sent on an interface in down state. PR1508814

  • The IS-IS SR routes might not be updated to reflect the change in the SRMS advertisements. PR1514867

  • The BGP link-bw of the non-multipath routes are included in an aggregation. PR1515264

  • The rpd process might crash if there is a huge number of SA messages in an MSDP scenario. PR1517910

  • NLRI handling improvements for BGP-LS ID TLV is needed. PR1521258

  • The output of the show isis interface detail command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long. PR1482983

  • The BGP RPKI ROA withdrawal might lead to an unexpected BGP route flap. PR1483097

  • The rpd process might crash after deleting and then adding a BGP neighbor. PR1517498

  • Core file is generated in krt_mcnh_update_rpf_info() when TI-LFA is used with MOFRR. PR1493259

  • The route entries might be unstable after being imported into the inet6.x RIB through rib-group. PR1498377

Services Applications

  • The FPC process might crash with an npc core file if the service interface is configured under a service set in USF mode. PR1502527

  • The output of the show services l2tp tunnel extensive command does not show the configured session limit. PR1503436

  • Destination lockout functionality does not work at the tunnel session level when CDN code is received. PR1532750

Subscriber Access Management

  • The following syslog messages are observed: pfe_tcp_listener_open_timeout: Peer info msg not received from addr: 0x6000080. Socket 0xfffff804ad23c2e0 closed PR1474687

  • LTS incorrectly sends the access-request with the Tunnel-Assignment-ID, which is not compliant with RFC 2868. PR1502274

  • CCR-T does not contain the usage-monitoring information. PR1517507

  • The show network-access aaa subscribers statistics username "<>" command fails to fetch the subscriber-specific AAA statistics information if a subscriber username contains a space. PR1518016

User Interface and Configuration

  • The version information under the configuration changes from Junos OS Release 19.1 onwards. PR1457602

VPNs

  • The l2circuit neighbor might become nonresponsive in the Ready state at one end of the MG-LAG peer. PR1498040

  • The rpd process might crash in certain conditions after deleting the l2circuit configuration. PR1502003

  • The MPLS label manager might allow configuration of a duplicated VPLS static label. PR1503282

  • The output value of the show mvpn c-multicast inet source-pe | display xml command is not proper. PR1509948

  • The rpd process might crash after removing the last configured interface under the l2circuit neighbor. PR1511783

  • The rpd process might crash when deleting the l2circuit configuration in a specific sequence. PR1512834

Documentation Updates

There are no errata or changes in Junos OS Release 20.3R3 documentation for MX Series routers.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

Starting in Junos OS 17.4R1 release, FreeBSD 11.x is the underlying OS for all Junos OS platforms which were previously running on FreeBSD 10.x based Junos OS. FreeBSD 11.x does not introduce any new Junos OS related modifications or features but is the latest version of FreeBSD.

The following table shows detailed information about which Junos OS can be used on which products:

Platform

FreeBSD 6.x-based Junos OS

FreeBSD 11.x-based Junos OS

MX5,MX10, MX40,MX80, MX104

YES

NO

MX240, MX480, MX960,

MX2010, MX2020

NO

YES

Basic Procedure for Upgrading to Release 20.3R3

Note

Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Installation and Upgrade Guide.

For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.

Procedure to Upgrade to FreeBSD 11.x-Based Junos OS

Products impacted: MX240, MX480, MX960, MX2010, and MX2020.

To download and install FreeBSD 11.x-based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-20.3R3.9-signed.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-20.3R3.9-signed.tgz

    Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos package):

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-20.3R3.x-limited.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-20.3R3.9-limited.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 11.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 11.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note
  • You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.

  • Starting in Junos OS Release 20.3R3, in order to install a VM host image based on Wind River Linux 9, you must upgrade the i40e NVM firmware on the following MX Series routers:

    • MX240, MX480, MX960, MX2010, MX2020, MX2008, MX10016, and MX10008

    [See https://kb.juniper.net/TSB17603.]

Note

After you install a Junos OS Release 20.3R3 jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.x) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.

Note

Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.

Procedure to Upgrade to FreeBSD 6.x-Based Junos OS

Products impacted: MX5, MX10, MX40, MX80, MX104.

To download and install FreeBSD 6.x-based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    • All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

      user@host> request system software add validate reboot source/jinstall-ppc-20.3R3.9-signed.tgz
    • Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos OS package):

      user@host> request system software add validate reboot source/jinstall-ppc-20.3R3.9-limited-signed.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 20.3R3 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 19.3, 19.4, and 20.1 are EEOL releases. You can upgrade from Junos OS Release 19.3 to Release 19.4 or from Junos OS Release 19.3 to Release 20.1.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:

  1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.

  2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

  3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

  4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Downgrading from Release 20.3R3

To downgrade from Release 20.3R3 to another supported release, follow the procedure for upgrading, but replace the 20.3R3 jinstall package with one that corresponds to the appropriate release.

Note

You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.