Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for MX Series

 

These release notes accompany Junos OS Release 20.3R2 for the MX Series 5G Universal Routing Platforms. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

Learn about new features introduced in the Junos OS main and maintenance releases for MX Series routers.

.

New and Changed Features: 20.3R2

There are no new features or enhancements to existing features for MX Series in Junos OS Release 20.3R2.

New and Changed Features: 20.3R1

Hardware

  • We've added the following features to the MX Series routers in Junos OS Release 20.3R1.

    Table 1: Features Supported by MPC10E and MPC11E Line Cards on MX Series Routers

    Feature

    Description

    Interfaces and chassis

    • Support for MS-MPC on the MX2000-SFB3 Switch Fabric Board (SFB). The MS-MPC interoperates with MX2K-MPC11E, MPC9E, MPC8E, and MPC6E Modular Port Concentrators on MX2020 and MX2010 routers.

    • On MX2K-MPC11E line cards, you can configure Port 0 of every PIC as 400GbE ports or 200GbE ports using either QSFP56-DD optics or QSFP28-DD optics. You can channelize each of the 400GbE-capable ports either as four 100GbE interfaces or as two 100GbE interfaces. [See Port Speed on MX2K-MPC11E Overview.]

    General routing

    • Support for IP reassembly on GRE tunnel interfaces on:

      • MPC10E-15C-MRATE and MPC10E-10C-MRATE on MX240, MX480, and MX960 routers.

      • MX2K-MPC11E on MX2010 and MX2020 routers.

      [See Configuring Unicast Tunnels.]

    • Support for Mapping of Address and Port with Encapsulation (MAP-E) and IPv6 rapid deployment (inline 6rd) on:

      • MPC10E-15C-MRATE and MPC10E-10C-MRATE on MX240, MX480, and MX960 routers.

      • MX2K-MPC11E on MX2010 and MX2020 routers.

    [See Configuring Mapping of Address and Port with Encapsulation (MAP-E) and Configuring Inline 6rd.]

    Juniper telemetry interface

    Layer 3 features

    • Support for Layer 3 features. The MX2K-MPC11E interoperates with MS-MPC and MS-MIC-16G on MX2020 and MX2010 routers to support the following Layer 3 features: stateful firewall, NAT, IPsec, real-time performance monitoring (RPM), and MS MPC/MS-MIC-based inline flow monitoring services. [See Adaptive Services Overview.]

    Multicast

    • Support for bidirectional Protocol Independent Multicast (PIM) on MPC10E and MX2K-MPC11E line cards running on MX240, MX480, MX960, MX2010 and MX2020 routers. These routers support GRES with NSR. [See Understanding Bidirectional PIM.]

      Note: Junos OS Release 20.3R1 does not support anycast rendezvous point (RP) functionality and bidirectional PIM over next-generation multicast VPN (MVPN).

    • Support for Automatic Multicast Tunneling (AMT) relay on MPC10E and MX2K-MPC11E line cards running on MX240, MX480, MX960, MX2010, and MX2020 routers for IPv4 traffic. To identify a gateway, AMT relay uses a combination of the device IP address and port. [See Understanding AMT.]

      Note: Junos OS Release 20.3R1 does not support AMT gateway.

    Network management and monitoring

    • Support for monitoring link degradation. You can monitor link degradation of the 10GbE, 40GbE, 100GbE, and 400GbE interfaces on the MX2K-MPC11E line cards. [See Link Degrade Monitoring Overview.]

    • Support for inline continuity check messages (CCM) on MPC10E-10C-MRATE and MPC10E-15C-MRATE line cards. You can configure inline CCM for up MEPs, down MEPs, and MIPs for all current supported topologies. [See Inline Transmission Mode.]

    Security

    • Support for Media Access Control Security (MACsec) on logical interfaces (MPC10E only). VLAN tags are transmitted in cleartext, which allows intermediate switches that are MACsec-unaware to switch the packets based on the VLAN tags. [See Media Access Control Security (MACsec) over WAN.]

    Services applications

    SNMP

    • Support for Junos OS SNMP on MPC10E-15C-MRATE, MPC10E-10C-MRATE, and MX2K-MPC11E line cards for the following multicast LDP MIB tables and objects:

      • mplsMldpInterfaceStatsTable

      • mplsMldpFecUpstreamSessPackets

      • mplsMldpFecUpstreamSessBytes

      • mplsMldpFecUpstreamSessDiscontinuityTime

      [See Standard SNMP MIBs Supported by Junos OS and SNMP MIB Explorer.]

    Subscriber management and services

  • Support for the JNP-SFP-10G-BX10D and JNP-SFP-10G-BX10U bidirectional transceivers (MX240, MX480, MX960, MX2008, MX2010 and MX2020)—Starting in Junos OS Release 20.3R1, the MPC3E-3D-NG (with the MIC3-3D-10XGE-SFPP) and MPC5EQ-100G10G line cards on the MX240, MX480, MX960, MX2008, MX2010 and MX2020 routers support the JNP-SFP-10G-BX10D and JNP-SFP-10G-BX10U bidirectional transceivers.

    [See the Hardware Compatibility Tool (HCT) for details.]

  • Support for the JNP-SFP-10G-BX40D and JNP-SFP-10G-BX40U bidirectional transceivers (MX240, MX480, MX960, MX2008, MX2010 and MX2020)—Starting in Junos OS Release 20.3R1, the MPC3E-3D-NG (with the MIC3-3D-10XGE-SFPP) and MPC5EQ-100G10G line cards on the MX240, MX480, MX960, MX2008, MX2010 and MX2020 routers support the JNP-SFP-10G-BX40D and JNP-SFP-10G-BX40U bidirectional transceivers.

    [See the Hardware Compatibility Tool (HCT) for details.]

Authentication, Authorization, and Accounting

  • Support for TCP authentication option (TCP-AO) for BGP and LDP connections (MX Series and PTX Series)—Starting in Junos OS Release 20.3R1, you can use TCP-AO to authenticate TCP segments exchanged during BGP and LDP sessions. It supports both IPv4 and IPv6 traffic. TCP-AO provides a framework to support multiple stronger algorithms, such as HMAC-SHA1 and AES-128, to create its message digest. TCP-AO supports up to 64 keys that can be used for a BGP or an LDP session. You can configure a new key for a BGP or LDP session during its lifetime without causing any session flap. Each key becomes active based on its configured start time.

    In earlier releases, you could use only the TCP MD5 authentication method. It supports only MD5 algorithm to create its message digest.

    [See TCP Authentication Option (TCP-AO) for BGP and LDP Sessions and authentication-key-chains (TCP-AO).]

Class of Service (CoS)

  • Support for MPLS EXP bits rewrite to all segment labels in segment routing stack (MX Series)—Starting in Junos OS 20.3R1, on segment routing LSPs, creating an EXP rewrite rule for the egress interface on the ingress (provider edge) router imposes the rewrite rule to all transport labels in the stack. As a result, you don't need to configure rewrite rules on every segment in the LSP.

    [See exp.]

EVPN

  • Color-based mapping of EVPN-MPLS and EVPN services over SR-TE (ACX5448, EX9200, MX Series, and vMX)—Starting in Junos OS Release 20.3R1, you can specify a color attribute along with an IP protocol next hop. The color attribute adds another dimension to the resolution of transport tunnels over static colored and BGP segment routing traffic-engineered (SR-TE) label-switched paths (LSPs). This type of resolution is known as the color-IP protocol next-hop resolution. With the color-IP protocol next-hop resolution, you must configure a resolution map and apply it to EVPN-MPLS and EVPN services, which includes E-Line, E-LAN and E-Tree. With this feature, you can enable color-based traffic steering of EVPN-MPLS and EVPN services.

    [See Segment Routing LSP Configuration.]

  • Tunnel endpoint in the PMSI tunnel attribute field for EVPN Type 3 routes (MX Series)—Starting in Junos OS Release 20.3R1, you can set the tunnel endpoint in the Provider Multicast Service Interface (PMSI) tunnel attribute field to use the ingress router’s secondary loopback address. When you configure multiple loopback IP addresses on the local provider edge (PE) router and the primary router ID is not part of the MPLS network, the remote PE router cannot set up a PMSI tunnel route back to the ingress router. To configure the router to use a secondary IP address that is part of the MPLS network, include the pmsi-tunnel-endpoint pmsi-tunnel-endpoint statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level for both EVPN and virtual-switch instance types.

    [See evpn. ]

High Availability (HA) and Resiliency

  • Higher scale and performance in RIFT (MX240, MX480, MX960, vMX, QFX5100, QFX5110, QFX5120-32C, QFX5120-48T, QFX5120-48T-VC, QFX5120-48Y, QFX5120-48Y-VC, QFX5120-24YM, QFX5120-48YM, QFX5130-48C, QFX5200, QFX5210, and QFX10008)— Starting in Junos OS Release 20.3R1, we’ve made the following improvements to increase the scalability and performance in Routing in Fat Tree (RIFT):

    • Prefixes in RIFT

    • Peers in RIFT

    • Convergence improvement with RIFT

    • BFD sessions with RIFT

    [See RIFT Overview.]

Interfaces and Chassis

  • Support for local preference when selecting forwarding next hops for load balancing (MX Series)—Starting in Junos OS Release 20.3R1, we’ve expanded support for traffic to prefer local forwarding next hops rather than remote forwarding next hops for equal-cost multipath (ECMP) traffic flows and on aggregated Ethernet and logical tunnel interfaces for the following devices:

    • MX240, MX480, and MX960 routers with MPC10E (MPC10E-15C-MRATE and MPC10E-10C-MRATE)

    • MX2010 and MX2020 routers with MX2K-MPC11E

    To configure local preference:

    • For ECMP traffic flows, include the ecmp-local-bias statement at the [edit forwarding-options load-balance hierarchy level.

    • For aggregated Ethernet interfaces, include the local-bias statement at the [edit interfaces aex aggregated-ether-options] hierarchy level.

    • For logical tunnel interfaces, include the local-bias statement at the [edit interfaces rlt x logical-tunnel-options load-balance] hierarchy level.

    [See ecmp-local-bias, local-bias (aggregated Ethernet), and local-bias (logical tunnel).]

  • Support for QSFP-100G-FR optical transceivers (MX204 and MX10003)—Starting in Junos OS Release 20.3R1, you can use the QSFP-100G-FR optical transceivers in the MX10003 (installed with the JNP-MIC1 or JNP-MIC1-MACSEC MICs) and MX204 routers. You can use the show chassis pic fpc-slot slot pic-slot slot and show chassis hardware commands to view the details of the transceiver.

    Note

    The MX10003 routers with JNP-MIC1-MACSEC do not support unified in-service software upgrade (ISSU). However, the MX10003 routers with JNP-MIC1 support ISSU.

    [See Hardware Compatibility Tool.]

IP Tunneling

  • Support for IP-over-IP next-hop-based tunneling (MX Series, PTX1000, PTX10000, QFX10000, and QFX10002)—Starting in Junos OS Release 20.3R1, we support an IP-over-IP encapsulation to facilitate IP overlay construction over an IP transport network. An IP network contains edge devices and core devices. To achieve higher scale and reliability among these devices, you need to use an overlay encapsulation to logically isolate the core network from the external network that the edge devices interact with. Among other supported encapsulation methods, only IP-over-IP allows transit devices to parse the inner payload and use inner packet fields for hash computation and customer edge devices to route traffic into and out of the tunnel without any throughput reduction. IP-over-IP relies on a next-hop-based infrastructure to support higher scale.

    On MX Series routers, the routing protocol daemon (rpd) sends the encapsulation header with tunnel composite next hop and the Packet Forwarding Engine finds the tunnel destination address and forwards the packet. On PTX Series routers and QFX10000 switches, rpd sends the fully resolved next-hop-based tunnel to the Packet Forwarding Engine. You can either use static configuration or a BGP protocol configuration to distribute routes and signal dynamic tunnels. You can also configure Interface based firewall filters on any transit or egress device with an action to decapsulate IP-IP packets and forward it to the main instance or to a routing-instance as required.

    [See Next-Hop-Based Dynamic Tunneling Using IP-Over-IP Encapsulation.]

  • Support for filter-based decapsulation of IPv4 and IPv6 unicast traffic encapsulated in IPv4 IP-in-IP tunnels (MX Series, PTX1000, PTX10002, and QFX10002)—Junos OS supports decapsulating IPv4 and IPv6 unicast traffic that has been encapsulated in IPv4 IP-in-IP tunnels using firewall filters. If the outer IPv4 header address matches the firewall configuration and the packet has ipip set as the protocol type, then the outer IPv4 header is removed and the packet is routed based on the inner IPv4 or IPv6 address. If the packet does not have the expected ipip header, the packet is dropped.

    Configure this feature using the following CLI statements at the [edit firewall family inet filter filter-name term term-name] hierarchy:

    • from protocol ipip: Set the protocol type as IP-IP.

    • then decapsulate ipip: Decapsulate the IP-IP packet. The inner IP destination address is routed using the inet.0 routing table by default.

    • then decapsulate ipip routing-instance routing-instance-name: Decapsulate the IP-IP packet and route the inner destination address using the specified routing instance.

    Use show firewall to view the configuration.

    [See filter (Firewall Filters) and Configuring IP Tunnel Interfaces.]

Juniper Extension Toolkit

  • Juniper Extension Toolkit (JET) supports BFD Service APIs for routing protocol process (rpd) programmability (MX Series, PTX Series, QFX Series, and vMX)—Starting in Junos OS Release 20.3R1, you can use programmable rpd (prpd) BFD APIs to add, update, and delete BFD sessions and subscribe to BFD events from outside applications. These APIs enable the integration of rpd with software-defined networking (SDN) controllers and increase the flexibility of your network. The prpd BFD APIs support BFD Echo-Lite sessions in single-hop IPv4 and IPv6 modes.

    The following BFD Service APIs are supported:

    • Initialize

    • SessionAdd

    • SessionUpdate

    • SessionDelete

    • SessionDeleteAll

    • Subscribe

    • Unsubscribe

    Use the show bfd session extensive command to view BFD sessions. BFD sessions added through prpd BFD APIs are labeled with PRPD:<session-id> in the client field. The <session-id> is 1 for the first BFD session that is added, 2 for the second, and so on.

    [See show bfd session extensive and JET APIs on Juniper EngNet.]

Junos OS XML, API, and Scripting

  • Support for REST API over nondefault virtual routing and forwarding (VRF) instance (EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.3R1, you can execute Junos OS operational commands using the REST API over a nondefault VRF instance. The nondefault VRF instance can be a user-defined instance or the management instance, mgmt_junos.

    The REST API allows you to execute Junos OS operational commands over HTTP(S). If you don’t specify a routing instance, REST API requests are sent over the default routing instance. Use a nondefault VRF instance to improve security and make it easier to troubleshoot.

    Use the routing-instance routing-instance statement at the [edit system services rest] hierarchy level to specify a nondefault VRF instance for REST API requests.

    [See Management Interface in a Nondefault Instance and rest.]

Junos Telemetry Interface

  • EVPN statistics export using JTI (MX240, MX480, MX960, MX2008, MX2010, MX2020, MX10003, MX10008, MX10016 and vMX routers, EX4300, EX4600, EX4650, EX9200, EX9204, EX9208, EX9214, EX9251, and EX9253 switches)—Starting in Junos OS Release 20.3R1, you can use Junos telemetry interface (JTI) an remote procedure call (gRPC) services to export EVPN statistics from devices to an outside collector.

    Use the following sensors to export EVPN statistics:

    • Sensor for instance level statistics (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/)

    • Sensor for route statistics per peer (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/peer/)

    • Sensor for Ethernet segment information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/ethernet-segment/). This includes EVPN designated forwarder ON_CHANGE leafs esi and designated-forwarder.

    • Sensor for local interface information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/interfaces/)

    • Sensor for local IRB interface information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/irb-interfaces/)

    • Sensor for global resource counters and current usage (resource path /junos/evpn/evpn-smet-forwarding/)

    • Sensor for EVPN IP prefix (resource path /junos/evpn/l3-context/)

    • Sensor for EVPN IGMP snooping database (type 6) (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/sg-db/)

    • Sensor for EVPN IGMP join sync (type 7) ad leave sync (type 8) (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/sg-db/sgdb-esi)

    • Sensor to relate selected replicator on AR leaf on QFX5100, QFX5110, QFX5120, and QFX5200 switches (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/assisted-replication/)

    • Sensor for EVPN ON_CHANGE notifications (resource path /network-instances/network-instance[instance-name='name']//protocols/protocol/evpn/ethernet-segment)

    • Sensor for overlay VX-LAN tunnel information (resource path /network-instances/network-instance[instance-name='name']/protocols/protocol/evpn/vxlan-tunnel-end-point/). This includes VTEP information ON_CHANGE leafs source_ip_address, remote_ip_address, status, mode, nexthop-index, event-type and source-interface.

    • EVPN MAC table information (resource path /network-instances/network-instance[instance-name='name']/mac_db/entries/entry/)

    • Sensor for MAC-IP or ARP-ND table (resource path /network-instances/network-instance[instance-name='name']/macip_db/entries/entry/)

    • Sensor for MAC-IP ON_CHANGE table information (resource path /network-instances/network-instance[name='name']/macip-table-info/). Statistics include leafs learning, aging-time, table-size, proxy-macip, and num-local-entries.

    • Sensor for MAC-IP ON_CHANGE entry information (resource path /network-instances/network-instance[name='name']/macip-table/entries/entry/). Statistics include leafs ip-address, mac-address, vlan-id and vni.

    • Sensor for bridge domain or VLAN information (resource path /network-instances/network-instance[instance-name='name']/bd/)

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Chassis management configuration and counters support on JTI (MX Series with MPC11E)—Starting in Junos OS Release 20.3R1, Junos telemetry interface (JTI) supports streaming chassis management error (cmerror) configuration and counters to an outside collector using remote procedure calls (gRPC).

    The following base resource paths are supported:

    • /junos/chassis/cmerror/configuration

    • /junos/chassis/cmerror/counters

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Forwarding information base (FIB) sensor support on JTI (MX Series and PTX Series)—Starting in Junos OS Release 20.3R1, you can use the Junos telemetry interface (JTI) and remote procedure calls (gRPC) services to stream or export ON_CHANGE FIB, also known as forwarding table, statistics to outside collectors. This feature supports the OpenConfig YANG model OC-AFT.

    To enable and manage FIB streaming, include the following statements on the client device:

    • set system fib-streaming and delete system fib-streaming statements at the [edit] hierarchy level to launch or terminate the process.

    • set system fib-streaming traceoptions file file-name statement at the [edit] hierarchy level to configure a logging file.

    • set system fib-streaming traceoptions flag flag-name statement at the [edit] hierarchy level to configure various trace parameters.

    • set system fib-streaming traceoptions level level-name statement at the [edit] hierarchy level to configure log levels.

    Use the restart fib-streaming command to restart the process.

    To show information about FIB streaming, use the following operational mode commands on the client device:

    • show fib-streaming

    • show fib-streaming next-hop-groups

    • show fib-streaming next-hops

    • show fib-streaming routes ipv4-unicast

    • show fib-streaming routes ipv6-unicast

    • show fib-streaming routes mpls

    The following table shows supported sensors:

    Table 2: Supported Sensors

    Supported Sensors

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/id

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/state/id

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/state/dscp[]

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/state/next-hop-group

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface/id

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface/state/id

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface/state/interface

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface/state/subinterface

    /network-instances/network-instance/afts/ipv4-unicast/ipv4-entry/prefix

    /network-instances/network-instance/afts/ipv4-unicast/ipv4-entry/state/prefix

    /network-instances/network-instance/afts/ipv4-unicast/ipv4-entry/state/next-hop-group

    /network-instances/network-instance/afts/ipv6-unicast/ipv6-entry/prefix

    /network-instances/network-instance/afts/ipv6-unicast/ipv6-entry/state/prefix

    /network-instances/network-instance/afts/ipv6-unicast/ipv6-entry/state/next-hop-group

    /network-instances/network-instance/afts/mpls/label-entry/label

    /network-instances/network-instance/afts/mpls/label-entry/state/label

    /network-instances/network-instance/afts/mpls/label-entry/state/next-hop-group

    /network-instances/network-instance/afts/mpls/label-entry/state/popped-mpls-label-stack

    This leaf reports the same label value in case of pop or swap.

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/id

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/next-hops/nexthop/index

    /network-instances/network-instance/afts/next-hop-groups/next-hop-group/next-hops/nexthop/state/weight

    /network-instances/network-instance/afts/nexthops/nexthop/index

    /network-instances/network-instance/afts/next-hops/next-hop/juniper/state/lsp-id

    This leaf is a new augmentation.

    /network-instances/network-instance/afts/next-hops/next-hop/state/ip-address

    /network-instances/network-instance/afts/next-hops/next-hop/state/mac-address

    /network-instances/network-instance/afts/next-hops/next-hop/state/pushed-mpls-label-stack

    /network-instances/network-instance/afts/next-hops/next-hop/interface-ref/state/interface

    /network-instances/network-instance/afts/next-hops/next-hop/interface-ref/state/subinterface

    /network-instances/network-instance/afts/next-hops/next-hop/juniper/state/mapped-next-hop-index

    This leaf is a new augmentation.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Support for policy forwarding table sensor on JTI (MX Series and PTX Series)—Starting in Junos OS Release 20.3R1, you can use Junos telemetry interface (JTI) and remote procedure calls (gRPC) services to stream policy forwarding table statistics on MX Series and PTX Series routers to outside collectors. The following resource paths are supported:

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/id

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/state/id

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/state/dscp[]

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/state/next-hop-group

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface/id

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface/state/id

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface/state/interface

    • /network-instances/network-instance/afts/next-hop-groups/next-hop-group/conditional/condition/input-interfaces/input-interface/state/subinterface

    The Junos OS class-of-service (CoS) classifiers do the code-point (CP) to forwarding-class (FC) and loss-priority (LP) mapping. The classifier used depends on the family configured on the logical interface. Devices running Junos OS support the following classifier types:

    • Differentiated Services code point classifier (DSCP)

    • DSCP IPv6

    • MPLS EXP classifier inet-precedence

    • IPv4 precedence classifier

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Support for aggregated Ethernet interface ON_CHANGE with JTI (MX5, MX10, MX40, MX80, MX104, MX150, MX204, MX240, MX480, MX960, MX2008, MX2010, MX2020, MX10003, MX10008, MX10016, PTX1000, PTX3000, PTX5000, PTX10001-36MR, PTX10002, PTX10008, PTX10016, QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, QFX10002, QFX10008, and QFX10016)—Starting in Junos OS Release 20.3R1, Junos telemetry interface (JTI) supports ON-CHANGE statistics for aggregated Ethernet interfaces for minimum links and member interfaces.

    To export these statistics to an outside collector using remote procedure call (gRPC) services and JTI, include the following resource paths in a subscription:

    • /interfaces/interface/aggregation/state/min-links/

    • /interfaces/interface/aggregation/state/member/

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Increase the speed of telemetry sensor subscription installation (MX Series routers)—Starting in Junos OS Release 20.3R1, Junos telemetry interface (JTI) supports enhancements to increase the sensor subscription installation speed for collectors. Whether a dynamic sensor subscribe or unsubscribe request from a collector uses remote procedure calls (gRPC) services or gRPC Network Management Interface (gNMI) services to make the request, resource paths (sensors) in the request are individually validated and committed. The following enhancements shorten the subscription installation process and time:

    • Validation is no longer done using the ephemeral database’s configuration load operation.

    • Network Agent instead uses information from sensor YANGs and the Packet Forwarding Engine’s internal sensor table to validate the paths in a subscribe or unsubscribe request. Using these sources, Network Agent responds back to the collector with system-accepted paths and completes basic checks before proceeding to commit the request.

    • Network Agent performs a single commit per subscribe or unsubscribe request instead of doing commits for each resource path in a request.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Support for fabric, optical, and FPC environment sensor on JTI (MX-2010 and MX-2020 routers with MPC11E)—Starting in Junos OS Release 20.3R1, Junos telemetry interface (JTI) supports streaming fabric, optical, and Flexible PIC Concentrator (FPC) environment statistics to an outside collector using remote procedure calls (gRPC).

    The following base resource paths are supported:

    • /junos/system/linecard/optics/

    • /junos/system/linecard/environment/

    • /junos/system/linecard/fabric/

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

Layer 2 Features

Layer 2 VPN

  • Enable or disable control-word for static pseudowire in LDP VPLS instance and BGP VPLS mesh-group (MX Series)—Starting in Junos OS Release 20.3R1, we’ve introduced the control-word and no-control-word options at the [edit routing-instances routing-instance-name protocols vpls mesh-group mesh-group-name neighbor address static] and [edit routing-instances routing-instance-name protocols vpls neighbor address static] hierarchy levels. The control-word configuration requests the other routers to insert a control word between the label stack and the MPLS payload.

    [See control-word and no-control-word.]

Layer 3 Features

  • Support for BGP Layer 3 VPN over IP-IP Tunnel (MX Series, PTX1000, QFX10002, and QFX10008)—Starting in Junos OS Release 20.3R1, we support BGP Layer 3 VPN over IP over IP (IP-IP) tunnels to create a new transport service. IP-IP tunnels terminate into service-layer VRF, so you do not need to use a service label. This feature allows interoperability between the new VRF and traditional VRF, so both types of overlays can coexist in your network. You can use this feature to transition from an MPLS network to an IP fabric core network and to protect your network from distributed denial-of-service (DDoS) attacks.

    To use VPN over an IP-IP tunnel, configure the tunnel-attribute statement at the [edit policy-options policy-statement policy-name term term-name then] or [edit policy-options policy-statement policy-name then] hierarchy level.

    To configure the receiver to program the dynamic tunnel using the tunnel attribute, use the extended-nexthop-tunnel statement at the [edit routing-instances routing-instance-name protocols bgp group group-name family (inet-vpn | inet6-vpn) unicast] hierarchy level.

    [See BGP Layer 3 VPN over IP-IP Tunnels Overview, family (Protocols BGP), policy-statement, vrf-export, and Configuring IP Tunnel Interfaces.]

MPLS

  • New output fields added in the show path-computation-client lsp extensive command (MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 20.3R1, you’ll see association details such as Association type, ID, and source in the output of the show path-computation-client lsp command when you use the command with the extensive option.

    [See show path-computation-client lsp.]

Multicast

  • Support for virtual tunnels in MVPN (MX240, MX480, and MX960)—Starting in Release 20.3R1, Junos OS supports redundant virtual tunnels (VTs) and fast re-route (FRR) for both active/backup and active/active redundancy models.

    VT interfaces are used in Layer 3 multicast VPNs (MVPN) to facilitate virtual routing and forwarding (VRF) table lookup based on MPLS labels and to provide resiliency.

    [See Resiliency in Multicast L3 VPNs with Redundant Virtual Tunnels.]

Network Management and Monitoring

  • Probe command to query the status of the probed interfaces (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.3R1, you can use the probe command to query the status of the probed interface. The proxy interface resides on the same node as the probed interface, or it can reside on a node to which the probed interface is directly connected.

    The Probe command helps to capture the interface details such as probe packet statistics, and interface state (active/inactive), irrespective of whether the network family address configured is IPv4 or IPv6 on the probed interfaces.

    To enable the probe command, configure the extended-echo statement under the [edit system] hierarchy.

    [See What is the Probe command?.]

  • SNMP support for RIB sharding (MX Series)—Starting in Junos OS Release 20.3R1, you can enable RIB sharding to get network information from BGP MIB-4 and Layer 3 VPN MIB. To enable this feature, configure rib-sharding at the [edit system processes routing bgp] hierarchy level.

    [See Standard SNMP MIBs Supported by Junos OS.]

  • SNMP MIB support for Traffic Load Balancer (MX240, MX480, and MX960)—Starting in Junos OS Release 20.3R1, a new MIB and a few new MIB traps export the statistics of the Traffic Load Balancer application. The new MIB is jnxTLBMIB and the MIB traps are juniperMIB(2636), jnxTraps (4), and jnxTLBNotifications (32).

    [See Enterprise-Specific SNMP MIBs Supported by Junos OS.]

  • Enhancements to sessions over outbound HTTPS (EX Series, MX Series, PTX1000, PTX3000, PTX5000, PTX10001, PTX10002, PTX10008, PTX10016, QFX Series, SRX1500, SRX4100, SRX4200, SRX4600, SRX5600, SRX5800, and vSRX)—Starting in Junos OS Release 20.3R1, devices running Junos OS with upgraded FreeBSD support the following enhancements to sessions over outbound HTTPS:

    • Connecting to multiple outbound HTTPS clients by configuring one or more clients at the [edit system services outbound-https] hierarchy level

    • Configuring multiple backup gRPC servers for a given outbound HTTPS client

    • Establishing a csh session

    • Establishing multiple, concurrent NETCONF and csh sessions between the device running Junos OS and an outbound HTTPS client

    • Configuring a shared secret that the outbound HTTPS client uses to authenticate the device running Junos OS

    • Authenticating the client using certificate chains in addition to self-signed certificates

    [See NETCONF and Shell Sessions over Outbound HTTPS.]

Next Gen Services

  • GNFs support subscriber services (MX480 and MX960 with MX-SPC3)—Starting in Junos OS Release 20.3R1, guest network functions (GNFs) running Next Gen Services with the MX-SPC3 card support the following subscriber services:

    • Captive portal content delivery (CPCD)

    • Logging and reporting function (LRF)

    • Deep packet inspection (DPI)

    • Junos Subscriber Aware policy and charging enforcement function (PCEF)

    • HTTP content management (HCM)

    Note

    To support the services traffic over abstracted fabric interfaces, a GNF that has an MX-SPC3 card assigned to it must also have a line card linked to it.

    [See MX-SPC3 Services Card.]

  • Support for flow tracing of service sets for Next Gen Services (MX240, MX480, and MX960)—Starting in Junos OS Release 20.3R1, you can perform flow tracing at the service-set level, which reduces file size and avoids having to sift through large files for information about a single service set.

    [See traceoptions (Next Gen Services Service-Set Flow).]

  • Support for port block allocation for Next Gen Services (MX240, MX480, and MX960)—Starting in Junos OS Release 20.3R1, we support port block allocation (PBA) for Next Gen Services. PBA reduces logging in the system by allocating blocks of ports to a subscriber instead of a single port at a time. Subscribers are tracked based on their private IP address and this information is logged in the system logs. However, ports are reused at a high rate, making tracking of subscribers’ usage and activity difficult. PBA enables you to easily track subscribers’ usage and activity.

    [See block-allocation.]

Port Security

  • MACsec on logical interfaces (MX240, MX480, and MX960)—Starting in Junos OS Release 20.3R1, you can configure Media Access Control Security (MACsec) at the logical interface level on the MPC7E-10G line card. This configuration enables multiple MACsec Key Agreement (MKA) sessions on a single physical port. VLAN tags are transmitted in cleartext, which allows intermediate switches that are MACsec-unaware to switch the packets based on the VLAN tags.

    [See Media Access Control Security (MACsec) over WAN.]

  • Timer-based MACsec SAK refresh (MX10003, PTX10001, PTX10003, PTX10008, and PTX10016)—Starting in Junos OS Release 20.3R1, you can configure a timer-based refresh of the secure association key (SAK) on a Media Access Control Security (MACsec)-secured link. The key server generates the SAK and refreshes it periodically. The key server also sets a refresh interval, by default, based on packet counter movement. If the refresh does not occur frequently, this can leave the SAK vulnerable to attack. You can enhance security of the SAK by configuring a shorter timer-based refresh interval.

    [See Understanding Media Access Control Security (MACsec).]

Routing Protocols

  • Support for Implicit filter for default EBGP route propagation behavior without policies (ACX Series, JRR200, MX204, vRR and PTX5000)—Starting in Junos OS Release 20.3R1, we’ve introduced a new configuration hierarchy, defaults ebgp no-policy at the existing [edit protocols bgp] hierarchy level. The configuration option separates the default policy for receive and advertise, into separate clauses (accept, reject, or reject-always) to allow the route propagation behavior of EBGP speakers to vary independently from its default behavior.

    In earlier releases, the default behavior of BGP was to receive and advertise all routes. With the introduction of this feature, the default behavior still remains to “accept” all routes for both receive and advertise, but you also have an option to reject routes by default.

    With the reject configuration, you can reject routes of type inet unicast and inet6 unicast in instance types master, vrf, virtual-router, and non-forwarding. With the reject-always configuration, you can reject all routes from being received or getting advertised, irrespective of address family or instance type. By using this feature, you can control traffic in leaf autonomous systems (AS) and thereby, prevent them from having to accidentally function as transit autonomous systems.

    Note

    The introduction of this implicit filter does not affect the existing deployments that rely on the default behavior.

    [See Implicit Filter for Default EBGP route propagation behavior without policies and defaults.]

  • TI-LFA SRLG protection and fate-sharing protection for OSPFv2 (MX Series and PTX Series)—Starting in Junos OS Release 20.3R1, you can configure Shared Risk Link Group (SRLG) protection and fate-sharing protection for segment routing to choose a fast reroute path that does not include SRLG links and fate-sharing groups in the topology-independent loop-free alternate (TI-LFA) backup paths to avoid fate-sharing and SRLG failures. This is in addition to existing fast reroute options such as link-protection and node protection for segment routing.

    To enable TI-LFA SRLG protection and fate-sharing protection with segment routing for OSPFv2, include the srlg-protection statement and the fate-sharing-protection statement respectively at the [edit protocols ospf area area-id interface name post-convergence-lfa] hierarchy level.

    [See Topology-Independent Loop-Free Alternate with Segment Routing for OSPF.]

  • BGP sharding for IPv4 and Ipv6 L3VPN, BGP-LU (MX Series, PTX-Series and vRR)—Starting in Release 20.3R1, Junos OS supports BGP sharding and update IO features for these IPv4 and Ipv6 address families:

    • inet-vpn unicast

    • inet-vpn multicast (vrf.inet.2)

    • inet6-vpn unicast

    • inet6-vpn multicast (vrf.inet.2)

    • inet labeled-unicast

    • inet6 labeled-unicast

    To enable BGP sharding, configure rib-sharding at the [edit system processes routing bgp] hierarchy level. Sharding is dependent on the update I/O thread feature. To enable update I/O, configure update-threading at the [edit system processes routing bgp] hierarchy level.

    BGP Sharding is supported only on 64-bit routing protocol process (rpd) where the Routing Engine has at least 4 CPU cores and 16 GB of memory. To enable your device to always use 64-bit mode, use set force-64-bit at [edit system processes routing] hierarchy level. If you configure rib-sharding on a routing engine, RPD creates sharding threads. By default, the number of sharding threads created is the same as the number of CPU cores on the routing engine. Optionally, you can specify the number-of-shards you want to create. To set the number of sharding threads, use set number-of-shards <number-of-shards> at [edit system processes routing bgp rib-sharding] hierarchy level. To set the number of update threads, use set number-of-threads <number-of-threads> at the [edit system processes routing bgp update-threading] hierarchy level. To enable your device to always use 64-bit mode, use set force-64-bit at [edit system processes routing] hierarchy level.

    [See rib-sharding and update-threading.]

  • ECMP next-hop update rate throttling (MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 20.3R1, you can choose to defer multipath computation for all families during a BGP peering churn. In very large-scale network deployments, during BGP peering churn there is a temporary spike in multipath computation, which takes a toll on the Packet Forwarding Engine resources. This feature allows you to pause the multipath computation and to resume after the peering churn settles down. Note that if there is no BGP peering churn, then multipath computation is not paused.

    To enable the pause option for BGP multipath computation during BGP peering churn, include the pause computation statement at the [edit protocols BGP multipath] hierarchy level.

    [See pause-computation-during-churn.]

  • Support for Faster PFE Acks (MX Series Virtual Chassis)—Starting in Junos OS Release 20.3R1, we support Faster PFE Acks to release Routing Engine kernel resources quicker. This support ensures that resource exhaustion scenarios are avoided

    [See virtual-chassis (MX Series Virtual Chassis). ]

  • Enabling Ifstate, peer infra, and TCP/IP stack parallelization on Virtual chassis (MX240, MX480, MX960, and MX2020)—Starting in Junos OS Release 20.3R1, Virtual Chassis involving the listed MX Series devices support the following BFD features:

    • Ifstate parallelization

    • Peer infra parallelization

    • TCP and IP stack parallelization

    These features are preserved on failover of any chassis when using Virtual Chassis.

    [See Understanding Bidirectional Forwarding Detection (BFD). ]

Segment Routing

  • SRv6 network programming in IS-IS (MX Series with MPC7E, MPC8E and MPC9E line cards)—Starting in Junos OS Release 20.3R1, you can configure segment routing in a core IPv6 network without an MPLS data plane. This feature is useful for service providers whose networks are predominantly IPv6 and have not deployed MPLS. Such networks depend only on the IPv6 headers and header extensions for transmitting data. This feature also benefits networks that need to deploy segment routing traffic through transit routers that do not have segment routing capability yet. In such networks, the SRv6 network programming feature can provide flexibility to leverage segment routing without deploying MPLS.

    To enable SRv6 network programming in an IPv6 domain, include the srv6 statement at the [edit routing-options source-packet-routing] hierarchy level.

    To advertise the Segment Routing Header (SRH) locator with a mapped flexible algorithm, include the algorithm statement at the [edit protocols isis source-packet-routing srv6 locator] hierarchy level.

    To configure a topology-independent loop-free alternate backup path for SRv6 in an IS-IS network, include the transit-srh-insert statement at the [edit protocols isis source-packet-routing srv6] hierarchy level.

    [See How to Enable SRv6 Network Programming in IS-IS Networks.]

  • Support for LDP Tunneling over Segment Routing Traffic Engineering (MX Series, PTX Series, and ACX5448)—Starting in Junos OS Release 20.3R1, you can tunnel LDP LSPs over Segment Routing Traffic Engineering (SR-TE) in your network. Tunneling LDP over SR-TE provides consistency and co-existence of both LDP LSPs and SR-TE LSPs.

    [See Tunneling LDP over SR-TE.]

Services Applications

  • Enhancements to the RFC 2544-based benchmarking tests (MX Series)—Starting in Junos OS Release 20.3R1, we’ve extended support for these tests onto the following devices:

    • MX240, MX480, and MX960 routers with the MPC7E-MRATE or MPC7E-10G line card

    • MX2008, MX2010, and MX2020 routers with the MX2K-MPC8E or MX2K-MPC9E line card

    • MX204 and MX10003 (with the LC2103 line card) routers

    You can use the RFC 2544 tests to measure and demonstrate the service-level agreement (SLA) parameters before service activation. The tests measure throughput, latency, frame loss rate, and link bursts. This enhancement supports the Layer 2 reflector (ingress direction) for family types bridge and vpls. To set the ingress direction of a test, configure the family bridge or family vpls statement and the direction ingress statement at the [edit services rpm rfc2544-benchmarking tests test-name name] hierarchy level.

    To run the tests, you must configure the reflector function on the corresponding MPC. To configure the reflector function, include the fpc fpc-slot-number slamon-services rfc2544 statement at the [edit chassis] hierarchy level.

    [See Understanding RFC2544-Based Benchmarking Tests on MX Series Routers.]

  • Support for sampling and tunneling performance improvement (MX204)—Starting in release 20.3R1, Junos OS allows fabric-bound packets to take a new fabric loopback path, freeing up the WAN bandwidth and thus improving the sampling and tunneling performance of the router. You can configure fabric-side loopback by using the fabric loopback wan off statement or switch to WAN side by using the fabric loopback wan on statement at the [edit chassis fpc slot-number] hierarchy level. By default, Junos OS uses fabric loopback for the loopback packets.

    [See Tunnel Services Overview and Understanding Inline Active Flow Monitoring.]

  • Support for hardware timestamping of Two-Way Active Measurement Protocol (TWAMP) and real-time performance monitoring (RPM) probe messages (MX10008, MX10016, PTX10008, and PTX10016)—Starting in Junos OS Release 20.3R1, we’ve extended support for hardware timestamping of TWAMP and RPM probe messages. Hardware timestamping is enabled by default for TWAMP, but you must configure it for RPM. You use TWAMP and RPM to measure IP performance between two devices in a network. By configuring hardware timestamping for RPM, you can account for the latency in the communication of probe messages and generate more accurate timers in the Packet Forwarding Engine. To configure hardware timestamping for RPM, include the hardware-timestamping statement at the [edit services rpm probe probe-owner test test-name] hierarchy level.

    [See Understanding Two-Way Active Measurement Protocol on Routers, Understanding Using Probes for Real-Time Performance Monitoring on M, T, PTX and MX Series Routers, and Configuring RPM Timestamping on MX, M, T, and PTX Series Routers and EX Series Switches.]

  • New configuration option for displaying descriptive information of session logs (MX Series)—Starting in Junos OS Release 20.3R1, you can configure an option to display more descriptive information of session logs. You can configure the enable-descriptive-session-syslog statement at the [edit services service-set service-set-name service-set-options] hierarchy level to enable syslog to display information related to inside and outside packets, byte count, and the session IDs for both open and close sessions.

    [See[service-set-options.]

Software Defined Networking (SDN)

  • Support for static FTI backup paths with IP-in-IP tunnel encapsulation and provisioning APIs (MX Series, PTX Series, and QFX10002)—Starting in Junos OS Release 20.3R1, we've enhanced Juniper Extension Toolkit (JET) APIs to enable a controller to implement underlay network backup paths that use IP-in-IP tunnels with IPv4 encapsulation on flexible tunnel interfaces (FTIs). Use this feature to engineer effective, loop-free backup paths for core transport networks built with only IP protocols for fast restoration after failures.

    We've extended FTIs and existing forwarding constructs to support configuring static IPv4 IP-in-IP tunnels. You can also allow policy matches for routes injected by JET APIs.

    [See policy-statement, tunnel, ipip, show interfaces, show route, Configuring Flexible Tunnel Interfaces, and JET APIs on the Juniper Engineering Network website.]

  • Programmable flexible VXLAN tunnels (MX960 with MPC10E; MX2010 and MX2020 with MPC11E)—Starting in Junos OS Release 20.3R1, we support flexible VXLAN tunnels in a data center environment that includes one or more controllers. In this environment, one or more of the supported MX Series routers can function as data center edge gateways that exchange Layer 2 traffic with hosts in a data center. Through the use of static routes and tunnel encapsulation and de-encapsulation profiles, the Layer 2 traffic is dynamically tunneled over an intervening IPv4 or IPv6 network.

    The controllers enable you to program a large volume of static routes and tunnel profiles on the gateway devices through the Juniper Extension Toolkit (JET) APIs.

    [See Understanding Programmable Flexible VXLAN Tunnels and JET APIs on Juniper EngNet.]

System Management

  • Clock synchronization support (MX240, MX480, MX960, MX2010, and MX2020)—Starting in Junos OS release 20.3R1, we’ve enhanced the clock synchronization (clksync) module. When the CB0 clock failure alarm is raised, automatic Routing Engine switchover occurs. The new primary Routing engine Engine connection is made, the clksync module gets the notification.

    [See Understanding Clock Synchronization. ]

What's Changed

Learn about what changed in Junos OS main and maintenance releases for MX Series routers.

Release 20.3R2 Changes in Behavior and Syntax

General Routing

  • Round-trip time load throttling for pseudowire interfaces (MX Series)—The Routing Engine supports round-trip time load throttling for pseudowire (ps) interfaces. In earlier releases, only Ethernet and aggregated Ethernet interfaces are supported.

    [See Resource Monitoring for Subscriber Management and Services]

  • Updates to ON-CHANGE and periodic dynamic subscriber interface metadata sensors (MX Series routers and EX9200 line of switches)—

  • New commit check for MC-LAG (MX Series)—We've introduced a new commit check to check the values assigned to the redundancy group identification number on the MC-AE interface ( redundancy-group-id ) and ICCP peer (redundancy-group-id-list ) when you configure multichassis aggregation groups (MC-LAGs). If the values are different, the system reports a commit check error. In previous releases, if the configured values were different, the l2ald process would crash.

    [See iccp and mc-ae.]

Junos XML API and Scripting

  • The jcs:invoke() function supports suppressing root login and logout events in system log files for SLAX event scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in SLAX event scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified RPC. If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are logged in system log files.

    [See invoke() Function (SLAX and XSLT).]

  • The jcs:invoke() function supports suppressing root login and logout events in system log files for SLAX commit scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The jcs:invoke() extension function supports the no-login-logout parameter in SLAX commit scripts. If you include the parameter, the function does not generate and log UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages when the script logs in as root to execute the specified RPC. If you omit the parameter, the function behaves as in earlier releases in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are logged in system log files.

    [See invoke() Function (SLAX and XSLT).]

MPLS

  • The show mpls lsp extensivel and show mpls lsp detail commands display next-hop gateway LSPid—When you use the show mpls lsp extensivel and show mpls lsp detail commands, you'll see next-hop gateway LSPid in the output.

User Interface and Configuration

  • Verbose format option to export JSON configuration data (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The Junos OS CLI exposes the verbose statement at the edit system export-format json hierarchy level. The default format to export configuration data in JSON changed from verbose format to ietf format starting in Junos OS Release 16.1R1. You can explicitly specify the default export format for JSON configuration data by configuring the appropriate statement at the edit system export-format json hierarchy level. Although the verbose statement is exposed in the Junos OS CLI as of the current release, you can configure this statement starting in Junos OS Release 16.1R1.

    [See export-format.]

Release 20.3R1 Changes in Behavior and Syntax

EVPN

  • New output flag for the show bridge mac-ip table command 9MX series)—The Layer 2 address learning daemon (l2ald) does not send updated MAC and IP address advertisements to the routing protocol daemon (rpd) when an IRB interface is disabled in an EVPN-VXLAN network. We’ve added the NAD flag in the output of the show bridge mac-ip-table command to identify the disabled IRB entries in which the MAC and IP address advertisement will not be sent.

    [See show bridge mac-ip-table.]

General Routing

  • Change in show oam ethernet connectivity-fault-management mep-statistics command (MX Series)—You can now view the real-time statistics for continuity check messages (CCM) inline sessions for MPC10E (MPC10E-10C-MRATE and MPC10E-15C-MRATE) and MPC11E (MX2K-MPC11E) line cards only when you execute the show oam connectivity-fault-management mep-statistics local-mep local-mep-id maintanance-association name twice in immediate succession. If you execute the command once, the values are incorrectly displayed.

    [See show oam ethernet connectivity-fault-management mep-statistics.]

  • MS-MPC and MS-MIC service package (MX240, MX480, MX960, MX2020, MX2010, and MX2008)—PICs of Multiservices MPCs (MS-MPCs) and Multiservices MICs (MS-MICs) do not support any service package than other extension-provider. These PICs always come up with the extension-provider service-package, irrespective of the configuration. If you try to configure any other service package, for these PICs by using the command set chassis fpc slot-number pic pic-number adaptive-services service-package, an error is logged. Use the show chassis pic fpc-slot slot pic-slot slot command to view the service package details of the PICs of MS-MPC and MS-MIC.

    [See extension-provider.]

High Availability (HA) and Resiliency

  • IPv6 address in the prefix TIEs displayed correctly—The IPv6 address in the prefix TIEs are displayed correctly in the show rift tie output.

Infrastructure

  • Change in support for interface-transmit-statistics statement (MX Series)--You cannot configure aggregated Ethernet interfaces to capture and report the actual transmitted load statistics by using the interface-transmit-statistics statement. Aggregated Ethernet interfaces do not support reporting of the transmitted load statistics. The interface-transmit-statistics statement is not supported in the aggregated Ethernet interfaces hierarchy. In earlier releases, the interface-transmit-statistics statement was available in the aggregated Ethernet interfaces hierarchy but not supported.

    [See interface-transmit-statistics.]

Interfaces and Chassis

  • Change in support for interface-transmit-statistics statement—You cannot configure aggregated Ethernet interfaces to capture and report the actual transmitted load statistics by using the interface-transmit-statistics statement. Aggregated Ethernet interfaces do not support reporting of the transmitted load statistics. In Junos OS Release 20.3R1, the interface-transmit-statistics statement is not supported in the aggregated Ethernet interfaces hierarchy. In earlier releases, the interface-transmit-statistics statement was available in the aggregated Ethernet interfaces hierarchy but not supported.

Junos OS, XML, API, and Scripting

  • Changes to Junos XML RPC request tag names (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've updated the Junos XML request tag name for some operational RPCs to ensure consistency across the Junos XML API. Devices running Junos OS still accept the old request tag names, but we recommend that you use the new names going forward. The changes include:

    • Most, but not all, request tag names that start with show replace show with get in the name.

    • Uppercase characters are converted to lowercase.

    [See Junos XML API Explorer - Operational Tags.]

J-Web

  • Adobe Flash Player support (MX Series)—Adobe Flash Player support will end on December 31, 2020. Due to this, the Flash dependent J-Web monitor pages will not load correctly for Junos OS Release 20.3R1 and earlier releases.

Routing Protocols

  • Advertising 32 secondary loopback addresses to Traffic Engineering Database (TED) as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—In Junos OS Release, multiple loopback addresses export into lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router-ids instead of prefixes. In earlier Junos OS releases, multiple secondary loopback addresses in TED were added into lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router-id.

Services Applications

  • New option for configuring delay in IPsec SA installation—In Junos OS Release 20.3R1, you can configure the natt-install-interval seconds option under the [edit services ipsec-vpn rule rule-name term term-name then dynamic] hierarchy to specify the duration of delay in installing IPSec security association (SA) in a NAT-T scenario soon after the IPsec SA negotiation is complete. The default value is 0 seconds.

Subscriber Management and Services

  • Improved tunnel session limits display (MX Series)—Starting in Junos OS Release 20.3R1, the show services l2tp tunnel extensive command displays the configured value for maximum tunnel sessions. On both the LAC and the LNS, this value is the minimum from the global chassis value, the tunnel profile value, and the value of the Juniper Networks VSA, Tunnel-Max-Sessions (26–33). On the LNS, the configured host profile value is also considered.

    In earlier releases, the command displayed the value 512,000 on the LAC and the configured host profile value on the LNS.

    [See Limiting the Number of L2TP Sessions Allowed by the LAC or LNS.]

  • Command to view summary information for resource monitor (EX9200 line of Ethernet switches and MX Series routers)—The show system resource-monitor command enables you to view many statistics about the use of memory resources for all line cards or for a specific line card in the device. It also displays information about the status of load throttling, which manages how much memory is used before the device acts to reduce consumption.

    [See Unresolved topic-ref: "" and Unresolved topic-ref: "".

Known Limitations

Learn about known limitations in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • EVPN service over uncolored scaled SR-TE is not supported. PR1499719

General Routing

  • MX Series Virtual Chassis. : Access facing FPCs CPU stays at 100% for 5-6 minutes after configuration change. PR1447003

  • On the MPC11E line card, the following error messages are seen when the line card is online: i2c transaction error (0x00000002).PR1457655

  • The traffic stops when volume quota is reached but is resumed incorrectly after APFE failover. Threshold and quota values are not updated to the secondary APFE. If quota is reached on the primary APFE and traffic starts dropping due to quota and switchover happens, traffic will continue to flow until quota is reached. There is no work around. PR1463723

  • If you move the MX2K-MPC11E line card from one guest network function (GNF) to another in an in-chassis Junos node slicing setup, the line card takes longer time than expected to come online. PR1469729

  • During BGP convergence, (for example, full internet table load) the BFD and LACP protocol on the router might flap. PR1472587

  • Line card crashes when there is a change in the PS interfaces that have active subscribers. PR1486665

  • When the number of next-hop selectors to be repaired is very high, then time to repair them during FRR would go up and could increase packet losses. This would be observed specially when there are many unilist next hops with different next-hop selectors and each has a member next hop with a logical interface over the same physical interface, which goes down. PR1490070

  • EVPN-VPWS, L3VPN and L2VPN FRR convergence time with AE as the Active core interface is not meeting <50ms and may be 100ms to 150ms. PR1492730

  • During MBB, a few packets might be dropped while bringing up the FTI logical interface, which is the primary interface. PR1507779

  • Some memory leaks have been observed in the JET Service Daemon (JSD) process when one or more collectors are connecting and disconnecting to and from the router. These are observed in the gRPC stack code which is third party. The amount of memory leaked is relatively small. However, these leaks could increase with more frequent collector connects and disconnects. As a result of the memory leaks, the JSD process's memory size can increase to a value that is higher than normal (for example, when the gRPC connections are established and stable) but is unlikely to cause any adverse effects to the system with streaming telemetry. PR1512296

  • MX10003 MPC will support a fixed port PIC (6xQSFPP) and a modular TIC (12xQSFP28) which can be of two types - Ethernet TIC and MACSEC TIC. The MACSEC TIC doesn't support unified ISSU and hence link flaps are expected on MACSEC TIC. PR1514694

Interfaces and Chassis

  • Traffic stalled and standby PWS states are not updated on changing to vlan-bridge encapsulation and then back to vlan-circuit-cross-connect. PR1503102

MPLS

  • On the MX480 router, the following error message is observed: FPC Resource Monitor: FPC 0 and 1 Heap Memory has crossed free memory watermark of 20. PR1513436

  • After applying the network service configuration changes, rebooted all the routing engines as already required will avoid this issue. PR1461468

Network Management and Monitoring

  • SNMP Support for RIB Sharding and Threading (MX Series)—In Junos OS Release 20.3R1, when you enable RIB Sharding, BGP MIB and L3VPN MIB don’t support the below attributes:

    Unsupported attributes for BGP MIB

    • bgp4PathAttrPeer

    • bgp4PathAttrIpAddrPrefixLen

    • bgp4PathAttrIpAddrPrefix

    • bgp4PathAttrOrigin

    • bgp4PathAttrASPathSegment

    • bgp4PathAttrNextHop

    • bgp4PathAttrMultiExitDisc

    • bgp4PathAttrLocalPref

    • bgp4PathAttrAtomicAggregate

    • bgp4PathAttrAggregatorAS

    • bgp4PathAttrAggregatorAddr

    • bgp4PathAttrCalcLocalPref

    • bgp4PathAttrBest

    • bgp4PathAttrUnknown

    Unsupported attributes for L3VPN MIB

    • mplsL3VpnVrfRteInetCidrDestType

    • mplsL3VpnVrfRteInetCidrDest

    • mplsL3VpnVrfRteInetCidrPfxLen

    • mplsL3VpnVrfRteInetCidrPolicy

    • mplsL3VpnVrfRteInetCidrNHopType

    • mplsL3VpnVrfRteInetCidrNextHop

    • mplsL3VpnVrfRteInetCidrIfIndex

    • mplsL3VpnVrfRteInetCidrType

    • mplsL3VpnVrfRteInetCidrProto

    • mplsL3VpnVrfRteInetCidrAge

    • mplsL3VpnVrfRteInetCidrNextHopAS

    • mplsL3VpnVrfRteInetCidrMetric

    • mplsL3VpnVrfRteXCPointer

    • mplsL3VpnVrfRteInetCidrStatus

Platform and Infrastructure

  • On the MX platform with Protocol Independent Multicast (PIM) implemented and the number of IGMP groups exceeding 15000, join message (S,G) might not be created after graceful Routing Engine switchover (GRES). PR1457166

  • Unknown unicast filter applied in EVPN routing-instance blocks unexpected traffic. PR1472511

  • With sensor being subscribed via Junos Telemetry Interface (JTI), after the interface is deleted/deactivated/disabled, the TCP connection is still established, and the CLI command of show agent sensors still shows the subscription. PR1477790

  • EVPN aliasing and load-balancing for Layer 2 traffic does not work with Dynamic Link Next-Hop. EVPN alaising with DLNH for L2 traffic is not supported for Junos OS Release 20.3 and earlier releases. PR1504412

Routing Protocols

  • Commit check fails when rib-sharding is configured with these statements:

    • routing-instances <name> routing-options multipath

    • routing-instances <name> routing-options policy-multipath

    • routing-instances <name> protocols mvpn.

Subscriber Management and Services

  • Subscriber management and services are not supported on MPC10 or MPC11 line cards when you use these cards for subscriber access. MPC10 and MPC11 line cards support subscriber management and services only when you use these cards for uplink purposes to the core.

Open Issues

Learn about open issues in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • When an interface attached to the aggregated Ethernet interface is decoupled and an IP address is assigned to it, ARP resolution issues are seen. PR1504287

  • Verification from router ingress stat is not correct for ifd queue, error with IFL. PR1538589

EVPN

  • With Junos OS Release 19.3R1, VXLAN OAM host-bound packets are not throttled with DDoS policers. PR1435228

Forwarding and Sampling

  • Packet length for ICMPv6 is shown as '0' in the output of show firewall log detail CLI command. PR1184624

  • When GRES is triggered by SSD hardware failure, the syslog error of rpd[2191]: krt_flow_dfwd_open,8073: Failed connecting to DFWD, error checking reply - Operation timed out might be seen. Issue can be resolved by restarting the dfwd process. PR1397171

  • After routing is restarted, the remote mask (indicating from which remote PE devices MAC-IP entries are learned), which the routing daemon sends, might be different from the existing remote mask that the Layer 2 learning daemon had prior to restart. This causes a mismatch between the Layer 2 learning and the routing daemon’s interpretation as to where the MAC-IP entries are learnt, which can be local or remote, leading to the mac-ip table being out of synchronization.PR1452990

General Routing

  • On the MX platform with FPC Model FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. The following syslog message gets reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 The Junos OS Chassis Management Error handling detects such a condition, raises an Alarm, and disables the affected Packet Forwarding Engine entity. To recover this Packet Forwarding Engine entity, restart the FPC. Contact your Juniper support representative if the issue persists even after the FPC restarts. PR1254415

  • If a vmhost snapshot is taken on an alternate disk and there is no further vmhost software image upgrade, the expectation is that if the current vmhost image gets corrupted, the system boots with the alternate disk so the user can recover the primary disk to restore the state. However, host root file system, the node boots with the previous vmhost software instead of the alternate disk. PR1281554

  • On MX2010/MX2020 routers equipped with SFB2 (Switch Fabric Board 2), some error messages could be occasionally seen in the logs. There is no operational impact nor an indication of a real issue caused by these messages. PR1363587

  • FPC core files are generated on multiple additions or deletions of hierarchical CoS from pseudowire devices. As a workaround, remove the pseudowire device without changing the hierarchical CoS configuration. PR1414969

  • If Hypertext Transfer Protocol (HTTP) Header Enrichment function is used, the traffic throughput decreases when traffic passes through Header Enrichment. PR1420894

  • FPC might crash when Packet Forwarding Engine memory usage for a partition such as NH/DFW is high. Under low Packet Forwarding Engine memory condition, log Safety Pool below 25% Contig Free Space" or "Safety Pool below 50% Contig Free Space might be observed. PR1439012

  • Interface hold-down timers cannot be achieved for less than 15 seconds on the MPC11E line card. PR1444516

  • IPv6 VRRP MAC address is not handled correctly by VFP (virtual forwarding plane). If the IPv6 traffic throughput is beyond the bandwidth of this slow path, the IPv6 packets might be dropped. PR1449014

  • Physical interface policers are not supported in Junos OS Release 19.3 for the MPC11 line card. PR1452963

  • The CFM remote MEP does not come up after configuration or remains in Start state. PR1460555

  • Need to add the Backport jemalloc profiling CLI support to all Junos OS releases where jemalloc is present.PR1463368

  • The following syslog error messages are harmless and expected during FPC offline/restart scenarios with PS-RLT(with/without link protection) configuration. Nov 12 15:02:00 cleansing kernel: lag_remove_link_from_stack_bundle: vid 0x0 delete failed for ifl lt-3/0/0.32767 with err=2 Nov 12 15:02:00 cleansing kernel: lag_remove_link_from_stack_bundle: vid 0x1 delete failed for ifl lt-3/0/0.32767 with err=2 Nov 12 15:02:43 cleansing kernel: lag_remove_link_from_stack_bundle: vid 0x1 delete failed for ifl lt-5/0/0.32767 with err=2 Nov 12 15:02:43 cleansing kernel: lag_remove_link_from_stack_bundle: vid 0x0 delete failed for ifl lt-5/0/0.32767 with err=2 Nov 12 15:02:43 cleansing kernel: lag_lp_handle_event: LP event = 6, child lt-5/0/0 err = 22 The following syslog error messages are harmless and expected during ISSU or GRES or FPC offline/online scenarios. Nov 12 15:08:37 cleansing fpc3 user.err aftd-trio: [Error] IF:Unable to add member to aggregate member list, member already exists, aggIflName:ps1.0 memberIflName:lt-3/0/0.32767 Nov 12 15:08:37 cleansing fpc3 user.err aftd-trio: [Error] IF:Unable to add member to aggregate member list, member already exists, aggIflName:ps1.0 memberIflName:lt-5/0/0.32767PR1466531

  • The pccd core and PCEP (Path Computation Element Protocol) sessions might flap when PCC (Path Computation Client) tries to send a report to PCE but the connection between PCC and PCE is not in UP state. It might also cause rpd core files. This issue might happen in MBB (Make-before-break) cases in PCE provisioned/controlled LSP or during unified ISSU upgrade operation. PR1472051

  • The following line card errors are seen: HALP-trinity_nh_dynamic_mcast_add_irb_topo:3520 snooping-error: invlaid IRB topo/ IRB ifl zero in l2 nh 40495 add IRB. PR1472222

  • For the MPC10E card line, the IS-IS and micro-BFD sessions do not come up during baseline. PR1474146

  • Expected number of 512,000 MAC entries are not re-learned in the bridge table after clearing 512,000 MAC entries from the table. PR1475205

  • On the MX480 router, the following error message is seen after restore or removal with IP/MPLS configurations: [Error] L2alm : l2alm_mac_process_hal_delete_msg:667 Ignoring MAC delete with ifl index 355, fwd_entry has 7888. PR1475785

  • Critical syslog error messages at fpc3 user.crit aftd-trio are seen during baseline: [Critical] Em: Possible out of order deletion of AftNode #012#012#012 AftNode details - AftIndirect token:230791 group:0 nodeMask:0xffffffffffffffff indirect:333988 hwInstall:1#012. PR1486158

  • NH learning knob is enabled by default in MPC10 and MPC11 irrespective of the knob configuration. The disabling will have no effect on the knob functionality. PR1489121

  • Login or logout of high scale (around 1 million bearers) causes some sessions not to re-login. PR1489665

  • On the MPC10 line card, the following error message is observed on the Routing Engine 1 after graceful switchover from the Routing Engine 0 to the Routing Engine 1: [Error] L2ALIPC : L2AL IPC client failed to connect to l2ald. PR1491384

  • On the MPC10 line card, AFT crash is observed at std::default_delete< AftTermAction>::operator() (this=< optimized out>, __ptr=0x7fb0bc5d5910) at /volume/evo/files/opt/poky/2.2.1-22/sysroots/core2-64-poky-linux/usr/include/c++/6.2.0/bits/unique_ptr.h:76. PR1491527

  • On MPC7E, MPC8E, MPC9E, MPC10E, JNP10K-LC2101, MX204, and MX10003, the following error messages are observed: unable to set line-side lane config (err 30). PR1492162

  • The smart-sfp-present leaf was removed because this was redundant information. There is a leaf saying the type of smart sfp present on the interface. The present leaf was removed to avoid cluttering of the CLI output. PR1492551

  • After backup Routing Engine halt, CB1 goes offline and comes back online; this leads to backup Routing Engine boot up and shows reboot reason as "0x1:power cycle/failure". This issue is only for the Routing Engine reboot reason, there is no other functional impact of this. PR1497592

  • If MPLS is needed, the cRPD container must be instantiated with the MPLS modules that are already installed on the host. PR1498632

  • The output of the show dynamic-tunnels database statistics command must have tags for source, destination, tunnel-id, and next hop. PR1501576

  • SFB3 and MPC11 are not supported in Junos OS Release 19.4. PR1503605

  • A 10-Gigabit Ethernet interface configured with WAN-PHY framing might flap continuously if the hold-down timer is set to 0 (which is the default). This is not applicable to an interface with the default framing LAN-PHY. PR1508794

  • Traffic loss might be seen under ECMP scenario on the MPC10E or MPC11E line card. PR1513898

  • The log file to log the activities associated with the "request rift package activate" command is created with the permissions of the CLI user. If multiple users run the command, it may fail due to problems with permissions writing to the log file. PR1514046

  • Traffic is dropped when multicast traffic on a group with 4000 egress aggregated ports is sent. The drop is always on the egress port that is on the same Packet Forwarding Engine as the ingress port. PPE times out before the multicast packet is processed and that causes the packet to drop. PR1514646

  • LFM might flap during MX Virtual Chassis ISSU. PR1516744

  • If a node is a 'deviate not-supported' in a Yang model and when that module is installed on a device running Junos OS, the device shows (if that knob is configured) " ## Warning: 'knob' is deprecated But this does not convey the right meaning. So as part of this PR the warning message is changed to 'statement ignored unsupported platform'. Sample warning message before this PR fix:

    user@router# show test:system bar-system a; ## Warning: 'bar-system' is deprecated {master}[edit]

    Sample warning message post this PR fix

    user@router# show test:system ? Possible completions:<[Enter]> Execute this commandhost-name Leaf host-nametest-grouping-leaf Test test-grouping| Pipe through a command [edit] user@router# show test:system#### Warning: statement ignored: unsupported platform (mx960)##bar-system a; [edit] PR1516910

  • When an AMS ifd is configured for the first time or any member of the AMS bundle is removed or added, the PICs on which the members of AMS bundle are present go for a reboot. There is a timer running in the AMS kernel which is used as a delay for the PIC reboot to complete and once that timer expires AMS assumes that the PICs might have been rebooted and it moves into next step of AMS fsm. In scaled scenarios, this rebooting of the PIC is delayed due to DCD. This is because when a PIC goes down, DCD is supposed to delete the IFDs on that PIC and then the PIC reboot happens. But DCD is busy processing the scaled config and the IFD deletion is delayed. This delay is much greater than the timer running in AMS kernel. When the above timer expires, the FSM in AMS kernel wrongly assumes the PIC reboot would be completed by then, but the reboot is still pending. By the time DCD deletes this IFD the AMS bundles are already UP. Because of this, there is a momentary flap of the bundles. PR1521929

  • If PFE processes distributed igmp pseudo ifl delete, it attempts to delete all associated multicast flows. On a scaled setup, deleting several thousand multicast flows hogs CPU for a long time, and the process is killed by the scheduler, which generates a core file. This is a rare condition, seen only on scaled distributed igmp setup. PR1537846

  • After configuring "global system name-server" configuration commit should fail but commit is succeeds. PR1538514

  • No data returned from NETCONF request for remove-private-as network-instance. PR1538736

  • Token routes are present even after deactivating igmp snooping interfaces while Verify IGMP Snooping functionality. PR1538998

  • In scaled MX2020 router, with VRF localisation enabled, 4 million nexthop scale, 800,000 route scale. FPCs may go offline on GRES. Post GRES, router continues to report many fabric-related CM_ALARMs. FPC may continue to reboot and not come online. Rebooting primary and backup Routing Engine will help recover and get router back into stable state. PR1539305

  • The new alarm "network-service mode mismatch between configuration and kernel setting" was introduced by PR 1514840 commit. When ISSU is performed from images without PR 1514840 commit to images with PR 1514840 commit, then the transient false alarm will be seen. PR1546002

  • Validation of OCSP certificate may not go through for some CA servers. PR1548268

  • In synce configuration, Configuration 1: ESMC transmit is configured Config 2: if deactivated chassis synchronization source configured OR no chassis synchronization source is configuring is active then commit error is given as "'esmc-transmit' requires 'chassis synchronization source' configuration". PR1549051

  • V4ov6 tunnel Route Indirect Next-hop Index is changed after GRES. PR1560195

  • In 20.4, the return data from get_subscriber_info keyword contains string list instead of element list. PR1560397

  • Traffic drop is seen after creating both bgp signalled mplsoudp tunnel and mplsogre tunnel and changing tunnel preference of gre to 1. PR1561721

  • Observed few DHCP subscribers are stuck in active state. PR1564701

  • On MX204, one can observe the FPC CPU getting high after JUNOS 19.4. The JGCI_Background thread was taking more time as i2c was operating at a lower speed. Changing the i2c with higher speed resolved the issue. PR1567797

  • Traffic loss is observed with scale 4000 tunnels 800 vrf test. PR1568414

  • Observed ping failure on VMX while verifying scu accounting. PR1569047

  • Fabric errors on systems with MPC3E and MPC4E/5E with Enhanced MX960 Backplane. PR1573360

  • When the system has only one plane (in the process of plane offline/online), the MPC10-10c is seeing destination errors. PR1560053

  • PIM rib-group failure to add in vrf - PIM: ribgroup vrf not usable in this context; all RIBs are not in instance. PR1574497

Infrastructure

  • IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) error message is observed continuously in AD with base configurations. PR1485038

Interfaces and Chassis

  • Some routers index the SFP transceivers starting at 1, while interface numbering starts from 0; thus, reading the Packet Forwarding Engine-level output can be confusing. PR1412040

  • Changing framing modes on a CHE1T1 MIC between E1 and T1 on a MPC3E NG HQoS line card will cause the PIC to go offline. PR1474449

  • The traffic (which is destined to the hosts behind static PPPoE subscriber's CPE device) drop is seen due to bad MPLS VPN label (which points to discard next-hop) after Routing Engine switchover without NSR. The traffic destined to the CPE device itself is not affected. PR1488302

  • Input and output bytes count mismatch in the IPv6 traffic statistics while issuing the "show interface extensive" command. PR1505100

  • When standby MC-LAG node is rebooted, one-time traffic hit of active path traffic is observed, and later when the node comes up, the MC-LAG active standby roles are changed to the other device. PR1505841

  • When configuring CFM sessions on MPC10 and MPC11 line cards, if syslog error ppman: [Error] PPM:CTRL_CFM: PpmCtrlProtoCfm::getFcPlp: CFM interface is not found in intf table is seen, the CCM PDUs will not take the configured forwarding class. The CCMs will take forwarding class as "network-control", and queue as 3. PR1527032

  • When configuring CFM sessions on MPC10 and MPC11 line cards, if syslog error ppman: [Error] PPM:CTRL_CFM: PpmCtrlProtoCfm::getFcPlp: CFM interface is not found in intf table is seen, the CCM PDUs will not take the configured forwarding class. The CCMs will take forwarding class as "network-control", and queue as 3. PR1534239

  • MAC entry remains as DR after MC-LAG failover. PR1562535

Intrusion Detection and Prevention (IDP)

  • The CLI now provides helpful remarks about IDP's tunable detector parameters when executing the command "set security idp sensor-configuration detector protocol-name <protocol> tunable-name" PR1490436

Layer 2 Ethernet Services

  • The jdhcpd process crashes while forwarding a malformed DHCP packet. PR1430874

Network Management and Monitoring

  • On the MPC11E line card, the following trap message is not observed after a LC reboot when the scaled interfaces are present: SNMP Link up. PR1507780

  • Traffic statistics in the show interface command is displayed with incorrect cumulative values. PR1539483

  • Issue: show snmp mib walk alarmModelTable fails Cause: Issue in re-reading the snmp alarm-management set of configuration. PR1539483

  • Issue: show snmp mib walk alarmModelTable fails Cause: Issue in re-reading the "snmp alarm-management" set of configuration. PR1566597

Platform and Infrastructure

  • Sometimes OSPF flapping occurs during unified ISSU from Junos OS Release 16.2R2 to Release 17.2R3. PR1371879

  • A few OAM sessions are not established with scaled EVPN E-Tree and CFM configurations. PR1478875

  • On all Junos OS platforms that support EVPN-MPLS or EVPN-VXLAN, when an existing ESI interface flaps or is added newly to the configuration, sometimes DF (Designated Forwarder) election happens before local bias feature is enabled and during this time, existing Broadcast, Unknown unicast, Multicast (BUM) traffic might be looped for a short time (less than a few seconds). PR1493650

  • On MX Series platform running enhanced IP mode or enhanced Ethernet mode with OAM enabled with Periodic Packet Management (PPM) mode by default, maintenance association end point (MEP) session might not be created. In the end, network connection failure might not be efficiently monitored. PR1506861

  • Issue is seen only in VMX setups with the blockpointer in the ktree infra is getting corrupted leading to core file generation. There is no function impact such as fpc restart or system down and the issues won't be observed in hardware setups. PR1525594

  • With subscriber services configuration and distributed IGMP processing enabled for subscribers, it is possible the line card can occasionally crash. A line card reboot is required to recover. This issue will not be seen outside of subscriber services or even with subscriber services if distributed igmp is not enabled. PR1534542

  • RPM behavior in non-delegate mode with MPC10 line cards: The RPM packets from client are received and processed by RPM server but the response packets are dropped before they are received by the client. PR1556697

  • Upgrading satellite devices may lead to some SDs in SyncWait state. Cascade port flap not causing the issue. PR1556850

Routing Protocols

  • BFD session flaps during ISSU only in MPC7e card(Bfd sessions from other cards of DUT to peer routers did not flap during ISSU). Issue is not seen frequently. PR1453705

  • The virtual-router option is not supported under routing-instance in lean rpd image. PR1494029

  • On all Junos platforms with scaling MVPN scenario, some PIM Join/Prune messages may not be processed for the first attempt. For instance, a dedicated PIM router receives more than 2500 PIM hello packets from the new neighbors, followed by PIM Join packets for the same multicast group in a very short period of time. PR1500125

  • In Layer 3 VPN scenario, the rpd(routing protocol process) on backup Routing Engine might crash when BGP(standby) received a VPN route from peer which is rejected due to invalid target community and the BGP standby peer synchronization is not complete yet. PR1508888

  • TILFA backup path fails to install in LAN scenario and also breaks SR-MPLS tilfa for lan with more than four end-x sids configured per interface. PR1512174

  • On setup with dynamic tunnel IPoIP configured on it, if "clear bgp neigbhor" command is executed on it then ECMP nh might be created in wrong state. Due to which traffic loss can be seen. Workaround for this issue is to restart the RPD or FPC which creates the ECMP in correct state. PR1514966

  • Disruptive switchover (no GRES or NSR configured) can lead to stale PPM entries programmed on the new master Routing Engine. If both GRES and NSR are activated after disruptive switchover and then a GRES switchover is performed, BFD sessions might flap continuously. PR1518106

  • On the devices with NG-RE (Next Generation Routing Engine) and SCBE2 (Enhanced Switch Control Board), when BFD authentication for BGP is enabled, the BFD may flap after the NG-RE switchover. The switchover should be GRES or NSR switchover. After the flap, the device could be self recovery. PR1522261

  • When the static group is configured under protocols pim, continuous rpd crash might happen, which will eventually cause rpd to be down. Please use IGMPv3 static join instead if not otherwise instructed to avoid this issue. PR1542573

  • mpls.0 and inet.3 LDP routes showed duplicate RSVP LSP nexthops when "protocols mpls traffic-engineering bgp-igp-both-ribs" and "protocols ospf traffic-engineering shortcuts" were configured. PR1561207

  • Getting wrong mib value for isisISAdjIPAddrType after deleting the v6 address from the interface configuration. PR1568561

  • Due to a bug in junos, ospfv3NbrState may return invalid output. The value is +1 compared with expected value. OSPFv2 neighbor MIBs are NOT affected. https://tools.ietf.org/html/rfc5643 ospfv3NbrState OBJECT-TYPE SYNTAX INTEGER { down(1), attempt(2), init(3), twoWay(4), exchangeStart(5), exchange(6), loading(7), full(8) } ID Interface State Pri Dead 2.2.2.2 lt-0/0/0.0 2Way 128 38 Neighbor-address fe80::1e9c:8c01:19:4833 ospfv3NbrState.1.0.33686018 = 5 ID Interface State Pri Dead 2.2.2.2 lt-0/0/0.0 ExStart 128 37 Neighbor-address fe80::1e9c:8c01:19:4833 ospfv3NbrState.1.0.33686018 = 6 ID Interface State Pri Dead 2.2.2.2 lt-0/0/0.0 Full 128 38 ospfv3NbrState.1.0.33686018 = 9. PR1571473

User Interface and Configuration

  • On Juniper device running Junos OS Evolved, NETCONF Service over SSH with dedicated TCP port (It is configured with system services netconf ssh and the default port is 830) might not work if in-band management is used (i.e. connection is established via network interface or loopback interface etc.). PR1517160

VPNs

  • The problem can be seen in MVPN ASM scenario on a PE which has local MC source and receivers and RP is remote. If all receivers stop joining the group and MC source stops transmitting, corresponding PIM (S,G) state may remain indefinitely despite that. Due to the problem a router will maintain extra PIM state. Service is not impacted. PR1536903

Resolved Issues

This section lists the issues fixed in Junos OS Release 20.3R2 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 20.3R2

EVPN

  • With dynamic list next hop configured, a forwarding problem occurs after performing graceful switchover. PR1513759

  • no-arp-suppression is required for MAC learning across the EVPN domain on the static VTEP. PR1517591

  • ARP table might not be updated after performing VMotion or a network loop. PR1521526

  • The BUM traffic might get dropped in the EVPN-VXLAN setup. PR1525888

  • The rpd might crash when auto-service-id is configured in EVPN VPWS scenario. PR1530991

  • The route table shows additional paths for the same EVPN or VXLAN type 5 destination after upgrading from Junos OS Release 18.4R2-S3 to Junos OS Release 19.4R1-S2. PR1534021

  • All the ARP reply packets toward some address are flooded across the entire fabric. PR1535515

  • The GE LOS alarm logs on the change in IFF_CCCDOWN are not logged in the syslog message file. PR1539146

  • Rpd memory leak might occur when changing EVPN configuration. PR1540788

  • The L2ALD process might core-file when changing EVPN/VXLAN configuration. PR1541904

  • The rpd crash might be seen after adding route-target on a dual-RE system under EVPN multihoming scenario. PR1546992

  • VLAN ID information is missed while installing the EVPN route from the BGP Type 2 Route after modifying a routing-instance from instance-type EVPN to instance-type virtual-switch. PR1547275

Forwarding and Sampling

  • The DHCP subscribers might get stuck in terminated state for around 5 minutes after disabling cascade ports. PR1505409

  • The srrd process might crash in a high route churns scenario or if the process flaps. PR1517646

  • The commit might fail if a filter enabled with enhanced-mode to et- interface is configured. PR1524836

  • The l2ald process might crash when a device configuration flaps frequently. PR1529706

  • VLAN-ID based firewall match conditions might not work for the VPLS service. PR1542092

  • MAC learning issue might happen when EVPN-VXLAN is enabled. PR1546631

  • All traffic would be dropped on AE bundle without VLAN configuration if bandwidth-percent policer is configured. PR1547184

  • l2ald might crash due to next-hop issue in the EVPN-MPLS. PR1548124

General Routing

  • Family IPv6 is not coming up for L2TP subscriber when additional attributes are not passed in the Framed-IPv6-Route VSA. PR1526934

  • DHCP discover packet might be dropped if DHCP inform packet is received first. PR1542400

  • The show dynamic-profile session client-id command displays only one IPv6 framed-route information. PR1555476

  • In some MX Series deployments running Junos OS, the following random syslog messages are observed for FPCs: fpcx ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM - xxx left. These messages might not have a service impact. These messages are addressed as INFO level messages. On a Packet Forwarding Engine, there are dedicated UMEM and shared GUMEM memory blocks. This informational message indicates some evicting events between UMEN and GUMEN and can be safely ignored. PR1298161

  • The max-drop-flows statement is not available. PR1375466

  • Need to be able to show which shard a given route is hashed to. PR1430460

  • The MPC2E-NG or MPC3E-NG card with specific MIC might crash after a high rate of interface flaps. PR1463859

  • Dynamic SR-TE tunnels do not get automatically recreated at the new master Routing Engine after the Routing Engine switchover. PR1474397

  • Traffic decreases during throughput testing. PR1483100

  • SNMP index in the Packet Forwarding Engine reports as 0, causing sFlow to report either IIF or OIF (not both) as 0 in the sFlow record data at the collector. PR1484322

  • The AMS bundle might remain inactive when adding member interface to AMS bundle with scaled service sets. PR1489607

  • The following error messages are observed on the MPC card in the manual mode: clksync_as_evaluate_synce_ref: 362 - Failed to configure clk. PR1490138

  • Some of the virtual services might not up after GRES or rpd restart. PR1499655

  • Prefix is not emitted for the te-lsp-timers/state/cleanup-delay sensor path for OCST. PR1500690

  • Transit v4 traffic forwarding over BGP SR-TE might not work. PR1505592

  • Errors on vjunos0 Regarding TSensor related to PR 1362108. PR1508580

  • Not able to forward traffic to VCP FPC after the MX Virtual Chassis reboots, FPC reboots, or adding VCP link. PR1514583

  • On the MX2020 and MX2010 routers, the SPMB CPU is elevated when an SFB3 is installed. PR1516287

  • The l2cpd might crash if the ERP is deleted after the switchover. PR1517458

  • On the MX960 routers, the show interfaces redundancy rlt0 statement shows current status as primary down as FPC is still in the Ready state after rlt failover (restart FPC). PR1518543

  • Junos OS: Command injection vulnerability in 'request system software' CLI command (CVE-2021-0219). PR1519337

  • Traffic loss might happen when an Uncorrected (Fatal) AER error is detected. PR1519530

  • During an upgrade, vSRX3.0 would display the following incorrect license warnings when utilizing licensable features even if the license was present on the device: such as warning: requires 'idp-sig' license. PR1519672

  • The BFD session status remains down at non-anchor FPC even though bfd session is up after anchor FPC reboot/panic. PR1523537

  • PSM firmware upgrade should not allow multiple PSM upgrade in parallel to avoid the firmware corruption and support multiple firmwares for different hardware Revs. PR1524338

  • No response from the other routing engine for the last 2 seconds" triggers "SNMP trap generated: Fru Offline" messages. PR1524390

  • Commit is successful while deactivating CB0 or CB1 interfaces with GNF. PR1524766

  • Problem With static VLAN deletion with active subscribers and the FPC might be stuck at Ready state during restart. PR1525036

  • The following error message is observed during GRES if an IRB interface is configured without a profile: RPD_DYN_CFG_GET_PROF_NAME_FAILED. PR1526481

  • Commit error messages come twice while validating the physical-cores command. PR1527322

  • The transit PTP packet might be unexpectedly modified when passing through MPC2E-NG, MPC3E-NG, and MPC5E line cards. PR1527612

  • The speed command cannot be configured under the interface hierarchy on an extended port when the MX204 or MX10003 router works as an aggregation device. PR1529028

  • In the subscriber management environment, the RADIUS interim accounting records does not get populated with the subscriber statistics. PR1529602

  • The SFP-LX or SFP-SX optics on MIC-3D-20GE-SFP-E/EH might show as unsupported after unified ISSU. PR1529844

  • BiDi 1G SFP optics giving wrong value in JVision for "optics/laser_rx_power_*_thresholds". PR1530120

  • After performing unified ISSU with a high-scale bridge-domain configuration, less than 0.0254 percent of traffic loss is observed for a single bridge-domain interface. PR1531051

  • On the MX10003 router, PEM 0 always shows as Absent or Empty even if PEM 0 is present. PR1531190

  • Commit may fail after Routing Engine switchover. PR1531415

  • New subscribers might fail to connect due to "Filter index space exhausted" error. PR1531580

  • Deleting the address of the jmgmt0 interface might fail if the shortened version of the CLI command is used. PR1532642

  • The interface with the "pic-mode 10GE" configuration may not come up if upgrading to 18.4R3-S4 or later versions. PR1534281

  • Some routes might get incorrectly programmed in the forwarding table in the kernel which is no longer present in rpd. PR1534455

  • The clear ike statistics command does not work with remote gateway. PR1535321

  • Certain BGP SR-TE segment lists cause the rpd process to generate the core file during tunnel attribute parsing. PR1535632

  • Snmp mib walk for jnxSubscriber OIDs returns General error. PR1535754

  • All SFBs might go offline due to fabric failure and fabric self-ping probes performing the disable-pfe action. PR1535787

  • Junos OS: MX Series: Dynamic filter fails to match IPv6 prefix (CVE-2021-0205). PR1536100

  • Multicast traffic might be observed even through unexpected interfaces with distributed IGMP is enabled. PR1536149

  • Enhancements are needed for debugging l2ald. PR1536530

  • The chassisd memory leak might cause traffic loss. PR1537194

  • The following error message might be observed when the JAM packages for the MX204, MX10003, and MX10008 are installed: JAM: Plugin installed for summit_xxx PIC. PR1537389

  • Version-alias gets missed for subscribers configured with dynamic profiles after unified ISSU. PR1537512

  • Not able to get the sessions after Configure IDS, Add IDS-RULE in the SS in the next-hop style. PR1537609

  • Deactivating/activating PTP/syncE in the upstream router causes the 100G links on the LC2103 to flap. PR1538122

  • AFT based TRIO FPCs (MPC10, 11) PFE cli command "show jnh exceptions inst <inst-number> may cause FPC to crash. PR1538138

  • Traffic drop might be seen when executing "request system reboot". PR1538252

  • Junos OS: Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted. (CVE-2021-0211) PR1539109

  • The accounting interim-updates for subscriber does not work after GRES and subsequent reboot of FPCs in the node-slicing setup. PR1539474

  • The rpd memory leak might be observed on the backup Routing Engine due to link flaps. PR1539601

  • The mspmand process leaks memory in relation to the MX telemetry reporting the following error message: RLIMIT_DATA exceed. PR1540538

  • With hold time configuration, the ge Interfaces remain down on reboot. PR1541382

  • Subscriber might not come up on some dynamic VLAN ranges in a subscriber management environment. PR1541796

  • After changing addresses in the source pool, if the carrier-grade NAT traffic does not stop, the source pool cannot perform the NAT translation from the new pool. PR1542202

  • The KRT queue might get stuck after RE switchover. PR1542280

  • Port mirroring with maximum-packet-length configuration does not work over the GRE interface. PR1542500

  • The license errors may get returned on backup Routing Engine when trying to commit the configuration. PR1543037

  • The mspmand process might generate core file on activating or deactivating the interface. PR1544794

  • Traffic loss might be observed when Switch Fabric Board 3/MPC8E 3D combination is used in MX2010/MX2020. PR1544794

  • In the syslog output, the sylog-local-tag name is truncated ( as SYSLOG_SF) when he sylog-local-tag name is configured as SYSLOG_SFW. PR1547505

  • Continuous rpd errors might be seen and new routes will fail to be programmed by rpd. PR1545463

  • The nsd daemon crashes after configuring the inline NAT44 in the USF mode. PR1547647

  • The verbose command unexpectedly becomes hidden after Junos OS Release 16.1 for set system export-format json. PR1547693

  • SENSOR APP DWORD leak is observed during the period of churn for routes bound to the sensor group. PR1547698

  • SR-TE may stay UP when the routes deleted through policy. PR1547933

  • Multicast traffic drop might be seen after ISSU. PR1548196

  • The rpd crash might be seen when BGP service route is resolved over color-only SRTE policy. PR1550736

  • The PPPoE subscribers might fail to login. PR1551207

  • "LCM Peer Absent" might be seen on all TVP platforms. PR1551760

  • The fabric errors are observed and the FPC processes might get offlined with SCBE3, MPC3E-NG, or MPC3E and MPC7 or MPC10 in the increased-bandwidth fabric mode. PR1553641

  • Configuring HFRR i.e. link-protection on an interface may cause rpd to crash. PR1555866

  • ISSU may be aborted on MX devices for version 20.2R2-S1. PR1557413

  • The l2cpd core files might be seen on reboot. PR1561235

  • The rpd crash might be observed during processing huge amount of PIM prune messages. PR1561984

  • MX platforms with MX-SCBE3 may reboot continuously. PR1564539

  • On MX150, "request system software add" CLI is disabled in 19.4R3-S1, 20.1R2, and 20.4R1. PR1568273

  • agent sensor - "__default_fabric_sensor__" seems to be partly applied to some FPCs, which caused zero payload issue - "AGENTD received empty payload for pfe sensor __default_fabric_sensor__. PR1569167

Infrastructure

  • Output drops in 'show interfaces extensive' might display 0 temporarily during a race condition when SNMP query for JnxCos is also issued. PR1533314

Interfaces and Chassis

  • The configuration might not be applied after deleting all existing logical interfaces and adding a new logical interface for an IFD in a single commit. PR1534787

  • Inline Y.1731 SLM or DM does not work in enhanced-cfm-mode for the EVPN UP MEP scenario. PR1537381

  • Backup router generates VRRP_NEW_BACKUP syslog during bringup. PR1539277

  • The following error message might occur after commit for configuration under interface hierarchy: should have at least one member link on a different FPC. PR1539719

  • The following the commit error is observed while trying to delete unit 1 logical systems interfaces: ae2.1: Only unit 0 is valid for this encapsulation. PR1547853

  • The startup-silent-period command might not work in Junos OS Release 20.3R1 or later. PR1548464

  • The VCP port is marked as administratively down on the wrong MX Series Virtual Chassis member. PR1552588

  • The dcd process might leak memory on pushing the configuration to the ephemeral database. PR1553148

MPLS

  • The rpd scheduler might slip after the link flaps. PR1516657

  • The inter-domain LSP with loose next hop path might get stuck in down state. PR1524736

  • The ping mpls rsvp command does not take into account lower MTU in the path. PR1530382

  • The rpd process might crash when the LDP route with indirect next hop is deleted on the aggregated Ethernet interface. PR1538124

  • Performing commit may trigger externally provisioned LSP MBB mechanism. PR1546824

  • A new LSP might not be up even if bypass LSP is up and "setup-protection" is configured. PR1555774

Network Address Translation (NAT)

  • Need to improve the maximum eNode connections for one persistent NAT binding from 8 to 32. PR1532249

Network Management and Monitoring

  • Commit error while deleting the routing instance when snmp trap-group also have the same routing instance referred. PR1555563

Platform and Infrastructure

  • PE-CE OAM CFM might have issues in AE interface case. PR1501656

  • The output of the show jnh qmon queues-sensor stats 0 command has no content. PR1514881

  • The VPLS connection might be stuck in the Primary Fail status when a dynamic profile is used on the VPLS pseudowire logical interface. PR1516418

  • The state of the flow detection configuration might not be displayed properly if DDOS-SCFD is configured globally. PR1519887

  • Flow programming issue for lt- interface in the Packet Forwarding Engine level is observed. PR1525188

  • Junos OS: MX Series: Trio-based MPC memory leak when Integrated Routing and Bridging (IRB) interface is mapped to a VPLS instance or a Bridge-Domain (CVE-2021-0202). PR1525226

  • The following error message is observed when alarms after interface reset: 7836 ifl 567 chan_index 8 NOENT & jnh_ifl_topo_handler_pfe(13015): ifl=567 err=1 updating channel table nexthop. PR1525824

  • The VxLAN encapsulation over IPv6 underlay might not work on MX routers. PR1532144

  • There is a TWAMP interoperability issue between Junos OS releases. PR1533025

  • The fpc process might crash when the next hop memory of ASIC is exhausted in the EVPN-MPLS scenario. PR1533857

  • The ISSU might fail on Junos platforms with LUCHIP based line cards. PR1535745

  • Subscribers are not coming up VPLS on PS interface. PR1536043

  • TWAMP interoperability issue can be seen if the Junos release has only the fixes for PR-1434740, PR-1533025 but not the fix for PR-1536939. PR1536939

  • Packet loss might be observed when the RFC2544 egress reflector session is configured on the non-zero Packet Forwarding Ethernet interface. PR1538417

  • AUTO-CORE-PR : JDI CI ROUTING : vmxt_lnx core found @ l2_metro_bd_host_inject_del bd_platform_delete bd_handle_msg. PR1538516

  • The rmopd process memory leak might be seen if TWAMP client is configured. PR1541808

  • Trio-based FPC might crash when the underlying Layer 2 interface for ARP over IRB interface is changed from the physical interface to the LSI interface. PR1542211

  • ARP expired timer on backup Routing Engine is not same with master Routing Engine if aging-timer is configured. PR1544398

  • The BGP session replication might fail to start after the session crashes on the backup Routing Engine. PR1552603

  • Traffic is not forwarded over IRB to l2circuit on lt interfaces. PR1554908

  • IPv4 EXP rewrite might not work properly when inet6-vpn enabled. PR1559018

Routing Policy and Firewall Filters

  • The policy configuration might be mismatched between the rpd and mgd process when deactivate policy-options prefix-list is involved in the configuration sequence. PR1523891

  • Generate route goes to hidden state when protect core knob is enabled. PR1562867

Routing Protocols

  • The output of the show isis interface detail command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long. PR1482983

  • The rpd might crash with BGP RPKI enabled in a race condition. PR1487486

  • Ppmd core file generated after MS-MPC restart. PR1490918

  • The rpd might crash after deleting and re-adding a BGP neighbor. PR1517498

  • Tag matching in the VRF policy does not work properly when the independent-domain option is configured. PR1518056

  • The BGP session with VRRP virtual address might not come up after a flap. PR1523075

  • The VRF label is not assigned at ASBR when the inter AS is implemented. PR1523896

  • The IS-IS LSP database synchronization issue might be seen while using the flood-group feature. PR1526447

  • The rpd process generates core file at is_srv6_delete_locator_end_sid_data isis_srv6_end_sid_local_data_delete isis_srv6_locator_config_check. PR1531830

  • Transit labels for Layer 3 VPN routes are pushed momentarily to the MPLS.0 table. PR1532414

  • Configuring then next hop and then reject on a route policy for the same route might cause the rpd process to crash. PR1538491

  • After moving peer out of the protection group, the path protection does not get removed from the PE router. Multipath routes are still present. PR1538956

  • For spring with TE-shortcuts, MPLS S=0 route label is missing in the logical_system r5_lr for label 801007 upon activating mpls label switched path just after deactivating isis TE inet shortcuts. PR1539671

  • The rpd process generates the core file at gp_rtarget_tsi_update,bgp_rtarget_flash_rt,bgp_rtarget_flash. PR1541768

  • Traffic loss might be seen in next-hop-based dynamic tunnels of L3VPN scenario after changing the dynamic-tunnel preference. PR1542123

  • The metric of prefixes in intra-area-prefix LSA might be changed to 65535 when the metric of one of the OSPFv3 p2p interfaces is set to 65535. PR1543147

  • The BGP session neighbor shutdown configuration does not effect the non-established peer. PR1554569

  • The changes do not get effective when the values are set under static default hierarchy. PR1555187

  • The BGP session might not come up if extended-nexthop is enabled by default on the other vendor remote peer. PR1555288

  • Sending multicast traffic to downstream receiver on Trio based Virtual Chassis platforms might fail. PR1555518

  • 6PE prefixes may not be removed from RIB upon reception of withdrawal from a BGP neighbor when RIB sharding is enabled. PR1556271

  • Multipath info still shown for BGP route even after disabling interface for one path. PR1557604

  • 6PE prefixes may not be removed from RIB upon reception of withdrawal from a BGP neighbor when RIB sharding is enabled. PR1556271

  • VPN routes learned from core files were not advertised to CE when bgp sharding is configured. PR1560661

  • All Layer3 VPN route ages reset when adding or deleting a VRF. PR1560827

  • Wrong SPF calculation might be observed for OSPF with ldp-synchronization hold-time configured after interface flap. PR1561414

Services Applications

  • L2TP subscribers might fail to establish a session on MX if the CPE is a virtual host. PR1527343

  • The following error message is observed: SPD_CONN_OPEN_FAILURE: spd_pre_fetch_query: unable to open connection to si-1/0/0. PR1550035

Subscriber Access Management

  • Subscriber accounting messages retransmissions exist even after configuring accounting retry 0. PR1405855

VPNs

  • The Junos image upgrade/installation with 'validate' will fail with XML errors. PR1525862

  • MVPN multicast route entry might not be properly updated with the actual downstream interfaces list. PR1546739

Resolved Issues: 20.3R1

Application Layer Gateways (ALGs)

  • The srxpfe or mspmand process might crash if FTPS is enabled in a specific scenario. PR1510678

Class of Service (CoS)

  • The following error message is observed: GENCFG write failed (op, minor_type) = (delete, Scheduler map definition) for tbl id 2 ifl 0 TABLE Reason: No such file or directory. PR1476531

  • The MX Series routers with MPC1 Q and MPC2 Q line cards might report memory errors. PR1500250

EVPN

  • When a dynamic list next hop is referenced by more than one route, it might result in an early deletion of the next hop from the kernel, thereby assigning the NH index as 0 (Next hop type: Dynamic List, next hop index: 0" in the output of the show route command). This would not result in a crash, but an early delete from kernel. As a workaround, restarting the routing solves the issue and the NH index gets reassigned properly. PR1477140

  • The ARP resolution to the gateway IRB address fails if decapsulate-accept-inner-vlan or encapsulate-inner-vlan is configured. PR1526618

  • The rpd process might crash when auto-service-id is configured in the EVPN-VPWS scenario. PR1530991

  • The rpd process might generate a core file when the Routing Engine switches over after disabling the BGP protocol globally. PR1490953

  • VXLAN bridge domain might lose the VTEP logical interface after restarting chassisd. PR1495098

  • The VXLAN function might be broken due to a timing issue. PR1502357

  • The MAC address of the LT interface might not be installed in the EVPN database. PR1503657

  • Configuring the proxy-macip-advertisement command for EVPN-MPLS leads to functionality breakage. PR1506343

  • With the EVPN-VXLAN configurations, the IRB MAC does not get removed from the route table after disabling IRB. PR1510954

  • ARP might break when multicast snooping is enabled in EVPN for the VLAN-based and VLAN-bundle service scenarios. PR1515927

  • Unable to create a new VTEP interface. PR1520078

  • Packets might not be sent out of the IRB interface if there is no Layer 2 interface in the associated bridge-domains. PR1498534

  • IRB interface might get stuck in the Down state in an EVPN multihome scenario. PR1479681

Forwarding and Sampling

  • UTC timestamp is used in the flat-file-accounting files when a profile is configured. PR1509467

  • DHCP subscribers might get stuck in the Terminated state for around 5 minutes after disabling the cascade ports. PR1505409

  • Traffic might get dropped due to not exceeding the configured bandwidth under policer. PR1511041

  • The DHCP relay might not work normally under EVPN with VXLAN environment. PR1487385

  • The pfed process might crash while running the show pfe fpc x command. PR1509114

General Routing

  • The show security group-vpn member IPsec security-associations detail | display xml command is not in the expected format. PR1349963

  • Constant memory leak might lead to FPC memory exhaustion. PR1381527

  • The chassisd might crash due to hardware-database errors. PR1383246

  • On the MX2000, the following error message might be observed if the MPC7 line card is offline when Routing Engine switchover occurs: Failed to get xfchip. PR1388076

  • After an MX Series router with the JNP10K-LC2101 line card is powered on, a voltage of 1345-1348 mV is read for about 20 seconds, which gets stabilized to 1493 mV. During this period, the FPC x Voltage Tolerance Exceeded major alarm is raised. PR1415671

  • The following Error messages are observed on the MPC card in the manual mode: clksync_as_evaluate_synce_ref: 362 - Failed to configure clk. PR1490138

  • FPC might crash after GRES when committing changes in the firewall filter with the next term statements in a subscriber scenario. PR1421541

  • The RPD scheduler slips might be seen upon executing the show route resolution extensive 0.0.0.0/0 | no-more command if the number of routes in the system is large (several millions). PR1425515

  • Layer 2 over GRE is not supported in Junos OS Release 19.3R1. Even though, the configuration gets committed, the feature does not work. PR1435855

  • The MPC9E line card does not get offline due to unreachable destinations in the phase 3 stage. PR1443803

  • FEC statistics are not reset after changing the FEC mode. PR1449088

  • When an M-VLAN interface (OIF map) is changed, the existing multicast subscribers with membership reports in place experience loss of multicast traffic till traffic is forwarded to the new OIF map. For example, a new M-VLAN interface. PR1452644

  • Interfaces shut down by the disable-pfe action might not come up when you use the MIC offline or online command. PR1453433

  • The FPC or the Packet Forwarding Engine might crash with the ATM MIC installed in the FPC. PR1453893

  • Application and removal of 1-Gbps speed results in the channel being down. PR1456105

  • In the MVPN instance, the traffic drops on multicast receivers within the range of 0.1 to 0.9 percent. PR1460471

  • The bbe-smgd process generates core files on the backup Routing Engine. PR1466118

  • With the BGP rib-sharding and update-threading, traffic drops 100 percent in the BGP Layer 3 VPN streams, post the removal or restoration configuration. PR1469873

  • The following syslog message are observed: fpcX user.notice logrotate: ALERT exited abnormally with [1]. PR1471006

  • When you reboot the external server, the SNMP values configured within the /etc/snmp/snmpd.conf file at the server get overwritten with the content from the JDM SNMP configuration section. The trap configuration changes get completely removed. Restarting or stopping and starting JDM does not change the host /etc/snmp/snmpd.conf file. Only system reboot of the server occurs. PR1474349

  • The kmd process might crash in a specific simultaneous rekey scenario. PR1474797

  • The following error log messages are observed: chassisd[7836]: %DAEMON-3-CHASSISD_IOCTL_FAILURE: acb_get_fpga_rev: unable to get FPGA revision for Control Board (Inappropriate ioctl for device) after every commit. PR1477941

  • The cpcdd process might generate core file after upgrading to Junos OS Release 19.4 and later. PR1527602

  • The ukern-platformd process might crash on the MX2000 router with the MPC11 line card. PR1478243

  • Interface traffic statistics in the show interface command might display incorrect values for a LAG with the MPC10 or MPC11 line card child links. PR1478540

  • All PPPoE subscribers might not log in after FPC restarts. PR1479099

  • Fabric healing logic incorrectly makes all MPC line cards go offline in the MX2000 router while the hardware fault is located on one specific MPC line card slot. PR1482124

  • The downstream IPv4 packet greater than BR MTU gets dropped in MAP-E. PR1483984

  • The traffic rate might not be as expected on the aggregated Ethernet interface after applying a shared-bandwidth policer. PR1484193

  • The peer interface does not go down after the MPC11E line card reboot. PR1485682

  • The input errors on the MX150 router might be zero in the output of the show interfaces extensive command when there are CRC or align errors on the interface. PR1485706

  • The aftd process might crash. PR1487416

  • XML is not properly formatted. PR1488036

  • Daemon might restart due to mishandling of data. PR1489512

  • With the MX-SPC3 service card, NAT might not be processed on an order as setup. PR1489581

  • Prolonged flow control might occur with MS-MPC or MS-MIC. PR1489942

  • The ISSU is not supported on the NG-MPC line cards from Junos OS Release 19.4R1. PR1491337

  • Multiple deactivation or activation of the security traceoptions along with a single NAPT44 session might crash the flowd process. PR1491540

  • MS-MIC goes down after loading some Junos OS releases in an MX-VC scenario. PR1491628

  • User-configured MTU might be ignored after the ISSU upgrade using the request vmhost software in-service-upgrade command. PR1491970

  • There is a delay in the LT interfaces on the MPC11E line card coming up after configuring the scaled PS interfaces anchoring to RLT. PR1492330

  • On the MX10008 router, the SNMP table entPhysicalTable does not match the PICs shown in the output of the show chassis hardware command. PR1492996

  • The MPC10 or MPC11 line card might crash if the interface is configured with the firewall filter referencing a shared-bandwidth policer. PR1493084

  • In an MX Series, setting or deleting a Virtual Chassis C port causes other Virtual Chassis ports on the same FPC or MIC slot to bring the link in the Down state for a few seconds, possibly interrupting the communication with the other member chassis. PR1493699

  • Used-Service-Unit of the CCR-U has Output-Bytes counter zero. PR1516728

  • The LSP might not come up in the LSP externally provisioned scenario. PR1494210

  • The following error message is seen for the AF interfaces on an FPC when the peer FPC is restarted: PFE_ERROR_FAIL_OPERATION: Unable to unbind cos scheduler from physical interface. PR1494452

  • In a node slicing setup, after GRES, the RADIUS interim updates might not carry actual statistics. PR1494637

  • Group address is not programmed back post deactivation and activation of the bridge domain. PR1495480

  • VPLS flood NH might not get programmed correctly. PR1495925

  • B4 might not be able to establish the softwire with AFTR. PR1496211

  • The following error messages are generated by Packet Forwarding Engine when the subscribers come up over a pseudowire interface: PFEIFD: Could not decode media address with length 0. PR1496265

  • The MPC10E line card might restart with sensord crash due to a timing issue. PR1497343

  • Outbound SSH connection flaps or memory leaks during the push configuration to ephemeral database with high rate. PR1497575

  • Port numbers logged in the ALG syslog are incorrect. PR1497713

  • Subscribers might be disconnected after one of the aggregated Ethernet participating FPCs comes online in a Junos node slicing scenario. PR1498024

  • SNMP polling does not show correct PSM jnxOperatingState when one of the PSM inputs fails. PR1498538

  • The rpd process might crash when multiple VRFs with IFLs link-protection are deleted at a single time. PR1498992

  • The commit check might fail when adding a logical interface into a routing-instance, which has no-normalization command enabled under the routing-instances stanza. PR1499265

  • Heap memory leak might be seen on the MPC10 and MPC11 line cards. PR1499631

  • After disabling and enabling the ams0 interfaces, the NAT sessions do not get synchronized back to the current standby SDG. PR1500147

  • The SPC3 card might crash if the SIP ALG is enabled. PR1500355

  • Unexpected behavior during | display inheritance is observed when the foreground is deactivated. PR1500569

  • The show services alg conversations and show services alg sip-globals commands are not supported in USF mode. PR1501051

  • The MX2020 and MX2010 routers continuously log pem_tiny_power_remaining: in the chassisd log. PR1501108

  • Application ID does not get displayed under the nat/sfw rule configured with application any rule. PR1501109

  • The chassisd process might become nonresponsive. PR1502118

  • On the MPC11 line card, the show syslog command in the Packet Forwarding Engine shell might time out. PR1502877

  • The packets from a nonexisting source on the GRE or UDP designated tunnel might be accepted. PR1503421

  • Configuring the ranges statement for autosensed VLANs might not work on the vMX platforms. PR1503538

  • MIBS added as part of jnxLicenseInstallTable: jnxLicenseStartDate jnxLicenseEndDate. PR1503790

  • The show bridge statistics command output does not display the statistics information for the pseudowire subscriber interfaces. PR1504409

  • The gNMI stream does not follow the frequency on the subscription from the collector. PR1504733

  • Fan speed might toggle between full and normal on the MX960 router with an enhanced FRU. PR1504867

  • The rpd process might crash in case of a network churn when the telemetry streaming is in progress. PR1505425

  • The PSM firmware upgrade must not allow multiple PSM upgrades in parallel to avoid the firmware corruption and support mutliple firmwares for different hardware. PR1524338

  • Addition and removal of an aggregated Ethernet interface member link might cause the PPPoE subscriber session and traffic to drop. PR1525585

  • After sending the Layer 4 or Layer 7 traffic, the HTTP redirect messages are not captured as expected. PR1505438

  • The l2cpd process might crash if the ERP configuration is added or removed, and the l2cpd process is restarted. PR1505710

  • VRRPv6 might not work in an EVPN scenario. PR1505976

  • Mapping leaks when the private and public IP addressess are from the same prefix. PR1507477

  • GnmiJuniperTelemetryHeader incompatibility is introduced in Junos OS Release 19.3. PR1507999

  • Outbound SSH connection flap or memory leak issues might be observed during push configuration to the ephemeral database with a high rate. PR1508324

  • JET API RouteMonitorRegister might result in an unresponsive gRPC session. PR1509655

  • The host-generated packets might be dropped if the force-control-packets-on-transit-path statement is configured. PR1509790

  • The disabled QSFP transceiver might fail to get turned on. PR1510994

  • PFCP message acknowledgment or non- acknowledgment responses are not tracked without the fix. If the CPF peer drops an acknowledged UPF response message and CPF retries the request, the reattempts do not get an acknowledgment by the response cache at UPF and get silently dropped. This causes the CPF state machine to constantly retry requests with those message being dropped at UPF, which leads to the Established state at both CPF and UPF. PR1511708

  • Static subscribers are logged out after creating a unit under the demux0 interface. PR1511745

  • The multicast traffic might be dropped if ALB is enabled on the aggregated Ethernet interface. PR1512157

  • Memory leak on l2ald might be seen when adding or deleting the routing-instances or bridge-domains configuration. PR1512802

  • The wavelength configured through the CLI might not be set on the SFP+-10G-T-DWDM-ZR optics when the optics is used on the MPC7E line card. PR1513321

  • Modifying the segment list of the segment routing LSP might not work. PR1513583

  • Subscribers might not be able to bind again after performing back-to-back GRES followed by an FPC restart. PR1514154

  • Active sensor check fails while checking the show agent sensors |display xml command. PR1516290

  • The MPC7E line card with QSFP installed might get rebooted when the show mtip-chmac <1|2> registers vty command is executed. PR1517202

  • There might be memory leak in cfmd if both the CFM and inet/IPv4 interfaces are configured. PR1518744

  • The vgd process might generate a core file when the OVSDB server restarts. PR1518807

  • The PADI packets might be dropped when the interface encapsulation VPLS is set along with accepted protocol configured as PPPoE. PR1523902

  • According to the OC data model, the openconfig-alarms.yang subscription path must be used as system/alarms/alarm. PR1525180

  • WAG control route prefix length are observed. PR1526666

  • Non-impacting error message is seen in the message logs: IFP error> ../../../../../../../../../src/pfe/usp/control/applications/interface/ifp.c@3270:(errno=1000) tunnel session add failed. PR1529224

  • On the MX960 router, the following error message might be observed: SCHED L4NP[0] Parity errors. PR1464297

  • The vmcore process crashes sometimes along with the mspmand process on MS-MPC/MS-MIC if large-scale traffic flows are processed. PR1482400

  • The heap memory utilization might increase after extensive subscriber login or logout. PR1508291

  • On the MPC10 and MPC11 line cards, the heap memory leaks with the MoFRR feature. PR1479024

  • Some of the virtual services might not up after GRES or rpd restart. PR1499655

  • On the MX150 series of routers, the request system halt and request system power-off commands do not work as expected. PR1468921

  • With MPC10 and MPC11 line cards, switchovers are slow to backup the upstream interface. PR1497127

  • The MACsec session might fail to establish if 256 bit cipher suite is configured for MACsec connectivity association assigned to a logical interface. PR1514680

  • The MPC10E line card might crash with the sensord process generating a core file due to a timing issue. PR1526568

  • The commit confirm command might not rollback the previous configuration when the commit operation fails. PR1527848

  • Certain BGP SRTE segment lists cause the rpd process to generate core file during tunnel attribute parsing. PR1535632

  • Any change in the nested groups might not be detected on commit and does not take effect. PR1484801

  • In the MX10003 routers, RCB always detect fire temperature and shutdown in a short time after downgrade. PR1492121

  • Inline JFlow might report wrong value for some fields in the flow records after enabling the next hop-learning and route churn occurs. PR1500179

  • The MACsec delay protection fails to drop or discard the delayed MACsec packets. PR1503010

  • The transit PTP packet might be unexpectedly modified when passing through MPC2E-NG, MPC3E-NG, and MPC5E line cards. PR1527612

  • Not able to get the sessions after configuring IDS, adding IDS-RULE in the SS in the next-hop style. PR1537609

  • The MPC11E line card might get stuck in the Present state during booting in a rare condition. PR1482105

  • The SNMP index in the Packet Forwarding Engine reports as 0, causing sFlow to report either IIF or OIF (not both) as 0 in the sFlow record data at collector. PR1484322

  • The mgd process might become nonresponsive, crash the dcd process, or crash the dcd process commit check process. PR1491363

  • The fpc process might crash in an inline mode with CFM configured. PR1500048

  • On the MX150 router, the logical interfaces stay up during the vmhost halt or power-off senario. PR1526855

Infrastructure

  • If the serial number of the PEM starts with 1F1, the following alarm might be generated: Minor FPC PEM Temp Sensor Failed. PR1398128

  • SNMP polling might return an unexpectedly high value for the ifHCOutOctets counter for a physical interface when any jnxDom OID is processed at the same time. PR1508442

  • Unknown MIB OID 1.3.6.1.2.1.47.2.0.30 are referenced in the SNMP trap after upgrading to Junos OS Release 18.4R3.3. PR1508281

  • Packet counter does not work as expected when SNMP is used. PR1422929

  • Kernel stack data disclosure is observed. PR1485747

Interfaces and Chassis

  • Traffic might get dropped as the next hop points to ICL even though the local MC-LAG is up. PR1486919

  • The sonet-options configuration statement is disabled for the xe interface that works in wan-phy mode. PR1472439

  • The vrrpd might crash when dual VLAN on VRRP interfaces is configured. PR1512658

  • Fail to configure proactive ARP detection. PR1476199

  • A stale IP address might be seen after a specific order of configuration changes under the logical-systems scenario. PR1477084

  • Control logical interface 32767 is not created on the VLAN-tagged IFD even after removing the VLAN 0 configuration. PR1483395

  • On the MPC6 line cards, the CFM DM two way verification fails with invalid timestamp. PR1489196

  • Some of the logical interfaces might not come up with the configured vlan-bridge encapsulation. PR1501414

  • Unexpected dual VRRP backup state might occur after performing two subsequent Routing Engine switchovers with track priority-hold-time configured. PR1506747

  • Commit failure is observed while deleting all the units under the ps0 interface. PR1514319

  • The following error message is observed: Request failed: OID not increasing: ieee8021CfmStackServiceSelectorType. PR1517046

  • Buffer overflow vulnerability in device control process is observed. PR1519334

Intrusion Detection and Prevention (IDP)

  • When creating the custom IDP signatures that match raw bytes (hexadecimal), the commit check fails if the administrator configures the depth parameter. PR1506706

J-Web

  • Security vulnerability in J-Web and Web-based (HTTP/HTTPS) services is observed. PR1499280

Juniper Extension Toolkit (JET)

  • JET application configuration must be disabled before upgrading Junos OS vmhost images. PR1488769

Junos Fusion Provider Edge

  • The statistics of the extended ports on the satellite device cluster might show wrong values from the aggregation device. PR1490101

Layer 2 Ethernet Services

  • For the MX204 router, the vendor ID is set as MX10001 in the factory-default configuration and in the DHCP client messages. PR1488771

  • The DHCP subscribers might not come up when DHCP ALQ and VRRP are configured. PR1490907

  • Issues with the DHCPv6 relay processing confirm and reply packets are observed. PR1496220

  • The MC-LAG might be down after disabling and then enabling the force-up configuration. PR1500758

  • The aggregated Ethernet interface sometimes might not come up after switch is rebooted. PR1505523

  • The DHCPv6 lease query is not as expected while verifying the DHCPv6 server statistics. PR1506418

  • The show dhcp relay statistics display DHCPLEASEUNASSIGNED instead of DHCPLEASEUNASSINGED, which is spelling error. PR1512239

  • The show dhcpv6 relay statistics must display DHCPV6_LEASEQUERY_REPLY instead of DHCPV6_LEASEQUERY_REPL for the messages sent. PR1512246

  • The DHCP6 lease query is not as expected while verifying the DHCPV6v relay statistics. PR1521227

  • The memory leak in jdhcpd might be seen if access-profile is configured under the dhcp-relay or dhcp-local-server statement. PR1525052

  • Receipt of malformed DHCPv6 packets causes jdhcpd to crash. PR1511782

  • The jdhcpd process crashes when processing a specific DHCPDv6 packet in the DHCPv6 relay configuration. PR1512765

MPLS

  • The RSVP interface bandwidth calculation rounds up. PR1458527

  • The rpd process might crash in PCEP for the RSVP-TE scenario. PR1467278

  • The rpd process might crash when the BGP flaps with FEC 129 VPWS enabled. PR1490952

  • If there are two directly connected BGP peers established over MPLS LSP and the MTU of the IP layer is smaller than the MTU of the MPLS layer. Also, if the BGP packets from the host have the DF bit set, the BGP session might keep flapping because of the usage of the wrong TCP-MSS. PR1493431

  • The rpd process might crash in a rare condition in the SR-TE scenario. PR1493721

  • The rpd process saves the core file while performing ISSU from Junos OS Release 19.3R2 or later. PR1493969

  • The same device responds twice for traceroute in case it goes through the MPLS network under specific conditions. PR1494665

  • The rpd process might crash when the SNMP polling is done using the OID jnxMplsTeP2mpTunnelDestTable. PR1497641

  • Traffic loss might occur if ISSU is performed when P2MP is configured for an LSP. PR1500615

  • The CSPF job might get stalled for a new or an existing LSP in a high-scale LSP setup. PR1502993

  • The rpd process might crash with RSVP configured in a rare timing case. PR1505834

  • Activating or deactivating the LDP-sync under OSPF might cause the LDP neighborship to go down and stay down. PR1509578

  • The rpd process might crash after upgrading Junos OS Release 18.1 to a later release. PR1517018

  • The SNMP trap is sent with the incorrect OID jnxSpSvcSetZoneEntered. PR1517667

  • The LDP session-group might throw a commit error and flap. PR1521698

  • The rpd process generates core file on the backup Routing Engine. PR1495746

  • The rpd process might crash when rpd restarts or GRES switchovers. PR1506062

  • The auto-bandwidth feature might not work correctly in the MPLS scenario. PR1504916

  • The inter-domain LSP with loose next-hops path might get stuck in the Down state. PR1524736

Network Management and Monitoring

  • The SNMPv3 informs might not work properly after rebooting. PR1497841

Platform and Infrastructure

  • Configured scheduler-map is not applied on ms- interface if the service PIC is in the Offline state during commit. PR1523881

  • core.vmxt.mpc0 seen at 5 0x096327d5 in the l2alm_sync_entry_in_pfes (context=0xd92e7b28, sync_info=0xd92e7a78) at ../../../../../src/pfe/common/applications/l2alm/l2alm_common_hw_api.c:1727. PR1430440

  • The output of the show jnh qmon queues-sensor stats 0 command has no content. PR1514881

  • On the MX204 router, GRE with sampling causes the following Packet Forwarding Engine error: MQSS(0): MALLOC: Underflow error during reference count read - Overflow 1, Underflow 1, HMCIF 0, Address 0x8d62e0. PR1463718

  • On MX150 and vMX, the VXLAN packet might get discarded because the flow caching does not support VXLAN when flow caching is enabled. PR1466470

  • CFM session malfunctions when it is configured along with the inner and outer native VLAN ID configuration. PR1484303

  • In the MX104 chassis, the show system buffer command displays all zeros. PR1484689

  • Traceroute monitor with MTR version v.69 shows a false 10 percent loss. PR1493824

  • Packets get dropped when next hop is IRB over an lt interface. PR1494594

  • The Routing Engine might crash when a large number of next hops are quickly deleted and added again in a large ARP or ND scaled scenario. PR1496429

  • The rmopd.core process generates core files when committing a configuration replacement of the ms-interface used. PR1499230

  • Traffic to VRRP virtual IP or MAC addresses might be dropped when ingress queuing is enabled. PR1501014

  • Python or SLAX script might not be executed. PR1501746

  • Traffic originated from another subnet is sent out with 0x8100 instead of 0x88a8. PR1502867

  • Traffic loss might be seen in certain conditions under an MC-LAG setup. PR1505465

  • The kernel might crash causing the router or the Routing Engine to reboot when making virtual IP related change. PR1511833

  • During route table object fetch failure, the FPC might crash. PR1513509

  • With multiple different fixed-sized traffic streams configured at 10,000,00 fps (40-Gbps combined rate) on aggregated Ethernet0 along with another independent aggregated Ethernet interface (aggregated Ethernet1, 50 percent line rate 4 streams bidirectional => 118-Gbps combined traffic rate), both hosted on a single Packet Forwarding Engine instruction of the MPC11E line card, small varying packet drops occur for every iteration on aggregated Ethernet1 on disabling aggregated Ethernet0. PR1464549

  • There is a TWAMP interoperability issue between Junos OS releases. PR1533025

  • Arbitrary code execution vulnerability in the Telnet server. PR1502386

Routing Protocols

  • The BGP session might be become nonresponsive with high BGP OutQ value after GRES on both sides. PR1323306

  • Cannot configure set system services ssh protocol-version v1. PR1440476

  • When configuring an alternate incoming interface for a PIM RPF check using rpf-selection, the additional groups outside the configured range might switch to the alternate incoming interface. PR1443056

  • Multicast traffic loss might be seen in certain conditions while enabling the IGMP snooping under EVPN-VXLAN ERB scenario. PR1481987

  • RIPv2 might malfunction when changing the interface type from P2MP to broadcast. PR1483181

  • There might be rpd process memory leak in a certain looped MSDP scenario. PR1485206

  • Layer 3 VPN RR with the family route-target and no-client-reflect statements does not work as expected. PR1485977

  • Traffic loss might be observed while performing GRES in an MPLS setup. PR1486657

  • The BGP route-target family might prevent the RR from reflecting the Layer 2 VPN and Layer 3 VPN routes. PR1492743

  • The rpd process generates core files at rt_nh_resolve_add_gen in ../../../../../../../../src/junos/usr.sbin/rpd/lib/rt/rt_resolve_ind.c: with the evpn-dhcp configurations. PR1494005

  • In all platforms with IPv6 scenario, the last route entry in the inet6.0 or inet6.3 RIB might not get deleted if there is another configuration present under the RIB configuration. (For example, set routing-options rib inet6.0 static defaults active). This might cause a service to still be available that the customer no longer wants to use. PR1495477

  • Receipt of certain genuine BGP packets from any BGP speaker causes the rpd process to crash. PR1497721

  • The IS-IS hello authentication does not generate the correct digest value for hmac_sha1 algorithm. PR1498452

  • The rpd process might crash if the import policy is changed to accept more routes that exceed the teardown function threshold. PR1499977

  • The rpd process might crash in a multicast scenario with BGP configured. PR1501722

  • The rpd process might crash while processing a specific BGP packet. PR1502327

  • The mcsnoopd process generates core files during the execution of an internal script. PR1503211

  • BGP might not advertise routes to peers after a peer flap. PR1507195

  • The rpd process might crash due to RIP updates being sent on an interface in down state. PR1508814

  • The IS-IS SR routes might not be updated to reflect the change in the SRMS advertisements. PR1514867

  • The BGP link-bw of the non-multipath routes are included in an aggregation. PR1515264

  • The rpd process might crash if there is a huge number of SA messages in an MSDP scenario. PR1517910

  • NLRI handling improvements for BGP-LS ID TLV is needed. PR1521258

  • The output of the show isis interface detail command might be incorrect if wide-metrics-only is enabled for IS-IS and the ASCII representation of the metric in decimal is more than 6 characters long. PR1482983

  • The BGP RPKI ROA withdrawal might lead to an unexpected BGP route flap. PR1483097

  • The rpd process might crash after deleting and then adding a BGP neighbor. PR1517498

  • Core file is generated in krt_mcnh_update_rpf_info() when TI-LFA is used with MOFRR. PR1493259

  • The route entries might be unstable after being imported into the inet6.x RIB through rib-group. PR1498377

Services Applications

  • The FPC process might crash with an npc core file if the service interface is configured under a service set in USF mode. PR1502527

  • The output of the show services l2tp tunnel extensive command does not show the configured session limit. PR1503436

  • Destination lockout functionality does not work at the tunnel session level when CDN code is received. PR1532750

Subscriber Access Management

  • The following syslog messages are observed: pfe_tcp_listener_open_timeout: Peer info msg not received from addr: 0x6000080. Socket 0xfffff804ad23c2e0 closed PR1474687

  • LTS incorrectly sends the access-request with the Tunnel-Assignment-ID, which is not compliant with RFC 2868. PR1502274

  • CCR-T does not contain the usage-monitoring information. PR1517507

  • The show network-access aaa subscribers statistics username "<>" command fails to fetch the subscriber-specific AAA statistics information if a subscriber username contains a space. PR1518016

User Interface and Configuration

  • The version information under the configuration changes from Junos OS Release 19.1 onwards. PR1457602

VPNs

  • The l2circuit neighbor might become nonresponsive in the Ready state at one end of the MG-LAG peer. PR1498040

  • The rpd process might crash in certain conditions after deleting the l2circuit configuration. PR1502003

  • The MPLS label manager might allow configuration of a duplicated VPLS static label. PR1503282

  • The output value of the show mvpn c-multicast inet source-pe | display xml command is not proper. PR1509948

  • The rpd process might crash after removing the last configured interface under the l2circuit neighbor. PR1511783

  • The rpd process might crash when deleting the l2circuit configuration in a specific sequence. PR1512834

Documentation Updates

There are no errata or changes in Junos OS Release 20.3R2 documentation for MX Series routers.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

Starting in Junos OS 17.4R1 release, FreeBSD 11.x is the underlying OS for all Junos OS platforms which were previously running on FreeBSD 10.x based Junos OS. FreeBSD 11.x does not introduce any new Junos OS related modifications or features but is the latest version of FreeBSD.

The following table shows detailed information about which Junos OS can be used on which products:

Platform

FreeBSD 6.x-based Junos OS

FreeBSD 11.x-based Junos OS

MX5,MX10, MX40,MX80, MX104

YES

NO

MX240, MX480, MX960,

MX2010, MX2020

NO

YES

Basic Procedure for Upgrading to Release 20.3R2

Note

Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Installation and Upgrade Guide.

For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.

Procedure to Upgrade to FreeBSD 11.x-Based Junos OS

Products impacted: MX240, MX480, MX960, MX2010, and MX2020.

To download and install FreeBSD 11.x-based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-20.3R2.9-signed.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-20.3R2.9-signed.tgz

    Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos package):

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-20.3R2.x-limited.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-20.3R2.9-limited.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 11.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 11.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note
  • You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.

  • Starting in Junos OS Release 20.3R2, in order to install a VM host image based on Wind River Linux 9, you must upgrade the i40e NVM firmware on the following MX Series routers:

    • MX240, MX480, MX960, MX2010, MX2020, MX2008, MX10016, and MX10008

    [See https://kb.juniper.net/TSB17603.]

Note

After you install a Junos OS Release 20.3R2 jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.x) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.

Note

Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.

Procedure to Upgrade to FreeBSD 6.x-Based Junos OS

Products impacted: MX5, MX10, MX40, MX80, MX104.

To download and install FreeBSD 6.x-based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

    https://www.juniper.net/support/downloads/

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    • All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

      user@host> request system software add validate reboot source/jinstall-ppc-20.3R2.9-signed.tgz
    • Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos OS package):

      user@host> request system software add validate reboot source/jinstall-ppc-20.3R2.9-limited-signed.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

Note

After you install a Junos OS Release 20.3R2 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 19.3, 19.4, and 20.1 are EEOL releases. You can upgrade from Junos OS Release 19.3 to Release 19.4 or from Junos OS Release 19.3 to Release 20.1.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.

Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:

  1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.

  2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

  3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

  4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Downgrading from Release 20.3R2

To downgrade from Release 20.3R2 to another supported release, follow the procedure for upgrading, but replace the 20.3R2 jinstall package with one that corresponds to the appropriate release.

Note

You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.