Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


What’s Changed

Learn about what changed in this release for MX Series routers.

General Routing

  • OpenConfig container names for Point-to-Multipoint per interface ingress and egress sensors are modified for consistency from "signalling" to "signaling".

  • For Access Gateway Function (AGF) statistics, consistency changes are implemented for specific leaf values in telemetry data to match field values in Junos CLI operational mode commands. AGF NG Application Protocol (NGAP) data streamed to a collector and viewable from the Junos OS CLI now displays "ngap-amf-stats-init-ctx-setup-failure" and Access and Mobility Function (AMF) overload state now displays "On, Off".

  • Router advertisement module status on backup Routing Engine (MX Series)—The router advertisement module does not function in the backup Routing Engine as the Routing Engine does not send an acknowledgment message after receiving the packets. Starting in this Junos OS Release, you can view the router advertisement module information using the show ipv6 router-advertisement operational command.

    [See show ipv6 router-advertisement].

  • Instance type change is not permitted from default to L3VRF in open configuration (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—DEFAULT_INSTANCE is the primary instance that runs when there is no specific instance type configured in the route set routing-options. Any instance you explicitly configure is translated into set routing-instance r1 routing-options. The issue appears in translation, when you change instance type DEFAULT_INSTANCE (any instance to DEFAULT_INSTANCE) to L3VRF or L3VRF to DEFAULT_INSTANCE. As a result, such changes are not permitted. Additionally, DEFAULT_INSTANCE can only be named DEFAULT, and DEFAULT is reserved for DEFAULT_INSTANCE, therefore allowing no such changes.

  • Support for DDoS protocol (MX10008)—We've enabled the DDoS protocol support at the edit system ddos-protection hierarchy level for MX10008 devices. In earlier releases, the MX10008 devices did not support these DDoS protocol statements.

    • Filter-action
    • Virtual-chassis
    • Ttl
    • Redirect
    • Re-services
    • Re-services-v6
    • Rejectv6
    • L2pt
    • Syslog
    • Vxlan

    [See protocols (DDoS)].

  • sFlow configuration—sFlow configuration is allowed only on -et, -xe, and -ge interfaces in EVO-based platforms. All other interfaces are blocked for configuring sFlow on EVO platforms. A cli error will be thrown if sFlow is configured on any other interface other than et, xe or ge interface.

  • New ARP and NDP packet classification—We've introduced two CP classes for ARP and NDP packets received over VTEP interface. When your device identifies a packet as ARP or NDP, it performs an ingress port check which verifies whether the VTEP interface receives these packets. If VTEP interface receives the packet, datapath re-writes the CP class to the newly defined values. Based on this new CP class, the system performs the remaining packet processing and forwards the packets toward the host path. The system adds a separate DDoS policer to this ARP traffic, which ensures that the ARP traffic is not triggering underlay ARP DDoS violation.


  • Display flexible algorithm information for SRv6 locators in TED database—Use the show ted database extensive command to view the metric, flags, and flexible algorithm information associated with a SRv6 locator. In earlier releases, this information was not included in the TED database.

    [See show ted database].

  • CSPF LSP resignaling uses new instance ID (MX480)—A Constrained Shortest Path First (CSPF) LSP uses a new instance ID when attempting to resignal an LSP that is down. In earlier releases, the CSPF LSPs that went down were stuck in CSPF path computation stage. You had to manually clear the affected LSPs and recompute the paths for the LSPs to be up again.

    [See LSP Computation.]

Platform and Infrastructure

  • Enhanced bandwidth and burst policer value—We've updated the default bandwidth value from 20000 to 100 pps and burst policer value from 20000 to 100 packets. This enhancement avoids the CPU usage of eventd and snmpd reaching more than 100 percent. Earlier to this release, when the system receives a violated traffic for SNMP along with other protocols traffic, the CPU usage of eventd and snmpd was reaching more than 100% with an error.

    [See show ddos-protection protocols parameters.].

Subscriber Management and Services

  • Modified show ancp subscriber details output fields (MX Series)—As the access loop encapsulation is transport independent it can be either passive optical network (PON) or DSL TLV. Hence, the show ancp subscriber details output field should not tag the details as a DSL TLV. Therefore, we've modified the existing DSL Line Data Link, DSL Line Encapsulation, and DSL Line Encapsulation Payload output fields to the following respectively:

    • Access Loop Encapsulation Data Link
    • Access Loop Encapsulation Encapsulation1
    • Access Loop Encapsulation Encapsulation2

    [See show ancp subscriber].