Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for MX Series

 

These release notes accompany Junos OS Release 20.4R3 for the MX Series 5G Universal Routing Platforms. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

This section describes the new features and enhancements to existing features in Junos OS Release 20.4R3 for the MX Series routers.

What’s New in Release 20.4R3

There are no new features or enhancements to existing features for MX Series routers in Junos OS Release 20.4R3.

What’s New in Release 20.4R2

There are no new features or enhancements to existing features for MX Series routers in Junos OS Release 20.4R2.

What’s New in Release 20.4R1

Hardware

  • We've added the following features to the MX Series routers in Junos OS Release 20.4R1.

    Table 2: Features Supported by MPC10E and MPC11E Line Cards on MX Series Routers

    Feature

    Description

    EVPN

    • Support for configuring an Ethernet VPN Ethernet Tree (E-Tree) service on MX240, MX480, and MX960 routers using MPC10E-15C-MRATE line cards. [See EVPN-ETREE Overview.]

    • Support for configuring an EVPN point-to multipoint (P2MP) label switch path (LSP) as a provider tunnel on a bud router. The bud router functions both as an egress router and a transit router. [See Configuring Bud Node Support.]

    • Support for configuring and signalling a P2MP LSP for the EVPN Inclusive Provider Tunnel for BUM traffic. [See Understanding P2MPs LSP for the EVPN Inclusive Provider Tunnel.]

    Interfaces and chassis

    General routing

    • Support for configuring the TCP maximum segment size (MSS). [See Configure TCP Options.]

    • Support for configuring the GRE key to identify the traffic flows in a GRE tunnel on the MPC10E-10C-MRATE, MPC10E-15C-MRATE, and MX2K-MPC11E line cards. [See dynamic-tunnel-gre-key.]

    Layer 2 features

    Multicast

    • Support for redundant virtual tunnels (RVTs) and fast re-route (FRR) for both active/backup and active/active redundancy models (MX240, MX480, MX960, MX2010, and MX2020). RVT interfaces are used in Multicast Layer 3 VPNs (MVPN) to facilitate virtual routing and forwarding (VRF) table lookup based on MPLS labels and to provide resiliency. [See Resiliency in Multicast L3 VPNs with Redundant Virtual Tunnels.]

    • Support for verifying the global table multicast (GTM) with IPv6 and Type-7 on MPC10 and MPC11 line cards. [See Multicast Overview.]

    Network management and monitoring

    • Support for configuring ITU-T Y.1731 standard-compliant Ethernet synthetic loss measurement (ETH-SLM) and Ethernet delay measurement (ETH- DM) capabilities on MPC10E-10C-MRATE, MPC10E-15C-MRATE, and MX2K-MPC11E line cards. [See ITU-T Y.1731 Ethernet Service OAM Overview.]

    Services Applications

    • Support for inline monitoring services to provide the flexibility to monitor different streams of traffic at different sampling rates on the same interface. [See Inline Monitoring Services Configuration.]

    • Support for Aggregated Multiservices Interfaces (AMS) on the MPC10E-10C-MRATE, MPC10E-15C-MRATE, and MX2K-MPC11E line cards to provide load balancing (LB) and high availability (HA) features for stateful firewall and NAT services. You can configure AMS with next-hop style service-sets and with MS-MPC or MS-MIC only. [See Understanding Aggregated Multiservices Interfaces.]

  • Support for QSFP-100G-FR, QSFP-100G-DR, and QSFP-100G-LR transceivers (MX2010 and MX2020 with MX2K-MPC11E)—Starting in Junos OS Release 20.4R1, the MX2K-MPC11E MPCs in the MX2010 and MX2020 routers support the QSFP-100G-FR, QSFP-100G-DR, and QSFP-100G-LR transceivers.

    [See the Hardware Compatibility Tool (HCT) for details.]

EVPN

  • MAC VRF with EVPN-VXLAN (MX Series and vMX routers; QFX5100, QFX5110, QFX5120, QFX5200, QFX10002, QFX10008, and QFX10016 switches)—Data center service providers must support multiple customers with their own routing and bridging policies in the same physical network. To accommodate this requirement, you can now configure multiple customer-specific EVPN instances (EVIs) of type mac-vrf, each of which can support a different EVPN service type. This configuration results in customer-specific virtual routing and forwarding (VRF) tables with MAC addresses on each Juniper Networks device that serves as a virtual tunnel endpoint (VTEP) in the EVPN-VXLAN network.

    Note

    We support MAC VRF routing instances for EVPN unicast routes only.

    To support this feature, we introduce a uniform routing instance configuration, which complies with RFC 7432, BGP MPLS-Based Ethernet VPN. The uniform configuration eliminates hardware restrictions that limit the number of EVIs and combinations of EVIs with their respective policies that can simultaneously exist. The common configuration includes the following new CLI elements:

    • The mac-vrf keyword at the [edit routing-instances name instance-type] hierarchy level.

    • The service-type configuration statement at the [edit routing-instances name] hierarchy level. We support VLAN-based, VLAN-aware, and VLAN-bundle service types.

    • (QFX10000 line of switches only) The forwarding-instance configuration statement at the [edit routing-instances name] hierarchy level. With this optional configuration statement, you can map multiple routing instances to a single forwarding instance. If you don’t include this configuration statement, the default forwarding instance is used.

    We continue to support the existing method of routing instance configuration along with the new uniform routing instance configuration.

    [See EVPN User Guide.]

  • MC-LAG emulation in an EVPN deployment (EX-Series, MX-Series, and vMX)—Starting in Junos OS Release 20.4R1, you can emulate the function of an MC-LAG in active-standby mode in an EVPN configuration without having to configure an ICCP or ICL interface. In a standard EVPN configuration, logical interfaces configured on an aggregated Ethernet interface can have different designated forwarder election roles. To emulate an MC-LAG configuration, the designated forwarder (DF) takes on the role of the aggregated Ethernet interface. The provider edge (PE) that is the non-DF will send LACP out-of-sync packets to the CE. This will cause LACP to go down on the CE device, and the CE device will not use the links connected to the non-DF for sending traffic. If the connection between a CE and a DF PE fails, the PE is re-elected as a DF. If the connection between a CE and a non-DF PE fails, the current DF PE is not changed.

    To achieve this functionality, configure the lacp-oos-on-ndf statement at the [edit interfaces interface name esi df-election-granularity per-esi] hierarchy.

  • Support for EVPN E-Tree service (MX240, MX480, and MX960)—Starting in Junos OS 20.4R1, on MX240, MX480, and MX960 routers using MPC10E-15C-MRATE line cards you can configure an Ethernet VPN Ethernet-Tree (E-Tree) service.

    [See EVPN-ETREE Overview.]

High Availability (HA) and Resiliency

  • Support for pause and resume options with unified ISSU (MX Series)—Starting in Junos OS Release 20.4R1, MX Series routers support pausing and resuming unified ISSU operations. Use the pause and resume options with the request system software in-service-upgrade command to control when to pause and resume unified ISSU.

    [See request system software in-service-upgrade]

  • NSR support for IS-IS with SR (ACX Series, MX Series)—Starting in Junos OS Release 20.4R1, MX Series routers support NSR for IS-IS with segment routing (SR). To use NSR, you must first enable GRES on your device.

    [See Nonstop Active Routing Concepts]

Interfaces and Chassis

  • 464XLAT support for mobility on MS-MPC (MX Series)—Starting in Junos OS Release 20.4R1, you can specify the IPv6 prefix length for the CLAT source address using the new command clat-ipv6-prefix-length. When you configure this command, NAT rules apply 464XLAT based on destination-address of the traffic, and source-address and source-prefix are no longer required. The clat-ipv6-prefix-length command is available at the [edit services nat rule rule-name term term-name then translated] hierarchy level.

    [See translated and clat-ipv6-prefix-length.]

Juniper Extension Toolkit (JET)

  • Juniper Extension Toolkit (JET) support for 64-bit applications (MX5, MX10, MX40, MX80, MX104, MX150, MX204, MX240, MX480, MX960, MX2008, MX2010, MX2020, MX10003, MX10008, MX ELM, JunosV Firefly, cSRX, SRX100, SRX110, SRX210, SRX220, SRX240, SRX300, SRX320, SRX340, SRX345, SRX550, SRX550HM, SRX650, SRX720E, SRX750E, SRX1400, SRX1500,SRX3400, SRX3600, SRX4100, SRX4200, SRX4400, SRX4600, SRX4800, SRX5400, SRX5600, SRX5800, SRX7X0E, SRX-ES7, SRX-ES8, VMX, and VSRX)—Starting in Junos OS Release 20.4R1, JET supports 64-bit applications. Use the following commands to compile 64-bit applications for use with the AMD64 or ARM64 64-bit processor architecture.

    • mk-amd64: Compiles the application for use with AMD64 and Junos OS with FreeBSD.

    • mk-amd64,bsdx: Compiles the application for use with AMD64 and Junos OS with upgraded FreeBSD.

    • mk-arm64,bsdx: Compiles the application for use with ARM64 and Junos OS with upgraded FreeBSD.

    [See Develop On-Device JET Applications.]

  • Configure inner source MAC address for flexible VXLAN tunnels (MX Series and vMX with MPC1-MPC9E or LC2101)—Starting in Junos OS Release 20.4R1, you can use the Juniper Extension Toolkit (JET) RIB Service API to configure the source MAC address used in IPv4 and IPv6 flexible VXLAN tunnel encapsulation profiles. The source MAC addresses is stored in the inner Ethernet header of VXLAN encapsulation. If you don’t specify a source MAC address, the default source MAC address 00:00:5e:00:52:01 is used to encapsulate IPv4 and IPv6 flexible VXLAN tunnels.

    Use the show route detail, show route extensive, and show flexible-tunnels profiles CLI commands or the get-route-information and get-flexible-tunnels-profiles RPC/NETCONF commands to view the source MAC address that is specified in the flexible tunnel profile.

    [See Understanding Programmable Flexible VXLAN Tunnels and JET APIs on Juniper EngNet.]

Junos OS, XML, API, and Scripting

  • Support for Certificate Authority Chain Profile (EX2300, EX3400, EX4300, MX240, MX480, MX960, PTX-5000, VMX, vSRX and QFX5200)—Starting in Junos OS Release 20.4R1, you can configure intermediate Certificate Authority (CA) chain profile certificate and perform https REST API request using mutual and server authentications.

    To configure intermediate ca-chain certificate, configure ca-chain ca-chain statement at the [edit system services rest https] hierarchy level.

  • Start time option for interval-based internal events that trigger event policies (EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.4R1, when you create an interval-based internal event for triggering event policies, you can specify the start date and time for the initial event. To specify a start time, configure the start-time option along with the time-interval option at the [edit event-options generate-event] hierarchy level.

    [See Generating Internal Events to Trigger Event Policies.]

Junos Telemetry Interface

  • JTI support for inline Junos Traffic Vision sensors with gRPC services (MX Series and PTX Series)—Junos OS Release 20.4R1 supports inline Jflow sensors for FPC3 and MPC 1 through 9. This feature enables you to monitor inline Junos Traffic Vision (previously known as Jflow) service statistics on a router and to export statistics to an outside collector at configurable intervals using remote procedure call (gRPC) services.

    Use the resource path /junos/system/linecard/services/inline-jflow/ in a subscription to export statistics.

    You can view statistics in the collector output under /components/. The collector component ID in the statistics output will include the FPC slot number for which inline Junos Traffic Vision statistics are exported. For example, inline Jflow statistics for FPC 0 will be under component id 0, and inline Jflow statistics for FPC 1 will be under component id 1.

    Inline Junos Traffic Vision statistics are slightly different, depending on the routing platform.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • JTI support for persistent active gRPC sessions between collector and server during an SSL certificate update (ACX Series, MX Series, and PTX Series)—Junos OS Release 20.4R1 supports persistent active remote procedure call (gRPC) sessions between the collector (client) and server during an SSL certificate update.

    For secure channel authentication, the TLS protocol is used to maintain a secure channel between the collector and the server. TLS uses the server certificate and the client certificate to authenticate each other and send encrypted messages over the network. When an SSL certificate is updated, existing gRPC sessions are abruptly terminated, forcing the collector to initiate a new gRPC connection and subscribe to sensors again.

    To avoid this problem, you can enable persistent active gRPC sessions by configuring hot-reloading at the [edit system services extension-service request-response grpc ssl] hierarchy level. After you enable this feature, gRPC sessions will remain active even when authentication certificates are updated.

    After the certificate is updated, any new gRPC session will use the updated certificate.

    [See gRPC Services for Junos Telemetry Interface and ssl.]

  • BGP neighbor telemetry with sharding (MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 20.4R1, BGP neighbor telemetry with sharding (multi-threading) is supported.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • LACP sensors for actor partner states on JTI (MX Series and PTX Series)—Starting in Junos OS Release 20.4R1, you can use Junos telemetry interface (JTI) and gRPC Network Management Interface (gNMI) services to export LACP actor partner states (also known as LACP port states). When a subscription is configured, ON_CHANGE or periodic streaming statistics are sent from devices to an outside collector.

    You can subscribe to /lacpd/ to collect all statistics or include the following resource paths individually in a subscription:

    • /lacpd/ae/member/partner_collecting

    • /lacpd/ae/member/partner_synchronization

    • /lacpd/ae/member/partner_timeout

    • /lacpd/ae/member/partner_aggregatable

    • /lacpd/ae/member/partner_distributing

    • /junos/system/linecard/interface/traffic/

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Juniper Resiliency Interface for exception reporting and null route detection (ACX Series, PTX Series and MX Series)—Starting in Junos OS Release 20.4R1, you can use Juniper Resiliency Interface to detect and reduce Mean Time to Repair (MTTR) first-order network issues. Juniper Resiliency Interface uses a push model for data reporting from the entities in the system which encounter packet drops. This automates the workflow for detecting, reporting, and mitigating adverse exceptions.

    To collect kernel routing table and routing protocol process exceptions, configure the set system resiliency exceptions statement at the [edit] hierarchy level to specify exception reporting based on kernel exceptions, and routing exceptions.

    You can display exceptions from a remote collector by means of remote procedure call (gRPC) services or gRPC network management interface (gNMI) services. Display on-box exceptions by accessing the /var/log file or the database at /var/db/ResiliencyExceptions.db. No Junos operational mode commands display these exceptions.

MPLS

  • Re-engineering of SR-TE (MX Series, PTX Series)—Starting with Junos OS Release 20.4R1, you can incorporate the following features to enhance the debugging capability of segment routing traffic-engineering (SR-TE):

    • rib-group import functionality.

    • Display of SR-TE routes installed from various tunnel sources using the show spring-traffic-engineering command.

    • Template map for BGP SR-TE tunnels.

    • Compute profile in template with distributed Constrained Shortest Path First (CSPF) for dynamic SR-TE tunnels.

    • 6PE (IPv6 over IPv4 SR-TE tunnel)

    • no-chained-composite-next-hop option

    [See source-packet-routing and show spring-traffic-engineering.]

  • Support for optimizing auto-bandwidth adjustments for MPLS LSPs (MX Series and PTX Series)—Starting in Junos OS Release 20.4R1, you can configure faster auto-bandwidth adjustment for MPLS LSPs under overflow or underflow conditions. This feature decreases the minimum allowed adjust-threshold-overflow-limit and adjust-interval to 150 seconds when adjust-threshold-overflow-limit and adjust-threshold-underflow-limit cross the configured threshold values. In releases earlier than Junos OS Evolved Release 20.4R1, the adjust-interval is 300 seconds under overflow or underflow conditions.

    You can configure faster in-place LSP bandwidth update that avoids signaling of a new LSP instance as part of make-before-break. To configure faster in-place LSP bandwidth update, include the in-place-lsp-bandwidth-update configuration statement at the [edit protocols mpls label-switched-path lsp-name] hierarchy level.

    You can also configure RSVP interfaces to support subscription percentage per priority. To configure subscription percentage per priority, include the subscription priority priority percent value configuration statement at the [edit protocols rsvp interface interface-name] hierarchy level.

    [See Configuring Optimized Auto-bandwidth Adjustments for MPLS LSPs.]

  • Support for express segments to establish end-to-end segment routing path (MX Series and PTX Series)—Starting in Junos OS Release 20.4R1, express segments can be used to establish end-to-end TE paths between interconnected TE networks. Express segments (also known as virtual TE links) are generated dynamically through policies matching the underlay LSPs. Express segments and the corresponding abstracted topology (required by RFC7926) is generated with policies.

    To apply a policy, include the policy policy-name statement at the [edit protocols express-segment traffic-engineering] hierarchy level.

    To configure express segment, include the express-segment statement under the [edit protocols] hierarchy level.

    [See How to Establish End-to-End Segment Routing Paths Using Express Segments.]

Network Management and Monitoring

  • Configuration support to prevent drifting of accounting records (MX Series routers, vMX) —You can configure accounting records to record data in accounting files and archive the accounting files to analyze the information collected. Drifting of the accounting records happens if the time at which the records are written to the accounting file spills beyond the transfer window of the file. Starting in Junos OS Release 20.4R1, to prevent drifting of accounting records:

    • Use the start-time statement with the accounting profiles (class-usage-profile, filter-profile, flat-file-profile, interface-profile, mib-profile, and routing-engine-profile) to have a predictable start time of the profiles.

    • Use the timestamp statement with the request accounting add records command to record the timestamp externally instead of epoch timestamp when the command is executed.

    [See routing-engine-profile, class-usage-profile, interface-profile, filter-profile, mib-profile, flat-file-profile.]

  • Configuration retrieval using the configuration revision identifier (EX3400, EX4300, MX204, MX240, MX480, MX960, MX2020, PTX3000, PTX10008, QFX5100, QFX10002-60C, SRX5800, vMX, and vSRX)—Starting in Junos OS Release 20.4R1, you can use the configuration revision identifier feature to view the configuration for a specific revision. This configuration database revision can be viewed with the CLI command show system configuration revision.

    [See show system configuration revision.]

  • Junos XML protocol operations support loading and comparing configurations using the configuration revision identifier (EX3400, EX4300, MX204, MX240, MX480, MX960, MX2020, PTX3000, PTX10008, QFX5100, QFX10002-60C, SRX5800, vMX, and vSRX)—Starting in Junos OS Release 20.4R1, the Junos XML management protocol operations support loading and comparing configurations by referencing the configuration revision identifier of a committed configuration. You can execute the <load-configuration> operation with the configuration-revision attribute to load the configuration with the given revision identifier into the candidate configuration. Additionally, you can compare the candidate or active configuration to a previously committed configuration by referencing the configuration revision identifier for the comparison configuration. The <get-configuration> operation supports the compare="configuration-revision" and configuration-revision attributes to perform the comparison.

    [See <get-configuration> and <load-configuration>.]

  • Support for an extension to the rpm-tracked static routes (MX Series, PTX Series, and vMX)—Starting in Junos OS Release 20.4R1, you can configure route preference and tag values for each destination-prefix. This feature supports both IPv4 and IPv6 rpm-tracked static routes.

    [See show route rpm-tracking.]

    Limitations

    Qualified next hop is not supported with rpm-tracked static routes. Hence, the setting of preference, metric, and tags applies only to the rpm-tracking static route and not to the related next hops.

Routing Policy and Firewall Filters

  • Support for route’s next-hop weight in policy match condition (MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 20.4R1, a route with multiple next-hop paths can use the weight associated with a path to identify primary and backup paths. The path with the lowest weight is used as the primary path, and any paths with higher weights are treated as backup paths. You can use the next-hop weight as a match condition in export policies to redistribute IGP and BGP routes based on whether the primary or backup paths are active.

    Configure this match condition using the [edit policy-options policy-statement policy-name term term-name from] statement.

    [See policy-statement and show policy.]

Routing Protocols

  • Support for relaxing BGP router ID format from /32 to a nonzero ID per RFC 6286 ( MX204, NFX Series, PTX5000, QFX Series, and vRR)—Starting in Junos OS Release 20.4R1, you can establish a BGP connection using a BGP identifier that is a 4-octet, unsigned, nonzero integer and it needs to be unique only within the autonomous system (AS) per RFC 6286. In earlier releases, the BGP ID of a BGP speaker was required to be a valid IPv4 host address assigned to the BGP speaker.

    To enable this feature, use the bgp-identifier identifier group bgp group name bgp-identifier identifier neighbor peer address bgp-identifier identifier configuration statement at the [edit protocols bgp] hierarchy level.

    [See router-id]

  • Support for multiple single-hop EBGP sessions on different links using the same IPv6 link-local address (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—Starting in Junos OS Release 20.4R1, you are no longer required to have unique peer addresses for Juniper devices for every EBGP session. You can now enable single-hop EBGP sessions on different links over multiple directly-connected peers that use the same IPv6 link-local address.

    In earlier Junos OS Releases, BGP peers could be configured with link-local addresses, but multiple BGP peers could not be configured to use the same link-local address on different interfaces.

    [See Configure Multiple Single-Hop EBGP Sessions on Different Links Using the Same Link-Local Address (IPv6).]

  • Support for IPv6 L3VPN over IPv6 SR-TE and IPv6 Underlay (MX Series)—Starting in Junos OS Release 20.4R1, You can configure an IPv6 Layer3 VPN connection with an IPv6 local address and an IPv6 neighbor address. We have extended BGP support for IPv6 Layer 3 VPN over BGP IPv6 SR-TE in IS-IS networks. You can connect an IPv6 provider edge device with a colored or non-colored IPv6 penultimate nexthop (PNH) address mapped to IPv6 SR-TE tunnels.

    To configure an IPv6 address for Layer 3 VPN connection, include the family inet6-vpn configuration statement at the [edit protocols bgp group name] hierarchy level.

    [See Understanding Static Segment Routing LSP in MPLS Networks.]

  • Support for BGP Labeled Unicast prefix SID (MX Series and PTX Series)—Starting in Junos OS 20.4R1, BGP labeled unicast can carry segment routing global block label range and index information through the prefix segment attribute. With this feature we support segment routing using the BGP labeled unicast prefix segments and the MPLS data plane in medium to large scaled data centers. The controller directs the server to assign a stack- of labels to an incoming packet based on the available network state information. The assigned label stack avoids congested paths and steers the packet through a best available path.

    To configure and advertise the SRGB label range specifically for BGP include the source-packet-routing srgb start-label start-label index-range index-rante and advertise-srgb configuration statements at the [edit protocols bgp] hierarchy level.

    To advertise prefix SIDs to external BGP peers, include the advertise-prefix-sid configuration statement at the [edit protocols bgp] hierarchy level. You can configure this statement globally or for specific BGP groups or BGP neighbors.

    [See srgb.]

  • Support for SRv6 network programming and Layer 3 Services over SRv6 in BGP (MX Series)—Starting in Junos OS Release 20.4R1, you can configure BGP based Layer 3 service over SRv6 core. You can enable Layer 3 overlay services with BGP as control plane and SRv6 as dataplane. SRv6 network programming provides flexibility to leverage segment routing without deploying MPLS. Such networks depend only on the IPv6 headers and header extensions for transmitting data.

    To configure IPv4 and IPv6 transport over SRv6 core, include the end-dt4-sid sid and the end-dt6-sid sid statements at the [edit protocols bgp source-packet-routing srv6 locator name] hierarchy level.

    To configure IPv4 VPN and IPv6 VPN service over SRv6 core, include the end-dt4-sid sid and the end-dt6-sid sid statements at the [edit routing-instances routing-instance name protocols bgp source-packet-routing srv6 locator name] hierarchy level.

    [See Understanding SRv6 Network Programming and Layer 3 Services over SRv6 in BGP.]

  • Support for unicast ARP request on table entry expiration (MX Series)—Starting in Junos OS Release 20.4R1, you can configure the device to send a unicast ARP request instead of the default broadcast request when an ARP table entry is about to expire. The retry requests are unicast at intervals of 5 seconds. Without this option, the retry requests are broadcast at intervals of 800 milliseconds. This behavior reduces overall ARP broadcast traffic. It also supports the use case where access nodes are configured not to forward broadcast ARP requests toward customer CPEs for security reasons and to instead translate ARP broadcasts to unicast requests. You can verify whether this feature is configured by using the following command: show configuration system arp | grep unicast-mode-on-expire.

    [See arp.]

  • IPv6 support in TED (MX Series, PTX Series)—Starting in Junos OS Release 20.4R1, you can configure IS-IS traffic engineering to store IPv6 information in the traffic engineering database (TED) in addition to IPv4 addresses. BGP-LS distributes this information as routes from the TED to the lsdist.0 routing table using the TED import policies. These routes are advertised to BGP-TE peers as network layer reachability information (NLRI) with IPv6 router ID type, length, and value (TLV).

    With this enhancement, you can benefit from obtaining the complete network topology in the TED.

    [See Link-State Distribution Using BGP Overview.]

Services Applications

Software Defined Networking

  • PCEP support for color (MX480, QFX5200)—Starting in Junos OS Release 20.4R1, the Path Computation Element Protocol (PCEP) supports color for colored segment routing LSPs. This includes Path Computation Element (PCE)-initiated, Path Computation Client (PCC)-controlled, and PCC-delegated segment routing LSPs. With this PCEP extension, you can configure candidate paths based on color and endpoints, where the active candidate path is the path with the highest segment routing preference, or based on source priority.

    [See Understanding Static Segment Routing LSP in MPLS Networks.]

  • Support for ECMP on multiple flexible routes (MX80, MX104, MX204, MX10003, and vMX routers)—Starting in Junos OS Release 20.4R1, we support load balancing of traffic over multiple flexible routes with 64-way ECMP. A flexible route is a static route with a tunnel encapsulation profile, which has the flexible tunnel interface (FTI) attribute. Flexible routes are installed on Juniper gateway devices using the Juniper Extension Toolkit (JET) APIs. Multiple flexible routes can go over the same logical interface. When a packet is received with the flexible route as the destination address, the packet is processed using the profile associated with a flexible route. Traffic across multiple flexible routes is load-balanced based on the traffic priority.

    Use the show route and show route extensive CLI commands or the get-route-information RPC/NETCONF command to view details about a flexible route for a destination address.

    [See Understanding Programmable Flexible VXLAN Tunnels.]

  • Static VXLAN at VLAN or bridge domain level (MX5, MX10, MX40, MX80, MX150, MX240, MX480, MX960, MX2008, MX2010, MX2020, MX10003, MX10008, MX10016 routers and QFX5120-32C, QFX5120-48T, and QFX5120-48Y switches)—In Junos OS Release 20.3R1 and earlier, we supported the configuration of static VXLAN at the global level only. By including the remote-vtep-list configuration statement at the [edit switch-options] or [edit routing-instances name] hierarchy level, you can map all local VLANs or bridge domains to the remote virtual tunnel endpoints (VTEPs) in the list.

    Starting in Junos OS Release 20.4R1, you can also configure static VXLAN at the VLAN or bridge domain level using the static-remote-vtep-list configuration statement at the [edit vlans name vxlan], [edit bridge-domains name vxlan], or [edit routing-instances name bridge-domains name vxlan] hierarchy level.

    When specifying remote VTEPs at the VLAN level in the default switching instance, you must also specify the same VTEPs at the global level in the default switching instance. Or when specifying remote VTEPs at the bridge domain level in a routing instance, you must also specify the same VTEPs at the global level in the same routing instance. For example, if you specify a VTEP in the static-remote-vtep-list at the [edit routing-instances name bridge-domains name vxlan] hierarchy level, you must also specify the VTEP in the remote-vtep-list at the [edit routing-instances name] hierarchy level.

    To replicate and flood BUM traffic, you must specify the ingress-node-replication configuration statement at the [edit vlans name vxlan], [edit bridge-domains name vxlan], or [edit routing-instances name bridge-domains name vxlan] hierarchy level. This configuration restricts the BUM traffic flood domain to only those VTEPs mapped to a particular bridge domain or VLAN.

    [See Static VXLAN and static-remote-vtep-list.]

Software Installation and Upgrade

  • Zero touch provisioning (ZTP) with IPv6 support (MX Series)—Starting in Junos OS Release 20.4R1, ZTP supports the DHCPv6 client. During the bootstrap process, the device first uses the DHCPv4 client to request for information regarding image and configuration file from the DHCP server. The device checks the DHCPv4 bindings sequentially. If there is a failure with one of the DHCPv4 bindings, the device will continue to check for bindings until provisioning is successful. If there are no DHCPv4 bindings, however, the device will check for DHCPv6 bindings and follow the same process as for DHCPv4 until the device can be provisioned successfully. Both DHCPv4 and DHCPv6 clients are included as part of the default configuration on the device.

    The DHCP server uses DHCPv6 options 59 and 17 and applicable suboptions to exchange ZTP-related information between itself and the DHCP client.

    [See Zero Touch Provisioning.]

Software Licensing

  • MX Series devices using SPC3 services card for IPsec VPN services requires a feature license (MX Series)—Starting in Junos OS Release 20.4R1, you must have a valid license to use the IPsec VPN feature running on MX Series devices with SPC3 services card. For high availability, you must install IPsec base license on both the nodes.

    This is a binary license, without an installed license your license count is 0, and your license count is 1 when a valid license is installed in the system.

    IPsec VPNs tunnels doesn’t establish without a valid license in the device, current active tunnels will stay up if the license expires. IPsec VPN tunnels that are brought down after the license expiry doesn’t re-establish until you install a valid license.

    [See Software Features That Require Licenses on MX Series Routers Only, MX FLex Software License Model, and Managing Licenses.]

Subscriber Management and Services

  • Support for mobility on Junos Multi-Access User Plane (MX204, MX240, MX480, MX960, MX10003)—For Junos OS Release 19.4R1, we introduced Junos Multi-Access User Plane supporting a combined SGW-U/PGW-U (SAEGW-U) on MX Series routers in accordance with 3GPP Release 14 CUPS architecture. This provided high-throughput 4G and 5G fixed-wireless access service with support for 5G non-stand-alone (NSA) mode.

    For Junos OS Release 20.4R1, we introduce support for running an MX router as either a standalone SGW-U or a standalone PGW-U or a combined SAEGW-U to provide high-throughput 4G and 5G mobility service (relocation of a UE to a new eNodeB, new SGW-U, or new SAEGW-U). This includes support for GTP-U based S5-U and S8-U interfaces, to provide links between SGW-U and PGW-U devices, and tunnel relay functionality to forward user plane traffic between S1-U and S5-U/S8-U interfaces or between S5-U/S8-U and SGi interfaces respectively. We support the following mobility scenarios:

    • Handover with eNodeB and no SGW change

    • Handover with SGW change (direct forwarding)

    • Handover with SGW change (indirect forwarding)

    [See Junos Multi-Access User Plane Overview.]

  • Support for 5G Junos Multi-Access User Plane (MX204, MX240, MX480, MX960, MX10003)—Starting with Junos OS Release 20.4R1, Junos Multi-Access User Plan supports 3GPP TS 29.244 Release 15, which includes support for the 5G user plane function (UPF). Specifically, these enhancements are provided:

    • PDI optimization for Sx messages

    • GTP path management via heartbeats

    • Support for User ID in PFCP Session Establishment Request

    • Support for QoS control/enforcement at the bearer level

    • Support for DDOS over Sx interface.

    [See Junos Multi-Access User Plane Overview.]

  • Support for increased number of pseudowire logical interface devices (MX2010 and MX2020)—Starting in Junos OS Release 20.4R1, you can configure up to 18,000 pseudowire logical interface devices on the MX2010 and MX2020 routers with the MX2K-MPC9E or MX2K-MPC11E line card. Use the device-count statement at the [edit chassis pseudowire-service] hierarchy level.

    [See Configuring the Maximum Number of Pseudowire Logical Interface Devices Supported on the Router and device-count.]

  • IPv4 reassembly for fragmented soft GRE packets on the WAG (MX Series)—Starting in Junos OS Release 20.4R1, you can enable a Wi-Fi Access Gateway (WAG) to reassemble fragmented GRE packets that the WAG receives from a Wi-Fi access point over a soft GRE tunnel.

    [See dynamic-profiles and Wi-Fi Access Gateways.]

System Management

  • 1-Gbps support on all ports of MPC7E-10G line cards (MX240, MX480, and MX960)—Starting in Junos OS Release 20.4R1, you can configure 1-Gbps speed on all 40 10-Gbps Ethernet ports of the MPC7E-10G line cards. The 1-Gbps interface supports the following features:

    • Synchronous Ethernet

    • Link aggregation group (LAG)

    • G.8275.1 Precision Time Protocol (PTP) profile

    • Hybrid mode

    To configure an interface to operate at the 1-Gbps speed, use the set interfaces interface-name gigether-options speed 1g/10g command at the [edit] hierarchy level.

    [See Precision Time Protocol Overview, Synchronous Ethernet Overview, and Hardware Compatibility Tool.]

System Logging

  • Support for time averaged watermark (MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 20.4R1, you can capture steady state data of routing and forwarding (RIB/FIB) table routes using the time-averaged-watermark-interval configuration statement at the [edit routing-options] hierarchy level. Time averaged watermark is calculated whenever the time averaged interval is changed from CLI. Time averaged watermark is logged in syslog if the logs are enabled in the system at LOG_NOTICE level. The default time averaged watermark interval is 1 day. You can see the timed averaged watermark using the existing show route summary command.

    [See routing-options and show route summary.]

What's Changed

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands in Junos OS Release 20.4R3 for MX Series routers.

What's Changed in Release 20.4R3

General Routing

  • Support for multiple proxy-id list (MX5, MX10, MX40, MX80, MX104, MX240, MX480, MX960, MX2008, MX2010, and MX2020)—MX Series routers do not support ID list except for the following two cases:

    • MX Series routers accept any-any traffic selector in proxy-id list from the remote device that supports ID lists.

    • MX Series routers accept the ID list if list can be reduced by removing duplicates to specific ID. For example, reduce ID list having 80.0.0.1 and 80.0.0.0/24 to super set ID 80.0.0.0/24.

      list(any:0,ipv4(any:0-65535,[0..3]=80.0.0.1), ipv4_subnet(any:0-65535,[0..7]=80.0.0.0/24))

  • ISSU is not supported—Unified in-service software upgrade (ISSU) is not supported when clock synchronization is configured for Precision Time Protocol (PTP) and Synchronous Ethernet.

Layer 2 Ethernet Services

  • Link selection support for DHCP—We have introduced the link-selection statement at the [edit forwarding-options dhcp-relay relay-option-82] hierarchy level, which allows DHCP relay to add suboption 5 to option 82. Suboption 5 allows DHCP proxy clients and relay agents to request an IP address for a specific subnet from a specific IP address range and scope. Prior to this release, the DHCP relay dropped packets during the renewal DHCP process and the DHCP server used the leaf's address as a destination to acknowledge the DHCP renewal message.

    [See relay-option-82.]

Network Management and Monitoring

  • Enhancement to the snmp mib walk command (PTX Series, QFX Series, EX Series, MX Series, SRX Series)—The ipv6IfOperStatus field displays the current operational state of the interface. The noIfIdentifier(3) state indicates that no valid Interface Identifier is assigned to the interface. This state usually indicates that the link-local interface address failed Duplicate Address Detection. When you specify the 'Duplicate Address Detected' error flag on the interface, the new value (noIfIdentifier(3)) is displayed. Previously, the snmp mib walk command did not display the new value (noIfIdIdentifier(3)).

  • Changes in contextEngineID for SNMPv3 INFORMS (PTX Series, QFX Series, ACX Series, EX Series, MX Series, and SRX Series—Now the contextEngineID of SNMPv3 INFORMS is set to the local engine-id of Junos devices. In earlier releases, the contextEngineID of SNMPv3 INFORMS was set to remote engine-id.

    [See SNMP MIBs and Traps Supported by Junos OS.]

  • The configuration accepts only defined identity values for nodes of type identityref in YANG data models (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—If you configure a statement that has type identityref in the corresponding YANG data model, the device accepts only defined identity values (as defined by an identity statement) as valid input. In earlier releases, the device also accepts values that are not defined identity values.

What's Changed in Release 20.4R2

EVPN

  • Support for displaying SVLBNH information—You can now view shared VXLAN load balancing next hop (SVLBNH) information when you display the VXLAN tunnel endpoint information for a specified ESI and routing instance by using show ethernet-switching vxlan-tunnel-end-point esi esi-identifier esi-identifier instance instance svlbnh command.

General Routing

  • Update to the show chassis errors active output (MX2010 and MX2020 routers with MPC11E)—We have updated the show chassis errors active output for the MPC11E line card (MX2K-MPC11E) to display the correct error information. Previously, this CLI command displayed duplicate or incorrect output when the MPC11E line card is not installed in slot 0 of the MX2010 or MX2020 routers.

    [See show chassis errors active..]

  • ISSU is not supported—Unified in-service software upgrade (ISSU) is not supported when clock synchronization is configured for Precision Time Protocol (PTP) and Synchronous Ethernet.

Interfaces and Chassis

  • Change in <range> XML tag (MX480)—We've changed the XML tag <range> string </range>is changed to <transport-range> <transport-range-info> string </transport-range-info> <transport-range-suspect-flag> string </transport-range-suspect-flag> <transport-range-reason> string </transport-range-reason> </transport-range> under [show interfaces transport pm optics current <interface> | display] hierarchy in the XML output. Hence, the new XML tags that associate the values to the range-info, range-suspect-flag, and range-reason tags map the information to the given [show interfaces transport pm optics current interface | display] entry.

    [See Supported OTN Options on MX Series Routers.]

  • Blocking duplicate IP detection in the same routing instance (ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, and SRX Series)—Junos will no longer accept duplicate IPs between different logical interfaces in the same routing instance. Refer to the table mentioned in the topic inet (interfaces). When you try to configure same IP on two logical interfaces inside same routing instance, the commit will be blocked with the error displayed as shown below: [edit] user@host# set interfaces ge-0/0/1 unit 0 family inet address 2.2.2.2/24 [edit] user@host# commit commit complete [edit] user@host# set interfaces ge-0/0/2 unit 0 family inet address 2.2.2.2/24 [edit] user@host# commit [edit interfaces ge-0/0/2 unit 0 family inet] 'address 2.2.2.2/24' identical local address found on rt_inst [default], intfs [ge-0/0/2.0 and ge-0/0/1.0], family [inet]. error: configuration check-out failed.

    [See inet(interfaces).]

Junos XML API and Scripting

  • The jcs:invoke() function supports suppression of root login and logout events in system log files for SLAX commit scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in SLAX commit scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.

    [See invoke() Function (SLAX and XSLT).]

  • The jcs:invoke() function supports suppression of root login and logout events in system log files for SLAX event scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in SLAX event scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified remote procedure call (RPC). If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log files.

    [See invoke() Function (SLAX and XSLT).]

Layer 2 Ethernet Services

  • Active leasequery-based bulk leasequery (MX Series)—The overrides always-write-option-82 and relay-option-82 circuit-id configurations at the [edit forwarding-options dhcp-relay] hierarchy level are not mandatory for active leasequery based bulk leasequery. For earlier releases, the overrides always-write-option-82 and circuit-id configurations are mandatory for active leasequery based bulk leasequery. For regular bulk leasequery between relay and server without any active leasequery, the overrides always-write-option-82 and relay-option-82 circuit-id configurations are mandatory.

    [See bulk-leasequery (DHCP Relay Agent).]

Network Management and Monitoring

  • Support for specifying the YANG modules to advertise in the NETCONF capabilities and supported schema list (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—You can configure devices to emit third-party, standard, and Junos OS native YANG modules in the capabilities exchange of a NETCONF session by configuring the appropriate statements at the [edit system services netconf hello-message yang-module-capabilities] hierarchy level. In addition, you can specify the YANG schemas that the NETCONF server should include in its list of supported schemas by configuring the appropriate statements at the [edit system services netconf netconf-monitoring netconf-state-schemas] hierarchy level.

    [See hello-message and netconf-monitoring.]

  • Change in OID ifHighSpeed—Now, the object identifier (OID) ifHighSpeed displays the negotiated speed once negotiation is completed. If the speed is not negotiated, ifHighSpeed displays the actual maximum speed of the interface. In earlier releases, ifHighSpeed always displayed the actual speed of the interface.

    [See SNMP MIBs and Traps Supported by Junos OS..]

VPNs

  • View the traffic selector type for an IPsec tunnel (SRX Series and MX Series)—You can run the show security ipsec security-associations detail command to display the traffic selector type for a VPN. The command displays proxy-id or traffic-selector as a value for the TS Type output field based on your configuration.

    [See show security ipsec security-associations.]

What's Changed in Release 20.4R1

Class of Service (CoS)

  • We've corrected the output of the show class-of-service interface | display xml command. Output of the following sort: <container><leaf 1> data <\leaf 1><leaf 2> data </leaf 2><leaf 3> data </leaf 3> <leaf 1> data <\leaf 1><leaf 2> data </leaf 2><leaf 3> data </leaf 3> </container> will now appear correctly as: <container><leaf 1> data <\leaf 1><leaf 2> data </leaf 2><leaf 3> data </leaf 3></container><container><leaf 1> data <\leaf 1><leaf 2> data </leaf 2><leaf 3> data </leaf 3></container>.

EVPN

  • Updated XML output for show evpn p2mp—Starting with this release, when you pipe the output of the show evpn p2mp command to the display xml option, Junos OS now returns an XML output with a subtree structure for each neighbor. Prior to this release, the display XML returns an XML output with all the neighbors under one tree structure.

  • New output flag for the show bridge mac-ip table command—The Layer 2 address learning daemon does not send updated MAC and IP Address advertisements to the Routing Protocol daemon when an IRB interface is disabled in an EVPN-VXLAN network. Junos has added the NAD flag in the output of the show bridge mac-ip-table command to identify the disabled IRB entries where the MAC and IP address advertisement will not be sent.

    [See show bridge mac-ip-table.]

General Routing

  • Change in show oam ethernet connectivity-fault-management mep-statistics command (MX Series)— You can now view the real time statistics for continuity check messages (CCM) inline sessions for MPC10E (MPC10E-10C-MRATE and MPC10E-15C-MRATE) and MPC11E (MX2K-MPC11E) line cards only when you execute the show oam connectivity-fault-management mep-statistics local-mep local-mep-id maintenance-domain name maintenance-association name twice in immediate succession. If you execute the command once, the values are incorrectly displayed.

    [See show oam ethernet connectivity-fault-management mep-statistics.]

    Change in show oam ethernet connectivity-fault-management interface command (MX Series)— You can now view the counter values for continuity check messages (CCM) inline sessions sent messages for MPC10E (MPC10E-10C-MRATE and MPC10E-15C-MRATE) and MPC11E (MX2K-MPC11E) line cards only when you execute the show oam connectivity-fault-management interfaces command three times. If you execute the command twice, the values are incorrectly displayed.

    [See show oam ethernet connectivity-fault-management interfaces.]

  • MS-MPC and MS-MIC service package (MX240, MX480, MX960, MX2020, MX2010, and MX2008)—PICs of the MS-MPC and MS-MIC do not support any service package other than extension-provider. If you try to configure any other service package for these PICs by using the set chassis fpc slot-number pic pic-number adaptive-services service-package command, an error is logged. Use the show chassis pic fpc-slot slot pic-slot slot command to view the service package details of the PICs.

    [See extension-provider.]

  • Round-trip time load throttling for pseudowire interfaces (MX Series)—The Routing Engine supports round-trip time load throttling for pseudowire (ps) interfaces. In earlier releases, only Ethernet and aggregated Ethernet interfaces are supported.

    [See Resource Monitoring for Subscriber Management and Services.]

  • Updates to ON-CHANGE and periodic dynamic subscriber interface metadata sensors (MX Series routers and EX9200 line of switches)—We've made the following updates to the /junos/system/subscriber-management/dynamic-interfaces/interfaces/meta-data/interfacesid='sid-value'/ sensor:

    • Notifications are sent when subscribers log in on either IP demux or VLAN demux interfaces. In earlier releases, login notifications are sent only for IP demux logins.

    • The interface-set end path has been added to the logical interface metadata. The interface-set field appears in both ON-CHANGE and periodic notifications. In earlier releases, this field is not included in the sensor metadata or notifications.

    [See gRPC Sensors for Subscriber Statistics and Queue Statistics for Dynamic Interfaces and Interface-Sets (Junos Telemetry Interface). gRPC Sensors for Subscriber Statistics and Queue Statistics for Dynamic Interfaces and Interface-Sets (Junos Telemetry Interface).]

  • New commit check for MC-LAG (MX Series)— We've introduced a new commit check to check the values assigned to the redundancy group identification number on the MC-AE interface ( redundancy-group-id ) and ICCP peer (redundancy-group-id-list ) when you configure multichassis aggregation groups (MC-LAGs). If the values are different, the system reports a commit check error. In previous releases, if the configured values were different, the l2ald process would crash.

    [See iccp .]

  • Support for unicast ARP request on table entry expiration—You can configure the device to send a unicast ARP request instead of the default broadcast request when an ARP table entry is about to expire. The retry requests are unicast at intervals of 5 seconds. Without this option, the retry requests are broadcast at intervals of 800 milliseconds. This behavior reduces ARP overall broadcast traffic. It also supports the use case where access nodes are configured not to forward broadcast ARP requests toward customer CPEs for security reasons and instead translate ARP broadcasts to unicast requests. To confirm whether this is configured, you can issue the following command: show configuration system arp | grep unicast-mode-on-expire.

    [See arp.]

  • Change in show oam ethernet connectivity-fault-management mep-statistics command (MX Series)—You can now view the real-time statistics for continuity check messages (CCM) inline sessions for MPC10E (MPC10E-10C-MRATE and MPC10E-15C-MRATE) and MPC11E (MX2K-MPC11E) line cards only when you execute the show oam connectivity-fault-management mep-statistics local-mep local-mep-id maintanance-association name twice in immediate succession. If you execute the command once, the values are incorrectly displayed.

    [See show oam ethernet connectivity-fault-management mep-statistics.]

  • New TLV types and TLV type values in output field (MX960 and vMX)—We’ve introduced TLV SR policy identifier, TLV SR candidate path identifier, and TLV SR preference fields in the output for the show path-computation-client tlv-types command. These new output fields help you in easily fetching the TLV type values used by PCCD irrespective of whether the type values are experimental or standardized.

High Availability (HA) and Resiliency

  • IPv6 address in the prefix TIEs displayed correctly—The IPv6 address in the prefix TIEs are displayed correctly in the show rift tie output.

Interfaces and Chassis

  • Change in <range> XML tag (MX480)—Starting in Junos OS, we’ve changed the <range> string </range> XML tag to <transport-range> <transport-range-info> string </transport-range-info> <transport-range-suspect-flag> string </transport-range-suspect-flag> <transport-range-reason> string </transport-range-reason> </transport-range> under the output of the show interfaces transport pm optics current interface | display hierarchy command. Hence, the new XML tags that associate the values to the range-info, range-suspect-flag, range-reason tags map the information to the given show interfaces transport pm optics current | display entry command.

    [See Supported OTN Options on MX Series Routers.]

  • Hardware assisted timestamping—By default, hardware assistance is used for timestamping Ethernet frame delay frames on AFT based MX Series line cards, even if the hardware-assisted-timestamping is not configured.

J-Web

  • Adobe Flash Player support (MX Series)—Adobe Flash Player support ends on December 31, 2020. As a result, starting in Junos OS Release 20.4R1, the following J-Web pages will not be supported:

    • Monitor > System View > Process Details

    • Monitor > Routing > OSPF Information

    The Monitor > Interfaces page is supported. However, the Flash components are removed. In addition, these monitor pages will not load correctly for Junos OS Release 20.3R1 and earlier releases.

MPLS

  • The show mpls lsp extensivel and show mpls lsp detail commands display next-hop gateway LSPid—When you use the show mpls lsp extensivel and show mpls lsp detail commands, you'll see next-hop gateway LSPid in the output.

  • Disable back-off behavior on PSB2 (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)— We've introduced the cspf-backoff-time statement globally for MPLS and LSP to delay the CSPF by configured number of seconds, on receiving bandwidth unavailable PathErr on PSB2. If the configured value is zero, then the CSPF starts immediately for PSB2, when bandwidth-unavailable PathErr is received. If the statement is not configured, the default exponential back-off occurs.

    [ See cspf-backoff-time.]

Network Management and Monitoring

  • Warning changed for configuration statements that correspond to "deviate not-supported" nodes in YANG data models (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—If you configure a statement corresponding to a YANG data model node that defines the deviate not-supported statement, the Junos OS configuration annotates that statement with the comment Warning: statement ignored: unsupported platform. In earlier releases, the warning is Warning: 'statement' is deprecated.

Platform and Infrastructure

Routing Protocols

  • Loading of the default configurations in a RIFT package causes the following changes

    1. Output of the show rift node status command displays the node ID in hexadecimal number even though the node ID is configured in decimal, hexadecimal, or octal number.

    2. Some of the DDoS default configurations change because of the DDoS protection interferes with the RIFT BFD operation.

User Interface and Configuration

  • Verbose format option to export JSON configuration data (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The Junos OS CLI exposes the verbose statement at the edit system export-format json hierarchy level. The default format to export configuration data in JSON changed from verbose format to ietf format starting in Junos OS Release 16.1R1. You can explicitly specify the default export format for JSON configuration data by configuring the appropriate statement at the edit system export-format json hierarchy level. Although the verbose statement is exposed in the Junos OS CLI as of the current release, you can configure this statement starting in Junos OS Release 16.1R1.

    [See export-format.]

Known Limitations

Learn about known limitations in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • If you have to take an interface out of aggregated Ethernet bundle and configure it to operate in stand alone mode, then doing this in single commit might render the operation ineffective and could lead to connectivity issues. This is seen due to a race condition between Routing Engine daemons (COSD, DCD/Chassisd), Packet Forwarding Engine, and kernel. This issue is seen when there is explicit CoS configuration to be made on the interface. However, the problem can be seen without explicit CoS too as there is default CoS that is always present. In some cases, it is possible that a single shot commit will send out multiple operational messages down to kernel and might confuse the kernel to do unintended optimization that could lead to a message being consumed at kernel and not being sent to the Packet Forwarding Engine. The result is the same even in this case. PR1504287

General Routing

  • In some scenarios with MPC, major alarm and following messages are generated. This major error is triggered due to parity error, and the impacted queue might drop packets. This might impact the forwarding. To recover, MPC card needs to be rebooted. messages log: fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) alarmd[3158]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC x Major Errors Major alarm set, FPC x Major Errors fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) cli> show chassis alarms 1 alarms currently active Alarm time Class Description 2019-01-25 15:18:03 UTC Major FPC x Major Errors. PR1303489

  • RPD slips are noticed on MX104 routers that have large configuration load on the box with multiple services enabled (for example, L2circuits, VPLS, L3VPN, firewall-filters configuration, SNMP-polling, and so on). The following should be considered to avoid RPD slips for longer time duration:

    Configure delta-export, persist-groups-inheritance, fast-synchronize.

    Reduce the possible configuration size.

    Remove any traceoptions and reduce the logging pressure on the NAND-flash storage.

    Analyze the load from processes such as snmpd, mib2d, pfed processes if you are running SNMP. PR1361250

  • On MX10000 Series of routers, FPCs report /var/run/sensord.rrd messages. An illegal attempt to update using time message can be observed during the normal operation of a router. The cause is time difference between Routing Engine and FPCs. There should be no service impact. PR1420927

  • Subscriber access facing CPU utilization of FPC remains 100 percent for 56 minutes after making changes to the service firewall filter configuration. PR1447003

  • On the MPC11E line card, the following error message is observed when the line card is online: i2c transaction error (0x00000002). PR1457655

  • Traffic stops after reaching the volume limit but the traffic resumes after the aggregated Packet Forwarding Engine fails. Threshold and quota values are not updated to the secondary aggregated Packet Forwarding Engine and if quota is hit on primary aggregated Packet Forwarding Engine and traffic starts dropping due to quota and switchover happens, traffic will continue to flow until quota is hit. PR1463723

  • EVPN-VPWS, L3VPN, and L2VPN FRR convergence time with aggregated Ethernet as the active core interface is not meeting <50 ms and it might be 100 ms to 150 ms. PR1492730

  • On a fully scaled system where all the slices are utilized by different families of CLI filters, if you try to delete one family and add/change for another family with a higher number of filter terms that requires either expansion of the filter or creation of a new filter, the Packet Forwarding Engine fails to add the new filter as we are getting messages out of sequence, that is, add/change of filter is called earlier than the delete of another filter that will free up the slices. PR1512242

  • Some memory leaks have been observed in the JET Service Daemon (JSD) process when one or more collectors are connecting and disconnecting to and from the router. These are observed in the gRPC stack code which is third party. The amount of memory leaked is relatively small. However, these leaks could increase with more frequent collector connects and disconnects. As a result of the memory leaks, the JSD process memory size can increase to a value that is higher than normal (for example, when the gRPC connections are established and stable) but is unlikely to cause any adverse effects to the system with streaming telemetry. PR1512296

  • The link fault management (LFM) might flap during MX Virtual Chassis unified ISSU to and from this release. PR1516744

  • On MX2020 routers with the MPC11E line card, link flap for 100G-DR/FR/LR will take longer time: more than 20 seconds. PR1527441

  • When an image with the third party SDK upgrade (6.5.x) is installed, the CPU utilization might go up by around 5 percent. PR1534234

  • Currently Layer 2.5 traffic support is only for P2P and not for TS. So Routing Engine traffic does not work with traffic selector case. Only transit traffic will work with traffic selector based tunnels. Routing Engine traffic needs to use P2P tunnels. PR1534248

  • The NPC process continuously generates core file at Trinity_Ktree::Trinity_FourWayBlock, Trinity_Ktree::walkSubTree due to the NH memory exhaustion with the NH explosion. The rpd and srrd processes start hogging and the system becomes unstable. PR1538029

  • 1 pps CTE performance might not meet class B metrics for MPC7E-1G and MPC7E-10G line cards. PR1546219

  • The ISSU upgrade fails due to the Packet Forwarding Engine restart issue. PR1554915

  • The SyncE to PTP transient response is a stringent mask to be met with two way time error. The SyncE to PTP transient response mask might not be met for MPC7E-1G and MPC7E-10G line cards. PR1557999

  • On the MX960 routers, spring-traffic-engineering lsp count is not displayed as expected while validating 32000 inter-domain DCPSF LSPs. PR1561947

  • The PTP FPGA is kept in reset during BIOS boot. During boot, the PTP FPGA is taken out of reset and pcie-tree is reenumerated. Hence you would be seeing the link-up or link-down during this sequence. PR1572061

  • The known multicast traffic received over a VLAN from the core on VTEP does not get forwarded to the downstream CE interfaces. PR1575841

  • On all Junos platforms, the l2ald crash might be observed on changing the routing instance from VPLS to non-Layer 2 routing instance, with the same routing instance name being used for both VPLS and non-Layer 2 routing instance. PR1586516

  • SyncE source across multiple line cards cannot be used in PTP-Hybrid source as fallback clock due to PTP lanes limitations used for SyncE clock as well in SCBE2 and MPC1-9 types. PR1536013

Interfaces and Chassis

  • For MC-LAG to work properly, the mc-ae interface should be configured on both the PE devices. A scenario where the mc-ae interface is deleted, deactivated, or not configured on one of the devices is a case of misconfiguration. Juniper Networks does not support such a scenario because it can lead to traffic loss and other unexpected behavior. PR1536831

  • On the MPC10 line cards, DMRs or SLRs are not received with EVPN up mep on the aggregated Ethernet interface with normalization. PR1543641

  • UP MEP CFM sessions over bridge-domains or VPLSs, which have ports hosted on FPC(s) does not support ISSU. The sessions needs to be explicitly deactivate and activate to recover post ISSU. PR1543656

  • The issue is seen in the scaled setup with 296 LM sessions with iterator cycle time interval (100 ms). It seems there is degradation in scale number (OAM packet rate at ~5500). At this qualified PPS, now LMR packet loss is observed, but the functionality seems to be fine. To avoid LMR packet loss, reduce the scale number, and keep the OAM packet rate to less than 5500 pps. PR1561397

J-Web

  • The Firefox browser displays an unsaved changes error message in the J-Web basic settings page if the autofill login and password options are selected under the browser privacy and security settings. PR1560549

MPLS

  • The rpd process might crash. PR1461468

  • With local reversion ON, there is a possibility of transit router not informing headend of RSVP disabled link when link flaps more than once. As a workaround, remove the local-reversion configuration. PR1576979

Network Management and Monitoring

  • On the MPC11E line card, the following trap message is not observed after a line card reboot when the scaled interfaces are present: SNMP Link up. PR1507780

Platform and Infrastructure

  • MPC equipped with QX-chip can completely stop forwarding traffic after QX-chip internal memory error and MQChip DDRIF WO Checksum Error. PR1197475

  • Interoperability failure between Junos OS Evolved as RPM client, and Junos OS TVP platforms as RPM server (and vice versa). PR1508127

VPNs

  • In some scenario (for example, configuring firewall filter), routers might show obsolete IPsec SA and NHTB entry even when the peer tear down the tunnel. PR1432925

Open Issues

Learn about open issues in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • On all Junos platforms with LT or PS interface configured, default classifier in wildcard will get attached to the LT and PS interface, even if no classifier is configured. It could be observed when there is a wildcard interface that matches the LT and PS interface. PR1542559

  • When a wildcard interface is configured with a classifier, upon reboot of the device, the classifier defined in the wildcard interface configuration might not be properly programmed to the interfaces. PR1559516

EVPN

  • A few duplicate packets might be seen in an AA EVPN scenario when the remote PE device sends a packet with an IM label due to MAC not learned on the remote PE device, but learned on the AA local PE device. The nondesignated forwarder sends the IM-labeled encapsulated packet to the PE-CE interface after MAC lookup instead of dropping the packet, which causes the duplicate packets to be seen on the CE side. PR1245316

  • VXLAN OAM host bound packets are not throttled with DDoS policers. PR1435228

  • On all Junos platforms in the EVPN-VXLAN to EVPN-MPLS stitching scenario, traffic loss might be seen with data forwarder (DF) changes when traffic flows from VXLAN to MPLS. The traffic loss will occur till MAC IP ages out. PR1515096

  • On all Junos platforms that support EVPN-VXLAN, if aggregated Ethernet interface or redundant logical tunnel (RLT) interface is configured in the underlay network for EVPN-VXLAN, when there is an ARP request generated and flooded to the core side, a kernel crash might occur. PR1524485

  • In a PBB-EVPN environment, the ARP suppression feature, which is not supported by the PBB might be enabled unexpectedly. This might cause MAC addresses of remote CEs not to be learned and hence traffic loss might be seen. PR1529940

  • When there is no router-id configured on the router and if there is any configuration change done on the router, then EVPN T-3 IM routes are advertised with ingress replicator IP set to 0.0.0.0. As this is an invalid IP address, the receiving PE ignored this T-3 IM route and does not create dummy egress-IM route in mpls.0 table for that PE device. This results in l2ald not creating VE mesh-grp flood route for the remote PE device and thus all BUM packets get dropped locally. PR1576943

  • In an EVPN-VXLAN scenario, the label field for Type-1 route is not required, but it is assigned with 1 instead of 0, which is in conflict with the RFC7432. PR1594981

  • On Junos OS platforms with EVPN-VXLAN to EVPN-VXLAN DCI interconnect deployment, the Data Center Interconnect (DCI) InterVNI and IntraVNI traffic might get discarded or dropped silently in a gateway node due to the tagged underlay interfaces. PR1596462

  • In a scenario with EVPN-VXLAN in the a datacenter and EVPN-MPLS is in the WAN, and the stitching is done with an LT interface, then the bridge mac-table learning entries are not as expected for EVPN-VXLAN routing instance. This might occur after the restart interface-control command is issued on gateways. PR1600310

  • On all Junos OS platforms. with the proxy-macip-advertisement statement configured, at times during longevity tests, there are missing ARP and ND entries in the kernel while the l2ald and rpd have the entry. PR1609322

  • This problem happens only with the translation VNI when MAC is moved from DC1 to DC2. VM moves across DC where there is no translate VNI configuration in the interconnect works as designed PR1610432

Flow-based and Packet-based Processing

  • Use an antireplay window size of 512 for IPv4 or IPv6 in fat-tunnel. The ESP sequence check might otherwise report out-of-order packets if the fat-tunnel parallel encryption is within 384 packets (12 cores * 32 packets in one batch). Hence, there are no out-of-order packets with 5PR122397912 antireplay window size. PR1470637

Forwarding and Sampling

  • Packet length for ICMPv6 is shown as 0 in the output of the show firewall log detail CLI command. PR1184624

  • The fast-lookup-filter with match not supported in FLT hardware might cause the traffic drop. PR1573350

General Routing

  • Some non-fatal interrupts (for example, CM cache or AQD interrupts) are logged as fatal interrupts. The following log messages will be shown on CM parity interrupt:

    fpc0 TQCHIP 0: CM parity Fatal interrupt,Interrupt status:0x10

    fpc0 CMSNG: Fatal ASIC error, chip TQ

    fpc0 TQCHIP 0: CM cache parity Fatal interrupt has occurred 181 time(s) in 180010 msecs

    TQCHIP 0: CM cache parity Fatal interrupt has occurred 181 time(s) in 180005 msecs. PR1089955

  • On the MX104 platform, when using snmpbulkget or snmpbulkwalk (for example, used by the SNMP server) on a chassisd-related component (for example, jnxOperatingEntry), high CPU usage for chassis process and slow response might be seen because of a hardware limitation, which might also lead to a query time out on the SNMP client. In addition, the issue might not be seen while using an SNMP query for interface statistics. As a workaround, to avoid the issue, use either of the following approaches:

    Use snmpget or snmpwalk instead of snmpbulkget or snmpbulkwalk and include the -t 30 option when doing the SNMP query. For example, snmpget -v2c -c XX -t 30.

    Use the -t 30 option with snmpbulkget or snmpbulkwalk. For example, snmpbulkget -v2c -c XX -t 30. PR1103870

  • Egress sFlow sampling is supported on only 8 ports out of every 12 ports on 40G line cards and on only 8 ports out of every 48 ports on 10G line cards. There is no such limitation on ingress sFlow sampling. PR1202870

  • On the MX104 platform, when Routing Engine CPU usage increases, sporadic I2C error message might be seen. Since the situation is temporary, the I2C access might succeed in the next polling and there would be no impact. PR1223979

  • You might encounter a single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. The following syslog message gets reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002.

    The Junos OS chassis management error handling detects such a condition, raises an alarm, and disables the affected Packet Forwarding Engine entity. To recover this Packet Forwarding Engine entity, restart the FPC. Contact your Juniper Networks support representative if the issue persists even after an FPC restart. PR1254415

  • If a vmhost snapshot is taken on an alternate disk and there is no further vmhost software image upgrade, the expectation is that if the current vmhost image gets corrupted, the system boots with the alternate disk so the user can recover the primary disk to restore the state. However, the host root file system and the node boots with the previous vmhost software instead of the alternate disk. PR1281554

  • When you issue a show interface command to check the interface details, the system will not check whether the interface name provided is valid or invalid. The system will not generate an error message if the interface name is invalid. PR1306191

  • On 30 port MACsec-enabled line card (such as, LC1101-M-30C, LC1101-M-30Q, and LC1101-M-96X), when the exclude-protocol lacp statement configured at the [edit security macsec connectivity-association connectivity-association-name] hierarchy level is deleted or deactivated, the LACP protocol's Mux State shown under the output of CLI command show lacp interface, might remain as attached or detached and might not change to distributing state. PR1331412

  • Source MAC and TTL values are not updated for routed multicast packets in EVPN-VXLAN. PR1346894

  • Backup Routing Engine might crash after GRES occurs continuously for more than 10 times. PR1348806

  • In some cases, online insertion and removal (OIR) of a MIC installed in an MPC might lead to the silent dropping of traffic destined to the MPC. The only way to recover from this is to restart the MPC. The issue is not seen if using the corresponding CLI commands to take the MIC offline and then bring it back online. PR1350103

  • The log message SMART ATA Error Log Structure error: invalid SMART checksum might be seen on FPC with third party mSata SSD. PR1354070

  • When VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter is not installed. PR1362609

  • A few xe- interfaces go down with the following error message: if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840

  • Ping latency behavior is expected for host generated ICMP traffic due to the design of Packet Forwarding Engine queue polling the packets from ASIC. user@router-acx5448> ping 10.0.0.4 PING 10.0.0.4 (10.0.0.4): 56 data bytes 64 bytes from 10.0.0.4: icmp_seq=0 ttl=63 time=8.994 ms 64 bytes from 10.0.0.4: icmp_seq=1 ttl=63 time=49.370 ms 64 bytes from 10.0.0.4: icmp_seq=2 ttl=63 time=47.348 ms 64 bytes from 10.0.0.4: icmp_seq=3 ttl=63 time=45.411 ms <<< 64 bytes from 10.0.0.4: icmp_seq=4 ttl=63 time=106.449 ms <<< 64 bytes from 10.0.0.4: icmp_seq=5 ttl=63 time=79.697 ms <<< 64 bytes from 10.0.0.4: icmp_seq=6 ttl=63 time=37.489 ms <<< 64 bytes from 10.0.0.4: icmp_seq=7 ttl=63 time=31.436 ms << 64 bytes from 10.0.0.4: icmp_seq=8 ttl=63 time=35.460 ms << 64 bytes from 10.0.0.4: icmp_seq=9 ttl=63 time=77.198 ms << ^C --- 10.0.0.4 ping statistics --- 10 packets transmitted, 10 packets received, 0% packet loss round-trip min/avg/max/stddev = 8.994/51.885/106.449/26.824 ms. PR1380145

  • Due to transient hardware condition, single-bit error (SBE) events are corrected and have no operational impact. Reporting of those events had been disabled to prevent alarms and possibly unnecessary hardware replacements. This change applies to all platforms using hybrid memory controller (HMC). PR1384435

  • In scaled configurations, an FPC might be shown as online and permits revert of a RLT when it is actually not yet ready to pass the traffic. This might lead to traffic loss for up to 8 minutes. PR1394026

  • FPC core files are generated on multiple additions or deletions of hierarchical CoS from pseudowire devices. As a workaround, remove the pseudowire device without changing the hierarchical CoS configuration. PR1414969

  • If HTTS header enrichment function is used, the traffic throughput decreases when traffic passes through header enrichment. PR1420894

  • If a firewall filter with multiple match conditions is configured on interfaces which are up and the firewall filter is modified (either a new action is added or a condition is added or removed etc.), the FPC might crash and restart. It might affect the service or traffic. PR1432116

  • A timing issue during the sxe interface bring up (with respect to i40e driver) is seen. To recover, reboot the complete board. PR1442249

  • The error messages Err] mqss_ea_host_misc_wanio_intr_handler: Process ing the PTC interrupts failed - status 1, Err] mqss_pio_read_u32: Reading 32-bit register fa iled - status 1, pio_handle 0xe1b445c0, addr 0x400115 is observed after BGP flap. PR1450358

  • The CFM remote MEP is not coming up after configuration or remains in Start state. PR1460555

  • On VXLAN VNI (multicast learning) scaling scenario, traffic issue is seen from VXLAN tunnel to Layer 2 interface. PR1462548

  • Introduction of backport jemalloc profiling CLI support to all releases where jemalloc is present. PR1463368

  • Either static routes or implicit filters should be configured for forwarding DNS traffic to service PIC. It solves DNS packet looping issue. PR1468398

  • The following message might be seen in chassisd log after rebooting or changing the configuration, etc.: re_tvp_builtin_fwinfo_update: Unable to get firmware version. PR1471938

  • For the MPC10E card line, the IS-IS and micro BFD sessions do not come up during baseline. PR1474146

  • The SNMP index for bundle interface might become zero in Packet Forwarding Engine after restarting the FPC. This could cause the sFlow records to have either input interface value (IIF) or output interface value (OIF) as 0 value. PR1484322

  • The following critical syslog error messages is observed: [Critical] Em: Possible out of order deletion of AftNode #012#012#012 AftNode details - AftIndirect token:230791 group:0 nodeMask:0xffffffffffffffff indirect:333988 hwInstall:1#012.PR1486158

  • High scale login and logout (around 1M bearers) might prevent some sessions from logging in again. PR1489665

  • On MX204 and MX10003 routers with MPCs MPC7E, MPC8E, MPC9E, MPC10E, and JNP10K-LC2101, an error syslog unable to set line-side lane config (err 30) appears occasionally. This does not impact any service and can be ignored. PR1492162

  • Scheduler ingress Packet Forwarding Engine VOQ drop counters do not match egress queue drop counters. PR1494785

  • When running the show pfe filter hw filter-name filter name command, the command fails to retrieve the Packet Forwarding Engine programming details of the filter. PR1495712

  • After backup Routing Engine halt, CB1 goes offline and comes back online; this leads to the backup Routing Engine booting up, and it shows the reboot reason as 0x1:power cycle/failure. This issue is only for the Routing Engine reboot reason, and there is no other functional impact of this. PR1497592

  • When a VLAN member is specified as a string, the IF_MSG_IFL_VADDR TLV is not generated with the VLAN information, and the TRIO afttriostream is not updated with the nativevlanId and nativevlanenable flags. Thus, the packets are still treated as untagged, and when it reaches the trunk egress interface, it is dropped because the trunk interface does not allow untagged traffic to pass through. The issue is specific to platforms with ZT line cards. As a workaround, functionally will work if the interface-vlan-members statement contains only numeral value for VLANs. The VLAN members with input as a string is not supported in this release. PR1506403

  • The WAN-PHY interface continuously flaps with the default hold-time down of value 0. This is not applicable to an interface with the default framing LAN-PHY. PR1508794

  • BGP-SRTE binding-sid with more than one label stack needs enhancement. For routers that do not support more than one chain-composite-next-hop, it can configure this CLI statement to disable chain-composite-next-hop as a workaround. With this statement configured, all labels will be pushed from egress. PR1512213

  • The log file to log the activities associated with the request rift package activate command is created with the permissions of the CLI user. If multiple users run the command, it might fail due to problems with permissions writing to the log file. PR1514046

  • A delay of 35 seconds is added in reboot time in Junos OS Release 20.4R3 compared to Junos OS Release 19.4R2. PR1514364

  • Traffic drop is observed when multicast traffic on a group with 4000 egress aggregated Ethernet ports is sent. The drop is always on the egress port that are on same Packet Forwarding Engine as ingress. The PPE times out before the multicast packet is processed and that causes the packet drop. PR1514646

  • The show configuration command does not display the actual version information. PR1517231

  • The SNMP trap of power failure might not be sent out when power cable is removed from PSU. The output of the show chassis environment command might not display the information of the power failure. PR1520144

  • Number of TCAM entries on lo0 interface was limited to 128, which caused commit error. PR1521171

  • When an AMS physical interface is configured for the first time or any member of the AMS bundle is removed or added, the PICs on which the members of AMS bundle are present go for a reboot. There is a timer running in the AMS kernel which is used as a delay for the PIC reboot to complete and once that timer expires, AMS assumes that the PICs might have been rebooted, and it moves into next step of AMS finite state machine (FSM). In scaled scenarios, this rebooting of the PIC is delayed due to DCD. This is because when a PIC goes down, DCD is supposed to delete the physical interfaces on that PIC and the PIC reboot happens. But DCD is busy processing the scaled configuration and the physical interface deletion is delayed. This delay is much greater than the timer running in AMS kernel. When the timer expires, the FSM in AMS kernel incorrectly assumes the PIC reboot would be completed by then, but the reboot is still pending. By the time DCD deletes this physical interface, the AMS bundles are already up. Because of this, there is a momentary flap of the bundles. PR1521929

  • Increase the number of queues in scale configuration using the set chassis fpc <> max-queues 768k. PR1522136

  • Rpd sensors generate core file during defer-continue case on network churn. This is a timing issue and will happen only when a particular node sensor information is being rendered and the same node went through some modification. PR1526503

  • SSD core files are seen at rtslib_iflm_update_internal. Since SSD is not needed, disable this process using the set system processes sdk-service disable. PR1527741

  • FIPS mode is not supported. PR1530951

  • In draft-ietf-bess-srv6-services-04, it is stated that if SRv6 SID received is not in the range of locator, ingress PE should perform a reachability check for the SRv6 service SID in addition to the BGP next-hop reachability procedures. But even if rpd process does this check and then honor the SID and its next hop, egress PE might loop the packet back. So for current implementation both end SID and DT4 SID needs to be extended from the same locator. PR1532227

  • Due to BRCM KBP issue route lookup might fail. Need to upgrade KBP to address this issue. PR1533513

  • After performing unified ISSU on the Junos node slicing, the unified ISSU unsupported field replaceable unit (FRU) will stay offline until brought up online manually once unified ISSU finishes. This issue causes a service or traffic impact for the offline FRUs. PR1534225

  • When an image with the third party SDK upgrade (6.5.x) is installed, the CPU utilization might go up by around 5 percent. PR1534234

  • As we do not have an option to configure router ID for IPv6 , IS-IS will pick up the router ID as minimum interface address and this is a day one behavior for IS-IS. With the current implementation, the interface with minimum interface address is not used to send the packet out, but if this interface flaps even though its not used to send the packet out, still there might be a traffic glitch since router ID is going to be changed. PR1534430

  • Flap might be observed on channelized ports during ZTP when one of the ports is disabled on the supporting device. PR1534614

  • On MX2010 and MX2020 platforms running in Junos OS node slicing scenario, when the base system (BSYS) has Routing Engine switchover which is followed by the addition or deletion of MPC11 line card to/from the guest network function (GNF), if the slot number in use for MPC11 line card is 8 or above, the MPC11 line card might be stuck in ready state due to this issue. PR1535588

  • The error Socket to sflowd closed error comes up when the ukern socket to sflowd daemon (server) is closed. The error is rectified by itself as the client successfully reestablishes the connection in the subsequent attempts. When these errors are consistent, it indicates a communication issue between sflowd and the sFlow running on the FPC. PR1538863

  • On an EVPN-VXLAN scenario, vmcore files are generated on master and backup Routing Engine with Layer 2 or Layer 3 multicast configuration. PR1539259

  • On a scaled MX2020 router with vrf localisation enabled, 4 million next hop scale, and 800k route scale, FPCs might go offline on GRES. Post GRES, router continues to report many fabric related CM_ALARMs. FPC might continue to reboot and might not come online. Rebooting master and backup Routing Engine will help recovering and get the router back into a stable state. PR1539305

  • When running continuous sync (show interfaces aex extensive) and async (SNMP polling) queries on an aggregated Ethernet interface in parallel, spikes in aggregated Ethernet interface framing errors counter might be observed between correct values. PR1539537

  • BCMX calls are deprecated and needs to be replaced with BCM calls. PR1541159

  • PTP to PTP noise transfer is passing for impairments profile 400nsp-p_1Hz", but failing for profile 400nsp-p_0.1Hz and lower bandwidth profiles as well. This issue is common to 10 G also. PR1543982

  • A new alarm network-service mode mismatch between configuration and kernel setting was introduced. When unified ISSU or normal code upgrade is performed from images without new alarm commit to images with new alarm commit, then the transient false alarm will be seen. PR1546002

  • 1 PPS CTE performance cannot meet class B metrics for MPC7E-1G and 10G line cards.. PR1546219

  • 100 G AOC from third party does not come up after multiple reboots. It recovers after interface enable or disable. PR1548525

  • The following error message is observed: Feb 27 20:26:40 xolo fpc3 Cannot scan phys_mem_size.out. Please collect /var/log/*.out (0;0xdd3f6ea0;-1) (posix_interface_get_ram_size_info): Unknown error: -1. This log is harmless. PR1548677

  • In synce configuration, ESMC transmit is configured or if the chassis synchronization source configuration is deactivated or there are no active chassis synchronization source configurations present, it might lead to a commit error esmc-transmit. To avoid the error, include the chassis synchronization source. PR1549051

  • The PKI CMPv2 (RFC 4210) client certificate enrolment does not properly work when using root-CA. PR1549954

  • When unified ISSU on MX Virtual Chassis is performed, error log is seen mostly because of timing issue during unified ISSU. This can cause ksyncd restart or jsr unreplications on the MX Virtual Chassis, but this will not abort unified ISSU. PR1550492

  • On MX platforms, the Packet Forwarding Engine might get disabled when the major CMERROR occurs due to the parity error in the DRD memory block's SRAM. PR1551353

  • When NDP entries are scaled to 32,000 over IRB in one shot, the NDP process might reach to 100 percent CPU utilization and unicast next hops for all 32,000 entries might not be present. This will result in traffic drops for entries for which unicast next hop is not present. PR1551644

  • When the telemetry data for a node which is streamed is deleted during a network churn and the same node is being walked or rendered for the sensor, rpd process might generate core files. This is a corner case where the rendering and deletion of a particular node has to happen at the same instance. This issue can occur only in case of a unstable network. PR1552816

  • Unified ISSU is not supported due to a major SDK upgrade from 6.3.2 to 6.5.16. Due to the upgrade, the warm reboot feature needed for unified ISSU is not supported by our vendor. PR1554915

  • Phone home supports captive portal with factory default configuration. Captive portal was used to enter activation code and to monitor bootstrap status of device using phone home feature. Starting Junos OS Release 20.4, support for captive portal for phone home bootstrap process is removed. PR1555112

  • On high availability systems, when FPC0 (when node0 is primary) or FPC7 (when node1 is primary) is restarted (for example, with the request chassis fpc slot <> restart node local CLI command or due to dcpfe core files on the primary), that might cause FPC1 or FPC8 to restart, which might cause the preexisting TCP sessions to break and might not get reestablished by itself. The TCP sessions might need to be manually reestablished. PR1557607

  • With T-BC across multiple line cards, the cTE cases are failing as there are extra delays introduced during boot-up causing phase variation across the line cards. Also, boot to boot variations are different. PR1557636

  • The SyncE to PTP transient response is a stringent mask to be met with 2way-time error. The SyncE to PTP Transient response mask shall not be met for MPC7E 1G and MPC7E 10G line cards. PR1557999

  • VE and CE mesh groups are default mesh groups created for a given routing instance. On adding VLAN or bridge domain, flood tokens and routes are created for both VE and CE mesh-group and flood-group. Ideally, VE mesh-group does not require a CE router where IGMP is enabled on CE interfaces. MX Series based CE boxes have unlimited capacity of tokens, so this would not be a major issue. PR1560588

  • On all Junos platforms, all traffic coming from the remote end of a dynamic tunnel will not be processed and dropped when a GRE-based dynamic tunnel is configured and the tunnel preference is configured as 1. This issue is seen because of the missing programming of de-encapsulation mode in the internal system. PR1561721

  • There is traffic loss on some SRv6 flows post FPC restart. PR1562066

  • This is a day one issue. When a new p2mp template (for example, template1) is added, it overwrites the default_p2mp template for the LSPs. When we update from template1 to template2, the change is not taking effect. The issue has a workaround by removing p2mp template for template1 and then readding the template2. PR1564795

  • The chassisd process logs are flooded with the pic_create_ifname: 0/0/0 pic type F050 not supported messages for every port that is connected. This happens repeatedly in a few seconds. PR1566440

  • The problem is with L1 node not reflecting correct bandwidth configured for tunnel services. When baseline has 1G configuration on some FPC or PIC in groups global chassis and if we override with local chassis tunnel service in 10 G bandwidth scaled scenario. Out of 10 Gbps bandwidth configured only 1 Gbps is allowed per 1 G speed configured in baseline configuration. PR1568414

  • Traffic might be dropped on MX platforms when the default route is changed in the inet.0 table. It might take 2 to 3 seconds to be updated in Packet Forwarding Engine . This issue can be recovered automatically. PR1568944

  • The Precision Time Protocol (PTP) clock might fail to be locking and be stuck in the acquiring state at clock servo. PR1570310

  • BUM traffic replication over VTEP is sending out more packets than expected and there seems to be a loop. PR1570689

  • PIM rib-group failures to add in VRF. PIM: ribgroup VRF is not usable in this context; all RIBs are not in instance. PR1574497

  • On MX204 platforms, to use port profile configuration at port level, both PICs need to be in port mode profile or the PIC should have number of port configured as 0. PR1575441

  • When the scheduler configuration is not applied to all 8 egress queues of an interface and one or more egress queues has the buffer size remainder configuration, the distribution of buffer to egress queues with buffer size remainder is not distributed correctly, which might lead to unexpected tail drops. PR1575798

  • The known multicast traffic received over a VLAN from the core on VTEP does not get forwarded to the downstream CE interfaces. PR1575841

  • An alarm raised due to a transient hardware problem with MIC does not get cleared automatically after MIC restart. PR1576370

  • Max ports used is not getting displayed properly in the show services nat pool pool name detail. PR1576398

  • When firewall is configured with both discard and port-mirror as actions in the same term, mirrored packet will be corrupted because it has two Layer 2 headers. PR1576914

  • If NSR is configured, in a large-scale configuration with most of the next hops (the scale numbers are 23,000 unicast next hops, 24,000 unilist nexthops and 18,000 aggregate next hops, 24,000 transit MPLS routes, 1M IPv4 routes and 215,000 IPv6 routes), egressing out of one (physical/aggregate) port and unilists are created with ports of two FPCs, transient traffic loss is observed when remote FPC is rebooted. PR1578635

  • FPC status LEDs are not turning red with power fault. PR1579466

  • In a fully loaded devices, the firewall programming fails at times due to a scaled prefix configuration with more than 64800 entries. PR1581767

  • During reboot in certain instances, the device might get into a state where Junos virtual machine hangs until the NMI is triggered and reboots fully. The system recovers after ~30 mins. PR1584902

  • Platforms using SkyATP with security-intelligence configured, might disconnect from the cloud after several days with the Connection status: Request client certificate failed error. The issue can be recovered by the restart pki-service CLI command. PR1585362

  • Sensor statistics might not be displayed accurately for sensors with producers in multiple nodes in the show network-agent statistics command. It is only the statistics that are not accurate. All other information displayed in the command output is fine. There is no impact on streaming functionality. Data is streamed correctly from all nodes to the collector. PR1590249

  • Currently, SyncE configurations are allowed during unified ISSU, but trigger a warning since SyncE state might not be maintained during unified ISSU. PTP configurations, however, need to be deactivated, else the unified ISSU will be aborted. PR1592234

  • Port related component sensors under path /components/component/state/ are not exported when subscribed to /components/component/state/. As a workaround, user can subscribe to /components/ path to get these data exported. PR1593031

  • Post unified ISSU, issue will be seen on deleting and adding back sample configuration below: interfaces { ge-0/2/5 { flexible-vlan-tagging; encapsulation flexible-ethernet-services; gigether-options { ethernet-switch-profile { tag-protocol-id 0x0800; } } unit 1 { vlan-id 1; family inet { filter { input inet4filter; output inet4filter; } address 16.0.6.65/30; } family inet6 { filter { input inet6filter; output inet6filter; } address 2002:0000:0000:0000:0000:0000:1000:0641/126; } } } }. PR1596483

  • With the shared-tunnels statement enabled in a DCI-GW along with MAC-VRF configurations, traffic loss is observed. As a workaround, disable the shared-tunnels statement which act as DCI-GW role. PR1597181

  • On all MX platforms, changing configuration AMS 1:1 warm-standby to load-balance or deterministic NAT might result in generating vmcore and cause traffic loss. PR1597386

  • Read write lock is not acquired during the sysctl invocation. The assert triggered in the interface state function call leads to Routing Engine 1 goes to debug (db>) prompt. PR1598814

  • On MX platforms using MPC10 and MPC11E line cards with IPv6 configured, duplicate address detection flags are seen for IRB interfaces. This happens when a device is configured with multiple member Layer 2 interfaces and IRB interfaces, with one or two Layer 2 interfaces going into STP blocked state. This issue can cause potential service impact on the device. PR1601065

  • When PTP is on default profile & PTPoE is configured in stateful with ordinary clock-mode configuration is not supported. Below unsupported configuration does not throw commit error. There are no error logs reported with below unsupported configuration. Un-supported PTP configuration: root@accio# show protocols ptp clock-mode ordinary; stateful { interface xe-0/0/0.0 { multicast-mode { transport { ieee-802.3; } } } } Stateful port configuration for PTP over Ethernet and default profile is supported only on boundary clock mode and not on ordinary clock mode. Work around is to change the clock-mode or to remove stateful configuration. PR1601843

  • With the network address translation (NAT) and endpoint-independent mapping (EIM) enabled, traffic unsupported by EIM might not be translated due to packets injected back to NAT gateway. When this issue happens, EIM unsupported traffic might be dropped. Also, the issue might cause looping at NAT gateway. In the end, looping occurred at NAT gateway affects device performance. PR1601890

  • Under scaling scenarios, delayed responses from kernel (for SVTEP create) might come after the new configuration deletes the logical interface object reference from RTT. Processing of this stale response might cause a core file generation. This is a very rare scenario, and l2ald recovers automatically by a restart. PR1602244

  • Convergence time degradation is seen in IS-ISv6, OSPFv2, and OSPFv3. PR1602334

  • J-Flow-syslog for CGNAT is using 0x0000 in the IPv4 identification field. This might have issues for some jflow-syslog-collectors especially when jflow-syslog packets get fragmented along the path to collector. PR1602528

  • On MX960 platform with MPC10 and MPC11 line cards, the field numbers of the firewall sensors from MPC10E line card might not align with other MPCs and Junos Telemetry Interface data model files. This might cause the server to be unable to parse the firewall sensors from MPC10E line card. PR1604313

  • When performing downgrade on VMHost platform, the following harmless error messages might be seen when issuing the request vmhost software add command: mkdir: cannot create directory '/tmp/partdisk-V6pHko/jrootfs/junos': File exists mkdir: cannot create directory '/tmp/partdisk-V6pHko/jrootfs/vm': File exists mkdir: cannot create directory '/tmp/partdisk-V6pHko/jrootfs/spare': File exists. PR1605915

  • On MX104 routers, if the SFP-T optic connected interface negotiates a speed other than 1G and is part of an aggregate interface, the interface's negotiated speed will not be shown after the interface-control (dcd) daemon restart or a Routing Engine switchover. PR1607734

  • When the LLDP is used and if interfaces flap, memory leaks might be observed and it causes the l2cpd process to crash. PR1608699

  • In a Layer 2 bit stream access or Layer 2 wholesale services using the auto-sensed VLAN subscriber interfaces over a dynamic underlying VLAN interface scenario, if the auto-config is used on pseudowire physical interface and the logical interface of it, the Junos OS next hop might not be properly installed for the new requested tagged VLAN after deleting the pseudowire physical interface or clearing the subscriber's sessions. Then it might not be recreated single-vlan tag for the subsequent subscribers again, the access services on the pseudowire physical interface and the logical interface might be unavailable due to this. PR1609844

  • In a subscriber management scenario, if JSU package for broadband edge subscriber management daemon (bbe-smgd) is installed on backup Routing Engine when it is syncing subscriber information from master, then the authd process and RADIUS might have stale Layer 2 Bit Stream Access (L2BSA) subscriber entries which might cause subscribers to logout and login again. PR1610476

  • In a subscriber management environment, statically configured shaping rate for the parent interface set might be incorrectly adjusted by PPPoE IA tags adjustment application if the CoS adjustment based on DHCP tags and PPPoE IA tags is enabled and the first subscriber that triggered creation of the interface set is DHCP. PR1613126

  • When a large number of BGP routing updates (for example, 2M BGP IPv4 routes and 500,000 BGP IPv6 routes) triggered by interface flapping are pushed to the Packet Forwarding Engine at the same time, the IGP routing updates might be delayed to program in the Packet Forwarding Engine, which might cause the sessions (for example, LDP and RSVP) that rely on IGP to flap. PR1613160

  • On MX platforms in a high scaled subscriber management scenario, the system might not go GRES ready after backup Routing Engine reboot. This impacts the GRES functionality. PR1616611

  • With 1 pps measurement port output and PTP or hybrid mode configured by default during bootup, clksyncd might crash and generates core files. PR1618929

High Availability (HA) and Resiliency

  • If performing GRES with the interface em0 (or fxp0) disabled on the master Routing Engine, then enabling the interface on the new backup Routing Engine might result in losing network access. PR1372087

  • When MTU is configured on an interface, a rare ifstate timing issue might occur at a later point resulting in ksyncd process crash on backup Routing Engine. When ksyncd process crashes on the backup Routing Engine, a live kernel core file is also generated on both the Routing Engines. There is no service impact due to this issue. PR1606779

Infrastructure

  • An interface is configured for single VLAN or multiple VLANs, if all these VLANs of this interface have the igmp-snooping is enabled, then this interface will drop hot standby router protocol for IPv6 (HSRPv2) packets. But if some VLANs do not have the igmp-snooping enabled, then this interface is working fine. PR1232403

  • The following messages are seen during FTP: ftpd[14105]: bl_init: connect failed for `/var/run/blacklistd.sock' (No such file or directory). PR1315605

  • The following error message is observed continuously in AD with base configurations: IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151). PR1485038

  • While loading the kernel, user sees the EOM: mmcsd0s.enh: corrupt or invalid GPT detected error message. This message has no impact on functionality. PR1549754

Interfaces and Chassis

  • The mc-ae needs to have the prefer-status-control-active to avoid flap on the split brain case ( ICCP down or peer node reboot). Configure it on the status-control active PE device. PR1505841

  • The CLI output for show interfaces transport pm otn current interface command has a formatting issue with the interval range. The correct range information is returned in the commands XML message. The information can be displayed by redirecting the command output to display xml. PR1560533

  • The issue is seen in the scaled setup with 296 LM sessions with iterator cycle time interval (100ms). It seems there is degradation in scale number (OAM packet rate at ~5500). At this qualified PPS, now LMR packet loss is observed but the functionality seems to be fine. To avoid LMR packet loss, reduce the scale number and keep the oam packet value to less than 5500 pps. PR1561397

  • On all Junos platforms, if XE/GE interface that have the set interfaces xe/ge disable configuration and XE/GE interface is added as a member of aggregated Ethernet bundle and the delete interfaces xe/ge disable command is committed, then in some rare scenario, it might generate vmcore file and reboots the system. This impact the traffic. After the vmcore file is generated, system boots up and comes to normal state. PR1569399

  • With aggregated multiservices interface (AMS) configured, the memory leak on dcd daemon occurs when making configuration changes on any interface. The leak rate is slow and depends on the scale of the logical interfaces on AMS interfaces (for example, if there are 8 AMS physical interfaces with 8000 logical interfaces, the leak is about 5 MB on each commit), which might lead to a dcd crash. PR1608281

  • On MX960 routers, the following syslog messages are found: dcd[40867]: %DAEMON-5: lo0 family maximum labels is non-adjustable. PR1611098

Juniper Extension Toolkit (JET)

  • The jsd process might take some time to detect abrupt termination of the socket at the collector or client side in certain cases. This can occur when flapping the interface on which the collector is connected to the router or when a firewall terminates the client port. In such cases, the client must wait for the connection termination to be detected, which could take around 1 hour, or restart the jsd process before being able to reconnect with the same client ID. PR1549044

Layer 2 Ethernet Services

  • On Junos OS devices configured as a DHCP forwarder, the jdhcp process might crash when receiving a malformed DHCP packet. PR1430874

  • It is observed rarely that issuing the request system zeroize command does not trigger zero-touch provisioning (ZTP). A workaround is to reinitiate the ZTP. PR1529246

  • The subscriber login might fail on backup Broadband Network Gateway (BNG) running Active Leasequery (ALQ) if the authentication is dependent on relay-agent-remote-id. In the issue state, the redundancy services will not be available for these DHCP clients. PR1583445

MPLS

  • When we configure the minimum-bandwidth statement, the LSP is still resignalled with the previous configured minimum-bandwidth and not with the current configured minimum-bandwidth.. PR1526004

  • The single hop BFD sessions might flap sometimes after GRES in a highly scaled setup which have RSVP link or link-node-protection bypass enabled. This happens because the RSVP neighbor goes down sometimes after GRES if RSVP hellos are not received before neighbor time out happens. As a result of the RSVP neighbor goes down, RSVP installs a /32 route pointing to bypass tunnel which is required to signal backup LSPs. This route is removed when all LSPs stop using bypass after the link comes back. The presence of this /32 route causes BFD to flap. PR1541814

  • If IS-IS-TE or OSPF-TE is enabled, but extended admin groups (which is configured under routing-options) are configured after the peer router advertises the extended admin groups, the LSP with extended admin groups constraints might fail to be established. PR1575060

  • With local reversion ON, there is a possibility of transit router not informing headend of RSVP disabled link when link flaps more than once. As a workaround, remove the local-reversion configuration. PR1576979

  • When a protected link goes down, MPLS gets tunnel local repair message from RSVP and trigger CSPF computation. Next, MPLS gets link protection information through RRO notification. If MPLS receives TED notification before RRO notification, then CSPF computation fails. Since the link protection flag is not set, MPLS considers it as an unprotected link and brings down the LSP. PR1598207

Network Management and Monitoring

  • On Junos platform with SNMP enabled, snmpd process might stop or become very slow once in a very long period of time. For example, it occurs once in 6 months or so. If snmpd process restarts, then it responds faster again. PR1328455

  • On all Junos platforms, the SNMP polling might not work if the IS-IS protocol is disabled under the same Virtual Routing and Forwarding (VRF) through which the SNMP requests are sent. PR1527251

  • The SNMP polling failures timeout might be observed when the number of outstanding requests to any subagent (mib2d, snmpd-subagent) reaches 500. This will impact the SNMP polling functionality. PR1585409

Platform and Infrastructure

  • OSPF flapping occurs sometime during unified ISSU. PR1371879

  • On MX Series platforms with MPC7, MPC8, MPC9 line card or on MX204 and MX10003, when the packets exceeds the MTU and whose DF-bit is set to go into a tunnel (such as GRE and LT), they might be dropped in the tunnel egress queue. PR1386350

  • The error messages are the result of PPE commands injected from the host. One possible reason might be Layer 2 BD code, which is trying to decrement BD MAC count in the data plane. It is unlikely that there is a packet loss during this condition. This might happen during unified ISSU and this might be due to a problem with unified ISSU counter morphing used for LU-based cards, where certain counters are not disabled or disabled too late during unified ISSU. PR1426438

  • Due to a software implementation, firewall filter is reapplied duration GRES. This might result in a short duration of time when the filter is not applied, provoking side effects such as drop or loss of traffic. PR1487937

  • On all Junos OS platforms that support EVPN-MPLS or EVPN-VXLAN, when an existing ESI interface flaps or is newly added to the configuration, sometimes designated forwarder (DF) election happens before the local bias feature is enabled. During this time, existing broadcast, unknown unicast, and multicast (BUM) traffic might be looped for a short time duration (less than several seconds). PR1493650

  • With GRES and NSR functionality with VXLAN feature, the convergence time might be slightly higher than expected for Layer 2 domain to Layer 3 VXLAN. PR1520626

  • A rmopd reports false TCP errors in the log messages: RMOPD_TWAMP_SOCKOPT_FAILURE setsockopt(TCP_KEEP.*) failed, error: Invalid argument. This is a cosmetic issue. PR1522488

  • When the DHCP relay mode is configured as no-snoop, we are observing the offer gets dropped due to incorrect ASIC programing. PR1530160

  • Load balancing hash logic is changed in latest, which means for the same source IP and destination IP combination, the hash result will be of one link for releases prior to Junos OS Release 20.4 and will be a different one for Junos OS Release 20.4 and later, it will point to a different link/PIC. The overall load will be still shared among those links, only those sessions will get moved from one PIC to another PIC. PR1549259

  • On the MX platforms with XM chipset based line card is installed, when the line card experiences the CMERROR XMCHIP_CMERROR_DDRIF_PROTECT_WR_RD_SRAM_RUNN_CHKSUM, the disable-pfe action will be involved. This issue will cause the Packet Forwarding Engine to be disabled and traffic lost. PR1568072

  • On MX platforms, FPC gets restarted and thereby disrupting traffic when there is an out-of-order filter state and its terms, this issue might be seen only in back to back GRES in more than 40 to 50 iterations. PR1579182

  • When the deactivate services rpm and the deactivate routing-options rpm-tracking commands are applied together and committed, some of the rpm tracked added routes are not deleted from the routing table. The issue cannot be seen when using the following steps:

    1. Issue the deactivate routing-options rpm-tracking command.

    2. Commit the configuration, then all the rpm tracked routes will be deleted.

    3. If the RPM service needs to be deactivated, issue the deactivate services rpm and commit. PR1597190

  • MS-PIC RPM probes with large data-size is failing at random. The issue on MS-PIC is not consistent and fails at random. Continuing further debugging for root cause. PR1602508

Routing Policy and Firewall Filters

  • On all Junos OS platforms with the set policy-options rtf-prefix-list configured, if you upgrade to a specific version, the device might fail to validate its configuration, eventually causing rpd to crash unexpectedly due to a software fault. PR1538172

Routing Protocols

  • While interoperating with other vendors in a draft rosen multicast VPN, by default Junos OS attaches a route target to multicast distribution tree (MDT) subsequent address family identifier (SAFI) network layer reachability information (NLRI) route advertisements. But some vendors do not support attaching route targets to the MDT-SAFI route advertisements. In this case, the MDT-SAFI route advertisement without route target extended communities are prevented from propagating if the BGP route target filtering is enabled on the device running Junos OS. PR993870

  • If delegated BFD sessions flap continuously, packet buffer memory might be leaked. The automatic memory leak detection process reports this within the syslog once a certain threshold is reached, like fpc7 SHEAF: possible leak, ID 8 (packet(clones)) (10242/128/1024) on MX-MPC or fpc4 SHEAF: possible leak, ID 9 (packet(clones)) (255/1/5) on other platforms. Note that BFD sessions operating in centralized mode are not exposed. PR1003991

  • Certain BGP traceoption flags (for example, open, update, and keepalive) might result in (trace) logging of debugging messages that do not fall within the specified traceoption category. which results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294

  • LDP OSPF are in synchronization state because the IGP interface is down with ldp-synchronization enabled for OSPF. As per the current analysis, the IGP interface goes down because although LDP notified OSPF that LDP synchronization was achieved. OSPF is not able to take note of the LDP synchronization notification because the OSPF neighbor is not up yet. PR1256434

  • In rare cases, RIP replication might fail as a result of performing NSR Routing Engine switchovers when the system is not NSR ready. PR1310149

  • On MX platforms, unexpected log message will appear if the show version detail' or request support information CLI command is executed: user@router> show version detail *** messages *** Oct 12 12:11:48.406 re0 mcsnoopd: INFO: krt mode is 1 Oct 12 12:11:48.406 re0 mcsnoopd: JUNOS SYNC private vectors set. PR1315429

  • SCP command with routing instance -JU is not supported. PR1364825

  • BFD session flaps during unified ISSU only in MPC7E line card. The issue is not seen frequently. PR1453705

  • On all Junos platforms with scaling MVPN scenario, some PIM join or prune messages might not be processed for the first attempt. For instance, a dedicated PIM router receives more than 2500 PIM hello packets from the new neighbors, followed by PIM join packets for the same multicast group in a very short period of time. PR1500125

  • Due to behavior change, if there is no IFA present in the interface, we do not encode the router ID in the hello packet by default. In current scenario between R1 and R2, we do not have any inet or inet6 address set for interfaces forming the adjacency in question. Then, in the show isis adjacency detail command output, we do not see IPv4 or IPv6 address and it is shown that the adjacency is missing an IP address. PR1559079

  • In a Virtual Chassis or Virtual Chassis fabric scenario, inconsistent MCSNOOPD core file is seen when igmp-snooping configuration is removed. PR1569436

  • On all Junos platforms with the static defaults statement configured under the routing-options hierarchy, if the IPv4 static route configuration is added, and then deleted, the IPv4 static route might not be removed from routing table and still forward traffic unexpectedly. PR1599084

  • When performing Routing Engine switchover with NSR enabled, MSDP peering flaps for ~10 seconds and issue is seen intermittently. For instance, when first switchover is performed, issue is not seen. But on second switchover it is observed. But, this reset of MSDP peering sessions during NSR has no impact on multicast traffic flow. Multicast states are maintained properly across the switchover. PR1616991

Services Applications

  • In a subscriber management environment, the show services l2tp tunnel extensive and the show services l2tp session extensive CLI commands provide incorrect outputs on LTS (L2TP tunnel switch). PR1601886

Subscriber Access Management

  • There is configuration option to set slow interval to 1 min. By this approach, Packet Forwarding Engine uses the slow interim which is set to 1 min. PR1515899

  • On DHCPv6 over PPPoE scenario, where the PPPoE sessions have delegated IPv6 prefix assigned from a local pool, when a DHCP session comes up over the PPPoE leading to a change to the PPPoE session’s address, an address-change notification might be triggered. The processing of this notification by general-authentication-service might result in incorrect marking of the delegated IPv6 prefix as available. Once this happens, DHCP service might reassign the same prefixes which might be rejected because of IP duplication. PR1609403

User Interface and Configuration

  • The auditd process might crash due to a rare timing issue. The crash is happening while reading the configuration from the database in the auditd tacplus process. There is no impact due to this issue as the auditd tacplus process gets restarted automatically after it gets terminated. PR1226104

  • When a user tries to deactivate the MPLS related configuration, the commit fails on backup Routing Engine. PR1519367

  • The mgd process generates core file upon simultaneous rollback command in two different terminals of same router. It is a rare and corner case and is a timing issue. If this happens, the CLI session ends abruptly. PR1554696

  • The issue is seen on Virtual Chassis only which can be avoided with a simple workaround as to providing a valid package during upgrade command PR1557628

  • SCP command does not work from CLI. Users can use file copy CLI command instead of SCP CLI command as a workaround. PR1582916

  • When there is groups configured under apply-path, the configuration will not be expanded, and the expected feature programming of apply-path does not occur. PR1592032

  • When performing commit check for the firewall and interface related configurations, if an operator uses the Ctrl+C to abort it, the dfwc and dcd might crash after performing another commit check. This issue will happen only with those daemons that follow the message-based commit check model (such as dfwc, dcd, rdmd and fwa), and has no impact on other daemons. PR1600435

VPNs

  • During unified ISSU, the IPsec tunnels flap, causing a disruption of traffic. The IPsec tunnels recover automatically after the unified ISSU process is completed. PR1416334

  • In some scenario (for example, configuring firewall filter), sometimes routers might show obsolete IPsec SA and NHTB entry even when the peer tear down the tunnel. PR1432925

  • The MC-AE Layer 2 circuit states are not updated instantly and for some time after disabling the core interface on the MC-LAG active node, double hit in traffic is observed. To avoid the issue, configure the set protocols ldp label-withdrawal-delay 0 in all the routers participating in l2ckt. PR1543408

Resolved Issues

This section lists the issues fixed in Junos OS Release 20.4R3 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 20.4R3

Authentication and Access Control

  • The ssh crashes on all Junos platforms. PR1601150

Class of Service (CoS)

  • On MPC7E, MPC8E, and MPC9E line cards, the BPS counter of the egress queue displays the incorrect BPS value when the cell mode is configured on the static interface. PR1568192

  • Child mgd processes might get stuck when multiple sessions are continuously asking for interface information. PR1599024

  • Traffic loss might be observed if per-unit-scheduler is configured on aggregated Ethernet interface. PR1599857

EVPN

  • The rpd process might crash under EVPN-VPWS environment. PR1562160

  • ESI preference is not preferred when configured on lo0 interface for multicast VXLAN. PR1570618

  • The multicast traffic loss might be seen in an EVPN-VXLAN scenario with CRB multicast snooping. PR1570883

  • Configuring static-mac and no-mac-learning simultaneously on the VXLAN interface causes stale MAC and IP entry in the EVPN database. PR1576147

  • The mustd process generates core file during upgrade or while committing a configuration. PR1577548

  • The rpd process might crash if EVPN routing instances or BGP connections are flapping. PR1581674

  • Multicast traffic loss might be seen in EVPN setup with IGMP snooping used. PR1582134

  • After device reboot in an EVPN-VXLAN setup with graceful restart, EVPN routes are not advertised to EVPN peers until rpd is up for 180 seconds. PR1586246

  • The BUM traffic might lose after triggering NSR in an EVPN-MPLS or EVPN-ETREE scenario. PR1586402

  • The traffic might be dropped when an EVPN and L3VPN routes are resolved using the same MPLS-over-UDP tunnel. PR1587204

  • The traffic might be dropped in an EVPN-VXLAN multihomed scenario. PR1590128

  • Traffic loss might be seen under an EVPN-VxLAN scenario when MAC-IP moves from one CE interface to another. PR1591264

  • Transit traffic gets dropped post disabling one of the PE-CE links on a remote multihome PE in an EVPN-MPLS AA setup with dynamic-list next hop configured. PR1594326

  • EVPN might not work properly in a multi-homing setup. PR1596723

  • The device announces router-mac, target, and EVPN-VXLAN community to BGP IPv4 NLRI. PR1600653

Forwarding and Sampling

  • Logical interface statistics for aggregated sonet displays double value than expected. PR1521223

  • User defined ARP policer is not applied on aggregated Ethernet interface until firewall process is restarted. PR1528403

  • In a VXLAN scenario, the locally originated packets have UDP source port 0. PR1571970

  • The pfed memory leak might be observed. PR1573285

  • The l2ald process might crash on changing the routing instance. PR1584737

  • The snmpwalk might not get polling the MIB for some logical interfaces. PR1601761

General Routing

  • Junos OS does not provide any logging for non-SNI sessions. PR1442391

  • FPC might crash after performing unified ISSU on the device which equips the type of 3D 20x 1GE MIC. PR1480212

  • On MX204 routers, incorrect log message might be displayed when changing the configuration from PIC mode to port mode. PR1500429

  • Transit IPv4 traffic forwarding over BGP SR-TE might not work. PR1505592

  • Sometimes external 1 pps cTE is slightly above class B requirement of the ITU-T G.8273.2 specification. PR1514066

  • Kernel crash might occur after NSSU while performing GRES. PR1533874

  • The dcpfe process might crash and cause FPC to restart due to the traffic burst. PR1534340

  • The spcd process might crash during early initialization. PR1535536

  • Certain Linux based FPCs might reboot if TNP neighbor towards backup Routing Engine continuously flaps on dual Routing Engine platforms. PR1537869

  • The BFD neighborship fails with the EVPN-VXLAN configuration after starting the Layer 2 learning. PR1538600

  • DHCP discover packet might be dropped if the DHCP inform packet is received first. PR1542400

  • Sessions creation rate is set to minimal rate after IDS and CPU throttling in place during DDoS attack. PR1544489

  • The kmd process might crash when the interface flaps. PR1544800

  • The kernel crash might happen if NSR is enabled. PR1545143

  • The performance of Packet Forwarding Engine process on MX204 platforms might be degraded. PR1545989

  • The 40 G or 100 G interfaces might flap during unified ISSU if PTP is deactivated on the interfaces on MX platforms. PR1546704

  • The PTP protocol might get stuck at initializing state on MX platforms. PR1547423

  • FPC crash might occur after flapping the multicast traffic. PR1548972

  • Deleting or deactivating the PS interface should not be allowed when used by BBE subscriber. PR1550915

  • Silent compact flash (/dev/ada1) failure might occur during reboot or startup of router. PR1551171

  • The interface might not come up with 1 Gigabit optics. PR1554098

  • Error logs might be observed on the platforms using next generation Routing Engine. PR1555872

  • FPC with power related faults might get online again once fabric healing has turned the FPC offline. PR1556558

  • The dcpfe process might crash and restart with a dcpfe core file created while running the Type5 EVPN-VXLAN with 2000 VLANs. PR1556561

  • Multiple FPC crash might be seen when performing GRES or FPC reboot repeatedly in a subscriber scenario. PR1557294

  • The l3static license is required though it is included in the base license. PR1557631

  • The MAC addresses learned in a Virtual Chassis might fail due to aging out in the MAC scaling environment. PR1558128

  • The device might run out of service post GRES or unified ISSU. PR1558958

  • The subscriber management infrastructure daemon (smid) process might be stuck at 100 percent. PR1559402

  • Single rate three color policer does not work. PR1559665

  • Zero suppression disabling for Junos OS Release 20.4. PR1559882

  • The untagged traffic routed over native VLAN might be dropped. PR1560038

  • The VXLAN queue DDoS violation and RARP packets flood might happen if receiving the RARP packets more than the supported DDoS bandwidth. PR1560243

  • The PIC in MX-SPC3 card might get stuck in offline status after flowd crash occurs on it. PR1560305

  • Filters are not allowed on family any port-mirroring destination interface. PR1560624

  • Interface cannot send or receive packets after repeated 100 G link flaps on MPC10E line cards. PR1560772

  • The tunable optics SFP+-10G-T-DWDM-ZR does not work. PR1561181

  • SPC3 is not supported on MX for deployment. PR1561188

  • The dcpfe process might crash after deleting VXLAN configuration. PR1562692

  • LICENSE_INVALID_FEATURE_ID syslog message is not being logged. PR1562700

  • The rpd process might crash when the routing instances are deleted and recreated quickly. PR1562905

  • The following error message might be seen after unified ISSU: Turbotx process not running. PR1564418

  • Commit error observed when the tunnel-service is configured on a PIC without explicit bandwidth. PR1565034

  • The MX150 device might reboot after performing the request system snapshot recovery command. PR1565138

  • On the MX2010 or MX2020 routers, the following error message might be observed after switchover with GRES and NSR: CHASSISD_IPC_FLUSH_ERROR. PR1565223

  • The KRT log file might continue to grow after removing the KRT log configuration. PR1565425

  • TLB composite next hop is installed incorrectly in other routing instances. PR1567568

  • MAC addresses might not be relearned successfully after MAC address age time out. PR1567723

  • MAC addresses might not be installed in the EVPN MAC table due to route churn. PR1568130

  • LLDP out-of-bounds read vulnerability in l2cpd. PR1569312

  • Wi-fi mPIM is reaching out to NTP and DNS servers. PR1569680

  • The MPLS traffic passed through the back to back PE router topology might match the incorrect CoS queue. PR1569715

  • The mspmand process might crash if the packet flow control issue occurs on MS-MPC and MS-MIC. PR1569894

  • The log message /tmp//mpci_info: No such file or directory :error[1] might be seen on VM host platform. PR1570135

  • The jinsightd process might be stuck with high CPU process utilization. PR1570526

  • The bbe-smgd process might crash after committing several thousand addresses in a filter term. PR1570536

  • Improve deletion handling of static demux interface with active subscribers. PR1570739

  • PDB pull or synchronization does not occur in new primary during unified ISSU. PR1570841

  • Upgrading with unified SSDs (2x32G SSD) might result in boot loop in certain scenario. PR1571275

  • Packet loss might be observed when sample based action is used in the firewall filter. PR1571399

  • Packets with the MAC address of eth0 and macvlan0@eth0 interface might be sent out to the management interface on VM host platform with Next Generation Routing Engine. PR1571753

  • With NSR configurations and switchover-on-routing crash statement is configured, Routing Engine switchover will be performed on an rpd crash if rpd was NSR ready before crashing. PR1571914

  • The gRPC session is hanging in CLOSED state. PR1571999

  • High CPU usage might occur on rpd for routes that use static subscriber. PR1572130

  • DCI traffic loss of 100 percent is observed in transit spine devices. PR1572238

  • The fxpc process might crash and cause traffic loss in the IFBD scenario. PR1572305

  • On the MX960 routers, the Require a Fan Tray upgrade alarm is raised when the top fan tray 0 is removed, even though the enhanced fan tray is already used. PR1572778

  • DCPFE and FPC crash might be observed if ARP MAC move happens PR1572876

  • A traffic loop might be observed after the VCP interface flap. PR1573047

  • The CFP unplugged message is not logged. PR1573209

  • Fabric errors are observed and FPC processes might get offline when MPC3-NG or MPC3E line cards are installed along with MPC7 or MPC10 and SCBE3 or SCB4 operating in increased-bandwidth fabric mode. PR1573360

  • On devices with MPC4E-3D line card shows si5374 clock PLL lock timed out error at boot up. PR1573729

  • ARP traffic exceeding the policer limit is not discarded. PR1573956

  • Only root user is allowed to execute commands on host using vhclient. PR1574240

  • QSFP 4x10G interface might not come up after FPC reboot. PR1574279

  • DS-Lite throughput degradation might be seen on MS-MPC. PR1574321

  • Slow FPC heap memory leak might be triggered by flapping the subscribers terminated over multiple pseudowires. PR1574383

  • On MX204 and MX10003 routers, the chassisd process memory leak issue might be seen and causes traffic loss. PR1575029

  • On the EA-based cards IGMP group membership is displayed incorrectly. PR1575031

  • PTP might be stuck in phase acquiring state after unified ISSU. PR1575055

  • The rpd process might continuously crash if you delete the forwarding-class policy with discard action. PR1575177

  • The MPC10E line cards generates the following error message: user.err aftd-trio: [Error] Em: root: Insert entry failed, entry:parentToken:747441 entryMask:ffffffffffffffff index:52. PR1575310

  • On MX150 routers, the interface might take a long time to power down while rebooting, powering-off, halting, or upgrading. PR1575328

  • The show services service-sets statistics syslog command returns the following error message as the service-set does not have the syslog configuration: error: usp_ipc_client_recv_ 1237: ipc_pipe_read fails! error:No error: 0(0), tries:1. PR1576044

  • IPsec tunnel is not established when receiving the proxy-id list. PR1576071

  • The CHASSISD_FRU_IPC_WRITE_ERROR: fru_send_msg: FRU GNF 2, errno 40, Message too long logs might appear periodically in the chassisd logs. PR1576173

  • On MX10016 routers, when the fan X failed alarm is cleared in the fan tray 1, the fan/blower OK SNMP traps are generated for the fan tray 0. PR1576521

  • The LLDP neighbor information displays hex string instead of chassis ID when subtype 1 is used. PR1576721

  • The MS-MPC and SPC3 might reset on receiving the subscriber traffic. PR1576946

  • The following commit failure-error is observed: Modified IFD "ae0" is in use by targeted BBE subscriber, commit denied - mtu config changed (1522), (1514). PR1577007

  • Repd core file might be seen in subscribers setup with scaled around 32,000 connections. PR1577085

  • The OSPF session over IRB might not come up in the EVPN-VXLAN scenario. PR1577183

  • Traffic loss might be seen when the subscriber service over aggregated Ethernet bundle interface. PR1577289

  • When line card is booted on Routing Engine 1 being master, next generation statistics fails to fetch the value of backup MAC address correctly. PR1577611

  • Native sensors do not work for LDP LSP and LDP p2mp sensor. PR1577931

  • The bbe-smgd process might crash when the RADIUS server sends multiple CoA. PR1578162

  • The DHCP ALQ is not working as expected. PR1578543

  • TACACS traffic might be dropped. PR1578579

  • High FPC CPU usage might be seen when signal on the link is unstable. PR1579173

  • Random or silent reboot might be seen. PR1579576

  • The dcpfe process might crash when any interface flaps. PR1579736

  • On the MPC11E line cards, system resource monitor does not list some of the available Packet Forwarding Engines. PR1579975

  • Authentication might fail if the password contains special characters. PR1580003

  • On MX Virtual Chassis, gRPC-based, components, or sensor output is missing a lot of data. PR1580120

  • While mapping analyzers to the channelized port, mirror might not work properly. PR1580473

  • More than one subscriber on the same VLAN fails to apply same FWF template. PR1580826

  • The following error is observed: kern.ipc.maxpipekva exceeded; see tuning error. PR1581192

  • Memory leak might happen due to stale NAT64 entries. PR1581231

  • Vmcore.0 file is observed at 0xffffffff80443eef in kern reboot. PR1581260

  • The rpd process might crash on the new primary Routing Engine after performing graceful switchover. PR1581878

  • Changing the bandwidth statement does not take effect for SNMP ifHigSpeed oid until a PSX interface is disabled and enabled. PR1582060

  • The rpd process generates core file after Routing Engine switchover. PR1582095

  • The voice VLAN might not get assigned to the access interface. PR1582115

  • Communication between two CEs might be failed when BGP rib-sharding is enabled. PR1582210

  • The rpd process might get stuck in 100 percent due to race condition. PR1582226

  • The bbe-smgd crash might be seen after subscriber logout due to a rare timing issue on MX platforms. PR1582356

  • Traffic drop might be observed on MX platforms with SPC3 in the DS-Lite scenario. PR1582447

  • Destination port might be incorrectly set on MS-MPC and MS-MIC in DS-Lite scenario. PR1582595

  • Node locked license addition fails. PR1582704

  • Configuring or removing hierarchical-scheduler or per-unit-scheduler might cause traffic to stop forwarding. PR1582724

  • Load balancing is not working correctly on AMS interfaces for CGNAT traffic on MX USF mode with SPC3. PR1582764

  • The firewall filter logs are incorrectly populated with entries for protocol 8847. PR1582780

  • On MX platforms, gRPC core file might be seen on a large number of telemetry subscriptions. PR1583161

  • The bcmd process might crash on the MX150 platform. PR1583281

  • Reset JBS, JAS, and JPS definition to align with the new license model. PR1583438

  • Reset PFL and AFL definition to align with the new license model. PR1583439

  • The firewall filter might not be programmed after deleting a large filter and adding a new one in a single commit. PR1583440

  • SNMP SysObjectID.0 is empty with the unified-services enabled. PR1583534

  • TCP connection to syslog server might fail to be established after adding the tcp-log configuration for an existing service-set. PR1583979

  • Layer 2 multicast VXLAN instance is down since local VTEP logical interface is not associated to EVPN instance. PR1584109

  • The jsd process leads to a high CPU usage. PR1584357

  • Traffic might not get filtered properly when security-intelligence profile is configured on the MX platforms. PR1584377

  • After performing NSSU, the timeout waiting for response from fpc0 error message is seen while checking version detail. PR1584457

  • The rpd process might crash due to a rare timing issue if both BGP Local RIB and adjacency-RIB-in route monitoring are enabled in BMP. PR1584560

  • Bridge domain names information is not displayed properly in the show bridge statistics instance command output. PR1584874

  • After changing configuration, the show bridge statistics command shows extremely larger value. PR1584876

  • Traffic impact might be seen when tunnel-services bandwidth is configured. PR1584969

  • Secure web proxy continue sending DNS query for unresolved DNS entry even after the entry is removed. PR1585542

  • Traffic might be impacted due to a memory leak caused by the constantly flapping of EVPN route. PR1586120

  • GRE OAM packets are sent through queue 0 with the force-control-packets-on-transit-path statement enabled. PR1586169

  • Traffic drop is observed after enabling the flexible-queuing-mode on the MPC2E line cards. PR1586403

  • The l2ald process might crash on changing the routing-instance. PR1586516

  • Inter and intra VNI traffic drop might occur in spine with EVPN-VXLAN CRB configuration. PR1586537

  • The rpd process generates core file if executing the show igmp continuous stats command after GRES. PR1587023

  • The SNMP trap for MAC notifications might not be generated when an interface is added explicitly under switch-options. PR1587610

  • The bbe-smgd process might crash if the staled ACI based subscribers are not cleaned up properly. PR1587792

  • The na-grpc process crash might be seen and existing telemetry connections will be disconnected. PR1587956

  • The rpd process crash might be observed on the router running a scaled setup. PR1588439

  • The bbe-statsd memory leak might be observed on backup Routing Engine during subscribers login or logout. PR1589081

  • The jsd process crash might be seen in a rare condition in a telemetry scenario. PR1589103

  • The l2cpd process might crash. PR1589216

  • The MPLS traffic might not be forwarded after the aggregate interface flap. PR1589840

  • Allow default license for FBF, CFM, VRRP, QINQ, MC-LAG, TIMING, IGMP, PIM, GRE-TUNNEL, RIP, OSPF, Virtual Chassis, sFlow. PR1589920

  • Traffic loss might be observed for interfaces configured in subnet /16. PR1590040

  • VXLAN DDoS violation might occur when disabling the port mirror analyzer output interface. PR1590150

  • Traffic loss might be observed due to FPC crash in a scaled subscriber scenario. PR1590374

  • NAT service might not happen after performing AMS switchover or deactivating and activating NAT service. PR1590890

  • If the CoS CR features used by VBF service is configured, MPC might crash with subscriber. PR1591533

  • Frequent phydriver sync_state toggling resulting high two way time errors. PR1591667

  • The clear-ipsec-sas-for-duplicate-ts command is not clearing secure access (SA) for duplicate traffic selectors (TS). PR1591735

  • On Junos OS, xSTP might not get configured when enabled on an interface with SP style configuration on all platforms. PR1592264

  • The mobiled daemon might crash after switchover is performed for an AMS interface or crash occurs on service PIC where the AMS member interfaces are present. PR1592345

  • The AMS warm standby with deterministic NAT functionality might not work properly. PR1592437

  • Routing Engine kernel might crash due to logical interface of aggregated interface adding failure in Junos OS kernel. PR1592456

  • The l2cpd-agent might go unresponsive after starting telemetry service. PR1592473

  • Using the BITS interface from backup Routing Engine for clock recovery might not work. PR1592657

  • The packet coming from the PS interface and forwarding to the SPC3 might be dropped. PR1592706

  • Any mmcq based services might crash due to shared memory queue issue happens in a rare condition. PR1592889

  • The TCP connections to the telemetry server might be stuck in CLOSE_WAIT status. PR1593113

  • The TCP keepalive might not be processed by the private network host. PR1593226

  • IPv6 neighbor might remain unreachable in VRRP for IPv6 scenario. PR1593539

  • J-web deny log nested-application is UNKNOWN instead of specific application. PR1593560

  • Fabric errors will be generated after swapping MPC10E with MPC7E line cards in the same slot. PR1593821

  • The dcpfe process might crash in an EVPN-VxLAN scenario. PR1593950

  • Node name should not be attached to the system hostname under LLDP. PR1593991

  • Packet drop might be seen when traffic is moving from one FPC to another FPC. PR1594244

  • On MX5, MX40, and MX80 routers, TEB gets stuck in present state. PR1595107

  • With EVPN-VXLAN with shared-tunnel configuration, when there is BGP flap or restart of l2ald, info logs appear. PR1595203

  • The interface down might be delayed after performing the set interface interface name disable command. PR1595682

  • Firmware might fail to download to MIC on MX Virtual Chassis setup. PR1595693

  • Packet Forwarding Engine wedge might be seen if received many IPv4 packets that need to be fragmented. PR1596100

  • The l2ald process might crash on all leaves and spines after a new leaf is added to the EVPN fabric. PR1596229

  • Traffic loss might happen periodically in MACsec used setup if Routing Engine is working under a pressure situation. PR1596755

  • SR-TE tunnel initiated from a non-Juniper PCE might fail. PR1596821

  • The bbesmgd core files are generated after Routing Engine goes down. PR1596848

  • Redundancy problem with CLI CPU statistics lost data after PIC failover. PR1596976

  • Major alarms on all FPCs in chassis might be seen after some time from bootup. PR1597066

  • The MAC and IP withdraw route might be suppressed by rpd in the EVPN-VXLAN scenario. PR1597391

  • ALG traffic might be dropped. PR1598017

  • The AFEB crash might be observed with MIC-3D-8DS3-E3. PR1598411

  • The packet loop might be seen after receiving the PCP request packets which are destined to softwire-concentrator address. PR1598720

  • MX SPC3 applications for ICMP is not detected and does not allow user to modify inactivity-timeout values. PR1599603

  • The configuration check would fail if more than 8 FCs are configured and CBF is enabled. PR1600544

  • The multiservices card does not drop the TCP ACK packet received as a reply to the self-generated TCP keepalive. PR1600619

  • A few line cards might not come up online with the increased-bandwidth mode. PR1602080

  • Traffic drop might be observed in a Virtual Chassis scenario when the firewall filter is configured. PR1602914

  • The Packet Forwarding Engine might be disabled by a detected major CMERROR event while ungracefully removing the MIC from MPC2E-3D-NG or MPC3E--3D-NG. PR1602939

  • Interface hold-time up is not working on MX150 platforms. PR1604554

  • The interface on MCP3-NG HQoS/MPC7E flaps continuously after enabling LACP on aggregated Ethernet interface. PR1605446

  • The MPLS transit router might push an extra entropy label to the LSP. PR1605865

  • The multicast streams might stop flooding in a VXLAN setup. PR1606256

  • After an FPC oversubscription, new subscribers night not be able to connect. PR1607056

  • The IPv6 BGP flowspec filter matching icmp-type 2 only drops the TCP traffic on source port range 512 to 767. PR1607185

  • In a subscriber management scenario, under a rare condition, the Routing Engine might reboot and generates a vmcore file. PR1607282

  • The following commit error is observed: foreign file propagation (ffp) failed, reported for any type of change to dynamic-profiles. PR1607494

  • Memory might be exhausted when both the BGP RIB sharding and the BGP ORR features are enabled. PR1613104

Infrastructure

  • Some MAC addresses might not be aged out. PR1579293

  • The fxpc process might crash and generate core files. PR1611480

Interfaces and Chassis

  • The input errors counter command on the monitor interface command does not work. PR1561065

  • Unable to set member-id as Routing Engine is in synching mode forever when it has having invalid Virtual Chassis data. PR1569556

  • The if-media-type is missing from interface XML output on MX Series routers. PR1574035

  • There might be increase in memory for the fabspoked process. PR1574391

  • On MX Virtual Chassis, unified ISSU incompatible FRU offline can result in unexpected FPC restarts after unified ISSU completes. PR1575687

  • The errors are seen during GRES. PR1575689

  • MC-LAG interfaces might go down if the same VRRP group-id is configured on multiple IRB units. PR1575779

  • ARP resolution failure might occur during VRRP failover. PR1578126

  • The facing configuration check-out failed with the following error message: identical local address found on rt_inst [default], intfs. PR1581877

  • Newly added MC-LAGs do not come up after Routing Engine switchover. PR1583547

  • Add configuration for PPP NCP max-failure number of retry count. PR1584168

  • Incorrect advertisement threshold values are seen on VRRP groups when the global-advertisements-threshold is set. PR1584499

  • Unable to configure pseudowire interface on an MX10003 platform in Virtual Chassis mode. PR1587499

  • The dcd process crash might be seen after performing Routing Engine switchover, reboot, or management interface configuration change. PR1587552

  • The dcd process might crash after removing aggregated Ethernet logical interface from the targeted distribution database. PR1591032

  • Removing the configuration from interface stanza might cause the dcpfe process to crash. PR1594356

  • On MX240 platforms, difference between the statistics of DMM sent and DMR received is not as expected. PR1595780

  • The VRRP host cannot be reached if the native-vlan-id is configured. PR1595896

  • The dcd process might crash and FPC might be stuck in ready state on MX platforms. PR1601566

J-Web

  • J-Web allows a locally authenticated attacker to escalate their privileges to root. PR1511853

  • To improve performance in Monitoring > Network > Interfaces page, admin status is removed, services and protocols data are merged into one host inbound traffic. PR1574895

Layer 2 Features

  • LACP does not come up in the non-oversubscribed mode for a set of ports. PR1563171

  • Traffic forwarding for VLAN 2 might not be correct when a VLAN member is removed from the ESI interface. PR1570446

Layer 2 Ethernet Services

  • Aggregated Ethernet interface flap might be seen during NSSU. PR1551925

  • The DHCP client will be offline for 120 seconds after sending the DHCPINFORM message in the DHCP relay scenario. PR1575740

  • DHCP relay drops packets during the DHCP renewal process. PR1576417

  • The jdhcpd process might crash if relay-source lo0 is enabled in DHCP relay. PR1580724

  • There is ALQ synchronization issue on master BNG and backup BNG with loss of subscriber session redundancy via PS interface. PR1583310

  • The DHCP ALQ queue might get stuck causing subscriber flap. PR1590421

  • The jdhcpd process might not respond to any discover message when it is in the clients waiting to be restored state. PR1592552

  • The jdhcpd process generates core file post Junos OS upgrade. PR1594371

MPLS

  • The rpd process might crash in corouted bidirectional RSVP LSP scenario. PR1544890

  • Incorrect EXP bit change might be seen in certain conditions under MPLS scenario. PR1555797

  • Suboptimal routing issues might be seen in case LDP route with multiple next hops. PR1582037

  • Add lsp-ping-multiplier option support for LDP-OAM similar to RSVP-OAM. PR1582254

  • MBB is not triggered when LSP is reverting back to primary path. PR1587704

  • Rpd core file in backup Routing Engine at mirror_process_recvd_data_queue with MLDP NSR configuration. PR1594405

  • The LDP replication session might not get synchronized when dual-transport is enabled. PR1598174

  • The rpd process might crash with LSP external controller configuration. PR1601763

  • VPLS connection might get down if the dual-transport statement is configured. PR1601854

  • RSVP detour LSP might fail to come up when an LSR in the detour path goes down. PR1603613

  • The rpd process might crash on standby_re LDP module when VPLS mac-flush is enabled on peer by default or by configuration. PR1610638

Multicast

  • Multicast traffic in an MVPN setup might be silently dropped and discarded on some platforms acting as transit LSR. PR1555274

  • FPC might crash in a multicast scenario. PR1569957

Network Address Translation (NAT)

  • Services NAT mappings and sessions are incorrect while checking the SIP sessions from public to private and RTP from private to public. PR1577922

Network Management and Monitoring

  • Slow memory leak could be observed for snmpd process. PR1575790

  • SNMP reflects outdated ARP entries. PR1606600

Platform and Infrastructure

  • Interwork failure between RPM client and TVP platforms as RPM server (and vice versa). PR1508127

  • Console access on backup Virtual Chassis member is not allowed. PR1530106

  • COoS queue egress interface forwarding-class might not work as expected. PR1538286

  • The following major error message might cause the Packet Forwarding Engine to disable: XQ_CMERROR_SCHED_L3_PERR_ERR. PR1538960

  • The following error might be seen when adaptive load-balancing is configured on a LAG: HEAP malloc(0) detected!.PR1547240

  • FPCs might go to ISSU error state post performing enhanced ISSU. PR1553961

  • Upon receipt of specific sequences of genuine packets destined to the device, the kernel will crash and restart. PR1557881

  • The BUM frame might be duplicated on an aggregate device if the extended port on the satellite device is an aggregated Ethernet interface. PR1560788

  • Multicast traffic with incorrect source MAC address might be observed from IRB interface. PR1561313

  • Traffic loss might be observed due to FPC crash on MX platforms. PR1563144

  • Last flapped timestamp for interface fxp0 gets reset every time when the monitor traffic interface fxp0 is executed. PR1564323

  • The L2TP tunnel might not work with filter-based encapsulation. PR1568324

  • On MX series routers, hosting subscribers error logs might be seen. PR1570631

  • FPCs might crash randomly while deleting the interface-set in the system. PR1571192

  • Platforms with EVPN-VXLAN configured, the next hop memory leak in MX Series ASIC happens whenever there is a route churn for remote MAC-IP entries learned bound to the IRB interface in EVPN-VXLAN routing instance. When the ASIC's next hop memory partition is exhausted, the FPC might reboot. PR1571439

  • Scale subscriber license might be not updated properly on the backup Routing Engine which leads to License grace period for feature scale-subscriber(44) is about to expire alarm after GRES. PR1573289

  • FPC reports following error log message: cassxr_err_addr(8593): Uninitialized Read Error @ EDMEM[0x7cb601b0]. PR1573920

  • Memory partitioning issue might happen on Packet Forwarding Engine after applying sampling and flex-flow-sizing to the MX Series with MPCs/MICs line cards. PR1575994

  • On all Junos platforms with private edit mode enabled, if you commit the source-address address routing-instance and then delete source-address routing-instance, the commit fails with a warning message: warning: patch removes statement that is not empty. PR1582529

  • VRRP device originally taking backup role might cause destination IP unreachable after VRRP mastership switchover. PR1584115

  • FPC might crash in a scaled-firewall configuration. PR1586817

  • The traffic might not failover with the shared-bandwidth-policer enabled on aggregated Ethernet. PR1588708

  • The audit core file is generated while changing TACACs and login user passwords. PR1589953

  • Junos OS: Upon receipt of specific sequences of genuine packets destined to the device, the kernel will crash and restart. PR1595649

  • VLAN tagged traffic might be dropped with service provider style configuration. PR1598251

  • The service filter might get incorrectly programmed in the Packet Forwarding Engine due to a rare timing issue in enhanced subscriber management environment. PR1598830

  • When a local PE device has to terminate two tunnels from same remote PE device but on different VRFs, FPC0 core files might be seen during deletion of decap prefix. PR1600030

  • The kernel core file might be seen if restarting BGP connections after deleting BGP authentication. PR1601492

  • The ZTP does not work when downgrade the image. PR1603227

  • Multicast traffic is dropped when forwarded over VPLS via IRB. PR1607311

Routing Policy and Firewall Filters

  • The DNS name cannot be resolved if customer-defined routing instance is configured under name-server. PR1539980

  • The rpd process might crash when the deletion of routing table occurs. PR1565629

  • The bbe-smgd fails when reading the configuration for address mask prefix-length configured in a policy statement. PR1583535

Routing Protocols

  • The route validation states might flip between VALID, INVALID, and UNKNOWN in some corner case. PR1556656

  • Incorrect active, received, accepted counters might be seen in the output of the show bgp summary. PR1558678

  • There might be traffic loss when GRE interface flaps. PR1566428

  • The rpd memory leak might be observed during CLI or ephemeral commits in OSPFv2 scenario. PR1568157

  • After the first parallel ISSU, subsequent ISSU aborts with Aborting Daemon Prepare error message. PR1572265

  • The BFD session of DHCP subscriber does not come up on the MPC2E line card and gets stuck in the Down state. PR1572577

  • The DHCP packets might be dropped in the static VXLAN scenario. PR1576168

  • The ppmd might crash when enabling MD5 authentication on OSPF with BFD flapping. PR1576893

  • BGP session flap might be observed after the Routing Engine switchovers when the VRRP virtual address is used as the local address for the BGP session. PR1576959

  • Multicast traffic loss might be observed as logical PIM de-encapsulation interface is not created as expected. PR1577461

  • The rpd process might crash when two or more routing instances are deleted in one shot. PR1578740

  • The BGP signaled dynamic tunnels might be still up after deactivating the BGP export policy from the remote peer. PR1579225

  • Short multicast packets drop using PIM when multicast traffic received at a non-RPT or non-SPT interface. PR1579452

  • BGP session carrying VPNv4 prefix with IPv6 next hop might be dropped. PR1580578

  • BGP replication might be stuck in rare and timing conditions. PR1581578

  • The rpd process might crash in BGP and MPLS scenario. PR1581794

  • With IGMP snooping implemented, there is unexpected jitter issue that could cause traffic loss. PR1583207

  • The rpd process crash might be seen in certain IS-IS scenario. PR1583484

  • On rare occasion, rpd core file might be observed on backup Routing Engine after loading a new image. PR1583630

  • Origin validation replication status shows up in the show task replication command output even when not configured. PR1583692

  • The rpd process might crash in BGP multipath scenario if the single hop EBGP peer goes down. PR1585265

  • The rpd process crash might be seen when BGP RPKI session record-lifetime is configured to be less than the hold-time. PR1585321

  • Traffic drop might be occurred on link flap when IS-IS is configured. PR1585471

  • The rpd process might crash after committing with the configured static group. PR1586631

  • Incorrect BGP next hop advertisement in the Layer 3 VPN scenario. PR1587879

  • The multicast traffic loss might be observed after unified ISSU is being performed. PR1588555

  • The rpd process might crash in a scaled routing instances scenario. PR1590638

  • The rpd process might crash post GRES. PR1590912

  • PIM joins might not be synchronized between master and backup Routing Engines because of ppmd restart. PR1591685

  • If BGP disable or enable in a short time interval on a scaled NSR router might result in backup rpd process restart. PR1591717

  • The rpd process crash might be seen if BGP peer flaps. PR1592123

  • The remote loop-free-alternate (LFA) backup path might not be formed. PR1592424

  • The traffic might get silently dropped and discarded or forwarded through not-best path in BGP setup. PR1592550

  • The routing process might crash due to memory corruption while processing BGP multipath route. PR1594626

  • Some routes might get incorrectly programmed in the forwarding table in the kernel with the next- hop installed as dead. PR1601163

  • The rpd process might be stuck at 100 percent in OSPFv3 scenario. PR1601187

  • After changing MTU on interface BGP routes that resolve over IS-IS will be installed in kernel as dead and traffic will drop. PR1605376

  • On MPC10E line cards, the rpd process generates core files after deactivate and activate interfaces: rt_table_flash_job_cancel,rt_instance_set_lsi_ifl_data_shard,rt_flash_all_internal. PR1605620

  • The multicast traffic might be duplicated on a subscriber interface. PR1607493

  • With rib-sharding enabled, any commit will flap all BGP sessions with 4 byte peer-as (AS number 65536 or greater). PR1607777

  • The rpd process might generate core files if TI-LFA or MLA feature ends up having more than 5 SIDs in the SRVv6 SIDs stack. PR1613384

Services Applications

  • The CoA with LI-on or LI-off message might be dropped during CoA process. PR1554618

  • IWF AVP value might not be reflected properly on LTS. PR1581096

  • On MX480 routers, vmcore might be seen due to doadump (textdump=1) at /volume/build/junos/occam/llvm-5.0/sandbox-204ab-20210401/freebsd/stable_11-204ab/20210401.22. PR1595088

  • The show services l2tp tunnel extensive, show services l2tp session extensive, and show subscribers accounting-statistics" commands do not work on LTS. PR1596972

Subscriber Access Management

  • CoA request might not be processed correctly from time to time. PR1571501

  • Subscribers might be stuck in terminated state when the RADIUS server is unreachable. PR1600655

  • The Service session entry creation failed errors are seen during ephemeral commit. PR1603030

  • The DHCP session fails with the session-limit-per-username statement configuration. PR1612196

User Interface and Configuration

  • NTP might be stuck in AUTH state if authentication-key in a hexadecimal format configured by load command. PR1486498

  • Removing the flash component from Monitor > Interfaces and DHCP pages, removes the other flash pages. PR1553176

  • On MX10008 platforms, smaller database size when compared to other platforms such as MX10003 and MX960. PR1572768

  • The mustd process might crash with multiple core files due to memory issue. PR1599641

Virtual Chassis

  • Virtual Chassis port might not come up after upgrade when QSFP+-40G-SR4, QSFP+-40G-LR4, or QSFP+40GE-LX4 is used. PR1579430

VPNs

  • The rpd process might crash when link-protection is added or deleted from LSP for MVPN ingress replication selective provider tunnel. PR1469028

  • The iked process might crash when IKEv2 negotiation fails on MX devices. PR1577484

  • The rpd process might crash in the NG-MVPN scenario on all Junos platforms. PR1579963

  • The traffic of the draft rosen multicast VPN might lose after switching over the Routing Engines. PR1584720

  • The rpd core is found at tag_dpvc_create_p2p_pvc,ir_ucast_tnl_p2p_init_new,ir_ p2p_ucast_tnl_init,ir_ucast_tnl_add,mvpn_p_tnl_ir_ leaf_add,mvpn_p_tnl_ir_sel_leaf_add,mvpn_spmsi_leaf_add_del, mvpn_spmsi_replay_leaf_ad_upds etc. PR1588486

  • The DDoS protection reason packets failed the multicast RPF check might be seen in NG-MVPN scenario with GRE transport. PR1591228

  • The rpd process might crash if the interface goes down in the BGP-MVPN scenario. PR1597387

Resolved Issues: 20.4R2

General Routing

  • Need to be able to show which shard a given route is hashed to. PR1430460

  • The MPC2E-NG or MPC3E-NG line card with specific MIC might crash after a high rate of interface flaps. PR1463859

  • The following line card errors are seen: HALP-trinity_nh_dynamic_mcast_add_irb_topo:3520 snooping-error: invlaid IRB topo/ IRB ifl zero in l2 nh 40495 add IRB. PR1472222

  • Subscribing to /linecard/packet/usage and triggering the UDP decoder: the hardware statistics are exported with improper hierarchy. PR1485739

  • Aggregate Ethernet interfaces do not display member links' statistics. PR1505596

  • MX150 router might go into debug prompt mode after software upgrade or downgrade. PR1510892

  • On MX960 routers, the show interfaces redundancy rlt0 statement shows current status as primary down as FPC is still in the Ready state after RLT failover (restart FPC). PR1518543

  • No response from the other Routing Engine for the last 2 seconds triggers SNMP trap generated: Fru Offline messages. PR1524390

  • Problem with static VLAN deletion with active subscribers and the FPC might be stuck at Ready state during restart. PR1525036

  • The aggregated Ethernet interface might not come up with LFM configured after reboot. PR1526283

  • L2TP subscribers might fail to establish a session on MX if the CPE is a virtual host. PR1527343

  • Removing superflous XML tags within syslog strings. PR1528116

  • Error message FAILED(-1) read of SFP eeprom for port might be seen. PR1529939

  • After performing unified ISSU with a high-scale bridge-domain configuration, less than 0.0254 percent of traffic loss is observed for a single bridge-domain interface. PR1531051

  • Configuring no-flow-control statement under gigether options does not work on MX150 router. PR1531983

  • Need support for show chassis fabric summary output. PR1532163

  • Wavelength unlocked alarm is set as On while using the SFP+-10G-T-DWDM-ZR optics. PR1532593

  • The dcpfe process might crash and cause FPC to restart due to the traffic burst. PR1534340

  • Some routes might get incorrectly programmed in the forwarding table in the kernel which is no longer present in rpd. PR1534455

  • CFM sessions go down during FRU upgrade stage of unified ISSU in MX Virtual Chassis. PR1534628

  • Multiple vmxt processes might generate core files. PR1534641

  • All SFBs might go offline due to fabric failure and fabric self-ping probes performing the disable-pfe action. PR1535787

  • Mixed primary and backup Routing Engine types alarm reported on MX240 with NG-Routing Engine. PR1536184

  • Enhancements are needed for debugging l2ald. PR1536530

  • The chassisd memory leak might cause traffic loss. PR1537194

  • The error message vmhost-platform-grub-install.sh: line 140: [: ==: unary operator expected might be seen during upgrade on VM host platform. PR1537980

  • NGMPC2 core files are seen at bv_entry_active_here::bv_vector_op:: gmph_reevaluate_group:: gmph_destroy_client_group. PR1537846

  • On AFT-based MX Series with FPCs (MPC10 and MPC11) Packet Forwarding Engine, the show jnh exceptions inst inst-number command might cause FPC to crash. PR1538138

  • The BFD sessions might not come up in a VXLAN scenario. PR1538600

  • The rpd memory leak might be observed on the backup Routing Engine due to link flaps. PR1539601

  • FPC might not be recognized after power cycle (hard reboot). PR1540107

  • The dcpfe process might crash in the specific MAC move cases and traffic loss might be observed in the EVPN-VXLAN scenario. PR1542709

  • The JNH memory leak could be observed on MX Series with MPC/MIC based line cards. PR1542882

  • Continuous rpd errors might be seen and new routes will fail to be programmed by rpd. PR1545463

  • jnxDomAlarmSet and jnxDomAlarmClear traps are getting generated at 15 minutes intervals after a link on the transceivers support DOM becomes up or down. PR1545514

  • FPC might not boot-up on MX960 routers in certain condition. PR1545838

  • OSPFv3 session might keep flapping and OSPFv3 hellos might be dropped in the host-path. PR1547032

  • Backup Routing Engine vmcore might be seen due to absence of NH ACK Infra. PR1547164

  • PTP backup device might discard the PTP packets from primary when MPLS explicit-null is configured. PR1547901

  • SR-TE might stay up when the routes are deleted through policy. PR1547933

  • Validation of OCSP certificate might not go through in case of certain CA servers. PR1548268

  • The adapted sample rate might be reset to the configured sample rate without changing the sampling rate information in sFlow datagrams after enabling sFlow technology on a new interface. PR1550603

  • The rpd process crash might be seen when BGP service route is resolved over color-only SR-TE policy. PR1550736

  • The PPPoE subscribers might fail to login. PR1551207

  • The IRB interface might not work after chassisd and l2ald reboot in an EVPN scenario. PR1551631

  • The LCM peer absent alarm might be seen on TVP-based platforms. PR1551760

  • The action-shutdown statement of storm control does not work for ARP broadcast packets. PR1552815

  • The fabric errors are observed and the FPC processes might go offline with SCBE3, MPC3E-NG, MPC3E, MPC7, and MPC10 in the increased-bandwidth fabric mode. PR1553641

  • The following error messages are observed: Disable-pfe with intermittent ipc_pipe_get_packet(): packet_get() failed error message and CM_CMERROR_FABRIC_SELFPING failure. PR1554209

  • The following errors are seen when interpolate is configured under drop profile: CoS WRED Curve: Create Expr Curve: No curve data points!!. PR1554220

  • Medium-high and medium-low loss-priority actions are not supported under firewall policer. PR1554362

  • During ISSU, BNG loses subscriber sessions without sending session stop but stays in authd. PR1554539

  • The chassisd might crash with repeated configuration commits on MX204 and MX10003 platforms. PR1555271

  • MACsec session might remain down after CA applied or reapplied to different interfaces. PR1555736

  • Configuring HFRR, that is, link protection on an interface might cause rpd to crash. PR1555866

  • Chassisd SNMP trap FRU Offline not getting generated on MPC11E line card due to no power. PR1556090

  • The dcpfe might crash and restart with a dcpfe core file created while running Type 5 EVPN VXLAN with 2000 VLANs. PR1556561

  • The framed route installed for a demux interface has no MAC address. PR1556980

  • Script fails while committing the IPsec authentication configuration as the algorithm statement is missing. PR1557216

  • ISSU will be aborted and chassisd core might be seen on backup Routing Engine during Junos OS upgrade in MX Series devices. PR1557413

  • Packet corruption on 100G/40G interface is configured with PTP. PR1557758

  • Application identity unknown packet capture utility does not function when enhanced-services mode is enabled. PR1558812

  • Rpd core files are seen after Routing Engine switchover. PR1558814

  • On MX150 routers, the following license error is observed continuously: licinfra_set_usage_nextgen_async:1733] Invalid input parameters. PR1559361

  • Three-color policer might not work. PR1559665

  • On MX960 routers, mismatch is found between YANG schema and RPC output. PR1559810

  • When the system has only one plane (in the process of plane offline/online), the MPC10-10C line card shows destination errors. PR1560053

  • The request system software validate command might corrupt installation of Junos OS openconfig package. PR1560234

  • The PIC in SRX5K-SPC3/MX-SPC3 card might get stuck in offline status after flowd process crash occurs on it. PR1560305

  • On the MX240 router, the following error message is observed: On R0 Overlay Ping FAILS tunnel-src 10.255.0.53 tunnel-dst 10.255.0.139 vni 1, invalid VNI: '1'. PR1560408

  • The l2cpd core file might be seen on reboot. PR1561235

  • On MX240 routers, VIA headers are not getting changed properly when SIP ALG is enabled. PR1561312

  • The following error is Observed opening configuration database: Could not open configuration database during usb upgrading. PR1561741

  • After recovering from restart routing immediately, object-info anomalies are observed on rpdagent. PR1561812

  • The rpd process crash might be observed during processing huge amount of PIM prune messages. PR1561984

  • Commit issue is seen after loading limited-signed image through USB. PR1562723

  • The rpd process might crash when routing instances are deleted and recreated quickly. PR1562905

  • Client authentication is failing after performing GRES. PR1563431

  • MX Series platforms with MX-SCBE3 might reboot continuously. PR1564539

  • The PPPoE service-name-tables does not correctly count active sessions matching agent-specifier ACI/ARI used for delay. PR1565258

  • Pushing more than two MPLS labels might not work. PR1566828

  • Need to allow tunnel interface as the peer-address for ALQ. PR1567735

  • The MX204 router FPC might show high CPU utilization because the JGCI background thread runs for a long period. PR1567797

  • On MX150 routers, the request system software add CLI command is disabled. PR1568273

  • Core files are generated at export_svc_set_nat_idl@nsd_calloc while verifying no-translation with destination-nat. PR1568997

  • The rpd process might crash while using BFD API to bring up BFD sessions. PR1569040

  • Traffic loss might be observed when SCU accounting is configured and logical-systems is enabled. PR1569047

  • The agent sensor __default_fabric_sensor__ seems to be partly applied to some FPCs, which causes zero payload issue AGENTD received empty payload for pfe sensor __default_fabric_sensor__. PR1569167

  • The MPLS traffic passed through the back-to-back PE topology might match the incorrect CoS queue. PR1569715

  • OAM might not work as expected after FPC reboot or flapping. PR1569790

  • The mspmand process might crash if the packet flow-control issue happens on MS-MPC/MS-MIC. PR1569894

  • The log message /tmp//mpci_info: No such file or directory :error[1] might be seen on VM host platform. PR1570135

  • The following na-grpcd.re core file is observed: net::juniper::appSupport::BufferStream:: ByteIterator,net::juniper::sysmanmsg:: sm_node_data::deserializeInternal,net::juniper:: sysmanmsg::sm_node_data::deserialize (itr=...) at src/sysman_msg.cpp:576. PR1572107

  • The TFEB/FPC might fail to be online after rebooting the system or the FPC if interface-set is configured for CoS. PR1572348

  • Fabric errors are observed and FPC processes might go offline when MPC3-NG, MPC3E, and SRX5K-IOC2 line cards are installed along with MPC7, MPC10, SRX5K-IOC04, and SCBE3/SCB4 line cards operating in increased-bandwidth fabric mode. PR1573360

  • The rpd process on the transit node might crash when performing MPLS traceroute on the ingress node. PR1573517

  • Slow FPC heap memory leak might be triggered by flapping subscribers terminated over multiple pseudowires. PR1574383

  • Interfaces might take a long time to powerdown while performing reboot/power-off/halt/upgrade on MX150 routers. PR1575328

  • The show services service-sets statistics syslog command returns an error usp_ipc_client_recv_ 1237: ipc_pipe_read fails! error:No error: 0(0), tries:1 when service-set does not have syslog configuration. PR1576044

  • When Fan Tray 1 Fan <x> Failed alarm is cleared, Fan/Blower OK SNMP traps are generated for Fan Tray 0 [Fan 31 - 41] and Fan Tray 1 [Fan 11 - 41]. PR1576521

  • The following commit failure-error is observed: Modified IFD "ae0" is in use by targeted BBE subscriber, commit denied - mtu config changed (1522), (1514). PR1577007

  • Issue is seen in telemetry when the set services analytics streaming-server configuration is present, and the server is not reachable. PR1581192

  • IPv4 traffic loss with packet size more than 1410. PR1584509

Class of Service (CoS)

  • The explicit classifier or rewrite-rule might not work as expected for a logical interface if the wildcard configuration is also applied. PR1556103

  • On the MPC7E line card, bps counter of egress queue shows wrong bps value when cell mode is configured on static interface. PR1568192

EVPN

  • The rpd process memory leak might occur when changing EVPN configuration. PR1540788

  • The rpd process crash might be seen after adding route-target on a dual Routing Engine system under EVPN multihoming scenario. PR1546992

  • The l2ald process might crash under VLAN-based EVPN-VXLAN scenario. PR1550109

  • ARP replies from EVPN CE might get dropped incorrectly on MX Series platforms if the EVPN routes are resolved via MPLS-over-UDP tunnels. PR1563802

  • The mustd process crash can be seen during upgrade or while committing a configuration. PR1577548

Forwarding and Sampling

  • After routing restarts, the remote mask that the routing daemon sends might be different from the existing remote mask that the Layer 2 learning daemon had before restart. PR1452990

  • MAC learning issue might happen when EVPN-VXLAN is enabled. PR1546631

  • All traffic might be dropped on an aggregated Ethernet bundle without VLAN configuration if bandwidth-percent policer is configured. PR1547184

  • The l2ald process might crash due to next-hop issue in EVPN-MPLS. PR1548124

  • Configuration archive transfer-on-commit fails. PR1563641

General Routing

  • The DHCP relay-reply packets are dropped in a DHCPv6 relay scenario. PR1352613

  • DHCP discover packet might be dropped if DHCP inform packet is received first. PR1542400

  • The show dynamic-profile session client-id command displays only one IPv6 framed-route information. PR1555476

Infrastructure

  • On Virtual Chassis and Virtual Chassis fabric, the following error message is observed: HEAP malloc(0) detected. PR1546036

  • Ethtraceroute local privilege escalation vulnerabilities in SUID binaries. PR1529209

  • In a multi-tenant environment, a tenant host administrator might configure logical firewall isolation affecting other tenant networks. PR1537491

Interfaces and Chassis

  • The startup-silent-period command might not work. PR1548464

  • The VCP port is marked as administratively down on the incorrect MX Series Virtual Chassis member. PR1552588

  • The dcd process might leak memory on pushing the configuration to the ephemeral database. PR1553148

  • An lacpd core is observed after router reboot. PR1553196

  • Block duplicate IP across different logical interfaces inside same routing instance. PR1555861

  • Sessions might flap after applying the Action profile on the router. PR1561044

  • The ppmd process might crash when VRRP is configured on all Junos OS platforms. PR1561281

  • MAC address entry issue might be seen after MC-LAG interface failover. PR1562535

  • Traffic loss issue might be seen while verifying VRRP state machine functionality. PR1564551

  • Unused memory allocation removed from CCL toolkit. PR1574391

  • MX Series Virtual Chassis ISSU incompatible FRU offline can result in unexpected FPC restarts after ISSU completion. PR1575687

  • The following mutliple errors VRRPMAN_PATRICIA_GROUP_ADD_FAIL: vrrp_ifcm_send_bulk: Failed to add group to patricia tree key,VRRPMAN_ENTRY_KEY_PRESENT: vrrp_ifcm_send_bulk: Already an entry present with the key are found during GRES. PR1575689

  • MC-AE interfaces might go down if same VRRP group-id is configured on multiple IRB units. PR1575779

Juniper Extension Toolkit (JET)

  • TCP connection might not be established while creating default gRPC channel with name fw_channel. PR1559064

Layer 2 Ethernet Services

  • The copying of files to the RCB over WAN ports is slow. PR1496895

  • Receipt of a crafted DHCP packet will cause the jdhcpd DHCP service to generate core file. PR1534814

  • OSPF and OSPFv3 adjacency uptime is more than expected after NSSU upgrade and outage is higher than expected. PR1551925

  • DHCP packet drop might be seen when the DHCP relay is configured on leaf device. PR1554992

  • Receipt of malformed DHCPv6 packets causes jdhcpd to crash and restart. PR1564434

  • jnxJdhcpLocalServerMacAddress (.1.3.6.1.4.1.2636.3.61.61.1.4.3) returns incorrect format of MAC address. PR1565540

  • The option 82 information might be incorrectly cleared by DHCP relay agent. PR1568344

  • The jdhcpd process might crash in a subscriber management scenario with DHCPv6 subscribers. PR1568940

MPLS

  • Traffic loss might be observed due to rpd process crash in MPLS scenario. PR1528460

  • The RSVP graceful-restart might fail. PR1533161

  • A new LSP might not be up even if bypass LSP is up and setup-protection is configured. PR1555774

  • Unexpected LSP packet count is observed for the ingress MPLS LSP statistics. PR1570382

Network Management and Monitoring

  • Commit error while deleting the routing instance when SNMP trap-group also has the same routing instance referred. PR1555563

  • The mib2d process crashes and generates a core file on backup Routing Engine. PR1557384

  • After the l2cpd service is restarted, the context of registration from l2cpd to snmpd was failing due to incorrect reinitialization. PR1561736

  • SSH connection might become unresponsive and logs show kern.maxfiles limit exceeded by uid messages. PR1567634

Platform and Infrastructure

  • The state of the flow detection configuration might not be displayed properly if DDOS-SCFD is configured globally. PR1519887

  • The following error message is observed when alarms after interface reset: 7836 ifl 567 chan_index 8 NOENT & jnh_ifl_topo_handler_pfe(13015): ifl=567 err=1 updating channel table nexthop. PR1525824

  • PPE errors or traps might be observed in Layer 2 flooding scenarios. PR1533767

  • MPC might crash in the subscriber management environment. PR1534542

  • CoS queue egress interface forwarding-class might not work as expected. PR1538286

  • Core files are found at l2_metro_bd_host_inject_del bd_platform_delete bd_handle_msg. PR1538516

  • Major error XQ_CMERROR_SCHED_L3_PERR_ERR might cause Packet Forwarding Engine to disable. PR1538960

  • In rare occurrence Routing Engine kernel might crash while handling TCP sessions if GRES and NSR are enabled. PR1546615

  • An internal timer on backup Routing Engine might cause an ARP storm upon GRES switchover on new primary (old backup) Routing Engine. PR1547583

  • The kernel might crash if performing GRES in either new iteration or after swapping Routing Engine and restoring HA configuration. PR1549656

  • The BGP session replication might fail to start after the session crashes on the backup Routing Engine. PR1552603

  • Traffic is not forwarded over IRB to Layer 2 circuit on -lt interfaces. PR1554908

  • IPv4 EXP rewrite might not work properly when inet6-vpn is enabled. PR1559018

  • The BUM frame might be duplicated on the aggregate device if extended-port on satellite device is aggregated Ethernet. PR1560788

  • DHCPv4 request packets might be wrongly dropped when DDoS attack happens. PR1562474

  • The enforce-strict-scale-limit-license configuration enforces subscriber license incorrectly in the ESSM subscriber scenario. PR1563975

  • The pfex might crash when soft error recovery feature is enabled on Packet Forwarding Engine. PR1567515

  • The following error message is observed: pfe err-jnh_physmem_add_resvd_to_cntr(18014): PFE 0 jnh_app 0x08020860, add ox00080000 from 0x00b00000-0x00b80000 to baMask 0x1. PR1570631

Routing Policy and Firewall Filters

  • The policy configuration might be mismatched between the rpd and mgd processes when deactivating policy-options prefix-list is involved in the configuration sequence. PR1523891

  • Global variable policy_db_type not set to correct value on failure. PR1561931

  • Generate route goes to hidden state when protect core statement is enabled. PR1562867

Routing Protocols

  • The BFD session might get stuck in the Init or Down state after the BFD session flaps. PR1474521

  • Traffic might be silently discarded when the BGP route gets deleted which is part of multipath. PR1514966

  • The rpd process crashes when a fresh router is configured with IS-IS and RIB-group to leak inet.3 routes from no-forwarding to master instance in single commit. PR1534486

  • Traffic loss might be seen in next-hop-based dynamic tunnels of L3VPN scenario after changing the dynamic-tunnel preference. PR1542123

  • With BGP rib-sharding enabled, rpd memory exhaustion might be seen. PR1546347

  • The BGP session neighbor shutdown configuration does not affect the non-established peer. PR1554569

  • The changes do not get effective when the values are set under static default hierarchy. PR1555187

  • The BGP session might not come up if extended-nexthop is enabled by default on the other vendor remote peer. PR1555288

  • Sending multicast traffic to downstream receiver on MX Series with MPCs/MICs based Virtual Chassis platforms might fail. PR1555518

  • 6PE prefixes might not be removed from RIB upon reception of withdrawal from a BGP neighbor when RIB sharding is enabled. PR1556271

  • Multipath info is still shown for BGP route even after disabling interface for one path. PR1557604

  • BGP LU session flap might be seen with AIGP used scenario. PR1558102

  • When admin-color-based policy evaluation happens with the policy LFA configuration, the backup next hop chosen (among the different backup next hops possible) might not be correct. PR1558581

  • VPNv4 routes learned from the core might not get advertised to CE router when BGP sharding is configured. PR1560661

  • Unexpected packet loss might be happen when configuring a new VRF or after performing GRES. PR1560827

  • Duplicate LSP next hop is shown on inet.0, inet.3, and mpls.0 route table when OSPF traffic-engineering shortcuts and MPLS bgp-igp-both-ribs are enabled. PR1561207

  • Incorrect SPF calculation might be observed for OSPF with ldp-synchronization hold-time configured after interface flap. PR1561414

  • BGP routes might be stuck in routing table with Accepted DeletePending state when the BGP peering session goes down. PR1562090

  • The rpd process might crash on backup Routing Engine after the rpd restart is triggered on primary Routing Engine. PR1563350

  • The rpd process might crash when there is BGP session re-establishing or flapping. PR1567182

  • VRF table does not get refreshed after a change to maximum-prefixes in the VRF. PR1564964

  • Traffic might be lost during mirror data transmit from the primary ppmd/bfdd. PR1570228

  • There might be 10 seconds delay to upload the LSP on the point-to-point interface if rpd is restarted on its direct neighbor. PR1571395

  • SNMP MIB ospfv3NbrState is returning drifted value. PR1571473

  • The ppmd process might crash when enabling MD5 authentication on OSPF with BFD flapping. PR1576893

  • BGP replication might be stuck in rare and timing conditions. PR1581578

Services Applications

  • Executing CLI command repetitively might cause the system to run out of disk space. PR1537772

User Interface and Configuration

  • Remove Adobe Flash-dependent elements from J-Web for MX Series devices. PR1553176

VPNs

  • The PIM (S,G) join state might stay forever when there are no MC receivers and source is inactive. PR1536903

  • Type 7 messages might not be sent from egress PE resulting in Type 3/5 messages are not created for some S, Gs in source PE devices. PR1567584

Resolved Issues: 20.4R1

EVPN

  • EVPN-VXLAN core isolation does not work when the system is rebooted or the routing is restarted. PR1461795

  • Configuring the proxy-macip-advertisement command for EVPN-MPLS leads to functionality breakage. PR1506343

  • With the EVPN-VXLAN configurations, the IRB MAC does not get removed from the route table after disabling IRB. PR1510954

  • With dynamic list next hop configured, a forwarding problem occurs after performing graceful switchover. PR1513759

  • ARP might break when multicast snooping is enabled in EVPN for the VLAN-based and VLAN-bundle service scenarios. PR1515927

  • no-arp-suppression is required for MAC learning across the EVPN domain on the static VTEP. PR1517591

  • Unable to create a new VTEP interface. PR1520078

  • The ARP resolution to the gateway IRB address fails if decapsulate-accept-inner-vlan or encapsulate-inner-vlan is configured. PR1526618

  • The rpd process might crash when auto-service-id is configured in the EVPN-VPWS scenario. PR1530991

  • All the ARP reply packets toward some address are flooded across the entire fabric. PR1535515

  • The GE LOS alarm logs on the change in IFF_CCCDOWN are not logged in the syslog message file. PR1539146

  • VLAN ID information is missed while installing the EVPN route from the BGP type 2 route after modifying a routing-instance from the instance-type EVPN to instance-type virtual-switch. PR1547275

  • The BUM traffic might get dropped in the EVPN-VXLAN setup. PR1525888

  • The route table shows additional paths for the same EVPN or VXLAN type 5 destination after upgrading from Junos OS Release 18.4R2 S3 to Junos OS Release19.4R1 S2. PR1534021

  • The ARP table might not be updated after VMotion or network loop is performed. PR1521526

  • The l2ald process might generate core file when changing the EVPN-VXLAN configuration. PR1541904

Forwarding and Sampling

  • The DHCP subscribers might get stuck in the Terminated state for around 5 minutes after disabling the cascade ports. PR1505409

  • Traffic might get dropped for not exceeding the configured bandwidth under policer. PR1511041

  • The srrd process might crash in a high route churns scenario or if the process flaps. PR1517646

  • The commit might fail if a filter enabled with enhanced-mode to et- interface is configured. PR1524836

  • The l2ald process might crash when a device configuration flaps frequently. PR1529706

  • VLAN-id based firewall match conditions might not work for the VPLS service. PR1542092

  • MAC learning issue might happen when EVPN-VXLAN is enabled. PR1546631

  • All traffic would be dropped on the aggregated Ethernet interface bundle without VLAN configuration if the bandwidth-percent policer is configured. PR1547184

  • The l2ald process might crash due to next-hop issue in the EVPN-MPLS. PR1548124

General Routing

  • New subscribers might fail to connect due to the following error message: Filter index space exhausted. PR1531580

  • In some MX Series deployments running Junos OS, the following random syslog messages are observed for FPCs: fpcx ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM - xxx left. These messages might not have a service impact. These messages are addressed as INFO level messages. On a Packet Forwarding Engine, there are dedicated UMEM and shared GUMEM memory blocks. This informational message indicates some evicting events between UMEN and GUMEN and can be safely ignored. PR1298161

  • The max-drop-flows statement is not available. PR1375466

  • On the MX2000 router, the following error message might be observed if the MPC7 line card is offline when Routing Engine switchover occurs: Failed to get xfchip. PR1388076

  • The RPD scheduler slips might be observed upon executing the show route resolution extensive 0.0.0.0/0 | no-more command if the number of routes in the system is large (several millions). PR1425515

  • Application and removal of 1-Gbps speed results in the channel being down. PR1456105

  • Random packet drop with flow cache is disabled, when NIC is mapped to NUMA node 1. PR1458742

  • In the MVPN instance, the traffic drops on multicast receivers within the range of 0.1 to 0.9 percent. PR1460471

  • The following error message is observed after GRES: [user.err aftd-trio: [Error] IF:Unable to add member to aggregate member list, member already exists, aggIflName:ps1.0 memberIflName:lt-3/0/0.32767]. PR1466531

  • Dynamic SR-TE tunnels do not get automatically recreated at the new primary Routing Engine after the Routing Engine switchover. PR1474397

  • Expected number of 512,000 MAC entries are not re-learned in the bridge table after clearing 512,000 MAC entries from the table. PR1475205

  • The syslog reports simultaneous zone change reporting for all green, yellow, orange, and red zones for one or more service PICs. PR1475948

  • Fabric healing logic incorrectly makes all MPC line cards go offline in the MX2000 router while the hardware fault is located on one specific MPC line card slot. PR1482124

  • The vmcore process crashes sometimes along with the mspmand process on MS-MPC or MS-MIC if large-scale traffic flows are processed. PR1482400

  • Traffic decreases during throughput testing. PR1483100

  • Prolonged flow control might occur with MS-MPC or MS-MIC. PR1489942

  • The following error message is observed on the MPC card in the manual mode: clksync_as_evaluate_synce_ref: 362 - Failed to configure clk. PR1490138

  • The MX10003 router might shut itself down automatically after the system upgrades or downgrades. PR1492121

  • VPLS flood next hop might not get programmed correctly. PR1495925

  • Some of the virtual services might not come up after GRES or rpd restart. PR1499655

  • As prefix is not emitted, the path emitted for te-lsp-timers/state/cleanup contains incorrect value. PR1500690

  • The following error message is observed after deactivating the demux logical interface: configuration check-out failed. PR1501002

  • The packets from a nonexisting source on the GRE or UDP designated tunnel might be accepted. PR1503421

  • On the vMX instances, configuring the statement ranges for auto-sensed VLANs (either stacked VLANs or single-tag VLANs) might not work. This is because the VLANs are not programmed on the NIC drivers. PR1503538

  • The gNMI stream does not follow the frequency on the subscription from the collector. PR1504733

  • After sending the Layer 4 or Layer 7 traffic, the HTTP redirect messages are not captured as expected. PR1505438

  • The heap memory utilization might increase after extensive subscriber login or logout. PR1508291

  • Outbound SSH connection flap or memory leak issues might be observed during push configuration to the ephemeral database with a high rate. PR1508324

  • The disabled QSFP transceiver might fail to get turned on. PR1510994

  • PFCP message acknowledgment or non-acknowledgment responses are not tracked without the fix. If the CPF peer drops an acknowledged UPF response message and CPF retries the request, the reattempts do not get an acknowledgment by the response cache at UPF and get silently dropped. This causes the CPF state machine to constantly retry requests with that message being dropped at UPF, which leads to the Established state at both CPF and UPF. PR1511708

  • Static subscribers are logged out after creating a unit under the demux0 interface. PR1511745

  • Memory leak on l2ald might be observed when adding or deleting the routing-instances or bridge-domains configuration. PR1512802

  • The wavelength configured through the CLI might not be set on the SFP+-10G-T-DWDM-ZR optics when the optics is used on the MPC7E line card. PR1513321

  • Subscribers might not be able to bind again after performing back-to-back GRES followed by an FPC restart. PR1514154

  • Not able to forward traffic to VCP FPC after the MX Virtual Chassis reboots, FPC reboots, or adding VCP link. PR1514583

  • The MACsec session might fail to establish if 256-bit cipher suite is configured for MACsec connectivity association assigned to a logical interface. PR1514680

  • Duplicate prefix in secondary tunnel table is observed. PR1514947

  • On the MX2010 and MX2020 routers, the SPMB CPU is elevated when an SFB3 is installed. PR1516287

  • Active sensor check fails while checking the show agent sensors |display xml command. PR1516290

  • Used-Service-Unit of the CCR-U has output-bytes counter zero. PR1516728

  • yin2tlv sets unsupported command as hidden deprecated. PR1516910

  • The MPC7E line card with QSFP installed might get rebooted when the show mtip-chmac <1|2> registers vty command is executed. PR1517202

  • There might be memory leak in cfmd if both the CFM and inet or IPv4 interfaces are configured. PR1518744

  • The vgd process might generate a core file when the OVSDB server restarts. PR1518807

  • During an upgrade, vSRX3.0 would display the following incorrect license warnings when utilizing licensable features even if the license was present on the device: such as warning: requires 'idp-sig' license. PR1519672

  • The PADI packets might be dropped when the interface encapsulation VPLS is set along with accepted protocol configured as PPPoE. PR1523902

  • The PSM firmware upgrade must not allow multiple PSM upgrades in parallel to avoid the firmware corruption and support multiple firmware for different hardware. PR1524338

  • Commit is successful while deactivating CB0 or CB1 interfaces with GNF. PR1524766

  • According to the OC data model, the openconfig-alarms.yang subscription path must be used as system, alarms, or an alarm. PR1525180

  • Addition and removal of an aggregated Ethernet interface member link might cause the PPPoE subscriber session and traffic to drop. PR1525585

  • The following error message is observed during GRES if an IRB interface is configured without a profile: RPD_DYN_CFG_GET_PROF_NAME_FAILED. PR1526481

  • The MPC10E line card might crash with the sensord process generating a core file due to a timing issue. PR1526568

  • WAG control route prefix length is observed. PR1526666

  • On the MX150 router, IFDs stay up during vmhost halt or power-off. PR1526855

  • Commit error messages come twice while validating the physical-cores command. PR1527322

  • The cpcdd process might generate the core file after upgrading to Junos OS Release 19.4 and later. PR1527602

  • The transit PTP packet might be unexpectedly modified when passing through MPC2E-NG, MPC3E-NG, and MPC5E line cards. PR1527612

  • Commit confirmed rollback does not work. PR1527848

  • The l2cpd process might crash when removing LLDP on an aggregated Ethernet interface. PR1528856

  • The speed command cannot be configured under the interface hierarchy on an extended port when the MX204 or MX10003 router works as an aggregation device. PR1529028

  • Non-impacting error message is observed in the message logs: IFP error> ../../../../../../../../../src/pfe/usp/control/applications/interface/ifp.c@3270:(errno=1000) tunnel session add failed. PR1529224

  • The multicast traffic might get dropped due to hash mismatch when there are aggregated Ethernet and ECMP links involved in the multicast tree. PR1529475

  • In the subscriber management environment, the RADIUS interim accounting records do not get populated with the subscriber statistics. PR1529602

  • The SFP-LX or SFP-SX optics on MIC-3D-20GE-SFP-E/EH might show as unsupported after ISSU. PR1529844

  • After performing ISSU with a high-scale bridge-domain configuration, less than 0.0254 percent of traffic loss is observed for a single bridge-domain interface. PR1531051

  • On the MX10003 router, PEM 0 always shows as Absent or Empty even if PEM 0 is present. PR1531190

  • Deleting the address of the jmgmt0 interface might fail if the shortened version of the CLI command is used. PR1532642

  • VRRP synchronization does not occur in the backup Routing Engine with NSR in the Steady state. PR1533357

  • The clear ike statistics command with remote gateway does not work. PR1535321

  • Certain BGP SR-TE segment lists cause the rpd process to generate the core file during tunnel attribute parsing. PR1535632

  • Multicast traffic might be observed even through unexpected interfaces with distributed IGMP is enabled. PR1536149

  • Enhancements are needed for debugging l2ald. PR1536530

  • The following error message might be observed when the JAM packages for the MX204, MX10003, and MX10008 are installed: JAM: Plugin installed for summit_xxx PIC. PR1537389

  • Version-alias gets missed for subscribers configured with dynamic profiles after ISSU. PR1537512

  • On the MPC10 and MPC11 line cards, the aftd process might crash in case of composite chain next hop creation failures. PR1538559

  • The accounting interim-updates for subscriber does not work after GRES and subsequent reboot of FPCs in the node-slicing setup. PR1539474

  • With hold time configuration, the ge Interfaces remain down on reboot. PR1541382

  • Subscriber might not come up on some dynamic VLAN ranges in a subscriber management environment. PR1541796

  • After changing addresses in the source pool, if the carrier-grade NAT traffic does not stop, the source pool cannot perform the NAT translation from the new pool. PR1542202

  • Port mirroring with maximum-packet-length configuration does not work over the GRE interface. PR1542500

  • The nsd daemon crashes after configuring the inline NAT44 in the USF mode. PR1547647

  • The verbose command unexpectedly becomes hidden after Junos OS Release 16.1 for set system export-format json. PR1547693

  • SENSOR APP DWORD leak is observed during the period of churn for routes bound to the sensor group. PR1547698

  • Family IPv6 does not come up for the L2TP subscriber when the additional attributes are not passed in the Framed-IPv6-Route VSA. PR1526934

  • The show dynamic-profile session client-id command displays only one IPv6 framed-route information. PR1555476

  • The ERO update by the controller for branch LSP might cause issues. PR1508412

  • The mspmand process leaks memory in relation to the MX telemetry reporting the following error message: RLIMIT_DATA exceed. PR1540538

  • The mspmand process might generate core file on activating or deactivating the interface. PR1544794

  • In the syslog output, the sylog-local-tag name is truncated ( as SYSLOG_SF) when he sylog-local-tag name is configured as SYSLOG_SFW. PR1547505

  • SENSOR APP DWORD leak is observed during the period of churn for routes bound to the sensor group. PR1547698

  • Multicast traffic drop might be seen after ISSU. PR1548196

  • The PPPoE subscribers might fail to login. PR1551207

  • The fabric errors are observed and the FPC processes might get offlined with SCBE3, MPC3E-NG, or MPC3E and MPC7 or MPC10 in the increased-bandwidth fabric mode. PR1553641

  • The l2ald process might crash with traffic on the scaled set-up. PR1517074

  • Difference between the port count and terminated count might be observed upon login or logout of the subscribers indicated by the output of the show subscribers summary port extensive command. PR1523813

  • False positive TSensor errors are observed on vjunos0. PR1508580

  • Snmp mib walk for jnxSubscriber OIDs returns the general error. PR1535754

  • Delay in disabling the Packet Forwarding Engine might be seen on MPC7, MPC8, and MPC9 line cards. PR1481879

  • The next hop learning statement is enabled by default in MPC10 and MPC11line cards irrespective of the configuration statement. PR1489121

  • The AMS bundle might remain inactive while adding the member interface to the AMS bundle with the scaled service sets. PR1489607

  • Slow response might be observed when the show | compare or commit check action is executed in a large-scale configuration environment. PR1500988

  • Sensord crashes on MPC10E line cards even when telemetry is not enabled. PR1502260

  • Transit IPv4 traffic forwarding over BGP SR-TE might not work. PR1505592

  • The l2cpd might crash if the ERP is deleted after the switchover. PR1517458

  • The fxpc process might generate core file during EEPROM read when SFP is removed. PR1518480

  • Traffic loss might occur when an uncorrected (Fatal) AER error is detected. PR1519530

  • The VMXs might go to the amnesiac mode if they are deployed on the OpenStack based platforms. PR1519668

  • The phc daemon might crash while committing the phone-home client configuration. PR1522862

  • The BFD session status remains down at the non-anchor FPC even though the BFD session is up after the anchor FPC reboots or panics. PR1523537

  • The rpd process might crash while restarting the routing gracefully with MPLS LSPs configured. PR1527172

  • CFM does not consider the 8021AD configuration for the rewrite and classification tables. PR1527303

  • BiDi 1G SFP optics displays wrong value in JVision for optics/laser_rx_power_*_thresholds. PR1530120

  • The unilists are incorrectly formed and the list of the forwarded next-hops are not resolved properly if the value of the ECMP is set to 128. PR1530803

  • The interface with the pic-mode 10GE configuration might not come up if upgraded to Junos OS Release 18.4R3-S4 or later. PR1534281

  • Deactivating or activating PTP or SyncE in the upstream router causes the 100G links on the LC2103 to flap. PR1538122

  • Traffic drop might be seen when executing the request system reboot command. PR1538252

  • Upon receipt of a specific BGP FlowSpec message, network traffic might be disrupted. PR1539109

  • The KRT queue might get stuck after the Routing Engine switchovers. PR1542280

  • On the MX2010 and MX2020 devices, traffic loss might be observed when the Switch Fabric Board 3 and MPC8E 3D combination is used. PR1544953

  • The Broadcom chip FPC might crash during the system booting. PR1545455

  • Unexpected log messages appearing related to Neighbor Solicitation (NS) messages with multicast as source address is observed. PR1546501

  • SR-TE might stay UP when the routes are deleted through policy. PR1547933

  • The LCM Peer Absent error message might be seen on all TVP platforms. PR1551760

  • ISSU might be aborted on MX Series devices. PR1557413

Infrastructure

  • If the serial number of the PEM starts with 1F1, the following alarm might be generated: Minor FPC PEM Temp Sensor Failed. PR1398128

  • Unknown MIB OIDs 1.3.6.1.2.1.47.2.0.30 are referenced in the SNMP trap after upgrading to Junos OS Release 18.4R3-S3. PR1508281

  • SNMP polling might return an unexpectedly high value for the ifHCOutOctets counter for a physical interface when any jnxDom OID is processed at the same time. PR1508442

  • The kernel might crash if a file or directory is accessed for the first time and is not created locally. PR1518898

  • The telnetd.real local privilege escalation vulnerabilities in SUID binaries is observed. PR1525318

  • The output drops in the show interfaces extensive command ' might display 0 temporarily during a race condition when the SNMP query for JnxCos is also issued. PR1533314

Interfaces and Chassis

  • The sonet-options configuration statement is disabled for the xe interface that works in the wan-phy mode. PR1472439

  • Fail to configure proactive ARP detection. PR1476199

  • The fpc process might crash in an inline mode with CFM configured. PR1500048

  • The following error message is observed: Request failed: OID not increasing: ieee8021CfmStackServiceSelectorType. PR1517046

  • Buffer overflow vulnerability in a device control daemon is observed. PR1519334

  • The configuration might not be applied after deleting all existing logical interfaces and adding a new logical interface for an IFD in a single commit. PR1534787

  • Inline Y.1731 SLM or DM does not work in an enhanced-cfm-mode for the EVPN UP MEP scenario. PR1537381

  • The following error message might occur after commit for configuration under interface hierarchy: should have at least one member link on a different fpc. PR1539719

  • The following commit error is observed while trying to delete unit 1 logical system interfaces: ae2.1: Only unit 0 is valid for this encapsulation. PR1547853

  • The startup-silent-period command might not work in Junos OS Release 20.3R1 or later. PR1548464

  • The dcd process might leak memory on pushing the configuration to the ephemeral database. PR1553148

  • Distribution fails for few sessions when VRRP is configured in a large-scale with active-inherit scenario. PR1505998

  • Backup router generates VRRP_NEW_BACKUP syslog during bring up. PR1539277

  • The rpd memory leak might be observed on the backup Routing Engine due to flapping of the link. PR1539601

Intrusion Detection and Prevention (IDP)

  • The CLI provides helpful remarks about the tunable detector parameters of IDP. PR1490436

Juniper Extension Toolkit (JET)

  • The JET application configuration must be disabled before upgrading Junos OS vmhost images. PR1488769

J-Web

  • Privilege escalation in J-Web is observed due to arbitrary command and code execution through information disclosure from another users active session. PR1518212

Layer 2 Ethernet Services

  • The DHCPv6 lease query is not as expected while verifying the DHCPv6 server statistics. PR1506418

  • The show dhcp relay statistics command displays DHCPLEASEUNASSIGNED instead of DHCPLEASEUNASSINGED, which is a spelling error. PR1512239

  • The show dhcpv6 relay statistics command must display DHCPV6_LEASEQUERY_REPLY instead of DHCPV6_LEASEQUERY_REPL for the messages sent. PR1512246

  • The DHCP6 lease query is not as expected while verifying the DHCPv6 relay statistics. PR1521227

  • Memory leak in the jdhcpd process might be seen if access-profile is configured under the dhcp-relay or dhcp-local-server statement. PR1525052

Layer 2 Features

  • The rpd process might crash on the new primary Routing Engine after GRES in the VPLS or Layer 2 circuit scenario. PR1507772

  • The host generated traffic might get lost as the current forwarding member nexthop is down while another member nexthop is up. PR1516514

MPLS

  • Committing might trigger externally provisioned LSP MBB mechanism. PR1546824

  • A same device responds twice for traceroute in case of the device going through an MPLS network under specific conditions. PR1494665

  • Traffic loss might occur if ISSU is performed when P2MP is configured for an LSP. PR1500615

  • The rpd scheduler might slip after the link flaps. PR1516657

  • The rpd process might crash after upgrading Junos OS Release 18.1 to a later release. PR1517018

  • The SNMP trap is sent with the incorrect OID jnxSpSvcSetZoneEntered. PR1517667

  • The LDP session-group might throw a commit error and flap. PR1521698

  • The inter-domain LSP with loose next hops path might get stuck in the Down state. PR1524736

  • The ping mpls rsvp command does not take into account lower MTU in the path. PR1530382

  • The rpd process might crash when the LDP route with indirect next hop is deleted on the aggregated Ethernet interface. PR1538124

  • The LDP routes might be deleted from the MPLS routing table after the Routing Engine switchover. PR1527197

  • The rpd process might crash during the restart routing when the MPLS LSPs are present. PR1530213

Network Address Translation (NAT)

  • Need to improve the maximum eNode connections for one persistent NAT binding from 8 to 32. PR1532249

Network Management and Monitoring

  • Unable to poll dot1dStp objects with l2cpd registered context after l2cpd restarts. PR1561736

Platform and Infrastructure

  • With multiple different fixed-sized traffic streams configured at 10,000,00 fps (40-Gbps combined rate) on aggregated Ethernet0 along with another independent aggregated Ethernet interface (aggregated Ethernet1, 50 percent line rate 4 streams bidirectional => 118-Gbps combined traffic rate), both hosted on a single Packet Forwarding Engine instruction of the MPC11E line card, small varying packet drops occur for every iteration on aggregated Ethernet1 on disabling aggregated Ethernet0. PR1464549

  • Traffic to VRRP virtual IP or MAC addresses might be dropped when ingress queuing is enabled. PR1501014

  • Traffic originated from another subnet is sent out with 0x8100 instead of 0x88a8. PR1502867

  • The kernel might crash causing the router or the Routing Engine to reboot when performing virtual IP related change. PR1511833

  • The output of the show jnh qmon queues-sensor stats 0 command has no content. PR1514881

  • The VPLS connection might be stuck in the Primary Fail status when a dynamic profile is used on the VPLS pseudowire logical interface. PR1516418

  • Configured scheduler-map is not applied on the ms- interface if the service PIC is in the Offline state during commit. PR1523881

  • Flow programming issue for lt- interface in the Packet Forwarding Engine level is observed. PR1525188

  • The following error message is observed when alarms after interface reset: 7836 ifl 567 chan_index 8 NOENT & jnh_ifl_topo_handler_pfe(13015): ifl=567 err=1 updating channel table nexthop. PR1525824

  • There is a TWAMP interoperability issue between Junos OS releases. PR1533025

  • The fpc process might crash when the next hop memory of ASIC is exhausted in the EVPN-MPLS scenario. PR1533857

  • Packet loss might be observed when the RFC2544 egress reflector session is configured on the non-zero Packet Forwarding Ethernet interface. PR1538417

  • Trio-based FPC might crash when the underlying Layer 2 interface for ARP over IRB interface is changed from the physical interface to the LSI interface. PR1542211

  • Subscribers does are not come up on VPLS PS interface. PR1536043

  • The rmopd process memory leak might be seen if TWAMP client is configured. PR1541808

  • The PE and CE devices OAM CFM might have issues in the aggregated Ethernet interface. PR1501656

  • The VXLAN encapsulation over IPv6 underlay might not work. PR1532144

  • The ISSU might fail on Junos platforms with the LUCHIP based line cards. PR1535745

  • Dynamic filter fails to match IPv6 prefix. PR1536100

  • TWAMP interoperability issue are observed. PR1536939

  • The ARP expired timer on the backup Routing Engine is not the same as the primary Routing Engine if the aging-timer is configured. PR1544398

Routing Policy and Firewall Filters

  • For setting the IPv6 router ID, the routing-options statement is added. PR1523283

  • The policy configuration might be mismatched between the rpd and mgd process when deactivate policy-options prefix-list is involved in the configuration sequence. PR1523891

Routing Protocols

  • The output of the show isis interface detail command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long. PR1482983

  • The BGP RPKI ROA withdrawal might lead to an unexpected BGP route flap. PR1483097

  • The rpd process might report 100 percent CPU usage with the BGP route damping enabled. PR1514635

  • The IS-IS SR routes might not be updated to reflect the change in the SRMS advertisements. PR1514867

  • The BGP link-bw of the non-multipath routes are included in an aggregation. PR1515264

  • The rpd process might crash after deleting and then adding a BGP neighbor. PR1517498

  • The rpd process might crash if there is a huge number of SA messages in an MSDP scenario. PR1517910

  • Tag matching in the VRF policy does not work properly when the independent-domain option is configured. PR1518056

  • The BFD sessions might flap continuously after disruptive switchover followed by GRES. PR1518106

  • NLRI handling improvements for BGP-LS ID TLV is needed. PR1521258

  • BFD with authentication for BGP flaps after GRES or NSR switchover on the NG-RE and SCBE2 setup. PR1522261

  • The IS-IS LSP database synchronization issue might be observed while using the flood-group feature. PR1526447

  • The rpd process generates core file at is_srv6_delete_locator_end_sid_data isis_srv6_end_sid_local_data_delete isis_srv6_locator_config_check. PR1531830

  • Transit labels for Layer 3 VPN routes are pushed momentarily to the MPLS.0 table. PR1532414

  • Configuring then next hop and then reject on a route policy for the same route might cause the rpd process to crash. PR1538491

  • After moving peer out of the protection group, the path protection does not get removed from the PE router. Multipath routes are still present. PR1538956

  • The rpd process generates the core file at gp_rtarget_tsi_update,bgp_rtarget_flash_rt,bgp_rtarget_flash. PR1541768

  • Continuous rpd crash might be observed if a static group is added to protocol pim. PR1542573

  • The metric of prefixes in intra-area-prefix LSA might be changed to 65535 when the metric of one of the OSPFv3 p2p interfaces is set to 65535. PR1543147

  • IS-IS does not call ted_add_halflink for P2P IPv6-only links for traffic engineering topology. PR1548506

  • Telemetry key value for transport or remote-address field for link-local IPv6 peer is incorrect and logical interface is absent. PR1548754

  • The BGP session with VRRP virtual address might not come up after a flap. PR1523075

  • The VRF label is not assigned at ASBR when the inter AS is implemented. PR1523896

  • The BGP session neighbor shutdown configuration does not effect the non-established peer. PR1554569

  • The BGP session might not come up if extended-nexthop is enabled by default on the other vendor remote peer. PR1555288

  • The rpd process might crash with BGP RPKI enabled in a race condition. PR1487486

  • The ppmd process might generate core file after FPC restarts. PR1490918

  • The virtual-router option is not supported under a routing-instance in a lean rpd image. PR1494029

  • Traffic loss might be seen in the next-hop-based dynamic tunnels of Layer 3 VPN scenario after changing the dynamic-tunnel preference. PR1542123

  • Six PE device prefixes might not be removed from RIB upon reception of withdrawal from a BGP neighbor when RIB sharding is enabled. PR1556271

  • BGP routes might be stuck in routing table in the Accepted DeletePending state when the BGP peering session goes down. PR1562090

Services Applications

  • The following error message is observed: SPD_CONN_OPEN_FAILURE: spd_pre_fetch_query: unable to open connection to si-1/0/0. PR1550035

Subscriber Access Management

  • Subscriber accounting message retransmissions exist even after configuring the accounting retry 0. PR1405855

  • CCR-T does not contain the usage-monitoring information. PR1517507

  • The show network-access aaa subscribers statistics username "<>" command fails to fetch the subscriber-specific AAA statistics information if a subscriber username contains a space. PR1518016

User Interface and Configuration

  • NETCONF service over SSH might not work on the device that runs Junos OS if in-band management is used. PR1517160

  • The command injection vulnerability in the request system software command is observed. PR1519337

  • The dexp local privilege escalation vulnerabilities in SUID binaries is observed. PR1529210

VPNs

  • The MPLS label manager might allow configuration of a duplicated VPLS static label. PR1503282

  • The rpd process might crash after removing the last configured interface under the Layer 2 circuit neighbor. PR1511783

  • MVPN multicast route entry might not be properly updated with the actual downstream interfaces list. PR1546739

  • The Junos image upgrade or installation with validate fails with XML errors. PR1525862

Documentation Updates

There are no errata or changes in Junos OS Release 20.4R3 documentation for MX Series routers.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

Starting in Junos OS 17.4R1 release, FreeBSD 11.x is the underlying OS for all Junos OS platforms which were previously running on FreeBSD 10.x based Junos OS. FreeBSD 11.x does not introduce any new Junos OS related modifications or features but is the latest version of FreeBSD.

The following table shows detailed information about which Junos OS can be used on which products:

Platform

FreeBSD 6.x-based Junos OS

FreeBSD 11.x-based Junos OS

MX5, MX10, MX40,MX80, MX104

YES

NO

MX240, MX480, MX960,

MX2010, MX2020

NO

YES

Basic Procedure for Upgrading to Release 20.4R3

Note

Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Installation and Upgrade Guide.

For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.

Procedure to Upgrade to FreeBSD 11.x-Based Junos OS

Products impacted: MX240, MX480, MX960, MX2010, and MX2020.

To download and install FreeBSD 11.x-based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-20.4R3.9-signed.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-20.4R3.9-signed.tgz

    Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos package):

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-20.4R3.x-limited.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-20.4R3.9-limited.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 11.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 11.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note
  • You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.

  • Starting in Junos OS Release 20.4R3, in order to install a VM host image based on Wind River Linux 9, you must upgrade the i40e NVM firmware on the following MX Series routers:

    • MX240, MX480, MX960, MX2010, MX2020, MX2008, MX10016, and MX10008

    [See https://kb.juniper.net/TSB17603.]

Note

After you install a Junos OS Release 20.4R3 jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.x) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.

Note

Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.

Procedure to Upgrade to FreeBSD 6.x-Based Junos OS

Products impacted: MX5, MX10, MX40, MX80, MX104.

To download and install FreeBSD 6.x-based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    • All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

      user@host> request system software add validate reboot source/jinstall-ppc-20.4R3.9-signed.tgz
    • Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos OS package):

      user@host> request system software add validate reboot source/jinstall-ppc-20.4R3.9-limited-signed.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 20.4R3 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 19.2, 19.3, and 19.4 are EEOL releases. You can upgrade from Junos OS Release 19.2 to Release 19.3 or from Junos OS Release 19.2 to Release 19.4.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:

  1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.

  2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

  3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

  4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Downgrading from Release 20.4R3

To downgrade from Release 20.4R3 to another supported release, follow the procedure for upgrading, but replace the 20.4R3 jinstall package with one that corresponds to the appropriate release.

Note

You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.