Junos Release Notes 18.4
Uploaded by
MateusLimaJunos Release Notes 18.4
Uploaded by
MateusLima®
Junos OS 18.4R1 Release Notes
SUPPORTED ON
• ACX Series, EX Series, Junos Fusion Enterprise, Junos Fusion Provider Edge, MX Series,
NFX Series, PTX Series, QFX Series, and SRX Series
HARDWARE HIGHLIGHTS
• SFP on MX Series
• Support for new packet transport routers (PTX10001)
SOFTWARE HIGHLIGHTS
• Broadband edge subscriber management in Junos Fusion Provider Edge
• Connectivity fault management in Junos Fusion
• MLD snooping for EVPN-MPLS (MX Series and vMX)
• Export of subscriber accounting and dynamic interface and interface-set queue statistics through Junos Telemetry Interface (JTI) (MX
Series)
• Inline link fault management (MX Series)
• Next-filter as a firewall filter action (MX Series)
• New input-jti-ipfix service agent plug-in (MX Series)
• BGP over dynamic PPPoE interfaces (MX Series)
• Graceful restart on EVPN-VXLAN (EX9200, QFX Series, and MX Series)
• Selective Multicast Forwarding and SMET in EVPN-VXLAN (QFX5110, QFX5120, QFX10002, QFX1008 and QFX10016)
• Passive monitoring (QFX10000 switches)
• SSL decryption port mirroring (SRX Series and vSRX)
• Avira Scan Engine on Anti-Virus Module (SRX1500, SRX4100, SRX4200, and SRX4600)
• PowerMode IPsec (SRX4100 and SRX4200)
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Copyright © 2019, Juniper Networks, Inc.
®
Release Notes: Junos OS Release 18.4R1
for the ACX Series, EX Series, MX Series,
NFX Series, PTX Series, QFX Series, SRX
Series, and Junos Fusion
28 March 2019
Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Junos OS Release Notes for ACX Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
New and Changed Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Authentication, Authorizing, and Accounting (AAA) . . . . . . . . . . . . . . . . 10
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Timing and Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Changes in Behavior and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Known Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Documentation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Migration, Upgrade, and Downgrade Instructions . . . . . . . . . . . . . . . . . . . . . . 18
Upgrade and Downgrade Support Policy for Junos OS Releases . . . . . . . 18
Copyright © 2019, Juniper Networks, Inc. 1
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Product Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Junos OS Release Notes for EX Series Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
New and Changed Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Authentication, Authorization and Accounting (AAA) (RADIUS) . . . . . . 22
EVPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Junos Telemetry Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Changes in Behavior and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Known Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Authentication and Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Layer 2 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Spanning Tree Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
EVPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
High Availability (HA) and Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Junos Fusion Enterprise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Layer 2 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Documentation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Migration, Upgrade, and Downgrade Instructions . . . . . . . . . . . . . . . . . . . . . . 37
Upgrade and Downgrade Support Policy for Junos OS Releases . . . . . . 37
Product Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Junos OS Release Notes for Junos Fusion Enterprise . . . . . . . . . . . . . . . . . . . . . . . 38
New and Changed Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Changes in Behavior and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
2 Copyright © 2019, Juniper Networks, Inc.
Known Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Resolved issues: Release 18.4R1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Documentation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Migration, Upgrade, and Downgrade Instructions . . . . . . . . . . . . . . . . . . . . . . 41
Basic Procedure for Upgrading Junos OS on an Aggregation Device . . . . 42
Upgrading an Aggregation Device with Redundant Routing Engines . . . 43
Preparing the Switch for Satellite Device Conversion . . . . . . . . . . . . . . . 44
Converting a Satellite Device to a Standalone Switch . . . . . . . . . . . . . . . 45
Upgrade and Downgrade Support Policy for Junos OS Releases . . . . . . 45
Downgrading from Junos OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Product Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Hardware and Software Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Hardware Compatibility Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Junos OS Release Notes for Junos Fusion Provider Edge . . . . . . . . . . . . . . . . . . . . 47
New and Changed Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Junos Fusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Changes in Behavior and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Known Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Junos Fusion Provider Edge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Junos Fusion Satellite Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Documentation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Migration, Upgrade, and Downgrade Instructions . . . . . . . . . . . . . . . . . . . . . . 51
Basic Procedure for Upgrading an Aggregation Device . . . . . . . . . . . . . . . 51
Upgrading an Aggregation Device with Redundant Routing Engines . . . 54
Preparing the Switch for Satellite Device Conversion . . . . . . . . . . . . . . . 54
Converting a Satellite Device to a Standalone Device . . . . . . . . . . . . . . . 55
Upgrading an Aggregation Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Upgrade and Downgrade Support Policy for Junos OS Releases . . . . . . 58
Downgrading from Junos OS Release 18.4 . . . . . . . . . . . . . . . . . . . . . . . . 59
Product Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Junos OS Release Notes for MX Series 5G Universal Routing Platform . . . . . . . . 60
New and Changed Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Authentication, Authorization and Accounting (AAA) (RADIUS) . . . . . . 62
Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
EVPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Forwarding and Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
High Availability (HA) and Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Junos Telemetry Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Layer 2 VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Copyright © 2019, Juniper Networks, Inc. 3
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Operation, Administration, and Maintenance (OAM) . . . . . . . . . . . . . . . . 71
Routing Policy and Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Services Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Software Defined Networking (SDN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Subscriber Management and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
System Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Timing and Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Changes in Behavior and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Software Defined Networking (SDN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Software Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Subscriber Management and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Known Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Forwarding and Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Subscriber Management and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
EVPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Forwarding and Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Layer 2 Ethernet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Layer 2 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Software Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Subscriber Access Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
User Interface and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Application Layer Gateways (ALGs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Authentication and Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
EVPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Flow-based and Packet-based Processing . . . . . . . . . . . . . . . . . . . . . . 100
Forwarding and Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
4 Copyright © 2019, Juniper Networks, Inc.
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
High Availability (HA) and Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Layer 2 Ethernet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Layer 2 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Routing Policy and Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Services Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Subscriber Access Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Documentation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Subscriber Management Provisioning Guide . . . . . . . . . . . . . . . . . . . . . . 113
Subscriber Management VLANs Interfaces Guide . . . . . . . . . . . . . . . . . . 114
Migration, Upgrade, and Downgrade Instructions . . . . . . . . . . . . . . . . . . . . . . 114
Basic Procedure for Upgrading to Release 18.4 . . . . . . . . . . . . . . . . . . . . 115
Procedure to Upgrade to FreeBSD 11.x based Junos OS . . . . . . . . . . . . . 116
Procedure to Upgrade to FreeBSD 6.x based Junos OS . . . . . . . . . . . . . 118
Upgrade and Downgrade Support Policy for Junos OS Releases . . . . . . 120
Upgrading a Router with Redundant Routing Engines . . . . . . . . . . . . . . 120
Downgrading from Release 18.4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Product Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Junos OS Release Notes for NFX Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
New and Changed Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
vSRX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Changes in Behavior and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Known Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Documentation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Migration, Upgrade, and Downgrade Instructions . . . . . . . . . . . . . . . . . . . . . 124
Upgrade and Downgrade Support Policy for Junos OS Releases . . . . . . 124
Basic Procedure for Upgrading to Release 18.4 . . . . . . . . . . . . . . . . . . . . 125
Product Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Software Version Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Junos OS Release Notes for PTX Series Packet Transport Routers . . . . . . . . . . . 128
New and Changed Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Authentication, Authorization and Accounting (AAA) (RADIUS) . . . . . 130
Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Forwarding and Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Junos Telemetry Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Layer 2 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Layer 3 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Copyright © 2019, Juniper Networks, Inc. 5
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Routing Policy and Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Services Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
System Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Changes in Behavior and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Known Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Documentation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Migration, Upgrade, and Downgrade Instructions . . . . . . . . . . . . . . . . . . . . . 146
Basic Procedure for Upgrading to Release 18.4 . . . . . . . . . . . . . . . . . . . . 146
Upgrade and Downgrade Support Policy for Junos OS Releases . . . . . 149
Upgrading a Router with Redundant Routing Engines . . . . . . . . . . . . . . 149
Product Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Junos OS Release Notes for the QFX Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
New and Changed Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Authentication, Authorization, and Accounting (AAA) . . . . . . . . . . . . . . 151
Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
EVPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
High Availability (HA) and Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Junos on White Box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Operation, Administration, and Maintenance (OAM) . . . . . . . . . . . . . . . 157
System Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Changes in Behavior and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Known Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Class of Service (CoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
6 Copyright © 2019, Juniper Networks, Inc.
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
EVPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Layer 2 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Software Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
EVPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
General Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Layer 2 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
User Interface and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Documentation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Migration, Upgrade, and Downgrade Instructions . . . . . . . . . . . . . . . . . . . . . 173
Upgrading Software on QFX Series Switches . . . . . . . . . . . . . . . . . . . . . 174
Installing the Software on QFX10002-60C Switches . . . . . . . . . . . . . . . 176
Installing the Software on QFX10002 Switches . . . . . . . . . . . . . . . . . . . 176
Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS
Release 15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63
on QFX10008 and QFX10016 Switches . . . . . . . . . . . . . . . . . . . . . . 177
Installing the Software on QFX10008 and QFX10016 Switches . . . . . . 178
Performing a Unified ISSU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Preparing the Switch for Software Installation . . . . . . . . . . . . . . . . . . . . 182
Upgrading the Software Using Unified ISSU . . . . . . . . . . . . . . . . . . . . . . 183
Upgrade and Downgrade Support Policy for Junos OS Releases . . . . . 184
Product Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Junos OS Release Notes for SRX Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
New and Changed Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Application Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Chassis Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Flow-Based and Packet-Based Processing . . . . . . . . . . . . . . . . . . . . . . 188
General Packet Radio Service (GPRS) . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Intrusion Detection and Protection (IDP) . . . . . . . . . . . . . . . . . . . . . . . . 189
Logical Systems and Tenant Systems . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Juniper Sky Advanced Threat Prevention . . . . . . . . . . . . . . . . . . . . . . . . 193
Software Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Copyright © 2019, Juniper Networks, Inc. 7
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
UTM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Changes in Behavior and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Application Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Chassis Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Flow-Based and Packet-Based Processing . . . . . . . . . . . . . . . . . . . . . . 196
Installation and Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Network Management and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . 196
UTM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Known Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Application Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Chassis Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Interfaces and Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
J-Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Unified Threat Management (UTM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Authentication and Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Chassis Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Flow-Based and Packet-Based Processing . . . . . . . . . . . . . . . . . . . . . . 200
J-Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Platform and Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Routing Policy and Firewall Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Unified Threat Management (UTM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Documentation Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Migration, Upgrade, and Downgrade Instructions . . . . . . . . . . . . . . . . . . . . . 208
Upgrade and Downgrade Support Policy for Junos OS Releases and
Extended End-Of-Life Releases . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Product Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Hardware Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Upgrading Using ISSU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Compliance Advisor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Finding More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Creating a Service Request with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
8 Copyright © 2019, Juniper Networks, Inc.
Introduction
®
Junos OS runs on the following Juniper Networks hardware: ACX Series, EX Series, M
Series, MX Series, NFX Series, PTX Series, QFabric systems, QFX Series, SRX Series, T
Series, and Junos Fusion.
These release notes accompany Junos OS Release 18.4R1 for the ACX Series, EX Series,
MX Series, NFX Series, PTX Series, QFX Series, SRX Series, and Junos Fusion. They describe
new and changed features, limitations, and known and resolved problems in the hardware
and software.
NOTE: The recommended release for Junos Fusion Data Center is 18.1R2-S2.
The subsequent 18.xRx mainline releases (18.2, 18.3, and 18.4) do not support
Junos Fusion Data Center.
Junos OS Release Notes for ACX Series
These release notes accompany Junos OS Release 18.4R1 for the ACX Series. They
describe new and changed features, limitations, and known and resolved problems in
the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation
webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
• New and Changed Features on page 9
• Changes in Behavior and Syntax on page 13
• Known Behavior on page 14
• Known Issues on page 15
• Resolved Issues on page 17
• Documentation Updates on page 18
• Migration, Upgrade, and Downgrade Instructions on page 18
• Product Compatibility on page 19
New and Changed Features
This section describes the features and enhancements in Junos OS Release 18.4R1 for
ACX Series Universal Metro Routers.
• Authentication, Authorizing, and Accounting (AAA) on page 10
• Interfaces and Chassis on page 10
• MPLS on page 10
• Platform and Infrastructure on page 11
• Routing Protocols on page 11
Copyright © 2019, Juniper Networks, Inc. 9
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• Timing and Synchronization on page 12
• VPNs on page 13
Authentication, Authorizing, and Accounting (AAA)
• Support for password change policy enhancement (ACX Series)—Starting in Junos
OS Release 18.4R1, the Junos OS password change policy for local user accounts is
enhanced to comply with additional password policies. As part of the policy
improvement, you can configure the following:
• maximum-lifetime-value—The maximum duration of a password. The password
expires after the maximum is reached.
• minimum-lifetime-value—The minimum duration of a password. You cannot change
the password until the minimum duration is reached.
[See password.]
Interfaces and Chassis
• Multichassis link aggregation groups, configuration synchronization, and
configuration consistency check (MC-LAG) (ACX5448 routers)—Starting in Junos
OS Release 18.4R1, MC-LAG enables a client device to form a logical LAG interface
using two switches. MC-LAG provides redundancy and load balancing between the
two switches, multihoming support, and a loop-free Layer 2 network without running
spanning tree protocols (STP).
[See Multichassis Link Aggregation Features, Terms, and Best Practices .]
MPLS
• Support for topology iIndependent loop-free alternate (TI-LFA) for IS-IS, advertising
MPLS labels (ISIS, OSPF), and configuring SRGB for SPRING (ISIS, OSPF)
(ACX5448)—Starting with Junos OS Release 18.4R1, ACX5448 router support topology
independent (TI)-loop-free alternate (LFA), advertise MPLS labels (ISIS, OSPF), and
segment routing global block (SRGB) for SPRING (ISIS, OSPF).
Topology independent (TI)-loop-free alternate (LFA) with segment routing provides
fast reroute (FRR) backup paths corresponding to the post-convergence path for a
given failure. You can enable TI-LFA for IS-IS by configuring use-post-convergence-lfa
statement at the [edit protocols isis backup-spf-options] hierarchy level.
You can configure SRGB range label used by source packet routing in networking
(SPRING). The labels from this SRGB range is used for SPRING in IS-IS domain. This
way the labels advertised in the segment routing is more predictable and deterministic
across the segment routing domain.
• To configure the starting index value of the SRGB label block, use the start-label
start-label-block-value statement at the [edit protocols isis source-packet-routing
srgb] hierarchy level.
• To configure the index range of the SRGB label block, use the index-range value
configuration statement at the [edit protocols isis source-packet-routing srgb]
hierarchy level.
10 Copyright © 2019, Juniper Networks, Inc.
ACX5448 router supports IS-IS and OSPF segment routing enabled through MPLS.
IS-IS and OSPF creates an adjacency segment per IS-IS and OSPF neighbor, for a given
interface, adjacency, and area. A separate MPLS label is allocated for each adjacency
segment created.
To configure OSPF segment routing, use the following configuration statements at
the [edit protocols ospf] hierarchy level:
• source-packet-routing—Enable the source packet routing feature.
• node-segment—Enable the node segment.
To configure IS-IS segment routing, use the following configuration statements at the
[edit protocols isis] hierarchy level:
• source-packet-routing—Enable the source packet routing feature.
• node-segment—Enable source packet routing at all levels.
[See Understanding Topology-Independent Loop-Free Alternate with Segment Routing
for IS-IS, Understanding Source Packet Routing in Networking (SPRING), and
source-packet-routing (Protocols IS-IS and OSPF).]
Platform and Infrastructure
• DMA recovery mechanism (ACX Series)—A recovery mechanism has been introduced
that is triggered in case the router enters an Idle state on any DMA channels. The
recovery mechanism reboots the PFE to recover from Idle state.
The following recovery message is logged in the RE syslog message:
CHASSISD_FPC_ASIC_ERROR: <FPC 0> ASIC Error detected errorno 0x0000ffff FPC
restart initiated
The following recovery message is logged in the PFE syslog message:
BCM DMA channel error detected
Resetting the PFE
Routing Protocols
• Metro Ethernet services over segment routing infrastructure (ACX5448
routers)—Starting with Junos OS Release 18.4R1, Metro Ethernet services are supported
over a segment routing infrastructure.
The following features are supported or can be configured:
• IPv4 OSPF segment routing enabled through MPLS.
• IS-IS segment routing enabled through MPLS.
• Segment routing global block (SRGB) range label, which is used by Source Packet
Routing in Netwroking (SPRING).
Copyright © 2019, Juniper Networks, Inc. 11
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• Anycast segment identifiers (SIDs) and prefix SIDs in SPRING are supported.
• Topology independent loop-free alternate (TI-LFA) with segment routing, which
provides fast reroute (FRR) backup paths corresponding to the post-convergence
path for a given failure.
[See Understanding Adjacency Segments, Anycast Segments, and Configurable SRGB in
SPRING for IS-IS Protocol, Understanding Topology-Independent Loop-Free Alternate
with Segment Routing for IS-IS, Understanding Source Packet Routing in Networking
(SPRING)].
Timing and Synchronization
• Support for PTP boundary clocks for phase and time synchronization
(ACX5448)—Starting with Junos OS Release 18.4R1, ACX5448 routers support PTP
boundary clocks for phase and time synchronization using IEEE-1588 Precision Timing
Protocol (PTP). This feature also supports:
• PTP over IPv4 (IEEE-1588v2)
• PTP ordinary and boundary clocks
• One-step clock mode operation for the PTP master clock
• 10-MHz and 1-PPS output for measurement purpose
All PTP packets use the best-effort queue instead of the network control queue.
The ACX5448 router does not support the following features:
• Hybrid mode
• Boundary clock performance complying with G.8273.2
• Dual-tagged PTP over IPv4
12 Copyright © 2019, Juniper Networks, Inc.
[See IEEE 1588v2 PTP Boundary Clock Overview.]
VPNs
• Support to control traceroute over Layer 3 VPN (ACX Series)—Starting in Junos OS
Release 18.4R1, in a Layer 3 VPN topology with vrf-table-label configured and multiple
customer edge (CE) routers configured in the same VPN routing and forwarding (VRF)
routing instance, when traceroute is performed to a remote provider edge (PE) router
for a CE-facing network, the ICMP time exceeded packet determines the correct IP
address as the source address.
To control the traceroute over Layer 3 VPN topology with vrf-table-label configured
and multiple CE routers configured in the same VRF, you can configure
allow-l3vpn-traceroute-src-select at the[edit system] hierarchy level that determines
the correct IP source address by reviewing the destination routing instance and
destination IP address.
[See allow-l3vpn-traceroute-src-select.]
See Also • Changes in Behavior and Syntax on page 13
• Known Behavior on page 14
• Known Issues on page 15
• Resolved Issues on page 17
• Documentation Updates on page 18
• Migration, Upgrade, and Downgrade Instructions on page 18
• Product Compatibility on page 19
Changes in Behavior and Syntax
This section lists the changes in behavior of Junos OS features and changes in the syntax
of Junos OS statements and commands from Junos OS Release 18.4R1 for the ACX Series
routers.
• Interfaces and Chassis on page 14
• Network Management and Monitoring on page 14
Copyright © 2019, Juniper Networks, Inc. 13
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Interfaces and Chassis
• Support for creating layer 2 logical interface independently (ACX Series)—In Junos
OS Releases 18.4R1, 18.4R2, and later, ACX Series routers support creating layer 2
logical interface independent of layer 2 routing instance type. That is, you can configure
and commit the layer 2 logical interfaces separately and add the interface to
bridge-domain or Ethernet VPN (EVPN) routing instance separately. Note that the
layer 2 logical interfaces works fine only when the interface is added to bridge domain
or EVPN routing instance.
In the earlier Junos OS releases, when an layer 2 logical interface configuration (units
with encapsulation vlan-bridge configuration) is used, then the logical interface must
be added as part of a bridge-domain or EVPN routing instance for the commit to
succeed.
Network Management and Monitoring
• The NETCONF server omits warnings in RPC replies when the rfc-compliant statement
is configured and the operation returns <ok/> (ACX Series)—Starting in Junos OS
Release 18.4R1, when you configure the rfc-compliant statement at the [edit system
services netconf] hierarchy level to enforce certain behaviors by the NETCONF server,
the server must not return an RPC reply that encloses both an <rpc-error> element
and an <ok/> element. If the operation is successful, but the server reply would enclose
one or more <rpc-error> elements of severity warning in addition to the <ok/> element,
then the warnings are omitted. In earlier releases, or when the rfc-compliant statement
is not configured, the NETCONF server might issue an RPC reply that encloses both an
<rpc-error> element of severity warning and an <ok/> element.
See Also • New and Changed Features on page 9
• Known Behavior on page 14
• Known Issues on page 15
• Resolved Issues on page 17
• Documentation Updates on page 18
• Migration, Upgrade, and Downgrade Instructions on page 18
• Product Compatibility on page 19
Known Behavior
This section lists known behavior, system maximums, and limitations in hardware and
software in Junos OS Release 18.4R1 for the ACX Series.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• General Routing on page 15
14 Copyright © 2019, Juniper Networks, Inc.
General Routing
• When Layer 3 packets are classified, DiffServ code points are not preserved but are
getting lost at the egress interface because of a chipset limitation.PR1322142
• ARP learning rate is very low. PR1343221
• PTX10001-20C Junos Telemetry Interface or Telemetery infrastructure does not support
the interface-filtering capability. Therefore, after you enable a particular sensor for
telemetry, it is turned-on for all the interfaces. PR1371996
• For et-interfaces, only PRE_FEC_SD defect is raised and no OTN alarm is raised.
PR1371997
• The CLI static-cak command encryption does not work between two ACX-OX
transpoder nodes. PR1389802
• For ACX6360 TIC beacon port-range needs to be updated to 0-7 instead of 0-15.
PR1399335
• If user configures an invalid speed configuration on TIC ports (PIC slot 1) on
ACX6360-OR/OX, the TIC interfaces are not created. PR1403546
• Junos OS do not perform vlan-id check at the egress and vlan-id check is only performed
at ingress. PR1403730
See Also • New and Changed Features on page 9
• Changes in Behavior and Syntax on page 13
• Known Issues on page 15
• Resolved Issues on page 17
• Documentation Updates on page 18
• Migration, Upgrade, and Downgrade Instructions on page 18
• Product Compatibility on page 19
Known Issues
There are no known issues in hardware and software in Junos OS Release 18.4R1 for the
ACX Series Router.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• General Routing on page 16
Copyright © 2019, Juniper Networks, Inc. 15
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
General Routing
• On the ACX5000 Series platforms, in some cases, CoS configuration is not properly
applied in the Packet Forwarding Engine, leading to unexpected egress traffic drop on
some interfaces. PR1329141
• Loopback status is not shown for OT interfaces on the CLI (available from vty only).
PR1358017
• ARP request is getting dropped and not forwarded to the NNI interface queue when
the CoS configuration has temporal buffer size. PR1363153
• Dedicated or minimum buffers are reserved for some queues according to the Junos
OS working model. These buffers are always available to those queues irrespective of
the traffic pattern throughout the system. When the clearing stat statement is used,
these values are visible. This cosmetic or minor issue has no functional impact is seen.
PR1367978
• On ACX6360 and PTX10001-20C the SD threshold can be set above SF threshold.
PR1376869
• Because of a race condition, in which the class-of-service configuration request for an
interface is received before the e1-interface is created, a circuit with specified
class-of-service parameters is created. Because of this, the interface creation fails
resulting in traffic not flowing on the e1-interface and then (if e1-interfaces are further
disabled or enabled) a core file is generated. PR1378747
• On ACX5448 running Junos OS Release 18.4R1 and earlier releases, channelized 25-Gbps
et-interfaces might not come up after you restart the chassis management process
(by using the restart chassis-control command). As a workaround, reuse the
restart-chassis-control command. PR1379288
• Enhancement is needed for FRR BER threshold SNMP support. PR1383303
• On ACX6360 and PTX10001-20C the Tx power cannot be configured using + sign.
PR1383980
• The request chassis beacon CLI command is not working for PIC slot 1 (that is, CFP2
ports). PR1386711
• Customer should avoid using the loss-priority high command in the firewall filters (MF
classifiers). PR1388731
• Explicit swap-push map operations are now introduced on VPLS logical interfaces in
ACX5000. This is already supported as part of implicit map operations or routing
instance-level configurations. PR1398118
• The ccc logs are not compressed after rotation. PR1398511
See Also • New and Changed Features on page 9
• Changes in Behavior and Syntax on page 13
• Known Behavior on page 14
16 Copyright © 2019, Juniper Networks, Inc.
• Resolved Issues on page 17
• Documentation Updates on page 18
• Migration, Upgrade, and Downgrade Instructions on page 18
• Product Compatibility on page 19
Resolved Issues
This section lists the issues fixed in Junos OS 18.4R1 for ACX Series.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• General Routing on page 17
• Platform and Infrastructure on page 18
General Routing
• Incorrect packet statistics are reported in the ifHCInUcastPkts OID. PR1306656
• ACX Series routers support from dual-tagged through untagged packets Layer 3 traffic.
PR1307666
• Port xe-0/3/0 did not come up. PR1328207
• ACX Series routers are incorrectly allowing to configure higher values in burst-size-limit
than what is supported by the hardware. PR1361482
• ACX Series routers autonegotiation shows incorrect values for link-partner when using
SFP-LH or SFP-SX transceivers in combo-ports or SFP ports. PR1362490
• FEC PM error counters are accumulated instead of resetting after bin rollover. PR1363270
• VPLS with vlan-id-list is not working properly in some releases when the link between
a PE device and a CE device is an aggregated Ethernet interface with a single member
link and child physical interface flap. PR1365894
• The commit or commit check operation might fail because of the error cannot have
lsp-cleanup-timer without lsp-provisioning. PR1368992
• The fxpc might crash after an interface is changed on ACX5000 routers. PR1378155
• Timestamp is incorrect for BER statistics after clearing. PR1386253
• The request chassis beacon CLI command is not working for pic-slot 1 (that is, CFP2
ports). PR1386711
• Certain builds of Junos OS do not allow you to upgrade or commit configuration changes
when the SI service interface is used. PR1393729
• ACX Series routers does not support physical-interface-filter semantic in egress direction
for any filters. It supports interface-specific command only. PR1395362
• High jsd or na-grpcd CPU usage might be seen when JET or JTI is not used. PR1398398
Copyright © 2019, Juniper Networks, Inc. 17
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Platform and Infrastructure
• On Junos OS, the next-hop index allocation fails and private index space get exhausted
through incoming ARP requests to management interface (CVE-2018-0063).
PR1360039
See Also • New and Changed Features on page 9
• Changes in Behavior and Syntax on page 13
• Known Behavior on page 14
• Known Issues on page 15
• Documentation Updates on page 18
• Migration, Upgrade, and Downgrade Instructions on page 18
• Product Compatibility on page 19
Documentation Updates
There are no errata or changes in Junos OS Release 18.4R1 for the ACX Series
documentation.
See Also • New and Changed Features on page 9
• Changes in Behavior and Syntax on page 13
• Known Behavior on page 14
• Known Issues on page 15
• Resolved Issues on page 17
• Migration, Upgrade, and Downgrade Instructions on page 18
• Product Compatibility on page 19
Migration, Upgrade, and Downgrade Instructions
This section contains the upgrade and downgrade support policy for Junos OS for the
ACX Series Router. Upgrading or downgrading Junos OS might take several minutes,
depending on the size and configuration of the network.
For information about software installation and upgrade, see the Installation and Upgrade
Guide.
• Upgrade and Downgrade Support Policy for Junos OS Releases on page 18
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at
a time is not provided, except for releases that are designated as Extended End-of-Life
(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can
18 Copyright © 2019, Juniper Networks, Inc.
upgrade directly from one EEOL release to the next EEOL release even though EEOL
releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after
the currently installed EEOL release, or to two EEOL releases before or after. For example,
Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS
Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.
You cannot upgrade directly from a non-EEOL release to a release that is more than
three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to
a release more than three releases before or after, first upgrade to the next EEOL release
and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see
https://www.juniper.net/support/eol/junos.html.
For information about software installation and upgrade, see the Installation and Upgrade
Guide.
See Also • New and Changed Features on page 9
• Changes in Behavior and Syntax on page 13
• Known Behavior on page 14
• Known Issues on page 15
• Resolved Issues on page 17
• Documentation Updates on page 18
• Product Compatibility on page 19
Product Compatibility
• Hardware Compatibility on page 19
Hardware Compatibility
To obtain information about the components that are supported on the devices, and the
special compatibility guidelines with the release, see the Hardware Guide for the product.
To determine the features supported on ACX Series routers in this release, use the Juniper
Networks Feature Explorer, a Web-based application that helps you to explore and
compare Junos OS feature information to find the right software release and hardware
platform for your network. Find Feature Explorer at
https://apps.juniper.net/feature-explorer/.
Hardware Compatibility Tool
For a hardware compatibility matrix for optical interfaces and transceivers supported
across all platforms, see the Hardware Compatibility tool.
See Also • New and Changed Features on page 9
Copyright © 2019, Juniper Networks, Inc. 19
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• Changes in Behavior and Syntax on page 13
• Known Behavior on page 14
• Known Issues on page 15
• Resolved Issues on page 17
• Documentation Updates on page 18
• Migration, Upgrade, and Downgrade Instructions on page 18
20 Copyright © 2019, Juniper Networks, Inc.
Junos OS Release Notes for EX Series Switches
These release notes accompany Junos OS Release 18.4R1 for the EX Series. They describe
new and changed features, limitations, and known and resolved problems in the hardware
and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation
webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
• New and Changed Features on page 21
• Changes in Behavior and Syntax on page 27
• Known Behavior on page 28
• Known Issues on page 29
• Resolved Issues on page 33
• Documentation Updates on page 36
• Migration, Upgrade, and Downgrade Instructions on page 37
• Product Compatibility on page 38
New and Changed Features
This section describes the new features and enhancements to existing features in Junos
OS Release 18.4R1 for the EX Series.
NOTE: The following EX Series switches are supported in Release 18.4R1:
EX2300, EX3400, EX4300, EX4600-40F, EX4650, EX9200, EX9204,
EX9208, EX9214, EX9251, and EX9253.
• Hardware on page 22
• Authentication, Authorization and Accounting (AAA) (RADIUS) on page 22
• EVPNs on page 22
• Interfaces and Chassis on page 24
• Junos Telemetry Interface on page 24
• Multicast on page 25
• Port Security on page 25
• Virtual Chassis on page 26
Copyright © 2019, Juniper Networks, Inc. 21
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Hardware
• 2-port QSFP+/1-port QSFP28 uplink module for EX4300-48MP and EX4300-48MP-S
switches—Starting with Junos OS Release 18.4R1, EX4300-48MP and EX4300-48MP-S
switches support the 2-port QSFP+/1-port QSFP28 uplink module. The 2-port
QSFP+/1-port QSFP28 uplink module can house two QSFP+ transceivers or one
QSFP28 transceiver.
[See EX4300 Switch Hardware Guide.]
Authentication, Authorization and Accounting (AAA) (RADIUS)
• Support for password change policy enhancement (EX Series)—Starting in Junos
OS Release 18.4R1, the Junos OS password change policy for local user accounts is
enhanced to comply with additional password policies. As part of the policy
improvement, you can configure the following:
• maximum-lifetime-value—The maximum duration of a password. The password
expires after the maximum is reached.
• minimum-lifetime-value—The minimum duration of a password. You cannot change
the password until the minimum duration is reached.
[See password.]
EVPNs
• Support for graceful restart on EVPN-VXLAN (EX9200)—Starting in Junos OS Release
18.4R1, Junos OS supports graceful restart on EVPN-VXLAN on EX9200 and QFX Series
switches and MX Series Routers. Graceful restart allows the device to recover from a
routing process restart or Routing Engine switchover without nonstop active routing
(NSR) enabled.
[See NSR and Unified ISSU Support for EVPN Overview.]
• Support for VMTO for ingress traffic (EX9200)—Starting in Junos OS Release 18.4R1,
you can configure a leaf or spine device that is configured as a Layer 3 gateway to
support virtual machine traffic optimization (VMTO) for ingress traffic. VMTO eliminates
the unnecessary ingress routing to default gateways when a virtual machine is moved
from one data center to another.
To enable VMTO, configure remote-ip-host routes at the [edit routing-instances
routing-instance-name protocols evpn] hierarchy level. You can also filter out the
unwanted routes by configuring an import policy under the remote-ip-host routes
option.
[See Configuring EVPN Routing Instances.]
• Support for multihomed proxy advertisement (EX9200)—Starting in Junos OS
Release 18.4R1, Junos OS now provides enhanced support to proxy advertise the MAC
address and IP route entry from all leaf devices that are multihomed to a customer
edge (CE) device. Using proxy advertisement prevents traffic loss when one of the
connections to the leaf device fails. To support the multihomed proxy advertisement,
22 Copyright © 2019, Juniper Networks, Inc.
all multihomed provider edge (PE) devices should have the same multihomed proxy
advertisement bit value. The multihomed proxy advertisement feature is enabled by
default, and Junos OS uses the default multihomed proxy advertisement bit value of
0x20.
[See EVPN Multihoming Overview.]
• MLD snooping support for EVPN-MPLS (EX9200)—Starting with Junos OS Release
18.4R1, you can configure Multicast Listener Discovery (MLD) protocol snooping on
EX9200 switches in an EVPN over an MPLS network. Enabling MLD snooping helps to
constrain IPv6 multicast traffic to interested receivers in a broadcast domain. Multicast
sources and receivers in the EVPN instance (EVI) can each be single-homed to one
provider edge (PE) device or multihomed in all-active mode to multiple PE devices.
MLD snooping support in this environment includes:
• Either MLDv1 and MLDv2 with any-source multicast (*,G) or MLDv2 with
source-specific multicast (S,G) (configurable)
• MLD state synchronization among multihoming PE devices using BGP EVPN Type 7
(Join Sync Route) and Type 8 (Leave Sync Route) network layer reachability
information (NLRI)
• Inclusive multicast forwarding from the ingress PE device into the EVPN core to reach
all other PE devices
• Forwarding across bridge domains (VLANs) using IRB interfaces and PIM operating
in passive and distributed designated router (PIM-DDR) modes
[See Overview of Multicast Forwarding with IGMP or MLD Snooping in an EVPN-MPLS
Environment.]
Copyright © 2019, Juniper Networks, Inc. 23
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Interfaces and Chassis
• Support for uplink module with two 40-Gigabit Ethernet ports and one 100-Gigabit
Ethernet port (EX4300-48MP)—Starting with Junos OS Release 18.4R1, the 2-port
QSFP+/1-port QSFP28 uplink module on EX4300-48MP switches can be configured
to operate either two 40-Gigabit Ethernet ports or one 100-Gigabit Ethernet port. By
default, the uplink module operates only the two 40-Gbps ports. To enable 100-Gbps
speed, issue the set chassis fpc 0 pic 2 port 0 speed 100g command. The uplink module
then enables the 100-Gigabit Ethernet port and disables the adjacent 40-Gigabit
Ethernet ports.
NOTE:
• You can install the 2-port QSFP+/1-port QSFP28 uplink module only in
PIC slot 2 on the switch.
• You can configure 100-Gbps speed only on port 0 of PIC 2 (which is the
uplink module slot on the switch).
You can also channelize 40-Gigabit Ethernet interfaces, to four independent 10-Gigabit
Ethernet interfaces using breakout cables.
[See Setting the Mode on 2-port QSFP+/1-port QSFP28 Uplink Module (CLI Procedure).]
Junos Telemetry Interface
• Packet Forwarding Engine and Routing Engine sensor support for Junos Telemetry
Interface (JTI) (EX4600 switches)—Starting in Junos OS Release 18.4R1, JTI supports
Packet Forwarding Engine and Routing Engine statistics for EX4600 switches:
The following Routing Engine statistics are supported through JTI:
• LACP state export
• Chassis environmentals export
• Network discovery chassis and components
• LLDP export and LLDP model
• BGP peer information (RPD)
• RSVP interface export
• RPD task memory utilization export
• LSP event export
• Network Discovery ARP table state
• Network Discovery NDP table state
The following Packet Forwarding Engine statistics are supported through JTI:
• Congestion and latency monitoring
• Logical interface
24 Copyright © 2019, Juniper Networks, Inc.
• Filter
• Physical interface
• LSP
• NPU/LC memory
• Network Discovery NDP table state
To provision a sensor to export data through gRPC, use the telemetrySubscribe RPC
to specify telemetry parameters. Streaming telemetry data through gRPC also requires
the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig
and Network Agent packages are bundled into the Junos OS image by default. Both
packages support the Junos Telemetry Interface (JTI).
[See Configuring a Junos Telemetry Interface Sensor (CLI Procedure), Configure a Telemetry
Sensor in Junos and Guidelines for gRPC Sensors (Junos Telemetry Interface).]
Multicast
• Multicast VLAN registration (MVR) (EX2300 and EX3400 switches and Virtual
Chassis)—Starting in Junos OS Release 18.4R1, EX2300 and EX3400 switches and
Virtual Chassis support multicast VLAN registration (MVR). MVR efficiently distributes
IPTV multicast streams across an Ethernet ring-based Layer 2 network, reducing the
bandwidth required for this traffic by using a multicast VLAN (M-VLAN) over which
multicast traffic is forwarded to interested listeners on other VLANs that are configured
as MVR receiver VLANs. You can configure MVR at the [edit protocols igmp-snooping
vlan vlan-name data-forwarding] source and receiver hierarchy levels, and use the show
igmp snooping data-forwarding CLI command to view configured M-VLAN and MVR
receiver VLAN associations. (The feature described above is documented but not
supported on EX2300 and EX3400 switches and Virtual Chassis in Junos OS Release
18.4R1.)
[See Understanding Multicast VLAN Registration.]
Port Security
• Support for DHCP snooping and other access port security features on private VLANs
(EX2300 and EX3400 switches and Virtual Chassis)—Starting in Junos OS Release
18.4R1, you can enable Dynamic Host Configuration Protocol (DHCP) snooping for
security purposes on access ports that are in a private VLAN (P-VLAN). You can also
protect those ports with DHCP options, dynamic ARP inspection (DAI), IP source guard,
and neighbor discovery inspection.
PVLANs provide Layer 2 isolation between ports within a VLAN, splitting a broadcast
domain into multiple discrete broadcast subdomains by creating secondary VLANs.
PVLANs are useful for restricting the flow of broadcast and unknown unicast traffic
and for limiting the communication between known hosts.
Ethernet LANs are vulnerable to attacks such as address spoofing (forging) and Layer
2 denial of service (DoS) on network devices. The following port security features help
protect access ports on your device against loss of information and productivity that
such attacks can cause:
Copyright © 2019, Juniper Networks, Inc. 25
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• DHCP snooping—Filters and blocks ingress DHCP server messages on untrusted
ports. DHCP snooping builds and maintains a database of DHCP lease information,
which is called the DHCP snooping database.
• DHCPv6 snooping—DHCP snooping for IPv6.
• DHCP option 82—Also known as the DHCP Relay Agent Information option. This
option helps protect the switch against attacks such as spoofing of IP addresses
and MAC addresses and DHCP IP address starvation.
• DHCPv6 option 37—Remote ID option for DHCPv6. The option is used to insert
information about the network location of the remote host into DHCPv6 packets.
• DHCPv6 option 18—Circuit ID option for DHCPv6. The option is used to insert
information about the client port into DHCPv6 packets.
• DHCPv6 option 16—Vendor ID option for DHCPv6. The option is used to insert
information about the vendor of the client hardware into DHCPv6 packets.
• DAI—Prevents Address Resolution Protocol (ARP) spoofing attacks. ARP requests
and replies are compared against entries in the DHCP snooping database, and filtering
decisions are made on the basis of the results of those comparisons.
• IP source guard—Mitigates the effects of IP address spoofing attacks on the Ethernet
LAN. The source IP address in the packet sent from an untrusted access interface is
validated against the DHCP snooping database.
• IPv6 source guard—IP source guard for IPv6.
• IPv6 neighbor discovery inspection—Prevents IPv6 address spoofing attacks. Neighbor
discovery requests and replies are compared against entries in the DHCPv6 snooping
database, and filtering decisions are made on the basis of the results of those
comparisons.
[See Putting Access Port Security on Private VLANs.]
• Untrusted mode on trunk interfaces for DHCP snooping (EX2300, EX3400, EX4300
and EX4600 switches)—Starting in Junos OS Release 18.4R1, you can configure a
trunk interface as untrusted for DHCP security. Trunk interfaces in untrusted mode
support DHCP snooping and DHCPv6 snooping, dynamic ARP inspection (DAI), and
IPv6 neighbor discovery (ND) inspection.
[See Understanding Trusted and Untrusted Ports.]
Virtual Chassis
• Virtual Chassis support (EX2300-24MP, EX2300-48MP)—Starting in Junos OS
Release 18.4R1, multigigabit EX2300 switches can be interconnected into a Virtual
Chassis with other EX2300 model switches as follows:
• Any combination of up to four EX2300-24MP, EX2300-48MP, EX2300, and
EX2300-C switches is supported.
• You do not need to set mixed mode.
• Any models of EX2300 switches can be in the master or backup Routing Engine
roles.
26 Copyright © 2019, Juniper Networks, Inc.
• Any 10-Gbps uplink ports installed with SFP+ transceivers can be configured as
Virtual Chassis ports (VCPs) to interconnect member switches.
• Use the same steps as for configuring any other EX2300, EX3400, or EX4300 Virtual
Chassis.
[See Understanding EX Series Virtual Chassis.]
See Also • Changes in Behavior and Syntax on page 27
• Known Behavior on page 28
• Known Issues on page 29
• Resolved Issues on page 33
• Documentation Updates on page 36
• Migration, Upgrade, and Downgrade Instructions on page 37
• Product Compatibility on page 38
Changes in Behavior and Syntax
This section lists the changes in behavior of Junos OS features and changes in the syntax
of Junos OS statements and commands from Junos OS Release 18.4R1 for the EX Series.
• Interfaces and Chassis on page 27
• Network Management and Monitoring on page 28
• Security on page 28
Interfaces and Chassis
• Enhanced AC PEM in high-line power configuration supplies 2400 W power
(EX9204)—Starting in Junos OS Release 18.4R1, on EX9204 switches, the enhanced
AC PEM in high-line power configuration provides a power output of 2400 W. On Junos
OS versions prior to 18.4R1, the PEM provided only 2050 W of power output.
[See show chassis power.]
• Support for creating layer 2 logical interface independently (EX Series)—In Junos
OS Releases 18.4R1, 18.4R2, and later, EX Series switches support creating layer 2
logical interface independent of layer 2 routing instance type. That is, you can configure
and commit the layer 2 logical interfaces separately and add the interface to
bridge-domain or Ethernet VPN (EVPN) routing instance separately. Note that the
layer 2 logical interfaces works fine only when the interface is added to bridge domain
or EVPN routing instance.
In the earlier Junos OS releases, when an layer 2 logical interface configuration (units
with encapsulation vlan-bridge configuration) is used, then the logical interface must
be added as part of a bridge-domain or EVPN routing instance for the commit to
succeed.
Copyright © 2019, Juniper Networks, Inc. 27
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Network Management and Monitoring
• The NETCONF server omits warnings in RPC replies when the rfc-compliant statement
is configured and the operation returns <ok/> (EX Series)—Starting in Junos OS
Release 18.4R1, when you configure the rfc-compliant statement at the [edit system
services netconf] hierarchy level to enforce certain behaviors by the NETCONF server,
the server must not return an RPC reply that encloses both an <rpc-error> element
and an <ok/> element. If the operation is successful, but the server reply would enclose
one or more <rpc-error> elements of severity warning in addition to the <ok/> element,
then the warnings are omitted. In earlier releases, or when the rfc-compliant statement
is not configured, the NETCONF server might issue an RPC reply that encloses both an
<rpc-error> element of severity warning and an <ok/> element.
Security
• Firewall warning message (EX2300 switches)—Starting in 18.4R1, a warning message
is displayed whenever a firewall term includes log or syslog with the accept filter action.
See Also • New and Changed Features on page 21
• Known Behavior on page 28
• Known Issues on page 29
• Resolved Issues on page 33
• Documentation Updates on page 36
• Migration, Upgrade, and Downgrade Instructions on page 37
• Product Compatibility on page 38
Known Behavior
This section lists known behavior, system maximums, and limitations in hardware and
software in Junos OS Release 18.4R1 for the EX Series.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• General Routing on page 28
• Class of Service (CoS) on page 29
• Routing Protocols on page 29
General Routing
• A few error messages related to the function rt_mesh_group_add_check() are seen
during reboot. These errors are harmless. PR1365049
• Automatic channelisation is not supported for 40GBASE-BXSR, QSFP+40GE-LX4,
QSFP-100G-PSM4, and 100GBASE-BXSR optics. PR1366103
28 Copyright © 2019, Juniper Networks, Inc.
• On the EX4300-MP switch, the et-0/2/* (100-Gigabit Ethernet) interface multicast
queue in strict-priority mode gets the priority treatment only across other multicast
queues. PR1377692
Class of Service (CoS)
• On EX4650 switches, if the CoS configurations are modified when egress traffic is
shaped at a very low rate (< 50 Mbps), packets might get stuck in the MMU buffers
permanently. It might cause ingress or egress traffic drops. When low rate shapers (<
50 Mbps) are applied on egress queues, we recommend you to deactivate shaping
before any CoS modification or ensure traffic is stopped before modifying the CoS
configuration. PR1367432
Routing Protocols
• On EX4650 switches, 254 neighbors and 200,000 routes can be scaled for IS-IS v4.
Beyond 200,000 routes with 254 neighbors, adjacency flaps and traffic drop will be
seen. However, with 40 neighbors, scaling of 351,000 routes is achieved. PR1368106
See Also • New and Changed Features on page 21
• Changes in Behavior and Syntax on page 27
• Known Issues on page 29
• Resolved Issues on page 33
• Documentation Updates on page 36
• Migration, Upgrade, and Downgrade Instructions on page 37
• Product Compatibility on page 38
Known Issues
This section lists the known issues in hardware and software in Junos OS Release 18.4R1
for the EX Series.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• General Routing on page 30
• Authentication and Access Control on page 31
• Infrastructure on page 31
• Interfaces and Chassis on page 32
• Layer 2 Features on page 32
• Multicast on page 32
• Network Management and Monitoring on page 32
• Platform and Infrastructure on page 32
Copyright © 2019, Juniper Networks, Inc. 29
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• Routing Protocols on page 32
• Spanning Tree Protocols on page 33
General Routing
• Various common situations lead to different views of forwarding information between
the kernel and Packet Forwarding Engines. For example, fpc7 KERNEL/PFE APP=NH
OUT OF SYNC: error code 3 REASON: NH add received and for a logical interface that
does not exist, the error message displayed is ERROR-SPECIFIC INFO: nh_id=562 , type
= Hold, ifl index 334 does not exist TYPE-SPECIFIC INFO: none. As such there is no service
impact on MPC2 and MPC3 cards. PR1205593
• If a configuration that takes a Packet Forwarding Engine offline and another
configuration that brings the Packet Forwarding Engine back online are committed in
quick succession, then Routing Engine-Packet Forwarding Engine out-of-sync errors
might be logged in the syslog. Most of the time these are benign errors, but sometimes
they might result in Packet Forwarding Engine crashes. PR1232178
• On EX4600 switches, in some cases, CoS configuration is not properly applied in the
Packet Forwarding Engine, leading to unexpected egress traffic drop on some interfaces.
PR1329141
• On an EX2300 switch, the output of the show chassis routing-engine command might
display the incorrect value of mac reset for the last reboot reason field. PR1331264
• The CHASSISD_I2CS_READBACK_ERROR: Readback error from I2C slave for FPC 0 ([0x0,
0x20] -> 0x0) error message is seen when you bring the MIC in MIC slot 1 of the line
card online. PR1355942
• On EX4650 switches, if lcmd is restarted, chassisd core files might be generated with
traffic drop for a few seconds. PR1363652
• The time lapse between interface down interrupt detection to FRR call back is ~148ms
on QFX5120 platform, although the in-place update FRR programming completes in
1 ms. The minimum FRR time achieved with this limitation is around 150 ms and
maximum is around 275 ms. PR1364244
• The EX4300 Virtual Chassis might fail to register some jnxOperating SNMP OIDs related
to the Routing Engines. This behavior is more likely if Virtual Chassis members 0 and
1 (FPC0 and FPC1) are not selected as Routing Engines. PR1368845
• With swap-out of a Virtual Chassis of QFX5100 to the EX9253 for testing of some
heavy multicast, even when the IRB interface comes up, traffic drops might be observed.
PR1369099
• Multicast router advertisement packets coming on a VLAN need to be flooded to
interfaces of all FPCs belonging to the same VLAN. Packets when traversing through
a HighGig port (that connects different FPCs) need to hit hardware filter to transmit
packets to other FPCs. In this state, the filter is not applicable for the HighGig ports, so
multicast RA packets do not traverse through other FPCs. PR1370329
• There are multiple failures when events such as node reboots, ICL flaps, and ICCP flaps
occur; and even with enhanced convergence configured there is no guarantee that
subsecond convergence will be achieved. PR1371493
30 Copyright © 2019, Juniper Networks, Inc.
• In EX2300 and EX3400 switches, image upgrade might fail because of an insufficient
space issue. PR1376488
• On EX9200 switches, if the packet-length option is configured under a firewall filter
that is applied on the egress interface, such configuration cannot be committed because
of commit-check failure. PR1378901
• On EX9200 switches, constant memory leak might occur on an FPC, and such a
condition might finally lead to memory exhaustion and generation of core files by the
FPC. PR1381527
• If the port number entered for PIC 2 is greater than 2, an error message is displayed.
PR1382578
• A traffic drop of 2-7 seconds is observed intermittently when Routing Engine switchover
is done with traffic flowing and each node has the scaled MC-LAG configurations.
PR1404632
Authentication and Access Control
• The auth request does not cause the router to send RADIUS request message and
displays the following message: Failed to queue the request, will be queued in authd
internal queue. PR1366002
• DHCPv6 Client is not supported in this release for EX4300-48MP. PR1373691
Infrastructure
• On an EX2300 switch, the IfSpeed and IfHighSpeed MIB values might be incorrectly
displayed during an SNMP get operation. PR1326902
• Junos OS can hang trying to acquire the SMP IPI lock while rebooting when it is running
as a VM on Linux and the QEMU hypervisor. PR1359339
• On EX3400 and EX2300, system time is not retained across switch reboots. PR1397626
Copyright © 2019, Juniper Networks, Inc. 31
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Interfaces and Chassis
• After GRES, the VSTP port cost on aggregated Ethernet interfaces might get changed,
leading to a topology change. PR1174213
Layer 2 Features
• The eswd[1200]: ESWD_MAC_SMAC_BRIDGE_MAC_IDENTICAL: Bridge Address Add:
XX:XX:db:2b:26:81 SMAC is equal to bridge mac hence don't learn message is seen in
the syslog every few minutes on the ERPS owner. Bacause the log is caused by the
ERPS PDU in an ERPS setup, you can ignore the message. PR1372422
Multicast
• IGMP query packets are duplicated between Layer 2 interfaces with igmp-snooping
enabled. PR1391753
Network Management and Monitoring
• It is a corner scenario where the trace files are not closed correctly that results in
stopping of trace write. PR1380764
Platform and Infrastructure
• Interface ranges for channelized interfaces are not supported on EX9253; you have to
configure interfaces individually. PR1350635
• When we apply any filter on the loopback interface, the other firewall filter for multicast
might not work. PR1392082
Routing Protocols
• On a dual Routing Engine system with GRES and graceful restart enabled, if Bidirectional
Forwarding Detection (BFD) with hold-down-interval option is enabled on an external
BGP peer, this BGP peer might stay in an idle state after a Routing Engine switchover.
PR1324475
• The mcsnoopd process might crash when all the core-facing interfaces that are part
of the Layer 2 domain have flapped and it is attempting to flood a packet received over
a customer edge (CE) device interface, over the core-facing interfaces. PR1329694
• On EX4650 switches, when the UFT profile lpm-profile prefix-65-127-disable or
lpm-profile is configured, the command output show pfe route summary hw shows
different scale values for the IPv4 and IPv6 LPM routes rather than displaying the
supported scale. The supported scale is as follows: lpm-profile prefix-65-127-disable
IPv4 <= /32 IPv6 <= /64 IPv6 > /64 Enabled 351K (360,000 approx) 168K (172,000
approx) 0k Disabled 168K (172,000 approx) 64K (65524 approx) 64K (65524 approx)
PR1366579
• On EX4650 switches, when the UFT configuration num-65-127-prefix-4 is scaled with
more than 64 prefix IPv6 routes, the show pfe route inet6 hw lpm command output
shows only a single IPv6 entry but not the scaled entries. PR1369320
32 Copyright © 2019, Juniper Networks, Inc.
Spanning Tree Protocols
• In a highly scaled VSTP (3 Interfaces x 253 VLANs) and MSTP configuration, the CPU
utilization might increase resulting in the Packet Forwarding Engine getting lesser CPU.
This could, in turn, cause IPC connections to be dropped between Virtual Chassis.
PR1331858
See Also • New and Changed Features on page 21
• Changes in Behavior and Syntax on page 27
• Known Behavior on page 28
• Resolved Issues on page 33
• Documentation Updates on page 36
• Migration, Upgrade, and Downgrade Instructions on page 37
• Product Compatibility on page 38
Resolved Issues
This section lists the issues fixed in the Junos OS Release 18.4R1 for EX Series switches.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• General Routing on page 33
• EVPN on page 35
• High Availability (HA) and Resiliency on page 35
• Infrastructure on page 35
• Junos Fusion Enterprise on page 35
• Layer 2 Features on page 35
• Network Management and Monitoring on page 35
• Platform and Infrastructure on page 35
• Routing Protocols on page 36
General Routing
• On the EX4300-32F, the MACsec session stays down on 1-Gigabit and 10-Gigabit
Ethernet links after certain events, when events are performed with traffic running.
PR1299484
• On EX2300 and EX3400 switches, the bridge ID is assigned to 02:00:00:00:00:10
irrespective of the base-MAC addresses. PR1315633
• Incorrect value of optical power is displayed. PR1326642
• On EX3400 and EX2300 switches, a redirect message is sent from the switch even
when no-redirect is set for the specified interface. PR1333153
Copyright © 2019, Juniper Networks, Inc. 33
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• The fxpc process might crash after Q-in-Q VLAN is added to or deleted from an interface
on EX2300 or EX3400 switches. PR1334850
• Consideration of relaxing P-VLAN conflict rules during VLAN change for reauthentication
and CoA scenarios. PR1346936
• The 40-Gigabit Ethernet interfaces might not forward traffic. PR1349675
• On EX2300, EX3400, and EX4300MP switches in a Virtual Chassis setup, dynamic
Arp inspection might fail after Virtual Chassis switchover when VSTP is enabled along
with no-mac-table-binding. PR1359753
• The traffic uses the original IRB MAC address if you are configuring a MAC address for
an IRB interface. PR1359816
• On EX2300MP switches, the fan count is wrong in jnxFruName,jnxFilledDescr and
jnxContainersCount.4. PR1361025
• The EX4300-MP MACsec AES-GCM-128-XPN and AES-GCM-256-XPN cipher suites
are not supported for MGE ports. PR1362035
• FPM board status is missing in the SNMP MIB walk result. PR1364246
• The l2cpd process might crash when you configure MVRP with private VLAN and RSTP
interface-all. PR1365937
• Virtual Chassis split followed by generation of fxpc core files might occur when VLAN
members are scaled. PR1369678
• Unicast ARP packet loop might be observed in a DAI scenario. PR1370607
• NTP broadcast packets are not forwarded out on Layer 2 ports. PR1371035
• MAC refresh packet might not be sent out from the new primary link after an RTG
failover. PR1372999
• BOOTP packets might be dropped if BOOTP-support is not enabled at the global level.
PR1373807
• FPC might crash when the output interface flaps with analyzer or sampling configured.
PR1374861
• The port access list group is not properly reallocating the TCAM slices. PR1375022
• The interface AE480 or above might be in STP discarding state on EX9200 switches.
PR1378272
• On EX4300-48MP, the IP transit traffic hits the lo0 filter. PR1379328
• All interfaces belonging to a certain FPC might be lost after multiple GRES in Virtual
Chassis. PR1379790
• The 802.1X configuration does not work with Microsoft NPS server. PR1381017
• On EX4300-48MP, as the session-option configuration under the access profile
hierarchy is not applicable for EX Series and QFX Series, do not use that statement
and options under it PR1385229
34 Copyright © 2019, Juniper Networks, Inc.
• On EX9200, a warning message prefer-status-control-active is used with status-control
standby is seen whenever you commit a configuration. PR1386479
• On an EX2300 with Q-in-Q (flexible-vlan-tagging), you are unable to obtain the DHCP
IP for the IRB interface after power-cycling the device. PR1387039
• The smid process might generate core files during sanity script execution on QFX5100
and EX4300. PR1391909
EVPN
• Proxy ARP might not work as expected in an EVPN environment. PR1368911
High Availability (HA) and Resiliency
• The backup Routing Engine might go to database prompt after performing
configurations such as remove and restore are performed. PR1269383
Infrastructure
• Core files might be generated upon attempt to commit a configuration. PR1376362
Junos Fusion Enterprise
• The peer_daemon: bad daemon: scpd error message is seen on EX9251 running Junos
OS Releases 18.1R1 and 18.1R2. PR1369646
Layer 2 Features
• The firewall filter might not work correctly with the match condition of dot1q-tag on
an EX Series switch. PR1369592
• RTG MAC refresh packets are sent out from non-RTG ports if the RTG interface
belonging to the Virtual Chassis master flaps. PR1389695
Network Management and Monitoring
• On EX4600 switches, unsupported CLI configurations and show commands from the
cfm hierarchy or sub-hierarchy are allowed. PR1359052
• While toggling multiple times between baseline and CFM configurations, all 30 CFM
sessions are not up. PR1360907
• The event-policy generated traps are sent with UTC, even though the time zone is
defined under the system hierarchy. PR1380777
Platform and Infrastructure
• Interface flapping is seen on an EX4300 switch. PR1361483
• Some interfaces cannot be added under the MSTP configuration. PR1363625
• On EX4300 and EX4600 switches, the l2ald process might crash in an 802.1x scenario.
PR1363964
Copyright © 2019, Juniper Networks, Inc. 35
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• The Packet Forwarding Engine might crash if frequent MAC moves are encountered.
PR1367141
• The LLDP TLV with the wrong switch port capabilities might be sent. PR1372966
• Login lockout might never expire because the timestamps of Lockout start and Lockout
end are same. PR1373803
• On EX4300-48MP, unsupported 1-gigabit optics in the 10-gigabit uplink module might
cause interface traffic to be dropped. PR1374390
• Traffic might be silently discarded with indirect next hop and load balancing. PR1376057
• The IRB interface does not go down when the master Virtual Chassis is rebooted or
halted. PR1381272
• On the EX4300 switch, if a loss priority value of high is set for multicast packets by a
classifier at the ingress interface, the configuration is overridden by the storm-control
filter. PR1382893
• The EX4300 device chooses a wrong bridge ID as the RSTP Bridge ID. PR1383356
• On EX4300-48MP mixed Virtual Chassis, the Power over Ethernet interface maximum
power configuration on a member EX4300 gives an error if the power is configured to
be more than 30 W. PR1383717
• Layer 3 IP route is destroyed after the Layer 2 next hop is changed. PR1389688
Routing Protocols
• On EX4300-48MP, stale VLAN entries might be seen after a script involving split or
merge reboots is run continuously. PR1363739
See Also • New and Changed Features on page 21
• Changes in Behavior and Syntax on page 27
• Known Behavior on page 28
• Known Issues on page 29
• Documentation Updates on page 36
• Migration, Upgrade, and Downgrade Instructions on page 37
• Product Compatibility on page 38
Documentation Updates
There are no errata or changes in Junos OS Release 18.4R1 documentation for the EX
Series switches.
See Also • New and Changed Features on page 21
• Changes in Behavior and Syntax on page 27
• Known Behavior on page 28
36 Copyright © 2019, Juniper Networks, Inc.
• Known Issues on page 29
• Resolved Issues on page 33
• Migration, Upgrade, and Downgrade Instructions on page 37
• Product Compatibility on page 38
Migration, Upgrade, and Downgrade Instructions
This section contains the upgrade and downgrade support policy for Junos OS for the
EX Series. Upgrading or downgrading Junos OS can take several hours, depending on the
size and configuration of the network. For information about software installation and
upgrade, see the Installation and Upgrade Guide.
• Upgrade and Downgrade Support Policy for Junos OS Releases on page 37
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at
a time is not provided, except for releases that are designated as Extended End-of-Life
(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can
upgrade directly from one EEOL release to the next EEOL release even though EEOL
releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after
the currently installed EEOL release, or to two EEOL releases before or after. For example,
Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS
Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.
You cannot upgrade directly from a non-EEOL release to a release that is more than
three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to
a release more than three releases before or after, first upgrade to the next EEOL release
and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see
https://www.juniper.net/support/eol/junos.html.
See Also • New and Changed Features on page 21
• Changes in Behavior and Syntax on page 27
• Known Behavior on page 28
• Known Issues on page 29
• Resolved Issues on page 33
• Documentation Updates on page 36
• Product Compatibility on page 38
Copyright © 2019, Juniper Networks, Inc. 37
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Product Compatibility
• Hardware Compatibility on page 38
Hardware Compatibility
To obtain information about the components that are supported on the devices, and the
special compatibility guidelines with the release, see the Hardware Guide for the product.
To determine the features supported on EX Series switches in this release, use the Juniper
Networks Feature Explorer, a Web-based application that helps you to explore and
compare Junos OS feature information to find the right software release and hardware
platform for your network. Find Feature Explorer at
https://apps.juniper.net/feature-explorer/.
Hardware Compatibility Tool
For a hardware compatibility matrix for optical interfaces and transceivers supported
across all platforms, see the Hardware Compatibility tool.
See Also • New and Changed Features on page 21
• Changes in Behavior and Syntax on page 27
• Known Behavior on page 28
• Known Issues on page 29
• Resolved Issues on page 33
• Documentation Updates on page 36
• Migration, Upgrade, and Downgrade Instructions on page 37
Junos OS Release Notes for Junos Fusion Enterprise
These release notes accompany Junos OS Release 18.4R1 for Junos Fusion Enterprise.
Junos Fusion Enterprise is a Junos Fusion that uses EX9200 switches in the aggregation
device role. These release notes describe new and changed features, limitations, and
known problems in the hardware and software.
NOTE: For a complete list of all hardware and software requirements for a
Junos Fusion Enterprise, including which Juniper Networks devices can
function as satellite devices, see Understanding Junos Fusion Enterprise Software
and Hardware Requirements .
You can also find these release notes on the Juniper Networks Junos OS Documentation
webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
• New and Changed Features on page 39
• Changes in Behavior and Syntax on page 39
38 Copyright © 2019, Juniper Networks, Inc.
• Known Behavior on page 40
• Known Issues on page 40
• Resolved Issues on page 40
• Documentation Updates on page 41
• Migration, Upgrade, and Downgrade Instructions on page 41
• Product Compatibility on page 46
New and Changed Features
There are no new features in Junos OS Release 18.4R1 for Junos Fusion Enterprise.
NOTE: For more information about the Junos Fusion Enterprise features, see
the Junos Fusion Enterprise Feature Guide.
See Also • Changes in Behavior and Syntax on page 39
• Known Behavior on page 40
• Known Issues on page 40
• Resolved Issues on page 40
• Documentation Updates on page 41
• Migration, Upgrade, and Downgrade Instructions on page 41
• Product Compatibility on page 46
Changes in Behavior and Syntax
There are no changes in behavior of Junos OS features and changes in the syntax of
Junos OS statements and commands in Junos OS Release 18.4R1 for Junos Fusion
Enterprise.
See Also • New and Changed Features on page 39
• Known Behavior on page 40
• Known Issues on page 40
• Resolved Issues on page 40
• Documentation Updates on page 41
• Migration, Upgrade, and Downgrade Instructions on page 41
• Product Compatibility on page 46
Copyright © 2019, Juniper Networks, Inc. 39
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Known Behavior
There are no known behaviors, system maximums, and limitations in hardware and
software in Junos OS Release 18.4R1 for Junos Fusion Enterprise.
For the most complete and latest information about known Junos OS problems, use the
Juniper Networks online Junos Problem Report Search application.
See Also • New and Changed Features on page 39
• Changes in Behavior and Syntax on page 39
• Known Issues on page 40
• Resolved Issues on page 40
• Documentation Updates on page 41
• Migration, Upgrade, and Downgrade Instructions on page 41
• Product Compatibility on page 46
Known Issues
There are no known issues in hardware and software in Junos OS Release 18.4R1 for Junos
Fusion Enterprise.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
See Also • New and Changed Features on page 39
• Changes in Behavior and Syntax on page 39
• Known Behavior on page 40
• Resolved Issues on page 40
• Documentation Updates on page 41
• Migration, Upgrade, and Downgrade Instructions on page 41
• Product Compatibility on page 46
Resolved Issues
This section lists the issues fixed in Junos OS Release 18.4R1.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• Resolved issues: Release 18.4R1 on page 41
40 Copyright © 2019, Juniper Networks, Inc.
Resolved issues: Release 18.4R1
• In a Junos Fusion Enterprise, the scpd process does not run on the EX9251. PR1369646
See Also • New and Changed Features on page 39
• Changes in Behavior and Syntax on page 39
• Known Behavior on page 40
• Known Issues on page 40
• Documentation Updates on page 41
• Migration, Upgrade, and Downgrade Instructions on page 41
• Product Compatibility on page 46
Documentation Updates
There are no errata or changes in Junos OS Release 18.4R1 for Junos Fusion Enterprise
documentation.
See Also • New and Changed Features on page 39
• Changes in Behavior and Syntax on page 39
• Known Behavior on page 40
• Known Issues on page 40
• Resolved Issues on page 40
• Migration, Upgrade, and Downgrade Instructions on page 41
• Product Compatibility on page 46
Migration, Upgrade, and Downgrade Instructions
This section contains the procedure to upgrade or downgrade Junos OS and satellite
software for a Junos Fusion Enterprise. Upgrading or downgrading Junos OS and satellite
software might take several hours, depending on the size and configuration of the Junos
Fusion Enterprise topology.
• Basic Procedure for Upgrading Junos OS on an Aggregation Device on page 42
• Upgrading an Aggregation Device with Redundant Routing Engines on page 43
• Preparing the Switch for Satellite Device Conversion on page 44
• Converting a Satellite Device to a Standalone Switch on page 45
• Upgrade and Downgrade Support Policy for Junos OS Releases on page 45
• Downgrading from Junos OS on page 46
Copyright © 2019, Juniper Networks, Inc. 41
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Basic Procedure for Upgrading Junos OS on an Aggregation Device
When upgrading or downgrading Junos OS for an aggregation device, always use the
junos-install package. Use other packages (such as the jbundle package) only when so
instructed by a Juniper Networks support representative. For information about the
contents of the junos-install package and details of the installation process, see the
Installation and Upgrade Guide.
NOTE: Before upgrading, back up the file system and the currently active
Junos OS configuration so that you can recover to a known, stable
environment in case the upgrade is unsuccessful. Issue the following
command:
user@host> request system snapshot
The installation process rebuilds the file system and completely reinstalls
Junos OS. Configuration information from the previous software installation
is retained, but the contents of log files might be erased. Stored files on the
routing platform, such as configuration templates and shell scripts (the only
exceptions are the juniper.conf and ssh files), might be removed. To preserve
the stored files, copy them to another system before upgrading or
downgrading the routing platform. See the Junos OS Administration Library.
To download and install Junos OS:
1. Using a Web browser, navigate to the Download Software URL on the Juniper Networks
webpage:
https://www.juniper.net/support/downloads/
2. Log in to the Juniper Networks authentication system using the username (generally
your e-mail address) and password supplied by Juniper Networks representatives.
3. Select By Technology > Junos Platform > Junos Fusion to find the software that you
want to download.
4. Select the release number (the number of the software version that you want to
download) from the Version drop-down list on the right of the page.
5. Select the Software tab.
6. Select the software package for the release.
7. Review and accept the End User License Agreement.
8. Download the software to a local host.
42 Copyright © 2019, Juniper Networks, Inc.
9. Copy the software to the routing platform or to your internal software distribution
site.
10. Install the new junos-install package on the aggregation device.
NOTE: We recommend that you upgrade all software packages out of
band using the console because in-band connections are lost during the
upgrade process.
Customers in the United States and Canada, use the following commands, where n
is the spin number.
user@host> request system software add validate reboot
source/junos-install-ex92xx-x86-64-18.3B1.n.tgz
All other customers, use the following commands, where n is the spin number.
user@host> request system software add validate reboot
source/junos-install-ex92xx-x86-64-18.3B1.n-limited.tgz
Replace source with one of the following values:
• /pathname—For a software package that is installed from a local directory on the
router.
• For software packages that are downloaded and installed from a remote location:
• ftp://hostname/pathname
• http://hostname/pathname
• scp://hostname/pathname (available only for Canada and U.S. version)
The validate option validates the software package against the current configuration
as a prerequisite to adding the software package to ensure that the router reboots
successfully. This is the default behavior when the software package being added is
a different release.
Adding the reboot command reboots the router after the upgrade is validated and
installed. When the reboot is complete, the router displays the login prompt. The
loading process might take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
Upgrading an Aggregation Device with Redundant Routing Engines
If the aggregation device has two Routing Engines, perform a Junos OS installation on
each Routing Engine separately to minimize disrupting network operations as follows:
Copyright © 2019, Juniper Networks, Inc. 43
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine
and save the configuration change to both Routing Engines.
2. Install the new Junos OS release on the backup Routing Engine while keeping the
currently running software version on the master Routing Engine.
3. After making sure that the new software version is running correctly on the backup
Routing Engine, switch over to the backup Routing Engine to activate the new software.
4. Install the new software on the original master Routing Engine that is now active as
the backup Routing Engine.
For the detailed procedure, see the Installation and Upgrade Guide.
Preparing the Switch for Satellite Device Conversion
There are multiple methods to upgrade or downgrade satellite software in your Junos
Fusion Enterprise. See Configuring or Expanding a Junos Fusion Enterprise.
For satellite device hardware and software requirements, see Understanding Junos Fusion
Enterprise Software and Hardware Requirements.
Use the following command to install Junos OS on a switch before converting it into a
satellite device:
user@host> request system software add validate reboot source/package-name
NOTE: The following conditions must be met before a Junos switch that is
running Junos OS Release 14.1X53-D43 can be converted to a satellite device
when the action is initiated from the aggregation device:
• The switch running Junos OS can be converted only to SNOS 3.1 and later.
• Either the switch must be set to factory-default configuration by using the
request system zeroize command, or the following command must be
included in the configuration: set chassis auto-satellite-conversion.
When the interim installation has completed and the switch is running a version of
Junos OS that is compatible with satellite device conversion, perform the following steps:
1. Log in to the device using the console port.
2. Clear the device:
[edit]
user@satellite-device# request system zeroize
NOTE: The device reboots to complete the procedure for resetting the
device.
44 Copyright © 2019, Juniper Networks, Inc.
If you are not logged in to the device using the console port connection, your connection
to the device is lost after you enter the request system zeroize command.
If you lose connection to the device, log in using the console port.
3. (EX4300 switches only) After the reboot is complete, convert the built-in 40-Gbps
QSFP+ interfaces from Virtual Chassis ports (VCPs) into network ports:
user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port port-number
For example, to convert all four built-in 40-Gbps QSFP+ interfaces on an EX4300-24P
switch into network ports:
user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 0
user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 1
user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 2
user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 3
This step is required for the 40-Gbps QSFP+ interfaces that will be used as uplink
interfaces in a Junos Fusion topology. Built-in 40-Gbps QSFP+ interfaces on EX4300
switches are configured into VCPs by default, and the default settings are restored
after the device is reset.
After this initial preparation, you can use one of three methods to convert your switches
into satellite devices—autoconversion, manual conversion, or preconfiguration. See
Configuring or Expanding a Junos Fusion Enterprise for detailed configuration steps for
each method.
Converting a Satellite Device to a Standalone Switch
If you need to convert a satellite device to a standalone device, you must install a new
Junos OS software package on the satellite device and remove it from the Junos Fusion
topology. For more information, see Converting a Satellite Device to a Standalone Device.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at
a time is not provided, except for releases that are designated as Extended End-of-Life
(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can
upgrade directly from one EEOL release to the next EEOL release even though EEOL
releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after
the currently installed EEOL release, or to two EEOL releases before or after. For example,
Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS
Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.
You cannot upgrade directly from a non-EEOL release to a release that is more than
three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to
a release more than three releases before or after, first upgrade to the next EEOL release
and then upgrade or downgrade from that EEOL release to your target release.
Copyright © 2019, Juniper Networks, Inc. 45
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
For more information about EEOL releases and to review a list of EEOL releases, see
https://www.juniper.net/support/eol/junos.html
Downgrading from Junos OS
Junos Fusion Enterprise is first supported in Junos OS Release 16.1, although you can
downgrade a standalone EX9200 switch to earlier Junos OS releases.
NOTE: You cannot downgrade more than three releases.
For more information, see the Installation and Upgrade Guide.
To downgrade a Junos Fusion Enterprise from Junos OS Release 18.3R1, follow the
procedure for upgrading, but replace the 18.3 junos-install package with one that
corresponds to the appropriate release.
See Also • New and Changed Features on page 39
• Changes in Behavior and Syntax on page 39
• Known Behavior on page 40
• Known Issues on page 40
• Resolved Issues on page 40
• Documentation Updates on page 41
• Product Compatibility on page 46
Product Compatibility
• Hardware and Software Compatibility on page 46
• Hardware Compatibility Tool on page 46
Hardware and Software Compatibility
For a complete list of all hardware and software requirements for a Junos Fusion
Enterprise, including which Juniper Networks devices function as satellite devices, see
Understanding Junos Fusion Enterprise Software and Hardware Requirements in the Junos
Fusion Enterprise Feature Guide.
To determine the features supported in a Junos Fusion, use the Juniper Networks Feature
Explorer, a Web-based application that helps you to explore and compare Junos OS
feature information to find the right software release and hardware platform for your
network. Find Feature Explorer at: https://apps.juniper.net/feature-explorer/
Hardware Compatibility Tool
For a hardware compatibility matrix for optical interfaces and transceivers supported
across all platforms, see the Hardware Compatibility tool.
46 Copyright © 2019, Juniper Networks, Inc.
See Also • New and Changed Features on page 39
• Changes in Behavior and Syntax on page 39
• Known Behavior on page 40
• Known Issues on page 40
• Resolved Issues on page 40
• Documentation Updates on page 41
• Migration, Upgrade, and Downgrade Instructions on page 41
Junos OS Release Notes for Junos Fusion Provider Edge
These release notes accompany Junos OS Release 18.4R1 for the Junos Fusion Provider
Edge. They describe new and changed features, limitations, and known and resolved
problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation
webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
• New and Changed Features on page 47
• Changes in Behavior and Syntax on page 48
• Known Behavior on page 49
• Known Issues on page 49
• Resolved Issues on page 50
• Documentation Updates on page 50
• Migration, Upgrade, and Downgrade Instructions on page 51
• Product Compatibility on page 59
New and Changed Features
This section describes the new features and enhancements to existing features in Junos
OS Release 18.4R1 for Junos Fusion Provider Edge.
• Class of Service (CoS) on page 48
• Junos Fusion on page 48
Copyright © 2019, Juniper Networks, Inc. 47
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Class of Service (CoS)
• CoS support for Broadband Edge Subscriber Management functionality on Junos
Fusion Provider Edge—Starting with Junos OS 18.4R1, standard CoS feature support
is provided for broadband edge subscriber management functionality on Junos Fusion
Provider Edge, including classifiers and rewrite rules for subscriber interfaces and up
to four levels of hierarchical scheduling, depending on hardware used.
[See Understanding CoS on an Aggregation Device in Junos Fusion Provider Edge.]
Junos Fusion
• Support for broadband edge subscriber management (Junos Fusion Provider
Edge)—Starting in Junos OS Release 18.4R1, Junos Fusion Provider Edge supports
broadband edge subscriber management where the aggregation device functions as
the broadband network gateway (BNG). The aggregation device is used as a single
point of management to provision and manage the broadband services on the extended
ports on the satellite devices. The extended ports function as access ports on the BNG
and are connected to customer premise equipment.
[See Broadband on Junos Fusion and Junos OS Broadband Subscriber Management and
Services Library.]
• Connectivity fault management (Junos Fusion Provider Edge)—Starting in Junos OS
Release 18.4R1, Junos Fusion Provider Edge supports disturbed and inline connectivity
fault management (CFM) on the extended ports on the satellite devices. The
aggregation device initiates and processes the continuity check messages (CCMs)
that are sent and received on the extended ports on the satellite devices. This feature
supports CCMs for multiple up MEPs, Ethernet loopback and linktrace for a MEP, and
delay measurement and synthetic loss measurement for performance monitoring
between two MEPs.
[See Connectivity Fault Management in Junos Fusion.]
See Also • Changes in Behavior and Syntax on page 48
• Known Behavior on page 49
• Known Issues on page 49
• Resolved Issues on page 50
• Documentation Updates on page 50
• Migration, Upgrade, and Downgrade Instructions on page 51
• Product Compatibility on page 59
Changes in Behavior and Syntax
There are no changes in default behavior and syntax for Junos Fusion Provider Edge in
Junos OS Release 18.4R1.
48 Copyright © 2019, Juniper Networks, Inc.
See Also • New and Changed Features on page 47
• Known Behavior on page 49
• Known Issues on page 49
• Resolved Issues on page 50
• Documentation Updates on page 50
• Migration, Upgrade, and Downgrade Instructions on page 51
• Product Compatibility on page 59
Known Behavior
There are no known behaviors, system maximums, and limitations in hardware and
software in Junos OS Release 18.4R1 for Junos Fusion Provider Edge.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
See Also • New and Changed Features on page 47
• Changes in Behavior and Syntax on page 48
• Known Issues on page 49
• Resolved Issues on page 50
• Documentation Updates on page 50
• Migration, Upgrade, and Downgrade Instructions on page 51
• Product Compatibility on page 59
Known Issues
There are no known issues in the Junos OS Release 18.4R1 for Junos Fusion Provider Edge.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
See Also • New and Changed Features on page 47
• Changes in Behavior and Syntax on page 48
• Known Behavior on page 49
• Resolved Issues on page 50
• Documentation Updates on page 50
• Migration, Upgrade, and Downgrade Instructions on page 51
• Product Compatibility on page 59
Copyright © 2019, Juniper Networks, Inc. 49
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Resolved Issues
This section lists the issues fixed in the Junos OS Release 18.R41 for Junos Fusion Provider
Edge.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• Junos Fusion Provider Edge on page 50
• Junos Fusion Satellite Software on page 50
Junos Fusion Provider Edge
• In a Junos Fusion, the aggregation device LAG interface might flap during satellite
device upgrade or downgrade. PR1321575
• The laser receive power of the extended ports is higher than the output power of the
peer link. PR1358007
• The ppmd process on AD might crash when using authentication key-chain with BFD.
PR1375647
• The spmd core process might generate a core file after the request support information
command is executed on the aggregation device. PR1375732
Junos Fusion Satellite Software
• The shutdown of the cascade port might lead to the invalidation of the MPC. PR1360876
• QFX satellite device might restart in Junos OS Fusion solutions when copper SFP is
used. PR1369062
See Also • New and Changed Features on page 47
• Changes in Behavior and Syntax on page 48
• Known Behavior on page 49
• Known Issues on page 49
• Documentation Updates on page 50
• Migration, Upgrade, and Downgrade Instructions on page 51
• Product Compatibility on page 59
Documentation Updates
There are no errata or changes in Junos OS Release 18.4R1 documentation for Junos
Fusion Provider Edge.
See Also • New and Changed Features on page 47
• Changes in Behavior and Syntax on page 48
50 Copyright © 2019, Juniper Networks, Inc.
• Known Behavior on page 49
• Known Issues on page 49
• Resolved Issues on page 50
• Migration, Upgrade, and Downgrade Instructions on page 51
• Product Compatibility on page 59
Migration, Upgrade, and Downgrade Instructions
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade
policies for Junos OS for Junos Fusion Provider Edge. Upgrading or downgrading Junos
OS might take several hours, depending on the size and configuration of the network.
• Basic Procedure for Upgrading an Aggregation Device on page 51
• Upgrading an Aggregation Device with Redundant Routing Engines on page 54
• Preparing the Switch for Satellite Device Conversion on page 54
• Converting a Satellite Device to a Standalone Device on page 55
• Upgrading an Aggregation Device on page 58
• Upgrade and Downgrade Support Policy for Junos OS Releases on page 58
• Downgrading from Junos OS Release 18.4 on page 59
Basic Procedure for Upgrading an Aggregation Device
When upgrading or downgrading Junos OS, always use the jinstall package. Use other
packages (such as the jbundle package) only when so instructed by a Juniper Networks
support representative. For information about the contents of the jinstall package and
details of the installation process, see the Installation and Upgrade Guide.
NOTE: Before upgrading, back up the file system and the currently active
Junos OS configuration so that you can recover to a known, stable
environment in case the upgrade is unsuccessful. Issue the following
command:
user@host> request system snapshot
The installation process rebuilds the file system and completely reinstalls
Junos OS. Configuration information from the previous software installation
is retained, but the contents of log files might be erased. Stored files on the
routing platform, such as configuration templates and shell scripts (the only
exceptions are the juniper.conf and ssh files), might be removed. To preserve
the stored files, copy them to another system before upgrading or
downgrading the routing platform. See the Junos OS Administration Library.
Copyright © 2019, Juniper Networks, Inc. 51
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
The download and installation process for Junos OS Release 18.4R1 is different from that
for earlier Junos OS releases.
1. Using a Web browser, navigate to the Download Software URL on the Juniper Networks
webpage:
https://www.juniper.net/support/downloads/
2. Log in to the Juniper Networks authentication system by using the username (generally
your e-mail address) and password supplied by Juniper Networks representatives.
3. Select By Technology > Junos Platform > Junos Fusion to find the software that you
want to download.
4. Select the release number (the number of the software version that you want to
download) from the Version drop-down list to the right of the page.
5. Select the Software tab.
6. Select the software package for the release.
7. Review and accept the End User License Agreement.
8. Download the software to a local host.
9. Copy the software to the routing platform or to your internal software distribution
site.
10. Install the new jinstall package on the aggregation device.
NOTE: We recommend that you upgrade all software packages
out-of-band using the console, because in-band connections are lost
during the upgrade process.
Customers in the United States and Canada, use the following commands.
• For 64-bit software:
NOTE: We recommend that you use 64-bit Junos OS software when
implementing Junos Fusion Provider Edge.
user@host> request system software add validate reboot
source/jinstall64-18.4R1.SPIN-domestic-signed.tgz
• For 32-bit software:
52 Copyright © 2019, Juniper Networks, Inc.
user@host> request system software add validate reboot
source/jinstall-18.4R1.SPIN-domestic-signed.tgz
All other customers, use the following commands.
• For 64-bit software:
NOTE: We recommend that you use 64-bit Junos OS software when
implementing Junos Fusion Provider Edge.
user@host> request system software add validate reboot
source/jinstall64-18.4R1.SPIN-export-signed.tgz
• For 32-bit software:
user@host> request system software add validate reboot
source/jinstall-18.4R1.SPIN-export-signed.tgz
Replace source with one of the following values:
• /pathname—For a software package that is installed from a local directory on the
router.
• For software packages that are downloaded and installed from a remote location:
• ftp://hostname/pathname
• http://hostname/pathname
• scp://hostname/pathname (available only for the Canada and U.S. version)
The validate option validates the software package against the current configuration
as a prerequisite for adding the software package to ensure that the router reboots
successfully. This is the default behavior when the software package being added is
for a different release.
Adding the reboot command reboots the router after the upgrade is validated and
installed. When the reboot is complete, the router displays the login prompt. The
loading process might take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
NOTE: After you install a Junos OS Release 18.4R1 jinstall package, you cannot
return to the previously installed software by issuing the request system
software rollback command. Instead, you must issue the request system
software add validate command and specify the jinstall package that
corresponds to the previously installed software.
Copyright © 2019, Juniper Networks, Inc. 53
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Upgrading an Aggregation Device with Redundant Routing Engines
If the aggregation device has two Routing Engines, perform a Junos OS installation on
each Routing Engine separately as follows to minimize disrupting network operations:
1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine
and save the configuration change to both Routing Engines.
2. Install the new Junos OS release on the backup Routing Engine while keeping the
currently running software version on the master Routing Engine.
3. After making sure that the new software version is running correctly on the backup
Routing Engine, switch over to the backup Routing Engine to activate the new software.
4. Install the new software on the original master Routing Engine that is now active as
the backup Routing Engine.
For the detailed procedure, see the Installation and Upgrade Guide.
Preparing the Switch for Satellite Device Conversion
Satellite devices in a Junos Fusion topology use a satellite software package that is
different from the standard Junos OS software package. Before you can install the satellite
software package on a satellite device, you first need to upgrade the target satellite
device to an interim Junos OS software version that can be converted to satellite software.
For satellite device hardware and software requirements, see Understanding Junos Fusion
Software and Hardware Requirements
NOTE: The following conditions must be met before a standalone switch
that is running Junos OS Release 14.1X53-D43 can be converted to a satellite
device when the action is initiated from the aggregation device:
• The switch can be converted to only SNOS 3.1 and later.
• Either the switch must be set to factory-default configuration by using the
request system zeroize command, or the following command must be
included in the configuration: set chassis auto-satellite-conversion.
Customers with EX4300 switches, use the following command:
user@host> request system software add validate reboot
source/jinstall-ex-4300-14.1X53-D43.3-domestic-signed.tgz
Customers with QFX5100 switches, use the following command:
user@host> request system software add reboot
source/jinstall-qfx-5-14.1X53-D43.3-domestic-signed.tgz
54 Copyright © 2019, Juniper Networks, Inc.
When the interim installation has completed and the switch is running a version of Junos
and OS on one line that is compatible with satellite device conversion, perform the
following steps:
1. Log in to the device by using the console port.
2. Clear the device:
[edit]
user@satellite-device# request system zeroize
NOTE: The device reboots to complete the procedure for resetting the
device.
If you are not logged in to the device by using the console port connection, your
connection to the device is lost after you enter the request system zeroize command.
If you lose your connection to the device, log in using the console port.
3. (EX4300 switches only) After the reboot is complete, convert the built-in 40-Gbps
QSFP+ interfaces from Virtual Chassis ports (VCPs) into network ports:
user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port port-number
For example, to convert all four built-in 40-Gbps QSFP+ interfaces on an EX4300-24P
switch into network ports:
user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 0
user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 1
user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 2
user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 3
This step is required for the 40-Gbps QSFP+ interfaces that will be used as uplink
interfaces in a Junos Fusion topology. Built-in 40-Gbps QSFP+ interfaces on EX4300
switches are configured into VCPs by default, and the default settings are restored
after the device is reset.
After this initial preparation, you can use one of three methods to convert your switches
into satellite devices—autoconversion, manual conversion, and preconfiguration. See
Configuring Junos Fusion Provider Edge for detailed configuration steps for each method.
Converting a Satellite Device to a Standalone Device
If you need to convert a satellite device to a standalone device, you must install a new
Junos OS software package on the satellite device and remove the satellite device from
the Junos Fusion topology.
Copyright © 2019, Juniper Networks, Inc. 55
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
NOTE: If the satellite device is a QFX5100 switch, you need to install a PXE
version of Junos OS. The PXE version of Junos OS is software that includes
pxe in the Junos OS package name when it is downloaded from the Software
Center—for example, the PXE image for Junos OS Release 14.1X53-D43 is
named install-media-pxe-qfx-5-14.1X53-D43.3-signed.tgz . If the satellite
device is an EX4300 switch, you install a standard jinstall-ex-4300 version
of Junos OS.
56 Copyright © 2019, Juniper Networks, Inc.
The following steps explain how to download software, remove the satellite device from
Junos Fusion, and install the Junos OS software image on the satellite device so that the
device can operate as a standalone device.
1. Using a Web browser, navigate to the Junos OS software download URL on the Juniper
Networks webpage:
https://www.juniper.net/support/downloads
2. Log in to the Juniper Networks authentication system by using the username (generally
your e-mail address) and password supplied by Juniper Networks representatives.
3. Select By Technology > Junos Platform > Junos Fusion from the drop-down list and
select the switch platform series and model for your satellite device.
4. Select the Junos OS Release 14.1X53-D30 software image for your platform.
5. Review and accept the End User License Agreement.
6. Download the software to a local host.
7. Copy the software to the routing platform or to your internal software distribution
site.
8. Remove the satellite device from the automatic satellite conversion configuration.
If automatic satellite conversion is enabled for the satellite device’s member number,
remove the member number from the automatic satellite conversion configuration.
The satellite device’s member number is the same as the FPC slot ID.
[edit]
user@aggregation-device# delete chassis satellite-management auto-satellite-conversion
satellite member-number
For example, to remove member number 101 from Junos Fusion:
[edit]
user@aggregation-device# delete chassis satellite-management auto-satellite-conversion
satellite 101
You can check the automatic satellite conversion configuration by entering the show
command at the [edit chassis satellite-management auto-satellite-conversion]
hierarchy level.
9. Commit the configuration.
To commit the configuration to both Routing Engines:
[edit]
user@aggregation-device# commit synchronize
Copyright © 2019, Juniper Networks, Inc. 57
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Otherwise, commit the configuration to a single Routing Engine:
[edit]
user@aggregation-device# commit
10. Install the Junos OS software on the satellite device to convert the device to a
standalone device.
[edit]
user@aggregation-device> request chassis satellite install URL-to-software-package fpc-slot
member-number
For example, to install a PXE software package stored in the /var/tmp directory on
the aggregation device onto a QFX5100 switch acting as the satellite device using
FPC slot 101:
[edit]
user@aggregation-device> request chassis satellite install
/var/tmp/install-media-pxe-qfx-5-14.1X53-D43.3-signed.tgz fpc-slot 101
For example, to install a software package stored in the var/tmp directory on the
aggregation device onto an EX4300 switch acting as the satellite device using FPC
slot 101:
[edit]
user@aggregation-device> request chassis satellite install
/var/tmp/jinstall-ex-4300-14.1X53-D30.3-domestic-signed.tgz fpc-slot 101
The satellite device stops participating in the Junos Fusion topology after the software
installation starts. The software upgrade starts after this command is entered.
11. Wait for the reboot that accompanies the software installation to complete.
12. When you are prompted to log back into your device, uncable the device from the
Junos Fusion topology. See Removing a Transceiver from a QFX Series Device or
Removing a Transceiver, as needed. Your device has been removed from Junos Fusion.
NOTE: The device uses a factory-default configuration after the Junos
OS installation is complete.
Upgrading an Aggregation Device
When you upgrade an aggregation device to Junos OS Release 18.4R1, you must also
upgrade your satellite device to Satellite Device Software version 3.1R1.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at
a time is not provided, except for releases that are designated as Extended End-of-Life
(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can
58 Copyright © 2019, Juniper Networks, Inc.
upgrade directly from one EEOL release to the next EEOL release even though EEOL
releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after
the currently installed EEOL release, or to two EEOL releases before or after. For example,
Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS
Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.
You cannot upgrade directly from a non-EEOL release to a release that is more than
three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to
a release more than three releases before or after, first upgrade to the next EEOL release
and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see
https://www.juniper.net/support/eol/junos.html.
Downgrading from Junos OS Release 18.4
To downgrade from Release 18.4 to another supported release, follow the procedure for
upgrading, but replace the 18.4 jinstall package with one that corresponds to the
appropriate release.
NOTE: You cannot downgrade more than three releases.
For more information, see the Installation and Upgrade Guide.
See Also • New and Changed Features on page 47
• Changes in Behavior and Syntax on page 48
• Known Behavior on page 49
• Known Issues on page 49
• Resolved Issues on page 50
• Documentation Updates on page 50
• Product Compatibility on page 59
Product Compatibility
• Hardware Compatibility on page 59
Hardware Compatibility
To obtain information about the components that are supported on the devices, and
special compatibility guidelines with the release, see the Hardware Guide and the Interface
Module Reference for the product.
To determine the features supported on MX Series devices in this release, use the Juniper
Networks Feature Explorer, a Web-based application that helps you to explore and
Copyright © 2019, Juniper Networks, Inc. 59
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
compare Junos OS feature information to find the right software release and hardware
platform for your network. See the Feature Explorer.
Hardware Compatibility Tool
For a hardware compatibility matrix for optical interfaces and transceivers supported
across all platforms, see the Hardware Compatibility tool.
See Also • New and Changed Features on page 47
• Changes in Behavior and Syntax on page 48
• Known Behavior on page 49
• Known Issues on page 49
• Resolved Issues on page 50
• Documentation Updates on page 50
• Migration, Upgrade, and Downgrade Instructions on page 51
Junos OS Release Notes for MX Series 5G Universal Routing Platform
These release notes accompany Junos OS Release 18.4R1 for the MX Series. They describe
new and changed features, limitations, and known and resolved problems in the hardware
and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation
webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
• New and Changed Features on page 60
• Changes in Behavior and Syntax on page 80
• Known Behavior on page 84
• Known Issues on page 86
• Resolved Issues on page 99
• Documentation Updates on page 113
• Migration, Upgrade, and Downgrade Instructions on page 114
• Product Compatibility on page 121
New and Changed Features
This section describes the new features and enhancements to existing features in Junos
OS Release 18.4R1 for the MX Series routers.
• Hardware on page 62
• Authentication, Authorization and Accounting (AAA) (RADIUS) on page 62
• Class of Service (CoS) on page 63
• EVPN on page 63
• Forwarding and Sampling on page 65
60 Copyright © 2019, Juniper Networks, Inc.
• General Routing on page 65
• High Availability (HA) and Resiliency on page 65
• Interfaces and Chassis on page 65
• Junos Telemetry Interface on page 67
• Layer 2 VPN on page 69
• MPLS on page 69
• Network Management and Monitoring on page 70
• Operation, Administration, and Maintenance (OAM) on page 71
• Routing Policy and Firewall Filters on page 71
• Routing Protocols on page 72
• Services Applications on page 73
• Software Defined Networking (SDN) on page 74
• Subscriber Management and Services on page 75
• System Management on page 79
• Timing and Synchronization on page 79
• VPN on page 79
Copyright © 2019, Juniper Networks, Inc. 61
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Hardware
• Smart SFP and smart SFP+ support (MX Series)—Starting in Junos OS Release 18.4R1,
the smart SFP transceivers and smart SFP+ transceiver in Table 1 on page 62 and
Table 2 on page 62 are supported on the listed MX Series routers.
Table 1: SFP Transceiver Support on the MX Series
SFP Model Supported MPCs, MICs, and Platforms
SFP-GE-TDM-T1 Supported MPCs:
SFP-GE-TDM-DS3 • MX-MPC1E-3D (with MIC)
• MX-MPC1E-3D-Q (with MIC)
SFP-GE-TDM-E1
• MX-MPC2E-3D (with MIC)
SFP-GE-TDM-STM1 • MX-MPC2E-3D-Q (with MIC)
• MX-MPC2E-3D-NG (with MIC)
SFP-GE-TDM-STM4
• MX-MPC3E-3D-NG (with MIC)
Supported MICs:
• MIC-3D-20GE-SFP
• MIC-3D-20GE-SFP-E
• MIC-MACSEC-20GE
Supported platforms:
• MX80 (with MIC)
• MX104 (fixed interfaces as well as MIC)
• MX240, MX480, and MX960 (with MPC+ MIC)
Table 2: SFP+ Transceiver Support on the MX Series
SFP+ Model Supported MPCs, MICs, and Platforms
SFPP-XGE-TDM-STM16 Supported MPCs:
• MX-MPC1E-3D (with MIC)
• MX-MPC1E-3D-Q (with MIC)
• MX-MPC2E-3D (with MIC)
• MX-MPC2E-3D-Q (with MIC)
• MX-MPC2E-3D-NG (with MIC)
• MX-MPC3E-3D-NG (with MIC)
Supported MICs:
• MIC-MACSEC-20GE
Supported platforms:
• MX80 (with MIC)
• MX104 (fixed interfaces as well as MIC)
• MX240, MX480, and MX960 (with MPC+ MIC)
See the [Hardware Compatibility Tool].
62 Copyright © 2019, Juniper Networks, Inc.
Authentication, Authorization and Accounting (AAA) (RADIUS)
• Support for password change policy enhancement (MX Series)—Starting in Junos
OS Release 18.4R1, the Junos OS password change policy for local user accounts is
enhanced to comply with additional password policies. As part of the policy
improvement, you can configure the following:
• maximum-lifetime-value—The maximum duration of a password. The password
expires after the maximum is reached.
• minimum-lifetime-value—The minimum duration of a password. You cannot change
the password until the minimum duration is reached.
[See password.]
Class of Service (CoS)
• Support for five-level hierarchical CoS with dynamic interface set over dynamic
interface sets (MX Series) — Starting in Junos OS Release 18.4R1, five-level hierarchical
CoS with the ability to configure dynamic interface sets over dynamic interface sets is
supported on NG-MPC2E, NG-MPC3E, MPC5, and MPC7 line cards.
[See stacked-interface-set (Dynamic Profiles).]
• Support for dynamic and static logical interfaces in the same dynamic interface set
(MX Series) — Starting in Junos OS Release 18.4R1, you can apply dynamic and static
logical interfaces in the same dynamic interface set on all MPCs that support four-level
and five-level hierarchical CoS.
[See Understanding Hierarchical CoS for Subscriber Interfaces.]
EVPN
• Support for VMTO for ingress traffic (MX Series)—Starting in Junos OS Release 18.4R1,
you can configure a leaf or spine device that is configured as a Layer 3 gateway to
support virtual machine traffic optimization (VMTO) for ingress traffic. VMTO eliminates
the unnecessary ingress routing to default gateways when a virtual machine is moved
from one data center to another.
To enable VMTO, configure remote-ip-host routes at the [edit routing-instances
routing-instance-name protocols evpn] hierarchy level. You can also filter out the
unwanted routes by configuring an import policy under the remote-ip-host routes
option.
[See Ingress Virtual Machine Traffic Optimization.]
• Support for multihomed proxy advertisement (MX Series)—Starting in Junos OS
Release 18.4R1, Junos OS now provides enhanced support to proxy advertise the MAC
address and IP route entry from all leaf devices that are multihomed to a CE device.
This can prevent traffic loss when one of the connections to the leaf device fail. To
support the multihomed proxy advertisement, all multihomed PE devices should have
the same multihomed proxy advertisement bit value. The multihomed proxy
advertisement feature is enabled by default, and Junos OS uses the default multihomed
proxy advertisement bit value of 0x20.
Copyright © 2019, Juniper Networks, Inc. 63
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
[See EVPN Multihoming Overview.]
• Automatically generated and assigned Ethernet segment identifiers in EVPN-VXLAN
and EVPN-MPLS Networks (MX240, MX480, QFX5100, and QFX5110)—Starting in
Junos OS Release 18.4R1, you can configure aggregated Ethernet interfaces and
aggregated Ethernet logical interfaces on which LACP is enabled to automatically
generate and assign Ethernet segment identifiers (ESIs) to themselves. We support
this feature in the following environments:
• On MX240 or MX480 routers that are multihomed in active-standby or active-active
mode in an EVPN-MPLS network.
• On QFX5100 or QFX5110 switches that are multihomed in active-active mode in an
EVPN-VLAN network.
• MLD snooping support for EVPN-MPLS (MX Series and vMX)—Starting with Junos
OS Release 18.4R1, you can configure Multicast Listener Discovery (MLD) protocol
snooping on MX Series routers with MPCs and vMX routers in an EVPN over an MPLS
network. Enabling MLD snooping helps to constrain IPv6 multicast traffic to interested
receivers in a broadcast domain. Multicast sources and receivers in the EVPN instance
(EVI) can each be single-homed to one provider edge (PE) device or multihomed in
all-active mode to multiple PE devices.
MLD snooping support in this environment includes:
• Either MLDv1 and MLDv2 with any-source multicast (*,G) or MLDv2 with
source-specific multicast (S,G) (configurable)
• MLD state synchronization among multihoming PE devices using BGP EVPN Type 7
(Join Sync Route) and Type 8 (Leave Sync Route) network layer reachability
information (NLRI)
• Inclusive multicast forwarding from the ingress PE device into the EVPN core to reach
all other PE devices
• Forwarding across bridge domains (VLANs) using IRB interfaces and PIM operating
in passive and distributed designated router (PIM-DDR) modes
[See Overview of Multicast Forwarding with IGMP or MLD Snooping in an EVPN-MPLS
Environment.]
• Support for graceful restart on EVPN-VXLAN (MX Series)—Starting in Junos OS
Release 18.4R1, Junos OS supports graceful restart on EVPN-VXLAN on EX9200 and
QFX Series switches and MX Series Routers. Graceful restart allows the device to
recover from a routing process restart or Routing Engine switchover without nonstop
active routing (NSR) enabled.
[See NSR and Unified ISSU Support for EVPN Overview.]
64 Copyright © 2019, Juniper Networks, Inc.
Forwarding and Sampling
• Support for activating or deactivating static routes on the basis of RPM test results
(MX Series)—Starting in Junos OS 18.4R1, you can use RPM probes to detect link status,
and change the preferred-route state on the basis of the probe results. Tracked routes
can be IPv4 or IPv6, and support a single IPv4 or IPv6 next hop. For example, RPM
probes can be sent to an IP address to determine if the link is up, and if so, take the
action of installing a static route in the route table . RPM-tracked routes are installed
with preference 1 and thus are preferred over any existing static routes for the same
prefix.
[See Configuring RPM Probes , rpm-tracking, and show route rpm-tracking.]
General Routing
• Avoid jlock hogs by configuring jlock hold time (MX Series)—Starting with Junos OS
Release 18.4R1, users can configure a jlock hold time threshold value via sysctl. This
helps avoid jlock hogs (tight loops) in ifd_walk by dropping the jlock after the threshold
time is reached. The default hold time is 50ms.
[See sysctl() Function]
High Availability (HA) and Resiliency
• BFD Client for segment routing (MX Series)—This feature is not supported on Junos
OS Release 18.4R1. You can configure Junos OS to run Seamless Bidirectional
Forwarding Detection (S-BFD) over non colored segment routing tunnels and use
S-BFD as a fast mechanism to detect path failures. You can configure
bfd-liveness-detection at the [edit protocols source-packet-routing segment-list]
hierarchy level for enabling path-level S-BFD for a segment list.
[See Understanding Bidirectional Forwarding Detection (BFD).]
• Resiliency support for Switch Interface Boards (MX10016)—Starting in Junos OS
Release 18.4R1, resiliency support is enabled for Switch Interface Boards (SIBs) on
MX10016 routers. Resiliency support enables the device to monitor hardware anomalies
that can appear at boot time or at runtime. IDEEPROM read failure is an example of
boot-time error. Voltage and temperature sensor readings that do not match permissible
limits are examples of runtime errors.
Interfaces and Chassis
• Support for enhanced Switch Control Board (MX240, MX480, and MX960)—Starting
in Release 18.4R1, Junos OS supports the Enhanced Switch Control Board SCBE3-MX
(model number: SCBE3-MX-S) on the MX240, MX480, and MX960 routers. The
SCBE3-MX-S supports a pluggable Routing Engine and provides a control plane and
data plane interconnect to each line card slot. The SCBE3-MX provides a fabric
bandwidth of up to 480Gbps, using four fabric planes (with MPC7 line cards).
The following Routing Engines are supported on SCBE3-MX: RE-S-1800x2,
RE-S-1800x4, RE-S-X6-64G, and RE-S-X6-128G.
Copyright © 2019, Juniper Networks, Inc. 65
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
The SCBE3-MX interoperates with the following existing line cards: MS-MPC, MPC2-NG,
MPC3, MPC3-NG, MPC4, MPC5, and MPC7.
SCBE3-MX supports fabric hardening. It supports configuration of per fpc
bandwidth-degradation and per fpc blackhole-action.
The SCBE3-MX does not interoperate with any previous-generation SCBs (SCB, SCBE,
and SCBE2). Also, the SCBE3-MX does not support smooth upgrade.
[See SCBE3-MX Description]
• VRF-aware syslog client (MX Series)—Starting in Junos OS Release 18.4R1, the system
log (syslog) client is completely VRF aware. If a server is reachable through a virtual
routing and forwarding (VRF) instance, the syslog client can send log messages to the
server. To specify the routing instance through which the remote server is reachable,
use the routing-instance statement (introduced at appropriate hierarchies).
In previous releases, the syslog client could send log messages to a server reachable
through a VRF instance only if the server could be looked up using the default (inet.0
or inet6.0) routing table. If you set the management-instance statement, the server
was reachable through that VRF instance but the syslog client could not send syslog
messages to the server.
[See Management Interface in a Non-Default Instance and routing-instance (Syslog).]
• Layer 2 and Layer 3 protocols, platforms, and service features supported on
MX10008— Starting in Junos OS Release 18.4R1, MX10008 routers support the following
features:
• SFLOW—Overview of sFlow Technology
• Inline Active Flow Monitoring—Understanding Inline Active Flow Monitoring and
bridge-template
• Two-Way Active Management Protocol (TWAMP)—See Understanding Two-Way
Active Measurement Protocol on Routers
• MPLS—MPLS Overview
• RSVP—RSVP Overview
• MPC—MX Series MPC Overview
• IPv4, IPv6, OSPF, and BGP—IPv6 Overview, Understanding IPv4 Addressing, OSPF
Overview, and Understanding BGP.
• Network Time Protocol (NTP)—NTP Overview
• IGMP Snooping—IGMP Snooping Overview
• BGP persistence for IPv4 and IPv6 and Segregation between interface specific code
and DCD core code—Understanding the Long-Lived BGP Graceful Restart Capability
and dcd
• Connectivity Fault Management (CFM)—Ethernet OAM Connectivity Fault Management
• Integrated Routing and Bridging (IRB)—Understanding Integrated Routing and Bridging
66 Copyright © 2019, Juniper Networks, Inc.
• gnMI—Enabling “ON CHANGE” Sensor Support Through Network Management Interface
(gNMI)
• Rewrite of the first three bits of IPv6 DSCP value—inet6-precedence (CoS Rewrite
Rules)
• NSR—Nonstop Active Routing Concepts
• TACACS+ Authentication and TACACS+ System Accounting— Configuring TACACS+
Authentication and Configuring TACACS+ System Accounting
Junos Telemetry Interface
• Export of subscriber accounting and dynamic interface and interface-set queue
statistics through Junos Telemetry Interface (JTI) (MX Series Routers) —Starting in
Junos OS Release 18.4R1, you can export statistics associated with dynamic subscriber
interface stacking through remote procedure calls (gRPC). Accurate statistics (actual
transit statistics) sensor for the subscriber interface includes IP (total) and IPv6 ingress
and egress packets and bytes. Queue statistics for dynamic interface and interface
sets include include counts of transmitted and dropped packets and bytes. The queue
statistics sensors are maintained per contributing slot (as in the case with AE). Separate
metadata sensors convey more contextual information about the dynamic interface
and interface sets are available. The metadata sensors are also eligible for ON_CHANGE
streaming.
To enable subscriber and queue statistics for telemetry, include the subscriber-statistics
and queue-statistics statements at the [edit dynamic-profiles profile-name telemetry]
hierarchy level.
[See dynamic-profiles and Guidelines for gRPC Sensors (Junos Telemetry Interface).]
• Expanded ON_CHANGE support for Junos Telemetry Interface (JTI) (MX960,
MX2010, MX2020, PTX5000, PTX1000, and PTX10000)—Starting in Junos OS
Release 18.4R1, OpenConfig support through remote procedure call (gRPC) and JTI is
extended to support additional ON_CHANGE sensors.
Periodical streaming of OpenConfig operational states and counters collects
information at regular intervals. ON_CHANGE support streams operational states as
events (only when there is a change), and is preferred over periodic streaming for
time-sensitive missions.
These paths, previously supporting periodical streaming only, now also support
ON_CHANGE streaming:
• /components/component
• /components/component/name/
• /components/component/state/type
• /components/component/state/id
• /components/component/state/description
Copyright © 2019, Juniper Networks, Inc. 67
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• /components/component/state/serial-no
• /components/component/state/part-no
ON_CHANGE notification will be supported on all the hardware components displayed
in the Junos OS CLI operational mode command show chassis hardware.
To provision a sensor to export data through gRPC, use the telemetrySubscribe RPC
to specify telemetry parameters. To enable ON_CHANGE support, configure the sample
frequency in the subscription as zero.
[See Guidelines for gRPC Sensors (Junos Telemetry Interface) and show chassis hardware.]
• Support for NTF agent (MX240, MX480, MX960, MX2010, MX2020, PTX1000,
PTX5000, PTX10000, and VMX)—Junos OS exposes telemetry data over gRPC and
UDP as part of the Junos Telemetry Interface (JTI). One way to stream JTI data into
your existing telemetry and analytics infrastructure requires managing an external
entity to convert the data into a compatible format. Starting in Junos OS Release 18.4R1,
the NTF agent feature provides an on-box solution that allows you to configure and
customize to which endpoint (such as IPFIX and Kafka) the JTI data is delivered and
in which format (such as AVRO, JSON, and MessagePack) the data is encoded.
[See NTF Agent Overview.]
• Abstracted fabric interface support on Junos Telemetry Interface (JTI) (MX480,
MX960, MX2008, MX2010, MX2020, and MX-ELM)—Starting in Junos OS Release
18.4R1, JTI sensor support is available for abstracted fabric interfaces. An abstracted
fabric interface is a pseudointerface that represents a first class Ethernet interface
behavior. This sensor is only supported for node virtualization configurations on MX
routers with an abstract fabric Interface as the connecting link between guest network
functions (GNFs). JTI sensors will report interface-specific load-balancing and fabric
queue statistics. They also will report aggregated statistics across all abstracted fabric
interfaces hosted on a source Packet Forwarding Engine of local guest network functions
(GNFs) along with the fabric statistics for all traffic ingressing from and egressing to
the fabric from that Packet Forwarding Engine.
JTI sensor support is for both gRPC sensors and native (UDP) sensors. Use the following
resource path to configure JTI sensors:
• /junos/system/linecard/node-slicing/af-fab-stats/
To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC
to specify telemetry parameters. Streaming telemetry data through gRPC also requires
the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig
and Network Agent packages are bundled into the Junos OS image by default. Both
packages support the Junos Telemetry Interface (JTI).
For exporting statistics using UDP native sensors, configure parameters at the [edit
services analytics] hierarchy level.
[See sensor (Junos Telemetry Interface), Configuring a Junos Telemetry Interface Sensor
(CLI Procedure), and Guidelines for gRPC Sensors (Junos Telemetry Interface).]
• Enhanced IS-IS sensor support for Junos Telemetry Interface (JTI) (MX960, MX2020,
PTX5000, PTX1000, and PTX10000)—Starting in Junos OS Release 18.4R1, JTI
68 Copyright © 2019, Juniper Networks, Inc.
supports OpenConfig Version v0.3.3 (from v0.2.1) for resource paths related to IS-IS
link-state database (LSDB) streaming. The difference between the two versions results
in changes, additions, deletions, or non-support for leaf devices related to the following
IS-IS type length value (TLV) parameters and IS-IS areas:
• TLV 135: extended-ipv4-reachability
• TLV 236: ipv6-reachability
• TLV 22: extended-is-reachability
• TLV 242: router-capabilities
• IS-IS interface attributes
• IS-IS adjacency attributes
To provision the sensor to export data through gRPC streaming, use the telemetry
Subscribe RPC to specify telemetry parameters. Streaming telemetry data through
gRPC also requires the OpenConfig and Network Agent packages, both of which are
bundled into the Junos image in a default package named junos-openconfig.
[See Configuring a Junos Telemetry Interface Sensor (CLI Procedure) and Guidelines for
gRPC Sensors (Junos Telemetry Interface).]
Layer 2 VPN
• Group VPN on AMS interface (MX Series)—Starting in Junos OS Release 18.4R1, Junos
OS supports load-balancing Group VPN services on AMS interfaces. AMS interfaces
are a bundle of interfaces that function as a single interface and can be configured to
load-balance traffic among the group members. To configure load balancing of Group
VPN services on AMS interfaces, include the ipsec-group-vpn in the [edit services
service-set service-set-name] hierarchy level to configure the service set and the
load-balancing-option statements in the service-interface hierarchy of the AMS interface
to enable load balancing.
For more information on configuring AMS interfaces, see Configuring Aggregated
Multiservices Interfaces.
[See Group VPN on AMS Interfaces.]
MPLS
• Track IGP metric for install prefixes (MX Series)—Starting in Junos OS Release 18.4R1,
you can let the install prefixes follow the metric of their corresponding IGP prefix so
that the various RSVP protocol routes installed for the LSP can now each have their
indivdual metric value. The install-prefix IGP metric tracking feature can be configured
for all LSPs at the [edit protocols mpls] level or on a per-LSP basis at the [edit
protocols mpls label-switched-path] hierarchy level.
[See Install Prefix IGP Overview.]
• Support for IP-based filtering and port mirroring of MPLS traffic (MX Series with
MPC and MIC)—Starting in Junos OS Release 18.4R1, you can apply inbound and
outbound filters for MPLS family based on MPLS-tagged IPv4 and IPv6 parameters
Copyright © 2019, Juniper Networks, Inc. 69
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
using inner payload match conditions, and enable selective port mirroring of MPLS
traffic unto a monitoring device.
To enable IP-based filtering, additional match conditions, such as IPv4 and IPv6 source
and destination addresses, protocol, source and destination ports, and IPv4 and IPv6
source and destination prefix list, are added under the MPLS filter term from parameter.
To enable port mirroring, additional actions, such as port-mirror and port-mirror-instance,
are added for all the match conditions under the filter term then parameter.
[See Understanding IP-Based Filtering and Selective Port Mirroring of MPLS Traffic.]
• Static egress LSP with IPv6 next-hop—Starting in Junos OS Release 18.4R1, you can
configure static LSP on the egress router with the IPv6 as a nexthop address to forward
IPv6 traffic. Static LSP supports nexthop indirection and link protection.
[See Configuring Static Label Switched Paths for MPLS.]
Network Management and Monitoring
• New major alarms on MX Series routers with MPC1 and MPC2—Starting in Junos OS
Release 18.4R1, on MX Series routers with MPC1 and MPC2 line cards, a major chassis
alarm is raised when the following transient hardware errors occur:
• CPQ SRAM parity error
• CPQ RLDRAM double bit ECC error
In the Description column of show chassis alarm outputs, these errors are described as
“FPC <slot number> Major Errors”; for example:
user@host> show chassis alarms
5 alarms currently active
Alarm time Class Description
2018-10-05 18:48:06 PDT Major FPC 9 Major Errors
By default, these errors result in the Packet Forwarding Engine interfaces on the FPC
being disabled. You can use the show chassis fpc errors command to view the default
or user-configured action that resulted from the error.
You can check the syslog messages to learn more about the errors. See the following
examples:
Oct 5 15:58:02 codeine fpc1 MQCHIP(0) CPQ RLDRAM double bit ECC error, bank
0 addr 0x0
Oct 5 15:58:02 codeine fpc1 MQCHIP(0) CPQ Sram parity error, errlog 0x0
To resolve the error, restart the line card. If the error is still not resolved, open a support
case using the Case Manager link at https://www.juniper.net/cm/ or call
1-888-314-JTAC (within the United States) or 1-408-745-9500 (from outside the
United States).
70 Copyright © 2019, Juniper Networks, Inc.
• Support for Junos Space Service Now (MX10016)—Starting in Junos OS Release 18.4R1,
MX10016 routers s support Junos Space Service Now. The Junos Space Service Now
is an application that runs on the Junos Space Network Management Platform to
automate fault management and accelerate issue resolution.
[See Junos Space Service Now.]
Operation, Administration, and Maintenance (OAM)
• Support for inline link fault management (MX Series)—Starting in Junos OS
Release 18.4R1, Junos OS supports inline mode for OAM link fault management (LFM)
on MX Series routers. Inline LFM delegates the transmission and receipt of LFM keepalive
packets from the periodic packet management (ppm) process on the line card to the
forwarding ASIC (that is, to the hardware). Inline LFM reduces the load on the ppm
process and can support LFM in-service software upgrade (ISSU) for non-Juniper peers
(for a keepalive interval of 1 second). You can enable inline LFM by including the
hardware-assisted-keepalives configuration statement at the [edit protocols oam
ethernet link-fault-management] hierarchy level. To disable inline LFM, delete the
hardware-assisted-keepalives statement. The show oam ethernet link-fault-management
detail command displays the keepalive packet statistics. Starting from Release 18.4R1,
when inline LFM is enabled, the keepalive packet statistics are not updated. In earlier
releases, the show oam ethernet link-fault-management detail command displayed
the keepalive packet statistics.
[See Enabling Inline Transmission of LInk Fault Management Keepalives for Maximum
Scaling.]
Routing Policy and Firewall Filters
• Support for next-filter as a firewall filter action (MX Series)—Starting in Junos OS
Release 18.4R1, firewall filters can be configured to execute a sequence of firewall filter
actions. The new next-filter option allows you to deploy a filter list and run a series of
filters, similar to what is already available with next-term actions, and provides filter
scale optimization. Up to eight filters can be chained in this way. The feature is not
supported on logical systems, or on loopback and pseudo-interfaces.
You can use a filter list to implement a mix of multifield-classification and firewall filter
rules. For example, the first filter in the list can be used to perform a generic filter
classification, and the subsequent filters can then do the actual filtering.
[See input-chain and output-chain.]
• Filter-based GRE encapsulation (MX Series)—Starting in Junos OS Release 18.4R1,
you can use tunnel-end-point commands to enable line-rate, filter-based, GRE tunneling
of IPv4 and IPv6 payloads across IPv4 networks.
This GRE encapsulation is not supported for logical systems or for MPLS traffic, and
the route lookup for GRE encapsulated traffic is supported on the default routing
instance only.
The following commands are introduced for this feature:
set firewall tunnel-end-point tunnel-name gre
Copyright © 2019, Juniper Networks, Inc. 71
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
set firewall tunnel-end-point tunnel-name ipv4
set firewall tunnel-end-point tunnel-name ipv6
[See tunnel-end-point and Filter-Based Tunneling Across IPv4 Networks.]
Routing Protocols
• Support for BGP flowspec redirect to IP (MX Series)—Starting in Junos OS Release
18.4R1, BGP flow specification as described in BGP Flow-Spec Internet draft
draft-ietf-idr-flowspec-redirect-ip-02.txt, Redirect to IP Action is supported. Redirect
to IP action uses extended BGP community to provide traffic filtering options for DDoS
mitigation in service provider networks. Legacy flow specification, as specified in the
Internet draft draft-ietf-idr-flowspec-redirect-ip-00.txt, BGP Flow-Spec Extended
Community for Traffic Redirect to IP Next Hop, redirect to IP uses the BGP nexthop
attribute to support interoperability of devices. Junos OS advertises redirect to IP flow
specification action using the extended community by default. Redirect to IP action
allows you to divert matching flow specification traffic to a globally reachable address.
This feature is required to support service chaining in virtual service control gateway
(vSCG).
To configure a static IPv4 flow specification route, include the redirect ipv4-address
statement at the [edit routing-options flow route then] hierarchy level in the
configuration.
To configure a static IPv6 specification route, include the redirect ipv6-address statement
at the [edit routing-options flow route then] hierarchy level in the configuration.
To configure legacy flow specification include legacy-redirect-ip-action at the [edit
group bgp-group neighbor bgp neighbor family inet flow] hierarchy level.
To configure BGP to use VRF.inet.0 table to resolve VRF flow specification routes,
include secondary-independent-resolution statement at the [edit protocols bgp neighbor
family flow] hierarchy level.
[See legacy-redirect-ip-action.]
[See Configuring BGP Flow Specification Action Redirect to IP to Filter DDoS Traffic.]
• Support for 64 BGP add-path routes (MX Series)—Starting in Junos OS Release
18.4R1, support is extended to 64 BGP add-path routes. Currently Junos OS supports
six add-path routes and BGP can advertise up to 20 add-path routes through policy
configuration. If you enable advertisement of multiple paths to a destination or if you
increase the add-path prefix policy send count, BGP can now advertise up to 64
add-path routes.
To advertise all add-paths, up to 64 add-paths or only equal-cost paths, include the
path-selection-mode statement at the [edit protocols bgp group group-name family
name addpath send] hierarchy level. You cannot enable both multipath and
path-selection-mode at the same time.
To advertise a second best path as a backup path in addition to the multiple ECMP
paths include the include-backup-path backup_path_name statement at the [edit
protocols bgp group group-name family name addpath send]] hierarchy level.
72 Copyright © 2019, Juniper Networks, Inc.
[See path-selection-mode.]
[See include-backup-path.]
• Support for BGP egress peer engineering (MX Series)—Starting in Junos OS Release
18.4R1, BGP LS extensions are enhanced to export segment routing topology information
to the controller. A centralized controller in a software-defined network (SDN) can
program any egress peer policy at ingress border routers or at hosts within the domain
in a segment routing network. The egress router advertises SID labels for all its peers,
and the controller advertises these SID labels to the ingress router. The SID label can
be a node segment, or an adjacency segment, or a set segment label. Thus the ingress
router can select these SID labels to transfer data packets to the egress peers. The
path that the controller derives can override the network derived best path. This feature
can also be used in an inter domain scenario.
To configure a peer node SID, include egress-te-node-segment-label at the [edit
protocols bgp group group-name neighbor neighbor-name] hierarchy level.
To configure a peer adjacency SID, include egress-te-adj-segment adj-segment-name
at the [edit protocols bgp group group-name neighbor neighbor-name] hierarchy level.
To create a peer set SID, include egress-te-set-segment set-segment-name label
label-name at the [edit protocols bgp] hierarchy level.
[See egress-te-node-segment.]
[See egress-te-adj-segment.]
[See egress-te-set-segment.]
• Support for IPv4 VPN unicast and IPv6 VPN unicast address families in BGP (MX
Series)—Starting in Junos OS Release 18.4R1, the following address families are
supported to enable advertisement or reception, or both, of multiple paths to a
destination to and from the same BGP peer, instead of advertising and receiving only
the active path to and from the same BGP peer, under the [edit protocols bgp group
group-name] hierarchy.
• IPv4 VPN unicast (family inet-vpn)
• IPv6 VPN unicast (family inet6-vpn)
[See Understanding the Advertisement of Multiple Paths to a Single Destination in BGP.]
• BGP add path support for eBGP (MX Series)—Starting in Junos OS Release 18.4R1,
add path receive is now supported for eBGP under the [edit logical-systems
logical-system-name protocols bgp group group-name family family].
[See Understanding BGP.]
Services Applications
• Support for MPLS-IPv6 inline active flow monitoring (MX Series)—Starting in Junos
OS Release 18.4R1 on MX Series routers, you can perform inline flow monitoring for
MPLS-IPv6 traffic. Both IPFIX and version 9 templates are supported. If you are running
inline flow monitoring on a Lookup (LU) card, you must enable sideband mode to
create MPLS-IPv6 flow records.
Copyright © 2019, Juniper Networks, Inc. 73
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
[See Configuring Inline Active Flow Monitoring Using Routers, Switches or NFX250.]
• MX Series Virtual Chassis NAT support on BNG (MX240, MX480, and MX960 routers
with MS-MPCs and MS-MICs)—Starting in Junos OS Release 18.4R1, you can configure
a two-member MX Series Virtual Chassis to use the Juniper broadband network gateway
(BNG) with IPv4-to-IPv4 basic NAT, dynamic NAT, static destination NAT, dynamic
NAT with port mapping, and stateful NAT64. A two-member MX Series Virtual Chassis
configuration supports a maximum of four MS-MPCs and four MS-MICs per Virtual
Chassis.
[See Protocols and Applications Supported by the MS-MIC and MS-MPC.]
• MX Series Virtual Chassis DS-Lite support (MX240, MX480, and MX960 routers
with MS-MPCs and MS-MICs)—Starting in Junos OS Release 18.4R1, you can configure
DS-Lite on a two-member MX Series Virtual Chassis. A two-member MX Series Virtual
Chassis configuration supports a maximum of four MS-MPCs and four MS-MICs per
Virtual Chassis.
[See Protocols and Applications Supported by the MS-MIC and MS-MPC.]
Software Defined Networking (SDN)
• New features supported on Junos Node Slicing (MX Series)—Starting in Junos OS
Release 18.4R1, Junos Node Slicing supports the following features:
• Support for device family and release in Junos OS YANG modules. [See Understanding
Junos OS YANG Modules.]
• Support for adding user-defined YANG files that provide mappings between the
XML path and the OpenConfig path for data streamed through the Junos Telemetry
Interface. [See Configurable NETCONF Proxy for Junos Telemetry Interface.]
• Support for multiple, smaller configuration YANG modules. [See Understanding the
YANG Modules That Define the Junos OS Configuration.]
• Support for bidirectional authentication (client and server authentication) for gRPC
for Junos Telemetry Interface. [See gRPC Services for Junos Telemetry Interface.]
• Junos events sensor for the Junos Telemetry Interface. [See Overview of the Junos
Telemetry Interface.]
• Input streaming for gRPC Network Management Interface. [See Understanding
OpenConfig and gRPC on Junos Telemetry Interface.]
• ON_CHANGE support for Junos Telemetry Interface. [See Understanding OpenConfig
and gRPC on Junos Telemetry Interface.]
• Enhanced TACACS+ behavior to support the management interface in a non-default
virtual routing and forwarding (VRF) instance. [See Management Interface in a
Non-Default Instance.]
74 Copyright © 2019, Juniper Networks, Inc.
• TACACS+ authorization for operational commands using regular expressions. [See
Using Regular Expressions on a RADIUS or TACACS+ Server to Allow or Deny Access to
Commands.]
• Enhanced support for the nondefault management instance mgmt_junos. [See
Management Interface in a Non-Default Instance.]
Subscriber Management and Services
NOTE: Subscriber management is not ready for deployment in Junos OS
Release 18.4R1. You can use this release for testing and qualification, but we
recommend you wait for a later 18.4 maintenance or service release for
deployment.
• Limit subscriber sessions per user and access profile (MX Series)—Starting in Junos
OS Release 18.4R1, you can configure a limit on the number of sessions that can be
active for a given username in an access profile.
The show network-access aaa statistics session-limit-per-username command displays
the number of active sessions and of blocked requests for usernames in each access
profile. The clear network-access aaa statistics session-limit-per-username command
enables you to clear blocked requests for debugging subscriber session limits.
[See Understanding Session Options for Subscriber Access.]
• New BBE statistics collection and management process (MX Series)—Starting in
Junos OS Release 18.4R1, the BBE statistics collection and management process,
bbe-statsd, is introduced to take advantage of high-performance Routing Engines to
increase the frequency of statistics collection and improve statistics processing in
highly scaled environments. The bbe-stats-service option has been added to the restart
command for restarting this statistics process.
To collect subscriber and service statistics, you now must enable the
actual-transit-statistics statement. If you do not configure this statement, subscriber
statistics are not collected; the show subscribers accounting-statistics command
displays a value of zero for subscriber statistics; and the subscriber statistics are
reported to RADIUS with values of zero.
[See Enabling the Reporting of Accurate Subscriber Accounting Statistics to the CLI.]
• Subscriber secure policy information not revealed in core file dumps (MX
Series)—Starting in Junos OS Release 18.4R1, subscriber secure policy (SSP) information
that might identify subscribers or mediation devices is automatically encrypted when
the authd, bbe-smgd, or dfcd process generates core error files. Unauthorized persons
examining the error files are unable to view the SSP information. The SSP information
that might be present in the core error file includes the source and destination IP address
for the mediation device, device ports, and intercept ID. No configuration is required or
possible.
[See Subscriber Secure Policy Overview.]
Copyright © 2019, Juniper Networks, Inc. 75
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• Increased number of IP addresses in DHCPv4 server groups (MX Series)—Starting
in Junos OS Release 18.4R1, DHCPv4 server groups support up to 32 active server IP
addresses. In earlier releases, only 5 servers are supported.
[See Configuring Active Server Groups to Apply a Common DHCP Relay Agent Configuration
to Named Server Groups.]
• Address allocation method determines behavior when address pool is deleted or
drained (MX Series)—Starting in Junos OS Release 18.4R1, additional checking is
performed to determine the subsequent behavior when authd notifies the DHCP process
that an address pool is deleted or being drained:
• When addresses are allocated on demand, the family with the address in that pool
is logged out immediately when the pool is deleted, or logged out gracefully by the
draining process when a DHCP renew or rebind message is received.
• When the addresses are preallocated, the addresses for both families are deleted
immediately when the pool is deleted, or deleted gracefully by the draining process
when a DHCP renew or rebind message is received.
[See Single-Session DHCP Dual-Stack Overview and Configuring DHCP Local Address
Pool Rapid Drain.]
• Enhanced support for forwarding ACKs from trusted servers (MX Series)—Starting
in Junos OS Release 18.4R1, the allow-server-change option of the active-server-group
statement enables the DHCPv4 relay agent to forward ACKs to DHCP information
request (DHCPINFORM) messages from any server in the active server group to the
client. In earlier releases, only ACKs to DHCP request (renew or rebind) messages can
be forwarded from trusted servers.
[See Configuring Active Server Groups to Apply a Common DHCP Relay Agent Configuration
to Named Server Groups.]
• Support for DHCPv6 NotOnLink status code (MX Series)—Starting in Junos OS
Release 18.4R1, the DHCPv6 server can return to the client a status code of NotOnLink
in the Reply PDU IA field during reauthentication when the subscriber IP or IPv6 address
changes. This code means that at least one address in the client’s request IA is not
appropriate for the client’s connection link. In earlier releases, only a NoAddrsAvail or
NoPrefixAvail status code can be returned when there is an issue with requested
addresses.
[See RADIUS Reauthentication As an Alternative to RADIUS CoA for DHCP Subscribers.]
• Reassign IPv4 address to a new subscriber (MX Series)—Starting in Junos OS Release
18.4R1, you can enable a new subscriber to be reassigned an IPv4 address that is
currently assigned to an existing subscriber by including the reassign-on-match option
with the address-protection statement. The new subscriber request is rejected, but the
existing subscriber is disconnected. The address is assigned to the new subscriber
when it renegotiates the session
[See Configuring Duplicate IPv4 Address Protection for AAA.]
• New predefined variables and RADIUS VSAs for interface and set targeted
distribution (MX Series)—Starting in Junos OS Release 18.4R1, when you target an
interface or an interface set for distribution on aggregated Ethernet member links, you
76 Copyright © 2019, Juniper Networks, Inc.
can use a Juniper Networks predefined variable to source the weight value from the
RADIUS Access-Accept message on a per-subscriber basis, or from Diameter AVPs
during NASREQ processing:
• $junos-interface-target-weight corresponds to Juniper Networks VSA 26-214,
Interface-Targeting-Weight.
• $junos-interface-set-target-weight corresponds to Juniper Networks VSA 26-213,
Interface-Set-Targeting-Weight.
[See Junos OS Predefined Variables That Correspond to RADIUS Attributes and VSAs.]
• Support for exporting BNG sensor data to an IPFIX collector (MX Series)—Starting
in Junos OS Release 18.4R1, the input-jti-ipfix plug-in collects a limited set of sensor
data from the local BNG Junos Telemetry Interface and translates it to the appropriate
IPFIX records for export to an IPFIX collector.
[See Telemetry Data Collection on the IPFIX Mediator for Export to an IPFIX Collector.]
• Detection and autogeneration of logical interface sets representing logical access
nodes (MX Series)—Starting in Junos OS Release 18.4R1, you can configure the router
to parse the ANCP Access-Aggregation-Circuit-ID-ASCII attribute (TLV 0x0003).
When the TLV string begins with a # character, the entire string is a backhaul line
identifier. The portion of the string after the # delimiter represents a logical intermediate
node (DPU-C or PON tree) in the access network to which the subscriber is attached.
This portion is used to set the value of the $junos-aggregation-interface-set-name
variable, and is used as the name of a CoS Level 2 interface set that groups subscribers.
Enable parsing with the hierarchical-access-network-detection option of the access-line
statement.
[See Detection of Backhaul Line Identifiers and Autogeneration of Intermediate Node
Interface Sets.]
• BGP support over dynamic PPPoE interfaces (MX Series)—Starting in Junos OS
Release 18.4R1, BGP is supported over dynamic PPPoE interfaces. PPPoE subscriber
clients correspond to BGP neighbors, so you configure the PPPoE subscriber client IP
addresses as the BGP neighbor addresses with the [edit protocols bgp group name
neighbor] stanza.
You must enable routing services in both the PPPoE subscriber dynamic profile and
the dynamic profile for the underlying VLAN interface with the new routing-service
statement. This statement replaces the deprecated routing-services statement.
You can also selectively enable or disable routing services per subscriber through
RADIUS by using the new $junos-routing-services predefined variable. The action is
determined by the value of the new Routing-Services VSA (26-212) returned in the
RADIUS Access-Accept message.
[See Junos OS Enhanced Subscriber Management.]
• Support for Layer 2 services provisioning on the services side of pseudowire service
logical interface anchored on redundant logical tunnel interface (MX Series with
MPC and MIC)—Starting in Junos OS Release 18.4R1, Layer 2 services provisioning such
as bridge and VPLS, is supported on the services side of the pseudowire service logical
interface anchored to redundant logical tunnel interface. With this support, the
Copyright © 2019, Juniper Networks, Inc. 77
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
chassis-wide scaling numbers available for the physical interfaces over redundant
logical tunnels is extended to pseudowire service interfaces anchored over redundant
logical tunnel interfaces.
[See Layer 2 Services on Pseudowire Service Interface Overview.]
• Support of single-hop BFD sessions for pseudowire redundant logical interfaces
(MX Series)——Junos OS supports inline distribution of single-hop Bidirectional
Forwarding Detection [protocol] (BFD) sessions for pseudowire subscriber logical
tunnel interfaces by default, as these interfaces are anchored on a single Flexible PIC
Concentrator (FPC). With pseudowire redundant logical interfaces, the member logical
tunnel interfaces can be hosted on different linecards. As a result, single-hop BFD
sessions are operated in a centralized mode because the distribution address is not
available for these logical interfaces.
Starting in Junos OS Release 18.4R1, the support for inline distribution of single-hop
BFD sessions is extended to pseudowire subscriber over redundant logical tunnel
interfaces, thereby improving the scaling (number of sessions) and performance
(detection time) of single-hop BFD sessions.
[See Anchor Redundancy Pseudowire Subscriber Logical Interfaces Overview.]
• ARP enhancements for subscriber management (MX Series)—Starting in Junos OS
Release 18.4R1, the following ARP enhancements are supported only for framed routes
on dynamic VLANs:
• Dynamic layer 2 MAC address resolution works for network (non-host) IPv4 framed
routes. The non-host framed route is coupled with the dynamic Layer 2 address
associated with a host route.
• You can enable the router to compare the source MAC address received in a gratuitous
ARP request or reply packet with the value in the ARP cache. The router updates the
cache with the received MAC address if it determines this address is different from
the cache entry.
• You can enable dynamic ARP to resolve the MAC address for IPv4 framed host
(32-bit) routes. By default, the framed route is permanently associated with the
source MAC address received in the packet that triggered creation of the dynamic
VLAN.
[See Junos OS Enhanced Subscriber Management.]
78 Copyright © 2019, Juniper Networks, Inc.
System Management
• Secure copy (scp) support on Junos OS CLI with the ”source address” and ”routing
instance” options (MX240, MX480, MX960, MX2010, MX2020, and vMX)— Starting
in Junos OS Release 18.4R1, MX Series routers support the scp command from the CLI,
along with two additional options: source address and routing instance. The source
address option specifies the local address to use in originating the connection and
routing instance option specifies the name of routing instance for the scp session. These
two options are also added in the following CLI commands where the scp URL is
supported: file copy, file archive, save, show|save, show|compare, load merge, load
override, load patch, load replace, load set, and load update. The functionality of these
commands remains the same with the source address and routing instance options
added.
NOTE: The scp command is available under operational mode and
configuration mode.
[See scp , file copy, file archive, load, and save.]
Timing and Synchronization
• Synchronous Ethernet support for enhanced Switch Control Board (MX240, MX480,
and MX960)—Starting in Junos OS Release 18.4R1, MX Series routers with the enhanced
Switch Control Board (SCBE3-MX) support synchronous Ethernet. Synchronous
Ethernet is a physical layer technology that functions regardless of the network load
and supports hop-by-hop frequency transfer. This enables you to deliver synchronization
services that meet the requirements of modern-day mobile network, and future Long
Term Evolution (LTE)–based infrastructures.
[See Synchronous Ethernet Overview.]
VPN
• Support to control traceroute over Layer 3 VPN (MX Series)—Starting in Junos OS
Release 18.4R1, in a Layer 3 VPN topology with vrf-table-label configured and multiple
customer edge (CE) routers configured in the same VPN routing and forwarding (VRF)
routing instance, when traceroute is performed to a remote provider edge (PE) router
for a CE-facing network, the ICMP time exceeded packet determines the correct IP
address as the source address.
To control the traceroute over Layer 3 VPN topology with vrf-table-label configured
and multiple CE routers configured in the same VRF, you can configure
allow-l3vpn-traceroute-src-select at the[edit system] hierarchy level that determines
the correct IP source address by reviewing the destination routing instance and
destination IP address.
[See allow-l3vpn-traceroute-src-select.]
See Also • Changes in Behavior and Syntax on page 80
Copyright © 2019, Juniper Networks, Inc. 79
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• Known Behavior on page 84
• Known Issues on page 86
• Resolved Issues on page 99
• Documentation Updates on page 113
• Migration, Upgrade, and Downgrade Instructions on page 114
• Product Compatibility on page 121
Changes in Behavior and Syntax
This section lists the changes in behavior of Junos OS features and changes in the syntax
of Junos OS statements and commands from Junos OS Release 18.4R1 for MX Series
routers.
• General Routing on page 80
• Interfaces and Chassis on page 80
• MPLS on page 81
• Network Management and Monitoring on page 82
• Security on page 83
• Software Defined Networking (SDN) on page 83
• Software Installation and Upgrade on page 83
• Subscriber Management and Services on page 83
General Routing
• Zero MAC address (00:00:00:00:00:00) treated as "my mac" (MX-Series)—When
an Ethernet packet arrives in ingress, pre-classifier engine will perform a lookup of MAC
address. If the MAC address matches an entry in the pre-classifier Ternary Content
Addressable Memory (TCAM) and the entry has “my mac” attribute, pre-classifier
engine will set the “my mac” bit in the cookie prepended to the incoming packet. In
current implementation, MAC address “00:00:00:00:00:00” (zero MAC) is programmed
as default value for “my mac” TCAM entries when the pre-allocated entries are not
used or configured. Hence the packets with zero MAC are marked as “my mac” in the
packet cookie. Forwarding engine will check “my mac” bit in the packet cookie. If “my
mac” bit is 0, the packet will be dropped. If “my mac” bit is 1, further L2, L3, MPLS lookup
will be performed. The “my mac” behavior is applicable since the day one release.
Interfaces and Chassis
• New option to configure IP address to be used when the Routing Engine is the current
master—Starting in Junos OS Release 18.4R1, a new option, master-only, is supported
on routers with RE-MX-X6, RE-MX-X8, and RE-PTX-X8 Routing Engines at the following
hierarchies:
• [edit vmhost interfaces management-if interface (0|1) family inet address IPv4 address]
80 Copyright © 2019, Juniper Networks, Inc.
• [edit vmhost interfaces management-if interface (0|1) family inet6 address IPv6
address]
In routing platforms with dual Routing Engines and VM host support, the master-only
option allows you to configure the IP address to be used for the VM host when the
Routing Engine is the current master. The master Routing Engine and the backup
Routing Engine can have independent host IP addresses configured. In earlier releases,
same IP address would be applied on master and backup Routing Engines resulting in
configuration issues.
• TLV status for Layer 2 protocols (MX460)—Starting in Junos OS Release 18.4R1, the
output fields Next-hop and vpls-status are displayed in the show interfaces interface
name detail command, only for Layer 2 protocols on MX480 routers.
• Enhanced AC PEM in high-line power configuration supplies 2400 W power
(MX240)—Starting in Junos OS Release 18.4R1, on MX240 routers, the enhanced AC
PEM in high-line power configuration provides a power output of 2400 W. On Junos
OS versions prior to 18.4R1, the PEM provided only 2050 W of power output.
[See show chassis power.]
• Support for creating layer 2 logical interface independently (MX Series)—In Junos
OS Releases 18.4R1, 18.4R2, and later, MX Series routers support creating layer 2 logical
interface independent of layer 2 routing instance type. That is, you can configure and
commit the layer 2 logical interfaces separately and add the interface to bridge-domain
or Ethernet VPN (EVPN) routing instance separately. Note that the layer 2 logical
interfaces works fine only when the interface is added to bridge domain or EVPN routing
instance.
In the earlier Junos OS releases, when an layer 2 logical interface configuration (units
with encapsulation vlan-bridge configuration) is used, then the logical interface must
be added as part of a bridge-domain or EVPN routing instance for the commit to
succeed.
MPLS
• Previously, when you configured zero (0) as the bandwidth of an RSVP interface, the
bandwidth value was overwritten with the default interface bandwidth (raw hardware
bandwidth), leading to unexpected behavior in the LSP setup. Starting with Junos OS
Release 18.4R1, when you configure zero as the bandwidth, 0 is applied as the RSVP
bandwidth.
[See bandwidth (Protocols RSVP).]
• Starting in Junos OS Release 18.4R1, the remote procedure call (RPC) protocol XML
tag for mpls-label-value is renamed as mpls-history-label-value, mpls-usage-label-value,
and mpls-label-id-value depending on the context of command usage.
• Change in command syntax—Starting in Junos OS Release 18.4R1, the show ldp
database label-requests command name is changed to show ldp
database-label-requests with no change to command functionality.
Copyright © 2019, Juniper Networks, Inc. 81
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Network Management and Monitoring
• SSHD process authentication logs timestamp (MX Series)—Starting in Junos OS
Release 18.4R1, the SSHD process authentication logs use only the time zone defined
in the system time zone. In the earlier releases, the SSHD process authentication logs
sometimes used the system time zone and the UTC time zone.
[See Overview of Junos OS System Log Messages.]
• The NETCONF server omits warnings in RPC replies when the rfc-compliant statement
is configured and the operation returns <ok/> (MX Series)—Starting in Junos OS
Release 18.4R1, when you configure the rfc-compliant statement at the [edit system
services netconf] hierarchy level to enforce certain behaviors by the NETCONF server,
the server must not return an RPC reply that encloses both an <rpc-error> element
and an <ok/> element. If the operation is successful, but the server reply would enclose
one or more <rpc-error> elements of severity warning in addition to the <ok/> element,
then the warnings are omitted. In earlier releases, or when the rfc-compliant statement
is not configured, the NETCONF server might issue an RPC reply that encloses both an
<rpc-error> element of severity warning and an <ok/> element.
• Change in severity level of XQSS errors (MX Series)—Starting in Junos OS Release
18.4R1, on MX series routers with the MPC7E-10G, MPC7E-MRATE, MPC8E, and MPC9E
line cards, the severity level of the following errors have been changed from Fatal to
Major.
• XQSS_CMERROR_CPQW_ERR_INT_FSET_SLOW_DEQ_DRY_ERR
• XQSS_CMERROR_CPQW_ERR_INT_FSET_FAST_DEQ_DRY_ERR
With this change, the above errors no longer cause the entire FPC to go offline by
default. Instead, these errors cause the affected Packet Forwarding Engine (PFE) to
be disabled, because disable-pfe is the default action associated with Major errors on
MX Series routers.
Additionally, the severity level of the correctable error
XQSS_CMERROR_CORRECTABLE_MEM_ERR has been changed from Fatal to Minor.
You can use the commands show chassis errors active detail fpc-slot slot and show
chassis fpc errors slot to view more details of, and the default actions associated with,
these errors.
[See show chassis fpc errors.]
82 Copyright © 2019, Juniper Networks, Inc.
Security
• Syslog updated when configuring XPN cipher suite on a non-xpn supported interface
(MX Series)—In Junos OS Release 18.4R1, on MX Series Routers, if you attempt to
configure XPN cipher suite (gcm-aes-xpn-128 or gcm-aes-xpn-256) for a connectivity
association and attach the connectivity association to an interface on the PIC that
does not support XPN cipher suite, then during runtime, a syslog is logged as below
(and default non-xpn cipher suite is used):
macsec_ciphersuite_is_supported MACSec: ifd ifd_id (ifd_name), Cipher suite cipher id
(cipher name) NOT SUPPORTED.
Software Defined Networking (SDN)
• Installation or upgrade using remotely located installation package (MX480, MX960,
MX2010, MX2020, MX2008)—While performing Junos installation or upgrade on the
base system (BSYS) or guest network function, if you provide a URL to the remotely
located installation package (for example, an ftp file) in the command request system
software add package-file-path, the router locally copies the package, performs checks
such as multi-version compatibility checks on the package, and then installs the
package. The installation process is aborted if any errors are found during the checks.
Previously, if you tried to perform installation or upgrade using a remotely located file,
the router would skip multi-version checks and display an error message, but would
not abort the installation process.
[See Junos Node Slicing Upgrade]
Software Installation and Upgrade
• ZTP is supported on MX PPC platforms (MX Series)—As of Junos OS Release 17.2R3,
zero touch provisioning (ZTP) is supported on MX PPC platforms (which are MX5,
MX10, MX40, MX80, and MX104 routers). Before the fix, the ZTP process did not start
to load image and configuration for MX PPC routers.
[See Junos OS Installation Package Names.]
Subscriber Management and Services
• Flat-file service accounting support ends (MX Series)—Starting in Junos OS Release
18.4R1, flat-file service accounting to a local file is no longer supported. If included in
a configuration, it is ignored.
[See Flat-File Accounting Overview.]
See Also • New and Changed Features on page 60
• Known Behavior on page 84
• Known Issues on page 86
• Resolved Issues on page 99
• Documentation Updates on page 113
Copyright © 2019, Juniper Networks, Inc. 83
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• Migration, Upgrade, and Downgrade Instructions on page 114
• Product Compatibility on page 121
Known Behavior
This section contains the known behavior, system maximums, and limitations in hardware
and software in Junos OS Release 18.4R1 for MX Series routers.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• Forwarding and Sampling on page 84
• General Routing on page 84
• Interfaces and Chassis on page 85
• Platform and Infrastructure on page 86
• Routing Protocols on page 86
• Subscriber Management and Services on page 86
Forwarding and Sampling
• LTS subscriber statistics are reported to RADIUS. PR1383354
• For 18.4R1 release, if ipv4 prefix is added on a prefix-list referred by IPV6 firewall filter
then the log message Prefix-List [Block-Host] in Filter [Protect_V6] not having any
relevant prefixes , Match [from prefix-list Block-Host] might be optimized will not be
seen in this particular release. PR1395923
General Routing
• The problem is, when some route or next hop has been created by the application, it
is assumed that it can propagate to the rest of the system. KRT asynchronously picks
up this state for propagation. There is no reverse indication to the application, if there
was an error in propagating the state. The system is supposed to eventually reconcile.
So, if SPRING-TE produces a <route, NH> pair that looks legal from the application’s
standpoint, but KRT is not able to download it to the kernel, (because the kernel rejected
the next hop), the <route, NH> gets stuck in rpd. In the meantime, the previous version
of the route (L-ISIS in this case) that was downloaded still lingers in the kernel and
Packet Forwarding Engine. PR1253778
• CFM is not supported for L2-over-GRE tunnel. CCM can pass through as transit traffic
through GRE interfaces transparently using data path. Link trace functionality uses
MAC-learning and re-injecting LTM on GRE interface in case the bridge is configured
with CFM. PR1275833
• Support for enterprise profile is only provided for 10-Gigabit Ethernet interfaces. Use
of 40-Gigabit Ethernet and 100-Gigabit Ethernet interfaces might result in a phase
alignment issue. PR1310048
84 Copyright © 2019, Juniper Networks, Inc.
• For inline J-Flow VMX, the InputInt field of the MPLS-V4 data records reports the SNMP
index value of the LSI interface instead of the value for the ingress physical interface.
PR1312047
• When cmerror disables Packet Forwarding Engine, it does not power off the ea and
hmc chips. Temperature monitoring continues on hmc and other devices, and the
system can take proper actions, such as increase the fan speed or shut down the
systems. The periodic calls hmc_eri_config_access() to get temperature. It is expected
to get ERI timeout continuously in this case. PR1324070
• Hardware watchdog does not work on QFX10008 and QFX10002-60C/PTX10002-60C.
PR1343131
• Junos do not perform VLAN-id check at the egress and VLAN-id check is only performed
at ingress. PR1403730
Interfaces and Chassis
• At JDM install time, each JDM instance generates pseudo-random MAC addresses to
be used for JDM's own management interface and for the associated GNFs'
management interfaces. At GNF creation time, each GNF instance generates
pseudo-random MAC addresses to be used as the chassis MAC address pool for the
forwarding interfaces of that GNF. Once generated, JDM and GNF MAC addresses are
persistent, and will only be deleted when the JDM or GNF instance itself is deleted.
At a GNF, the Junos OS CLI command show chassis mac-addresses can be used to
examine its chassis MAC address pool, and the Junos OS CLI command show interfaces
fxp0 can be used to examine the MAC address of its management interface.
At JDM, the CLI command show interfaces jmgmt0 can be used to examine the MAC
address of its management interface.
In case of MAC address duplication across JDM or GNF instances, you must delete and
then reinstall the respective JDM or GNF instance and check again for duplication.
• The two SFP+ ports on the the Routing Control Board (RCB) of an MX2008 router
have two port LEDs each— one Link Status LED and one Link Activity LED per port. On
an MX2008 router, which is connected to an external x86 server in a Junos Node Slicing
setup, behavior of these LEDs with regard to Junos Node Slicing configuration is as
follows:
• The Link Status LEDs and Link Activity LEDs on both the ports are off when Junos
Node Slicing is disabled or not configured.
• When you have configured network-slices on the router (also called base system or
BSYS) but have not configured guest network functions (GNFs) on the server, the
Link Status LED on each port turns green (steady glow). In this case, the Link Activity
LED on each port is off.
• When you have configured Junos Node Slicing (including GNFs), the Link Activity
LED on each port is amber (blinking), while the Link Status LED on each port remains
green (steady glow).
Copyright © 2019, Juniper Networks, Inc. 85
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• Error thrown when router configuration updated on live system—In Junos OS Release
18.4R1, on MX Series routers with the RE-S-X6-64G and RE-MX2K-X8-64G Routing
Engines, when the user changes the router configuration on a live system, or when the
user deletes an interface that has active traffic, the message select: protocol failure in
circuit setup is randomly displayed. However, there is no known functional impact.
Platform and Infrastructure
• On all Junos OS platforms, execution of Python scripts through enhanced automation
does not work on veriexec images. PR1334425
• It is expected to see few transient FI Cell underflow errors during ISSU as long as they
do not persist. PR1353904
Routing Protocols
• When multiple adjacencies are coming-up or flapping, some routes might not have
remote-lfa backup next hops. They will appear only after next SPF trigger either
manually or through network event. PR1389392
Subscriber Management and Services
• Before you make any changes to the underlying interface for a demux0 interface, you
must ensure that no subscribers are currently present on that underlying interface. If
any subscribers are present, you must remove them before you make changes.
See Also • New and Changed Features on page 60
• Changes in Behavior and Syntax on page 80
• Known Issues on page 86
• Resolved Issues on page 99
• Documentation Updates on page 113
• Migration, Upgrade, and Downgrade Instructions on page 114
• Product Compatibility on page 121
Known Issues
This section lists the known issues in hardware and software in Junos OS Release 18.4R1
for MX Series routers.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• EVPN on page 87
• Forwarding and Sampling on page 87
• General Routing on page 88
• Infrastructure on page 93
86 Copyright © 2019, Juniper Networks, Inc.
• Interfaces and Chassis on page 93
• Layer 2 Ethernet Services on page 94
• Layer 2 Features on page 94
• MPLS on page 94
• Network Management and Monitoring on page 94
• Platform and Infrastructure on page 95
• Routing Protocols on page 96
• Software Installation and Upgrade on page 98
• Subscriber Access Management on page 98
• User Interface and Configuration on page 98
• VPN on page 98
EVPN
• The issue is applicable to mac-in-mac PNN-EVPN and does not affect any other
scenario. When PBB EVPN configuration is reloaded on MX Series routers, error logs
are seen while deleting interfaces related to backbone bridge component. These errors
does not result in any functional issues. PR1323275
• When stitching EVPN-VXLAN to EVPN-MPLS or EVPN-MPLS to EVPN-MPLS instances
using the lt-interface or physical loopback, if an IRB interface is used, then IRB ifl mac
has to be configured. PR1363935
• When EVPN-VXLAN configuration is override with baseline configuration it seems
some MACs or VTEPs are not cleaned up and result BD/RI in destroy or delete state.
PR1372561
• When EVPN is configured with class-of-service-based forwarding (CBF), traffic might
be lost for the CBF services. PR1374211
• In Collapsed MX GW topology, when VNI is changed and rolled backed to original VNI,
some MAC might be missing or not learnt. PR1387062
Forwarding and Sampling
• Heap memory leaks occur on DPC when the flow specification route is changed.
PR1305977
• On Junos Fusion, ingress policing on SD is broken set interfaces layer2-policer
input-policer <policer-name> is not supported. PR1395217
Copyright © 2019, Juniper Networks, Inc. 87
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
General Routing
• When performing a Routing Engine switchover without the support of nonstop active
routing, the L2CPD process (L2 Control Protocol Daemon) might occasionally report
a slip in its scheduled run of a few seconds (1 to 10) and a log message will be printed
similar to the following: Aug 1 10:41:21 mx9601 l2cpd[32770]: JTASK_SCHED_SLIP: 8 sec
scheduler slip, user: 0 sec 2180 usec, system: 0 sec, 2188 usec. This delayed run has
neither functional nor operational effect on any Layer 2 protocols controlled by L2CPD,
because STP task delegates, transmits, or receives BPDUs to a separate dedicated
PPMD daemon. Also, LLDP task's transmit or receive PDUs are dealt from the daemon
itself but the advertisement-interval is 30 seconds. Because the hold-timer for neighbors
LLDPPDU is 120 seconds, so there is plenty of time to recover. PR1203977
• This is a rare race condition of multiple interrupts not being handled properly on MX
Series platforms, with MPC7E, MPC8E, MPC9E and PTX Series platforms with
FPC3-PTX-U2 and FPC3-PTX-U3, which could lead to generating a core file. It is difficult
to reproduce. The interrupt code is optimized to avoid the unnecessary call to prevent
the issue. PR1208536
• Packet forwarding traffic might be permanently impacted due to transient memory
parity error at the Egress Port Manager (EPM) port group. Operational impact will be
verified and an alarm will be raised with the syslog message READ/WRITE pointers in
free pool FIFO stalled. PR1220019
• In a BGP or MPLS scenario, if the next hop type of label route is indirect, then the
following changing events about the next hop interface MPLS family might cause the
route to be in DEAD state, and the route will remain dead even when the family MPLS
is again activated. The following events occur: Deactivating and activating the interface
family mpls. Deleting and adding back the interface family mpls. Changing maximum
labels for the interface Note: When a labelled route is resolved over an interface, that
interface must have family mpls configured for the route to be successfully resolved.
Otherwise, the route does not get resolved. PR1242589
PDT team noticing this issue while testing the 17.4R1-S3.3 image while testing the
CUC-1422. Error message: Jun 16 08:17:17 banaswadi rpd[51849]: Error creating dynamic
logical interface from sub-unit 1051592: Device busy Jun 16 08:17:17 banaswadi rpd[51849]:
Error creating dynamic logical interface from sub-unit 1051593: Device busy error message:
rpd[51849]: Error creating dynamic logical interface from sub-unit 1051680: Device busy.
PR1286042
• It is not possible to collect shmlog entries and statistics on MX5, MX10, and MX40
platforms. The code changes also include improvements that should prevent shmlogctl
process core files from being generated due to a timing issue. PR1297818
• The show dynamic-tunnels database summary command would not show an accurate
tunnels summary during the time the anchor Packet Forwarding Engine line card was
not in up state. As a workaround, use the following commands: show dynamic-tunnels
database and show dynamic-tunnels database terse. PR1314763
• This issue occurs in an Oracle use case. Oracle does not use chain-composite. This
statement does not bring in a lot of gain, because TCNH is based on ingress rewrite
premise. Without this statement, things work fine. PR1318984
88 Copyright © 2019, Juniper Networks, Inc.
• In JDM, (running on secondary server) jdmd process might create core files if GNF
add-image is aborted by pressing Ctrl+c. PR1321803
• With regard to FPC restarts/Virtual Chassis splits, the design of MX Series Virtual
Chassis infra relies on the integrity of the TCP connections. Hence, reactions to failure
situations might not be handled in a graceful way; for example: TCP connection timeout
because of jlock hog crossing boundary value (5 seconds), causing bad consequences
in MX Series Virtual Chassis. Since we're not planning to implement the only possible
solution, it seems that we should delete the entire discussion. However, if I am not
understanding correctly, please reinstate and revise text as needed. PR1332765
• The output of the CLI command show class-of-service fabric statistics now includes
traffic that was dropped because of internal errors in the drop counts. PR1338647
• First packet pertaining to J-Flow Packet Forwarding Engine sensor in UDP mode is
missing after line card reboot on PORTER-R platform. PR1344755
• In some cases, OIR (removal followed by reinsertion) of a MIC on a FPC can lead to
traffic destined to the FPC being silently dropped or discarded. The only way to recover
from this is to restart the FPC. The issue will not be seen if you use the corresponding
CLI commands to turn the MIC offline and then back online. PR1350103
• During stress conditions, error log messages regarding route add, change, and delete
might be incorrect. PR1350713
• VRRP MAC filter will not be seen in Packet Forwarding Engine if interfaces flap followed
by GRES occurs, before VRRP state settles down after flap. During this time, VRRP
states are backup in the master Routing Engine and idle in the backup Routing Engine.
PR1353583
• Junos OS branch Releases 17.4, 18.1, and 18.2 are incompatible with branch Releases
18.3 and 18.4. Appropriate warnings are not thrown during image installation. PR1353773
• If an aggregated Ethernet interface is configured as link-protection backup-state down,
aggregated Ethernet operational state is still up even though the member interfaces
configured under the aggregated Ethernet are down. This issue is specific to aggregated
Ethernet link-protection backup-state down configuration. PR1354686
• In configurations of bridging routing instances with aggregated Ethernet logical
interfaces (6400) and IRB instances, all from a single FPC, the CPU utilization of the
FPC stays at 100 percent for 4 minutes. The behavior from PFEMAN of FPC has the
processing time spiked on IF IPCs, and this seems to be the case of MPC7E starting in
Junos OS Release 16.1R1 (or earlier). After 4 minutes, the CPU utilization comes down
and the FPC is normal. Therefore, this scale configuration on MPC7E takes a settling
time of 4+ minutes. PR1359286
• Syslog is updated when the user tries to configure xpn cipher over a non-xpn-supported
platform such as MIC-MACsec-20G even though the commit goes through. PR1367722
• It is possible for a GNF with rosen6 multicast to display stuck krt queue entries after
recovery from a dual Routing Engine reboot at the BSYS. PR1367849
• After FPC reboot with a baseline configuration of 10G speed, if PIC mode for a new
speed is changed just after PICs come online when all physical interfaces are not yet
created, then a port-down issue can be seen randomly. While old-speed physical
Copyright © 2019, Juniper Networks, Inc. 89
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
interfaces detach and new-speed interfaces attach, one of the PCS lanes for the
physical interfaces stays in reset mode, causing the port to stay down. As a workaround,
after FPC reboot with baseline configuration, we recommended that you to wait for 2
to 5 minutes after all PICs are online for port states to be stable before doing any port
speed changes. There is no impact if FPC reboots with new speed configurations
already applied. PR1368687
• When FPC is booting up (either during unified ISSU or router reboot or FPC restart),
i2c timeout errors can be noticed. These errors occur the i2c action could not be
completed, because the device was busy. Once the card is up, all the i2c transactions
to the device are ok, so no periodic failure is observed. There is no functional impact
and these errors can be ignored. PR1369382
• No reference to the power zone information for the PEM is exported in Junos Telemetry
Interface streaming. PR1372374
• When the MIC-MACSsec-20G is in offline state after FAKE-KATS initiation, the MIC
has to be brought up by issuing chassisd restart. Attempting to online the MIC through
CLI could cause the MIC to go to a hardware error state. PR1374532
• I/O session used for communicating between threads is freed due to FSM state
transition. After freeing the memory, the fields of the I/O session are used for tracing,
causing rpd to generate a core file. PR1374759
• If any log message continue, to pop in the MPC console, this indicates the presence of
a faulty SFP or SFP+ transceiver which is causing an I2C transaction from the main
board CPU. There is no software recovery available to recover from this situation. These
logs also indicate potential I2C transaction failure with any of the 10 ports available
with GMIC2 in PIC 0, resulting in unexpected behaviors such as links not coming up or
the MIC itself not booting up on restart. I2C Failed device: group 0xa0 address 0x70
Failed to enable PCA9548(0x70):grp(0xa0)->channel(0) mic_sfp_select_link:MIC(0/0)
- Failed to enable PCA9548 channel, PCA9548 unit:0, channel ID: 0, SFP link: 0
mic_sfp_id_read: Failed to select link 0. The only way to recover from this type of failure
is to detect and replace faulty SFP or SFP+ transceivers plugged into the GMIC2 ports.
PR1375674
• When an MX Series router functioning as a BNG acts as DHCP relay and the destination
DHCP server is reachable through Abstract Fabric interfaces, the packets received by
the DHCP server on AF interfaces were dropped because the Junos OS DHCP daemon
(jdhcpd) was not AFI aware. AF interface awareness should be added to jdhcpd so
that received DHCP packets are handled correctly. PR1377358
• Proper values for one leaf should be provided. For example, instead of displaying values
of 1 or 0, the following strings should be displayed: PRIVATE_AS_REPLACE_ALL { if 1 }
PRIVATE_AS_REMOVE_ALL { if 0 } PR1378159
• On MX Series platforms, constant memory leak might occur on a Flexible PIC
Concentrator (FPC). This condition might lead to memory exhaustion and the FPC
would create core files. PR1381527
• In rare situations at heavy traffic loads, input frame check sequence counter might get
incremented. PR1383009
90 Copyright © 2019, Juniper Networks, Inc.
• J-Insight process requires all the sensors under /components/component/, which are
provided by the chassis-control process. In Junos OS Release 18.4R1, J-Insight
subscription to /components/component/ Junos Telemetry Interface sensors is enabled
by default. This sensor subscription requires the chassis-control process to stream all
the chassis component sensors periodically at 5-second intervals. This periodic
streaming of sensors causes additional CPU utilization for the chassis-control process
at idle state. This increased CPU utilization will not impact system performance. The
impact is equal to when an external subscriber subscribes to components/component/
sensors. PR1383335
• Commit should not be allowed if you are trying to delete the physical-cores command.
However, there is no functional impact of this. PR1384014
• Rpd could generate core files in a rare race condition when NSR + GRES is configured
and switchover is performed along with configuration changes being committed.
PR1385005
• On vMX system with large number of interfaces configured, the vFPC CPU utilization
might go very high periodically due to interface statistics collection running repeatedly.
PR1385853
• This issue is seen only after backup CB removal/insertion operation. Backup CB normal
reboot does not show the same issue. After insertion of backup CB, the temperature
sensor status bit for the CB is not getting updated. Hence, the status always shows up
as 'Testing'. {master} user@router> show chassis environment |find CB CB 0
IntakeA-Zone0 OK 27 degrees C / 80 degrees F CB 0 IntakeB-Zone1 OK 31 degrees C / 87
degrees F CB 0 IntakeC-Zone0 OK 32 degrees C / 89 degrees F CB 0 ExhaustA-Zone0
OK 29 degrees C / 84 degrees F CB 0 ExhaustB-Zone1 OK 30 degrees C / 86 degrees F
CB 0 TCBC-Zone0 OK 38 degrees C / 100 degrees F CB 1 Testing <<<<<<<<< SPMB 0
Intake OK 31 degrees C / 87 degrees F SPMB 1 Intake OK 32 degrees C / 89 degrees F
Routing Engine 0 OK 35 degrees C / 95 degrees F Routing Engine 0 CPU OK 33 degrees
C / 91 degrees F Routing Engine 1 OK 35 degrees C / 95 degrees F Routing Engine 1 CPU
OK 33 degrees C / 91 degrees F . PR1387130
• During Zero Touch Provisioning (ZTP) process, the default route is being cleaned up
by code. As a result, if a static default route is configured in the initial configuration
(configuration file downloaded from the file server for ZTP), the route will fail to work.
This might lead to ZTP failure or a device access issue after ZTP. PR1387724
• In cases of PS over rlt at high scale, removing and adding back a CoS configuration
can cause the FPC to enter a hard error state. PR1388487
• On MX2020, MX2010, and MX2008 platforms with SFB2 cards installed, if a newer
generation of MPC (for example: MPC type 3, 4, 5, 6, 7, 8, or 9) is installed into a slot
that had MPC 3D 16x10GE, (MPC type 1 or MPC type 2) previously installed, the available
fabric bandwidth to the new MPC card would be rate-limited due to residual
programming on the fabric planes. Traffic impact is observed during peak utilization.
PR1388780
• vMX virtIO throughout stays the same between multi-queue and single-queue
(vRouter-DPDK). Single queue performance is much higher compared to the previous
version of single-queue DPDK support on MX86. PR1389338
Copyright © 2019, Juniper Networks, Inc. 91
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• RPC for retrieving syslog events does not recognize the start time format if the time-zone
is provided in it. For example: -7:00 in 2018-10-15T22:59:51.619-07:00 Impact: Expected
entries of UI_COMMIT_PROGRESS not getting populated in syslog due to error in the
RPC that retrieves the records. PR1394780
• MPC7, MPC8, MPC9 cards have a local disk which they keep a copy of the software
image. The cards boot from the disk when an image is there, and boot from the chassis
network (through BOOTP) when an image is not there. Presumably, new MPC7, MPC8,
MPC9 cards do not have an image on the disk and would require a network boot. On
single chassis, there is no problem. But on MX-VC, the network boot does not work.
PR1396268
• If GRES/NSR is enabled on a MX Series (single Routing Engine), DHCP subscribers are
failing to bind. PR1396470
• Interface link is staying down when we deactivate or activate the channelized XE
interface configured with speed 1G (when using QSA adaptor) on MX10008/MX10016
(JNP10000-LC2101 MPC) with Line rate traffic flowing. As a workaround, we need to
offline or online the PIC to recover the link, this is the known issue. We are working with
hardware engineering team to address the issue in 18.4R2. PR1397202
• Interface link is staying down when we deactivate/activate the channelized XE interface
configured with speed 1G (when using QSA adaptor) on MX10008/MX10016
(JNP10000-LC2101 MPC) with Line rate traffic flowing. Workaround : we need to offline
or online the PIC to recover the link, this is the known issue. we are working with
hardware engineering team to address the issue in 18.4R2. PR1397202
• The $junos-framed-route-ipv6-address-prefix variable for programming IPv6 routes is
only permitted under the routing-options->rib->access stanza. PR 1384523 changed
the code to avoid the incorrect mixing of V4 and V6 framed routes in the same stanza
and force the V6 framed routes to only be parsed if they were in their correct
routing-options->rib->access stanza. Additionally, runtime warnings for invalid
configuration V6 framed routes configuration were added in PR 1388737. PR1401144
• There is a chance that some subscribers may not have IPTV post GRES. This condition
will be seen if subscribers are logged in before the system has initialized fully or if
dynamic profiles are changed with subscriber activity. PR1402342
• With the initiation of image installation on Base System of a setup with node slicing
enabled, session gets terminated unexpectedly. PR1402643
• Issuing the CLI show command show services soft-gre tunnel and then changing
configuration of the router can make smg-service unresponsive, for example:
user@router> show system subscriber-management statistics error: timeout
communicating with smg-service daemon. PR1403480
• 1G configuration mode is not an ISSU supported configuration on MX 3RU router. If
that configuration is present on the MX 3RU box, then the customer has to remove the
same before attempting ISSU. Otherwise the 1G configurations will not behave as
expected post ISSU and traffic loss can be expected. Currently there is no warning or
error message alerting the customer on the same. This is applicable to MX 3RU platform
only. PR1405527
92 Copyright © 2019, Juniper Networks, Inc.
• In case of multihome (ESI) scenario, if IPV6 NS packet is flooded by peer leaf device
over VTEP, when it comes to QFX5000 device, it will be flooded back to access ESI
host also which is not expected. Because of this if there is Layer 2 switch before host,
there might be loop happening. Work around is to disable arp-suppression. PR1405814
• On MPC7, MPC8, MPC9E and SFB2 based MX2000 platforms, we have added PR
1304801 to re-config FI rate limiter parameters to avoid cell underflow. We had 60G
throughput with 1MPC9E, 1SFB2 scenario before fixing PR 1304801, but we had 58.5G
throughput after fixing PR 1304801. This 1.5G performance drop is expected for
MPC9E/SFB2 to avoid cell underflow/re-ordering issues in the Packet Forwarding
Engine. We have also added PR 1336446 to fix MPC7/8/9E fabric re-ordering issue
with SFB, but the code change was done for both SFB and SFB2 based systems. This
change caused performance drop of about 7Gbps with SFB2 based system. We had
throughput 51.5G on 1MPC9E/1SFB2 with PR 1336446. PR 1406030 fixed this
performance drop issue on MPC7/8/9E/SFB2 caused by PR 1336446. Now the
throughput is back to 58.5G with 1MPC9E/1SFB2. In 18.2 branch, we need to have PR
1401599 to have 58.5G with 1MPC9E/1SFB2. PR1406030
Infrastructure
• Junos OS can hang trying to acquire the SMP IPI lock while rebooting when it is running
as a VM on Linux and QEMU hypervisor. PR1359339
• If attempt is made to recover (rebuild) OAM volume, it will be made too small to fit a
recovery snapshot. PR1399604
Interfaces and Chassis
• Upgrading Junos OS Release 14.2R5 and later maintenance releases and Junos OS
Release 16.1 and later mainline releases with CFM configuration might cause cfmd
crash after upgrade. This is because of the old version of /var/db/cfm.db. PR1281073
• The error message ppman_cfm_start_inline_adj: Failed to add Inline adj for CFM, pkt-len=0
will be observed in some cases. But there is no functional impact. Sessions or adjacency
would get programmed inline subsequently. PR1358236
• Lfm sessions toward scaled peers might flap during ISSU switchover phase. PR1377761
• On a scaled router with a large number of prefixes learned over a logical interface of
the aggregated Ethernet bundle, if a new logical interface is added the DPCs get busy
and ultimately crashes. PR1389206
• Static demux0 logical interfaces do not come up after configuration change if underlying
interface is et ( 100 GE ). After configuration change et interface gets flushed in order
to reparse the configuration. During this DCD miss to create the dependency between
demux0 logical interfaces and underlying et interface which results in flushing off the
demux0 logical interfaces. This issue will be seen only if underlying interface is et. For
all other interfaces this has been already taken care. This is day one issue. Workaround
for this problem is Restarting DCD (or the entire Routing Engine reboot), clears the
problem or else use 'commit full' instead of commit while committing new configuration.
PR1401026
Copyright © 2019, Juniper Networks, Inc. 93
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Layer 2 Ethernet Services
• On an MX Series platform with MPCs and DPC/DPCE line cards in the same system,
if the system is configured with bridging features, the DPC/DPCE line cards might
restart unexpectedly even though they are not configured for bridging features.
PR1372506
• On MX Series platforms, if static demux interface over underlying is configured, after
subscriber logout, the accounting statistics are not cleared. PR1383265
Layer 2 Features
• Traffic from IRB interface toward LSI interface gets dropped with adaptive or per-packet
load balancing on aggregated Ethernet interface. PR1381580
• If a LDP-VPLS routing instance is configured with active and backup neighbors, and
flow label capability is enabled on the active neighbor but not on the backup neighbor,
upon switching to the PW to backup neighbor, Junos OS on the VPLS PE device will
continue to send traffic with the flow label based on the capability learned from the
previously active neighbor. PR1393447
MPLS
• With nonstop active routing (NSR), when the rpd restarts on the master Routing Engine,
the rpd on the backup Routing Engine might restart. PR1282369
• In case of CSPF-disabled LSPs, if the primary path ERO is changed to an unreachable
strict hop, sometimes the primary path stays up with the old ERO. The LSP does not
switch to standby secondary. PR1284138
• Traceroute MPLS from Juniper to Huawei routers does not work as expected due to
unsupported TLV. PR1363641
Network Management and Monitoring
• Need to update the address of the Juniper Networks Inc. in the SNMP MIB
CONTACT-INFO entry - "{ snmpModules 1 }". PR1336291
• The snmpd daemon leaks memory in snmpv3 query path and crashes. The issue is
caused by a memory leak when the request PDU is dropped by SNMP when
configuration snmp filter-duplicates is enabled. Each request PDU has a structure
pointer for the SNMPv3 security details. This is allocated when the PDU is created or
cloned. But while dropping the duplicate requests the structure is not freed; this causes
the memory leak. PR1392616
94 Copyright © 2019, Juniper Networks, Inc.
Platform and Infrastructure
• An accuracy issue occurs with three-color policers of both type single rate and two
rate in which the policer rate and burst-size combination of the policer accuracy vary.
This issue is present starting in Junos OS Release 11.4 on all platforms that use MX
Series ASIC. PR1307882
• This is a minor enhancement to add a UI to copy files from Junos VM to Host Linux.
PR1341550
• There is no support of interface range for channelized interfaces on EX9253. The user
has to configure interfaces individually. PR1350635
• MGD memory usage is shown as increased by about 450 MB when the DT CST test
runs over the weekend (greater than 72 hours). PR1352504
• When allow-configuration-regexps/deny-configuration-regexps is configured, syslog
messages with level information are displayed to indicate whether set system
regex-additive-logic is configured or not. Behavior for
allow-configuration-regexps/deny-configuration-regexps will be different when
regex-additive-logic is configured and when it is not configured. These messages are
only informational messages and there is no functional issue due to this. Because these
messages are for debugging purposes only and not useful for the end user, these
messages will no longer be displayed in syslog for level information. PR1369546
• On MX Series platforms with DPC and MPC installed, due to incorrect MLP message
(which is used to notify MAC address among different FPCs) sent from MPC to DPC,
MAC learning procedure might get stuck in a certain scenario, resulting in MAC remaining
unresolved on the Packet Forwarding Engine and MAC missing from the MAC table.
PR1383233
• If TWAMP control sessions are configured with test-count != 0 then there is no retry
mechanism to re-initiate client connections in case the TCP connect fails. The user
will have to manually re-initiate failed connections (not more than 10 due to current
TCP implementation). Furthermore if there is also an MS-MIC present in the system
there will be an extra TCP connection in use for every MS-MIC therefore reducing the
total TWAMP scale from 500 using the following computation: max-twamp-scale =
500 - (total-number-of-MS-MICs + 1) / 2 PR1399547
• In some cases PS interfaces over RLT might be shown as up but be passing traffic. Log
messages reporting an ASIC error and a chassis alarm reporting hard FPC errors might
also be seen. PR1400269
• In some cases, the status bit of the RPF next hop shows as disabled when it should
have been enabled. The trigger for the issue is not known yet. PR1404240
Copyright © 2019, Juniper Networks, Inc. 95
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Routing Protocols
• In rare cases, rpd might generate a core file with error rt_notbest_sanity: Path selection
failure on ... The core is soft, which means there should be no impact to traffic or routing
protocols. PR946415
• JTASK_SCHED_SLIP for rpd might be seen on doing restart routing or OSPF protocol
disable with scaled BGP routes in the MX104 router. PR1203979
• LDP and OSPF are 'in sync' state and the reason observed for this is "IGP interface
down" with ldp-synchronization enabled for OSPF; user@host> show ospf interface
ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt 0.0.0.0 0.0.0.0
0.0.0.0 1 Type: P2P, Address: 10.0.60.93, Mask: 255.255.255.252, MTU: 9100, Cost: 1050
Adj count: 1 Hello: 10, Dead: 40, ReXmit: 2, Not Stub Auth type: MD5, Active key ID: 1, Start
time: 1970 Jan 1 00:00:00 UTC Protection type: None Topology default (ID 0) -> Cost:
1050 LDP sync state: in sync, for: 00:04:03, reason: IGP interface down config holdtime:
infinity. According to the current analysis, "IGP interface down" is observed as the
reason because although LDP notified OSPF that LDP synchronization was achieved,
OSPF was not able to take note of the LDP synchronization notification, because the
OSPF neighbor was not up yet. The issue is under investigation. PR1256434
• In IS-IS and IPv6 scenario, rpd might crash when the neighbor router restarted and
caused routes churn. PR1312325
• The rpd might crash and generate a core file if the distributed Internet Group
Management Protocol (IGMP) is configured. PR1314679
• On a dual Routing Engine system with Graceful Routing Engine Switchover (GRES)
and graceful-restart enabled, if Bidirectional Forwarding Detection (BFD) with the
hold-down-interval option is enabled on an external BGP peer, this BGP peer might
stay at idle state after a Routing Engine switchover. PR1324475
• When 32,000 SRTE policies are configured at once, during configuration time there
might be scheduler slips. PR1339829
• There are scenarios in which the application allocates and caches next-hop templates.
This causes the next-hop template cache to grow continuously. But when the
application clears the local cache, then memory is freed to the next-hop template
cache. However, the next-hop template cache does not have code to shrink the cache
and free the memory back. So the next-hop template memory is trapped in the cache
and cannot be used for other purposes. But if the same BGP routes and next hops
come up again, they will reuse the templates from the cache and not consume
additional memory. PR1346984
• Starting in Junos OS Release 16.1, show bgp neighbor does not show the correct "Last
traffic (seconds)" correctly anymore. PR1361899
• On devices running Junos OS platform, when OpenConfig is running with sensor for
"/network-instances/network-instance/protocols/protocol/BGP", changing the BGP
import or export policy might cause rpd to crash. PR1366696
• In configurations with MPLS inter-AS link-node protection with labeled-bgp, it is possible
to encounter a situation where next hop references are not properly decremented, thus
96 Copyright © 2019, Juniper Networks, Inc.
causing the system to hold onto next hops when they should be freed. This leads to a
memory hog situation which eventually results in a core file. PR1366823
• In as LDP network with gradual deployment of segment routing (LDP mapping server
feature), the rpd process might crash after executing commit the configuration related
to mapping-server-entry prefix-segments/prefix-segment-ranges with the maximum
number of entries exceeded (16 for Junos OS Release 17.4 and 64 for Junos OS Release
17.4R2 and later). PR1379558
• In 18.4R1, RIB learning rate has degraded from anywhere between 10-18 percent on
different platforms. For PTX10000, it seems to be 18 percent, whereas for MX it is less
than 10 percent. The RC analysis is not completed and it is risky to include it in 18.4R1.
Suggest full analysis and fix in 18.4R2. We will also improve measurements to isolate
any peer bring up effects so that those are not considered to improve accuracy of
comparisons. PR1383371
• At scale, a gnf with ps over rlt and multiple MPCs might show bfd flap at recovery.
PR1386574
• Rpd might crash when an IPv6 prefix with and IPv4 next hop exists. PR1390428
• With GRES and NSR enabled, if executing switchover, all the BGP sessions might flap.
PR1391084
• During some BGP flap scenarios or when deactivating or activating BFP, the rpd
generates a core file at rt_nh_resolve_delete after neighbors flap or activate BGP. The
issue happens during a inet6.0 route withdrawal being received in an update and the
subsequent delete of the route with an invalid next hop, causing the assert. PR1391568
• An rpd process might restart with core files when processing a non-BGP route with AS
PATH information with the following signature in its core file: rt_notbest_sanity: Path
selection failure on <prefix>, 0x98aed50 recovering.... PR1391767
• In a rare case, ppmd on the backup Routing Engine might stay with CPU usage after a
Routing Engine master switch event. There is no impact on service. PR1392704
• It is possible that in certain scenarios when using legacy-redirect-ip-action the existing
BGP routes advertised might not be refreshed. Because of this, the routes might still
contain communities not aligned with the configured legacy-redirect-ip-action option.
As a workaround to clear routes, execute the following command in the router that is
originating the flow-spec router: clear bgp neighbor all soft. PR1396787
• Customers that replace simple VLAN interfaces with PS over rlt might notice an increase
in fpc cpu usage. This is in keeping with the increased processing and resources needed
to support these types of interfaces which are similar in this regard to that of an
aggregated Ethernet interface. PR1396925
• Rpd provides a mechanism to validate that route selection has successfully been done.
When errors in route selection are detected, a soft core is dropped. Rpd remains running,
and a single core file is dropped. It is rate-limited to not do this frequently. When running
L2VPN, BGP MED selection might be inappropriately run on the routes. As a result, the
Copyright © 2019, Juniper Networks, Inc. 97
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
route selection sanity code will notice an unexpected result and leave a soft core.
PR1398685
• On all Junos platforms which support BGP, if BGP add-path send is configured and
Nonstop-active-routing (NSR) is enabled, the rpd might potentially crash. PR1401948
Software Installation and Upgrade
• If the device is booted into single-user mode (recovery mode), and any change in
configuration is made, (such as setting the root password) then the commit will fail.
PR1368986
Subscriber Access Management
• Address pool does not correctly cycle to the beginning of pool when
linked-pool-aggregation parameter is defined. Address pool reports "Out of Addresses"
even though not all addresses are in use. > show network-access aaa statistics
address-assignment pool <name>. PR1374295
• Adding a firewall filter through the test aaa command causes a crash in dfwd. PR1402051
• JSRC provisioned service used Radius Service accounting protocol instead of JSRC for
SRC installed service. PR1403835
User Interface and Configuration
• The max-db-size configuration does not work on MX5, MX10, MX40, MX80, and MX104.
PR1363048
• Test configuration /config/rescue.conf.gz fails the commit check for the dynamic profile
when the subscriber is active. PR1376689
VPN
• The multicast VPN MIB was not being properly compiled into the Juniper MIB package
bundle. Mib-jnx-mvpn.txt needs to be included as part of the Juniper Enterprise MIB
set. PR1394946
See Also • New and Changed Features on page 60
• Changes in Behavior and Syntax on page 80
• Known Behavior on page 84
• Resolved Issues on page 99
• Documentation Updates on page 113
• Migration, Upgrade, and Downgrade Instructions on page 114
• Product Compatibility on page 121
98 Copyright © 2019, Juniper Networks, Inc.
Resolved Issues
This section lists the issues fixed in the Junos OS 18.4R1 Release for MX Series routers.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• Application Layer Gateways (ALGs) on page 99
• Authentication and Access Control on page 99
• Class of Service (CoS) on page 99
• EVPN on page 100
• Flow-based and Packet-based Processing on page 100
• Forwarding and Sampling on page 100
• General Routing on page 100
• High Availability (HA) and Resiliency on page 107
• Interfaces and Chassis on page 107
• Layer 2 Ethernet Services on page 108
• Layer 2 Features on page 109
• MPLS on page 109
• Platform and Infrastructure on page 110
• Routing Policy and Firewall Filters on page 111
• Routing Protocols on page 111
• Services Applications on page 112
• Subscriber Access Management on page 112
• VPNs on page 113
Application Layer Gateways (ALGs)
• DNS requests with EDNS options might be dropped by DNS ALG. PR1379433
Authentication and Access Control
• MAC move might occur in DHCP security scenario. PR1369785
• IPv4 or IPv6 DHCP-security client entries will be recorded on trusted ports as well.
PR1390676
Class of Service (CoS)
• The 802.1P rewrite might not work on inner VLAN. PR1375189
• FPC card might reboot when changing CoS mode from hierarchical-scheduler to
per-unit-scheduler. PR1387987
Copyright © 2019, Juniper Networks, Inc. 99
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
EVPN
• EVPN/VXLAN: MAC entry is incorrectly programmed in the Packet Forwarding Engine,
leading to some traffic being silently dropped or discarded. PR1231402
• MPLS label leak leads to label exhaustion and rpd process crash. PR1333944
• EVPN type-5 route might be lost if chained-composite-next-hop command is configured.
PR1362222
• The l2ald memory might cross the threshold in an EVPN scenario. PR1368492
• Proxy ARP might not work as expected in an EVPN environment. PR1368911
• The rpd might crash in EVPN scenarios when configuring EVPN. PR1369705
• EVPN active or active multi homed PE device occasionally prefers to route to a directly
connected prefix using LSPs toward the multi homed peer instead of going directly
out the IRB interface (which is up). PR1376784
• The RA packets might be sent out without using the configured virtual gateway address.
PR1384574
Flow-based and Packet-based Processing
• PIM register message might be dropped on SRX Series devices. PR1378295
Forwarding and Sampling
• Junos OS allows firewall filters with the same name under [edit firewall] and [edit
firewall family inet] hierarchy levels. PR1344506
• L2ald crashes when trying to adjust mac-table-size configuration. PR1383665
• The filter counter is not written to the accounting file when accounting is enabled on
the bridge firewall filter. PR1392550
General Routing
• TACACS access does not work after upgrade. PR1220671
• Routing Engine and Packet Forwarding Engine out-of-sync errors are seen in syslog.
PR1232178
• The mspmand process might generate a core file in rare conditions due to a high rate
of TCP traffic. PR1253862
• The wrong TBB Packet Forwarding Engine component's temperature might be reported
on MX80. PR1259379
• On MX Series routers, the show chassis led command should not be displayed in possible
completions of the show chassis command. PR1268848
• Flexible PIC concentrator (FPC) crash/reboot is observed when bringing up about
12,000 Layer 2 Bit Stream Access (L2BSA) subscribers simultaneously. PR1273353
100 Copyright © 2019, Juniper Networks, Inc.
• Error messages might be seen if flapping the aggregated Ethernet interface hosted on
MPC-3D-16XGE card. PR1279607
• Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/mobiled. PR1284625
• Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/mspmand. PR1284643
• Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/mspsmd. PR1284654
• PPPoE canot dial in due to all PADI dropped as "unknown iif" when the aggregated
Ethernet configuration is deactivated or activated. PR1291515
• Wrong packet statistics are reported in ifHCInUcastPkts OID. PR1306656
• In a few cases it was seen that RS are all up but virtual service is down. This was seen
mainly in configuration load overriride conditions. PR1313009
• Migrate from syslog API to Errmsg API - /src/junos/usr.sbin/subinfo. PR1327262
• Migrate from syslog API to Errmsg API - /src/junos/usr.sbin/aaad. PR1327266
• Migrate from syslog API to Errmsg API - /src/junos/usr.sbin/smihelperd. PR1327271
• Tc_count counters in filter with the scale-optimized command are not incrementing.
PR1334580
• With certificate hierarchy, where intermediate CA profiles are not present on the device,
in some corner cases, the PKI daemon can become busy and stop responding.
PR1336733
• AI-script does not get automatically upgraded unless it is manually done after a Junos
OS upgrade. PR1337028
• Routing Engine does not have MAC map for MAC type 7. PR1345637
• Additional show commands are called when the request support information command
is issued. PR1346129
• The rpd might crash when the dynamic-tunnels next-hop resolving migrates to a more
specific IGP route. PR1348027
• Routing Engine mastership keepalive timer is not updated after the GRES configuration
is removed. PR1349049
• The MPC might crash when the MIC is removed. PR1350098
• Migrate from syslog API to Errmsg API - /bbe-svcs/smd/plugins/cos/. PR1353179
• Some of the inline service interfaces cannot send out packets with the default
bandwidth value (100 Gbps). PR1355168
• Chassis alarm is not reflecting the correct state when INP0 and INP1 have AC voltage
out-of-range. PR1355803
• The mpls-ipv4 template does not have correct src AS and dst AS as 4294967295 src
Mask and DstMask as 0 after adding the mpls-flow table size on the fly. PR1356118
• Link stays up unexpectedly on MX204 with copper cable removed. PR1356507
• MPC/FPC might be unable to reply request messages to the Routing Engine in a high
subscriber scale scenario. PR1358405
Copyright © 2019, Juniper Networks, Inc. 101
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• show chassis ethernet-switch on PTX10000. PR1358853
• The show chassis fpc command output might show "Bad Voltage" for FPC powered
off by configuration or CLI command after the command show chassis environment
fpc is executed. PR1358874
• Bbe-smgd restarts unexpectedly while performing graceful Routing Engine switchover
(GRES). PR1359290
• PluginExit() function is never called. PR1359610
• FPC core file might be observed after GRES switchover. PR1361015
• IP over VPLS traffic is affected by EXP rewrite rule on the core-facing MPLS interface.
PR1361429
• The MX Series router functioning as a BNG does not generate ESMC/SSM Quality Level
failed snmp trap. PR1361430
• Rpd struck at 100 percent after clear bgp neighbor operation. PR1361550
• Migrate from syslog API to Errmsg API;usp/usr.sbin/nsd/common/nsd_tpm.c.
PR1361986
• Spontaneous bbe-smgd core file might be seen on the backup Routing Engine.
PR1362188
• The MS-MPC might reset continuously on MX Series platforms. PR1362271
• M/Mx: Traffic loss of 1 percent is seen during GRES phase of unified ISSU from
17.3-20180527.0 to17.3-20180527.0. PR1362324
• Executing show route prefix proto ip detail during route churm in a route scale scenario
might lead to FPC crash. PR1362578
• The inline-J-Flow sampling configuration might cause FPC crash on MX Series platforms.
PR1362887
• MX-VC: Request to record VCCP heartbeat state change in syslog by default. PR1363565
• xmlproxyd for internal interfaces is reporting uint32 instead of uint64. PR1363766
• The multicast route update might get stuck in KRT queue and the rpd might crash if
rpd and kernel go out of sync. PR1363803
• FPM board is missing in SNMP MIB walk. PR1364246
• A traffic loop might occur even though that port is blocked by RSTP in a ring topology.
PR1364406
• The kernel might crash after repeatedly deactivating/activating
interfaces/filter/class-of-services configurations due to accessing stale memory entry.
PR1364477
• Configuration commit might be delayed by 30 seconds. PR1364621
• AF's operational state moves to down state in a node virtualized environment where
GNFs are connected through AF interface. PR1364921
102 Copyright © 2019, Juniper Networks, Inc.
• The traffic is still forwarded through the member link of an aggregated Ethernet bundle
interface even with "Link-Layer-Down" flag set. PR1365263
• Default adapter type changed from E1000 to VMXNET3. PR1365337
• Traffic drops seen if training failure is seen on a line card for three of more planes.
PR1365668
• MPC7E: ukern crash and FPC reboot with vty command show agent sensors verbose.
PR1366249
• MS-MPC/MS-PIC might crash in NAT scenario. PR1366259
• MX150: Upgrade to Junos OS Release 18.1R1.9 fails. Installing package
nfx-2-routing-data-plane-1.0-0.x86_64 needs 76 MB on the file system. PR1366324
• Migrate from syslog API to Errmsg API - junos/lib/liboiu-ffp/. PR1366546
• The next hop of MPLS path might be stuck in hold state, which could cause traffic loss.
PR1366562
• Snmp MIB walk for UDP flood gives different output statistics than CLI. PR1366768
• Syslog errors seen LOG : Err] Failed to allocate 2 jnh-dwords for encap-ptr(ether-da)!,LOG:
Err] gen_encap_common: jnh-alloc failed! 8. PR1366811
• Offline of the fabric links of Packet Forwarding Engine 4 and Packet Forwarding Engine
5 is not supported. PR1367412
• The bbe-smgd process might crash during the authentication phase for L2BSA
subscriber. PR1367472
• The show system resource-monitor fpc output might show a non existing Packet
Forwarding Engine. PR1367534
• RTG interface status might be shown as incorrect status with show interface. PR1368006
• Multiple provisioning and deprovisioning cycles cause rdmd memory leak. PR1368275
• JSA10893: 2018-10 Security Bulletin: MX Series: In BBE configurations, receipt of a
crafted IPv6 exception packet causes a denial of service (CVE-2018-0058). PR1368599
• RPD API rt_nexthops_extract_gateway_convert_unnumbered_gf_dli() rectification.
PR1368855
• The commit or commit check might fail due to the error of not having lsp-cleanup-timer
without lsp-provisioning. PR1368992
• SNMP MIB walk causes KMD errors. PR1369938
• L2TP subscriber firewall filter might not be removed from the Packet Forwarding Engine
when routing services are enabled in the dynamic profile. PR1369968
• Kernel crash might be seen after committing demux-related configuration. PR1370015
• The rpd might crash after Routing Engine switchover is performed or the rpd is restarted
if interface-based dynamic GRE tunnel is configured. PR1370174
• Packet that exceed 8000 bytes might be dropped by MS-MPC in ALG scenario.
PR1370582
Copyright © 2019, Juniper Networks, Inc. 103
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• GMIC2 : SFP-1FE-FX optics does not come up on GMIC. PR1370962
• All the MX150 devices running VRRP on a LAN are stuck in master state. PR1371838
• BBE SMGD generates a core file on FPC restart. PR1371926
• FPC high CPU utilization or crashes occur during hot-banking condition. PR1372193
• SMGD generates a core file after essmd restart with reference to mmf_ensure_mapped
(mmf=0xe8f0200, offset=4294967295, len=108) at
../src/junos/lib/libmmf/mmf.c:1972. PR1372223
• Need a way to verify the session IDs above the 32-bit limit to check if this is working.
PR1385237
• With very high scale l3vpn, traffic is dropped when egressing on an AF interface.
PR1372310
• Image installation on SD fails with error Unable to read reply from software add command
to re1; error 1. PR1372877
• The Routing Engine might crash after non-GRES switchover. PR1373079
• Core in ifinfo at pif_af_fe_info pif_af_ifd when displaying af interface information.
PR1373436
• AOC Type Optics fail to initialize on MACsec TIC startup. PR1373572
• EDVT-GI-MIC2 : Interfaces do not come up for bidirection module SFP-100BASE-BX10-U
and SFP-100BASE-BX10-D. PR1373795
• BOOTP packets might be dropped if BOOTP-support is not enabled at the global level.
PR1373807
• LDP convergence delay might be seen after IGP metric change with bgp-igp-both-ribs
command configured. PR1373855
• There is a vMX QoS performance issue in the Junos OS Release 18.3. PR1373999
• Cosmetic log warning: [---] is protected, 'protocols ---' cannot be deleted is seen after
commit using configure private in a configuration with "protect" flag present. PR1374244
• FPC might be unable to work properly if one child interface is removed from an
aggregated Ethernet bundle in a dynamic VLAN subscriber scenario. PR1374478
• Bbe-smgd generates a core file continously while deleting multicast group node from
the tree. PR1374530
• PCE-initiated LSPs remain Control status became local after removing PCE configuration.
PR1374596
• A few L2BSA subscriber logical interfaces are left behind in SMD infrastructure and
kernel after logout. PR1375070
• SFB and PDM/PSU related information is missing in jnxBoxAnatomy MIB on high-end
MX Series routers (MX2010/2020). PR1375242
• The bbe-smgd core file might be seen after doing GRES. PR1376045
• Interface optic output power is not zero when the port has been disabled. PR1376574
104 Copyright © 2019, Juniper Networks, Inc.
• CI: Not generating Power Supply failed trap. PR1376612
• Disabling OAM might cause the Broadband Edge daemon to crash. PR1377090
• Packets might be dropped on data plane in the inline J-Flow scenario. PR1377500
• MQTT keepalive timeout messages seen in case of slow JTI collectors. PR1378587
• After NAT64 router (with MS-MPC) translates an IPv6 fragment to IPv4 fragment,
router is not inserting the right value in identification field of IPv4 header. PR1378818
• The ICMPv6 packets larger than 1024 might be dropped if icmp-large-packet-check is
configured on IDS service. PR1378852
• Traffic might get silently dropped or discarded when CoS configuration is changed on
a PS interface. PR1379530
• Protocol adjacency might flap and FPC might reboot if jlock hog happens. PR1379657
• Remove the chassisd alarms for FPCs exceeding 90 percent of power budget and
exceeding 100 percent of power budget. PR1380056
• The software detects SDB STS lock deadlock and breaks the deadlock itself, and
system resumes normally processing on its own. PR1380231
• CE_Customer: DT_BNG: ESSM model: rpd generates a core file during the fifth GRES,
with reference to task_kevent_udata_task (ev= <optimized out>) at
../../../../../../src/junos/lib/libjtask/base/platform/bsd/task_io_bsd.c:127. PR1380298
• Encryption and decryption do not occur, because the Packet Forwarding Engine discards
while testing that the group VPN member was established by using the
authentication-method preshared key ASCII text. PR1381316
• Memory leak observed in MS-MPC card. PR1381469
• Subscribers not able to log in after double GRES, after reboot, or after configuration.
PR1382050
• On Summit MX3ru for Junos OS Release 18.3R1 release ISSU fails if QSA is plugged in.
PR1382126
• The MPC6E might crash while fetching PMC device states. PR1382182
• Flows are getting exported before the active timeout. PR1382531
• PFT MX10008 expected inline-ipv4-export-packet-failures is not listed in show services
accounting error. PR1382873
• MAC addresses might disappear, if the interface MTU of EVPN PE device is changed.
PR1382966
• The kmd crashes with a core file after bringing up IPsec connection. PR1384205
• CoS attachment might be mistakenly removed for DHCPv4 stack when DHCPv6 stack
fails to be brought up for single-session dual-stack subscriber. PR1384289
• MBFD flaps because clksync congest the scheduler for 100ms. PR1384473
• CE_Customer: DT_BNG: Bbe-smgd generates multiple core files with reference to
bbe_mcast_vbf_dist_policy_service_encoder (params= <opyimized out>) at
Copyright © 2019, Juniper Networks, Inc. 105
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
../src/junos/usr.sbin/bbe-svcs/smd/plugins/mcast/bbe_mcast_policy_config.c:159.
PR1384491
• RPT_REG_SERVICES: The MPLS packets with more than eight labels will not be
processed by J-Flow. PR1385790
• IPsec VPN traffic might fail when passing through MS-MPC of MX Series routers with
CGNAT enabled. PR1386011
• Representation of memory units is changed from gigabytes (GB) to gibibytes (GiB) in
the help string under the resource template hierarchy. PR1386516
• RBU_REGRESSIONS_SERVICES ::IPv4 and IPv6 VIP Routes are not withdrawn after
aggregated Ethernet and VLAN with IRB flap. PR1386713
• RBU_Services_Regressions: SFLOW : Agent ID in show sflow command is displaying
lo interface IP instead of fxp0 IP. PR1386890
• In case a LSP is locally configured without an explicit path ERO, the object remains
empty in the PCRpt generated by PCC. PR1386935
• Uninitialized EDMEM[0x400094] Read (0x6db6db6d6db6db6d) logs are seen with
sampling applied to a subscriber with routing-service applied. PR1386948
• When tracing is enabled, having a lot of trace-flags set could result in an rpd core file
due to buffer overflow. PR1387050
• The pccd might crash when changing delegation-priority. PR1387419
• The bbe-smgd daemon crashes and generates a core file when two DHCP subscribers
with the same framed-route prefix and preference values try to log in. PR1387690
• Output of the show class-of-service interface command incorrectly shows adjusting
application as PPPoE IA tags for DHCP subscribers. PR1387712
• FPC core file might be seen at sensor_export_time_exceed_limit
agent_health_monitor_data_reap when Jinsight is configured. PR1388112
• Bbe-smgd does not respond to NS from SLAAC client on dynamic VLAN. PR1388595
• Incorrect values for flow packets/octets fields might be seen in inline J-Flow scenario.
PR1389145
• The bbe-smgd process generates repeated core files and stops running as a result of
long-term session database shared memory corruption. PR1388867
• IGMP group threshold exceed log message prints a wrong demux logical interface.
PR1389457
• BFD flaps are seen on MX Series platforms with inline BFD. PR1389569
• MX204 - Excluding speed CLI option under the interface level. PR1389918
• Class of service adjustment-control-profile configuration for application DHCP tags
does not get applied. PR1390101
• Delay in CLI output with second or more show subscriber <> extensive queries occur
when the first session is sitting at -(more)- prompt displaying show subscribers
extensive. PR1390762
106 Copyright © 2019, Juniper Networks, Inc.
• Trailing characters appear in the GNMI get API reply. PR1390967
• DT_BNG: DFW plug in NACKs DHCPv6/PPPoE requires ESSM subscriber re-login after
ISSU. PR1391409
• The routing-engine-power-off-button-disable command does not work on MX204.
PR1391548
• The bbe-smgd process might crash after committing configuration changes. PR1391562
• On MX Series routers serving as a DHCP server for dual-stack subscribers, BBE-SMGD
process generates a core file. PR1391845
• On MX2000, fans start spinning at high speed upon inserting previously offlined FPC.
PR1393256
• If FPGA on the new master CB has a specific hardware failure, the chassid might keep
crashing after GRES switchover. PR1393884
• PFT MX10008: Inline-services enabling the Flex-Flow-Sizing takes more than 12 minutes
to move to steady state. PR1397767
• The show system errors active is not showing the error for MPC3E NG HQoS. PR1398084
• Kernel core file occurs on vMX due to jlock assert. PR1398320
• High jsd or na-grpcd CPU usage might be seen even JET or JTI is not used. PR1398398
• The bbe-smgd process might generate a core file when executing show pppoe lockout.
PR1398873
• FPC might crash after offline/online MIC-3D-16CHE1-T1-CE-H. PR1402563
High Availability (HA) and Resiliency
• Backup Routing Engine might go to db prompt after performing configuration remove
and restore. PR1269383
• Observed error: not enough space in /var on re1. while doing unified ISSU upgrade from
Junos OS Release 17.4-20180328.0 to Release 18.2-20180416.0. PR1354069
• VC-Bm cannot sync with VC-Mm when the Virtual Chassis splits the reforms. PR1361617
Interfaces and Chassis
• Aggregated Ethernet speed calculation changes according to 10 Gigabit Ethernet after
post GRES. PR1326316
• Momentary dip in traffic occurs when a GRES is performed. PR1336455
• Native-vlan-id support on ps-interface. PR1352933
• The sonet interface will go down after enabling "keep-address-and-control" in L2VPN
scenario. PR1354713
• The aggregated Ethernet interface might flap when the link speed of the aggregated
Ethernet bundle is configured to oc192. PR1355270
Copyright © 2019, Juniper Networks, Inc. 107
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• Approximately 50 percent of PPPoE subscribers (PTA and L2TP) and all ESSM
subscribers are lost after ISSU during DT CST stress test. PR1360870
• Error messages like ifname [ds-5/0/2:4:1] is chan ci candidate are seen during a commit
operation. PR1363536
• In case of MPLS , DMR packets are sent with different mpls exp bits if MX Series router
receives CFM DMM packets with varying exp values on MPLS header. PR1365709
• In rare case, there might be L2TP subscribers stuck in terminated state. PR1368650
• The EOAM LTM messages might not get forwarded after system reboot in CFM scenario
configured with CCC interface. PR1369085
• ISSU could be aborted at Timed out Waiting for protocol backup chassis master switch
to complete with MX Series Virtual Chassis configuration. PR1371297
• The error parse_remove_ifl_from_routing_inst() ERROR : No route inst on et-0/0/16.16386
is seen after restarting l2cpd daemon. PR1373927
• The dcd process might go down when vlan-id none is configured for the interface.
PR1374933
• FTI logical interface VNI limits changed from (0..16777215) to (0..16777214). PR1376011
• Duplicate IP cannot be configured on both SONET (so-) interface and other interfaces.
PR1377690
• Some error logs (Tx unknown LCP packet) might be reported by the bbe-smgd daemon
on MX Series platforms. PR1378912
• Higher level OAM CFM between CE might not work in VPLS scenario. PR1380799
• The dcd restarted unexpectedly after committing a configuration with static demux
interface stacking over ps interface. PR1382857
• The jpppd process might crash if the EPD value contains a format specifier. PR1384137
• DCD core can be seen after FPC restart if channelized interfaces are configured.
PR1387962
• Interface-control thrashes and dcd does not restart after adding invalid demux interface
to the configuration. PR1389461
• Decoupling of Layer 2 logical interface configuration from bridge-domain or EVPN
configuration PR1390823
Layer 2 Ethernet Services
• STP status gets wrong after changing outer VLAN-tags. PR1121564
• The MAC address might not be learned due to spanning-tree state "discarding" in
kernel table after Routing Engine switchover. PR1205373
• Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/lacpd. PR1284592
• ZTP infra scripts are not included for MX Series PPC routers. PR1349249
• Migrate from syslog API to Errmsg API:PPMD client LACP. PR1358599
108 Copyright © 2019, Juniper Networks, Inc.
• The DHCP leasequery message is replied to with an incorrect source address. PR1367485
• JSA10889 2018-10 Security Bulletin: Junos OS: The jdhcpd process crashes during
processing of specially crafted DHCPv6 message (CVE-2018-0055). PR1368377
• The kernel core might happen by commit operation in rare condition. PR1369459
• The subscriber's authentication might fail when the link-layer address encoded in the
DHCPv6 DUID is different from the actual link-layer hardware address. PR1390422
Layer 2 Features
• The traffic might not be transmitted correctly in a large-scale VPLS scenario. PR1371994
MPLS
• When minimum-bandwidth and bandwidth commands are present in the configuration,
the bandwidth selection of the LSP is inconsistent. PR1142443
• JDI-RCT: Rpd core file is seen on master Routing Engine after performing restart
chassisd. PR1352227
• Layer 2 Circuit might flap after an interface goes down even if the LDP session stays
up when l2-smart-policy is configured. PR1360255
• The rpd might crash in BGP LU and LDP scenario. PR1366920
• RSVP authentication might fail between some Junos OS releases and causes traffic
loss during local repair. PR1370182
• The next hop of static LSP for MPLS might get stuck in dead state after changing the
network mask of the outgoing interface. PR1372630
• The traceroute MPLS might fail when traceroute is executed from a Juniper Networks
device to another device not supporting RFC 6424. PR1372924
• Rpd process eventually might crash after Routing Engine switchover with GRES/NSR
enabled. PR1373313
• The traffic might not be load-balanced equally across LSPs with ldp-tunneling
configured. PR1373575
• The rpd process might crash continuously if nsr-synchronization or all flag is used in
RSVP traceoptions. PR1376354
• JSA10883: Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to
a Junos kernel crash (CVE-2018-0049). PR1380862
• Ingress LSPs go down due to CSPF failure. PR1385204
• Configured bandwidth 0 does not get applied on RSVP interface. PR1387277
• Bypass LSP is taking same SRLG colored path. PR1387497
Copyright © 2019, Juniper Networks, Inc. 109
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Platform and Infrastructure
• MAC addresses are not learned on bridge-domains after XE/GE interface flap tests.
PR1275544
• MQCHIP CPQ block should report major alarm. PR1276132
• Distributed multicast might not be forwarded to a subscriber interface. PR1277744
• show igmp statistics not including any statistics under interface aggregate for distributed
multicast interfaces. PR1289415
• When chassis control restart is done with aggregated Ethernet and COS rewrite
configuration, Platform failed to bind rewrite messages could be seen in syslog.
PR1315437
• RLT subinterfaces are not reporting statistics. PR1346403
• lt- interface gets deleted with tunnel-services configuration still present. PR1350733
• Some linecards might crash in subscriber scenario enabled with distributed IGMP.
PR1355334
• When forwarding-class-accounting command is enabled on an interface, inside of a
routing-instance of instance-type vrf, aggregate input forwarding-class statistics do
not increment (egress statistics work fine). PR1357965
• JSA10899 2018-10 Security Bulletin: Junos OS: Nexthop index allocation failed: private
index space was exhausted through incoming ARP requests to management interface
(CVE-2018-0063). PR1360039
• Select CLI functions are not triggering properly (set security ssh-known-hosts
load-key-file, set system master-password). PR1363475
• Qmon sensors are not working with hypermode enabled. PR1365990
• Subscribers over aggregated Ethernet interface might have tail drops, which will affect
the fragmented packets due to QXCHIP buffer getting filled up. PR1368414
• Forwarding is broken after adding protocol evpn extended-vlan-id. PR1368802
• The host outbound traffic might get dropped when the class-of-service
host-outbound-traffic ieee-802.1 rewrite-rules command is configured. PR1371304
• Traffic might drop on new added interfaces on MX Series routers after unified ISSU.
PR1371373
• The logical tunnel interface might be unable to send out control packets generated by
Routing Engine. PR1372738
• JNH memory leaks in multicast scenario with MoFRR enabled. PR1373631
• Traffic traversing an IRB is not tagged with a VLAN if the packets go through an
additional routing-instance. PR1377526
• FPC crash might be seen after FPC restarts. PR1380527
• lsi binding is missing upon nd6 entry refresh after l2ifl flap. PR1380590
110 Copyright © 2019, Juniper Networks, Inc.
• Packet drops on interface if the command gigether-options loopback is configured.
PR1380746
• In certain Junos scenarios, DFWD memory corruption is seen due to large logical
interface fstate messages. This can lead to log messages on dfwd traceoptions and
occasionally DFWD core file. PR1380798
• Packet drops might be seen if the packet header is over 252 bytes. PR1385585
• RADIUS not working using management instance for IPv6 family. PR1391160
• The configuration through NETCONF session might fail. PR1383567
• L3VPN/ROSEN over PS over RLT: In Junos OS Release 18.4DCB after ifconfig goes
down for PS logical interface, and its Link and Admin status are not going down as
expected. PR1396335
Routing Policy and Firewall Filters
• Set metric multiplier offset might overflow/underflow. PR1349462
• The rpd process might crash if then next-hop is configured for LDP export policy.
PR1388156
Routing Protocols
• Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/ppmd. PR1284621
• Multihop eBGP peering session exchanging EVPN routes can result in rpd core file when
BGP updates are sent. PR1304639
• The BGP session might be stuck with high BGP OutQ value after GRES on both sides.
PR1323306
• The rpd might crash when BGP neighbor is flapping. PR1337304
• The bfd process memory leak might be observed if enabling multi-hop BFD session
for a static route with multiple qualified-next-hop. PR1345041
• Rpd crash might be seen after executing Routing Engine switchover. PR1349167
• FPC might continuously crash on vMX platforms. PR1364624
• sBFD session flaps incrementally with 300 StaticSR clients configured with 100 ms
as minimum-interval. PR1366124
• Static route gets unexpectedly refreshed on commit when configured with resolve
configuration statement. PR1366940
• About 10 minutes of traffic loss is caused by BGP flap during MX Series unified ISSU.
PR1368805
• TCP sessions might be taken down during Routing Engine switchover. PR1371045
• Route entry might be missing when IS-IS shortcut is enabled and MPLS link flaps.
PR1372937
Copyright © 2019, Juniper Networks, Inc. 111
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• SSH is not working if [edit system services ssh hostkey-algorithms] is set or in FIPS
mode. PR1382485
• The rpd might crash after issuing operational command show route detail for RIP route.
PR1386873
• Penultimate-hop router does not install BGP LU label, causing traffic to be silently
dropped or discarded. PR1387746
• Next hop is not deleted by ukernel. However, the delete command is seen in rtsockmon.
PR1389379
• The rpd process might crash when rp-register-policy is configured with more than 511
terms. PR1394259
Services Applications
• Selectively start ZLB Delay timer at the Packet Forwarding Engine for LAC tunnels.
PR1338450
• L2TP Access Concentrator (LAC) tunnel connection request packets might be discarded
on LNS device. PR1362542
• The L2TP subscribers might not be able to log in successfully due to the jl2tpd memory
leak. PR1364774
• Accounting stop message is not sent to RADIUS server after bringing down the L2TP
subscriber. PR1368840
• IPsec-VPN IKE security-associations might get stuck in "Not Matured" state. PR1369340
• Actual-Data-Rate-Downstream might not be included in the L2TP ICRQ message.
PR1370699
• NAT64 does not translate ICMPv6 Type 2 packet (packet is too big) correctly when
MS-DPC is used for NAT64. PR1374255
• FTP ALG is not supported with twice-nat. PR1383964
• L2TP subscribers might be stuck in init state in a corner case. PR1391847
Subscriber Access Management
• The authd process might not be started after executing Routing Engine switchover on
the backup Routing Engine without GRES enabled. PR1368067
• RADIUS VSAs, Actual-Data-Rate-Downstream, and Actual-Data-Rate-Upstream
values are not compliant with RFC 4679. PR1379129
• CoA updates subscriber with original dynamic-profile if RADIUS has returned a different
dynamic-profile name. PR1381230
• Some subscribers fail to get SRL service as provided in the RADIUS accept message
even though the RADIUS messages can be sent and received. PR1381383
• The value of predefined-variable-defaults routing-instances overrides the
RADIUS-supplied VSA (26-1 Virtual-Router). PR1382074
112 Copyright © 2019, Juniper Networks, Inc.
• Log Message: authd: gx-plus: logout: wrong state for request session-id <xyz>.
PR1384599
• Multiple IPv6 IANA addresses are assigned for one session in IPv6 PD binding failure
scenarios. PR1384889
• Usage-Monitoring-Information AVP as part of PCRF gx-plus provisioning is causing
service accounting activation. PR1391411
VPNs
• The rpd process might crash after configuration change in an L2VPN scenario. PR1351386
• EOAM group-down status does not work as expected. PR1361437
• In dual-homed next-generation MVPN, the receipt of type 5 withdrawal removes
downstream join states for some routes. PR1368788
• In MVPN source site, a redundant environment primary site can generate type 5 routes
for the sources from different sites without having real traffic, potentially causing an
outage if the receiver PE devices accept those routes as preferable. PR1375716
• The rpd process crashes when LSP template for a provider tunnel is changed. PR1395353
See Also • New and Changed Features on page 60
• Changes in Behavior and Syntax on page 80
• Known Behavior on page 84
• Known Issues on page 86
• Documentation Updates on page 113
• Migration, Upgrade, and Downgrade Instructions on page 114
• Product Compatibility on page 121
Documentation Updates
This section lists the errata and changes in Junos OS Release 18.4R1 documentation for
MX Series.
• Subscriber Management Provisioning Guide on page 113
• Subscriber Management VLANs Interfaces Guide on page 114
Subscriber Management Provisioning Guide
• The new topic, Subscriber Management RADIUS Dictionary Files, provides a link to the
Juniper Networks RADIUS dictionary that is used by default with subscriber management
for each supported release. The dictionary is updated only when software features
that affect the file are added or changed. The dictionary is not updated for every Junos
OS release.
• Starting in Junos OS Release 15.1, the Broadband Subscriber Sessions Feature Guide
and the CLI Explorer incorrectly included information about the show
Copyright © 2019, Juniper Networks, Inc. 113
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
extensible-subscriber-services accounting command. This command is not present in
the CLI. Instead, you can use accounting profiles to collect statistics from the Packet
Forwarding Engine for Extensible Subscriber Services Manager (ESSM) subscribers.
See Flat-File Accounting Overview for information about accounting for ESSM
subscribers.
Subscriber Management VLANs Interfaces Guide
• The Broadband Subscriber VLANs and Interfaces Feature Guide did not clearly indicate
that only demux0 is supported for demux interfaces. If you configure a different demux
interface, such as demux1, the configuration commit fails.
See Also • New and Changed Features on page 60
• Changes in Behavior and Syntax on page 80
• Known Behavior on page 84
• Known Issues on page 86
• Resolved Issues on page 99
• Migration, Upgrade, and Downgrade Instructions on page 114
• Product Compatibility on page 121
Migration, Upgrade, and Downgrade Instructions
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade
policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take
several minutes, depending on the size and configuration of the network.
Starting in Junos OS 18.3R1 release, FreeBSD 11.x is the underlying OS for all Junos OS
platforms which were previously running on FreeBSD 10.x based Junos OS. FreeBSD 11.x
does not introduce any new Junos OS related modifications or features but is the latest
version of FreeBSD.
The following table shows detailed information about which Junos OS can be used on
which products:
Platform FreeBSD 6.x-based Junos OS FreeBSD 11.x-based Junos OS
MX5,MX10, MX40,MX80, MX104 YES NO
MX240, MX480, MX960, NO YES
MX2010, MX2020
• Basic Procedure for Upgrading to Release 18.4 on page 115
• Procedure to Upgrade to FreeBSD 11.x based Junos OS on page 116
• Procedure to Upgrade to FreeBSD 6.x based Junos OS on page 118
114 Copyright © 2019, Juniper Networks, Inc.
• Upgrade and Downgrade Support Policy for Junos OS Releases on page 120
• Upgrading a Router with Redundant Routing Engines on page 120
• Downgrading from Release 18.4 on page 120
Basic Procedure for Upgrading to Release 18.4
NOTE: Before upgrading, back up the file system and the currently active
Junos OS configuration so that you can recover to a known, stable
environment in case the upgrade is unsuccessful. Issue the following
command:
user@host> request system snapshot
The installation process rebuilds the file system and completely reinstalls
Junos OS. Configuration information from the previous software installation
is retained, but the contents of log files might be erased. Stored files on the
routing platform, such as configuration templates and shell scripts (the only
exceptions are the juniper.conf and ssh files) might be removed. To preserve
the stored files, copy them to another system before upgrading or
downgrading the routing platform. For more information, see the Junos OS
Administration Library.
Copyright © 2019, Juniper Networks, Inc. 115
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
For more information about the installation process, see Installation and Upgrade Guide
and Upgrading Junos OS with Upgraded FreeBSD.
Procedure to Upgrade to FreeBSD 11.x based Junos OS
Products impacted: MX240, MX480, MX960, MX2010, and MX2020.
To download and install FreeBSD 11.x based Junos OS:
1. Using a Web browser, navigate to the All Junos Platforms software download URL on
the Juniper Networks webpage:
https://www.juniper.net/support/downloads/
2. Select the name of the Junos OS platform for the software that you want to download.
3. Select the release number (the number of the software version that you want to
download) from the Release drop-down list to the right of the Download Software
page.
4. Select the Software tab.
5. In the Install Package section of the Software tab, select the software package for the
release.
6. Log in to the Juniper Networks authentication system using the username (generally
your e-mail address) and password supplied by a Juniper Networks representative.
7. Review and accept the End User License Agreement.
8. Download the software to a local host.
9. Copy the software to the routing platform or to your internal software distribution
site.
10. Install the new jinstall package on the routing platform.
NOTE: We recommend that you upgrade all software packages out of
band using the console because in-band connections are lost during the
upgrade process.
All customers except the customers in the Eurasian Customs Union (currently
composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the
following package:
• For 32-bit Routing Engine version:
116 Copyright © 2019, Juniper Networks, Inc.
user@host> request system software add no-validate reboot
source/junos-install-mx-x86-32-18.4R1.9-signed.tgz
• For 64-bit Routing Engine version:
user@host> request system software add no-validate reboot
source/junos-install-mx-x86-64-18.4R1.9-signed.tgz
Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus,
Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption
Junos package):
• For 32-bit Routing Engine version:
user@host> request system software add no-validate reboot
source/junos-install-mx-x86-32-18.4R1.x-limited.tgz
• For 64-bit Routing Engine version:
user@host> request system software add no-validate reboot
source/junos-install-mx-x86-64-18.4R1.9-limited.tgz
Replace source with one of the following values:
• /pathname—For a software package that is installed from a local directory on the
router.
• For software packages that are downloaded and installed from a remote location:
• ftp://hostname/pathname
• http://hostname/pathname
• scp://hostname/pathname
Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos
OS (FreeBSD 11.x). This is because programs in the junos-upgrade-x package are built
based on FreeBSD 11.x, and Junos OS (FreeBSD 6.x) would not be able to run these
programs. You must run the no-validate option. The no-validate statement disables
the validation procedure and allows you to use an import policy instead.
Use the reboot command to reboot the router after the upgrade is validated and
installed. When the reboot is complete, the router displays the login prompt. The
loading process might take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
NOTE: You need to install the Junos OS software package and host software
package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines.
For upgrading the host OS on these routers with VM Host support, use the
junos-vmhost-install-x.tgz image and specify the name of the regular package
in the request vmhost software add command. For more information, see the
VM Host Installation topic in the Installation and Upgrade Guide.
Copyright © 2019, Juniper Networks, Inc. 117
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
NOTE: After you install a Junos OS Release 18.4 jinstall package, you cannot
return to the previously installed Junos OS (FreeBSD 6.x) software by issuing
the request system software rollback command. Instead, you must issue the
request system software add no-validate command and specify the jinstall
package that corresponds to the previously installed software.
NOTE: Most of the existing request system commands are not supported on
routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host
Software Administrative Commands in the Installation and Upgrade Guide.
Procedure to Upgrade to FreeBSD 6.x based Junos OS
Products impacted: MX5, MX10, MX40, MX80, MX104.
To download and install FreeBSD 6.x based Junos OS:
1. Using a Web browser, navigate to the All Junos Platforms software download URL on
the Juniper Networks webpage:
https://www.juniper.net/support/downloads/
2. Select the name of the Junos OS platform for the software that you want to download.
3. Select the release number (the number of the software version that you want to
download) from the Release drop-down list to the right of the Download Software
page.
4. Select the Software tab.
5. In the Install Package section of the Software tab, select the software package for the
release.
6. Log in to the Juniper Networks authentication system using the username (generally
your e-mail address) and password supplied by a Juniper Networks representative.
7. Review and accept the End User License Agreement.
8. Download the software to a local host.
9. Copy the software to the routing platform or to your internal software distribution
site.
10. Install the new jinstall package on the routing platform.
118 Copyright © 2019, Juniper Networks, Inc.
NOTE: We recommend that you upgrade all software packages out of
band using the console because in-band connections are lost during the
upgrade process.
• All customers except the customers in the Eurasian Customs Union (currently
composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the
following package:
user@host> request system software add validate reboot
source/jinstall-ppc-18.4R1.9-signed.tgz
• Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus,
Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited
encryption Junos OS package):
user@host> request system software add validate reboot
source/jinstall-ppc-18.4R1.9-limited-signed.tgz
Replace source with one of the following values:
• /pathname—For a software package that is installed from a local directory on the
router.
• For software packages that are downloaded and installed from a remote location:
• ftp://hostname/pathname
• http://hostname/pathname
• scp://hostname/pathname
The validate option validates the software package against the current configuration
as a prerequisite to adding the software package to ensure that the router reboots
successfully. This is the default behavior when the software package being added is
a different release.
Use the reboot command to reboot the router after the upgrade is validated and
installed. When the reboot is complete, the router displays the login prompt. The
loading process might take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
NOTE: After you install a Junos OS Release 18.4 jinstall package, you cannot
return to the previously installed software by issuing the request system
software rollback command. Instead, you must issue the request system
software add validate command and specify the jinstall package that
corresponds to the previously installed software.
Copyright © 2019, Juniper Networks, Inc. 119
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at
a time is not provided, except for releases that are designated as Extended End-of-Life
(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can
upgrade directly from one EEOL release to the next EEOL release even though EEOL
releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after
the currently installed EEOL release, or to two EEOL releases before or after. For example,
Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS
Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.
You cannot upgrade directly from a non-EEOL release to a release that is more than
three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to
a release more than three releases before or after, first upgrade to the next EEOL release
and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see
https://www.juniper.net/support/eol/junos.html.
Upgrading a Router with Redundant Routing Engines
If the router has two Routing Engines, perform the following Junos OS installation on
each Routing Engine separately to avoid disrupting network operation:
1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine,
and save the configuration change to both Routing Engines.
2. Install the new Junos OS release on the backup Routing Engine while keeping the
currently running software version on the master Routing Engine.
3. After making sure that the new software version is running correctly on the backup
Routing Engine, switch over to the backup Routing Engine to activate the new software.
4. Install the new software on the original master Routing Engine that is now active as
the backup Routing Engine.
For the detailed procedure, see the Installation and Upgrade Guide.
Downgrading from Release 18.4
To downgrade from Release 18.4 to another supported release, follow the procedure for
upgrading, but replace the 18.4 jinstall package with one that corresponds to the
appropriate release.
NOTE: You cannot downgrade more than three releases.
For more information, see the Installation and Upgrade Guide.
See Also • New and Changed Features on page 60
120 Copyright © 2019, Juniper Networks, Inc.
• Changes in Behavior and Syntax on page 80
• Known Behavior on page 84
• Known Issues on page 86
• Resolved Issues on page 99
• Documentation Updates on page 113
• Product Compatibility on page 121
Product Compatibility
• Hardware Compatibility on page 121
Hardware Compatibility
To obtain information about the components that are supported on the devices, and
special compatibility guidelines with the release, see the Hardware Guide and the Interface
Module Reference for the product.
To determine the features supported on MX Series devices in this release, use the Juniper
Networks Feature Explorer, a Web-based application that helps you to explore and
compare Junos OS feature information to find the right software release and hardware
platform for your network. Find Feature Explorer at:
https://apps.juniper.net/feature-explorer/.
Hardware Compatibility Tool
For a hardware compatibility matrix for optical interfaces and transceivers supported
across all platforms, see the Hardware Compatibility tool.
See Also • New and Changed Features on page 60
• Changes in Behavior and Syntax on page 80
• Known Behavior on page 84
• Known Issues on page 86
• Resolved Issues on page 99
• Documentation Updates on page 113
• Migration, Upgrade, and Downgrade Instructions on page 114
Junos OS Release Notes for NFX Series
These release notes accompany Junos OS Release 18.4R1 for the NFX Series. They
describe new and changed features, limitations, and known and resolved problems in
the hardware and software.
Copyright © 2019, Juniper Networks, Inc. 121
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
You can also find these release notes on the Juniper Networks Junos OS Documentation
webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os
• New and Changed Features on page 122
• Changes in Behavior and Syntax on page 122
• Known Behavior on page 123
• Known Issues on page 123
• Resolved Issues on page 124
• Documentation Updates on page 124
• Migration, Upgrade, and Downgrade Instructions on page 124
• Product Compatibility on page 127
New and Changed Features
This section describes the new features or enhancements to existing features in Junos OS
Release 18.4R1 for NFX Series devices.
• vSRX on page 122
vSRX
vSRX Support—Starting in Junos OS Release 18.4R1, vSRX 3.0 is supported on NFX250
devices.
See Also • Changes in Behavior and Syntax on page 122
• Known Behavior on page 123
• Known Issues on page 123
• Resolved Issues on page 124
• Documentation Updates on page 124
• Migration, Upgrade, and Downgrade Instructions on page 124
• Product Compatibility on page 127
Changes in Behavior and Syntax
There are no changes in behavior and syntax for NFX Series in Junos OS Release 18.4R1.
See Also • New and Changed Features on page 122
• Known Behavior on page 123
• Known Issues on page 123
• Resolved Issues on page 124
• Documentation Updates on page 124
• Migration, Upgrade, and Downgrade Instructions on page 124
122 Copyright © 2019, Juniper Networks, Inc.
• Product Compatibility on page 127
Known Behavior
This section lists known behavior, system maximums, and limitations in hardware and
software in Junos OS Release 18.4R1 for the NFX Series.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• Interfaces on page 123
Interfaces
In Junos OS Release 18.4R1, the factory-default configuration on NFX150 devices enables
the front-panel copper port heth-0-3 to function as a WAN port.
In this release, the following changes are made to the default configuration:
• The heth-0-3 copper port is mapped to the virtual ge-1/0/1 interface on FPC1.
• The heth-0-4 SFP+ port is mapped to the virtual ge-0/0/3 interface on FPC0.
See Also • New and Changed Features on page 122
• Changes in Behavior and Syntax on page 122
• Known Issues on page 123
• Resolved Issues on page 124
• Documentation Updates on page 124
• Migration, Upgrade, and Downgrade Instructions on page 124
• Product Compatibility on page 127
Known Issues
There are no known issues in hardware and software in Junos OS Release 18.4R1 for the
NFX Series.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
See Also • New and Changed Features on page 122
• Changes in Behavior and Syntax on page 122
• Known Behavior on page 123
• Resolved Issues on page 124
• Documentation Updates on page 124
• Migration, Upgrade, and Downgrade Instructions on page 124
Copyright © 2019, Juniper Networks, Inc. 123
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• Product Compatibility on page 127
Resolved Issues
There are no fixed issues in Junos OS Release 18.4R1 for the NFX Series.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
See Also • New and Changed Features on page 122
• Changes in Behavior and Syntax on page 122
• Known Behavior on page 123
• Known Issues on page 123
• Documentation Updates on page 124
• Migration, Upgrade, and Downgrade Instructions on page 124
• Product Compatibility on page 127
Documentation Updates
There are no errata or changes in Junos OS Release 18.4R1 documentation for NFX Series.
See Also • New and Changed Features on page 122
• Changes in Behavior and Syntax on page 122
• Known Behavior on page 123
• Known Issues on page 123
• Resolved Issues on page 124
• Migration, Upgrade, and Downgrade Instructions on page 124
• Product Compatibility on page 127
Migration, Upgrade, and Downgrade Instructions
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade
policies for Junos OS for the NFX Series. Upgrading or downgrading Junos OS might take
several hours, depending on the size and configuration of the network.
• Upgrade and Downgrade Support Policy for Junos OS Releases on page 124
• Basic Procedure for Upgrading to Release 18.4 on page 125
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at
a time is not provided, except for releases that are designated as Extended End-of-Life
(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can
124 Copyright © 2019, Juniper Networks, Inc.
upgrade directly from one EEOL release to the next EEOL release even though EEOL
releases generally occur in increments beyond three releases.
To upgrade or downgrade from a non-EEOL release to a release more than three releases
before or after, first upgrade to the next EEOL release and then upgrade or downgrade
from that EEOL release to your target release.
For more information on EEOL releases and to review a list of EEOL releases, see
https://www.juniper.net/support/eol/junos.html.
Basic Procedure for Upgrading to Release 18.4
When upgrading or downgrading Junos OS, use the jinstall package. For information
about the contents of the jinstall package and details of the installation process, see the
Installation and Upgrade Guide. Use other packages, such as the jbundle package, only
when so instructed by a Juniper Networks support representative.
NOTE: The installation process rebuilds the file system and completely
reinstalls Junos OS. Configuration information from the previous software
installation is retained, but the contents of log files might be erased. Stored
files on the device, such as configuration templates and shell scripts (the
only exceptions are the juniper.conf and ssh files), might be removed. To
preserve the stored files, copy them to another system before upgrading or
downgrading the device. For more information, see the Junos OS Administration
Library.
Copyright © 2019, Juniper Networks, Inc. 125
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
NOTE: We recommend that you upgrade all software packages out of band
using the console because in-band connections are lost during the upgrade
process.
To download and install Junos OS Release 18.4R1:
1. Using a Web browser, navigate to the All Junos Platforms software download URL
on the Juniper Networks webpage:
https://www.juniper.net/support/downloads/
2. Select the name of the Junos OS platform for the software that you want to download.
3. Select the Software tab.
4. Select the release number (the number of the software version that you want to
download) from the Version drop-down list to the right of the Download Software
page.
5. In the Install Package section of the Software tab, select the software package for
the release.
6. Log in to the Juniper Networks authentication system by using the username (generally
your e-mail address) and password supplied by Juniper Networks representatives.
7. Review and accept the End User License Agreement.
8. Download the software to a local host.
9. Copy the software to the device or to your internal software distribution site.
10. Install the new package on the device.
See Also • New and Changed Features on page 122
• Changes in Behavior and Syntax on page 122
• Known Behavior on page 123
• Known Issues on page 123
• Resolved Issues on page 124
• Documentation Updates on page 124
• Product Compatibility on page 127
126 Copyright © 2019, Juniper Networks, Inc.
Product Compatibility
• Hardware Compatibility on page 127
• Software Version Compatibility on page 127
Hardware Compatibility
To obtain information about the components that are supported on the devices, and
special compatibility guidelines with the release, see the Hardware Guide and the Interface
Module Reference for the product.
To determine the features supported on NFX Series devices in this release, use the Juniper
Networks Feature Explorer, a Web-based application that helps you explore and compare
Junos OS feature information to find the right software release and hardware platform
for your network. Find Feature Explorer at: https://pathfinder.juniper.net/feature-explorer/.
Hardware Compatibility Tool
For a hardware compatibility matrix for optical interfaces and transceivers supported
across all platforms, see the Hardware Compatibility Tool.
Software Version Compatibility
This section lists the vSRX and Cloud CPE Solution software releases that are compatible
with the Junos OS releases on the NFX series platforms.
NOTE: Starting in Junos OS Release 18.1R1, NFX150 and NFX250 devices
support the same version of platform software and vSRX. For example, see
Table 3 on page 127.
NFX250 Software Version Compatibility
This section lists the vSRX and CloudCPE Solution software releases that are compatible
with the Junos OS releases on the NFX250 platform:
Table 3: Software Compatibility Details with vSRX and Cloud CPE Solution
NFX250 Junos OS Release vSRX Cloud CPE Solution
15.1X53-D40.3 15.1X49-D40.6 Cloud CPE Solution 2.0
15.1X53-D41.6 15.1X49-D40.6 Cloud CPE Solution 2.1
15.1X53-D102.2 15.1X49-D61 Cloud CPE Solution 3.0
15.1X53-D47.4 15.1X49-D100.6 Cloud CPE Solution 3.0.1
15.1X53-D490 15.1X49-D143 Cloud CPE Solution 4.0
15.1X53-D495 15.1X49-D160 Cloud CPE Solution 4.1
Copyright © 2019, Juniper Networks, Inc. 127
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Table 3: Software Compatibility Details with vSRX and Cloud CPE Solution (continued)
NFX250 Junos OS Release vSRX Cloud CPE Solution
15.1X53-D45.3 15.1X49-D61 Not applicable
17.2R1 15.1X49-D78.3 Not applicable
17.3R1 15.1X49-D78.3 Not applicable
17.4R1 15.1X49-D78.3 Not applicable
15.1X53-D471 15.1X49-D143 Not applicable
18.1R1 18.1R1 Not applicable
18.1R2 18.1R2 Not applicable
18.1R3 18.1R3 Not applicable
18.2R1 18.2R1 Not applicable
18.3R1 18.3R1 Not applicable
18.4R1 18.4R1 Not applicable
See Also • New and Changed Features on page 122
• Changes in Behavior and Syntax on page 122
• Known Behavior on page 123
• Known Issues on page 123
• Resolved Issues on page 124
• Documentation Updates on page 124
• Migration, Upgrade, and Downgrade Instructions on page 124
Junos OS Release Notes for PTX Series Packet Transport Routers
These release notes accompany Junos OS Release 18.4R1 for the PTX Series. They
describe new and changed features, limitations, and known and resolved problems in
the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation
webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
• New and Changed Features on page 129
• Changes in Behavior and Syntax on page 138
128 Copyright © 2019, Juniper Networks, Inc.
• Known Behavior on page 139
• Known Issues on page 141
• Resolved Issues on page 143
• Documentation Updates on page 145
• Migration, Upgrade, and Downgrade Instructions on page 146
• Product Compatibility on page 150
New and Changed Features
This section describes the new features and enhancements to existing features in
Junos OS Release 18.4R1 for the PTX Series.
• Hardware on page 130
• Authentication, Authorization and Accounting (AAA) (RADIUS) on page 130
• Class of Service (CoS) on page 131
• Forwarding and Sampling on page 131
• Interfaces and Chassis on page 131
• Junos Telemetry Interface on page 131
• Layer 2 Features on page 133
• Layer 3 Features on page 133
• MPLS on page 134
• Network Management and Monitoring on page 135
• Port Security on page 135
• Routing Policy and Firewall Filters on page 135
• Routing Protocols on page 135
• Security on page 137
• Services Applications on page 137
• System Management on page 137
• VPN on page 137
Copyright © 2019, Juniper Networks, Inc. 129
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Hardware
• New fixed-configuration packet transport router (PTX Series)—Starting in Junos OS
Release 18.2R1, the PTX10001-20C is a new fixed-configuration Macsec-enabled LSR
core router. It features a compact, 1U form factor that is easy to deploy in
space-constrained Internet exchange locations, remote central offices, and embedded
peering points throughout the network. The PTX10001 has 20 QSFP28 ports, and you
can add 16 more QSFP28 ports with the optional JNP10001-16C-PIC expansion module.
The 36 QSFP28 ports can be configured as 10 Gbps, 40 Gbps, or 100 Gbps. The ports
handle up to 3.6 Tbps of throughput and 2 Bpps of forwarding capacity.
See PTX10001 Hardware Guide.
Authentication, Authorization and Accounting (AAA) (RADIUS)
• Support for password change policy enhancement (PTX Series)—Starting in Junos
OS Release 18.4R1, the Junos OS password change policy for local user accounts is
enhanced to comply with additional password policies. As part of the policy
improvement, you can configure the following:
• maximum-lifetime-value—The maximum duration of a password. The password
expires after the maximum is reached.
• minimum-lifetime-value—The minimum duration of a password. You cannot change
the password until the minimum duration is reached.
130 Copyright © 2019, Juniper Networks, Inc.
[See password.]
Class of Service (CoS)
• Support for classifying Layer 2 frames based on Layer 3 information (PTX
Series)—Starting in Junos OS Release 18.4R1, PTX Series devices support classifying
Layer 2 frames based on Layer 3 fields. You can match on DSCP bits in IPv4 packets
(classifier type dscp), TOS bits in IPv6 packets (classifier type dscp-ipv6), EXP bits in
MPLS frames (classifier type exp), and PCP bits in IEEE 802.1 frames (classifier type
ieee-802.1). To do this, define classifiers as normal at the [edit class-of-service classifiers
classifier-type classifier-name] hierarchy level and then apply the classifiers to a Layer
2 (family ethernet-switching) interface at the [edit class-of-services interfaces
interface-name unit 0] hierarchy level.
[See classifiers (Definition).]
Forwarding and Sampling
• Support for activating or deactivating static routes on the basis of RPM test results
(PTX Series) —Starting in Junos OS 18.4R1, you can use RPM probes to detect link
status, and change the preferred-route state on the basis of the probe results. Tracked
routes can be IPv4 or IPv6, and support a single IPv4 or IPv6 next hop. For example,
RPM probes can be sent to an IP address to determine if the link is up, and if so, take
the action of installing a static route in the route table. RPM-tracked routes are installed
with preference 1 and thus are preferred over any existing static routes for the same
prefix.
[See Configuring RPM Probes , rpm-tracking, and show route rpm-tracking.]
Interfaces and Chassis
• LACP hold-up timer configuration support on LAG interfaces (PTX Series)—You can
configure an LACP hold-up timer value for LAG interfaces to prevent excessive flapping
of a child (member) link of a LAG interface due to transport layer issues.
Because of transport layer issues, a link can be physically up and still cause LACP
state-machine flapping. LACP state-machine flapping, which can adversely affect
traffic on the LAG interface. With the hold-up timer configured, LACP monitors the
PDUs received on the child link for the configured time value, but does not allow the
member link to transition from the expired or default state to the current state. This
configuration thus prevents excessive flapping of the member link.
To configure the hold-up timer, use the hold-time up timer-value statement at the [edit
interfaces ae aeX aggregated-ether-options lacp] hierarchy level.
[See hold-time up and Configuring LACP Hold-UP Timer to Prevent Link Flapping on LAG
Interfaces.]
Junos Telemetry Interface
• Enhanced IS-IS sensor support for Junos Telemetry Interface (JTI) (MX960, MX2020,
PTX5000, PTX1000, and PTX10000)—Starting with Junos OS Release 18.4R1, JTI
Copyright © 2019, Juniper Networks, Inc. 131
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
supports OpenConfig Version v0.3.3 (from v0.2.1) for resource paths related to IS-IS
Link State Database (LSDB) streaming. The difference between the two versions
results in changes, additions, deletions, or nonsupport for leaf devices related to the
following IS-IS Type Length Value (TLV) parameters and IS-IS areas:
• TLV 135: extended-ipv4-reachability
• TLV 236: ipv6-reachability
• TLV 22: extended-is-reachability
• TLV 242: router-capabilities
• IS-IS Interface Attributes
• IS-IS Adjacency Attributes
To provision the sensor to export data through gRPC streaming, use the telemetry
Subscribe RPC to specify telemetry parameters. Streaming telemetry data through
gRPC also requires the OpenConfig and Network Agent packages, both of which are
bundled into the Junos OS image in a default package named junos-openconfig.
[See Configuring a Junos Telemetry Interface Sensor (CLI Procedure) and Guidelines for
gRPC Sensors (Junos Telemetry Interface).]
• Support for NTF agent (MX240, MX480, MX960, MX2010, MX2020, vMX, PTX1000,
PTX5000, and PTX10000)—Junos OS exposes telemetry data over gRPC and UDP
as part of the Junos Telemetry Interface (JTI). One way to stream JTI data into your
existing telemetry and analytics infrastructure requires managing an external entity to
convert the data into a compatible format. Starting in Junos OS Release 18.4R1, the
NTF agent feature provides an on-box solution that enables you to configure and
customize to which endpoint (such as IPFIX and Kafka) the JTI data is delivered and
in which format (such as AVRO, JSON, and MessagePack) the data is encoded.
[See NTF Agent Overview.]
• Expanded ON_CHANGE support for Junos Telemetry Interface (JTI) (MX960,
MX2010, MX2020, PTX5000, PTX1000, and PTX10000)—Starting in Junos OS
Release 18.4R1, OpenConfig support through gRPC and JTI is extended to support
additional ON_CHANGE sensors.
Periodical streaming of OpenConfig operational states and counters collects
information at regular intervals. ON_CHANGE support streams operational states as
events (only when there is a change), and is preferred over periodic streaming for
time-sensitive missions.
The following paths, previously supporting periodical streaming only, now also support
ON_CHANGE streaming:
• /components/component
• /components/component/name/
• /components/component/state/type
• /components/component/state/id
• /components/component/state/description
132 Copyright © 2019, Juniper Networks, Inc.
• /components/component/state/serial-no
• /components/component/state/part-no
ON_CHANGE notification will be supported on all the hardware components displayed
in the Junos OS CLI operational mode command show chassis hardware.
To provision a sensor to export data through gRPC, use the telemetrySubscribe RPC
to specify telemetry parameters. To enable ON_CHANGE support, configure the sample
frequency in the subscription as zero.
[See Guidelines for gRPC Sensors (Junos Telemetry Interface) and show chassis hardware.]
Layer 2 Features
• Support for Layer 2 and Layer 3 forwarding across VLANs (PTX1000, PTX10008,
and PTX10016)—Starting in Junos OS 18.4R1, PTX Series devices support Layer 2 and
Layer 3 forwarding across VLANs. Layer 3 forwarding across VLANs by using Integrated
Routing and Bridging (IRB) interface. To provide Layer 3 forwarding across VLANs, you
need to create layer 3 logical interface on IRB physical interface and associate it with
the VLAN.
These PTX routers supports IS-IS, OSPF, iBGP, and eBGP routing protocols on the IRB
interface.
[See Layer 2 Learning and Forwarding for VLANs Overview.]
• Support for port mirroring (PTX10001)—Starting in Junos OS Release 18.4R1, the
PTX10001 supports firewall filter-based port mirroring for the IPv4 address family on
the ingress interface.
[ See Configuring Port Mirroring on M, T MX, and PTX Series Routers.]
Layer 3 Features
• Support for BFD on PTX10001-20C Packet Transport Router—Starting in Junos OS
Release 18.4R1, PTX10001-20C routers support Bidirectional Forwarding Detection
(BFD) in centralized mode for clients operating under Layer 3 protocols such as OSPF,
IS-IS, and BGP. BFD support is not extended to micro-BFD, IPv6, PIM, tunnel interfaces,
or MPLS. [See bfd command.]
• Support for ECMP on Layer 3 and MPLS routes on PTX10001-20C Packet Transport
Router—Starting in Junos OS Release 18.4R1, PTX10001-20C routers support equal-cost
multipath (ECMP) load balancing for IPv4 and MPLS routes.
• Support for Layer 3 unicast features on PTX10001-20C Packet Transport Router
—Starting in Junos OS Release 18.4R1, PTX10001-20C routers support the following
Layer 3 forwarding features for unicast IPv4 traffic:
• ICMPv4 messages (MTU exceeded, TTL expiry, host unreachable, IP redirect)
• ICMPv4 host and longest prefix match (LPM) routing
• IP packet exceptions (TTL error and IP-option)
• IPv4 fragmentation
Copyright © 2019, Juniper Networks, Inc. 133
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• IPv4 ping and traceroute
• Layer 3 protocols, such as:
• OSPF
• IS-IS with Bidirectional Forwarding Detection (BFD)
• BGP
• MTU check per port
• Virtual router (VRF-lite)
MPLS
• MPLS support (PTX10001-20C)—Starting with Junos OS Release 18.4R1, MPLS is
supported on the PTX10001-20C router. The following features are supported:
• Label Switching Routers (LSRs)
• LDP and RSVP MPLS routing protocols
• IS-IS interior gateway protocol (IGP) traffic engineering
• Object access method, including ping and Bidirectional Forwarding Detection (BFD)
• Fast reroute (FRR) MPLS local protection. Both one-to-one local protection and
many-to-one local protection are supported.
This feature was previously supported in an "X" release of Junos OS. [See MPLS
Overview.]
• MPLS-TE Fast Reroute Link Protection (PTX10001-20C)— Starting with Junos OS
Release 18.4R1, you can enable fast reroute (FRR) to automatically reroute traffic on
MPLS traffic engineering (TE) LSPs if a node or link in an LSP fails, thus reducing the
loss of packets traveling over the LSP. When you enable fast reroute, detours are
precomputed and pre-established along the LSP. In case of a network failure on the
current LSP path, traffic is quickly routed to one of the detours. Fast reroute protects
traffic against any single point of failure between the ingress and egress routers.
This feature was previously supported in an "X" release of Junos OS. [See Fast Reroute
Overview.]
134 Copyright © 2019, Juniper Networks, Inc.
Network Management and Monitoring
• sFlow functionality introduced on PTX1000 and PTX10000—Starting in Junos OS
Release 18.4R1, the PTX1000 and PTX10000 routers support sFlow, a network
monitoring protocol for high-speed networks. With sFlow, you can continuously monitor
tens of thousands of ports simultaneously. The mechanism used by sFlow is simple,
not resource intensive, and accurate. An sFlow agent embedded in a network device
samples packets and gathers interface statistics and sends the information to a
monitoring station called a collector for analysis. An sFlow agent can be implemented
in a distributed model. In such a case, each subagent has a separate subagent ID and
is responsible for monitoring a set of network ports. The subagents share a common
agent address.
[See Configuring sFlow Technology for Network Monitoring (CLI Procedure) and sflow.]
Port Security
• Media Access Control Security (MACsec) support (PTX10001-20C routers)—Starting
in Junos OS Release 18.4R1, MACsec is supported on all twenty interfaces on the
PTX10001-20C router and all sixteen interfaces on the TIC1 module. MACsec is an
802.1AE IEEE industry-standard security technology that provides secure
communication for all traffic on point-to-point Ethernet links.
[See Understanding Media Access Control Security (MACsec).]
• Dynamic Host Configuration Protocol (DHCP) relay (PTX10001-20C
routers)—Starting in Junos OS Release 18.4R1, DHCP relay is supported on
PTX10001-20C routers.
[See Extended DHCP Relay Agent.]
Routing Policy and Firewall Filters
• Support for next-filter as a firewall filter action (PTX Series)—Starting with Junos
OS Release 18.4R1, firewall filters can be configured to execute a sequence of firewall
filter actions. The new next-filter option enables you to deploy a filter list and run a
series of filters, similar to what is already available with next-term actions, and provides
filter scale optimization. Up to eight filters can be chained in this way. The feature is
not supported on logical systems, or on loopback and pseudo-interfaces.
You can use a filter list to implement a mix of multifield-classification and firewall filter
rules. For example, the first filter in the list can be used to perform a generic filter
classification, and the subsequent filters can then do the actual filtering.
[See input-chain and output-chain.]
Routing Protocols
• Support for 64 add-path BGP routes (PTX Series)—Starting in Junos OS Release
18.4R1, support is extended to 64 add-path BGP routes. Currently Junos OS supports
six add-path routes and BGP can advertise upto 20 add-path routes through policy
Copyright © 2019, Juniper Networks, Inc. 135
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
configuration. This feature allows BGP to advertise 64 add-path routes and a second
best ECMP path as a backup in addition to the multiple ECMP paths.
To advertise all add-paths up to 64 add-paths or only equal-cost paths, include the
path-selection-mode statement at the [edit protocols bgp group group-name family
name addpath send] hierarchy level. You cannot enable both multipath and
path-selection-mode at the same time.
To advertise a second best ECMP path as a backup path in addition to the multiple
ECMP paths include the include-backup-path bacup_path_name statement at the [edit
protocols bgp group group-name family name addpath send]] hierarchy level.
[See add-path.]
[See include-backup-path.]
• Support for BGP flowspec redirect to IP (PTX Series)—Starting in Junos OS Release
18.4R1, BGP flow specification as described in BGP Flow-Spec Internet draft
draft-ietf-idr-flowspec-redirect-ip-02.txt, Redirect to IP Action is supported. Redirect
to IP action uses extended BGP community to provide traffic filtering options for DDoS
mitigation in service provider networks. Legacy flow specification, as specified in the
Internet draft draft-ietf-idr-flowspec-redirect-ip-00.txt, BGP Flow-Spec Extended
Community for Traffic Redirect to IP Next Hop, redirect to IP uses the BGP nexthop
attribute to support interoperability of devices. Junos OS advertises redirect to IP flow
specification action using the extended community by default. Redirect to IP action
allows you to divert matching flow specification traffic to a globally reachable address.
This feature is required to support service chaining in virtual service control gateway
(vSCG).
To configure a static IPv4 flow specification route, include the redirect ipv4-address
statement at the [edit routing-options flow route then] hierarchy level in the
configuration.
To configure a static IPv6 specification route, include the redirect ipv6-address statement
at the [edit routing-options flow route then] hierarchy level in the configuration.
To configure legacy flow specification include legacy-redirect-ip-action at the [edit
group bgp-group neighbor bgp neighbor family inet flow] hierarchy level.
To configure BGP to use VRF.inet.0 table to resolve VRF flow specification routes,
include secondary-independent-resolution statement at the [edit protocols bgp neighbor
family flow] hierarchy level.
[See legacy-redirect-ip-action.]
[See Configuring BGP Flow Specification Action Redirect to IP to Filter DDoS Traffic.]
136 Copyright © 2019, Juniper Networks, Inc.
Security
• Support for Ingress Firewall Filters (PTX10001-20C)—Starting with Junos OS Release
18.4R1, you can configure firewall rules to filter incoming network traffic based on a
series of user-defined rules. You can specify whether to accept, permit, deny, or forward
packets before it enters an interface. If a packet is accepted, you can also configure
additional actions to perform on the packet, such as class-of-service (CoS) marking
(grouping similar types of traffic together and treating each type of traffic as a class
with its own level of service priority) and traffic policing (controlling the maximum rate
of traffic sent or received). Only ingress firewall filters are supported. You configure
firewall filters under the [edit firewall] hierarchy level. This feature was previously
supported in an "X" release of Junos OS.
[See Firewall Filters Overview.]
Services Applications
• Support for IPv4 and IPv6 inline active flow monitoring (PTX10002-60C
router)—Starting in Junos OS Release 18.4R1 on PTX10002-60C routers, you can
perform inline active flow monitoring for IPv4 and IPv6 traffic. Both IPFIX and version
9 templates are supported.
[See Configuring Inline Active Flow Monitoring on PTX Series Routers.]
System Management
• Copy files between the Junos VM and Linux host (PTX10008)—In Junos OS Release
18.4R1, two commands are introduced on the Enhanced Automation variant of Junos
OS for PTX10008 routers: request vmhost copy jnode-to-vjunos and request vmhost
copy vjunos-to-jnode. These commands enable you to copy files from the Linux host
to the Junos VM and vice versa.
[See request vmhost copy jnode-to-vjunos and request vmhost copy vjunos-to-jnode.]
VPN
• Support to control traceroute over Layer 3 VPN (PTX Series)—Starting in Junos OS
Release 18.4R1, in a Layer 3 VPN topology with vrf-table-label configured and multiple
customer edge (CE) routers configured in the same VPN routing and forwarding (VRF)
routing instance, when traceroute is performed to a remote provider edge (PE) router
for a CE-facing network, the ICMP time exceeded packet determines the correct IP
address as the source address.
To control the traceroute over Layer 3 VPN topology with vrf-table-label configured
and multiple CE routers configured in the same VRF, you can configure
allow-l3vpn-traceroute-src-select at the[edit system] hierarchy level that determines
the correct IP source address by reviewing the destination routing instance and
destination IP address.
[See allow-l3vpn-traceroute-src-select.]
Copyright © 2019, Juniper Networks, Inc. 137
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
See Also • Changes in Behavior and Syntax on page 138
• Known Behavior on page 139
• Known Issues on page 141
• Resolved Issues on page 143
• Documentation Updates on page 145
• Migration, Upgrade, and Downgrade Instructions on page 146
• Product Compatibility on page 150
Changes in Behavior and Syntax
This section lists the changes in behavior of Junos OS features and changes in the syntax
of Junos OS statements and commands in Junos OS Release 18.4R1 for the PTX Series.
• Interfaces and Chassis on page 138
• Network Management and Monitoring on page 139
Interfaces and Chassis
• New option to configure IP address to be used when the Routing Engine is the current
master—Starting in Junos OS Release 18.4R1, a new option, master-only, is supported
on routers with RE-MX-X6, RE-MX-X8, and RE-PTX-X8 Routing Engines at the following
hierarchies:
• [edit vmhost interfaces management-if interface (0|1) family inet address IPv4 address]
• [edit vmhost interfaces management-if interface (0|1) family inet6 address IPv6
address]
In routing platforms with dual Routing Engines and VM host support, the master-only
option enables you to configure the IP address to be used for the VM host when the
Routing Engine is the current master. The master Routing Engine and the backup
Routing Engine can have independent host IP addresses configured. In releases before
Junos OS Release 18.4R1, the same IP address is applied on the master and backup
Routing Engines, resulting in configuration issues.
• Support for creating layer 2 logical interface independently (PTX Series)—In Junos
OS Releases 18.4R1, 18.4R2, and later, PTX Series routers support creating layer 2 logical
interface independent of layer 2 routing instance type. That is, you can configure and
commit the layer 2 logical interfaces separately and add the interface to bridge-domain
or Ethernet VPN (EVPN) routing instance separately. Note that the layer 2 logical
interfaces works fine only when the interface is added to bridge domain or EVPN routing
instance.
In the earlier Junos OS releases, when an layer 2 logical interface configuration (units
with encapsulation vlan-bridge configuration) is used, then the logical interface must
be added as part of a bridge-domain or EVPN routing instance for the commit to
succeed.
138 Copyright © 2019, Juniper Networks, Inc.
Network Management and Monitoring
• No chassis alarm when power consumption by an FPC exceeds 90% or 100% of
the allocated power budget—Starting in Junos OS Release 18.4R1, the PTX5000
routers do not raise a chassis alarm in the following events:
• Power consumption by an FPC exceeds 90% of the allocated power budget.
• Power consumption by an FPC exceeds 100% of the allocated power budget (in
this case, a system log is registered).
• The NETCONF server omits warnings in RPC replies when the rfc-compliant statement
is configured and the operation returns <ok/> (PTX Series)—Starting in Junos OS
Release 18.4R1, when you configure the rfc-compliant statement at the [edit system
services netconf] hierarchy level to enforce certain behaviors by the NETCONF server,
the server must not return an RPC reply that encloses both an <rpc-error> element
and an <ok/> element. If the operation is successful, but the server reply encloses one
or more <rpc-error> elements of severity warning in addition to the <ok/> element,
then the warnings are omitted. In earlier releases, or when the rfc-compliant statement
is not configured, the NETCONF server might issue an RPC reply that encloses both an
<rpc-error> element of severity warning and an <ok/> element.
See Also • New and Changed Features on page 129
• Known Behavior on page 139
• Known Issues on page 141
• Resolved Issues on page 143
• Documentation Updates on page 145
• Migration, Upgrade, and Downgrade Instructions on page 146
• Product Compatibility on page 150
Known Behavior
This section contains the known behavior, system maximums, and limitations in hardware
and software in Junos OS Release 18.4R1 for PTX Series.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• Interfaces and Chassis on page 140
• Platform and Infrastructure on page 140
Copyright © 2019, Juniper Networks, Inc. 139
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Interfaces and Chassis
• On PTX10001-20C routers, the show interfaces command might display different values
for the input and output packets per second (pps) for host-bound packets.
Platform and Infrastructure
• When an FPC goes offline or restarts, FPC x sends traffic to FPC y. The following error
messages are seen and a corresponding alarm is set on the destination FPC. Specific
to PTX10000, the transient alarm gets set when this condition occurs. The alarm clears
later because the source FPC goes offline. Apr 09 10:31:24 [TRACE] [asta] Apr 9 10:19:59
asta fpc4 Error (0x210613), module: PE Chip, type: Apr 09 10:31:24 [TRACE] [asta] Apr
9 10:19:59 asta fpc4 Cmerror Op Set: PE Chip: PE1[1]: FO:core intr: 0x00000010: Grant
spray drop due to unspray-able condition error Apr 09 10:31:24 [TRACE] [asta] Apr 9
10:19:59 asta fpc4 Error (0x210614), module: PE Chip, type: Apr 09 10:31:24 [TRACE]
[asta] Apr 9 10:19:59 asta fpc4 Cmerror Op Set: PE Chip: PE1[1]: FO:core intr:
0x00000008: Request spray drop due to unspray-able condition errorPR1268678
• The statistics for the physical interface are not getting updated for mirrored ports.
Recommendation: Either the ingress and mirror interfaces should have the same MTU
size or the mirror interface should have a higher MTU size than the ingress interface.
PR1372321
• Currently PTX1000-M20C supports 128,000 transit LSPs; however, in a failover scenario,
Argus can support a maximum of 192,000 LSPs, which means 64,000 backup LSPs
are active. In failover scenario and MBB case, 256,000 LSPs are required, but the ASIC
can handle maximum of 192,000 after optimization, so there is a limitation with backup
LSPs. PR1375780
• PTX1000 and MX Series sflow sampling output has different VLAN priority in extended
switch data fields with the same dual-tag configuration when egress sampling is
configured, this is dependent on the sequence in which sampling and mac-rewrite
happens. In MX Series MAC rewrite occurs after sampling and in the case of PTX Series
sampling happens after MAC rewrite. PR1387468
• The set interfaces interface-name gigether-options fec fec74|fec91|none configuration
is not supported on the Argus platform. PR1388140
See Also • New and Changed Features on page 129
• Changes in Behavior and Syntax on page 138
• Known Issues on page 141
• Resolved Issues on page 143
• Documentation Updates on page 145
• Migration, Upgrade, and Downgrade Instructions on page 146
• Product Compatibility on page 150
140 Copyright © 2019, Juniper Networks, Inc.
Known Issues
This section lists the known issues in hardware and software in Junos OS Release 18.4R1
for the PTX Series.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• Class of Service (CoS) on page 141
• Interfaces and Chassis on page 141
• Platform and Infrastructure on page 141
• Routing Protocols on page 143
Class of Service (CoS)
• PTX1000-M20C: Core files are generated when ports are channelized and
de-channelized repeatedly, without delay. PR1370781
Interfaces and Chassis
• Upgrading Junos OS Release 14.2R5 and later maintenance releases and Junos OS
Release 16.1 and later mainline releases with CFM configuration might cause the cfmd
process to crash after the upgrade. This is because of the old version of /var/db/cfm.db.
PR1281073
Platform and Infrastructure
• Control packets might get dropped when the Packet Forwarding Engine experinces
heavy congestion. PR1163759
• In a rare race condition, multiple interrupts are not handled properly on PTX platform
with FPC3-PTX-U2/FPC3-PTX-U3, which could lead to a core file being generated.
The condition is difficult to reproduce. As a workaround, the interrupt code is optimized
to avoid the unnecessary call to prevent the issue. PR1208536
• On a PTX Series PIC with the CFP2-DCO-T-WDM transceiver installed, after repeated
configuration rollback, the link sometimes takes a long time to come up. PR1301462
• On a PTX Series router with a third-generation FPC, an error message is displayed
when the FPC goes online or offline. PR1322491
• The output of the CLI command show class-of-service fabric statistics now includes
traffic that was dropped because of internal errors in the drop counts. PR1338647
• NETCONF SSH TCP port 830 traffic hitting host path or unclassified queue causes
DDoS violations in the unclassified queue. The following log appears:
DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for
protocol/exception.PR1345744
• PTX3000 reports CCL (Chip to Chip Link) CRC errors when FPC3-SFF-PTX-1X is taken
offline through a CLI command by pressing the offline button. The syslog error is
generated by an FPC just before it goes offline, so there is no detectable traffic loss.
Copyright © 2019, Juniper Networks, Inc. 141
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
The messages are as follows: Apr 2 08:43:00 fpc4 CMSNGFM:
cmsngfpc_fm_send_spry_ctrl_ack: ev_id:11 fm_st:ALL fm_type:FPC_OFF fm_op:DEL Apr
2 08:43:00 fpc2 CMSNGFM: cmsngfpc_platform_fm_periodic: PFE 0 detected link error
for S00F0_0(11,0,11)->FPC02FE0(0,00) Apr 2 08:43:00 fpc2 CCL: Logging statistics for
FPC02FE0(0,00) Apr 2 08:43:00 fpc2 CCL: SOT:0x0000037649c2c43e Apr 2 08:43:00
fpc2 CCL: FrameCnt:0x00000000000419dc Apr 2 08:43:00 fpc2 CCL:
LastCRCErrCnt:0x00000003 Apr 2 08:43:00 fpc2 CCL:
AggrCRCErrCnt:0x0000000000000003 Apr 2 08:43:00 fpc2 CCL:
AggrBERCnt:0x0000000000000001 Apr 2 08:43:00 fpc2 CCL:
pe0-Avg-28nm-link-10-18 CRC error history (last 5 polls): Apr 2 08:43:00 fpc2 CCL: 0x0
0x0 0x0 0x0 0x3 Apr 2 08:43:00 fpc2 CCL: FEC Uncorrectable FEC Correctable Apr 2
08:43:00 fpc2 CCL: 00000004, 00000000 Apr 2 08:43:00 fpc2 CCL: 00000000,
00000000 Apr 2 08:43:00 fpc2 BEGIN Rx serdes info for asic pe0-0 serdes 18 Apr 2
08:43:00 fpc2 Signal & port condition for serdes_num 18 Apr 2 08:43:00 fpc2 Rx Signal
: Signal Not OK Apr 2 08:43:00 fpc2 Rx Electrical Idle : High Apr 2 08:43:00 fpc2 Rx
Frequency Lock: Set Apr 2 08:43:00 fpc2 Rx Port : Ready Apr 2 08:43:00 fpc2 DFE TAPs
: -- snip -- Apr 2 08:43:00 fpc2 CCL: FrameCnt:0x0000000000041a0d Apr 2 08:43:00
fpc2 CCL: LastCRCErrCnt:0x00000003 Apr 2 08:43:00 fpc2 CCL:
AggrCRCErrCnt:0x0000000000000003 Apr 2 08:43:00 fpc2 CCL:
AggrBERCnt:0x0000000000000001 Apr 2 08:43:00 fpc2 CCL:
pe0-Avg-28nm-link-14-22 CRC error history (last 5 polls): Apr 2 08:43:00 fpc2 CCL: 0x0
0x0 0x0 0x0 0x3 Apr 2 08:43:00 fpc2 CCL: FEC Uncorrectable FEC Correctable Apr 2
08:43:00 fpc2 CCL: 00000004, 00000000 Apr 2 08:43:00 fpc2 CCL: 00000000,
00000000 Apr 2 08:43:00 fpc2 BEGIN Rx serdes info for asic pe0-0 serdes 22 Apr 2
08:43:00 fpc2 Signal & port condition for serdes_num 22 Apr 2 08:43:00 fpc2 Rx Signal
: Signal Not OK Apr 2 08:43:00 fpc2 Rx Electrical Idle : High Apr 2 08:43:00 fpc2 Rx
Frequency Lock: Set Apr 2 08:43:00 fpc2 Rx Port : Ready Apr 2 08:43:00 fpc2 DFE TAPs
: -- snip -- Apr 2 08:43:00 fpc2 CCL: Logging errors for FPC02FE0(0,00) Apr 2 08:43:00
fpc2 CCL: BER Err Apr 2 08:43:00 fpc2 CCL: Frame Lock Loss Apr 2 08:43:00 fpc2 CCL:
Align Loss Apr 2 08:43:00 fpc2 CCL: Header Comparison Error Apr 2 08:43:00 fpc2 CCL:
Header Preamble Error Apr 2 08:43:00 fpc2 CMSNGFM: cmsngfpc_platform_fm_periodic:
PFE 0 detected link error for S00F1_0(14,0,14)->FPC02FE0(1,00) Apr 2 08:43:00 fpc2
CMSNGFM: cmsngfpc_platform_fm_periodic: PFE 1 detected link error for
S00F0_0(11,0,11)->FPC02FE1(0,00) Apr 2 08:43:00 fpc2 CMSNGFM:
cmsngfpc_platform_fm_periodic: PFE 1 detected link error for
S00F1_0(14,0,14)->FPC02FE1(1,00) User@PTX3000> show chassis hardware detail
Hardware inventory: FPC 0 REV 43 750-057064 ACPV7514 FPC3-SFF-PTX-1XCPU
BUILTIN BUILTIN SMPC PMB FPC 2 REV 40 750-057064 ACPJ9145 FPC3-SFF-PTX-1XCPU
BUILTIN BUILTIN SMPC PMB FPC 4 REV 43 750-057064 ACPR8506
FPC3-SFF-PTX-1XCPU BUILTIN BUILTIN SMPC PMB SIB 0 REV 10 750-057067 ACPJ8829
SIB3-SFF-PTX SIB 1 REV 10 750-057067 ACPJ8683 SIB3-SFF-PTX SIB 2 REV 10
750-057067 ACPJ8843 SIB3-SFF-PTX SIB 3 REV 10 750-057067 ACPJ8920
SIB3-SFF-PTXPR1348733
• On the PTX1000 router, platform, after rebooting the system by issuing the CLI
command request vmhost reboot, the netproxy service might fail to start. PR1365664
• When the TIC is taken offline and then brought online, MPLS bidirectional traffic flow
might stop working. PR1367920
142 Copyright © 2019, Juniper Networks, Inc.
• Log messages are displayed when there is a transceiver present on the WAN ports, but
the cable is not connected. PR1368969
• Power usage ST components in the PTX5000 does not work as intended. PR1372369
• When a Routing Engine reboots and comes online, it sends gratuitous ARP packets to
the internal interfaces in order to advertise its MAC address. These packets get into
the UKERN running on the FPC, which drops these packets. The messages seen here
are displayed just before the FPC drops the packets. These error messages are harmless
and do not disrupt working of any feature. PR1374372
• Use groups re0/re1 to configure the Routing Engine-specific management interface.
PR1375012
• In case multiple LLDP sensors are getting exported together and part of their keys are
overlapped, data for these sensors can sometimes get skipped from being exported.
PR1382691
• The DHCP Relay functionality does not work on PTX10001-20C devices. DHCP relay
functionality: The DHCP requests and the DHCP offers are snooped by the box, the
snooping happens via firewall, firewall snoops all the DHCP packets ingressing the
default route table and all the offers and requests are punted unto the
host/control-plane. When a DHCP client sends the DHCP request, it gets intercepted
by the filter block and punted up to the control plane. Upon receiving this packet,
control-plane unicast (relay) this packet to DHCP server. DHCP server responds back
with a DHCP Offer, which again gets intercepted by the firewall block and punted up.
Upon receiving the DHCP offer, control plane broadcast this DHCP offer to the clients
vlan and eventually client receives the DHCP offer.PR1407476
Routing Protocols
• In an LDP network with gradual deployment of segment routing (also known as the
LDP mapping server feature), the rpd process might crash after you commit the
configuration related to mapping-server-entry prefix-segments/prefix-segment-ranges
with the maximum number of entries exceeded (16 for Junos OS Release 17.4 and 64
for Junos OS Release 17.4R2 onward). PR1379558
See Also • New and Changed Features on page 129
• Changes in Behavior and Syntax on page 138
• Known Behavior on page 139
• Resolved Issues on page 143
• Documentation Updates on page 145
• Migration, Upgrade, and Downgrade Instructions on page 146
• Product Compatibility on page 150
Resolved Issues
This section lists the issues fixed in the Junos OS Release 18.4R1 for the PTX Series.
Copyright © 2019, Juniper Networks, Inc. 143
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• Infrastructure on page 144
• Interfaces and Chassis on page 144
• MPLS on page 144
• Platform and Infrastructure on page 144
Infrastructure
• The FPC might go down on some VM-host-based PTX Series or QFX Series devices.
PR1367477
Interfaces and Chassis
• PE Chip:pe0[0]: IPW: oversize_drop error causes a major error on FPC. PR1375030
MPLS
• In Junos OS Release 18.2X75, IPv6 routes are dead in mpls.0 table S=0 leads to traffic
loss in v6-indirect next-hop stitching. PR1355878
• LSP with auto-bandwidth enabled goes down as a result of an HMC error. PR1374102
• Bypass LSP is taking the same SRLG colored path. PR1387497
Platform and Infrastructure
• On a PTX1000, upgrade from Junos OS Release 16.1X65-D45 to Junos OS Release
17.3-20170721 fails frequently when sampling is enabled. PR1296533
• Repeated log messages %PFE-3 fpcX expr_nh_index_tree_ifl_get and
expr_nh_index_tree_ipaddr_get are observed when the sampling packet is discarded
with the log (or syslog) statement configured under the firewall filter. PR1304022
• The status LED on the chassis remains unlit on the QFX10002-60C. PR1332991
• The traffic-class-count values in a filter configured with the scale-optimized statement,
are not incrementing. PR1334580
• Packet might be dropped by RPF during a Routing Engine switchover. PR1354285
• The host interface might stop sending packets on a PTX Series router with FPC3 or
PTX1000 when you use an outbound firewall filter with syslog option. PR1354580
• PTX1000-M20C: FRR link-protection convergence time. PR1355953
• Traffic is still forwarded through the member link of an aggregated Ethernet bundle
interface even with Link-Layer-Down flag set. PR1365263
• JSA10899 2018-10 Security Bulletin: Junos OS: Next-hop index allocation failed: private
index space exhausted as a result of incoming ARP requests to the management
interface (CVE-2018-0063). PR1360039
144 Copyright © 2019, Juniper Networks, Inc.
• The 'Normal discards' Packet Forwarding Engine statistics traffic counter might increase
at a higher rate when Inline-Jflow or sFlow is enabled. PR1368208
• slu.l2_domain_lookup_failure traps might be observed when using sampling on
FPC-P1/FPC-P2. PR1368381
• The IPLC card might take a long time to come up. PR1368637
• The 'commit or commit check operation' might fail because of the error cannot have
lsp-cleanup-timer without lsp-provisioning.PR1368992
• Packets might be dropped after a filter is deleted from an interface. PR1372957
• Inline BFD keeps flapping when inline samping is configured. PR1376509
• Traffic might be dropped on third-generation FPCs on PTX Series routers. PR1378392
• Layer 3 VPN traffic might be dropped because one core-facing interface is down.
PR1380783
• BFD sessions bounced FPCs that have not been taken offline. PR1383703
• Packet Forwarding Engine-based local repair does not happen for IP routes pointing
to a unilist of composites with Indirect next hops. PR1383965
• CPSM daemon memory leak is observed ion VM host. PR1387903
• BFD flaps are seen on PTX or QFX10000 platforms with inline BFD. PR1389569
• Forwarding issue on mixed link-speed aggregated Ethernet interface after FPC reloads.
PR1390417
• High jsd or na-grpcd CPU usage might be seen even when JET or JTI is not used.
PR1398398
See Also • New and Changed Features on page 129
• Changes in Behavior and Syntax on page 138
• Known Behavior on page 139
• Known Issues on page 141
• Documentation Updates on page 145
• Migration, Upgrade, and Downgrade Instructions on page 146
• Product Compatibility on page 150
Documentation Updates
There are no errata or changes in Junos OS Release 18.4R1 documentation for PTX Series.
See Also • New and Changed Features on page 129
• Changes in Behavior and Syntax on page 138
• Known Behavior on page 139
Copyright © 2019, Juniper Networks, Inc. 145
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• Known Issues on page 141
• Resolved Issues on page 143
• Migration, Upgrade, and Downgrade Instructions on page 146
• Product Compatibility on page 150
Migration, Upgrade, and Downgrade Instructions
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade
policies for Junos OS for the PTX Series. Upgrading or downgrading Junos OS might take
several hours, depending on the size and configuration of the network.
• Basic Procedure for Upgrading to Release 18.4 on page 146
• Upgrade and Downgrade Support Policy for Junos OS Releases on page 149
• Upgrading a Router with Redundant Routing Engines on page 149
Basic Procedure for Upgrading to Release 18.4
When upgrading or downgrading Junos OS, use the jinstall package. For information
about the contents of the jinstall package and details of the installation process, see the
Installation and Upgrade Guide. Use other packages, such as the jbundle package, only
when so instructed by a Juniper Networks support representative.
NOTE: Back up the file system and the currently active Junos OS configuration
before upgrading Junos OS. This allows you to recover to a known, stable
environment if the upgrade is unsuccessful. Issue the following command:
user@host> request system snapshot
NOTE: The installation process rebuilds the file system and completely
reinstalls Junos OS. Configuration information from the previous software
installation is retained, but the contents of log files might be erased. Stored
files on the router, such as configuration templates and shell scripts (the only
exceptions are the juniper.conf and ssh files), might be removed. To preserve
the stored files, copy them to another system before upgrading or
downgrading the routing platform. For more information, see the Junos OS
Administration Library.
146 Copyright © 2019, Juniper Networks, Inc.
NOTE: We recommend that you upgrade all software packages out of band
using the console because in-band connections are lost during the upgrade
process.
To download and install Junos OS Release 18.4R1:
1. Using a Web browser, navigate to the All Junos Platforms software download URL
on the Juniper Networks webpage:
https://www.juniper.net/support/downloads/
2. Select the name of the Junos OS platform for the software that you want to download.
3. Select the release number (the number of the software version that you want to
download) from the Release drop-down list to the right of the Download Software
page.
4. Select the Software tab.
5. In the Install Package section of the Software tab, select the software package for
the release.
6. Log in to the Juniper Networks authentication system by using the username (generally
your e-mail address) and password supplied by Juniper Networks representatives.
7. Review and accept the End User License Agreement.
8. Download the software to a local host.
9. Copy the software to the routing platform or to your internal software distribution
site.
10. Install the new jinstall package on the router.
NOTE: We recommend that you upgrade all software packages out of
band using the console because in-band connections are lost during the
upgrade process.
All customers except the customers in the Eurasian Customs Union (currently
comprised of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the
following package:
user@host> request system software add validate reboot
source/junos-install-ptx-x86-64-18.4R1.9.tgz
Copyright © 2019, Juniper Networks, Inc. 147
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Customers in the Eurasian Customs Union (currently comprised of Armenia, Belarus,
Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption
Junos OS package):
user@host> request system software add validate reboot
source/junos-install-ptx-x86-64-18.4R1.9-limited.tgz
Replace the source with one of the following values:
• /pathname—For a software package that is installed from a local directory on the
router.
• For software packages that are downloaded and installed from a remote location:
• ftp://hostname/pathname
• http://hostname/pathname
• scp://hostname/pathname
The validate option validates the software package against the current configuration
as a prerequisite to adding the software package to ensure that the router reboots
successfully. This is the default behavior when the software package being added is
a different release.
Adding the reboot command reboots the router after the upgrade is validated and
installed. When the reboot is complete, the router displays the login prompt. The
loading process might take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
NOTE: You need to install the Junos OS software package and host software
package on the routers with the RE-PTX-X8 Routing Engine. For upgrading
the host OS on this router with VM Host support, use the
junos-vmhost-install-x.tgz image and specify the name of the regular package
in the request vmhost software add command. For more information, see the
VM Host Installation topic in the Installation and Upgrade Guide.
NOTE: After you install a Junos OS Release 18.4 jinstall package, you cannot
return to the previously installed software by issuing the request system
software rollback command. Instead, you must issue the request system
software add validate command and specify the jinstall package that
corresponds to the previously installed software.
NOTE: Most of the existing request system commands are not supported on
routers with RE-PTX-X8 Routing Engines. See the VM Host Software
Administrative Commands in the Installation and Upgrade Guide.
148 Copyright © 2019, Juniper Networks, Inc.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at
a time is not provided, except for releases that are designated as Extended End-of-Life
(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can
upgrade directly from one EEOL release to the next EEOL release even though EEOL
releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after
the currently installed EEOL release, or to two EEOL releases before or after. For example,
Junos OS Releases 17.4, 18.1, and 18.2 are EEOL releases. You can upgrade from Junos
OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3. However,
you cannot upgrade directly from a non-EEOL release that is more than three releases
ahead or behind.
To upgrade or downgrade from a non-EEOL release to a release more than three releases
before or after, first upgrade to the next EEOL release and then upgrade or downgrade
from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see
https://www.juniper.net/support/eol/junos.html.
Upgrading a Router with Redundant Routing Engines
If the router has two Routing Engines, perform a Junos OS installation on each Routing
Engine separately to avoid disrupting network operation as follows:
1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine
and save the configuration change to both Routing Engines.
2. Install the new Junos OS release on the backup Routing Engine while keeping the
currently running software version on the master Routing Engine.
3. After making sure that the new software version is running correctly on the backup
Routing Engine, switch over to the backup Routing Engine to activate the new software.
4. Install the new software on the original master Routing Engine that is now active as
the backup Routing Engine.
For the detailed procedure, see the Installation and Upgrade Guide.
See Also • New and Changed Features on page 129
• Changes in Behavior and Syntax on page 138
• Known Behavior on page 139
• Known Issues on page 141
• Resolved Issues on page 143
• Documentation Updates on page 145
• Product Compatibility on page 150
Copyright © 2019, Juniper Networks, Inc. 149
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Product Compatibility
• Hardware Compatibility on page 150
Hardware Compatibility
To obtain information about the components that are supported on the devices, and
special compatibility guidelines with the release, see the Hardware Guide and the Interface
Module Reference for the product.
To determine the features supported on PTX Series devices in this release, use the Juniper
Networks Feature Explorer, a Web-based application that helps you explore and compare
Junos OS feature information to find the right software release and hardware platform
for your network. Find Feature Explorer at: https://apps.juniper.net/feature-explorer/.
Hardware Compatibility Tool
For a hardware compatibility matrix for optical interfaces and transceivers supported
across all platforms, see the Hardware Compatibility tool.
See Also • New and Changed Features on page 129
• Changes in Behavior and Syntax on page 138
• Known Behavior on page 139
• Known Issues on page 141
• Resolved Issues on page 143
• Documentation Updates on page 145
• Migration, Upgrade, and Downgrade Instructions on page 146
Junos OS Release Notes for the QFX Series
These release notes accompany Junos OS Release 18.4R1 for the QFX Series. They
describe new and changed features, limitations, and known and resolved problems in
the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation
webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
• New and Changed Features on page 151
• Changes in Behavior and Syntax on page 158
• Known Behavior on page 159
• Known Issues on page 161
• Resolved Issues on page 167
• Documentation Updates on page 173
• Migration, Upgrade, and Downgrade Instructions on page 173
• Product Compatibility on page 185
150 Copyright © 2019, Juniper Networks, Inc.
New and Changed Features
This section describes the new features for the QFX Series switches in Junos OS Release
18.4R1.
NOTE: The following QFX Series platforms are supported in Release 18.4R1:
QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, QFX10002, QFX10008,
and QFX10016. Junos on White Box is also supported in Release 18.4R1.
• Authentication, Authorization, and Accounting (AAA) on page 151
• Class of Service (CoS) on page 151
• EVPNs on page 152
• High Availability (HA) and Resiliency on page 154
• Junos on White Box on page 154
• Operation, Administration, and Maintenance (OAM) on page 157
• System Management on page 157
• VPNs on page 158
Authentication, Authorization, and Accounting (AAA)
• Support for password change policy enhancement (QFX Series)—Starting in Junos
OS Release 18.4R1, the Junos OS password change policy for local user accounts is
enhanced to comply with additional password policies. As part of the policy
improvement, you can configure the following:
• maximum-lifetime-value—The maximum duration of a password. The password
expires after the maximum is reached.
• minimum-lifetime-value—The minimum duration of a password. You cannot change
the password until the minimum duration is reached.
[See password.]
Class of Service (CoS)
• Class of service support on VXLAN interfaces (QFX10000)—Starting with Junos OS
18.4R1, standard class of service (CoS) features-–classifiers, rewrite rules, and
schedulers-–are supported on VXLAN interfaces on the QFX10000 line of switches.
[See Understanding CoS on OVSDB-Managed VXLAN Interfaces.]
• Class of service support on VXLAN interfaces (QFX5100)—Starting with Junos OS
18.4R1, standard class of service (CoS) features - classifiers, rewrite rules, and
schedulers - are supported on VXLAN interfaces on QFX5100 switches.
[See Understanding CoS on OVSDB-Managed VXLAN Interfaces.]
Copyright © 2019, Juniper Networks, Inc. 151
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
EVPNs
• Support for graceful restart on EVPN-VXLAN (QFX Series)—Starting in Junos OS
Release 18.4R1, Junos OS supports graceful restart on EVPN-VXLAN on EX9200 and
QFX Series switches and MX Series routers. Graceful restart allows the device to recover
from a routing process restart or Routing Engine switchover without nonstop active
routing (NSR) enabled.
[See NSR and Unified ISSU Support for EVPN Overview.]
• Selective multicast forwarding and SMET support in EVPN-VXLAN (QFX10002,
QFX10008, and QFX10016)—Starting in Junos OS Release 18.4R1, Junos OS supports
selective multicast forwarding in a centrally EVPN-VXLAN network. Devices on a bridge
domain with IGMP snooping enabled will monitor traffic on the access interfaces and
selective forwarding towards the core. Devices that support selective multicast
forwarding replicate and forward multicast traffic only to other interested devices. This
feature is supported on a centrally-routed spine-and-leaf topology on QFX 10000
switches where the network can consist of a mix of SMET supported and non-SMET
supported devices. This is achieved because the ingress devices can flood multicast
traffic to the non-SMET capable devices while selectively forwarding the traffic among
SMET capable devices. The ingress device can determine whether a device on the
EVPN network is capable of supporting SMET by the presence or absences of the
multicast flag community in a EVPN type 3 route message and will forward the traffic
accordingly. Thus, the data center fabric can be upgraded in phases without disrupting
existing multicast operations.
[See Selective Multicast Forwarding .]
• Support for VMTO for ingress traffic (QFX Series)—Starting in Junos OS Release
18.4R1, you can configure a leaf or spine device that is configured as a Layer 3 gateway
to support virtual machine traffic optimization (VMTO) for ingress traffic. VMTO
eliminates the unnecessary ingress routing to default gateways when a virtual machine
is moved from one data center to another.
To enable VMTO, configure remote-ip-host routes at the [edit routing-instances
routing-instance-name protocols evpn] hierarchy level. You can also filter out the
unwanted routes by configuring an import policy under the remote-ip-host routes
option.
[See Configuring EVPN Routing Instances.]
• Support for multihomed proxy advertisement (QFX Series)—Starting in Junos OS
Release 18.4R1, Junos OS now provides enhanced support to proxy advertise the MAC
address and IP route entry from all leaf devices that are multihomed to a CE device.
This can prevent traffic loss when one of the connection to the leaf device fails. To
support the multihomed proxy advertisement, all multihomed PE devices should have
the same multihomed proxy advertisement bit value. The multihomed proxy
advertisement feature is enabled by default, and Junos OS uses the default multihomed
proxy advertisement bit value of 0x20.
[See EVPN Multihoming Overview.]
152 Copyright © 2019, Juniper Networks, Inc.
• Layer 2 and 3 families, encapsulation types, and VXLAN on the same physical
interface (QFX5100, QFX5110, and QFX5200 switches)—You can configure and
commit the following on a physical interface of a QFX5100, QFX5110, or QFX5200
switch in an EVPN-VXLAN environment:
• Layer 2 bridging (family ethernet-switching) on any logical interface unit number
(unit 0 and any nonzero unit number).
• VXLAN on any logical interface unit number (unit 0 and any nonzero unit number).
• Layer 2 bridging (family ethernet-switching and encapsulation vlan-bridge) on different
logical interfaces (unit 0 and any nonzero unit number).
• Layer 3 IPv4 routing (family inet) and VXLAN on different logical interfaces (unit 0
and any nonzero unit number).
For these configurations to be successfully committed and to work properly, you must
specify the encapsulation flexible-ethernet-services configuration statement at the
physical interface level—for example, set interfaces xe-0/0/5 encapsulation
flexible-ethernet-services.
This feature was previously introduced in Junos OS Release 18.1R3.
[See Understanding Flexible Ethernet Services Support With EVPN-VXLAN.]
• Automatically generated Ethernet segment identifiers in EVPN-VXLAN and
EVPN-MPLS networks (MX240, MX480, QFX5100, and QFX5110)—Starting in Junos
OS Release 18.4R1, you can configure aggregated Ethernet interfaces and aggregated
Ethernet logical interfaces to automatically derive Ethernet segment identifiers (ESIs)
from the Link Aggregation Control Protocol (LACP) configuration. This feature is
supported in the following environments:
• On Juniper Networks devices that are multihomed in active-active mode in an
EVPN-VXLAN overlay network.
• On Juniper Networks devices that are multihomed in active-standby or active-active
mode in an EVPN-MPLS overlay network.
[See Understanding Automatically Generated and Assigned ESIs in EVPN Networks.]
• MAC filtering, storm control, and port mirroring support in EVPN-VXLAN overlay
networks (QFX5100 and QFX5110 switches)—QFX5100 and QFX5110 switches support
the following features in an EVPN-VXLAN overlay network:
• MAC filtering
• Storm control
• Port mirroring and analyzers
[See MAC Filtering, Storm Control, and Port Mirroring Support on EVPN-VXLAN Interfaces.
]
• MAC filtering and storm control support in EVPN-VXLAN overlay networks
(QFX10002 and QFX10008 switches)—QFX10002 and QFX10008 switches support
the following features in an EVPN-VXLAN overlay network:
• MAC filtering
Copyright © 2019, Juniper Networks, Inc. 153
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• Storm control
[See MAC Filtering, Storm Control, and Port Mirroring Support on EVPN-VXLAN Interfaces.
]
• IPv6 data traffic support through an EVPN-VXLAN overlay network (QFX10000
and QFX5110 switches)—Starting with Junos OS Release 18.4R1, QFX10000 and
QFX5110 switches that function as Layer 3 VXLAN gateways can route IPv6 data traffic
through an EVPN-VXLAN overlay network. With this feature enabled, Layer 2 or 3 data
packets from one IPv6 host to another IPv6 host are encapsulated with an IPv4 outer
header and transported over the IPv4 underlay network. The Layer 3 VXLAN gateways
in the EVPN-VXLAN overlay network learn the IPv6 routes through the exchange of
EVPN type-2 and type-5 routes.
This feature was previously introduced in Junos OS Release 15.1X53-D30 on QFX10000
switches.
[See Routing IPv6 Data Traffic through an EVPN-VXLAN Network With an IPv4 Underlay.]
High Availability (HA) and Resiliency
• VRRP scale improvements per aggregated Ethernet bundle (QFX Series)—Starting
in Junos OS Release 18.4R1, you can configure up to 4000 active VRRP sessions per
aggregated Ethernet bundle on QFX Series routers. To configure VRRP support, include
the vrrp-group statement at the [edit interfaces interface-name unit logical-unit-number
family inet address ip-address] hierarchy level.
[See Understanding VRRP]
Junos on White Box
• Junos on White Box—Starting with Junos OS Release 18.4R1, the Junos on White Box
software provides a disaggregated Junos that decouples the Junos operating system
from Juniper Networks switches and runs as independent software on Open Compute
Project (OCP)-compliant network hardware, enabling you to use that hardware in your
data center (DC) networks and providing a robust, feature-rich network operating
system for enabling the DC Fabric buildout. Junos for White Box is standalone software
providing standards-based network protocols such as ISIS and BGP, overlay technology
such as VXLAN with EVPN control plane, and full automation capabilities and is similar
to the reliable, high performance Junos OS that powers the Juniper Networks QFX
Series Data Center portfolio.
Key Junos OS features that enhance the functionality and capabilities of the White
Box switches include:
• Software modularity, with process modules running independently in their own
protected memory space and with the ability to do process restarts.
• Uninterrupted routing and forwarding, with features such as nonstop active routing
(NSR) and nonstop bridging (NSB).
• Commit and rollback functionality that ensures error-free network configurations.
• A powerful set of scripts for on-box problem detection, reporting, and resolution.
154 Copyright © 2019, Juniper Networks, Inc.
NOTE: The feature above was previously introduced in Junos OS Release
18.1R3.
[See Junos on White Box Documentation.]
The following features are supported in Junos on White Box in Junos OS Release 18.4R1:
• Class of service (CoS) support. [See Overview of Junos OS CoS.]
• Layer 2 VXLAN gateway and EVPN control plane and VXLAN data plane support.
[See Understanding VXLANs; Understanding EVPN with VXLAN Data Plane
Encapsulation.]
• Multichassis link aggregation (MC-LAG). [See Understanding Multichassis Link
Aggregation Groups.]
• IPv4 GRE support. [See Understanding Generic Routing Encapsulation.]
• Link aggregation and resilient hashing support. [See Understanding the Use of Resilient
Hashing to Minimize Flow Remapping in Trunk/ECMP Groups.]
• Channelizing Ethernet interfaces support. [See Channelizing Interfaces on Switches.]
• IPv6 protocols, including Neighbor Discovery Protocol; Virtual Router Redundancy
Protocol (VRRP) for IPv6; Protocol Independent Multicast (PIM) for IPv6; BGP, IS-IS,
and OSPFv3 for IPv6; unicast IPv6 for virtual-router instances; and DHCPv6. [See
Example: Configuring IPv6 Interfaces and Enabling Neighbor Discovery; Verifying and
Managing DHCPv6 Relay Configuration.]
• Layer 2 features: VLAN support; Link Layer Discovery Protocol (LLDP) support; Q-in-Q
tunneling support; Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol
(RSTP), Multiple Spanning Tree Protocol (MSTP), and VLAN Spanning Tree Protocol
(VSTP) support. [See Ethernet Switching Feature Guide.]
• Private VLANs (PVLANs)—including PVLANs with IRB interfaces—support. [See
Understanding Private VLANs.]
• MPLS support. [See MPLS Overview.]
• Hierarchical ECMP and ECMP support on LSR. [See Overview of Hierarchical ECMP
Groups; Configuring ECMP Next Hops for RSVP and LDP LSPs for Load Balancing.]
• Layer 2 and Layer 3 multicast support. [See Multicast Configuration Overview.]
• Junos Telemetry Interface (JTI) support. [See Overview of the Junos Telemetry
Interface.]
• Services support: sFlow, analyzers/port mirroring, including remote port mirroring
to an IP address (GRE encapsulation). [See Overview of sFlow Technology;
Understanding Port Mirroring.]
• Firewall filter support and policers and counters support.
[See Overview of Firewall Filters; Policer Implementation Overview.]
Copyright © 2019, Juniper Networks, Inc. 155
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• Layer 3 unicast routing protocol support. [See BGP Feature Guide; IS-IS Feature Guide;
OSPF Feature Guide; Protocol-Independent Routing Properties Feature Guide; RIP
Feature Guide.]
• Access security features support. [See Overview of sFlow Technology; Understanding
Port Mirroring.]
• Storm control support. [See Understanding Storm Control.]
• Distributed denial of service (DDoS) protection support. [See Distributed
Denial-of-Service (DDoS) Protection Overview.]
• Open Network Install Environment (ONIE) support. [See Installing and Recovering
Software Using the Open Network Install Environment (ONIE).]
• Zero Touch Provisioning (ZTP) support. [See Zero Touch Provisioning.]
• Support for Converged Enhanced Ethernet (CEE) features. [See Traffic Management
Feature Guide for the QFX Series and EX4600 Switches.]
NOTE: The features above were previously introduced in Junos OS Release
18.1R3.
• Layer 2 and 3 families, encapsulation types, and VXLAN on the same physical
interface (Junos on White Box)—You can configure and successfully commit the
following on a physical interface of a switch in an EVPN-VXLAN environment:
• Layer 2 bridging (family ethernet-switching) on any logical interface unit number
(unit 0 and any nonzero unit number).
• VXLAN on any logical interface unit number (unit 0 and any nonzero unit number).
• Layer 2 bridging (family ethernet-switching and encapsulation vlan-bridge) on different
logical interfaces (unit 0 and any nonzero unit number).
• Layer 3 IPv4 routing (family inet) and VXLAN on different logical interfaces (unit 0
and any nonzero unit number).
For the above configurations to be successfully committed and work properly, you
must specify the encapsulation flexible-ethernet-services configuration statements at
the physical interface level—for example, set interfaces xe-0 /0/5 encapsulation
flexible-ethernet-services.
This feature was previously introduced in Junos OS Release 18.1R3.
[See Understanding Flexible Ethernet Services Support With EVPN-VXLAN.]
• Automatically generated Ethernet segment identifiers in EVPN-VXLAN networks
(Junos on White Box)—Starting in Junos OS Release 18.4R1, you can configure
aggregated Ethernet interfaces and aggregated Ethernet logical interfaces to
automatically derive Ethernet segment identifiers (ESIs) from the Link Aggregation
Control Protocol (LACP) configuration. We support this feature on switches that are
multihomed in active-active mode in an EVPN-VXLAN network.
156 Copyright © 2019, Juniper Networks, Inc.
[See Understanding Automatically Generated and Assigned ESIs in EVPN Networks.]
Operation, Administration, and Maintenance (OAM)
• Connectivity fault management (CFM) support (QFX5200 and QFX5210)—IEEE
802.1ag CFM provides fault isolation and detection over large Layer 2 networks that
may span several service provider networks. You can configure CFM to monitor, isolate,
and verify faults in these interconnected provider bridge networks. Starting in Junos
OS Release 18.4R1, Junos OS provides CFM support on QFX5200 and QFX5210.
CFM support on QFX5200 and QFX5210 has the following limitations:
• CFM support is provided via software using filters. This can impact scaling.
• Inline Packet Forwarding Engine mode is not supported. In Inline PFE mode, you can
delegate periodic packet management (PPM) processing to the Packet Forwarding
Engine which results in faster packet handling. The CCM interval supported is 10
milliseconds.
• Performance monitoring (ITU-T Y.1731 Ethernet Service OAM) is not supported.
• CCM interval of less than 1 second is not supported.
• CFM is not supported on routed interfaces and aggregated Ethernet (lag) interfaces.
• MIP half function, to divide the MIP functionality into two unidirectional segments
to improve network coverage, is not supported.
• Up MEP is not supported.
• Total number of CFM sessions supported is 20.
[See Understanding Ethernet OAM Connectivity Fault Management for Switches.]
System Management
• Passive Monitoring support (QFX10000 switches)— Starting with Junos OS Release
18.4R1, you can enable passive monitoring on the switch to passively capture traffic
from monitoring interfaces. Passive monitoring provides filtering capabilities for
monitoring ingress and egress traffic at the Internet point of presence (PoP) where
security networks are attached. With passive monitoring, the switch does not route
packets from the monitored interface or run any routing protocols related to those
interfaces. It only receives traffic flows, collects intercepted traffic, and exports it to
monitoring tools like IDS servers and packet analyzers, or other devices such as routers
or end node hosts. To enable this feature, include the passive-monitor-mode statement
at the [edit interface] hierarchy level. This feature was previously supported in an "X"
release of Junos OS.
See [Understanding Passive Monitoring on QFX10000 Switches.]
• IPv6 support added to Precision Time Protocol (PTP) G.8275.2) enhanced profile
(QFX5110 and QFX5200 switches)— Starting with Junos OS Release 18.4R1, the
G.8275.2 enhanced profile supports IPv6 transport.
To configure the G.8275.2 enhanced profile, enable the g.8275.2.enh statement at the
[edit protocols ptp profile-type] Junos OS CLI hierarchy.
Copyright © 2019, Juniper Networks, Inc. 157
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
To configure IPv6 transport, enable the ipv6 statement at the [edit protocols ptp master
interface interface-name unicast-mode transport] and [edit protocols ptp slave interface
interface-name unicast-mode transport] Junos OS CLI hierarchies.
VPNs
• Support to control traceroute over Layer 3 VPN (QFX Series)—Starting in Junos OS
Release 18.4R1, in a Layer 3 VPN topology with vrf-table-label configured and multiple
customer edge (CE) routers configured in the same VPN routing and forwarding (VRF)
routing instance, when traceroute is performed to a remote provider edge (PE) router
for a CE-facing network, the ICMP time exceeded packet determines the correct IP
address as the source address.
To control the traceroute over Layer 3 VPN topology with vrf-table-label configured
and multiple CE routers configured in the same VRF, you can configure
allow-l3vpn-traceroute-src-select at the[edit system] hierarchy level that determines
the correct IP source address by reviewing the destination routing instance and
destination IP address.
[See allow-l3vpn-traceroute-src-select.]
See Also • Changes in Behavior and Syntax on page 158
• Known Behavior on page 159
• Known Issues on page 161
• Resolved Issues on page 167
• Documentation Updates on page 173
• Migration, Upgrade, and Downgrade Instructions on page 173
• Product Compatibility on page 185
Changes in Behavior and Syntax
This section lists the changes in behavior of Junos OS features and changes in the syntax
of Junos OS statements and commands from Junos OS Release 18.4R1 for the QFX Series.
• Interfaces and Chassis on page 158
• Network Management and Monitoring on page 159
Interfaces and Chassis
• Change in default action for fatal errors (QFX10002, QFX10008, and QFX10016
switches)—Starting in Junos OS Release 18.4R1, by default, for all fatal errors on the
QFX10000 line of switches, Junos OS raises an alarm and disables all Packet Forwarding
Engine interfaces that raised the error. (The feature described above is documented
but not supported on QFX10002, QFX10008, and QFX10016 switches in Junos OS
Release 18.4R1.)
[See show chassis fpc errors.]
158 Copyright © 2019, Juniper Networks, Inc.
• Support for creating layer 2 logical interface independently (QFX Series)—In Junos
OS Releases 18.4R1, 18.4R2, and later, QFX Series switches support creating layer 2
logical interface independent of layer 2 routing instance type. That is, you can configure
and commit the layer 2 logical interfaces separately and add the interface to
bridge-domain or Ethernet VPN (EVPN) routing instance separately. Note that the
layer 2 logical interfaces works fine only when the interface is added to bridge domain
or EVPN routing instance.
In the earlier Junos OS releases, when an layer 2 logical interface configuration (units
with encapsulation vlan-bridge configuration) is used, then the logical interface must
be added as part of a bridge-domain or EVPN routing instance for the commit to
succeed.
Network Management and Monitoring
• The NETCONF server omits warnings in RPC replies when the rfc-compliant statement
is configured and the operation returns <ok/> (QFX Series)—Starting in Junos OS
Release 18.4R1, when you configure the rfc-compliant statement at the [edit system
services netconf] hierarchy level to enforce certain behaviors by the NETCONF server,
the server must not return an RPC reply that encloses both an <rpc-error> element
and an <ok/> element. If the operation is successful, but the server reply would enclose
one or more <rpc-error> elements of severity warning in addition to the <ok/> element,
then the warnings are omitted. In earlier releases, or when the rfc-compliant statement
is not configured, the NETCONF server might issue an RPC reply that encloses both an
<rpc-error> element of severity warning and an <ok/> element.
See Also • New and Changed Features on page 151
• Known Behavior on page 159
• Known Issues on page 161
• Resolved Issues on page 167
• Documentation Updates on page 173
• Migration, Upgrade, and Downgrade Instructions on page 173
• Product Compatibility on page 185
Known Behavior
This section lists known behavior, system maximums, and limitations in hardware and
software in Junos OS Release 18.4R1 for the QFX Series.
For the most complete and latest information about known Junos OS problems, use the
Juniper Networks online Junos Problem Report Search application.
• Class of Service (CoS) on page 160
• General Routing on page 160
• MPLS on page 161
Copyright © 2019, Juniper Networks, Inc. 159
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• Routing Protocols on page 161
• Virtual Chassis on page 161
Class of Service (CoS)
• On QFX5120 switches, if the CoS configurations are modified when egress traffic shaped
at very low rate (less than 50 Mbps), packets might get stuck in the MMU buffers
permanently. It might cause ingress or egress traffic drops. When low rate shapers
(less than 50 Mbps) are applied on egress queues, it is suggested to deactivate shaping
before any CoS modification or ensure traffic is stopped before doing CoS modification.
PR1367432
General Routing
• Port LEDs on QFX5100 do not work. If a device connects to a port on QFX5100, the
port LED stays unlit. PR1317750
• Based on the memory availability, the QFX10002 can scale up to 300 remote PE
devices with a total of 600 tunnels. To avoid exceeding memory,we recommend that
you do not go beyond this scale. PR1329243
• When the sFlow collector can be reached only through the Routing Engine, because
of heavy traffic, large samples can cause the Routing Engine CPU to become busy.
PR1332337
• Hardware watchdog does not work on QFX10008 and QFX10002-60C/PTX10002-60C.
PR1343131
• When a VLAN is added as an action for changing the VLAN in both ingress and egress
filters, the filter will not be installed. PR1362609
• A few error messages related to function rt_mesh_group_add_check() will be seen
during reboot and are harmless. PR1365049
• Autochannelization is not supported for 40GBASE-BXSR, QSFP+40GE-LX4,
QSFP-100G-PSM4, and 100GBASE-BXSR optics. PR1366103
• When the egress-to-ingress option is enabled to use ingress TCAM for the egress filters,
it is expected that the egress counters will count the packets on the ingress side as
well. PR1369048
• Error logs are expected when routes pointing to the target next hop, which in turn points
to the HOLD next hop. These error logs are present for short time. Later, when the next
hop changes from HOLD next hop to valid next hop, unilist next hops will be walked
again and updated with the appropriate weight and reroute counters. and no more
error logs will be seen. PR1387559
• On Junos OS Release 18.4R1, an intermittent traffic loss is observed with RTG streams
while flapping the RTG primary interface. PR1388082
160 Copyright © 2019, Juniper Networks, Inc.
MPLS
• There will not be any warning message about a Packet Forwarding Engine restart when
MPLS tunnel extend configuration is deleted. PR1394722
Routing Protocols
• On QFX5120 platforms, 254 neighbors and 200,000 routes can be scaled for IS-ISv4.
Beyond 200,000 routes with 254 neighbour, adjacency flaps and traffic drop will be
seen. PR1368106
Virtual Chassis
• A Virtual Chassis internal loop might happen at a node coming up from a reboot. During
nonstop software upgrade (NSSU) on a QFX5100 Virtual Chassis, a minimal traffic
disruption or traffic loop (greater than 2s) might occur. PR1347902
See Also • New and Changed Features on page 151
• Changes in Behavior and Syntax on page 158
• Known Issues on page 161
• Resolved Issues on page 167
• Documentation Updates on page 173
• Migration, Upgrade, and Downgrade Instructions on page 173
• Product Compatibility on page 185
Known Issues
This section lists the known issues in hardware and software for the QFX Series switches
in Junos OS Release 18.4R1.
For the most complete and latest information about known Junos OS problems, use the
Juniper Networks online Junos Problem Report Search application.
• EVPN on page 162
• General Routing on page 162
• Infrastructure on page 165
• Layer 2 Features on page 165
• MPLS on page 165
• Routing Protocols on page 166
• Software Installation and Upgrade on page 167
Copyright © 2019, Juniper Networks, Inc. 161
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
EVPN
• When an end system identifier (ESI) (all member links) is disabled, the traffic to other
ESI also get impacted. As a result, you can observe a drop of 0.1 to 0.4 second. PR1215510
• Mac-move-shutdown stops working if a “physical loop” is introduced continuously in
quick succession of 10 minutes. The issue is not seen every time but can occur only if
physical loop is introduced at least four times. If the loops span a long period, the issue
is not seen. A test is performed to check the overall impact on basic features. There is
no issue seen on basic learning or major impact on any protocol. This is a negative
scenario, but it is unlikely to occur in a customer network where the multiple loops
occur within a short time span. PR1284315
• In EVPN scenarios, rpd might crash and generate a core file due to a memory allocation
problem. PR1369705
• At times, when l2ald is restarted, a race condition occurs where VTEP notification
comes in from the kernel before lo0. As a result, l2ald is unable to process the VTEP
add request and gets stuck in an indefinite loop. PR1384022
• On QFX5100, QFX5110, QFX5120, QFX5200, and QFX5210 switches running Junos OS
Release 18.1R1 and later, Release 18.2R1 and later, 18.3R1 and later, and 18.4R1 and later,
ARP response packets might include an incorrect VLAN ID and VNI, and therefore, ARP
requests might go unresolved under the following conditions: * Native VLAN is
configured on a physical interface. * The physical interface is divided into multiple
logical interfaces. * On each logical interface, a VLAN is configured and that VLAN is
mapped to a VXLAN. PR1400000
General Routing
• The Layer 3 multicast traffic does not converge to 100 percentage and continuous
drops are observed after bringing down/up the downstream interface or while an FPC
comes online after FPC restart. This happens with multicast replication for 1000 VLAN
or IRBs. PR1161485
• Interface uptime has increased by 8 seconds from Junos OS Release 17.4R1 to Junos
OS Release 18.1R1. Also, SDK upgrades across releases can impact the parameters
such as login prompt appear time, FPC up time, and interface up time after switch
reboot. PR1324374
• On the QFX10002-60C, filter operation with log action is not supported for protocols
other than Layer 2, IPv4, and IPv6. The following message is seen in firewall logs:
Protocol 0 not recognized. PR1325437
• On the QFX5100 line of switches, in some cases, CoS configuration is not applied
appropriately in the Packet Forwarding Engine, leading to unexpected egress traffic
drop on some interfaces. PR1329141
• BFD session over aggregated Ethernet flaps when a member link carrying the BFD Tx
flaps. PR1333307
• On QFX10002, QFX10008, and QFX10016, ND is incorrectly working on IRB/Layer 3
interface with discard filter. PR1338067
162 Copyright © 2019, Juniper Networks, Inc.
• On the QFX10000 platforms, NETCONF SSH TCP port 830 traffic is hitting host the
path and unclassified queue, causing DDoS violations in the unclassified queue. The
following log appears DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic
for protocol/exception. PR1345744
• On the QFX10000 line of switches, in a DDoS scenario, incorrect DDoS counter values
and syslog messages might be seen after manually clearing statistics for a specific
protocol. PR1351212
• The 100-Gigabit Ethernet interface goes down after you configure and delete the
Ethernet loopback configuration. PR1353734
• When MC-LAG is configured with force-up enabled on MCLAG nodes, the LACP admin
key should not match the key of the access or CE device. PR1362346
• On the QFX5000 line of switches, if lcmd is restarted, a chassisd core file will be
generated with traffic drop for few seconds. PR1363652
• On the QFX52100 a filter with a routing instance applied to family inet logical interface
(IFL) causes traffic to be discarded on unrelated interfaces. PR1364020
• The time lapse between interface-down interrupt detection to FRR callback is
approximately 148 ms on the QFX5120 platform, though the in-place update FRR
programming completes in 1 ms. The minimum FRR time achieved with this limitation
is approximately 150 ms and maximum is approximately 275 ms. PR1364244
• On QFX Series platforms with multicast FHR, when DUT is rendezvous point (RP),
some groups are not receiving traffic. PR1365683
• On the QFX5200, an error might be encountered when upgrading from Junos OS
Release 15.1X53-D230.3 (the image with enhanced automation support [flex]) to an
Junos OS Release 18.1R1.9 image without the enhanced automation. PR1366080
• The statement pm4x25_line_side_phymod_interfa might throw the error ERROR: u=0
p=81 interface type 16 not supported by internal SERDES for this speed 50000. This error
message is seen when channelization is detected in the Junos OS Release 18.1R3.
PR1366137
• On the QFX10000 line of switches, with EVPN-VXLAN, the following error is seen:
expr_nh_fwd_get_egress_install_mask:nh type Indirect of nh_id: # is invalid. PR1367121
• Dedicated minimum buffers are reserved for some queues according to the Junos OS
working model. These buffers are always available to those queues irrespective of the
traffic pattern throughout the system. After "clearing stat", these values are visible.
There is no functional impact, because this is a cosmetic or minor issue. PR1367978
• If both the local and remote ends are auto-channelized and the local port QSFP is
removed, then the 100G interface does not come up on port 62 after removing SFP on
port 30, which is channelized. PR1370887
• Changing the bridge domain name breaks the communication for that particular bridge
domain. PR1371495
• MAC learning does not happen after restart of the l2-learning daemon for interfaces
on backup. Traffic still gets forwarded. PR1372220
Copyright © 2019, Juniper Networks, Inc. 163
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• USB upgrade of NOS image is not supported. PR1373900
• On the QFX5110, the Ethernet switching flood group shows incorrect information.
PR1374436
• On the QFX10000 platform, the Packet Forwarding Engine might get wedged if there
are too many interfaces (for example, more than 35) with the physical or operational
state changing to down, and for which the LACP force-up parameter is enabled, while
the administration state is still up. PR1376366
• In Junos OS Release 18.1R3, when one 50-Gigabit Ethernet port is taken down using
the ifconfig command, the other one also goes down. PR1376389
• On the QFX5000 line of switches, in an EVPN-VxLAN scenario, ARP or NDP proxy
might not work as expected if ARP or NDP suppression is enabled. PR1382483
• When reading back next hops from the kernel, the rpd could set an incorrect flag on
the next hop, which could potentially affect next-hop installation for composite next
hops. PR1383426
• Last reboot reason is not correct if the device is rebooted because of power cycle. Last
reboot reason is displayed as Junos OS reboot even if the device gets rebooted because
of power cycling. PR1383693
• In Junos OS Release 18.1R3, ifOutMulticastPkts , ifInBroadcastPkts, and
ifOutBroadcastPkts show incorrect value. PR1384069
• On QFX10008 and QFX10016 platforms, traffic loss might be observed because of
switch modular failure on the Control Board (CB). This failure further causes all SIBs
to be marked as faulty and causes FPCs to restart until Routing Engine switchover
occurs. PR1384870
• In an EVPN-VXLAN environment, the spine EVPN routes might be stuck in a hidden
state with the next hop as unusable after FPC1 is offline in the spine. Traffic drop might
be observed. When FPC1 is brought online, some nodes are not reachable from FPC1
until routing is restarted. PR1386147
• The show chassis errors active detail command does not support QFK5000 platform.
It will be hidden and taken care in other opened scopes. PR1386255
• With inline-BFD configured on the QFX10000 line of switches, BFD sessions might flap
continuously. PR1389569
• On QFX5100 platforms, if the size of the configuration is huge when upgraded from a
lower release to a higher one, the FPC might crash. PR1389872
• Re-ARP request is sent without VLAN-ID. PR1390794
• sdk-vmmd might consistently write to the memory. PR1393044
• Filter criteria ether-type, ip-precedence, tcp-flags are not working on family Ethernet
switching filter applied on EVPN-VXLAN CE interface. PR1394377
• An l2ald core file might be seen when l2-learning traceoptions are enabled. This occurs
because of a race condition when the l2ald log file is getting rotated and simultaneously
l2ald tries to write a new trace log message. PR1394380
164 Copyright © 2019, Juniper Networks, Inc.
• You might see that the memory DRAM indicates 1953. Per example1, this is incorrect.
The memory DRAM is fixed by other internal fix and you can see that the memory DRAM
indicates 16384. But, this triggers the other issue in which the buffer indicates a high
value like 91 percent. Per example2, this is a display issue.
Example1: user@host> show chassis fpc Temp CPU Utilization (%) CPU Utilization
(%) Memory Utilization (%) Slot State (C) Total Interrupt 1min 5min 15min DRAM
(MB) Heap Buffer 0 Online 33 9 0 8 8 8 1953 15 32 ~~~~ ~~ {master:0} user@host>
Example2: user@host> show chassis fpc Temp CPU Utilization (%) CPU Utilization
(%) Memory Utilization (%) Slot State (C) Total Interrupt 1min 5min 15min DRAM
(MB) Heap Buffer 0 Online 26 12 0 11 11 9 16384 26 91PR1394978
• MPLS configuration changes or topology changes might result in the tunnel initiator
clear messages in the syslog. PR1396014
• When GRES/NSR is enabled on a QFX5100 (single Routing Engine), DHCP subscribers
fails to bind. PR1396470
• Layer 2 multicast and broadcast convergence is high while deleting and adding back
the scale configurations of VLANS and VXLAN. PR1399002
• Layer 3 gateway is not supported on QFX5110 with SP style of configuration in Junos
OS Release 18.1R3-S2 and Junos OS Release 18.4R1. PR1399131
• When a Packet Forwarding Engine is restarted with scaled EVPN-VXLAN configuration,
the Packet Forwarding Engine might be crashed during the restart process. PR1403305
Infrastructure
• The following messages are seen during FTP: ftpd[14105]: bl_init: connect failed for
/var/run/blacklistd.sock (No such file or directory). PR1315605
Layer 2 Features
• The Targeted-broadcast forward-only command does not broadcast the traffic.
PR1359031
• If an aggregated Ethernet interface is configured with LACP, flexible-vlan-tagging, and
native-vlan-id, then after deleting the native-vlan-id option, the LACP state will be in
detached state. PR1385409
• On QFX5000 switches, underlay IRB is not supported in Junos OS Release 18.1R3-S2.
PR1389511
• Neighbor advertisement received is not forwarded over VTEP with ECMP underlay.
PR1405723
MPLS
• On QFX5100 switches, a ping from the CE to the PE (LHR) lo0 interface does not go
through with explicit-null (RSVP). PR1145437
• There could be some lingering RSVP state that would keep some labeled routes
programmed in the Packet Forwarding Engine longer than they should be. This RSVP
state will eventually expire and then delete the RSVP MPLS routes from FIB. However,
Copyright © 2019, Juniper Networks, Inc. 165
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
traffic loss is not anticipated because of this lingering state or the corresponding label
routes in the FIB. In the worst case, in a network where there is persistent link flapping
going on, this lingering state could interfere with the LSP scale being achieved.
PR1331976
• Statistics of transit traffic do not increment LSP statistics signaled by RSVP-TE.
PR1362936
Routing Protocols
• In MC-LAG setup, when status-control standby is rebooting and status-control active
is down, and if ICCP session-establishment timer is configured less than or equal to
the init-delay-timer on status-control standby, then mcae status of status-control
standby might not come as active until the peer node is up. To avoid this, during these
cases, ICCP session-establishment timer should be configured greater than
init-delay-timer with preferably 100s or more. PR1348648
• On QFX Series platforms, in a corner scenario with a Virtual Chassis setup, if storm
control configuration is enabled on interfaces and multicast traffic ingresses on the
interfaces, some storm control error logs might be observed on these interfaces. It is
only seen in one customer setup and not reproducible in a local setup. Also, it is just a
logging issue and has no traffic impact. PR1355607
• In a scaled setup, when the host table is full and the host entries are installed in the
LPM table, OSPF sessions might take more time to come up. PR1358289
• On the QFX5120, when the UFT profile is configured with lpm-profile
prefix-65-127-disable and lpm-profile, the command output for show pfe route summary
hw will show different scale values for the IPv4 and IPv6 LPM routes rather than the
supported scale. Supported scale is as follows: lpm-profile prefix-65-127-disable IPv4
<= /32 IPv6 <= /64 IPv6 > /64 Enabled 351K (360,000 approx) 168K (172,000 approx)
0k Disabled 168K (172,000 approx) 64K (65524 approx) 64K (65524 approx). PR1366579
• On a QFX5120 with UFT configuration num-65-127-prefix-4, when scaled greater than
64 prefix IPv6 routes, the command show pfe route inet6 hw lpm output will show only
the single IPv6 entry but not the scaled entries. PR1369320
• In an LDP network with gradual deployment of segment routing LDP mapping server
feature), the rpd process might crash after executing and committing the configuration
related to mapping-server-entry prefix-segments and prefix-segment-ranges with the
maximum number of entries exceeded (16 for Junos OS Release 17.4 and 64 for Junos
OS Release 17.4R2 and later). PR1379558
• The show evpn igmp-snooping database output command has some lines removed
that are misleading. PR1391406
• When a MOLEX QSFP+ DAC cable is connected to the QFX5210, the link will not come
up. A DCPFE core file is generated, and the fxpc process will not come up. PR1397158
• On QFX5110 and QFX5200 switches, the non-collapsed EVPN-VXLAN dcfpe core file
is seen at brcm_pkt_tx_flush, l2alm_mac_ip_timer_handle_expiry_event_loc, after random
event. PR1397205
166 Copyright © 2019, Juniper Networks, Inc.
Software Installation and Upgrade
• If the device is booted into single-user mode (recovery mode), and any change in
configuration is made (such as setting the root password), then the commit might fail.
PR1368986
See Also • New and Changed Features on page 151
• Changes in Behavior and Syntax on page 158
• Known Behavior on page 159
• Resolved Issues on page 167
• Documentation Updates on page 173
• Migration, Upgrade, and Downgrade Instructions on page 173
• Product Compatibility on page 185
Resolved Issues
This section lists the issues fixed for the QFX Series switches inJunos OS Release 18.4R1
for QFX Series.
For the most complete and latest information about known Junos OS defects, use the
Juniper online Junos Problem Report Search application.
• EVPN on page 167
• General Routing on page 168
• Interfaces and Chassis on page 171
• Layer 2 Features on page 171
• MPLS on page 171
• Network Management and Monitoring on page 172
• Platform and Infrastructure on page 172
• Routing Protocols on page 172
• User Interface and Configuration on page 172
EVPN
• The QFX10000 might drop transited traffic coming from the MPLS network to
VXLAN-EVPN. PR1360159
• Proxy ARP might not work as expected in an EVPN environment. PR1368911
• QFX10000 or import default IPv6 route to VRF causes infinite entries to get created
in evpn ip-prefix-database and become unstable. PR1369166
• VTEP's MAC address might not be learned in the Ethernet switching table. PR1371995
Copyright © 2019, Juniper Networks, Inc. 167
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
General Routing
• After clearing the QFX5100 is treating 40G AOC uplink as 4x10g breakout with
auto-channelization enabled. PR1317872
• Status LED on the chassis does not show up on QFX10002-60c. PR1332991
• AI-script does not get auto-upgrade unless it is manually done after a Junos OS upgrade.
PR1337028
• On QFX5100 platforms, LR4 QSFP can take up to 15 minutes to come up after a Virtual
Chassis reboot. PR1337340
• QFX5100 40G port has an interoperability issue with some other vendors. PR1349664
• ARP learning might fail after changing the interface MAC address. PR1353241
• On EVPN-VXLAN, the VXLAN traffic might be lost in EVPN type 2 and type 5 scenario.
PR1355773
• The QFX5120-48Y cannot match on user-vlan-id for tunnel terminated packets.
PR1358669
• On the QFX10000 line of switches, packets will be dropped when
virtual-gateway-address is configured on an IRB interface associated with a non-vxlan
VLAN. PR1360646
• FEC is incorrectly displayed on QFX10002-36Q and QFX5110. PR1360948
• VME interface might be unreachable after link flap of em0 on master FPC. PR1362437
• Traffic might not be forwarded when the member link of the aggregated Ethernet
interface is added or deleted. PR1362653
• A 1G interface might stop working when autonegotiation is off by default. PR1362977
• The following log messages are seen: kernel: tcp_timer_keep: Dropping socket connection.
PR1363186
• On QFX10008 and QFX10016 platforms, MPLS exp rewrite might not work for IPv6
and IPv4 traffic. PR1364391
• Traffic loss is observed when unified ISSU is performed with aggregated Ethernet
interfaces configured with LACP protocol. PR1365316
• Root password recovery process does not work. PR1365740
• The l2cpd process might crash when configuring MVRP with private VLAN and RSTP
interface all. PR1365937
• QFX5110-5100 VCF / 1G link does not come up. PR1366218
• The tagged traffic is dropped in the untagged EVPN/VXLAN scenario. PR1366336
• On QFX10002-60C and QFX10000-30C platforms, some interfaces do not come up
during initialization after a reboot. PR1368203
• On QFX Series switches, IS-IS adjacency with Cisco might go down. PR1368913
168 Copyright © 2019, Juniper Networks, Inc.
• The commit or commit check might fail due to the error cannot have lsp-cleanup-timer
without lsp-provisioning. PR1368992
• In certain routing topologies with sFlow configured, sampled packets might be
duplicated and sFlow records are not sent to the collector. PR1370464
• The first 2 characters out of 14 of AS7816-64 serial number are truncated. PR1371126
• For Junos OS Release 18.1R1 and earlier releases, the USB image installation on
QFX5210-64C, AMI bios upgrade needs to be done. PR1371199
• On the QFX10000 line of switches, before the Junos OS Release 17.3R3 code, the
maximum number of ESI logical interfaces was 4000 in the Packet Forwarding Engine.
PR1371414
• On QFX5100, the IPv6 routed packet will be transmitted though VRRP state in transition
to master. PR1372163
• Packets might be dropped after deleting a filter from an interface. PR1372957
• MAC refresh packet might not be sent out from the new primary link after RTG failover.
PR1372999
• TPI-50840 BUM traffic received on 5110 is not flooded to all remote VTEPs. PR1373093
• BOOTP packets might be dropped if BOOTP support is not enabled at the global level.
PR1373807
• LLDP might stop fully working between a QFX10000 line switch and a non-Juniper
Network device. PR1374321
• On QFX5110, Ethernet switching flood group shows incorrect information. PR1374436
• Only the loopback interface is supported under VRF routing instances. PR1375130
• Packet Forwarding Engine wedge might be observed if there are interfaces going to
down state. PR1376366
• The same address family (subnet logical interface or IRB logical interface, but not
both) needs to be configured for establishing VTEPs. PR1376996
• The autonegotiation interface might go down if the opposite device supports only
10/100M autonegotiation. PR1377298
• Debug logs are printed as error logs in /var/log/messages.
expr_nh_flabel_check_overwrite: Caller nh_id params message is classified as error log
when it should be LOG_INFO. PR1377447
• Deleting an IRB interface might affect other IRB interfaces if the same custom MAC
address is configured. PR1379002
• LOC and Diag system LED's on the front panel are not defined yet. PR1380459
• L3VPN traffic might be dropped due to one core-facing interface being down. PR1380783
• A QFX5xxx Packet Forwarding Engine might show DISCARD next-hop for
overlay-bgp-lo0-ip in a spine-and-leaf topology. PR1380795
Copyright © 2019, Juniper Networks, Inc. 169
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• Virtual Chassis master is copying /var/db/ovsdatabase to backup every 10 seconds,
which causes a high write IO and shortens the SSD lifetime in Open vSwitch Database
(OVSDB) environment. PR1381888
• EVPN-VXLAN ARP/NDP proxy is not working. PR1382483
• The Packet Forwarding Engine might crash if the GRE destination IP is resolved over
another GRE tunnel. PR1382727
• The functionality under the license "JUNOS-FP-C2" might take effect even it does not
get installed properly. PR1383274
• The 'force-host' upgrade is required for QFX5110-48S-4C in Junos OS Release 18.4 if
the PTP over IPv6 G.8275.2 feature configured. PR1384073
• The Layer 3 interface might stop pinging directly connected link address after deleting
Layer 2 on a physical interface. PR1384144
• On QFX5110 platforms, SFPP-10G-DT-ZRC2 and SFPP-10G-CT50-ZR transceivers
might not be tunable and remain 1550.10nm by default in the hardware. PR1384524
• Port-mirroring-instance or analyzer-based mirroring does not work with input as VLAN
ingress when VLAN is mapped to VXLAN. PR1384732
• All 1G SFP copper and 1G fiber optic links remain up on QFX10008 after all SIBs/FPCs
are offline. PR1385062
• The IPv6 packet might not be routed when IPv6 packet is encapsulated over IPv4 GRE
tunnel on QFX10000. PR1385723
• CPSM daemon memory leak occurs in VMHOST. PR1387903
• On the QFX10000 line of switches, MAC learning might stop working on some LAG
interfaces after frequent MAC moves. PR1389411
• FPC might crash on QFX5100 platforms in a large-scale scenario. PR1389872
• The vmcore might be seen when routing changes are made on the peer spine in an
EVPN-VXLAN scenario. PR1390573
• The smid core file is seen during sanity script execution on QFX5100. PR1391909
• The l2ald core file is seen when a Layer 2 learning traceoptions were enabled.
PR1394380
• DRAM and buffer utilization fields are not correct for QFX10000 platforms. PR1394978
• DOT1XD core file is found at pnac_bd_create pnac_bdm_handler
knl_async_receive_and_process. PR1395384
• On QFX5110 Virtual Chassis, after Routing Engine switchover, LACP will be brought
down on the peer device and never recover automatically. PR1395943
• The Juniper Extension Toolkit (JET) or Junos Telemetry Interface (JTI) is not used,
because of a bug in the GRPC stack which is used by jsd and na-grpcd daemons.
PR1398398
170 Copyright © 2019, Juniper Networks, Inc.
Interfaces and Chassis
• Stating in Junos OS 17.2R1, on QFX Series products, the CLI allows you to configure
more logical interfaces than the limit of 2048 logical interfaces on the LAG interface.
PR1361689
• On QFX5200 MC-LAG parse_remove_ifl_from_routing_inst() ERROR : No route inst on
et-0/0/16.16386, error is seen after restarting l2cpd daemon. PR1373927
Layer 2 Features
• On QFX5100, storm control profile is missing for interfaces in hardware. PR1354889
• LACP packets are getting dropped with native-vlan-id configured after reboot.
PR1361054
• QFX5000 the Virtual Chassis acting as EVPN-VXLAN ARP proxy might cause ARP
resolution to fail. PR1365699
• Hashing does not work for the IPv6 packet encapsulated in VXLAN scenario. PR1368258
• When native-vlan-id is configured for aggregated Ethernet interface, the LACP session
to the multihomed server goes down. PR1369424
• DHCP discover packets might be dropped if VXLAN is configured. PR1377521
• Packets might be dropped on AD in a Junos Fusion Data Center environment. PR1377841
• The dcpfe process might crash while changing MTU of physical ports for GRE. PR1384517
• The LACP might be in detached state when deleting native-vlan-id on aggregated
Ethernet interface with flexible-vlan-tagging configured. PR1385409
• On QFX5000 line switches, if EVPN-TYPE 5 routes are present, when doing "restart
routing" or a BGP session to a neighbor device flaps, the dcpfe core file might be seen.
PR1387360
• On QFX5000, EVPN-VXLAN failed to forward the IPv6 NS packet from remote VTEP
to local host. PR1387519
• The dcpfe process might crash after VXLAN overlay ping. PR1388103
• RTG MAC refresh packets will be sent out from non-RTG ports if the RTG interface
belonging to the Virtual Chassis master flaps. PR1389695
• Cisco Discovery Protocol (CDP) packets are not forwarded by QFX10000 line switches.
PR1389829
MPLS
• LSP might not be established properly between QFX5000 line switch and other devices.
PR1351055
• NO-propogate-TTL acts on MPLS swap operation. PR1366804
Copyright © 2019, Juniper Networks, Inc. 171
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• LSP with auto-bandwidth enabled goes down during HMC error condition. PR1374102
• LSP "statistics" and "auto-bandwidth" functionality might not take effect with
single-hop LSPs. PR1390445
Network Management and Monitoring
• For QFX5110, the returned SNMP values of module temperature-HighAlarmThreshold,
LowAlarmThreshold, and HighWarningThreshold are not as same as the one shown
in the CLI. PR1369030
Platform and Infrastructure
• When chassis control restart is done with aggregated Ethernet and CoS rewrite
configuration, the Platform failed to bind rewrite messages might be seen in the syslog.
PR1315437
• When Junos OS next hop index allocation fails, the private index space get exhausted
through the incoming ARP requests to the management interface. PR1360039
• Forwarding is broken after adding protocol EVPN extended-vlan-id. PR1368802
• Traffic is silently dropped or discarded with indirect next hop and load balancing.
PR1376057
• LSI binding is missing upon nd6 entry refresh after Layer 2 logical interface flap.
PR1380590
• IRB interface does not turn down when master of Virtual Chassis is rebooted or stopped.
PR1381272
Routing Protocols
• On QFX5100 platforms, the parity errors in Layer 3 IPv4 table in the Packet Forwarding
Engine memory might cause traffic to be silently dropped and discarded. PR1364657
• On QFX5120 platforms, the command output for the configuration statement show
pfe route summary hw shows different scale values for the IPv4 and IPv6 lpm routes
rather than the supported scale. PR1366579
• The dcpfe might crash and all interfaces flap. PR1369011
• When ecmp-resilient-hash is configured for the existing ECMP route, the update to the
next hop in hardware fails. PR1387713
• The show evpn igmp-snooping database extensive command output needs to be
modified as per the SMET functionality. PR1391406
User Interface and Configuration
• Adding or deleting the VLAN member starting with a VLAN-ID number might cause
many errors. PR1362535
See Also • New and Changed Features on page 151
172 Copyright © 2019, Juniper Networks, Inc.
• Changes in Behavior and Syntax on page 158
• Known Behavior on page 159
• Known Issues on page 161
• Documentation Updates on page 173
• Migration, Upgrade, and Downgrade Instructions on page 173
• Product Compatibility on page 185
Documentation Updates
There are no documentation errata or changes for the QFX Series switches in Junos OS
Release 18.4R1.
See Also • New and Changed Features on page 151
• Changes in Behavior and Syntax on page 158
• Known Behavior on page 159
• Known Issues on page 161
• Resolved Issues on page 167
• Migration, Upgrade, and Downgrade Instructions on page 173
• Product Compatibility on page 185
Migration, Upgrade, and Downgrade Instructions
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade
policies for Junos OS. Upgrading or downgrading Junos OS can take several hours,
depending on the size and configuration of the network.
• Upgrading Software on QFX Series Switches on page 174
• Installing the Software on QFX10002-60C Switches on page 176
• Installing the Software on QFX10002 Switches on page 176
• Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release
15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016
Switches on page 177
• Installing the Software on QFX10008 and QFX10016 Switches on page 178
• Performing a Unified ISSU on page 182
• Preparing the Switch for Software Installation on page 182
• Upgrading the Software Using Unified ISSU on page 183
• Upgrade and Downgrade Support Policy for Junos OS Releases on page 184
Copyright © 2019, Juniper Networks, Inc. 173
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Upgrading Software on QFX Series Switches
When upgrading or downgrading Junos OS, always use the jinstall package. Use other
packages (such as the jbundle package) only when so instructed by a Juniper Networks
support representative. For information about the contents of the jinstall package and
details of the installation process, see the Installation and Upgrade Guide and Junos OS
Basics in the QFX Series documentation.
If you are not familiar with the download and installation process, follow these steps:
1. In a browser, go to https://www.juniper.net/support/downloads/junos.html.
The Junos Platforms Download Software page appears.
2. In the QFX Series section of the Junos Platforms Download Software page, select the
QFX Series platform for which you want to download the software.
3. Select 18.4 in the Release pull-down list to the right of the Software tab on the
Download Software page.
4. In the Install Package section of the Software tab, select the QFX Series Install Package
for the 18.4 release.
An Alert box appears.
5. In the Alert box, click the link to the PSN document for details about the software,
and click the link to download it.
A login screen appears.
6. Log in to the Juniper Networks authentication system using the username (generally
your e-mail address) and password supplied by Juniper Networks representatives.
7. Download the software to a local host.
8. Copy the software to the device or to your internal software distribution site.
9. Install the new jinstall package on the device.
NOTE: We recommend that you upgrade all software packages out of
band using the console, because in-band connections are lost during the
upgrade process.
Customers in the United States and Canada use the following command:
user@host> request system software add
source/jinstall-host-qfx-5-x86-64-18.4-R1.n-secure-signed.tgz reboot
174 Copyright © 2019, Juniper Networks, Inc.
Replace source with one of the following values:
• /pathname—For a software package that is installed from a local directory on the
switch.
• For software packages that are downloaded and installed from a remote location:
• ftp://hostname/pathname
• http://hostname/pathname
• scp://hostname/pathname (available only for Canada and U.S. version)
Adding the reboot command reboots the switch after the upgrade is installed. When
the reboot is complete, the switch displays the login prompt. The loading process can
take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
NOTE: After you install a Junos OS Release 18.4 jinstall package, you can
issue the request system software rollback command to return to the previously
installed software.
Copyright © 2019, Juniper Networks, Inc. 175
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Installing the Software on QFX10002-60C Switches
This section explains how to upgrade the software, which includes both the host OS and
the Junos OS. This upgrade requires that you use a VM host package—for example, a
junos-vmhost-install-x.tgz .
During a software upgrade, the alternate partition of the SSD is upgraded, which will
become primary partition after a reboot .If there is a boot failure on the primary SSD, the
switch can boot using the snapshot available on the alternate SSD.
NOTE: The QFX10002-60C switch supports only the 64-bit version of Junos
OS.
NOTE: If you have important files in directories other than /config and /var,
copy the files to a secure location before upgrading. The files under /config
and /var (except /var/etc) are preserved after the upgrade.
To upgrade the software, you can use the following methods:
If the installation package resides locally on the switch, execute the request vmhost
software add <pathname><source> command.
For example:
user@switch> request vmhost software add
/var/tmp/junos-vmhost-install-qfx-x86-64-18.4R1.9.tgz
If the Install Package resides remotely from the switch, execute the request vmhost
software add <pathname><source> command.
For example:
user@switch> request vmhost software add
ftp://ftpserver/directory/junos-vmhost-install-qfx-x86-64-18.4R1.9.tgz
After the reboot has finished, verify that the new version of software has been properly
installed by executing the show version command.
user@switch> show version
Installing the Software on QFX10002 Switches
176 Copyright © 2019, Juniper Networks, Inc.
NOTE: If you are upgrading from a version of software that does not have
the FreeBSD 10 kernel (15.1X53-D30, for example), you will need to upgrade
from Junos OS Release 15.1X53-D30 to Junos OS Release 15.1X53-D32. After
you have installed Junos OS Release 15.1X53-D32, you can upgrade to Junos
OS Release 15.1X53-D60 or Junos OS Release 18.4R1.
NOTE: On the switch, use the force-host option to force-install the latest
version of the Host OS. However, by default, if the Host OS version is different
from the one that is already installed on the switch, the latest version is
installed without using the force-host option.
If the installation package resides locally on the switch, execute the request system
software add <pathname><source> reboot command.
For example:
user@switch> request system software add
/var/tmp/jinstall-host-qfx-10-f-x86-64-18.4R1.n-secure-signed.tgz reboot
If the Install Package resides remotely from the switch, execute the request system
software add <pathname><source> reboot command.
For example:
user@switch> request system software add
ftp://ftpserver/directory/jinstall-host-qfx-10-f-x86-64-18.4R1.n-secure-signed.tgz reboot
After the reboot has finished, verify that the new version of software has been properly
installed by executing the show version command.
user@switch> show version
Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release
15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and
QFX10016 Switches
Copyright © 2019, Juniper Networks, Inc. 177
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
NOTE: Before you install the software, back up any critical files in /var/home.
For more information regarding how to back up critical files, contact Customer
Support at https://www.juniper.net/support.
The switch contains two Routing Engines, so you will need to install the software on each
Routing Engine (re0 and re1).
If the installation package resides locally on the switch, execute the request system
software add <pathname><source> command.
To install the software on re0:
user@switch> request system software add
/var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0
If the Install Package resides remotely from the switch, execute the request system
software add <pathname><source> re0 command.
For example:
user@switch> request system software add
ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re0
To install the software on re1:
user@switch> request system software add
/var/tmp/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1
If the Install Package resides remotely from the switch, execute the request system
software add <pathname><source> re1 command.
For example:
user@switch> request system software add
ftp://ftpserver/directory/jinstall-host-qfx-10-m-15.1X53-D60.n-secure-domestic-signed.tgz re1
Reboot both Routing Engines.
For example:
user@switch> request system reboot both-routing-engines
After the reboot has finished, verify that the new version of software has been properly
installed by executing the show version command.
user@switch> show version
Installing the Software on QFX10008 and QFX10016 Switches
178 Copyright © 2019, Juniper Networks, Inc.
Because the switch has two Routing Engines, perform a Junos OS installation on each
Routing Engine separately to avoid disrupting network operation.
NOTE: Before you install the software, back up any critical files in /var/home.
For more information regarding how to back up critical files, contact Customer
Support at https://www.juniper.net/support.
WARNING: If graceful Routing Engine switchover (GRES), nonstop bridging
(NSB), or nonstop active routing (NSR) is enabled when you initiate a
software installation, the software does not install properly. Make sure you
issue the CLI delete chassis redundancy command when prompted. If GRES
is enabled, it will be removed with the redundancy command. By default, NSR
is disabled. If NSR is enabled, remove the nonstop-routing statement from
the [edit routing-options] hierarchy level to disable it.
1. Log in to the master Routing Engine’s console.
For more information about logging in to the Routing Engine through the console port,
see the specific hardware guide for your switch.
2. From the command line, enter configuration mode:
user@switch> configure
3. Disable Routing Engine redundancy:
user@switch# delete chassis redundancy
4. Disable nonstop-bridging:
user@switch# delete protocols layer2-control nonstop-bridging
5. Save the configuration change on both Routing Engines:
user@switch# commit synchronize
6. Exit the CLI configuration mode:
user@switch# exit
After the switch has been prepared, you first install the new Junos OS release on the
backup Routing Engine, while keeping the currently running software version on the
master Routing Engine. This enables the master Routing Engine to continue operations,
minimizing disruption to your network.
After making sure that the new software version is running correctly on the backup
Routing Engine, you are ready to switch routing control to the backup Routing Engine,
and then upgrade or downgrade the software version on the other Routing Engine.
7. Log in to the console port on the other Routing Engine (currently the backup).
Copyright © 2019, Juniper Networks, Inc. 179
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
For more information about logging in to the Routing Engine through the console port,
see the specific hardware guide for your switch.
8. Install the new software package using the request system software add command:
user@switch> request system software add validate
/var/tmp/jinstall-host-qfx-10-f-x86-64-18.4R1.n-secure-signed.tgz
For more information about the request system software add command, see the CLI
Explorer.
9. Reboot the switch to start the new software using the request system reboot command:
user@switch> request system reboot
NOTE: You must reboot the switch to load the new installation of Junos
OS on the switch.
To abort the installation, do not reboot your switch. Instead, finish the
installation and then issue the request system software delete
<package-name> command. This is your last chance to stop the installation.
All the software is loaded when you reboot the switch. Installation can take between
5 and 10 minutes. The switch then reboots from the boot device on which the software
was just installed. When the reboot is complete, the switch displays the login prompt.
While the software is being upgraded, the Routing Engine on which you are performing
the installation is not sending traffic.
10. Log in and issue the show version command to verify the version of the software
installed.
user@switch> show version
Once the software is installed on the backup Routing Engine, you are ready to switch
routing control to the backup Routing Engine, and then upgrade or downgrade the
master Routing Engine software.
11. Log in to the master Routing Engine console port.
For more information about logging in to the Routing Engine through the console port,
see the specific hardware guide for your switch.
12. Transfer routing control to the backup Routing Engine:
user@switch> request chassis routing-engine master switch
For more information about the request chassis routing-engine master command, see
the CLI Explorer.
180 Copyright © 2019, Juniper Networks, Inc.
13. Verify that the backup Routing Engine (slot 1) is the master Routing Engine:
user@switch> show chassis routing-engine
Routing Engine status:
Slot 0:
Current state Backup
Election priority Master (default)
Routing Engine status:
Slot 1:
Current state Master
Election priority Backup (default)
14. Install the new software package using the request system software add command:
user@switch> request system software add validate
/var/tmp/jinstall-host-qfx-10-f-x86-64-18.4R1.n-secure-signed.tgz
For more information about the request system software add command, see the CLI
Explorer.
15. Reboot the Routing Engine using the request system reboot command:
user@switch> request system reboot
NOTE: You must reboot to load the new installation of Junos OS on the
switch.
To abort the installation, do not reboot your system. Instead, finish the
installation and then issue the request system software delete jinstall
<package-name> command. This is your last chance to stop the installation.
The software is loaded when you reboot the system. Installation can take between 5
and 10 minutes. The switch then reboots from the boot device on which the software
was just installed. When the reboot is complete, the switch displays the login prompt.
While the software is being upgraded, the Routing Engine on which you are performing
the installation does not send traffic.
16. Log in and issue the show version command to verify the version of the software
installed.
17. Transfer routing control back to the master Routing Engine:
user@switch> request chassis routing-engine master switch
For more information about the request chassis routing-engine master command, see
the CLI Explorer.
Copyright © 2019, Juniper Networks, Inc. 181
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
18. Verify that the master Routing Engine (slot 0) is indeed the master Routing Engine:
user@switch> show chassis routing-engine
Routing Engine status:
Slot 0:
Current state Master
Election priority Master (default)
outing Engine status:
Slot 1:
Current state Backup
Election priority Backup (default)
Performing a Unified ISSU
You can use unified ISSU to upgrade the software running on the switch with minimal
traffic disruption during the upgrade.
NOTE: Unified ISSU is supported in Junos OS Release 13.2X51-D15 and later.
Perform the following tasks:
• Preparing the Switch for Software Installation on page 182
• Upgrading the Software Using Unified ISSU on page 183
Preparing the Switch for Software Installation
Before you begin software installation using unified ISSU:
• Ensure that nonstop active routing (NSR), nonstop bridging (NSB), and graceful Routing
Engine switchover (GRES) are enabled. NSB and GRES enable NSB-supported Layer
2 protocols to synchronize protocol information between the master and backup
Routing Engines.
To verify that nonstop active routing is enabled:
NOTE: If nonstop active routing is enabled, then graceful Routing Engine
switchover is enabled.
user@switch> show task replication
Stateful Replication: Enabled
RE mode: Master
If nonstop active routing is not enabled (Stateful Replication is Disabled), see Configuring
Nonstop Active Routing on Switches for information about how to enable it.
• Enable nonstop bridging (NSB). See Configuring Nonstop Bridging on Switches (CLI
Procedure) for information on how to enable it.
182 Copyright © 2019, Juniper Networks, Inc.
• (Optional) Back up the system software—Junos OS, the active configuration, and log
files—on the switch to an external storage device with the request system snapshot
command.
Upgrading the Software Using Unified ISSU
This procedure describes how to upgrade the software running on a standalone switch.
To upgrade the switch using unified ISSU:
1. Download the software package by following the procedure in the Downloading
Software Files with a Browser section in Installing Software Packages on QFX Series
Devices.
2. Copy the software package or packages to the switch. We recommend that you copy
the file to the /var/tmp directory.
3. Log in to the console connection. Using a console connection allows you to monitor
the progress of the upgrade.
4. Start the ISSU:
• On the switch, enter:
user@switch> request system software in-service-upgrade
/var/tmp/package-name.tgz
where package-name.tgz is, for example,
jinstall-host-qfx-10-f-x86-64-18.4R1.n-secure-signed.tgz.
NOTE: During the upgrade, you cannot access the Junos OS CLI.
The switch displays status messages similar to the following messages as the upgrade
executes:
warning: Do NOT use /user during ISSU. Changes to /user during ISSU may get
lost!
ISSU: Validating Image
ISSU: Preparing Backup RE
Prepare for ISSU
ISSU: Backup RE Prepare Done
Extracting jinstall-host-qfx-5-f-x86-64-18.4R1.n-secure-signed.tgz ...
Install jinstall-host-qfx-5-f-x86-64-18.4R1.n-secure-signed.tgz completed
Spawning the backup RE
Spawn backup RE, index 0 successful
GRES in progress
GRES done in 0 seconds
Waiting for backup RE switchover ready
GRES operational
Copying home directories
Copying home directories successful
Initiating Chassis In-Service-Upgrade
Chassis ISSU Started
Copyright © 2019, Juniper Networks, Inc. 183
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
ISSU: Preparing Daemons
ISSU: Daemons Ready for ISSU
ISSU: Starting Upgrade for FRUs
ISSU: FPC Warm Booting
ISSU: FPC Warm Booted
ISSU: Preparing for Switchover
ISSU: Ready for Switchover
Checking In-Service-Upgrade status
Item Status Reason
FPC 0 Online (ISSU)
Send ISSU done to chassisd on backup RE
Chassis ISSU Completed
ISSU: IDLE
Initiate em0 device handoff
NOTE: A unified ISSU might stop, instead of abort, if the FPC is at the
warm boot stage. Also, any links that go down and up will not be detected
during a warm boot of the Packet Forwarding Engine (PFE).
NOTE: If the unified ISSU process stops, you can look at the log files to
diagnose the problem. The log files are located at /var/log/vjunos-log.tgz.
5. Log in after the reboot of the switch completes. To verify that the software has been
upgraded, enter the following command:
user@switch> show version
6. Ensure that the resilient dual-root partitions feature operates correctly, by copying
the new Junos OS image into the alternate root partitions of all of the switches:
user@switch> request system snapshot slice alternate
Resilient dual-root partitions allow the switch to boot transparently from the alternate
root partition if the system fails to boot from the primary root partition.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at
a time is not provided, except for releases that are designated as Extended End-of-Life
(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can
upgrade directly from one EEOL release to the next EEOL release even though EEOL
releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after
the currently installed EEOL release, or to two EEOL releases before or after. For example,
Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS
Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.
184 Copyright © 2019, Juniper Networks, Inc.
You cannot upgrade directly from a non-EEOL release to a release that is more than
three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to
a release more than three releases before or after, first upgrade to the next EEOL release
and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see
https://www.juniper.net/support/eol/junos.html.
See Also • New and Changed Features on page 151
• Changes in Behavior and Syntax on page 158
• Known Behavior on page 159
• Known Issues on page 161
• Resolved Issues on page 167
• Documentation Updates on page 173
• Product Compatibility on page 185
Product Compatibility
• Hardware Compatibility on page 185
Hardware Compatibility
To obtain information about the components that are supported on the devices, and the
special compatibility guidelines with the release, see the Hardware Guide for the product.
To determine the features supported on QFX Series switches in this release, use the
Juniper Networks Feature Explorer, a Web-based application that helps you to explore
and compare Junos OS feature information to find the right software release and hardware
platform for your network. Find Feature Explorer at
https://apps.juniper.net/feature-explorer/.
Hardware Compatibility Tool
For a hardware compatibility matrix for optical interfaces and transceivers supported
across all platforms, see the Hardware Compatibility tool.
See Also • New and Changed Features on page 151
• Changes in Behavior and Syntax on page 158
• Known Behavior on page 159
• Known Issues on page 161
• Resolved Issues on page 167
• Documentation Updates on page 173
• Migration, Upgrade, and Downgrade Instructions on page 173
Copyright © 2019, Juniper Networks, Inc. 185
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Junos OS Release Notes for SRX Series
These release notes accompany Junos OS Release 18.4R1 for the SRX Series. They
describe new and changed features, limitations, and known and resolved problems in
the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation
webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
NOTE: The SRX5K-SPC3 Services Processing Card was introduced in Junos
OS Service Release 18.2R1-S1 and is supported in all subsequent Junos OS
Releases. The features and functionalities of the SRX5K-SPC3 card are
supported in Junos OS Release 18.4R1. Going forward, future improvements
for SRX5K-SPC3 will be included in upcoming Junos OS Maintenance
Releases.
• New and Changed Features on page 186
• Changes in Behavior and Syntax on page 194
• Known Behavior on page 197
• Known Issues on page 199
• Resolved Issues on page 203
• Documentation Updates on page 208
• Migration, Upgrade, and Downgrade Instructions on page 208
• Product Compatibility on page 209
New and Changed Features
This section describes the new features and enhancements to existing features in Junos
OS Release 18.4R1 for the SRX Series devices.
Junos OS Release 18.4R1 supports the following Juniper Networks security platforms:
vSRX, SRX300/320, SRX340/345, SRX550HM, SRX1500, SRX4100/4200, SRX4600,
SRX5400, SRX5600, and SRX5800. Most security features in this release were previously
delivered in Junos OS for SRX Series “X” releases from 12.1X44 through 15.1X49-D150.
Security features delivered in Junos OS for SRX Series “X” releases after 15.1X49-D150
are not available in 18.4 releases.
• Application Security on page 187
• Chassis Cluster on page 188
• Flow-Based and Packet-Based Processing on page 188
• General Packet Radio Service (GPRS) on page 188
• Interfaces and Chassis on page 189
• Intrusion Detection and Protection (IDP) on page 189
• Logical Systems and Tenant Systems on page 190
186 Copyright © 2019, Juniper Networks, Inc.
• Network Management and Monitoring on page 191
• Routing Protocols on page 192
• Security on page 192
• Juniper Sky Advanced Threat Prevention on page 193
• Software Licensing on page 193
• UTM on page 193
• VPN on page 193
Application Security
• CLI enhancements to support J-Web (SRX Series and vSRX)—Starting in Junos OS
Release 18.4R1, the show service application-identification command is enhanced to
display applications and application group details in J-Web.
The show service application-identification command used with the new entries option
provides the following functionality:
• Alphabetical list application and application group details.
• Pagination support to limit the number of entries in output.
• Display of details in a sorted order.
• Using filters on output columns to search applications easily.
[See show services application-identification entries.]
• SSL decryption port mirroring (SRX Series and vSRX)—Junos OS Release 18.4R1
introduces SSL decryption mirroring for SSL forward and reverse proxy. SSL decryption
mirroring enables you to forward a copy of SSL decrypted traffic to a configured mirror
port on a server that is acting as a traffic collection tool.
To use the decryption mirroring feature, configure the mirror interface and the MAC
address of the port in the SSL proxy profile, and apply the SSL proxy profile as the
application service in the security policy. Traffic matching the policy rule is decrypted,
and a copy of SSL-decrypted traffic is forwarded to the configured mirror port.
[See SSL Proxy.]
• Application path selection based on link preference and priority (SRX300, SRX320,
SRX340, SRX345, SRX550M, SRX1500, SRX4100 SRX4200, and vSRX)—Starting
in Junos OS Release 18.4R1, you can configure Application Quality of Experience
(AppQoE) to select an application path based on the link priority and the link type
when multiple links are available.
For application path selection, a list of paths to a specific destination, which meets
SLA requirements, is made available. From the list, AppQoE selects a path that matches
the configured link preference. Paths are WAN links used for forwarding application
traffic. You can select an MPLS or Internet link as the preferred path, and assign a
priority from the range 1-255 (value of 1 indicates highest priority).
Copyright © 2019, Juniper Networks, Inc. 187
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
[See Application Quality of Experience.]
• Schedulers support for APBR (SRX Series and vSRX)—Starting in Junos OS Release
18.4R1, support for configuring policy schedulers for an advanced policy-based routing
(APBR) policy is available. Using a policy scheduler, you can schedule APBR policy
execution at a specified time and enforce the policy for a specified duration.
To use a scheduler for an APBR policy, you must create a scheduler and refer to
scheduler in your APBR policy configuration. The policy scheduler activates and
deactivates a policy according to the scheduled time. When the scheduler times out,
the associated policy is deactivated.
[See Advanced Policy-Based Routing.]
Chassis Cluster
• Chassis cluster resiliency (SRX5400, SRX5600, and SRX5800)—Starting in Junos
OS Release 18.4R1, a three-layered model is introduced to detect software and hardware
failures that impact chassis cluster performance. Flapping of em0 and control path
software or hardware failures are detected and state transitions and failovers are
triggered using this model. Following are the three layers:
• Layer 1 : Identifies and detects the components that are causing the failures.
• Layer 2 : Detects the failures that are not detected by Layer1.
• Layer 3 : Shares the health information of the system between the two nodes over
control and fabric links.
The set chassis cluster health-monitoring command is introduced to enable monitoring
the health of chassis cluster.
[See Chassis Cluster Resiliency.]
Flow-Based and Packet-Based Processing
• SRX5K-SPC3 card with flow support in chassis cluster mode (SRX5400, SRX5600,
and SRX5800)—Starting in Junos OS Release 18.4R1, the SRX5K-SPC3 and
SRX5K-SPC-4-15-320 (SPC2) cards can operate together in a mixed-mode
configuration on the SRX5000 line of devices using the same slot number in both
nodes. If you are adding the SPC3 SPCs to the SRX5000 devices, you must install the
new SPCs in the lowest-numbered slot of any SPC that provides central point
functionality. SPC3 interoperates with the SRX5000 I/O cards (IOC2, IOC3), Switch
Control Boards (SCB2, SCB3), Routing Engines, and SPC2 cards.
[See Understanding Flow support on SRX5K-SPC3 Platforms.]
General Packet Radio Service (GPRS)
• IPv6 support on GTP (SRX1500, SRX4100, SRX4200, SRX4600, SRX4800,
SRX5400, SRX5600, SRX5800, and vSRX)—Starting in Junos OS Release 18.4R1,
GPRS tunneling protocol (GTP) traffic security inspection is supported on IPv6
addresses along with existing IPv4 support. With this enhancement, a GTP tunnel using
either IPv4 and IPv6 addresses is established for individual user endpoints (UEs)
188 Copyright © 2019, Juniper Networks, Inc.
between a Serving GPRS Support Node (SGSN) in 3G or a Service Gateway (S-GW)
and a Gateway GPRS Support Node (GGSN) in 3G or a PDN Gateway (P-GW) in 4G.
[See GPRS Overview.]
• Enhancements to GTP-C Tunnel (SRX5400, SRX5600, and SRX5800)—Starting
in Junos OS Release 18.4R1, the GTP-C tunnel is enhanced to support tunnel-based
session distribution to speed up the tunnel setup process and load-balance the sessions
between the SPUs. The GTP-C tunnels and the GTP-C tunnel sessions are distributed
by the SGSN tunnel endpoint identifier (TEID) of the tunnel. Use the set security
forwarding-process application-services enable-gtpu-distribution command to enable
the tunnel-based session distribution where the GTP-C traffic of different tunnels is
spread across different SPUs.
[See GPRS Overview.]
Interfaces and Chassis
• Support for up and down delay timers on reth interfaces (SRX5400, SRX5600, and
SRX5800)—Starting in Junos OS Release 18.4R1, you can configure up and down delay
timers for redundant Ethernet (reth) interfaces. The delay timers keep the reth interfaces
up or down, respectively, to prevent the routing protocols from reconverging and to
avoid loss of traffic during a crash or when links flap.
On SRX series devices, the default delay timer for down hold-time is 11 seconds, and
the default delay timer for up hold-time is 0 seconds. To configure the timers, include
the reth 1 hold-time down timer and reth 1 hold-time up timer statements at the [edit
interfaces] hierarchy level.
[See hold-time (Redundant Ethernet Interfaces)].
• Half-duplex link support (SRX340 and SRX345)—Starting in Junos OS release 18.4R1,
half-duplex mode is supported on SRX340 and SRX345 devices. Half duplex enables
bidirectional communication, but signals can flow in only one direction at a time.
Full-duplex communication means that both ends of the communication can send
and receive signals at the same time. By default, half duplex is configured. If the link
partner is set to autonegotiate the link, then the link is autonegotiated to full duplex
or half duplex. If the link is not set to autonegotiation, then the link defaults to half
duplex unless the interface is explicitly configured for full duplex.
[See link-mode.]
Intrusion Detection and Protection (IDP)
• Support for custom time bindings in a time-binding custom attack (SRX
Series)—Starting in Junos OS Release 18.4R1, you can configure the maximum time
interval between any two instances of a time-binding custom attack. The range for
the maximum time interval is 0 minutes and 0 seconds through 60 minutes and 0
seconds. In Junos OS releases before 18.4R1, the maximum time interval between any
two instances of a time-binding attack is 60 seconds.
The interval time-interval statement is introduced at the [edit security idp custom-attack
attack-name time-binding] hierarchy to configure a custom time-binding.
Copyright © 2019, Juniper Networks, Inc. 189
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
[See Understanding Custom Attack Objects and time-binding.]
• User visibility improvements for IDP attacks within an IDP Policy (SRX Series and
vSRX)—Starting in Junos OS Release 18.4R1, you can view and validate the complete
set of attacks that are configured for an IDP policy (predefined, dynamic, and custom
attacks).
Use the show security idp attack attack-list policy policy-name command to view the
attacks that are configured for an IDP policy.
[See show security idp attack attack-list policy.]
• IDP policy rematch (SRX Series)—Starting in Junos OS Release 18.4R1, when a new
IDP policy is loaded, the existing sessions are inspected using the newly loaded policy
and are not ignored for IDP processing.
[See IDP Policies Overview.]
Logical Systems and Tenant Systems
• Starting in Junos OS Release 18.4R1, the following features that are supported on the
logical systems are now extended to tenant systems:
• Dynamic address support for tenant systems (SRX Series)—Starting in Junos OS
Release 18.4R1, the tenant system user can create dynamic address entries within
a tenant system. A dynamic address entry contains IP ranges extracted from external
sources. The security policies use the dynamic address in the source-address or
destination-address field. The tenant system administrator can view the dynamic
address information, including name, feeds, properties, and number of IPv4 and IPv6
entries for tenant systems, by using the show security dynamic-address command.
[See Security Policies for Tenant Systems.]
• DHCP support for tenant systems (SRX Series)—Starting in Junos OS Release
18.4R1, DHCP provides support for DHCP clients, DHCP relay agents, and IPv6 dynamic
servers for prefix delegation for tenant systems. The DHCP relay agent operates as
the interface between DHCP clients and IPv6 dynamic server for tenant systems,
and also relays DHCP messages between DHCP clients and DHCP servers on different
IP address networks.
[See DHCP for Tenant Systems.]
• SRX5K-SPC3 card support for tenant systems (SRX5400, SRX5600, and
SRX5800)—Starting in Junos OS Release 18.4R1, support for the SRX5K-SPC3
services processing card is introduced for tenant systems.
[See Tenant Systems Overview.]
• Application firewall support on tenant systems (SRX Series)—Starting in Junos
OS Release 18.4R1, the tenant system administrator can configure the application
firewall profile, trace options, and resources appfw-rule-set and appfw-rule in a
tenant system. The application firewall rules can be reordered using the command
insert tenants tenant-id security application-firewall rule-sets ruleset-name rule
rule-name1 after rule rule-name2.
190 Copyright © 2019, Juniper Networks, Inc.
Application firewall is a group of fine-grained application control policies to allow
or deny the traffic based on the dynamic application name or the group names. It
enhances security policy creation and enforcement based on the applications rather
than traditional port and protocol analysis.
[See Application Firewall Services for Tenant Systems.]
• Interfaces support enhancement on tenant systems (SRX1500, SRX4100,
SRX4200, SRX4600, SRX5400, SRX5600, and SRX5800)—Starting in Junos OS
Release 18.4R1, support for interfaces is enhanced on tenants systems with the
following changes:
• You can configure an interface in the tenant system similar to how you configure
an interface in a logical system.
• All types of interfaces that can be configured in a logical system can also be
configured in a tenant system.
• All the interfaces that are configured in a tenant system are associated with the
routing instance configured for that tenant system.
[See Tenant Systems Overview.]
Network Management and Monitoring
• RPM probe enhancement (SRX Series)—Starting in Junos OS Release 18.4R1, if the
result of a probe or test exceeds the packet loss threshold, the real-time performance
monitoring (RPM) test probe is marked as failed. The test probe also fails when the
round-trip time (RTT) exceeds the configured threshold ranges from 0 through
60000000 ms. As a result, the device generates an SNMP notification (trap) and
marks the RPM test as failed.
RPM allows you to perform service-level monitoring. When RPM is configured on a
device, the device calculates network performance based on packet response time,
jitter, and packet loss.
[See RPM Overview.]
• SNMP support for monitoring the 4G LTE Mini-Physical Interface Module (Mini-PIM)
status (SRX300, SRX320, SRX340, SRX345, and SRX550M)—Starting in Junos OS
Release 18.4R1, you can monitor 4G LTE Mini-PIM status by using SNMP remote network
management.
You can use the following commands to monitor the 4G LTE Mini-PIM status:
show snmp mib walk ascii jnxWirelessWANNetworkInfoTable
show snmp mib walk ascii jnxWirelessWANFirmwareInfoTable
In previous releases, the show modem wireless network interface interface-name and
show modem wireless firmware interface interface-name commands are used to check
the 4G LTE Mini-PIM status.
[See Enterprise-Specific SNMP MIBs Supported by Junos OS.]
Copyright © 2019, Juniper Networks, Inc. 191
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Routing Protocols
• ARP policer support to protect Routing Engine (SRX Series)—Starting in Junos OS
Release 18.4R1, you can apply policers on Address Resolution Protocol (ARP) traffic
on SRX Series devices. You can configure rate limiting for the policer by specifying the
bandwidth and the burst-size limit. Packets exceeding the policer limits are discarded.
The traffic to the Routing Engine is controlled by applying the policer on ARP traffic.
Using policers helps prevent network congestion caused by broadcast storms.
[See ARP Policer Overview.]
Security
• New operational commands for security policy configuration (SRX Series and
vSRX)—Starting in Junos OS Release 18.4R1, the following operational commands are
introduced:
• show security policies information
• show security policies checksum
• request security policies check
• request security policies resync
The show security policies information command provides detailed information about
the policies configured on SRX Series devices and on vSRX. The show security policies
checksum, request security policies check, and request security policies resync commands
are used to synchronize security policies between the Routing Engine and the Packet
Forwarding Engine.
[See show security policies information, show security policies checksum, request security
policies check, and request security policies resync.]
• URL category-based security with unified policies (SRX Series)—Starting from Junos
OS Release 18.4R1, the unified policies feature is enhanced to include URL categories
as match criteria for traffic flowing through the firewall. The URL category for Web
filtering enables redirecting the traffic based on configured URL Category policy for
further processing on the SRX Series devices. URL categories can be configured for
unified policies with or without dynamic-application applied.
A URL category can be configured as url-category any and url-category none. If
url-category is not configured, the functionality is similar to url-category none.
[See Configuring Unified Security Policies.]
192 Copyright © 2019, Juniper Networks, Inc.
Juniper Sky Advanced Threat Prevention
• Juniper Sky ATP Logical Domain Support—Starting in Junos OS 18.4, SRX Series
devices support logical domains for anti-malware and security-intelligence policies.
When you associate a logical domain with a realm in Juniper Sky ATP, that domain
receives the threat management features configured for the realm. The SRX Series
device will then perform policy enforcement based on logical domain and the associated
Juniper Sky ATP realm. See Tenant Systems: Security-Intelligence and Anti-Malware
Policies in the Juniper Sky Advanced Threat Prevention Administration Guide for details.
Software Licensing
• Support to stop log messages on throughput overuse (SRX4100)—Starting with
Junos OS Release 18.4R1, the enhanced performance upgrade license is required to
stop the log messages that are generated if the Internet mix (IMIX) throughput exceeds
20 Gbps and 7 Mpps on the SRX4100 device.
[See Log File Sample Content.]
UTM
• Avira scan engine support on antivirus module (SRX1500, SRX4100, SRX4200, and
SRX4600)—Starting in Junos OS Release 18.4R1, SRX Series devices support an
on-device antivirus scan engine. The on-device scan engine Avira scans the data by
accessing the virus pattern database. The antivirus scan engine is provided as a UTM
module that you can download and install on your SRX Series device either manually
(using the request security utm anti-virus avira-engine command) or by using the Internet
to connect to a Juniper Networks-hosted URL or a user-hosted URL.
[See On-Device Antivirus Scan Engine.]
VPN
• Port-mirrored traffic support on an IPsec interface (SRX Series)—Starting in Junos
OS Release 18.4R1, if the output X2 interface of a mirror filter is configured for an st0
interface to filter traffic that you want to analyze, the packet is duplicated and encrypted
by the IPsec tunnel bound to the st0 interface. This enhancement supports SRX Series
devices in sending traffic mirrored from a port on an IPsec tunnel.
[See Monitoring X2 Traffic.]
• PowerMode IPsec (SRX4100 and SRX4200)—Starting in Junos OS Release 18.4R1,
PowerMode IPsec (PMI) is a new mode of operation that provides IPsec performance
improvements using Vector Packet Processing (VPP) and Intel AES-NI instructions.
PMI utilizes a small software block inside the Packet Forwarding Engine that bypasses
flow processing and utilizes the AES-NI instruction set for optimized performance of
IPsec processing.
You can enable PMI processing by using the set security flow power-mode-ipsec
command.
The following features are supported with PMI:
Copyright © 2019, Juniper Networks, Inc. 193
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• Auto Discovery VPN (ADVPN)
• Internet Key Exchange (IKE) functionality
• AutoVPN
• High availability
• IPv6
• Stateful firewall
• st0 interface
• Traffic selectors
[See Understanding PowerMode IPsec.]
• SRX5K-SPC-4-15-320 (SPC2) and SRX5K-SPC3 (SPC3) support for IPsec VPN
(SRX5400, SRX5600, and SRX5800)—Starting in Junos OS Release 18.4R1, all IPsec
VPN features that were previously supported only on SPC3 (model number:
SRX5K-SPC3) are now supported on both SPC2 (model number:
SRX5K-SPC-4-15-320) and SPC3 installed in the SRX5000 line of devices operating
in chassis cluster mode or in standalone mode.
[See Understanding VPN Support for Inserting Services Processing Cards.]
See Also • Changes in Behavior and Syntax on page 194
• Known Behavior on page 197
• Known Issues on page 199
• Resolved Issues on page 203
• Documentation Updates on page 208
• Migration, Upgrade, and Downgrade Instructions on page 208
• Product Compatibility on page 209
Changes in Behavior and Syntax
This section lists the changes in behavior of Junos OS features and changes in the syntax
of Junos OS statements and commands from Junos OS Release 18.4R1 for the SRX Series.
• Application Security on page 195
• Chassis Cluster on page 196
• Flow-Based and Packet-Based Processing on page 196
• Installation and Upgrade on page 196
• Network Management and Monitoring on page 196
• UTM on page 197
194 Copyright © 2019, Juniper Networks, Inc.
Application Security
• Changes to show security advance-policy-based-routing statistics
command—Starting from Junos OS Release 18.4R1, the AppID Requested, Rule matches,
and AppID cache hits options are deprecated in the show security
advance-policy-based-routing statistics command.
The new options App rule hit on cache hit, URL cat rule hit on cache hit, App rule hit
midstream and URL cat rule hit midstream are included to provide the details as shown
in table Table 4 on page 195:
Table 4: show security advance-policy-based-routing statistics
Field Name Field Description
App rule hit on cache hit The number of times the rule with a matching entry in the application system cache
(ASC) is found.
URL cat rule hit on cache hit The number of times the rule with defined URL categories is matched.
App rule hit midstream The number of times a route is changed in the middle of a session because of the rule
with defined application is matched.
URL cat rule hit midstream The number of times a route is changed in the middle of a session because of the rule
with defined URL categories is matched.
The modified show security advance-policy-based-routing statistics command provides
the output as shown in the following sample:
user@host> show security advance-policy-based-routing statistics
Advance Profile Based Routing statistics:
Sessions Processed 2
App rule hit on cache hit 1
URL cat rule hit on cache hit 0
App rule hit midstream 1
URL cat rule hit midstream 0
Route changed on cache hits 1
Route changed midstream 1
Zone mismatch 0
Drop on zone mismatch 0
Next hop not found 0
Copyright © 2019, Juniper Networks, Inc. 195
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Chassis Cluster
• Chassis cluster information detail operational command (SRX Series)—Starting in
Junos OS Release 18.4R1, use the show chassis cluster information detail command to
view the chassis cluster information details for each node.
[See show chassis cluster information.]
Flow-Based and Packet-Based Processing
• New configuration options for flow configuration—Starting from Junos OS 18.4R1,
the log dropped-illegal-packet and log dropped-icmp-packet options are introduced
under the [edit security flow] hierarchy-level.
[See flow (Security Flow).]
• Multiple collector support for J-Flow version 9 (SRX Series)—Starting in Junos OS
Release 18.4R1, for J-Flow version 9, upto four collectors can be configured under family
inet and the PFE to export the flow record, flow record template, option data, and
option data template packet to all configured collectors. Earlier to this release, only
one collector could be configured under family inet and inet6.
Installation and Upgrade
• Autoinstallation support (SRX1500)—Starting in Junos OS Release 18.4R1, SRX1500
devices support autoinstallation to automate the configuration process for loading
configuration files onto new or existing devices automatically over the network. Use
the CLI Editor in configuration mode to configure the device for autoinstallation. The
factory-default setting has been changed to support autoinstallation.
[See Configuring Autoinstallation on an SRX1500 Device.]
Network Management and Monitoring
• The NETCONF server omits warnings in RPC replies when the rfc-compliant statement
is configured and the operation returns <ok/> (SRX Series)—Starting in Junos OS
Release 18.4R1, when you configure the rfc-compliant statement at the [edit system
services netconf] hierarchy level to enforce certain behaviors by the NETCONF server,
the server must not return an RPC reply that encloses both an <rpc-error> element
and an <ok/> element. If the operation is successful, but the server reply would enclose
one or more <rpc-error> elements of severity warning in addition to the <ok/> element,
then the warnings are omitted. In earlier releases, or when the rfc-compliant statement
is not configured, the NETCONF server might issue an RPC reply that encloses both an
<rpc-error> element of severity warning and an <ok/> element.
• SSHD process authentication logs timestamp (SRX Series)—Starting in Junos OS
Release 18.4R1, the SSHD process authentication logs use only the time zone defined
in the system time zone. In the earlier releases, the SSHD process authentication logs
sometimes used the system time zone and the UTC time zone.
[See Overview of Junos OS System Log Messages.]
196 Copyright © 2019, Juniper Networks, Inc.
UTM
• security log message enhancement [SRX Series and vSRX]— Starting in Junos OS Release
18.4R1, the security log information is enhanced to include source zone and destination
zone for Web filtering, content filtering, antispam filtering, and antivirus features of
UTM.
[See Understanding Unified Policies [Unified Threat Management (UTM)].]
• UTM default policy enhancement (SRX1500, vSRX)—Starting with Junos OS Release
18.4R1, on SRX1500 Services Gateways and vSRX instances, UTM policies, profiles,
MIME patterns, filename extensions, customer message, and protocol-command
numbers of values are increased from 500 to 1500. The custom URL patterns and
custom URL category values are increased from 1000 to 3000.
[See UTM Overview.]
• Antivirus profiles enhancement (SRX Series)— Starting in Junos OS Release 18.4R1, you
can create a common antivirus profile for different antivirus types. While you are creating
a UTM policy for an antivirus profile, the UTM policy configuration page provides
common antivirus profile selection fields for each supported protocol.
In Junos OS Release 18.3R1 and earlier releases, separate antivirus profiles are created
for every antivirus protocol. While you are creating a UTM policy for an antivirus profile,
the UTM policy configuration page provides separate antivirus profile selection fields
for every supported protocol.
[See Full Antivirus Protection.]
See Also • New and Changed Features on page 186
• Known Behavior on page 197
• Known Issues on page 199
• Resolved Issues on page 203
• Documentation Updates on page 208
• Migration, Upgrade, and Downgrade Instructions on page 208
• Product Compatibility on page 209
Known Behavior
This section contains the known behaviors, system maximums, and limitations in hardware
and software in Junos OS Release 18.4R1 for the SRX Series.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
Copyright © 2019, Juniper Networks, Inc. 197
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Application Firewall
• On SRX1500 device, the application firewall HTTP Cyber Physical System (CPS) traffic
drop is observed and the sessions are bypassed.
Chassis Cluster
• On SRX4600 devices, the dedicated Chassis Cluster fabric ports are not available.
Instead, any 40G or 10G traffic ports can be used as chassis cluster fabric ports.
PR1397013
Interfaces and Chassis
• On SRX4600 devices, a USB flash drive is not available for the Junos OS. However,
the USB flash drive is available with full access for the host OS (Linux) and USB flash
drive is still used in the booting process (install and recovery functions). PR1283618
• The USB flash drive stops working if it is removed in initialization state. To avoid this
issue, wait for few seconds before removing it. PR1332360
J-Web
• The CLI Terminal does not work in Java version 1.8 because of a security restriction in
running the applet. PR1341956
Unified Threat Management (UTM)
• From Junos OS Release 18.3 onward, categories in the APBR module based on
destination IP address are supported. Category classification occurs and the APBR
action takes place. UTM Web filtering provides information about the category to the
APBR module for the matched and received destination IP addresses. But currently,
there is a Web filtering limitation, which states that category classification is inaccurate
for IP address and leads to non-APBR route. PR1365931
• To make the APBR custom category to work, execute the set security utm feature-profile
web-filtering juniper-local profile h1 category custom action permit CLI command.
PR1366528
VPN
• On an existing tunnel, if the DPD values are changed, then they are not applied until
rekeying for that tunnel happens. PR1375963
• When multiple traffic selectors are configured on a particular VPN, the iked process
checks for a maximum of 1 DPD probe that is sent to the peer for the configured DPD
interval. The DPD probe will be sent to the peer if traffic flows over even one of the
tunnels for the given VPN object. PR1366585
See Also • New and Changed Features on page 186
• Changes in Behavior and Syntax on page 194
198 Copyright © 2019, Juniper Networks, Inc.
• Known Issues on page 199
• Resolved Issues on page 203
• Documentation Updates on page 208
• Migration, Upgrade, and Downgrade Instructions on page 208
• Product Compatibility on page 209
Known Issues
This section lists the known issues in hardware and software in Junos OS Release 18.4R1
for SRX Series devices.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
• Authentication and Access Control on page 199
• Chassis Cluster on page 199
• Flow-Based and Packet-Based Processing on page 200
• J-Web on page 201
• Platform and Infrastructure on page 201
• Routing Policy and Firewall Filters on page 202
• Routing Protocols on page 202
• Unified Threat Management (UTM) on page 202
• VPNs on page 202
Authentication and Access Control
• On SRX Series devices, when the SSL forward proxy is configured for HTTPS websites,
the application firewall fails to block the message and redirect it to the URL. PR1356483
• The authorization request does not trigger the router to send RADIUS REQUEST
messages. PR1366002
Chassis Cluster
• On an SRX4600 device in a chassis cluster, configure four 100-Gigabit Ethernet
interfaces on PIC 0 and after reboot all the four interfaces are down. PR1387701
• On an SRX4600 device in a chassis cluster, rebooting the backup node might cause
the flowd process to core on primary node. PR1392580
• On SRX Series devices in a chassis cluster with SPC2 or SPC3, when you run the
command show chassis fpc pic-status the chassis cluster status is stuck at hardware
though all PICs are online.
As a workaround, if the chassis cluster port is configured with SPC3, change it to SPC2.
If only SPC3 is available, use the command set chassis cluster no-hardware-monitoring.
PR1406029
Copyright © 2019, Juniper Networks, Inc. 199
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Flow-Based and Packet-Based Processing
• On SRX Series devices, packet-forwarding traffic is stopped when a transient memory
parity error is observed on an MPC Endpoint Mapper (EPM) port-group wedge.
PR1220019
• On an SRX4600 device, when the next hop is set to the st0 interface, the output of
the show route forwarding-table command displays the next-hop IP address twice.
PR1290725
• On SRX Series devices, the flowd process generates core files when the SSL RTLOG
logs are transferred through the secure channel. PR1345578
• On an SRX1500 device, the Virtual Router Redundancy Protocol (VRRP) on the physical
interface might stop working if the switching mode is configured at the global level.
PR1351755
• The flowd process generates a core file when the SIP ALG is enabled. PR1352416
• On SRX Series devices, the encrypted HTTP, SMTP, IMAP and POP3 applications over
SSL are identified as HTTPS, SMTPS, IMAPS, and POP3S respectively.. You need to
configure a policy each for junos:HTTPS, junos:SMPTS, junos:IMAPS, and junos:POP3S
to allow the encrypted traffic. PR1365810
• When the flow traceoptions with the filters are enable, you can see the logs of other
sessions although they are not configured. PR1367124
• On SRX Series devices, traffic identification might fail and unidentified traffic might
pass through the device when the AppID feature is used. PR1357093
• If the interface is configured to a root system or zone under a tenant, the interfaces
that are configured by other tenants are listed with a question mark. PR1370255
• On SRX Series devices, the Security Log Event Details window size is increased to
display all the relevant information about the event. PR1373357
• With stress TCP traffics, sessions that have been invalid for more than 48 hours expire
PR1383139
• On SRX1500 device, the IPv4 multicast packets might not able to broadcast from the
IRB interface. PR1385934
• On SRX Series devices, the srxpfe process crashes and generates core files when SSL
proxy is used. PR1383655
• The SRX320 device might trigger traffic flow while acting as the VRRP backup device,
with the Layer 2 link between the devices forwarding the VRRP protocol message.
PR1386292
• On SRX Series devices with the integrated user firewall, the group membership changes
are not processed correctly after the user changes the value of the sAMAccountName
attribute. PR1394049
200 Copyright © 2019, Juniper Networks, Inc.
• On SRX4600, SRX5400, SRX5600, and SRX5800 devices using the SPC3, when the
AppQoS rate limiter is configured to specific traffic, packet loss occurs on unrelated
traffic until reboot. PR1394085
• On SRX5400, SRX5600, and SRX5800 devices using the SPC3, the IPSec tunnels
passing through the SRX device does not work, because of the IKE packets with certain
source and destination IP addresses combinations are dropped. PR1403517
J-Web
• On SRX Series devices, DHCP relay configuration under the Configure > Services > DHCP
> DHCP Relay page is removed from J-Web. The same DHCP relay can be configured
using the CLI. PR1205911
• On SRX Series devices, DHCP client bindings under Monitor are removed. The same
bindings can be seen in the CLI by using the show dhcp client binding command.
PR1205915
• On the SRX300, SRX320, SRX340, and SRX345 devices, an IPS installation failure
message is displayed when uploading IPS signature package using the TAP mode quick
setup wizard. As a workaround, retry to install the IPS package again. This is an
intermittent issue and occurs when IPS is installed immediately after the system
zeroized command. PR1404296
Platform and Infrastructure
• On SRX5400, SRX5600, and SRX5800 devices, when the control link is down, the
secondary node becomes ineligible and then goes into the disabled state. But the FPCs
restart continuously after the node goes to the disabled state although the FPCs should
remain offline until they are rebooted. PR1170024
• On the SRX5000 line of devices, the em interface goes down, the control link connection
is lost, and the SRX Series chassis cluster goes into abnormal state. PR1342362
• On SRX Series devices, when the software upgrade is executed from Junos OS Release
15.1X49-D125 to Junos OS Release 17.4X1, multiple flowd process core files are
generated. PR1363314
• On SRX4600 devices, the show chassis fan show chassis environment command does
not display any output. PR1363645
• The show interface extensive command displays the uspipc server fail message
ifext_uspipc_connect_and_send_to_pfe: send to pfe xxxxxxxx failed. PR1380439
• On SRX Series devices, the login class with allowed days and specific access start and
end date might not work correctly. PR1389633
Copyright © 2019, Juniper Networks, Inc. 201
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Routing Policy and Firewall Filters
• When the SSL forward proxy is configured in the unified policy with the Reject+Redirect
action, a block of the Web page is not presented for HTTPS sites. PR1375823
Routing Protocols
• On SRX Series devices, RIP is supported in packet-to-packet DC mode on st0 interfaces.
PR1141817
Unified Threat Management (UTM)
• UTM logs include source and destination zone information. PR1326271
• A warning message is displayed if the Juniper enhanced server port is configured as
non-80. PR1383695
VPNs
• On SRX Series devices, in case multiple traffic selectors are configured for a peer with
IKEv2 reauthentication, only one traffic selector rekeys at the time of IKEv2
reauthentication. The VPN tunnels of the remaining traffic selectors are cleared without
immediate rekeying. New negotiation of those traffic selectors might be triggered
through other mechanisms such as traffic or peer. PR1287168
• On SRX1500 device, when configuring the IPsec VPN and BGP simultaneously, the
kmd process might crash and all the VPN tunnels are disconnected. PR1336235
• During an RG0 failover in ISSU, when you use the rekeys, the iked process generates
core files. PR1340973
• If a period ( . ) is present in the CA profile name, then the pkid process might face issues,
if the pkid is restarted at any point. PR1351727
• The kmd process might stop when SNMP polls for Internet Key Exchange (IKE).
PR1397897
See Also • New and Changed Features on page 186
• Changes in Behavior and Syntax on page 194
• Known Behavior on page 197
• Resolved Issues on page 203
• Documentation Updates on page 208
• Migration, Upgrade, and Downgrade Instructions on page 208
• Product Compatibility on page 209
202 Copyright © 2019, Juniper Networks, Inc.
Resolved Issues
This section lists the issues fixed in hardware and software in Junos OS Release 18.4R1
for SRX Series devices.
For the most complete and latest information about known Junos OS defects, use the
Juniper Networks online Junos Problem Report Search application.
Resolved Issues
Application Layer Gateways (ALGs)
• When the IPsec ALG is used, the IPsec tunnel payload is dropped after the IKE or IPsec
tunnel reestablishment because of a session conflict. PR1372232
• If the SIP ALG is disabled, the SIP active sessions are affected. PR1373420
• Sun RPC data traffic for previously established ALG sessions might be dropped because
it matches the gate that contains old interface information. PR1387895
• A flowd process might generate core files when cross-tenant ALG traffic is sent.
PR1388658
• DNS requests with the EDNS (extension mechanisms for DNS) option option might
be dropped by the DNS ALG. PR1379433
Chassis Cluster
• On SRX340 and SRX345 devices, half-duplex mode is not supported because
BCM53426 does not support half-duplex mode. BCM5342X SoC port configurations,
BCM53426 does not have QSGMII interface. Only the QSGMII port supports half-duplex
mode. PR1149904
• On an SRX4600 device with chassis cluster enabled, when a failover occurs the
dedicated fabric link is down. PR1365969
• The device in chassis cluster might be unresponsive if IP monitoring is enabled.
PR1366958
• The show chassis environment fpc # command, which is used to display the FPC voltage,
is enhanced to show the current and power consumption for an SPC3. PR1368507
• On SRX Series devices in chassis cluster, the minor Potential slow peers are: FWDD0
XDPC1 XDPC8 FWDD1 alarm is observed, which can be ignored. PR1371222
• Multiple flowd process files are seen on node 1 after an RG0 failover. PR1372761
• Traffic loss occurs when the primary node is rebooting. PR1372862
• On SRX Series devices in chassis cluster, if reroute occurs on the IPv4 wings of a NAT64
or NAT46 session, the active node sends RTO message to the backup session to update
the rerouted interface. PR1379305
• On SRX4600 devices in a chassis cluster, the FPCs go offline if the chassis cluster IDs
are more than 10. PR1390202
Copyright © 2019, Juniper Networks, Inc. 203
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Class of Service (CoS)
• When the host-outbound-traffic statement is configured in class of service (CoS), the
device stops working when a corrupted packet arrives on the Packet Forwarding Engine.
PR1359767
Command-Line Interface (CLI)
• The following CLI command outputs are not displayed correctly: show usp memory
segment shm data module and show jsf shm module. PR1387711
Flow-Based and Packet-Based Processing
• On SRX320, SRX340, SRX340, and SRX550 devices, the rpd process stops when you
configure the auto-bandwidth option under the MPLS label-switched path (LSP).
PR1331164
• The security logs for unified policies are improved to reflect the reason for a denied or
rejected session. PR1338310
• The IPsec replay error for Z-mode traffic is observed. PR1349724
• When the output interface configured in the X2 mirrored filter is down, the flowd process
might stop. PR1357347
• On SRX4200 and SRX4600 devices, when the device is being rebooted or powered
on, control traffic loss is observed. PR1357591
• IDP inline-tap mode is not supported and configuration for SPC3 must be disabled.
PR1359591
• The syslog usage is deprecated, use the ERRMSG for relevant messages. PR1360274
• On the secondary control plane, a multicast session leak is observed for the PIM register.
PR1360373
• The application layer protocol negotiation (ALPN) fails because the SSL proxy removes
the ALPN extensions from the TLS packets. PR1360820
• On the SRX550M device, traffic might be duplicated and forwarded to the wrong
interface. PR1362514
• The show services application-identification statistics applications command displays
the application-system-cache error message. PR1363033
• On SRX Series devices, application identification (AppID) is supported for HTTP,
SMTPS, POP3S, and IMAPS protocols. PR1365810
• When RG0 failover occurs, the flowd process generates core files. PR1366122
• The request services user-identification authentication-table delete authentication-source
command output displays incorrect results. PR1366767
• On SRX Series devices, when AppQoE is enabled and the traffic starts flowing, the
flowd process might stop. PR1367599
• On an SRX1500 device with Junos OS Release 15.1X49-D140, the srxpfe process might
not work. PR1370900
204 Copyright © 2019, Juniper Networks, Inc.
• The device under test (DUT) sends incorrect rejection code when the destination device
is not reachable. PR1371115
• The SPC3 core file size is larger than the SPC1 and SPC2 core files. PR1371447
• On SRX4100 and SRX4200 devices, the UDP IMIX throughput is decreased. PR1373019
• In chassis cluster mode with the IPsec tunnel configured, packet loss is observed when
the clear-text packets are processed. PR1373161
• Using the SPC3 improves the performance of the unified policies. PR1374231
• A summary option for the show system security-profile assignment command is added
to provide summary of security profile assignment for the entire device. PR1376990
• The SPC3 card might be installed on any slot except slot 0, slot 1, and slot 11. PR1378178
• On SRX Series devices working in a PIM sparse mode, and located between a first-hop
router and a rendezvous point (RP), if a PIM control session is created through the PIM
register stop message, only the next PIM register message can be forwarded, and after
this first message, the subsequent PIM register messages (also matching the PIM
control session above) are wrongly dropped. PR1378295
• When the datapath-debug capture is stopped, incorrect error message is displayed.
PR1381703
• On an SRX5600 device in a chassis cluster, if respmod is enabled for ICAP, the
connection with the ICAP server might reset automatically. PR1382376
• On SRX300, SRX320, SRX340, SRX345, SRX550M devices, during the path MTU
discovery, the control engine does not receive the message frag needed and DF set.
PR1389428
• The set security flow log dropped-illegal-packet and set security flow log
dropped-icmp-packet CLI commands are unhidden. PR1394720
• On SRX Series devices, the active flow monitoring does not work for multiple collectors.
PR1396482
Interfaces and Chassis
• The virtual IP address of the Virtual Router Redundancy Protocol (VRRP) might not
respond to the host-inbound traffic. PR1371516
Intrusion Detection and Prevention (IDP)
• The IDP might not be deployed because the IDP configuration cannot be committed.
PR1374079
• The unified policies configured with IDP might not inspect the arbitrary sessions, and
are marked as Not Interested within the show security idp counters flow command.
PR1385094
Copyright © 2019, Juniper Networks, Inc. 205
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
J-Web
• The PPPoE interface pp0 is not displayed on the J-Web's Interfaces > Port page.
PR1316328
• The dynamic application configuration page in J-Web does not display application
signatures in the result if the signatures are searched by category field. PR1344165
• The J-Web setup does not populate the DHCP attributes. PR1370700
• The chassis cluster image is not displayed on the J-Web dashboard. PR1382219
Logical Systems
• The logical system licenses fail to bind to the tenants or logical systems after the device
is rebooted. PR1380144
• The logical system license limit is increased to three. One license is for
root-logical-system traffic and the other two licenses are for the logical system and
the tenant to transfer the traffic. PR1384659
• Tenant for logical system installation failed on node 1 after upgrading ISSU. PR1388336
Network Address Translation (NAT)
• Source NAT sessions might fail to be created when the port-overloading or the
port-overloading-factor statement is configured. PR1370279
Network Management and Monitoring
• The show snmp mib walk etherStatsTable command displays incorrect results.
PR1335808
• The eventd process generates core file, when the incoming system log message length
is at or beyond the maximum supported size. PR1366120
Platform and Infrastructure
• On SRX1500 devices, when the power supply fails, the trap sent might contain incorrect
information. PR1315937
• On SRX300, SRX320, SRX340, and SRX345 devices, you are unable to lock the USB
port. PR1352104
• On SRX4100 and SRX4200 devices, the SRX Network Time Protocol (NTP) client
might not stay synchronized to the NTP server and as a result the device clock often
switches from NTP to local time. PR1357843
• On SRX5400, SRX5600, and SRX5800 devices, log messages are seen often when
an IOC card has the same identifier as the SPC card. PR1357913
• When the secure copy protocol (SCP) fails to transfer the active configuration to an
archive site, the archive site also fails. PR1359424
• On SRX4600 devices, the show chassis fan show chassis environment command does
not display any output. PR1363645
206 Copyright © 2019, Juniper Networks, Inc.
• Packet capture feature does not work after the sampling configuration is deleted.
PR1370779
• On SRX Series devices in a chassis cluster, the cold synchronization process might
slow down when there are many Packet Forwarding Engines installed on the device.
PR1376172
• Junos OS upgrade might fail when you use the validate option after the /cf/var/sw
directory is erroneously deleted. PR1384319
Routing Policy and Firewall Filters
• The TCP protocol ports 5800 and 5900 are added to junos-defaults to support the
VNC application. PR1333206
• The show security policies detail command output is modified to improve readability,
particularly for unified policies. PR1338307
• The timeout value of junos-http is not accurate. PR1371041
• When the dynamic address is referenced in the dynamic-address field and the
destination IP address for the traffic is matched within this dynamic address, the policy
fails to match the traffic PR1372921
Routing Protocols
• If family iso is enabled through the GRE over IPSec tunnel, the vFPC stops working.
PR1364624
Services Applications
• When the ICAP configuration and the traffic passing through are modified, core files
might be generated. PR1389600
• Clearing the TCP session might not clear the redirect objects. PR1390835
System Logs
• On SRX Series devices, the following false log message is observed. are observed:
/kernel: check_configured_tpids: < interfaces > : default tpid (0x8100) not configured.
pic allows maximum of 0 tpids. PR1373668
Unified Threat Management (UTM)
• The default actions under a Web filtering profile might not work properly. PR1365389
• When the server port is configured as 443, the displayed EWF server status is UP.
PR1383695
VPNs
• IPsec tunnel might not work when there are concurrent IKEv2 Phase 1 SA rekeys.
PR1360968
• On SRX5600 and SRX 5800 devices, during a migration from VPN to AutoVPN
configuration, traffic loss is observed. PR1362317
Copyright © 2019, Juniper Networks, Inc. 207
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
• On SRX Series devices in a chassis cluster, when the VPN configuration size reaches
an internal configuration processing chunk size, the VPN tunnels might not be configured
successfully and the VPN tunnels might not come up after rebooting, upgrading, or
restarting ipsec-key-management. PR1376134
• Packet loss is observed in IPsec Z-mode scenario. PR1377266
• The kmd process might stop and cause VPN traffic outage after the show security ipsec
next-hop-tunnels command is run. PR1381868
• Adding or deleting site-to-site manual NHTB VPN tunnels to an existing st0 unit causes
the existing manual NHTB VPN tunnels under the same st0 unit to flap. PR1382694
See Also • New and Changed Features on page 186
• Changes in Behavior and Syntax on page 194
• Known Behavior on page 197
• Known Issues on page 199
• Documentation Updates on page 208
• Migration, Upgrade, and Downgrade Instructions on page 208
• Product Compatibility on page 209
Documentation Updates
There are no errata or changes in Junos OS Release 18.4R1 for the SRX Series
documentation.
See Also • New and Changed Features on page 186
• Changes in Behavior and Syntax on page 194
• Known Behavior on page 197
• Known Issues on page 199
• Resolved Issues on page 203
• Migration, Upgrade, and Downgrade Instructions on page 208
• Product Compatibility on page 209
Migration, Upgrade, and Downgrade Instructions
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade
policies for Junos OS. Upgrading or downgrading Junos OS can take several hours,
depending on the size and configuration of the network.
208 Copyright © 2019, Juniper Networks, Inc.
Upgrade and Downgrade Support Policy for Junos OS Releases and Extended
End-Of-Life Releases
Support for upgrades and downgrades that span more than three Junos OS releases at
a time is not provided, except for releases that are designated as Extended End-of-Life
(EEOL) releases. EEOL releases provide direct upgrade and downgrade paths. You can
upgrade directly from one EEOL release to the next EEOL release even though EEOL
releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after
the currently installed EEOL release, or to two EEOL releases before or after. For example,
Junos OS Releases 15.1X49, 17.3, 17.4, 18.1, and 18.2 are EEOL releases. You can upgrade
from one Junos OS Release to the next release or one release after the next release. For
example, you can upgrade from Junos OS Release 15.1X49 to Release 17.3 or 17.4, Junos
OS Release 17.4 to Release 18.1 or 18.2, and from Junos OS Release 18.1 to Release 18.2
or 18.3 and so on.
You cannot upgrade directly from a non-EEOL release to a release that is more than
three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to
a release more than three releases before or after, first upgrade to the next EEOL release
and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see
https://www.juniper.net/support/eol/junos.html.
For information about software installation and upgrade, see the Installation and Upgrade
Guide for Security Devices.
For information about ISSU, see the Chassis Cluster Feature Guide for Security Devices.
See Also • New and Changed Features on page 186
• Changes in Behavior and Syntax on page 194
• Known Behavior on page 197
• Known Issues on page 199
• Resolved Issues on page 203
• Documentation Updates on page 208
• Product Compatibility on page 209
Product Compatibility
Hardware Compatibility
To obtain information about the components that are supported on the devices, and
special compatibility guidelines with the release, see the Hardware Guide and the Interface
Module Reference for the product.
Copyright © 2019, Juniper Networks, Inc. 209
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
To determine the features supported on SRX Series devices in this release, use the Juniper
Networks Feature Explorer, a Web-based application that helps you to explore and
compare Junos OS feature information to find the right software release and hardware
platform for your network. Find Feature Explorer at:
https://pathfinder.juniper.net/feature-explorer/
See Also • New and Changed Features on page 186
• Changes in Behavior and Syntax on page 194
• Known Behavior on page 197
• Known Issues on page 199
• Resolved Issues on page 203
• Documentation Updates on page 208
• Migration, Upgrade, and Downgrade Instructions on page 208
210 Copyright © 2019, Juniper Networks, Inc.
Upgrading Using ISSU
In-service software upgrade (ISSU) enables you to upgrade between two different
Junos OS releases with no disruption on the control plane and with minimal disruption
of traffic.
For additional information about using ISSU on routing and switching devices, see the
High Availability Feature Guide.
For additional information about using ISSU on security devices, see the Chassis Cluster
Feature Guide for SRX Series Devices.
For information about ISSU support across platforms and Junos OS releases, see the
In-Service Software Upgrade (ISSU) Web application.
Licensing
Starting in 2019, Juniper Networks introduced a new software licensing model. The Juniper
Flex Program is a framework, set of policies, and tools that help unify and thereby simplify
the multiple product-driven licensing and packaging approaches that have been developed
at Juniper Networks over the past several years.
The major components of the framework are:
• A focus on customer segments (enterprise, service provider, and cloud) and use cases
for Juniper Networks hardware and software products.
• The introduction of a common three-tiered model (standard, advanced, and premium)
for all Juniper Networks software products.
• The introduction of subscription licenses and subscription portability for all Juniper
Networks products, including Junos OS and Contrail.
For information on the list of supported products, see Juniper Flex Program.
Compliance Advisor
For regulatory compliance information about Common Criteria, FIPS, Homologation, RoHS2,
and USGv6 for Juniper Networks products, see the Juniper Networks Compliance Advisor.
Finding More Information
For the latest, most complete information about known and resolved issues with the
Junos OS, see the Juniper Networks Problem Report Search application at
https://prsearch.juniper.net.
For regulatory compliance information about Common Criteria, FIPS, Homologation, RoHS2,
and USGv6 for Juniper Networks products, see the Juniper Networks Compliance Advisor.
To access Software Release Notifications for Junos OS Service Releases, visit our
Knowledge Center at https://support.juniper.net/support/. You’ll need to log in to your
Copyright © 2019, Juniper Networks, Inc. 211
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Juniper Account. From the Knowledge Center, search by the specific release number, for
example 17.4R1-S2. Use the Software Release Notifications to download software, and
learn about known and resolved issues for specific service releases.
Juniper Networks Feature Explorer is a Web-based application that helps you to explore
and compare Junos OS feature information to find the correct software release and
hardware platform for your network. Find Feature Explorer at
https://apps.juniper.net/feature-explorer/.
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we can
improve the documentation. You can provide feedback by using either of the following
methods:
• Online feedback system—Click TechLibrary Feedback, on the lower right of any page
on the Juniper Networks TechLibrary site, and do one of the following:
• Click the thumbs-up icon if the information on the page was helpful to you.
• Click the thumbs-down icon if the information on the page was not helpful to you
or if you have suggestions for improvement, and use the pop-up form to provide
feedback.
• E-mail—Send your comments to [email protected]. Include the document
or topic name, URL or page number, and software version (if applicable).
212 Copyright © 2019, Juniper Networks, Inc.
Requesting Technical Support
Technical product support is available through the Juniper Networks Technical Assistance
Center (JTAC). If you are a customer with an active Juniper Care or Partner Support
Services support contract, or are covered under warranty, and need post-sales technical
support, you can access our tools and resources online or open a case with JTAC.
• JTAC policies—For a complete understanding of our JTAC procedures and policies,
review the JTAC User Guide located at
https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
• Product warranties—For product warranty information, visit
https://www.juniper.net/support/warranty/.
• JTAC hours of operation—The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides you with the
following features:
• Find CSC offerings: https://www.juniper.net/customers/support/
• Search for known bugs: https://prsearch.juniper.net/
• Find product documentation: https://www.juniper.net/documentation/
• Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/
• Download the latest versions of software and review release notes:
https://www.juniper.net/customers/csc/software/
• Search technical bulletins for relevant hardware and software notifications:
https://kb.juniper.net/InfoCenter/
• Join and participate in the Juniper Networks Community Forum:
https://www.juniper.net/company/communities/
• Create a service request online: https://myjuniper.juniper.net
To verify service entitlement by product serial number, use our Serial Number Entitlement
(SNE) Tool: https://entitlementsearch.juniper.net/entitlementsearch/
Creating a Service Request with JTAC
You can create a service request with JTAC on the Web or by telephone.
• Visit https://myjuniper.juniper.net.
• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, see
https://support.juniper.net/support/requesting-support/.
Copyright © 2019, Juniper Networks, Inc. 213
Junos OS Release 18.4R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series and Junos Fusion
Revision History
28 March 2019—Revision 10, Junos OS Release 18.4R1– ACX Series, EX Series, MX Series,
NFX Series, PTX Series, QFX Series, SRX Series, and Junos Fusion.
15 March 2019—Revision 9, Junos OS Release 18.4R1– ACX Series, EX Series, MX Series,
NFX Series, PTX Series, QFX Series, SRX Series, and Junos Fusion.
14 February 2019—Revision 8, Junos OS Release 18.4R1– ACX Series, EX Series, MX Series,
NFX Series, PTX Series, QFX Series, SRX Series, and Junos Fusion.
7 February 2019—Revision 7, Junos OS Release 18.4R1– ACX Series, EX Series, MX Series,
NFX Series, PTX Series, QFX Series, SRX Series, and Junos Fusion.
31 January 2019—Revision 6, Junos OS Release 18.4R1– ACX Series, EX Series, MX Series,
NFX Series, PTX Series, QFX Series, SRX Series, and Junos Fusion.
24 January 2019—Revision 5, Junos OS Release 18.4R1– ACX Series, EX Series, MX Series,
NFX Series, PTX Series, QFX Series, SRX Series, and Junos Fusion.
17 January 2019—Revision 4, Junos OS Release 18.4R1– ACX Series, EX Series, MX Series,
NFX Series, PTX Series, QFX Series, SRX Series, and Junos Fusion.
11 January 2019—Revision 3, Junos OS Release 18.4R1– ACX Series, EX Series, MX Series,
NFX Series, PTX Series, QFX Series, SRX Series, and Junos Fusion.
28 December 2018—Revision 2, Junos OS Release 18.4R1– ACX Series, EX Series, MX
Series, NFX Series, PTX Series, QFX Series, SRX Series, and Junos Fusion.
21 December 2018—Revision 1, Junos OS Release 18.4R1– ACX Series, EX Series, MX
Series, NFX Series, PTX Series, QFX Series, SRX Series, and Junos Fusion.
214 Copyright © 2019, Juniper Networks, Inc.
You might also like
- Aruba Clustering of Mobility ControllersNo ratings yetAruba Clustering of Mobility Controllers9 pages
- Tigera Ebook Intro To Kubernetes NetworkingNo ratings yetTigera Ebook Intro To Kubernetes Networking51 pages
- Contrail Networking Monitoring and Troubleshooting GuideNo ratings yetContrail Networking Monitoring and Troubleshooting Guide537 pages
- Applications of Bidirectional Forwarding Detection (BFD) : Rahul AggarwalNo ratings yetApplications of Bidirectional Forwarding Detection (BFD) : Rahul Aggarwal34 pages
- Juniper Networks IR Presentation May 2021 PDFNo ratings yetJuniper Networks IR Presentation May 2021 PDF55 pages
- Command Line Interface Cross-Reference Guide: Extremexos, Eos, Voss, Boss, Cisco IosNo ratings yetCommand Line Interface Cross-Reference Guide: Extremexos, Eos, Voss, Boss, Cisco Ios120 pages
- BGP AS Migration Process: Moving From One ASN To AnotherNo ratings yetBGP AS Migration Process: Moving From One ASN To Another10 pages
- 8.3.3.3 Lab - Collecting and Analyzing NetFlow Data - ILM PDF100% (2)8.3.3.3 Lab - Collecting and Analyzing NetFlow Data - ILM PDF13 pages
- MLNX - EN Documentation Rev 4.9-5.1.0.0 LTS - 10!23!2022No ratings yetMLNX - EN Documentation Rev 4.9-5.1.0.0 LTS - 10!23!2022206 pages
- AOS-CX Switch Simulator - Loop Protect Lab GuideNo ratings yetAOS-CX Switch Simulator - Loop Protect Lab Guide9 pages
- Mcafee Network Security Platform 10.1.x Installation Guide 9-6-2022No ratings yetMcafee Network Security Platform 10.1.x Installation Guide 9-6-2022289 pages
- Cisco SD-WAN Getting Started Guide: Americas HeadquartersNo ratings yetCisco SD-WAN Getting Started Guide: Americas Headquarters370 pages
- IZO Private Network - ADC - Services Delivery and Assurance Guidelines For Azure v3.0 PDFNo ratings yetIZO Private Network - ADC - Services Delivery and Assurance Guidelines For Azure v3.0 PDF33 pages
- Deploying Vthunder Adc For Web Application Services On Oracle Cloud InfrastructureNo ratings yetDeploying Vthunder Adc For Web Application Services On Oracle Cloud Infrastructure35 pages
- Building Data Centers With VXLAN BGP EVPN A Cisco NX-OS Perspective - 401-EndNo ratings yetBuilding Data Centers With VXLAN BGP EVPN A Cisco NX-OS Perspective - 401-End77 pages
- 12.5.13 Packet Tracer - Troubleshoot Enterprise Networks - ILMNo ratings yet12.5.13 Packet Tracer - Troubleshoot Enterprise Networks - ILM7 pages
- 3com Switch 4800G 24-Port Configuration ManualNo ratings yet3com Switch 4800G 24-Port Configuration Manual1,246 pages
- (SRX) How To Configure TACACS+ Authentication On SRX PlatformsNo ratings yet(SRX) How To Configure TACACS+ Authentication On SRX Platforms5 pages
- Cisco Day at The Movies GLBP & VRF-lite: Tim ThomasNo ratings yetCisco Day at The Movies GLBP & VRF-lite: Tim Thomas37 pages
- Support For TI-LFA FRR Using Is-Is Segment RoutingNo ratings yetSupport For TI-LFA FRR Using Is-Is Segment Routing9 pages
- Cisco 6500-Virtual Switch Sysetm-S6367 - Vss - Tech - Talk - FinalNo ratings yetCisco 6500-Virtual Switch Sysetm-S6367 - Vss - Tech - Talk - Final31 pages
- Junos Space Security Director Technical Overview Student GuideNo ratings yetJunos Space Security Director Technical Overview Student Guide67 pages
- System Basics and Services Command ReferenceNo ratings yetSystem Basics and Services Command Reference794 pages
- PCXRecord 2.3 Im InstallManual2012 ALESVC54330 11 enNo ratings yetPCXRecord 2.3 Im InstallManual2012 ALESVC54330 11 en482 pages
- Top 25 Questions and Answers On Hypertext Transfer Protocol100% (1)Top 25 Questions and Answers On Hypertext Transfer Protocol12 pages
- Avaya Aura Contact Center Release 6.2 Installation ChecklistNo ratings yetAvaya Aura Contact Center Release 6.2 Installation Checklist119 pages
- Technical Report: Data Center Planning and Execution CenterNo ratings yetTechnical Report: Data Center Planning and Execution Center5 pages
- Maseno University: Schoo of Mathematics Statistics and Actuarial Science BSC. Mathematics & Computer ScienceNo ratings yetMaseno University: Schoo of Mathematics Statistics and Actuarial Science BSC. Mathematics & Computer Science8 pages
- Cisco SD-WAN Hands-On Training - LABs - 6.8-PrintNo ratings yetCisco SD-WAN Hands-On Training - LABs - 6.8-Print39 pages
- ASEDLMS - Meter - Explorer - Setup - v1.5.7 - Release - Notes WeNo ratings yetASEDLMS - Meter - Explorer - Setup - v1.5.7 - Release - Notes We14 pages
- Modbus TCP / RTU Gateway: IE-GW-MB-2TX-1RS232/485 IE-GWT-MB-2TX-1RS232/485No ratings yetModbus TCP / RTU Gateway: IE-GW-MB-2TX-1RS232/485 IE-GWT-MB-2TX-1RS232/48553 pages
- Itexamanswers Net Ccna 3 v7 Modules 9 12 Optimize Monitor and Troubleshoot Networks Exam Answers HTMLNo ratings yetItexamanswers Net Ccna 3 v7 Modules 9 12 Optimize Monitor and Troubleshoot Networks Exam Answers HTML20 pages
- Sip Trunk Between U19xx and Cisco Call Maanger - Huawei Enterprise Support CommunityNo ratings yetSip Trunk Between U19xx and Cisco Call Maanger - Huawei Enterprise Support Community19 pages
- IPsec VPN Penetration Testing With BackTrack ToolsNo ratings yetIPsec VPN Penetration Testing With BackTrack Tools6 pages
