New and Changed Features
This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for MX Series.
Release 18.4R2 New and Changed Features
Subscriber Management and Services
Additional encapsulations added to pseudowire subscriber logical interfaces (MX Series with MPC and MIC)—Currently, the supported encapsulation type on the pseudowire subscriber interfaces include:
Transport logical interfaces—Circuit cross-connect (CCC) encapsulation.
Service logical interfaces:
Ethernet VPLS encapsulation
VLAN bridge encapsulation
VLAN VPLS encapsulation
Starting in Junos OS Release 18.4R2, in addition to the existing encapsulation types, the following support is provided:
Transport logical interfaces—Ethernet VPLS encapsulation, and provision for terminating the interface on the l2backhaul-vpn routing-instance.
Service logical interfaces—Circuit cross-connect (CCC) encapsulation, and provision for terminating the interface on locally switched Layer 2 circuits.
Release 18.4R1 New and Changed Features
Smart SFP and smart SFP+ support (MX Series)—Starting in Junos OS Release 18.4R1, the smart SFP transceivers and smart SFP+ transceiver in Table 1 and Table 2 are supported on the listed MX Series routers.
Table 1: SFP Transceiver Support on the MX Series
Supported MPCs, MICs, and Platforms
MX-MPC1E-3D (with MIC)
MX-MPC1E-3D-Q (with MIC)
MX-MPC2E-3D (with MIC)
MX-MPC2E-3D-Q (with MIC)
MX-MPC2E-3D-NG (with MIC)
MX-MPC3E-3D-NG (with MIC)
MX80 (with MIC)
MX104 (fixed interfaces as well as MIC)
MX240, MX480, and MX960 (with MPC+ MIC)
Table 2: SFP+ Transceiver Support on the MX Series
Supported MPCs, MICs, and Platforms
MX-MPC1E-3D (with MIC)
MX-MPC1E-3D-Q (with MIC)
MX-MPC2E-3D (with MIC)
MX-MPC2E-3D-Q (with MIC)
MX-MPC2E-3D-NG (with MIC)
MX-MPC3E-3D-NG (with MIC)
MX80 (with MIC)
MX104 (fixed interfaces as well as MIC)
MX240, MX480, and MX960 (with MPC+ MIC)
See the [Hardware Compatibility Tool].
Support for 40-Gbps ports to operate at 1-Gbps or 10-Gbps speed (MX10008 )—Starting in Junos OS Release 18.4R1, you can use the Mellanox pluggable adapter (QSFP+ to SFP+ adapter or QSA; model number: MAM1Q00A-QSA) to convert quad-lane based ports to a single-lane based SFP+ port. The QSA adapter has the QSFP+ form factor with a receptacle for the SFP+ module. Use the QSA adapter to convert a 40-gigabit port to a 1-Gbps or a 10-Gbps port. You can plug-in a 10-Gbps SFP+ transceiver into the QSA adapter, which is inserted into the QSFP or QSFP+ ports of the MX10K-LC2101 line cards of the MX10008 router.
Authentication, Authorization and Accounting (AAA) (RADIUS)
Support for password change policy enhancement (MX Series)—Starting in Junos OS Release 18.4R1, the Junos OS password change policy for local user accounts is enhanced to comply with additional password policies. As part of the policy improvement, you can configure the following:
maximum-lifetime-value—The maximum duration of a password. The password expires after the maximum is reached.
minimum-lifetime-value—The minimum duration of a password. You cannot change the password until the minimum duration is reached.
Class of Service (CoS)
Support for five-level hierarchical CoS with dynamic interface set over dynamic interface sets (MX Series) — Starting in Junos OS Release 18.4R1, five-level hierarchical CoS with the ability to configure dynamic interface sets over dynamic interface sets is supported on NG-MPC2E, NG-MPC3E, MPC5, and MPC7 line cards.
Support for dynamic and static logical interfaces in the same dynamic interface set (MX Series) — Starting in Junos OS Release 18.4R1, you can apply dynamic and static logical interfaces in the same dynamic interface set on all MPCs that support four-level and five-level hierarchical CoS.
Support for VMTO for ingress traffic (MX Series)—Starting in Junos OS Release 18.4R1, you can configure a leaf or spine device that is configured as a Layer 3 gateway to support virtual machine traffic optimization (VMTO) for ingress traffic. VMTO eliminates the unnecessary ingress routing to default gateways when a virtual machine is moved from one data center to another.
To enable VMTO, configure remote-ip-host routes at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. You can also filter out the unwanted routes by configuring an import policy under the remote-ip-host routes option.
Support for multihomed proxy advertisement (MX Series)—Starting in Junos OS Release 18.4R1, Junos OS now provides enhanced support to proxy advertise the MAC address and IP route entry from all leaf devices that are multihomed to a CE device. This can prevent traffic loss when one of the connections to the leaf device fail. To support the multihomed proxy advertisement, all multihomed PE devices should have the same multihomed proxy advertisement bit value. The multihomed proxy advertisement feature is enabled by default, and Junos OS uses the default multihomed proxy advertisement bit value of 0x20.
[See EVPN Multihoming Overview.]
Automatically generated and assigned Ethernet segment identifiers in EVPN-VXLAN and EVPN-MPLS Networks (MX240, MX480, QFX5100, and QFX5110)—Starting in Junos OS Release 18.4R1, you can configure aggregated Ethernet interfaces and aggregated Ethernet logical interfaces on which LACP is enabled to automatically generate and assign Ethernet segment identifiers (ESIs) to themselves. We support this feature in the following environments:
On MX240 or MX480 routers that are multihomed in active-standby or active-active mode in an EVPN-MPLS network.
On QFX5100 or QFX5110 switches that are multihomed in active-active mode in an EVPN-VLAN network.
MLD snooping support for EVPN-MPLS (MX Series and vMX)—Starting with Junos OS Release 18.4R1, you can configure Multicast Listener Discovery (MLD) protocol snooping on MX Series routers with MPCs and vMX routers in an EVPN over an MPLS network. Enabling MLD snooping helps to constrain IPv6 multicast traffic to interested receivers in a broadcast domain. Multicast sources and receivers in the EVPN instance (EVI) can each be single-homed to one provider edge (PE) device or multihomed in all-active mode to multiple PE devices.
MLD snooping support in this environment includes:
Either MLDv1 and MLDv2 with any-source multicast (*,G) or MLDv2 with source-specific multicast (S,G) (configurable)
MLD state synchronization among multihoming PE devices using BGP EVPN Type 7 (Join Sync Route) and Type 8 (Leave Sync Route) network layer reachability information (NLRI)
Inclusive multicast forwarding from the ingress PE device into the EVPN core to reach all other PE devices
Forwarding across bridge domains (VLANs) using IRB interfaces and PIM operating in passive and distributed designated router (PIM-DDR) modes
Support for graceful restart on EVPN-VXLAN (MX Series)—Starting in Junos OS Release 18.4R1, Junos OS supports graceful restart on EVPN-VXLAN on EX9200 and QFX Series switches and MX Series Routers. Graceful restart allows the device to recover from a routing process restart or Routing Engine switchover without nonstop active routing (NSR) enabled.
Forwarding and Sampling
Support for activating or deactivating static routes on the basis of RPM test results (MX Series)—Starting in Junos OS 18.4R1, you can use RPM probes to detect link status, and change the preferred-route state on the basis of the probe results. Tracked routes can be IPv4 or IPv6, and support a single IPv4 or IPv6 next hop. For example, RPM probes can be sent to an IP address to determine if the link is up, and if so, take the action of installing a static route in the route table . RPM-tracked routes are installed with preference 1 and thus are preferred over any existing static routes for the same prefix.
Avoid jlock hogs by configuring jlock hold time (MX Series)—Starting with Junos OS Release 18.4R1, users can configure a jlock hold time threshold value via sysctl. This helps avoid jlock hogs (tight loops) in ifd_walk by dropping the jlock after the threshold time is reached. The default hold time is 50ms.
[See sysctl() Function]
High Availability (HA) and Resiliency
BFD Client for segment routing (MX Series)—This feature is not supported on Junos OS Release 18.4R1. You can configure Junos OS to run Seamless Bidirectional Forwarding Detection (S-BFD) over non colored segment routing tunnels and use S-BFD as a fast mechanism to detect path failures. You can configure bfd-liveness-detection at the [edit protocols source-packet-routing segment-list] hierarchy level for enabling path-level S-BFD for a segment list.
Resiliency support for Switch Interface Boards (MX10016)—Starting in Junos OS Release 18.4R1, resiliency support is enabled for Switch Interface Boards (SIBs) on MX10016 routers. Resiliency support enables the device to monitor hardware anomalies that can appear at boot time or at runtime. IDEEPROM read failure is an example of boot-time error. Voltage and temperature sensor readings that do not match permissible limits are examples of runtime errors.
Interfaces and Chassis
Support for enhanced Switch Control Board (MX240, MX480, and MX960)—Starting in Release 18.4R1, Junos OS supports the Enhanced Switch Control Board SCBE3-MX (model number: SCBE3-MX-S) on the MX240, MX480, and MX960 routers. The SCBE3-MX-S supports a pluggable Routing Engine and provides a control plane and data plane interconnect to each line card slot. The SCBE3-MX provides a fabric bandwidth of up to 480Gbps, using four fabric planes (with MPC7 line cards).
The following Routing Engines are supported on SCBE3-MX: RE-S-1800x2, RE-S-1800x4, RE-S-X6-64G, and RE-S-X6-128G.
The SCBE3-MX interoperates with the following existing line cards: MS-MPC, MPC2-NG, MPC3, MPC3-NG, MPC4, MPC5, and MPC7.
SCBE3-MX supports fabric hardening. It supports configuration of per fpc bandwidth-degradation and per fpc blackhole-action.
The SCBE3-MX does not interoperate with any previous-generation SCBs (SCB, SCBE, and SCBE2). Also, the SCBE3-MX does not support smooth upgrade.
[See SCBE3-MX Description]
VRF-aware syslog client (MX Series)—Starting in Junos OS Release 18.4R1, the system log (syslog) client is completely VRF aware. If a server is reachable through a virtual routing and forwarding (VRF) instance, the syslog client can send log messages to the server. To specify the routing instance through which the remote server is reachable, use the routing-instance statement (introduced at appropriate hierarchies).
In previous releases, the syslog client could send log messages to a server reachable through a VRF instance only if the server could be looked up using the default (inet.0 or inet6.0) routing table. If you set the management-instance statement, the server was reachable through that VRF instance but the syslog client could not send syslog messages to the server.
Layer 2 and Layer 3 protocols, platforms, and service features supported on MX10008— Starting in Junos OS Release 18.4R1, MX10008 routers support the following features:
Two-Way Active Management Protocol (TWAMP)—See Understanding Two-Way Active Measurement Protocol on Routers
Network Time Protocol (NTP)—NTP Overview
IGMP Snooping—IGMP Snooping Overview
BGP persistence for IPv4 and IPv6 and Segregation between interface specific code and DCD core code—Understanding the Long-Lived BGP Graceful Restart Capability and dcd
Connectivity Fault Management (CFM)—Ethernet OAM Connectivity Fault Management
Integrated Routing and Bridging (IRB)—Understanding Integrated Routing and Bridging
Rewrite of the first three bits of IPv6 DSCP value—inet6-precedence (CoS Rewrite Rules)
Junos Telemetry Interface
Export of subscriber accounting and dynamic interface and interface-set queue statistics through Junos Telemetry Interface (JTI) (MX Series Routers) —Starting in Junos OS Release 18.4R1, you can export statistics associated with dynamic subscriber interface stacking through remote procedure calls (gRPC). Accurate statistics (actual transit statistics) sensor for the subscriber interface includes IP (total) and IPv6 ingress and egress packets and bytes. Queue statistics for dynamic interface and interface sets include include counts of transmitted and dropped packets and bytes. The queue statistics sensors are maintained per contributing slot (as in the case with AE). Separate metadata sensors convey more contextual information about the dynamic interface and interface sets are available. The metadata sensors are also eligible for ON_CHANGE streaming.
To enable subscriber and queue statistics for telemetry, include the subscriber-statistics and queue-statistics statements at the [edit dynamic-profiles profile-name telemetry] hierarchy level.
Expanded ON_CHANGE support for Junos Telemetry Interface (JTI) (MX960, MX2010, MX2020, PTX5000, PTX1000, and PTX10000)—Starting in Junos OS Release 18.4R1, OpenConfig support through remote procedure call (gRPC) and JTI is extended to support additional ON_CHANGE sensors.
Periodical streaming of OpenConfig operational states and counters collects information at regular intervals. ON_CHANGE support streams operational states as events (only when there is a change), and is preferred over periodic streaming for time-sensitive missions.
These paths, previously supporting periodical streaming only, now also support ON_CHANGE streaming:
ON_CHANGE notification will be supported on all the hardware components displayed in the Junos OS CLI operational mode command show chassis hardware.
To provision a sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. To enable ON_CHANGE support, configure the sample frequency in the subscription as zero.
Support for NTF agent (MX240, MX480, MX960, MX2010, MX2020, PTX1000, PTX5000, PTX10000, and VMX)—Junos OS exposes telemetry data over gRPC and UDP as part of the Junos Telemetry Interface (JTI). One way to stream JTI data into your existing telemetry and analytics infrastructure requires managing an external entity to convert the data into a compatible format. Starting in Junos OS Release 18.4R1, the NTF agent feature provides an on-box solution that allows you to configure and customize to which endpoint (such as IPFIX and Kafka) the JTI data is delivered and in which format (such as AVRO, JSON, and MessagePack) the data is encoded.
[See NTF Agent Overview.]
Abstracted fabric interface support on Junos Telemetry Interface (JTI) (MX480, MX960, MX2008, MX2010, MX2020, and MX-ELM)—Starting in Junos OS Release 18.4R1, JTI sensor support is available for abstracted fabric interfaces. An abstracted fabric interface is a pseudointerface that represents a first class Ethernet interface behavior. This sensor is only supported for node virtualization configurations on MX routers with an abstract fabric Interface as the connecting link between guest network functions (GNFs). JTI sensors will report interface-specific load-balancing and fabric queue statistics. They also will report aggregated statistics across all abstracted fabric interfaces hosted on a source Packet Forwarding Engine of local guest network functions (GNFs) along with the fabric statistics for all traffic ingressing from and egressing to the fabric from that Packet Forwarding Engine.
JTI sensor support is for both gRPC sensors and native (UDP) sensors. Use the following resource path to configure JTI sensors:
To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).
For exporting statistics using UDP native sensors, configure parameters at the [edit services analytics] hierarchy level.
Enhanced IS-IS sensor support for Junos Telemetry Interface (JTI) (MX960, MX2020, PTX5000, PTX1000, and PTX10000)—Starting in Junos OS Release 18.4R1, JTI supports OpenConfig Version v0.3.3 (from v0.2.1) for resource paths related to IS-IS link-state database (LSDB) streaming. The difference between the two versions results in changes, additions, deletions, or non-support for leaf devices related to the following IS-IS type length value (TLV) parameters and IS-IS areas:
TLV 135: extended-ipv4-reachability
TLV 236: ipv6-reachability
TLV 22: extended-is-reachability
TLV 242: router-capabilities
IS-IS interface attributes
IS-IS adjacency attributes
To provision the sensor to export data through gRPC streaming, use the telemetry Subscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig and Network Agent packages, both of which are bundled into the Junos image in a default package named
Layer 2 VPN
Group VPN on AMS interface (MX Series)—Starting in Junos OS Release 18.4R1, Junos OS supports load-balancing Group VPN services on AMS interfaces. AMS interfaces are a bundle of interfaces that function as a single interface and can be configured to load-balance traffic among the group members. To configure load balancing of Group VPN services on AMS interfaces, include the ipsec-group-vpn in the [edit services service-set service-set-name] hierarchy level to configure the service set and the load-balancing-option statements in the service-interface hierarchy of the AMS interface to enable load balancing.
For more information on configuring AMS interfaces, see Configuring Aggregated Multiservices Interfaces.
[See Group VPN on AMS Interfaces.]
Track IGP metric for install prefixes (MX Series)—Starting in Junos OS Release 18.4R1, you can let the install prefixes follow the metric of their corresponding IGP prefix so that the various RSVP protocol routes installed for the LSP can now each have their indivdual metric value. The install-prefix IGP metric tracking feature can be configured for all LSPs at the [edit protocols mpls] level or on a per-LSP basis at the [edit protocols mpls label-switched-path] hierarchy level.
[See Install Prefix IGP Overview.]
Support for IP-based filtering and port mirroring of MPLS traffic (MX Series with MPC and MIC)—Starting in Junos OS Release 18.4R1, you can apply inbound and outbound filters for MPLS family based on MPLS-tagged IPv4 and IPv6 parameters using inner payload match conditions, and enable selective port mirroring of MPLS traffic unto a monitoring device.
To enable IP-based filtering, additional match conditions, such as IPv4 and IPv6 source and destination addresses, protocol, source and destination ports, and IPv4 and IPv6 source and destination prefix list, are added under the MPLS filter term from parameter.
To enable port mirroring, additional actions, such as port-mirror and port-mirror-instance, are added for all the match conditions under the filter term then parameter.
Static egress LSP with IPv6 next-hop—Starting in Junos OS Release 18.4R1, you can configure static LSP on the egress router with the IPv6 as a nexthop address to forward IPv6 traffic. Static LSP supports nexthop indirection and link protection.
Network Management and Monitoring
New major alarms on MX Series routers with MPC1 and MPC2—Starting in Junos OS Release 18.4R1, on MX Series routers with MPC1 and MPC2 line cards, a major chassis alarm is raised when the following transient hardware errors occur:
CPQ SRAM parity error
CPQ RLDRAM double bit ECC error
In the Description column of show chassis alarm outputs, these errors are described as “FPC <slot number> Major Errors”; for example:
user@host> show chassis alarms
5 alarms currently active Alarm time Class Description 2018-10-05 18:48:06 PDT Major FPC 9 Major Errors
By default, these errors result in the Packet Forwarding Engine interfaces on the FPC being disabled. You can use the show chassis fpc errors command to view the default or user-configured action that resulted from the error.
You can check the syslog messages to learn more about the errors. See the following examples:
Oct 5 15:58:02 codeine fpc1 MQCHIP(0) CPQ RLDRAM double bit ECC error, bank 0 addr 0x0 Oct 5 15:58:02 codeine fpc1 MQCHIP(0) CPQ Sram parity error, errlog 0x0
To resolve the error, restart the line card. If the error is still not resolved, open a support case using the Case Manager link at https://www.juniper.net/cm/ or call 1-888-314-JTAC (within the United States) or 1-408-745-9500 (from outside the United States).
Support for Junos Space Service Now (MX10016)—Starting in Junos OS Release 18.4R1, MX10016 routers s support Junos Space Service Now. The Junos Space Service Now is an application that runs on the Junos Space Network Management Platform to automate fault management and accelerate issue resolution.
[See Junos Space Service Now.]
Operation, Administration, and Maintenance (OAM)
Support for inline link fault management (MX Series)—Starting in Junos OS Release 18.4R1, Junos OS supports inline mode for OAM link fault management (LFM) on MX Series routers. Inline LFM delegates the transmission and receipt of LFM keepalive packets from the periodic packet management (ppm) process on the line card to the forwarding ASIC (that is, to the hardware). Inline LFM reduces the load on the ppm process and can support LFM in-service software upgrade (ISSU) for non-Juniper peers (for a keepalive interval of 1 second). You can enable inline LFM by including the hardware-assisted-keepalives configuration statement at the [edit protocols oam ethernet link-fault-management] hierarchy level. To disable inline LFM, delete the hardware-assisted-keepalives statement. The show oam ethernet link-fault-management detail command displays the keepalive packet statistics. Starting from Release 18.4R1, when inline LFM is enabled, the keepalive packet statistics are not updated. In earlier releases, the show oam ethernet link-fault-management detail command displayed the keepalive packet statistics.
Routing Policy and Firewall Filters
Support for next-filter as a firewall filter action (MX Series)—Starting in Junos OS Release 18.4R1, firewall filters can be configured to execute a sequence of firewall filter actions. The new next-filter option allows you to deploy a filter list and run a series of filters, similar to what is already available with next-term actions, and provides filter scale optimization. Up to eight filters can be chained in this way. The feature is not supported on logical systems, or on loopback and pseudo-interfaces.
You can use a filter list to implement a mix of multifield-classification and firewall filter rules. For example, the first filter in the list can be used to perform a generic filter classification, and the subsequent filters can then do the actual filtering.
Filter-based GRE encapsulation (MX Series)—Starting in Junos OS Release 18.4R1, you can use tunnel-end-point commands to enable line-rate, filter-based, GRE tunneling of IPv4 and IPv6 payloads across IPv4 networks.
This GRE encapsulation is not supported for logical systems or for MPLS traffic, and the route lookup for GRE encapsulated traffic is supported on the default routing instance only.
The following commands are introduced for this feature:
set firewall tunnel-end-point tunnel-name gre
set firewall tunnel-end-point tunnel-name ipv4
set firewall tunnel-end-point tunnel-name ipv6
Support for BGP flowspec redirect to IP (MX Series)—Starting in Junos OS Release 18.4R1, BGP flow specification as described in BGP Flow-Spec Internet draft draft-ietf-idr-flowspec-redirect-ip-02.txt, Redirect to IP Action is supported. Redirect to IP action uses extended BGP community to provide traffic filtering options for DDoS mitigation in service provider networks. Legacy flow specification, as specified in the Internet draft draft-ietf-idr-flowspec-redirect-ip-00.txt, BGP Flow-Spec Extended Community for Traffic Redirect to IP Next Hop, redirect to IP uses the BGP nexthop attribute to support interoperability of devices. Junos OS advertises redirect to IP flow specification action using the extended community by default. Redirect to IP action allows you to divert matching flow specification traffic to a globally reachable address. This feature is required to support service chaining in virtual service control gateway (vSCG).
To configure a static IPv4 flow specification route, include the redirect ipv4-address statement at the [edit routing-options flow route then] hierarchy level in the configuration.
To configure a static IPv6 specification route, include the redirect ipv6-address statement at the [edit routing-options flow route then] hierarchy level in the configuration.
To configure legacy flow specification include legacy-redirect-ip-action at the [edit group bgp-group neighbor bgp neighbor family inet flow] hierarchy level.
To configure BGP to use VRF.inet.0 table to resolve VRF flow specification routes, include secondary-independent-resolution statement at the [edit protocols bgp neighbor family flow] hierarchy level.
Support for 64 BGP add-path routes (MX Series)—Starting in Junos OS Release 18.4R1, support is extended to 64 BGP add-path routes. Currently Junos OS supports six add-path routes and BGP can advertise up to 20 add-path routes through policy configuration. If you enable advertisement of multiple paths to a destination or if you increase the add-path prefix policy send count, BGP can now advertise up to 64 add-path routes.
To advertise all add-paths, up to 64 add-paths or only equal-cost paths, include the path-selection-mode statement at the [edit protocols bgp group group-name family name addpath send] hierarchy level. You cannot enable both multipath and path-selection-mode at the same time.
To advertise a second best path as a backup path in addition to the multiple ECMP paths include the include-backup-path backup_path_name statement at the [edit protocols bgp group group-name family name addpath send]] hierarchy level.
Support for BGP egress peer engineering (MX Series)—Starting in Junos OS Release 18.4R1, BGP LS extensions are enhanced to export segment routing topology information to the controller. A centralized controller in a software-defined network (SDN) can program any egress peer policy at ingress border routers or at hosts within the domain in a segment routing network. The egress router advertises SID labels for all its peers, and the controller advertises these SID labels to the ingress router. The SID label can be a node segment, or an adjacency segment, or a set segment label. Thus the ingress router can select these SID labels to transfer data packets to the egress peers. The path that the controller derives can override the network derived best path. This feature can also be used in an inter domain scenario.
To configure a peer node SID, include egress-te-node-segment-label at the [edit protocols bgp group group-name neighbor neighbor-name] hierarchy level.
To configure a peer adjacency SID, include egress-te-adj-segment adj-segment-name at the [edit protocols bgp group group-name neighbor neighbor-name] hierarchy level.
To create a peer set SID, include egress-te-set-segment set-segment-name label label-name at the [edit protocols bgp] hierarchy level.
Support for IPv4 VPN unicast and IPv6 VPN unicast address families in BGP (MX Series)—Starting in Junos OS Release 18.4R1, the following address families are supported to enable advertisement or reception, or both, of multiple paths to a destination to and from the same BGP peer, instead of advertising and receiving only the active path to and from the same BGP peer, under the [edit protocols bgp group group-name] hierarchy.
IPv4 VPN unicast (family inet-vpn)
IPv6 VPN unicast (family inet6-vpn)
BGP add path support for eBGP (MX Series)—Starting in Junos OS Release 18.4R1, add path receive is now supported for eBGP under the [edit logical-systems logical-system-name protocols bgp group group-name family family].
[See Understanding BGP.]
Support for MPLS-IPv6 inline active flow monitoring (MX Series)—Starting in Junos OS Release 18.4R1 on MX Series routers, you can perform inline flow monitoring for MPLS-IPv6 traffic. Both IPFIX and version 9 templates are supported. If you are running inline flow monitoring on a Lookup (LU) card, you must enable sideband mode to create MPLS-IPv6 flow records.
MX Series Virtual Chassis NAT support on BNG (MX240, MX480, and MX960 routers with MS-MPCs and MS-MICs)—Starting in Junos OS Release 18.4R1, you can configure a two-member MX Series Virtual Chassis to use the Juniper broadband network gateway (BNG) with IPv4-to-IPv4 basic NAT, dynamic NAT, static destination NAT, dynamic NAT with port mapping, and stateful NAT64. A two-member MX Series Virtual Chassis configuration supports a maximum of four MS-MPCs and four MS-MICs per Virtual Chassis.
MX Series Virtual Chassis DS-Lite support (MX240, MX480, and MX960 routers with MS-MPCs and MS-MICs)—Starting in Junos OS Release 18.4R1, you can configure DS-Lite on a two-member MX Series Virtual Chassis. A two-member MX Series Virtual Chassis configuration supports a maximum of four MS-MPCs and four MS-MICs per Virtual Chassis.
Software Defined Networking (SDN)
New features supported on Junos Node Slicing (MX Series)—Starting in Junos OS Release 18.4R1, Junos Node Slicing supports the following features:
Support for device family and release in Junos OS YANG modules. [See Understanding Junos OS YANG Modules.]
Support for adding user-defined YANG files that provide mappings between the XML path and the OpenConfig path for data streamed through the Junos Telemetry Interface. [See Configurable NETCONF Proxy for Junos Telemetry Interface.]
Support for multiple, smaller configuration YANG modules. [See Understanding the YANG Modules That Define the Junos OS Configuration.]
Support for bidirectional authentication (client and server authentication) for gRPC for Junos Telemetry Interface. [See gRPC Services for Junos Telemetry Interface.]
Junos events sensor for the Junos Telemetry Interface. [See Overview of the Junos Telemetry Interface.]
Input streaming for gRPC Network Management Interface. [See Understanding OpenConfig and gRPC on Junos Telemetry Interface.]
ON_CHANGE support for Junos Telemetry Interface. [See Understanding OpenConfig and gRPC on Junos Telemetry Interface.]
Enhanced TACACS+ behavior to support the management interface in a non-default virtual routing and forwarding (VRF) instance. [See Management Interface in a Non-Default Instance.]
TACACS+ authorization for operational commands using regular expressions. [See Using Regular Expressions on a RADIUS or TACACS+ Server to Allow or Deny Access to Commands.]
Enhanced support for the nondefault management instance mgmt_junos. [See Management Interface in a Non-Default Instance.]
Subscriber Management and Services
Subscriber management is not ready for deployment in Junos OS Release 18.4R1. You can use this release for testing and qualification, but we recommend you wait for a later 18.4 maintenance or service release for deployment.
Limit subscriber sessions per user and access profile (MX Series)—Starting in Junos OS Release 18.4R1, you can configure a limit on the number of sessions that can be active for a given username in an access profile.
The show network-access aaa statistics session-limit-per-username command displays the number of active sessions and of blocked requests for usernames in each access profile. The clear network-access aaa statistics session-limit-per-username command enables you to clear blocked requests for debugging subscriber session limits.
New BBE statistics collection and management process (MX Series)—Starting in Junos OS Release 18.4R1, the BBE statistics collection and management process, bbe-statsd, is introduced to take advantage of high-performance Routing Engines to increase the frequency of statistics collection and improve statistics processing in highly scaled environments. The bbe-stats-service option has been added to the restart command for restarting this statistics process.
To collect subscriber and service statistics, you now must enable the actual-transit-statistics statement. If you do not configure this statement, subscriber statistics are not collected; the show subscribers accounting-statistics command displays a value of zero for subscriber statistics; and the subscriber statistics are reported to RADIUS with values of zero.
Subscriber secure policy information not revealed in core file dumps (MX Series)—Starting in Junos OS Release 18.4R1, subscriber secure policy (SSP) information that might identify subscribers or mediation devices is automatically encrypted when the authd, bbe-smgd, or dfcd process generates core error files. Unauthorized persons examining the error files are unable to view the SSP information. The SSP information that might be present in the core error file includes the source and destination IP address for the mediation device, device ports, and intercept ID. No configuration is required or possible.
Increased number of IP addresses in DHCPv4 server groups (MX Series)—Starting in Junos OS Release 18.4R1, DHCPv4 server groups support up to 32 active server IP addresses. In earlier releases, only 5 servers are supported.
Address allocation method determines behavior when address pool is deleted or drained (MX Series)—Starting in Junos OS Release 18.4R1, additional checking is performed to determine the subsequent behavior when authd notifies the DHCP process that an address pool is deleted or being drained:
When addresses are allocated on demand, the family with the address in that pool is logged out immediately when the pool is deleted, or logged out gracefully by the draining process when a DHCP renew or rebind message is received.
When the addresses are preallocated, the addresses for both families are deleted immediately when the pool is deleted, or deleted gracefully by the draining process when a DHCP renew or rebind message is received.
Enhanced support for forwarding ACKs from trusted servers (MX Series)—Starting in Junos OS Release 18.4R1, the allow-server-change option of the active-server-group statement enables the DHCPv4 relay agent to forward ACKs to DHCP information request (DHCPINFORM) messages from any server in the active server group to the client. In earlier releases, only ACKs to DHCP request (renew or rebind) messages can be forwarded from trusted servers.
Support for DHCPv6 NotOnLink status code (MX Series)—Starting in Junos OS Release 18.4R1, the DHCPv6 server can return to the client a status code of NotOnLink in the Reply PDU IA field during reauthentication when the subscriber IP or IPv6 address changes. This code means that at least one address in the client’s request IA is not appropriate for the client’s connection link. In earlier releases, only a NoAddrsAvail or NoPrefixAvail status code can be returned when there is an issue with requested addresses.
Reassign IPv4 address to a new subscriber (MX Series)—Starting in Junos OS Release 18.4R1, you can enable a new subscriber to be reassigned an IPv4 address that is currently assigned to an existing subscriber by including the reassign-on-match option with the address-protection statement. The new subscriber request is rejected, but the existing subscriber is disconnected. The address is assigned to the new subscriber when it renegotiates the session
New predefined variables and RADIUS VSAs for interface and set targeted distribution (MX Series)—Starting in Junos OS Release 18.4R1, when you target an interface or an interface set for distribution on aggregated Ethernet member links, you can use a Juniper Networks predefined variable to source the weight value from the RADIUS Access-Accept message on a per-subscriber basis, or from Diameter AVPs during NASREQ processing:
$junos-interface-target-weight corresponds to Juniper Networks VSA 26-214, Interface-Targeting-Weight.
$junos-interface-set-target-weight corresponds to Juniper Networks VSA 26-213, Interface-Set-Targeting-Weight.
Support for exporting BNG sensor data to an IPFIX collector (MX Series)—Starting in Junos OS Release 18.4R1, the input-jti-ipfix plug-in collects a limited set of sensor data from the local BNG Junos Telemetry Interface and translates it to the appropriate IPFIX records for export to an IPFIX collector.
Detection and autogeneration of logical interface sets representing logical access nodes (MX Series)—Starting in Junos OS Release 18.4R1, you can configure the router to parse the ANCP Access-Aggregation-Circuit-ID-ASCII attribute (TLV 0x0003). When the TLV string begins with a # character, the entire string is a backhaul line identifier. The portion of the string after the # delimiter represents a logical intermediate node (DPU-C or PON tree) in the access network to which the subscriber is attached. This portion is used to set the value of the $junos-aggregation-interface-set-name variable, and is used as the name of a CoS Level 2 interface set that groups subscribers. Enable parsing with the hierarchical-access-network-detection option of the access-line statement.
BGP support over dynamic PPPoE interfaces (MX Series)—Starting in Junos OS Release 18.4R1, BGP is supported over dynamic PPPoE interfaces. PPPoE subscriber clients correspond to BGP neighbors, so you configure the PPPoE subscriber client IP addresses as the BGP neighbor addresses with the [edit protocols bgp group name neighbor] stanza.
You must enable routing services in both the PPPoE subscriber dynamic profile and the dynamic profile for the underlying VLAN interface with the new routing-service statement. This statement replaces the deprecated routing-services statement.
You can also selectively enable or disable routing services per subscriber through RADIUS by using the new $junos-routing-services predefined variable. The action is determined by the value of the new Routing-Services VSA (26-212) returned in the RADIUS Access-Accept message.
Support for Layer 2 services provisioning on the services side of pseudowire service logical interface anchored on redundant logical tunnel interface (MX Series with MPC and MIC)—Starting in Junos OS Release 18.4R1, Layer 2 services provisioning such as bridge and VPLS, is supported on the services side of the pseudowire service logical interface anchored to redundant logical tunnel interface. With this support, the chassis-wide scaling numbers available for the physical interfaces over redundant logical tunnels is extended to pseudowire service interfaces anchored over redundant logical tunnel interfaces.
Support of single-hop BFD sessions for pseudowire redundant logical interfaces (MX Series)——Junos OS supports inline distribution of single-hop Bidirectional Forwarding Detection [protocol] (BFD) sessions for pseudowire subscriber logical tunnel interfaces by default, as these interfaces are anchored on a single Flexible PIC Concentrator (FPC). With pseudowire redundant logical interfaces, the member logical tunnel interfaces can be hosted on different linecards. As a result, single-hop BFD sessions are operated in a centralized mode because the distribution address is not available for these logical interfaces.
Starting in Junos OS Release 18.4R1, the support for inline distribution of single-hop BFD sessions is extended to pseudowire subscriber over redundant logical tunnel interfaces, thereby improving the scaling (number of sessions) and performance (detection time) of single-hop BFD sessions.
ARP enhancements for subscriber management (MX Series)—Starting in Junos OS Release 18.4R1, the following ARP enhancements are supported only for framed routes on dynamic VLANs:
Dynamic layer 2 MAC address resolution works for network (non-host) IPv4 framed routes. The non-host framed route is coupled with the dynamic Layer 2 address associated with a host route.
You can enable the router to compare the source MAC address received in a gratuitous ARP request or reply packet with the value in the ARP cache. The router updates the cache with the received MAC address if it determines this address is different from the cache entry.
You can enable dynamic ARP to resolve the MAC address for IPv4 framed host (32-bit) routes. By default, the framed route is permanently associated with the source MAC address received in the packet that triggered creation of the dynamic VLAN.
Secure copy (scp) support on Junos OS CLI with the ”source address” and ”routing instance” options (MX240, MX480, MX960, MX2010, MX2020, and vMX)— Starting in Junos OS Release 18.4R1, MX Series routers support the scp command from the CLI, along with two additional options: source address and routing instance. The source address option specifies the local address to use in originating the connection and routing instance option specifies the name of routing instance for the scp session. These two options are also added in the following CLI commands where the scp URL is supported: file copy, file archive, save, show|save, show|compare, load merge, load override, load patch, load replace, load set, and load update. The functionality of these commands remains the same with the source address and routing instance options added.
The scp command is available under operational mode and configuration mode.
Timing and Synchronization
Synchronous Ethernet support for enhanced Switch Control Board (MX240, MX480, and MX960)—Starting in Junos OS Release 18.4R1, MX Series routers with the enhanced Switch Control Board (SCBE3-MX) support synchronous Ethernet. Synchronous Ethernet is a physical layer technology that functions regardless of the network load and supports hop-by-hop frequency transfer. This enables you to deliver synchronization services that meet the requirements of modern-day mobile network, and future Long Term Evolution (LTE)–based infrastructures.
Support to control traceroute over Layer 3 VPN (MX Series)—Starting in Junos OS Release 18.4R1, in a Layer 3 VPN topology with vrf-table-label configured and multiple customer edge (CE) routers configured in the same VPN routing and forwarding (VRF) routing instance, when traceroute is performed to a remote provider edge (PE) router for a CE-facing network, the ICMP time exceeded packet determines the correct IP address as the source address.
To control the traceroute over Layer 3 VPN topology with vrf-table-label configured and multiple CE routers configured in the same VRF, you can configure allow-l3vpn-traceroute-src-select at the[edit system] hierarchy level that determines the correct IP source address by reviewing the destination routing instance and destination IP address.