Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


New and Changed Features


This section describes the new features and enhancements in this release.

  • Class of Service support for eight queues—Two-level hierarchical scheduling (per-unit scheduler or hierarchical scheduler) with VLAN queuing is supported for eight queues. Each VLAN uses three traffic classes and eight queues. There are two high-priority queues (Queue 0 and Queue 6), two medium-priority queues (Queue 1 and Queue 7), and four low-priority queues (Queue 2 through Queue 5). Shaping is supported at the traffic class level, not at the queue level. Weighted random early detection and queue buffer size configuration are not supported. You enable CoS by configuring the flexible-queuing-mode option at the [edit chassis fpc 0] hierarchy level.

  • Class of Service support for drop profiles—You can manage congestion using drop profiles and packet loss priority. Packet loss priority (PLP) values are low, medium-low, medium-high, and high. Each packet loss priority value is mapped to a color that determines the behavior applied to an oversubscribed queue; low PLP maps to green, medium-low PLP and medium-high PLP map to yellow, and high PLP maps to red. Drop profiles are used to set the thresholds within a queue for a given loss priority.

  • Class of Service support for L2TP LNS—Hierarchical scheduling and per-session shaping can be applied to L2TP network server (LNS) inline service interfaces using a static or dynamic CoS configuration. You enable the inline service interface (si) for vMX by configuring the inline-services bandwidth (1g | 10g) option at the [edit chassis fpc 0 pic 0] hierarchy level. You must also create the loopback device for each si interface by configuring the loopback-device-count device-count option at the [edit chassis fpc 0] hierarchy level where device-count is the number of si interfaces in the range of 1 through 4; the default value is 0 and creates no loopback devices. You enable CoS by configuring the flexible-queuing-mode option at the [edit chassis fpc 0] hierarchy level.


    The FPC reboots if you enable inline service interfaces or CoS or if you change the loopback device count.

  • ESXi hypervisor support—VMware ESXi 5.5 supports SR-IOV as physical PCI device. You can install vMX using an OVA image.

  • IPsec VPN and Group VPN support—vMX supports inline site-to-site IPsec VPNs and Group VPNs. The inline service interface (si) is used as the service interface for the service set. You enable inline service interfaces by configuring the inline-services bandwidth (1g | 10g) option at the [edit chassis fpc 0 pic 0] hierarchy level. The bandwidth value is not used for si traffic, so you can choose either value. Only one si interface is configurable for each vMX.

    • IPsec VPN—vMX supports manual and dynamic security associations in tunnel mode (only ESP protocol supported), static tunnels and dynamic endpoint tunnels, and next-hop-style and interface-style service sets. vMX does not support match-direction output configuration for interface-style configuration. Enabling routing on the si interface is not supported. We recommend that you configure static rules, dynamic rules, and dynamic Group VPN rules in different service sets.

      vMX includes support for Suite B cryptographic suites in addition to the IPsec encryption algorithms. To configure the encryption algorithms for AES Galois/Counter Mode (GCM), include the encryption-algorithm (aes-128-gcm | aes-192-gcm | aes-256-gcm) option at the [edit services ipsec-vpn ipsec proposal proposal-name] hierarchy level.

      vMX supports NAT-Traversal on IPsec tunnels. If the remote gateway for which the IKE policy is used has an IP address that is translated by NAT, you must specify the remote ID. To specify the remote ID, include the remote-id ipv4_addr ip-address option at the [edit services ipsec-vpn ike policy policy-name] hierarchy level.

      [See Creating Secure Tunnels Using Junos VPN Site Secure.]

    • Group VPN—vMX supports the same Group VPNv2 features as MX Series routers. Group VPNv2 is the name of the Group VPN technology on MX Series routers. Group VPNv2 integrates routing and encryption in the network. vMX does not support match-direction input configuration for interface-style configuration. vMX does not support fail-open, partial fail-open, or time-based anti-replay protection.

      [See Configuring Group VPNs.]

  • Licenses—Evaluation licenses are perpetual. You can download the vMX software and use the BASE application package with 1 Mbps bandwidth without a license indefinitely. In previous releases, you had only 30 days to evaluate the software without a valid license.

    If you upgrade from a BASE package license to an ADVANCE or PREMIUM package license or if you downgrade from an ADVANCE or PREMIUM package license to a BASE package license, you must restart the routing protocol process. If your configuration has logical systems, you must restart the routing protocol process for all logical systems.

  • Performance mode is default for chassis—Performance mode is enabled by default for the chassis. Performance mode needs more vCPUs and memory to run at higher bandwidth, while lite mode needs fewer vCPUs and memory to run at lower bandwidth. Make sure you have configured the proper number of vCPUs and memory for your VMs. You must also enable hyperthreading in BIOS.

    To tune performance mode for unicast traffic, you can change the number of Workers dedicated to processing multicast and control traffic. The default specifies that all available Workers are used to process all traffic. You specify the number of dedicated Workers by configuring the number-of-ucode-workers number-workers option at the [edit chassis fpc 0 performance-mode] hierarchy level.

  • Red Hat Enterprise Linux support—Red Hat Enterprise Linux 7.2 is supported as a host operating system. You must prepare the host before installing vMX.

  • Support for 96 ports using lite mode—You can use up to 96 ports for virtio running in lite mode. Other configurations running in performance mode support up to 23 ports.

  • Support for FreeBSD 10 kernel for Junos OS—FreeBSD 10 is the underlying OS for Junos OS instead of FreeBSD 6.1 for vMX. With FreeBSD 10, you can allocate multiple vCPUs to the VCP.

  • Support for limited encryption Junos OS image created for customers in Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia—Customers in the Eurasian Customs Union (currently comprising of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) should use the Limited image for vMX. The Limited image does not have data-plane encryption and is intended only for countries in the Eurasian Customs Union because these countries have import restrictions on software containing data plane encryption. The Limited image supports control plane encryption through Secure Shell (SSH) and Secure Sockets Layer (SSL), thus allowing secure management of the system.


    The Limited image is to be used by customers in Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia. Customers in all other countries should use the regular image.

  • Support for X710 NICs—You can use Intel X710 PCI-Express NICs. Before you install vMX, make sure you have updated the drivers.

  • Virtual broadband network gateway—Using vMX, you can deploy a virtual broadband network gateway (vBNG) on x86 servers to terminate broadband subscribers. vBNG supports most of the subscriber management features available with Junos OS Release 15.1 on MX Series routers.

    vBNG runs on vMX, so it has similar exceptions; the following subscriber management features available on MX Series routers are not supported for vBNG:

    • High availability features such as hot-standby backup for enhanced subscriber management and MX Series Virtual Chassis.

    • CoS features such as shaping applied to an agent circuit identifier (ACI) interface set and its members.

    To deploy a vBNG instance, you must purchase these licenses:

    • vMX PREMIUM application package license with 1 Gbps, 5 Gbps, 10 Gbps, or 40 Gbps bandwidth

    • vBNG subscriber scale license with 1000, 10 thousand, 100 thousand, or 1 million subscriber sessions for one of these tiers:




      L2TP features including L2TP LNS services, secure policy, service activation and deactivation


      Features in the Introductory tier, and DHCP subscriber services, PPP/LAC subscriber services, DHCP relay and DHCP local server


      Features in the Preferred tier, and pseudowire ingress termination

      With the appropriate vMX PREMIUM license, you can evaluate vBNG without a vBNG subscriber scale license for 30 days. After 30 days, you are limited to 10 subscriber sessions.

    [See Junos OS Broadband Subscriber Management and Services Library.]