Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for ACX Series

 

These release notes accompany Junos OS Release 20.4R3 for the ACX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

This section describes the new features or enhancements to existing features in Junos OS Release 20.4R3 for the ACX Series.

What’s New in Release 20.4R3

There are no new features or enhancements to existing features for ACX Series routers in Junos OS Release 20.4R3.

What's New in Release 20.4R2

There are no new features or enhancements to existing features for ACX Series routers in Junos OS Release 20.4R2.

What's New in Release 20.4R1

Hardware

  • We've added the following features to the ACX5448 in Junos OS Release 20.4R1.

    Table 1: Features Supported by the ACX5448 Routers

    Feature

    Description

    Authentication, Authorization and Accounting

    • Support for 802.1X authentication on Layer 3 interfaces. 802.1X is an IEEE standard for port-based network access control that authenticates users connected to a LAN port. [See 802.1X Authentication.]

    Automation

    • Support for either WAN interfaces or management interfaces to automatically download and install the appropriate software and the configuration file on your device during the ZTP bootstrap process. [See Zero Touch Provisioning.]

    Class of service (CoS)

    • Support for up to three levels of hierarchical scheduling (physical interfaces, logical interfaces, and queues). Configurable buffer support is also added. By default, all interfaces on the ACX5448 use port-based scheduling (eight queues per physical port). To enable hierarchical scheduling, set the hierarchical-scheduler statement at the [edit interfaces interface-name] hierarchy level. [See Hierarchical Class of Service in ACX Series Routers.]

    Ethernet OAM

    • Support for Ethernet OAM CFM. You can now synchronize local-interface status between two connected devices with remote interface up/down trigger with OAM CFM. CFM provides end-to-end signals even if the two devices are not directly connected. [See Introduction to OAM Connectivity Fault Management (CFM).]

    EVPN

    • Support for EVPNs and Interfaces. In EVPN-MPLS and MC-LAG environments, the configuration of anycast gateways on ACX5448 routers that are multihomed in all-active mode is supported. [See Anycast Gateways.]

    Layer 2 features

    Layer 3 features

    • Support for Layer 3 VPN in MC-LAG chassis. ACX5448 routers support Layer 3 VPN in VRRP over IRB interfaces in MC-LAG routers. Layer 3 routing and Layer 3 VPN are not directly supported on the MC-LAG interfaces. [See Understanding VRRP and Understanding Layer 3 VPNs.]

    Network Security

    • Support for control plane DDoS protection, which is enabled by default on ACX5448 routers for many Layer 2 and Layer 3 protocols. Control Plane DDoS protection uses firewall filters and policers to discard or rate-limit control plane traffic at the Routing Engine level, which prevents malicious traffic from interfering with device operations. You can disable this feature or change the default policer parameters for supported protocol groups. [See Control Plane Distributed Denial-of-Service (DDoS) Protection Overview]

    Software installation and upgrade

    • Support for the ACX5448-M-LT, a top-of-rack router that supports only Junos Limited image. The Junos Limited image does not have data-plane encryption and is intended only for countries in the Eurasian Customs Union because these countries have import restrictions on software containing data-plane encryption. Unlike the JunosWorldwide image, the Junos Limited image supports control plane encryption through Secure Shell (SSH) and Secure Sockets Layer (SSL), thus allowing secure management of the system. [See ACX5448 System Overview.]

    Timing and synchronization

  • Support for SFP-1GE-LH-ET transceivers (ACX1100 and ACX2100)—Starting in Junos OS Release 20.4R1, the ACX1100 and ACX2100 Universal Metro Routers support the SFP-1GE-LH-ET transceivers.

    [See the Hardware Compatibility Tool (HCT) for details.]

  • Support for SFP-GE80KT14R15 and SFP-GE80KT15R14 transceivers (ACX5448, ACX5448-D, and ACX5448-M)—Starting in Junos OS Release 20.4R1, the ACX5448, ACX5448-D, and ACX5448-M Universal Metro Routers support the SFP-GE80KT14R15 and SFP-GE80KT15R14 transceivers.

    [See the Hardware Compatibility Tool (HCT) for details.]

  • Support for SFPP-10GE-DWDM-IT transceivers (ACX5448, ACX5448-D, and ACX5448-M)—Starting in Junos OS Release 20.4R1, the ACX5448, ACX5448-D, and ACX5448-M Universal Metro Routers support the SFPP-10GE-DWDM-IT transceivers.

    [See the Hardware Compatibility Tool (HCT) for details.]

High Availability (HA) and Resiliency

  • NSR support for IS-IS with SR (ACX Series, MX Series)—Starting in Junos OS Release 20.4R1, ACX Series devices support NSR for IS-IS with segment routing (SR). To use NSR, you must first enable GRES on your device.

    [See Nonstop Active Routing Concepts]

Junos Telemetry Interface

  • JTI support for persistent active gRPC sessions between collector and server during an SSL certificate update (ACX Series, MX Series, and PTX Series)—Junos OS Release 20.4R1 supports persistent active remote procedure call (gRPC) sessions between the collector (client) and server during an SSL certificate update.

    For secure channel authentication, the TLS protocol is used to maintain a secure channel between the collector and the server. TLS uses the server certificate and the client certificate to authenticate each other and send encrypted messages over the network. When an SSL certificate is updated, existing gRPC sessions are abruptly terminated, forcing the collector to initiate a new gRPC connection and subscribe to sensors again.

    To avoid this problem, you can enable persistent active gRPC sessions by configuring hot-reloading at the [edit system services extension-service request-response grpc ssl] hierarchy level. After you enable this feature, gRPC sessions will remain active even when authentication certificates are updated.

    After the certificate is updated, any new gRPC session will use the updated certificate.

    [See gRPC Services for Junos Telemetry Interface and ssl.]

  • Juniper Resiliency Interface for exception reporting and null route detection (ACX Series, PTX Series, and MX Series)—Starting in Junos OS Release 20.4R1, you can use Juniper Resiliency Interface to detect and reduce Mean Time to Repair (MTTR) first-order network issues. Juniper Resiliency Interface uses a push model for data reporting from the entities in the system which encounter packet drops. This automates the workflow for detecting, reporting, and mitigating adverse exceptions.

    To collect kernel routing table and routing protocol process exceptions, configure the set system resiliency exceptions statement at the [edit] hierarchy level to specify exception reporting based on kernel exceptions, and routing exceptions.

    You can display exceptions from a remote collector by means of remote procedure call (gRPC) services or gRPC network management interface (gNMI) services. Display on-box exceptions by accessing the /var/log file or the database at /var/db/ResiliencyExceptions.db. No Junos operational mode commands display these exceptions.

Routing Protocols

  • Support for multiple single-hop EBGP sessions on different links using the same IPv6 link-local address (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—Starting in Junos OS Release 20.4R1, you are no longer required to have unique peer addresses for Juniper devices for every EBGP session. You can now enable single-hop EBGP sessions on different links over multiple directly connected peers that use the same IPv6 link-local address.

    In earlier Junos OS Releases, BGP peers could be configured with link-local addresses, but multiple BGP peers could not be configured to use the same link-local address on different interfaces.

    [See Configure Multiple Single-Hop EBGP Sessions on Different Links Using the Same Link-Local Address (IPv6).]

Timing and Synchronization

  • Support for PTP G.8275.2 profile (ACX710)—Starting in Junos OS Release 20.4R1, we support the Precision Time Protocol (PTP) G.8275.2 profile with node type T-BC-P (BC).

    You can use the [edit protocols ptp profile-type g.8275.2 ] hierarchy level to configure the G.8275.2 profile.

    [See Understanding the Time Management Administration Guide and profile-type.]

What's Changed

Learn about what changed in these releases for ACX Series routers.

What’s Changed in 20.4R3

Layer 2 Ethernet Services

  • Link selection support for DHCP—We have introduced the link-selection statement at the edit forwarding-options dhcp-relay relay-option-82 hierarchy level, which allows DHCP relay to add suboption 5 to option 82. Suboption 5 allows DHCP proxy clients and relay agents to request an IP address for a specific subnet from a specific IP address range and scope. Prior to this release, the DHCP relay dropped packets during the renewal DHCP process and the DHCP server used the leaf's address as a destination to acknowledge the DHCP renewal message.

    [See relay-option-82.]

Network Management and Monitoring

  • Changes in contextEngineID for SNMPv3 INFORMS (PTX Series, QFX Series, ACX Series, EX Series, MX Series, and SRX Series— Now the contextEngineID of SNMPv3 INFORMS is set to the local engine-id of Junos OS devices. In earlier releases, the contextEngineID of SNMPv3 INFORMS was set to remote engine-id.

    [See SNMP MIBs and Traps Supported by Junos OS.]

  • The configuration accepts only defined identity values for nodes of type identityref in YANG data models (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—If you configure a statement that has type identityref in the corresponding YANG data model, the device accepts only defined identity values (as defined by an identity statement) as valid input. In earlier releases, the device also accepts values that are not defined identity values.

  • The configuration accepts only defined identity values for nodes of type identityref in YANG data models (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—If you configure a statement that has type identityref in the corresponding YANG data model, the device accepts only defined identity values (as defined by an identity statement) as valid input. In earlier releases, the device also accepts values that are not defined identity values.

What’s Changed in 20.4R2

EVPN

  • Support for displaying SVLBNH information—You can now view shared VXLAN load balancing next hop (SVLBNH) information when you display the VXLAN tunnel endpoint information for a specified ESI and routing instance by using show ethernet-switching vxlan-tunnel-end-point esi esi-identifier esi-identifier instance instance svlbnh command.

Junos XML API and Scripting

  • The jcs:invoke() function supports suppression of root login and logout events in system log files for SLAX commit scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in SLAX commit scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.

    [See invoke() Function (SLAX and XSLT).]

  • The jcs:invoke() function supports suppression of root login and logout events in system log files for SLAX event scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in SLAX event scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.

    [See invoke() Function (SLAX and XSLT).]

What’s Changed in 20.4R1

General Routing

  • Support for unicast ARP request on table entry expiration—You can configure the device to send a unicast ARP request instead of the default broadcast request when an ARP table entry is about to expire. The retry requests are unicast at intervals of 5 seconds. Without this option, the retry requests are broadcast at intervals of 800 milliseconds. This behavior reduces ARP overall broadcast traffic. It also supports the use case where access nodes are configured not to forward broadcast ARP requests toward customer CPEs for security reasons and instead translate ARP broadcasts to unicast requests. To confirm whether this is configured, you can issue the following command: show configuration system arp | grep unicast-mode-on-expire.

    [See arp.]

  • Support for gigether-options statement (ACX5048, ACX5096)—Junos OS supports the gigether-options statement at the edit interfaces interface-name hierarchy on the ACX5048 and ACX5096 routers. Previously, support for the gigether-statement was deprecated.

    [See gigether-options and [See ether-options.]

MPLS

  • The show mpls lsp extensivel and show mpls lsp detail commands display next-hop gateway LSPid — When you use the show mpls lsp extensivel and show mpls lsp detail commands, you'll see next-hop gateway LSPid in the output.

Network Management and Monitoring

  • Warning changed for configuration statements that correspond to "deviate not-supported" nodes in YANG data models (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—If you configure a statement corresponding to a YANG data model node that defines the deviate not-supported statement, the Junos OS configuration annotates that statement with the comment Warning: statement ignored: unsupported platform. In earlier releases, the warning is Warning: 'statement' is deprecated.

Routing Protocols

  • Inet6 is disabled in VT interface (ACX5448)—Starting in this release, the inet6 statement at the edit interfaces vt-interface-number unit unit-number family hierarchy level is disabled.

User Interface and Configuration

  • Verbose format option to export JSON configuration data (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The Junos OS CLI exposes the verbose statement at the edit system export-format json hierarchy level. The default format to export configuration data in JSON changed from verbose format to ietf format starting in Junos OS Release 16.1R1. You can explicitly specify the default export format for JSON configuration data by configuring the appropriate statement at the edit system export-format json hierarchy level. Although the verbose statement is exposed in the Junos OS CLI as of the current release, you can configure this statement starting in Junos OS Release 16.1R1.

    [See export-format.]

Known Limitations

Learn about known limitations in this release for the ACX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • With an asymmetric network connection, a 10-Gbps MACsec port connected to a 10-Gbps channelized port, high and asymmetric T1 and T4 time errors are seen. This situation introduces a high two-way time error and also different CF updates in the forward and reverse paths. PR1440140

  • With the MACsec feature enabled and introduction of traffic, the peak-to-peak value varies with the percentage of traffic introduced. Find the maximum and mean values of the Time errors with different traffic rates (two-router scenario). Can have maximum value jumps as high as 1054 nanoseconds with 95% traffic, 640 nanoseconds with 90% traffic, and 137 nanoseconds with no traffic. PR1441388

  • The EVPN-VPWS, L3VPN and L2VPN FRR convergence time with aggregated Ethernet as the active core interface does not meet less than 50 microseconds and might be 100 microseconds to 150 microseconds. PR1492730

  • On ACX710, the PTP lock recovery is restarted when the clksyncd process is restarted. This will result in the PTP lock state moving to freerun on the clksyncd process restart. PR1502162

  • IPv6-BFD supports 256 sessions. PR1502170

  • Inconsistencies in the PTP lock status behavior is observed during chassis control restart. PR1508385

  • On the ACX710 router, Servo moves to the Holdover-in/Holdover-out/Acq state from the Phase-aligned state with impairment. PR1550367

  • On the ACX710 router, PTP with Vlan-id-range does not work for specific VLANs. PR1550482

  • On the ACX710 router, the holdover error HOLDOVER OUT OF SPEC does not reset during the Servo state change. PR1556798

  • The behavior of the ACX5448 or ACX710 from the day one is to reset the login session in 10 seconds if they are configured as a TWAMP server. PR1556829

  • Aggregation of all Logical interface statistics is not supported on ACX series products. It has no support and needs improvement, it is the behavior of the first day. PR1602541

Timing and Synchronization

  • On the ACX5448 router, the two-way time error and CTE for 1 PPS does not meet the class A metrics. PR1535434

  • On the ACX5448-M router, the 1 PPS CTE does not meet the class A performance in 1-Gigabits interface. PR1542744

  • On the ACX5448 router, ping stops working even though the ARP entry is present during continuous script executions. PR1533513

  • On the ACX710 router, T1 or T4 cTE should be tuned closer to two-way CTE. PR1527347

  • On the ACX710 router, huge offset is observed initially with ACQ and holdover inspec and outspec conditions. PR1534470

  • On the ACX710 router, the incremental PTP FPGA upgrades do not bundle along with the regular image upgrades. PR1540799

  • On the ACX710 router, changing the PTP profile type from g.8275.1 to g.8275.2 requires the Packet Forwarding Engine to reboot and the clksyncd process to restart. As a workaround, you must reboot the Packet Forwarding Engine and restart the clocking process before you change the profile. PR1546614

  • On the ACX710 router, the Servo transition is incorrect after chassis restart. PR1550270

  • On the ACX710 router, the delay-asymmetry compensation update does not work at CLI with the G.8275.2 profile. PR1550441

  • On the ACX710 router, the PTP Servo status shows holdover during transition between virtual port and PTP. PR1510880

  • During FRR convergence local repair can be in seconds (>50 microseconds), if the link failure is observed at the PHP node and explicit NULL is configured on the PHP node and on the PHP node of the backup path. Global repair will resume traffic flow. PR1515512

  • On the ACX710 router, the SyncE to 1PPS transient test results do not meet G.8273.2 SyncE to 1PPS transient metric. PR1522796

  • On the ACX710 router, the clock parameters are incorrect in certain scenarios when the Servo is in the FREERUN state. PR1548192

  • On the ACX710 router, the PTP Servo takes longer time to lock after the clksyncd process restarts. PR1549952

  • On the ACX710 router, the show ptp global-information command does not display correct Clock Class or ESMC QL details when the Servo goes to the Holdover-in state. PR1553213

  • On the ACX710 router, the Servo transition is incorrect during the T-GM switchover scenario. PR1553439

  • The ISSU is not supported from Junos OS earlier releases to Junos OS Release 20.4 and later. There is a major SDK upgrade from 6.3.2 to 6.5.16, because of which the warm boot feature needed for unified ISSU is not supported. PR1554915

Open Issues

Learn about open issues in this release for the ACX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • ACX device is getting transit ARP traffic coming from Logical Interfaces that are part of a bridge-domain or Layer 2 circuit punted to the Routing Engine. Internal coded queues are supporting a maximum of 200 pps in the (ARP + ICMPv6) queue. When hitting limits in this internal queue, other protocols that depend on ARP resolution can be affected and eventually flap. PR1263012

  • The inet6-precendence under set class of service rewrite-rules is not supported on ACX5448.PR1344340

  • Loopback status is not shown for OT interfaces on CLI (available from vty only). PR1358017

  • The SD (Signal Degrade) threshold is normally lower than the SF threshold (that is, so that as errors increase, SD condition is encountered first). For the ACX6360 optical links there is no guard code to prevent the user from setting the SD threshold above the SF threshold which would cause increasing errors to trigger the SF alarm before the SD alarm. This will not cause any issues on systems with correctly provisioned SD and SF thresholds. PR1376869

  • This ping latency behavior is expected for host generated ICMP traffic due to the design of Packet Forwarding Engine queue polling the packets from ASIC. user@host-acx5448> ping 10.0.0.4 PING 10.0.0.4 (10.0.0.4): 56 data bytes 64 bytes from 10.0.0.4: icmp_seq=0 ttl=63 time=8.994 ms 64 bytes from 10.0.0.4: icmp_seq=1 ttl=63 time=49.370 ms 64 bytes from 10.0.0.4: icmp_seq=2 ttl=63 time=47.348 ms 64 bytes from 10.0.0.4: icmp_seq=3 ttl=63 time=45.411 ms <<< 64 bytes from 10.0.0.4: icmp_seq=4 ttl=63 time=106.449 ms <<< 64 bytes from 10.0.0.4: icmp_seq=5 ttl=63 time=79.697 ms <<< 64 bytes from 10.0.0.4: icmp_seq=6 ttl=63 time=37.489 ms <<< 64 bytes from 10.0.0.4: icmp_seq=7 ttl=63 time=31.436 ms << 64 bytes from 10.0.0.4: icmp_seq=8 ttl=63 time=35.460 ms << 64 bytes from 10.0.0.4: icmp_seq=9 ttl=63 time=77.198 ms << ^C --- 10.0.0.4 ping statistics --- 10 packets transmitted, 10 packets received, 0% packet loss round-trip min/avg/max/stddev = 8.994/51.885/106.449/26.824 ms PR1380145

  • On ACX6360 routers, enhancement is needed for FRR BER threshold SNMP support. PR1383303

  • On ACX6360 router, Tx power cannot be configured using + sign. PR1383980

  • The ccc logs are not compressed after rotation. PR1398511

  • A jnxIfOtnOperState trap notification is sent for all ot-interfaces. PR1406758

  • Memory leaks are expected in this release. PR1438358

  • Drop profile maximum threshold might not be reached when the packet size is other than 1000 bytes.PR1448418

  • The CFM remote MEP is not coming up after configuration or remains in start state. PR1460555

  • On the ACX6360 with NGRE platforms, the vmhost disk usage might keep increasing due to no log rotation for resild log and temperature sensor info was incorrectly written into resild log, resulting in resild log file size continuous increasing. PR1480217

  • If we configure DHCP option 012 host-name in DHCP server and the actual base config file also has the host-name in it, then overwriting of the base config file's host-name with the DHCP option 012 host-name is happening. PR1503958

  • On ACX710 routers, when the following steps are done for PTP, chassis does not lock: 1. Use one or two ports as source for chassis synchronization and lock both PTP and SyncE locked. 2. Disable both logical interfaces. 3. Restart clksyncd. 4. Rollback 1. As a workaround, you can avoid this issue by deleting the PTP configuration, restarting clksyncd, and then reconfiguring PTP. PR1505405

  • Boot from alternate media - alarm would not be seen in ACX710, when system is booted with recovery snapshot. This feature is requires new implemented and changes in ACX710 firmware. PR1517221

  • Due to BRCM KBP issue route lookup may fail. Need to upgrade KBP to address this issue, due to high risk KBP SDK upgrade planned for 21.1. PR1533513

  • Due to BRCM KBP issue route lookup may fail. Need to upgrade KBP to address this issue. Due to high risk KBP SDK upgrade planned for 21.1. PR1533557

  • The alarm network-service mode mismatch between configuration and kernel setting is observed during unified ISSU or normal code upgrade even though enhanced-ip is active.PR1546002

  • Unified ISSU is not supported in earlier releases to Junos OS Release 20.4 and later. There is a major SDK upgrade from 6.3.2 to 6.5.16, because of which the warm boot feature needed for unified ISSU is not supported by our vendor. PR1554915

  • The day one behavior of ACX5448 or ACX710 is to trigger the start session ack by 10 seconds when configured as TWAMP server. PR1556829

  • The PTP global level ipv4-dscp configuration statement is used to configure the DSCP field for both IPv4 and IPv6 sessions. PR1557262

  • On certain ACX platforms, MAC address entries might not be deleted from the MAC table at the end of mac-table-aging-time timer when there is active traffic destined to that MAC address. When the issue happens, it might reduce the number of new MAC addresses that can be learned. If the ethernet-switching table overflows, no new MAC addresses will be learned, which might cause traffic flooding.PR1565642

  • On the ACX448 routers, the packet buffer allocation failed messages appears when you scale the CFM sessions with the SLA iterator.PR1574754

  • When strict-high configured on a scheduler, it is recommended to configure queue shaper along with strict-high. If user does not want to shape the traffic on a strict-high queue, then, configure parent shaping rate as max queue shaping rate on strict-high queue. Different schedulers with strich-high and shaping rate need to be configured and attached to scheduler map based on the parent shaping rate. PR1591851

  • On the ACX710 and ACX5448 platforms, if the option no-snoop is configured under dhcp-relay, DHCP packets might not be relayed after Packet Forwarding Engine restarts or when the system reboots. PR1608125

  • After deactivating one of the member interface of the aggregated Ethernet, output pps is still seen on the deactivated interface. It is seen that the OSPF Hello packets initiated from the peer aggregated Ethernet interface is looped & getting transmitted out of this deactivated interface. However, there will not be any functional impact, as the packets are dropped by the peer device. PR1608827

  • CFMD cores could be seen if CCM configuration is changed from aggregated Ethernet IFL to physical IFL, and if the physical IFL was previously part of aggregated Ethernet bundle. PR1612212

  • On the ACX710 platforms, the CPU of the routing protocol engine gets stuck at 100%, which leads to traffic impact. PR1612387

Class of Service (CoS)

  • In the class-of-service context, when a wildcard interface is configured with a classifier, upon reboot of the device, the classifier defined in the wildcard interface configuration may not be properly programmed to the interfaces. PR1559516

Interfaces and Chassis

  • The mc-ae option need to have prefer-status-control-active set to avoid flap on the split brain case ( ICCP down or peer node reboot). Configure it on the status-control active PE device. PR1505841

Network Management and Monitoring

  • On all Junos platforms, the SNMP polling might not be working if the IS-IS protocol is disabled under the same Virtual Routing and Forwarding (VRF) through which SNMP requests are sent. PR1527251

Timing and Synchronisation

  • The Precision Time Protocol (PTP) clock might fail to be locking and stuck in acquiring state at clock servo. PR1570310

  • In the ACX710 routers, the size of the jnpr-clock-recovery.log log file is small and the archives rotate too quickly.PR1582350

User Interface and Configuration

  • The crash happening in this issue is for auditd tacplus process. The crash is happening while reading the configuration from the database in auditd tacplus process. There is no impact due to this issue since auditd tacplus process will get restarted automatically after it gets terminated. PR1226104

Virtual Chassis

  • In the ACX5000 router, the following false positive parity error messages are observed: _soc_mem_array_sbusdma_read and might raise false alarm. PR1276970

VPNs

  • Need to configure set protocols ldp label-withdrawal-delay 0in all the routers participating in L2ckt to avoid the issue. PR1543408

Resolved Issues

This section lists the issues fixed in Junos OS Release 20.4R3 for the ACX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 20.4R3

General Routing

  • On the ACX5448 router, the two-way time error and CTE for 1 PPS does not meet the class A metrics. PR1535434

  • On the ACX5448 routers, single rate three color policer does not work. PR1559665

  • When an RDI is received with a CCM packet, the sessions are not deleted. PR1560182

  • Inline BFD stays down with IS-IS and static clients. PR1561590

  • Loopback0 firewall might not take effect along with error logs. PR1566417

  • On the ACX500 routers, service MIC does not work. PR1569103

  • On the ACX5048, packets higher than MTU 1518, but inline with MTU configuration were not counted in the traffic-input-pps. PR1569763

  • On the ACX710, PEM feed snmp trap support. PR1571368

  • On the ACX5448, RFC2544 reflector feature could not work on a higher port. PR1571975

  • The Layer 2 circuit and CFM sessions might go down with asynchronous-notification configured. PR1572722

  • On ACX5048 and ACX5096 platforms, ARP traffic exceeding the policer limit is not discarded. PR1573956

  • On ACX5448 and ACX710 platforms, 802.1P rewrite might not work. PR1574601

  • Packets might get tagged with the default VLAN-ID and dropped at the peer under Layer 2 circuits local switching scenario. PR1574623

  • ACX Series routers fail to process RSVP path message. PR1576585

  • RLFA might not work because service label pops incorrectly. PR1577460

  • The LIBCOS_COS_TVP_FC_INFO_NOT_FOUND: Forwarding-class information not specified is seen when committing scheduler-map under class-of-service. PR1579009

  • On ACX710 routers, the routers might continuously reboot when auxiliary port is configured. PR1580016

  • On the ACX5448 Series routers, asynchronous-notification for 1G interface fails to work. PR1580700

  • There might be a traffic drop between customer edge and provider edge devices in case of ARP resolution failure. PR1580782

  • The rpd process might get stuck due to race condition. PR1582226

  • On ACX710, unexpected result is observed while verifying channelized interface check with snmp mib get ifHighSpeed output. PR1583995

  • On ACX5448, ACX_ASIC_PROGRAMMING_ERROR - Detection time shows the default value (6.000) instead of the configured value for single hop BFD. PR1585382

  • PTP might get stuck and not function properly on ACX710 in a certain condition. PR1587990

  • DHCPv4 might not work on ACX710 and ACX5448 platforms. PR1589135

  • Traffic might get forwarded through the member links in down state after new member links are added to aggregated Ethernet interface on ACX710 and ACX5400 platforms. PR1589168

  • ACX5448 and ACX710 platforms running DHCP relay will not process packets arriving over MPLS with an explicit null label. PR1590225

  • Traffic is not passing through the Layer 2 circuit interface when vlan-id-range configured. PR1590969

  • On ACX710 router, the l2ald core files seen at l2ald_event_process_list_id, l2ald_event_proc_all_lists, and l2ald_event_periodic () at ../../../../../../src/junos/usr.sbin/l2ald/l2ald_event.c:757.PR1596908

  • On ACX5448 and ACX710 platforms, there might be a traffic drop in the EVPN VPWS flexible cross connect. PR1598074

  • MACsec traffic over the Layer 2 circuit might not work on the ACX5448 and ACX710 platforms.PR1603534

  • The FPC might restart when executing the command show firewall on the ACX5448 platform. PR1605288

  • Regression, optics_mts_010.robot script fails to verify SNMP and matches CLI values.PR1605348

  • DHCP relay is not working in routing-instance. PR1605854

  • The FEB (Forwarding Engine Board) might crash on ACX1000, ACX1100, ACX2000, ACX2100, and ACX4000 platforms. PR1606424

Platform and Infrastructure

  • In Junos OS, upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284). PR1557881

Routing Protocols

  • BGP session carrying VPNv4 prefix with IPv6 next-hop might get dropped. PR1580578

Resolved Issues: 20.4R2

General Routing

  • The IPv6 BFD sessions flap when configured below 100 ms flaps. PR1456237

  • The ACX1100, ACX2000, ACX2100, ACX2200, and ACX4000 might stop forwarding transit and control traffic. PR1508534

  • Transit DHCP packets drop is seen on ACX5448. PR1517420

  • On the ACX500, traffic drop along with show services stateful-firewall statistics does not work as expected. PR1520305

  • The aggregated Ethernet interface might not come up with LFM configured after reboot. PR1526283

  • The l2cpd memory leak could be observed with aggregated Ethernet interface flap. PR1527853

  • Packets drop might be seen after configuring PTP transparent clock. PR1530862

  • Broadcast, Unknown Unicast, and Multicast (BUM) traffic could drop in the VPLS instance under certain conditions. PR1531733

  • The rpd process generates core file at l2ckt_vc_adv_recv, l2ckt_adv_rt_flash (taskptr=0x4363b80, rtt=0x4418100, rtl=< optimized out>, data=< optimized out>, opcode=< optimized out>) at ../../../../../../../../../src/junos/usr.sbin/rpd/l2vpn/l2ckt.c:7982. PR1537546

  • On the ACX5448 router, the BGPV6LU traffic drop is observed when the node is deployed in ingress. PR1538819

  • Synchronization Ethernet goes in the Holdover state and comes back to the Locked state when the PTP configuration is deleted. PR1546681

  • SFP-T interface might not come up when a straight cable is used on ACX5448.PR1547394

  • The ACX5448 router as transit for the BGP-labeled unicast drops traffic. PR1547713

  • Traffic loss might be observed on ACX710 platforms. PR1551063

  • The dcpfe process might crash and the non-channelization interfaces might not come up. PR1552798

  • [dhcp] [DHCP_RELAY] acx5448 : ACX5448-X: Verifying multiple PD sync with relay configure delete and add configuration. PR1554647

  • The ARP packets from the CE device are added with VLAN tag if the VLAN-ID is configured in the EVPN routing instance. PR1555679

  • On the ACX710 router, the T-BC-P switch-over performance fails beyond the standard mask and servo moves to multiple Holdover-in state, Acquiring state, Holdover-in state, Holdover-out state, and Acquiring state. PR1556087

  • On the ACX5448 router, you cannot downgrade to Junos OS Release 18.4 code base. PR1556377

  • On the ACX5448 router, the unicast packets from the customer edge devices might be forwarded by the PE devices with additional VLAN tag if IRB is used. PR1559084

  • On ACX710 and ACX5448, the three-color policer might not be working. PR1559665

  • The fxpc(dc-pfe) process crash might be seen on ACX5048 and ACX5096 with analyzer configuration. PR1559690

  • On ACX2100, the laser-output-power is seen after interface is disabled and reboot is performed. PR1560501

  • ACX710, NPI - MC-LAG:- When Link Aggregation Control Protocol (LACP) daemon is restarted LACP local partner system id remains 0 in mc-ae output. PR1560820

  • On the ACX5448 router, the following syslog message is reported every 30 seconds: ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_dyn_entry_counter_get : Entry is invalid. PR1562323

  • Analyzer (Port Mirroring) might not work on ports above 20. PR1563774

  • Pushing more than 2 MPLS labels on ACX5448 and ACX710 might not work. PR1566828

  • "lcklsyncd" log file is eventually empty. PR1567687

  • The Designated Forwarder (DF) might not forward traffic. PR1567752

  • On ACX500, service MIC does not work. PR1569103

  • ACX2100 resets tunable optics to default wavelength after upgrade or reboot. PR1570192

  • On ACX5448 and ACX710 platforms, untagged traffic might be incorrectly queued and marked to different Class of Service queues. PR1570899

  • ACX as a LSR router, fails to process RSVP path message. PR1576585

  • On ACX710 platforms, there might be continuous reboot due to configuration under auxiliary port. PR1580016

  • On ACX5448, there might be IPv4 traffic loss with packet size more than 1410. PR1584509

Class of Service (CoS)

  • The explicit classifier or rewrite-rule might not work as expected for a logical interface if the wildcard configuration is also applied. PR1556103

  • FPC crash might be observed after the show class-of-service command. PR1568661

Infrastructure

  • The vme/me0 management interface cannot process any incoming packets. PR1552952

Routing Protocols

  • The rpd memory leak might be seen in the BGP scenario. PR1547273

Resolved Issues: 20.4R1

Forwarding and Sampling

  • VLAN-ID based firewall match conditions might not work for the VPLS service. PR1542092

General Routing

  • The gigether-options command is enabled again under the interface hierarchy. PR1430009

  • Repeated powering-off or powering-on of the device, the SMBUS transactions timeout occurs. PR1463745

  • On the ACX5048 router, the egress queue statistics do not work for the aggregated Ethernet interfaces. PR1472467

  • On the ACX5048 router, traffic loss is observed during the unified ISSU upgrade. PR1483959

  • The following syslog error message is observed: ACX_DFW_CFG_FAILED. PR1490940

  • On the ACX5048 and ACX5096 routers, the LACP control packets might be dropped due to high CPU utilization. PR1493518

  • On the ACX710 router, high convergence is observed with the EVPN-ELAN service in a scaled scenario during FRR switchover. PR1497251

  • On the ACX5448 router, the EXP rewrite for the Layer 3 VPN sends all traffic with incorrect EXP. PR1500928

  • The following error message is observed during MPLS route add, change, and delete operation: mpls_extra NULL. PR1502385

  • The ACX1100, ACX2100, ACX2200, ACX2000, and ACX4000 routers might stop forwarding transit and control traffic. PR1508534

  • On the ACX710 router, the Packet Forwarding Engine might crash and the fpc process might remain down. PR1509402

  • The loopback filter cannot take more than 2 TCAM slices. PR1513998

  • On the ACX710 router, the following error message is observed in the Packet Forwarding Engine while the EVPN core link flaps: dnx_l2alm_add_mac_table_entry_in_hw. PR1515516

  • The VM process generates a core file while running stability test in a multidimensional scenario. PR1515835

  • The l2ald process crashes during stability test with traffic on a scaled setup. PR1517074

  • On the ACX710 router, whenever a copper optic interface is disabled and enabled, the speed shows 10 Gbps rather than 1 Gbps. This issue is not seen with the fiber interface. PR1518111

  • Tagged traffic matching the vlan-list configuration in the vlan-circuit cross-connect logical interface gets dropped in the ingress interface. PR1519568

  • The Incompatible Media alarm is not raised when the Synchronous Ethernet source is configured over the copper SFP. PR1519615

  • On the ACX710 router, the alarm port configuration is not cleared after deleting the alarm-port. PR1520326

  • PTP to 1PPS noise transfer test fails for frequency 1.985 Hz. PR1522666

  • The show class-of-service interface command does not show the classifier information. PR1522941

  • Interface does not come up with the auto-negotiation setting between the ACX1100 router and the other ACX Series routers, MX Series routers and QFX Series switches as the other end. PR1523418

  • With the ACX5448 router with 1000 CFM, the CCM state does not go in the Ok state after loading the configuration or restarting the Packet Forwarding Engine. PR1526626

  • On the ACX5448 and ACX710 routers, the vlan-id-list statement might not work as expected. PR1527085

  • The FEC field is not displayed when the interface is down. PR1530755

  • The show class-of-service routing-instance does not show the configured classifier. PR1531413

  • Memory leak in Local OutLif in VPLS/CCC topology is observed. PR1532995

  • The clksyncd process generates core file on Junos OS Release 20.3R1.3 image. PR1537107

  • The rpd process generates core file at l2ckt_vc_adv_recv, l2ckt_adv_rt_flash (taskptr=0x4363b80, rtt=0x4418100, rtl=< optimized out>, data=< optimized out>, opcode=< optimized out>) at ../../../../../../../../../src/junos/usr.sbin/rpd/l2vpn/l2ckt.c:7982. PR1537546

  • The Management Ethernet link down alarm is observed while verifying the system alarms in the Virtual Chassis setup. PR1538674

  • On the ACX5448 router, unexpected behavior of the show chassis network-services command is observed. PR1538869

  • The following error message is observed while deleting the remote stream 0 0 0 0 0 0 along with feb core file at 0x00ae6484 in bcmdnx_queue_assert (queue=0xc599b60) at ../../../../../src/pfe/common/drivers/bcmdnx/bcmdnx_sdk_ukern_layer.c: Err] clksync_mimic_delete_clock_entry Unexpected error. PR1539953

  • The announcement or synchronization interval rate range is not as expected. PR1542516

  • Synchronization Ethernet goes in the Holdover state and comes back to the Locked state when the PTP configuration is deleted. PR1546681

  • The ACX5448 router as transit for the BGP labeled unicast drops traffic. PR1547713

  • Multicast traffic is stopped when HQoS with multicast configurations are applied. PR1551248

  • With the no-local-switching command, traffic between the local and remote CE devices are affected. PR1527231

  • On the ACX710 router, the T-BC-P switch-over performance fails beyond the standard mask and servo moving to multiple Holdover-in state, Acquiring state, Holdover-in state, Holdover-out state, and Acquiring state. PR1556087

  • Running SNMP MIB walk and executing the show interfaces command might cause the picd process to crash. PR1533766

  • On the ACX5448 router, you cannot downgrade to Junos OS Release 18.4 code-base. PR1556377

  • BIND does not sufficiently limit the number of fetches while processing referrals. PR1512212

  • The clksyncd process generates core file during the stability test with traffic and scale. PR1518253

  • The fxpc process generates core file during EEPROM read when SFP is removed. PR1518480

  • On the ACX5448 routers, multicast traffic loop over ICL might be observed. PR1521113

  • On the ACX710 router, PIR/CIR HQoS behavior is inconsistent. PR1525789

  • Error messages are displayed while attaching tcp on physical interfaces. PR1527541

  • The l2cpd memory leak might be observed with the aggregated Ethernet interface flap. PR1527853

  • Upon classifying the Layer 3 packets, DSCP is not preserved and is lost at the egress due to the limitations of a chipset. PR1535876

  • Other than IPv4 and IPV6, other IPs should not be forwarded. Only IP header with version 4 and 6 can pass through. PR1550748

  • Profile switch between G.8275.1 and G.8275.2 works as expected. PR1533263

Interfaces and Chassis

  • The fpc process might crash in the inline mode with CFM configured. PR1500048

Layer 2 Features

  • On the ACX5448 routers, the VPLS traffic statistics are not displayed when the show vpls statistics command is executed. PR1506981

  • The rpd might crash on the new primary Routing Engine after GRES in the VPLS or Layer 2 circuit scenario. PR1507772

Routing Protocols

  • The rpd process might report 100 percent CPU usage with the BGP route damping enabled. PR1514635

  • On the ACX5448 routers, the family inet6 configuration under the vt- interface is disabled. PR1514595

Documentation Updates

There are no errata or changes in Junos OS Release 20.4R3 documentation for ACX Series routers.

Migration, Upgrade, and Downgrade Instructions

This section contains the upgrade and downgrade support policy for Junos OS for ACX Series routers. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 19.2, 19.3, and 19.4 are EEOL releases. You can upgrade from Junos OS Release 19.2 to Release 19.3 or from Junos OS Release 19.2 to Release 19.4.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

For information about software installation and upgrade, see the Installation and Upgrade Guide.