Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

New and Changed Features

 

This section describes the new features and enhancements to existing features in Junos OS Release 18.3R1 for the MX Series routers.

Hardware

  • Support for 10-Gbps ports to operate at 1-Gbps speed (MX204 and MX10003)—Starting in Junos OS Release 18.3R1, you can use the Mellanox 10-Gbps pluggable adapter (QSFP+ to SFP+ adapter or QSA; model number: MAM1Q00A-QSA) to convert 4 lane-based ports to a single lane-based SFP+ port. The QSA adapter has the QSFP+ form factor with a receptacle for the SFP+ module. Use the QSA adapter to convert a 40-Gbps port to a 10-Gbps or a 1-Gbps port.

    Note
    • The interface name prefix must be xe.

    • On the MX10003 router, the MACsec MIC does not provide 1-Gbps speed.

    • On MX204 and MX10003 routers, rate selectability at PIC level and port level does not support 1-Gbps speed.

    To configure an interface to operate in the 1-Gbps mode, use the set interfaces xe-0/1/0 gigether-options speed 1g command at the [edit] hierarchy level.

    [See MX10003 MPC Rate-Selectability Overview and MX204 Router Rate-Selectability Overview.]

  • New MIC-MACSEC-20GE (MX80, MX104, MX240, MX480, and MX960)—Starting with Junos OS Release 18.3R1, MIC-MACSEC-20G is supported on MX80, MX104, MX240, MX480, and MX960 routers. The MIC has 20 SFP ports supporting 20 SFP pluggable optics modules operating in 1-Gbps mode or two SFP+ ports supporting 2 SFP+ pluggable optics modules operating in 10-Gbps mode. The MIC enables MACsec capability on 1-Gbps and 10-Gbps ports on MX80, MX104 and on the MPC1, MPC2, MPC3, MPC2E, MPC3E, MPC2E-NG, and MPC3E-NG line cards of MX240, MX480 and MX960 routers. [See Gigabit Ethernet MIC with 256b-AES MACsec].

  • QFX-SFP-1GE-T—Starting with Junos OS Release 18.3R1, the QFX-SFP-1GE-T transceiver is supported on MX204 routers. When using the QFX-SFP-1GE-T transceiver, keep the following limitations in mind:

    • Speed values less than 1 Gbps are not supported.

    • Configuring the speed as speed 1G is required and the no-auto-negotiation option is not supported. By default, auto-negotiation is enabled.

    • Link aggregation group (LAG) and timing (1588/SyncE) features are not supported.

      See the [Hardware Compatibility Tool]

Authentication, Authorization, and Accounting

  • Support for password change policy enhancement (MX Series)—Starting in Junos OS Release 18.3R1, the Junos password change policy for local user accounts is enhanced to comply with certain additional password policies. As part of the policy improvement, you can configure the following:

    • minimum-character-changes—The number of characters by which the new password should be different from the existing password.

    • minimum-reuse—The number of older passwords, which should not match the new password.

    See password

  • MD5 is not supported as an authentication encryption mechanism (MX Series)—Starting with Junos OS Release 18.3R1, the md5 option at the [edit system login password] hierarchy level for user authentication is not supported. However, the sha1, sha256, and sha512 options are supported.

    Note

    Before Junos OS upgrade, if the device configuration contains usernames whose plain text passwords are MD5 encrypted, after upgrade of Junos OS, users can still log in with the same username and plain text password.

EVPN

  • NSR and unified ISSU support for point-to-multipoint LSP for EVPN provider tunnel (MX Series and vMX)—Starting in Junos OS Release 18.3R1, Junos OS provides nonstop routing (NSR) and unified ISSU support for point-to-multipoint (P2MP) inclusive provider tunnels. This ensures that broadcast, unknown unicast, and multicast (BUM) packets continue after a Routing Engine switchover occurs when NSR is enabled.

    Note

    Unified ISSU is not supported on the vMX routers.

    [See Understanding P2MPs LSP for the EVPN Inclusive Provider Tunnel.]

  • Support for mLDP P2MP tunnels with EVPN for BUM traffic (MX Series and vMX)—Starting in Junos OS Release 18.3R1, Junos OS provides the ability to configure and signal a P2MP LSP for the EVPN Inclusive Provider Tunnel for BUM traffic. The P2MP LSP manages efficient core bandwidth utilization as it uses multicast replication only at the required nodes instead of ingress replication at the ingress PE device. The new configuration is added to enable P2MP tunnels for EVPN at the [edit routing-instances routing-instance-name provider-tunnel] hierarchy level.

    [See Understanding P2MPs LSP for the EVPN Inclusive Provider Tunnel.]

  • EVPN P2MP bud router support (MX Series and vMX)—Starting in Junos OS Release 18.3R1, Junos OS supports configuring a point-to-multipoint (P2MP) label-switched path (LSP) as a provider tunnel on a bud router. The bud router functions both as an egress router and a transit router.

    To enable a bud router to support P2MP LSP, include the evpn p2mp-bud-support statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level.

    [See Configuring Bud Node Support.]

  • Support for pseudowire termination at an EVPN (MX Series)—Starting in Junos OS Release 18.3R1, Junos OS supports port-based and VLAN-based pseudowire that terminates at an EVPN on a single-homed PE device. The pseudowire tunnel originates on an aggregation node, carrying VLAN traffic from different access nodes and supports packets with no VLAN tags, as well as packets with single VLAN tags and dual VLAN tags.

    [See Overview of Psuedowire in EVPN.]

  • Connectivity fault management support for MIP in an EVPN with ETREE and ELAN Services and up MEP in EVPN with ETREE services (MX Series)—Starting with Junos OS Release 18.3R1, Junos OS supports maintenance association intermediate point (MIP) in an EVPN with ELAN and EVPN ETREE services and connectivity fault management (CFM) up maintenance association end points (MEPs) on attachment circuits (ACs) in an EVPN with ETREE services. This feature also supports Ethernet loopback and Ethernet linktrace for a MEP and delay measurement and synthetic loss measurement for performance monitoring between two MEPs. Monitoring is only supported between a leaf and root node or between two root nodes in an EVPN with ETREE services.

    [See Connectivity Fault Management Support for EVPN.]

  • Support for pseudowire termination at an EVPN using RLT (MX Series)—Starting in Junos OS Release 18.3R1, you can configure a pseudowire tunnel termination at an EVPN using a redundant logical tunnel (RLT). The RLT provides redundancy to the pseudowire tunnel with two logical interfaces, where only one interface is active at any given time. The active and standby logical interface provides redundancy in case of FPC failure.

    [See Overview of Psuedowire in EVPN.]

Forwarding and Sampling

  • Improved hash computation for IPv6 and multiservice flows (MX Series routers with Trio MPCs)—Starting in Junos OS Release 18.3R1, to improve load balancing in certain cases, the default behavior for calculating the enhanced-hash-key at the [forwarding-options enhanced-hash-key family inet6] hierarchy level now includes the flow-label field. This hash is used when choosing an ECMP path where there is an aggregate interface.

    Likewise, for forwarding-options enhanced-hash-key family multiservice, the default calculation now includes the payload field. To revert to the previous method, specify no-payload, or no-flow-label, in the intended hierarchy.

    [See family multiservice.]

High Availability and Resiliency

  • ARP stability enhancement during ISSU (MX Series)—Starting in Junos OS Release 18.3R1, Address Resolution Protocol (ARP) entries on MX Series Routers will not expire while ISSU is underway. This prevents issues with ARP renew packets being dropped during ISSU and causing traffic loss.

    [See Getting Started with Unified In-Service Software Upgrade.]

  • Resiliency support on MIC-MACSEC-20GE (MX80, MX104, MX240, MX480, and MX960)—Starting in Junos OS Release 18.3R1, resiliency support is enabled on the MIC-MACSEC-20GE MIC installed directly on the MX80 and MX104 routers and installed in the MPC1, MPC2, MPC3, MPC2E, MPC3E, MPC2E-NG, and MPC3E-NG MPCs on the MX240, MX480, and MX960 routers. The resiliency support includes software support to handle hardware failures of various components of the MIC.

    On the MIC-MACSEC-20GE, you can configure either twenty 1-Gigabit Ethernet or two 10-Gigabit Ethernet ports that support SFP transceivers.

Interfaces and Chassis

  • Support for flexible tunnel interfaces on MX Series—Starting in Junos OS Release 18.3R1, a new interface, flexible tunnel interface (FTI) is supported on MX Series routers. FTIs support the Layer 3 point to point tunnels. These tunnels use Virtual Extensible LAN (VXLAN) encapsulation with pseudo Layer 2 header. encapsulation. To configure FTIs on your device and to enable multiple encapsulations on the FTIs, use the vxlan-gpe statement and tunnel-endpoint vxlan statement under virtual extensible LAN-generic protocol extension (vxlan-gpe) by executing the [set interfaces] command at [edit interfaces interface-name unit logical-unit-number tunnel encapsulation hierarchy level.

    [See Flexible Tunnel Interfaces Overview and Configuring Flexible Tunnel Interfaces (FTIs) on MX Series Routers.]

  • Support for PTP over Ethernet and hybrid mode over link aggregation group (MX240, MX480, MX960, MX2010, MX2020)—Starting in Junos OS Release 18.3R1, the MPC7E, MPCE8E, and MPC9E line cards support Precision Time Protocol (PTP) over Ethernet and hybrid mode over a link aggregation group (LAG).

    Link aggregation is a mechanism of combining multiple physical links into a single virtual link to achieve linear increase in bandwidth and to provide redundancy in case a link fails. The virtual link is referred to as an aggregated Ethernet interface or a LAG.

    [See Precision Time Protocol Overview.]

  • Support for MIC-MACSEC-20GE (MX80, MX104, MX240, MX480, and MX960)—Starting in Junos OS Release 18.3R1, MIC-MACSEC-20GE, a Media Access Control Security (MACsec)-enabled MIC, is supported on MX80 and MX104 routers and on the MPC1, MPC2, MPC3, MPC2E, MPC3E, MPC2E-NG, and MPC3E-NG MPCs on the MX240, MX480, and MX960 routers. On this MIC, you can configure either twenty 1-Gigabit Ethernet ports or two 10-Gigabit Ethernet ports that support SFP transceivers.

    The 1-Gigabit Ethernet and 10-Gigabit Ethernet port types on MIC-MACSEC-20GE support both 256-bit AES encryption as well as 128-bit AES encryption.

    [See Multi-Rate Ethernet MIC.]

  • Support for SSD upgrade on backup Routing Engines(MX Series)—Starting in Junos OS Release 18.3R1, you can upgrade the SSD firmware on the backup Routing Engines, RE-S-X6-64G and RE-MX2K-X8-64G Routing Engines, without switching mastership. In releases before Junos OS Release 18.3R1, SSD upgrade is only supported on the master Routing Engine and, to upgrade firmware on the backup Routing Engine, you must switch mastership by using the request chassis routing-engine master switch command and then log in to the backup Routing Engine.

    [See Upgrading the SSD Firmware on Routing Engines with VM Host Support.]

  • BGP Monitoring Protocol can run in a non-default management instance (MX Series)—Starting in Junos OS Release 18.3R1, the BGP Monitoring Protocol (BMP) can send monitoring packets to BMP monitoring stations that are reachable through a VRF. This feature can be used with the management-instance configuration statement to create the routing instance mgmt-junos for BMP to move through. Previously, BMP could only send monitoring packets to a BMP monitoring station that could be looked up using the default (inet.0 or inet6.0) routing table.

    [See Configuring BGP Monitoring Protocol to Run Over a Different Routing Instance.]

IPv6

  • ARP and neighbor discovery command enhancements (MX Series)—Starting with Junos OS Release 18.3R1, enhancements are made to ARP and neighbor discovery command summaries. ARP and Neighbor Discovery protocol (NDP) are used to resolve next hop entries and to maintain next-hop entries in ARP and ND cache.

    The following enhancements are made to the show arp, show ipv6 neighbors, and clear ipv6 neighbors commands:

    Note

    These command summaries have the existing parameters along with the additional parameters.

    [See show arp, show ipv6 neighbors, and clear ipv6 neighbors.]

Junos Telemetry Interface

  • Support for the Junos Telemetry Interface (ACX6360, MX Series, and PTX Series)—Starting with Junos OS Release 18.3R1, Junos Telemetry Interface support is available for the ACX6360 Universal Metro Router and MX Series and PTX Series routers with a CFP2-DCO optics module that provides a high-density, long-haul optical transport network (OTN) transport solution with MACsec capability.

    You can provision sensors to export telemetry data to an outside collector.

    The following native (UDP) and gRPC sensors can be provisioned for ET (100-Gigabit Ethernet) interfaces and OT interfaces:

    • /junos/system/linecard/optical

    • /junos/system/linecard/otn

    To provision the sensor to export data through gRPC, use the telemetry Subcribe RPC to specify telemetry parameters. For streaming through UDP, all parameters are configured at the [edit services analytics] hierarchy level. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module.

    [See sensor (Junos Telemetry Interface), Configuring a Junos Telemetry Interface Sensor (CLI Procedure), and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • RPM and TWAMP statistics sensor support for Junos Telemetry Interface (JTI) (MX Series)—Starting with Junos OS Release 18.3R1, you can export Two-Way Active Management Protocol (TWAMP) and real-time performance monitoring (RPM) statistics. TWAMP (described in RFC 5357) and RPM are two methods to measure traffic performance between endpoints. These methods work by sending active probe packets and measuring parameters such as packet loss, delay, and jitter between the endpoints. These statistics provide RPM and TWAMP monitoring data results collected by Juniper devices. You can use this information to ensure service level agreements, improve network design, and optimize traffic engineering.

    Export TWAMP and RPM statistics through JTI using gRPC streaming. The following resource paths are supported:

    • /junos/rpm/probe-results/probe-test-results/

    • /junos/rpm/history-results/history-single-test-results/

    • /junos/rpm/server/active-servers/

    • /junos/twamp/client/control-connection/

    • /junos/twamp/client/probe-test-results/

    • /junos/twamp/client/history-test-result/

    • /junos/twamp/server/control-connection/

    To provision the sensor to export data through remote procedure call (gRPC) streaming, use the telemetrySubscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module. Beginning in Junos OS Release 18.2X75-D10, OpenConfig and Network Agent packages are bundled into the Junos image by default. OpenConfig can be found as a default package named junos-openconfig, and Network Agent content exists in the Junos as a daemon through the na-telemetry package. The OpenConfig package can still be installed as an add-on package on top of the default package if you want to upgrade OpenConfig without upgrading Junos OS.

    [See Configuring a Junos Telemetry Interface Sensor (CLI Procedure) and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • Expanded ON_CHANGE support for LLDP telemetry data through Junos Telemetry Interface (JTI) (MX Series)—Starting with Junos OS Release 18.3R1, OpenConfig support through remote procedure calls (gRPC) and JTI is expanded to support additional ON_CHANGE support for LLDP telemetry sensors. Periodical streaming of OpenConfig operational states and counters collects information at regular intervals. ON_CHANGE support streams operational states as events (only when there is a change), and is preferred over periodic streaming for time-sensitive missions.

    When you create a subscription using a top-level container as the resource path (for example, /lldp), a leaf under the resource path /lldp with ON_CHANGE support is automatically streamed based on events. If a leaf under the resource path does not have ON_CHANGE support, it will not be streamed.

    These paths, previously supporting periodical streaming only, now also support ON_CHANGE streaming:

    • /lldp/state/enabled

    • /lldp/state/chassis-id

    • /lldp/state/chassis-id-type

    • /lldp/state/system-name

    • /lldp/state/system-description

    • /lldp/state/hello-timer

    • /lldp/interfaces/interface/state/name

    • /lldp/interfaces/interface/state/enabled

    • /lldp/interfaces/interface/neighbors/neighbor/state/chassis-id

    • /lldp/interfaces/interface/neighbors/neighbor/state/chassis-id-type

    • /lldp/interfaces/interface/neighbors/neighbor/state/port-id

    • /lldp/interfaces/interface/neighbors/neighbor/state/port-id-type

    • /lldp/interfaces/interface/neighbors/neighbor/state/port-description

    • /lldp/interfaces/interface/neighbors/neighbor/state/system-name

    • /lldp/interfaces/interface/neighbors/neighbor/state/system-description

    • /lldp/interfaces/interface/neighbors/neighbor/state/management-address

    • /lldp/interfaces/interface/neighbors/neighbor/state/management-address-type

    • /lldp/interfaces/interface/neighbors/neighbor/capabilities

    These resource paths from the preceding list do not change with an event, but will be streamed on creation and deletion:

    • /lldp/interfaces/interface/neighbors/neighbor/state/chassis-id

    • /lldp/interfaces/interface/neighbors/neighbor/state/chassis-id-type

    • /lldp/interfaces/interface/neighbors/neighbor/state/system-name

    Before events are streamed, there is an initial stream of states to the collector, followed by an END_OF_INITIAL_SYNC. This notice signals the start of event streaming.

    To provision the sensor to export data through gRPC streaming, use the telemetry Subscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module. Beginning in Junos OS Release 18.2X75-D10, OpenConfig and Network Agent packages are bundled into the Junos image by default. OpenConfig can be found as a default package named junos-openconfig, and Network Agent content exists in the Junos as a daemon through the na-telemetry package. The OpenConfig package can still be installed as an add-on package on top of the default package if you want to upgrade OpenConfig without upgrading Junos OS.

    [See Configuring a Junos Telemetry Interface Sensor (CLI Procedure) and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • BGP and statically configured SR-TE traffic statistics sensor support for Junos Telemetry Interface (JTI) (MX Series and PTX Series)—Starting with Junos OS Release 18.3R1, you can export traffic statistics for both ingress IP traffic and transit MPLS traffic that take Segment Routing Traffic Engineering (SR-TE) paths. This feature provides support for BGP [DRAFT-SRTE] and statically configured SR-TE policies at ingress routers.

    Export JTI statistics using either gRPC streaming or UDP native sensors. The following resource paths are supported.

    For UDP native sensors:

    • /junos/services/segment-routing/traffic-engineering/ingress/usage/

    • /junos/services/segment-routing/traffic-engineering/transit/usage/

    For gRPC streaming:

    • /mpls/signaling-protocols/segment-routing/

    For exporting statistics using UDP native sensors, configure parameters at the [edit services analytics] hierarchy level.

    To provision the sensor to export data through gRPC streaming, use the telemetry Subscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module.

    For both export methods, you also must specify that these statistics be collected. To do this, configure collection at the [edit protocols source-packet-routing telemetry statistics] hierarchy level.

    [See sensor, source-packet-routing, and Guidelines for gRPC Sensors (Junos Telemetry Interface).

MPLS

  • Support of pseudowire headend termination for L3VPN and MVPN (MX Series)—Starting in Junos OS Release 18.3R1, the support for pseudowire subscriber service interface over redundant logical tunnels is introduced in Layer 3 VPNs and draft-rosen multicast VPNs. Earlier, Layer 3 VPNs provided support for pseudowire subscriber services over logical tunnel interfaces only, and these interfaces used unicast routing protocols, such as OSPF and BGP. This feature introduces provisioning of a multicast routing protocol, Protocol Independent Multicast (PIM), on the pseudowire subscriber interfaces, which gets terminated on the virtual routing and forwarding (VRF) routing instance.

    With this feature, you can enable pseudowire subscriber interfaces for inet, inet6, dual inet, and inet6 stack families, and benefit from the additional resiliency support because of the increase in pseudowire logical interface devices scaling numbers.

    [See Pseudowire Subscriber Logical Interfaces Overview.]

Multicast

  • Persistent designated-router status for last-hop routers (MX Series)—Starting in Junos OS Release 18.3R1, you can configure a designated router to persist according to your design criteria rather than according to the results of the default designated-router election logic by setting the stickydr CLI command.

    Use stickydr to prevent traffic loss, for example, in situations where the designated router election may result in unintended changes after an interface-down event or device upgrade.

    To enable designated-router persistence on a configured LAN, enable stickydr on all last-hop routers in the LAN, as shown in the following example:

    [See stickydr. ]

Network Management and Monitoring

  • Customized MIBs for sending custom traps based on syslog events (MX Series)—Starting in Junos OS Release 18.3R1, there is a process whereby customers can define their own MIBs for trap notifications. The customized MIB maps a particular error message with a custom OID rather than a generic one. Juniper Networks provides two new MIB roots reserved for customer MIBs, one for the custom MIB modules and the other for the trap notifications. For this process, you must convert the MIB to YANG format, and a tool is available for that.

    [See Customized SNMP MIBs for Syslog Traps.]

  • Support over aggregated Ethernet interfaces added for SNMP CoS MIB for interface-sets queue counters (MX Series)—Starting in Junos OS Release 18.3R1, Junos OS supports SNMP reporting of queue statistics for static interface-sets configured over Aggregate Ethernet (AE) interfaces.

    [See show snmp mib and SNMP MIB Explorer.]

Restoration Procedures Failure

  • Device recovery mode introduced in Junos OS with upgraded FreeBSD (MX Series)—Starting in Junos OS Release 18.3R1, for devices running Junos OS with upgraded FreeBSD, provided you have saved a rescue configuration on the device, there is an automatic device recovery mode that goes into action should the system go into amnesiac mode. The new process is for the system to automatically retry to boot with the saved rescue configuration. In this circumstance, the system displays a banner "Device is in recovery mode” in the CLI (in both the operational and configuration modes). Previously, there was no automatic process to recover from amnesiac mode. A user with load and commit permission had to log in using the console and fix the issue in the configuration before the system would reboot.

    [See Saving a Rescue Configuration File.]

Routing Protocols

  • IPv4 over IPv6 tunnel scaling per chassis by increasing number of line cards—Starting in Junos OS Release 18.3R1, you can configure BGP to tunnel the IPv4 unicast routes along with IPv6 nexthop.

  • Junos OS, OpenConfig, and Network Agent packages are delivered in a single TAR file (MX Series)—Starting in Junos OS Release 18.3R1, the Junos OS image includes the OpenConfig package and Network Agent; therefore, you do not need to install OpenConfig or Network Agent separately on your device.

    [See Installing the OpenConfig Package, and Installing the Agent Network Package.]

  • IS-IS overloading stub networks (MX Series)—Starting in Junos OS Release 18.3R1, new configuration options external-prefixes, and internal-prefixes are available at the [edit protocols isis overload] hierarchy level to control overload of internal prefixes, external prefixes or both internal and external prefixes according to network requirements. The user can choose not to receive any traffic for internal and external prefixes advertised by the overloaded IS-IS routers unless the router is the only node in the network that hosts the prefix. In previous Junos OS releases, overloaded IS-IS routers continued to receive traffic for prefixes even if the user did not want to receive traffic for directly attached prefixes.

    [See Configuring IS-IS Prefix Overload .]

Security

  • Support for configuring MACsec EAPoL destination address (MX Series)—Starting in Junos OS Release 18.3R1, you can configure an Extensible Authentication Protocol over LAN (EAPoL) destination MAC address by including the eapol-address (pae | provider-bridge | lldp-multicast) statement at the [set security macsec connectivity-association connectivity-association-name mka] hierarchy level.

    To establish a MACsec session, MACsec Key Agreement PDUs are sent or received between nodes. These PDUs are EAPoL packets and, by default, their destination MAC address is the EAPoL multicast address 01:80:C2:00:00:03. If the nodes are connected through a provider network, they might consume these multicast packets or drop them depending on their configuration. To overcome this issue, configure the EAPoL address for PAE, provider-bridge, and LLDP multicast by using the aforementioned configuration.

    [See mka (MX Series).]

  • Support for AES-256 MACsec encryption (MX80, MX104, MX240, MX480, and MX960)—Starting in Junos OS Release 18.3R1, the MIC-MACSEC-20G MIC provides 256-bit MACsec encryption on MX80, MX104, MX240, MX480, and MX960 routers. This MIC supports MACsec on twenty 1-Gigabit Ethernet SFP ports and on two 10-Gigabit Ethernet SFP+ ports in the following hardware configurations:

    • Installed directly on the MX80 and MX104 routers

    • Installed on MPC1, MPC2, MPC3, MPC2E, MPC3E, MPC2E-NG, and MPC3E-NG line cards on the MX240, MX480, and MX960

Service Applications

  • Support for filtering DNS requests for blacklisted website domains (MX Series with MS-MPCs)—Starting in Junos OS Release 18.3R1, you can configure DNS filtering to identify DNS requests for blacklisted website domains.

    For DNS request types A, AAAA, MX, CNAME, TXT, SRV, and ANY, you also configure the action to take for a DNS request for a blacklisted domain. You can either:

    • Block access to the website by sending the client a DNS response corresponding to the DNS request type with the IP address or fully qualified domain name (FQDN) of a DNS sinkhole server. This ensures that the client sends further traffic for the blacklisted domain to the sinkhole server.

    • Log the request and allow access.

    For other DNS request types for a blacklisted domain, the request is logged and access is allowed.

    [See Filtering DNS Requests for Blacklisted Website Domains.]

  • MX Series Virtual Chassis NAT support (MX240, MX480, and MX960 routers with MS-MPCs and MS-MICs)—Starting in Junos OS Release 18.3R1, you can configure a two-member MX Series Virtual Chassis to use IPv4-to-IPv4 basic network address translation (NAT), dynamic NAT, static destination NAT, dynamic NAT with port mapping, and stateful NAT64. A two-member MX Series Virtual Chassis configuration supports a maximum of four MS-MPCs and four MS-MICs per Virtual Chassis.

    [See Protocols and Applications Supported by the MS-MIC and MS-MPC.]

Software-Defined Networking

  • Support for PCE-initiated point-to-multipoint LSPs (MX Series)—Starting in Junos OS Release 18.3R1, the Path Computation Element Protocol (PCEP) functionality is extended to allow a stateful PCE to initiate, provision, and modify point-to-multipoint traffic engineering LSPs through a PCC.

    Currently, Junos OS supports only point-to-point PCE-initiated LSPs. With the introduction of point-to-multipoint PCE-initiated LSPs, a PCE can initiate and provision a point-to-multipoint LSP dynamically without the need for local LSP configuration on the PCC. The PCE can also control the timing and sequence of the point-to-multipoint path computations within and across (PCEP) sessions, thereby creating a dynamic network that is centrally controlled and deployed.

    [See Understanding Path Computation Element Protocol for MPLS RSVP-TE with Support for PCE-Initiated Point-to-Multipoint LSPs.]

  • Support for Junos Node Slicing (MX2008 routers)—Starting with Junos OS Release 18.3R1, Junos Node Slicing is supported on MX2008 routers. Junos Node Slicing allows a single MX Series router to be partitioned to appear as multiple, independent routers. Each partition has its own Junos OS control plane, which runs as a virtual machine (VM), and a dedicated set of line cards. Each partition is called a guest network function (GNF). In the node slicing setup, the MX Series router functions as the base system (BSYS).

    [See Junos Node Slicing Overview.]

  • Abstracted Fabric Interface Support for Junos Node Slicing (MX Series Routers with MPC5E and MPC6E)—Junos Node Slicing supports Abstracted Fabric (AF) interface, a pseudo interface that facilitates routing control and management traffic between guest network functions (GNFs) via the switch fabric. An AF interface is created on a GNF to communicate with its peer GNF when the two GNFs are configured to be connected to each other. The bandwidth of the AF interfaces changes based on the insertion or reachability of the remote line card or MPC. Starting in Junos OS Release 18.3R1, GNFs support the following AF-capable MPCs as well:

    • MPC5E (MPC5E-40G10G, MPC5EQ-40G10G, MPC5E-40G100G, MPC5EQ-40G100G)

    • MPC6E (MX2K-MPC6E)

    See [Abstracted Fabric (AF) Interface.]

  • Support for transmit load-balancing statistics on abstracted fabric interface (MX Series)—Starting in Junos OS Release 18.3R1, Junos Node Slicing supports transmit load-balancing statistics on abstracted fabric (AF) interfaces. The show interfaces af-interface-name output provides transmit statistics of each Packet Forwarding Engine peer list on a given AF interface, in addition to the physical interface statistics. The output displays information such as residual transmit statistics, fabric queue statistics, and residual fabric queue statistics.

    [See show interfaces (Abstracted Fabric).]

  • Support for non-root users in JDM for Junos Node Slicing—Starting in Junos OS Release 18.3R1, Juniper Device Manager (JDM) for Junos Node Slicing supports configuration of non-root users. A JDM root user can create non-root users in the JDM by using the set system login user username class class command. The non-root users can interact with JDM; orchestrate and manage the GNFs; and monitor the state of the JDM, host server, and the GNFs by using the existing JDM CLIs.

    [See Configuring Non-Root Users in JDM (Junos Node Slicing).]

  • Support for OpenDaylight controller (Nitrogen) (MX Series) —Starting with Junos OS Release 18.3R1, MX Series routers support the Nitrogen release version of the OpenDaylight (ODL) controller. The ODL controller, also known as ODL platform, provides a southbound Network Configuration Protocol (NETCONF) connector API, which uses NETCONF and YANG models to interact with a network device. You can use the ODL controller to carry out configuration changes in MX Series routers, and provision and orchestrate the routers. The ODL controller provides an open-source platform for network programmability aimed at enhancing software-defined networking (SDN).

    [See Configuring Interoperability Between MX Series Routers and OpenDaylight.]

Subscriber Management and Services

  • DHCPv6 subscriber class differentiation with the DHCPv6-Options VSA (26-207) (MX Series)—Starting in Junos OS Release 18.3R1, you can use VSA 26-207 to differentiate between different classes of subscribers during DHCPv6 relay authentication. Configure your RADIUS server to include the following information in DHCPv6 Option 17:

    • Juniper Networks enterprise number, 2636

    • Suboption 5, JDHCPD_VS_OPT_CODE_KT_SUBSCRIBER_CLASS

    You set a different value for suboption 5 for each class. The VSA conveys this Option 17 information in the Access-Accept message RADIUS returns during DHCPv6 subscriber authentication. The DHCPv6 relay agent extracts the Option 17 information and passes the information to the DHCPv6 local server in the Relay-Forward header.

    In earlier releases, only the DHCP local server supports VSA 26-207; only suboption 1 (hostname) and suboption 4 (location) are supported.

    [See Exchange of DHCPv4 and DHCPv6 Parameters with the RADIUS Server Overview.]

  • Support for per-subscriber application-aware policy control (MX Series routers with Junos Node Slicing)—Starting in Junos OS Release 18.3R1, Junos Node Slicing supports per-subscriber application-aware policy control. With this support, the Multiservices MPCs and Multiservices MICs on the routers configured with Junos Node Slicing provide per-subscriber policy control based on Layer 7 application identification information for the IP flow (for example, YouTube) or Layer 3 and Layer 4 information for the IP flow (for example, the source and destination IP address). Subscriber application-aware policy actions can include:

    • Redirecting HTTP traffic to another URL or IP address

    • Steering with a routing instance

    • Setting the forwarding class

    • Setting the maximum bit rate

    • Setting the gating status to blocked or allowed

    • Setting the allowed burst size

    • Logging data for subscriber application-aware data sessions and sending that data in an IP Flow Information Export (IPFIX) format to an external log collector, using UDP-based transport.

    [See Understanding Application-Aware Policy Control for Subscriber Management.]

  • Support for remote device service management (MX Series)—Starting in Junos OS Release 18.3R1, a new service type is supported on BNGs, remote-device-services. The new remote device services manager (RDSM) provisions and deprovisions services on remote devices that are managed as logical extensions to the BNG. Remote devices are subscriber-facing devices such as OLTs, DSLAMs, and other access nodes. The BNG acts as a proxy server for the remote devices for service configuration. To external management and provisioning (PCRF, RADIUS) systems, the BNG together with its remote devices acts as a single addressable network element. A dynamic service profile is applied by the external authority by reference during subscriber provisioning to initiate service actions on the remote devices.

    [See Remote Device Services Manager (RDSM) Overview.]

  • Enhancements to static subscriber usernames and interface support (MX Series)—Starting in Junos OS Release 18.3R1, the following enhancements are added for subscribers on static interfaces:

    • You can include outer and inner VLAN tags from the static interface in the global or group usernames.

    • You can specify any single character as the delimiter between username elements.

    • Pseudowire interfaces over logical tunnels are supported for static subscribers, which enables full subscriber management equivalent to dynamic subscribers for statically provisioned subscribers whose traffic is transported over IP/MPLS access models (PS/LT).

      The maximum logical unit number range for pseudowire static interfaces is increased from 16,385 to 1,073,741,823.

    [See Configuring the Static Subscriber Global Username and Configuring the Static Subscriber Group Username.]

  • Support for IPFIX mediation on the BNG (MX Series)—Starting in Junos OS Release 18.3R1, you can configure a BNG to act as an intermediary device between IPFIX exporters and collectors, while having the functions of both. The IPFIX mediator function collects performance management data via IPFIX records from downstream access network devices such as OLTs and advanced ONUs. This data along with local performance management data from the MX BNG is aggregated and relayed to an upstream IPFIX collector. From the reference point of the IPFIX collector, IPFIX mediation enables the router and its associated access network devices to appear as a single IPFIX export source leveraging a single TCP/IP connection between the MX BNG and the upstream collector.

    [See IPFIX Mediation on the BNG.]

  • Support for TCP port forwarding (MX Series)—Starting in Junos OS Release 18.3R1, TCP port forwarding enables a BNG to mediate communication between its connected access nodes and service provider back-office systems, such as external management and provisioning systems (leveraging NETCONF XML management protocol) and TACACS+ servers. The BNG and its downstream access nodes are presented to back-office systems as a single addressable network element. Communication requests to and from access nodes are redirected from one address and port number combination to another while packets traverse the MX Series router. You configure unique combinations of listening ports and listening addresses on the BNG. TCP connections are triggered when traffic from acceptable prefixes arrives on the listening port and matching listening address.

    [See TCP Port Forwarding for Remote Device Management.]

Release History Table
Release
Description
Beginning in Junos OS Release 18.2X75-D10, OpenConfig and Network Agent packages are bundled into the Junos image by default. OpenConfig can be found as a default package named junos-openconfig, and Network Agent content exists in the Junos as a daemon through the na-telemetry package. The OpenConfig package can still be installed as an add-on package on top of the default package if you want to upgrade OpenConfig without upgrading Junos OS.
Beginning in Junos OS Release 18.2X75-D10, OpenConfig and Network Agent packages are bundled into the Junos image by default. OpenConfig can be found as a default package named junos-openconfig, and Network Agent content exists in the Junos as a daemon through the na-telemetry package. The OpenConfig package can still be installed as an add-on package on top of the default package if you want to upgrade OpenConfig without upgrading Junos OS.