Juniper Junos User Manual
Release
Notes
Published
2021-04-07
Junos® OS Release 21.1R1 for the ACX Series, cRPD, cSRX, EX Series, JRR Series, Juniper Secure Connect, Junos Fusion, MX Series, NFX Series, PTX Series, QFX Series, SRX Series, vMX, vRR, and vSRX
KEY FEATURES
•Refer to Key Features in Junos OS Release 21.1 to quickly learn about the most important Junos OS features and how you can deploy them in your network.
SOFTWARE HIGHLIGHTS
• |
Support for c n |
r n m |
independent IGP instances of IS-IS (ACX Series, MX Series, and PTX Series) |
• |
Support for fl x b |
algorithm in OSPFv2 for segment r n r c engineering (ACX Series, MX Series, and PTX Series) |
|
•Support for strict SPF and IGP shortcut (ACX710, MX960, MX10008, MX2020, PTX5000, and PTX1000)
•New transport class-based architecture to facilitate service mapping over colored tunnels (ACX Series, PTX Series, MX Series)
•Support for BGP MVPN (Junos fusion for provider edge)
•Support for EVPN-MPLS (Junos fusion for provider edge)
•Support for interprovider and carrier-of-carrier VPNs (Junos fusion for provider edge)
•Next Gen Services (MX240, MX480, and MX960 with MX-SPC3)
• |
MVPN live-live s |
n support (MX Series) |
• |
IS-IS link delay measurement and v r s n (MX Series) |
|
•Support for BGP Auto-discovered Neighbor (MX Series, PTX1000, PTX10008, QFX5120-32C, QFX5200, QFX5210, and QFX10008)
• Support for displaying the m s m in syslog (MX Series routers with MS-MPC, MS-MIC, and MX-SPC3)
•Support for PWHT (over EVPN-VPWS, on a transport logical interface) with subscriber management (BNG) service logical interfaces (MX Series)
• |
Support to view the s ftw r |
package ns |
n or n ns |
n status (MX480, MX960, MX2010, MX2020, |
||
|
SRX1500, SRX4100, SRX4400, SRX4600, SRX5400, SRX5600, SRX5800, vMX, and vSRX) |
|||||
• Support for VRRP (PTX1000, PTX10002, PTX10008, and PTX10016) |
||||||
• |
Support for m cr s |
m n |
|
n on VLANs and VXLANs (QFX5110 and QFX5120) |
||
• |
EVPN-VXLAN tunnel ns |
c |
n (SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX) |
|||
• LLDP on routed and reth interfaces (SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, and SRX5800) |
||||||
• |
Policy-based threat |
r |
n |
(SRX Series devices and vSRX) |
|
|
•r c selector enhancements (SRX Series)
•Security policy enhancement for EVPN-VXLAN tunnel (SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX)
• Enhanced monitoring and r b s |
n of the fl w session (SRX Series) |
•Support for Snort IPS signatures (SRX Series and NFX Series)
•Packet-based ECMP support for Express Path (SRX5400, SRX5600, and SRX5800)
•Juniper Agile Licensing Support (vSRX)
HARDWARE HIGHLIGHTS
• New EX4400 Switch for Large Branch |
c s Campus Wiring Closets, and Data Centers |
•Features Supported on MPC10E and MPC11E on MX Series Routers
•Support for JNP-100G-DAC-1M, JNP-100G-DAC-3M, and JNP-100G-DAC-5M DACs (QFX10002-60C)
• Support for the JNP-QSFP-100G-BXSR and the JNP-QSFP-40G-BXSR b r c n transceivers
Day One+
• Use this new setup tool to get your Junos OS up and running in three quick steps.
iii
Table of Contents
n r c n | 1
Key Features in Junos OS Release 21.1 | 1
Junos OS Release Notes for ACX Series
What's New | 8
What's New in 21.1R1 | 8
EVPN | 8
MPLS | 9
Network Management and Monitoring | 10
Rn Protocols | 10
Segment R n | 11
What's Changed | 11
What’s Changed in Release 21.1R1 | 12
Known L m ns | 14
Open Issues | 15
Resolved Issues | 16
Resolved Issues: 21.1R1 | 17
c m n n Updates | 19
M r n Upgrade, and Downgrade ns r c ns | 19
Upgrade and Downgrade Support Policy for Junos OS Releases and Extended End-Of-Life
Releases | 20
Junos OS Release Notes for cRPD
What's New | 21
What's New in 21.1R1 | 21
rm and Infrastructure | 21
What's Changed | 23
What’s Changed in Release 21.1R1 | 23
iv
Known L m |
ns | 23 |
Open Issues | 24
Resolved Issues | 24
Resolved Issues: 21.1R1 | 24
Junos OS Release Notes for cSRX
What's New | 25
What's New in 21.1R1 | 25
n c n and Access Control | 26
What's Changed | 26
What’s Changed in Release 21.1R1 | 26
Known L m |
ns | 26 |
Open Issues | 26
Resolved Issues | 27
Resolved Issues: 21.1R1 | 27
Junos OS Release Notes for EX Series
What's New | 28
What's New in 21.1R1 | 28
Hardware | 29 |
|
|
n c |
n and Access Control | 41 |
|
EVPN | 42 |
|
|
Forwarding |
ns | 44 |
|
High Availability |
| 45 |
|
Licensing | 45 |
|
|
Network Management and Monitoring | 57 |
||
S ftw r |
ns |
n and Upgrade | 58 |
What's Changed | 59
What’s Changed in Release 21.1R1 | 59
Known L m |
ns | 61 |
Open Issues | 62
v
Resolved Issues | 64
Resolved Issues: 21.1R1 | 64
M r n Upgrade, and Downgrade ns r c ns | 67
Upgrade and Downgrade Support Policy for Junos OS Releases and Extended End-Of-Life Releases | 67
Junos OS Release Notes for JRR Series
What's New | 68
What's New in 21.1R1 | 69
Rn Protocols | 69
What's Changed | 69
What’s Changed in Release 21.1R1 | 69
Known L m |
ns | 70 |
Open Issues | 70
Resolved Issues | 70
Resolved Issues: 21.1R1 | 70
M r n Upgrade, and Downgrade ns r c ns | 71
Upgrade and Downgrade Support Policy for Junos OS Releases and Extended End-Of-Life Releases | 71
Junos OS Release Notes for Juniper Secure Connect
What's New | 72
What's New in 21.1R1 | 73
What's Changed | 73
What’s Changed in Release 21.1R1 | 73
Known L m |
ns | 73 |
Open Issues | 73
Resolved Issues | 74
Resolved Issues: 21.1R1 | 74
Junos OS Release Notes for Junos Fusion for Enterprise
vi
What's New | 75
What's New in 21.1R1 | 75
What's Changed | 75
What’s Changed in Release 21.1R1 | 75
Known L m ns | 76
Open Issues | 76
Resolved Issues | 76
Resolved Issues: 21.1R1 | 76
M r n Upgrade, and Downgrade ns r c ns | 77
Junos OS Release Notes for Junos Fusion for Provider Edge
What's New | 83
What's New in 21.1R1 | 83
EVPN | 84
VPNs | 84
What's Changed | 84
What’s Changed in Release 21.1R1 | 85
Known L m |
ns | 85 |
Open Issues | 85
Resolved Issues | 85
Resolved Issues: 21.1R1 | 86
M r n Upgrade, and Downgrade ns r c ns | 86
Junos OS Release Notes for MX Series
What's New | 95
What's New in 21.1R1 | 96
Hardware | 96
Dynamic Host C n r n Protocol | 101
EVPN | 101
Interfaces | 102
vii
Junos Telemetry Interface | 102
MPLS | 105
Mc s | 105
Network Management and Monitoring | 106
nC n | 108
rm and Infrastructure | 109
Port Security | 112
Rn Protocols | 112
Segment R |
n |
| 113 |
||
Services |
c |
ns | 114 |
||
S |
ftw r |
|
n |
Networking (SDN) | 115 |
S |
ftw r |
ns |
|
n and Upgrade | 116 |
Subscriber Management and Services | 117
What's Changed | 117
What’s Changed in Release 21.1R1 | 117
Known L m |
ns | 121 |
Open Issues | 124
Resolved Issues | 132
Resolved Issues: 21.1R1 | 133
M r n Upgrade, and Downgrade ns r c ns | 149
Junos OS Release Notes for NFX Series
What's New | 157
What's New in 21.1R1 | 157
c |
n n |
c |
n (AppID) | 157 |
|
Architecture | 158 |
|
|
||
Flow-Based and Packet-Based Processing | 158 |
||||
Intrusion |
c |
n and |
r v |
n n | 159 |
rm and Infrastructure | |
160 |
|||
What's Changed | 160
What’s Changed in Release 21.1R1 | 161
Known L m |
ns | 161 |
viii
Open Issues | 161
Resolved Issues | 163
Resolved Issues: 21.1R1 | 163
M r n Upgrade, and Downgrade ns r c ns | 164
Junos OS Release Notes for PTX Series
What's New | 167
What's New in 21.1R1 | 167
High Availability | 168
MPLS | 168
Network Management and Monitoring | 169
Rn Protocols | 169
Segment R |
n |
| 170 |
Services |
c |
ns | 171 |
What's Changed | 171
What’s Changed in Release 21.1R1 | 171
Known L m |
ns | 173 |
Open Issues | 174
Resolved Issues | 176
Resolved Issues: 21.1R1 | 176
M r n Upgrade, and Downgrade ns r c ns | 179
Junos OS Release Notes for QFX Series
What's New | 184
Hardware | 184
n c n and Access Control | 185
EVPN | 185
Interfaces | 186
IP Tunneling | 186
Junos Telemetry Interface | 186
ix
Layer 2 Features | 187
MPLS | 187
Mc s | 188
Network Management and Monitoring | 188
rm and Infrastructure | 189
R n |
Policy and Firewall Filters | 189 |
|
S ftw r |
ns |
n and Upgrade | 190 |
What's Changed | 191
What’s Changed in Release 21.1R1 | 191
Known L m |
ns | 193 |
Open Issues | 195
Resolved Issues | 197
Resolved Issues: 21.1R1 | 198
M r n Upgrade, and Downgrade ns r c ns | 203
Junos OS Release Notes for SRX Series
What's New | 217
c |
n n |
c |
n (AppID) | 218 |
n c |
n and Access Control | 219 |
||
Chassis | 219 |
|
|
|
Chassis Cluster |
| 220 |
|
|
Ethernet Switching and Bridging | 220 |
|||
EVPN | 220 |
|
|
|
Flow-Based and Packet-Based Processing | 221 |
|||
High Availability |
| 223 |
|
|
Interfaces |
| 223 |
|
|
Intrusion |
c |
n and |
r v n n | 223 |
x
Juniper Advanced Threat |
r v n n Cloud (Juniper ATP Cloud) | 224 |
|
Network Management and Monitoring | 225 |
||
Securing GTP and SCTP r |
c | 227 |
|
Services |
c ns | 227 |
|
S ftw r ns |
n and Upgrade | 227 |
|
nThreat Management (UTM) | 227
VPNs | 228
What's Changed | 228
What’s Changed in Release 21.1R1 | 229
Known L m |
ns | 232 |
Open Issues | 233
Resolved Issues | 234
Resolved Issues: 21.1R1 | 234
M r n Upgrade, and Downgrade ns r c ns | 239
Upgrade and Downgrade Support Policy for Junos OS Releases and Extended End-Of-Life Releases | 239
Junos OS Release Notes for vMX
What's New | 241
Network Management and Monitoring | 241
S ftw r ns n and Upgrade | 241
What's Changed | 242
What’s Changed in Release 21.1R1 | 242
Known L m |
ns | 243 |
Open Issues | 243
Resolved Issues | 243
Resolved Issues: 21.1R1 | 244
Upgrade ns r c ns | 244
xi
Junos OS Release Notes for vRR
What's New | 245
What's Changed | 245
What’s Changed in Release 21.1R1 | 245
Known L m |
ns | 245 |
Open Issues | 246
Resolved Issues | 246
Resolved Issues: 21.1R1 | 246
Junos OS Release Notes for vSRX
What's New | 247
n |
c |
n and Access Control | 248 |
Juniper Advanced Threat r v n n Cloud (Juniper ATP Cloud) | 248 |
||
Licensing | 249 |
||
Network Management and Monitoring | 251 |
||
S ftw r |
ns |
n and Upgrade | 251 |
VPNs | 251
What's Changed | 252
What’s Changed in Release 21.1R1 | 252
Known L m |
ns | 253 |
Open Issues | 253
Resolved Issues | 254
Resolved Issues: 21.1R1 | 254
M r n Upgrade, and Downgrade ns r c ns | 255
Upgrade and Downgrade Support Policy for Junos OS Releases and Extended End-Of-Life Releases | 262
Licensing | 263
Finding More n rm n | 263
xii
c m n n Feedback | 264
R q s n Technical Support | 264
Revision History | 266
1
n r c n
Junos OS runs on the following Juniper Networks® hardware: ACX Series, cRPD, cSRX, EX Series, JRRSeries, JuniperSecureConnect,Junos Fusion Enterprise,Junos Fusion ProviderEdge, MX Series, NFXSeries, PTX Series, QFX Series, SRX Series, vMX, vRR, and vSRX.
These release notes accompany Junos OS Release21.1R1for the ACX Series, Containerized R n Protocol Process (cRPD), cSRX Container Firewall (cSRX), EX Series, JRR Series, Juniper Secure Connect, Junos Fusion Enterprise,Junos Fusion Provider Edge, MX Series, NFX Series, PTX Series, QFX Series, SRX Series, virtual MX Series router (vMX), Virtual Route R fl c r (vRR), and vSRX Virtual Firewall
(vSRX).They describe new and changed features, m |
ns and known and resolved problems in the |
hardware and s ftw r |
|
Key Features in Junos OS Release 21.1
Start here to learn about the key features in Junos OS Release 21.1. For more n |
rm |
n about a |
||||||||
feature, click the link in the feature |
scr |
n |
|
|
|
|
|
|||
• Enhanced monitoring and r |
b |
s |
n |
of the fl w session (SRX Series)—S |
r n |
in Junos OS |
||||
Release 21.1R1, we’ve introduced |
n |
rs to the show security fl w session |
r n |
|||||||
command. The |
n |
rs allow you to generate s |
c |
outputs in a list so that you can |
||||||
easily monitor the fl w session. We’ve also introduced the show security fl w session r |
y and |
|||||||||
show security fl |
w session plugins |
r |
n commands to view detailed n |
rm |
n about the |
|||||
fl w session. |
|
|
|
|
|
|
|
|
|
|
You can also trace the packet-drop n |
rm |
n without c |
mm |
n the c n |
r |
n using the |
||||
monitor security packet-drop |
|
r |
n command. This command output is displayed on the screen |
|||||||
n |
you press Ctrl+c or |
n |
the security device collects the requested number of packet drops. The |
||||
command includes various |
rs to generate the output |
s per your requirement. |
|||||
[See show security fl w session, show security fl |
w session |
r |
y, show security fl w session |
||||
plugins, and monitor security packet-drop.] |
|
|
|
||||
• EVPN-VXLAN tunnel ns |
c |
n (SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, and |
|||||
vSRX)—S r n in Junos OS Release 21.1R1, we've introduced the following enhancements to the |
|||||||
VXLAN support for SRX Series devices: |
|
|
|
||||
• |
Support for SRX5000 line of devices in |
n to the SRX4000 line and vSRX |
|||||
• |
Enhancements to tunnel ns c |
n for VXLAN-encapsulated |
r c by applying Layer 4 or Layer |
||||
|
7 security services to the tunnel |
r c The supported services are: |
|||||
2
• |
c |
n n c |
n |
• |
IDP |
|
|
• |
Juniper Advanced Threat r v n n (ATP Cloud) |
||
•n threat management (UTM)
Layer 7 security services provide |
|
c |
n |
v |
security and protect users from security threats |
|||||||||||||||
through VXLAN tunnel. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||
[See C n |
|
r n |
Tunnel r |
c ns |
|
c |
n.] |
|
|
|
|
|
|
|
|
|
|
|
||
• IS-IS link delay measurement and |
|
v r |
s n |
(MX Series)—S r |
n in Junos OS Release 21.1R1, you |
|||||||||||||||
can measure and |
|
v r s |
various performance metrics in IP networks with scalability, by using |
|||||||||||||||||
several IS-IS probe messages. These metrics can then be used to make |
|
s |
c |
n decisions |
||||||||||||||||
based on network performance. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||
[See How to Enable Link Delay Measurement and |
v r |
s n in IS-IS, delay-measurement, and |
||||||||||||||||||
delay-metric.] |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
• LLDP on routed and reth interfaces (SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, and |
||||||||||||||||||||
SRX5800)—S r |
n |
in Junos OS Release 21.1R1, you can enable LLDP on all physical interfaces, |
||||||||||||||||||
including routed and redundant Ethernet (reth) interfaces. LLDP is a link-layer protocol used by |
||||||||||||||||||||
network devices to |
v r |
s c |
b |
|
s |
n |
y and other n |
rm |
n to a LAN. |
|
|
|
||||||||
[See LLDP Overview.] |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||
• MVPN live-live s |
|
n support (MX Series)—S |
r n |
in Junos OS Release 21.1R1, we’ve added |
||||||||||||||||
support to enable the MVPN live-live feature in n x |
n r |
n m c s |
VPN (MVPN) with |
|
||||||||||||||||
m |
c s |
LDP |
n |
m |
n |
(P2MP) provider tunnel. This feature helps to keep your network |
||||||||||||||
live all the |
m |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
To enable the MVPN live-live s |
|
n |
|
|
|
|
|
|
|
|
|
|
|
|
||||||
• |
C n |
r |
the sender-based-rpf |
|
n by running the set r |
n |
ns |
nc |
s r |
n |
ns |
nc |
||||||||
|
n m |
protocols mvpn sender-based-rpf command. This |
n is disabled by default. |
|
|
|||||||||||||||
• |
C n |
r |
the hot-root-standby |
|
n by running the set r |
n |
ns |
nc |
s r |
n |
ns |
nc |
||||||||
|
n m |
protocols mvpn hot-root-standby command. You can c n |
r |
this |
|
n only if sender- |
||||||||||||||
|
based RPF is enabled. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
When you enable this c n |
r |
n the receiving PE |
m |
c y switches over to the backup path |
||||||||||||||||
if it encounters any failure while forwarding the |
r |
c from the primary path to the customer |
||||||||||||||||||
network. The r ns |
n from primary path to backup path happens in less than 50 milliseconds. |
|||||||||||||||||||
For previous Junos OS releases, we provided support only for RSVP-TE and IR provider tunnels.
[See sender-based-rpf and hot-root-standby.]
3
• New transport class-based architecture to facilitate service mapping over colored tunnels (ACX Series, PTX Series, MX Series)—S r n in Junos OS Release 21.1R1, you can classify colored transport tunnels (RSVP, IS-IS fl x b algorithm) in your network into transport classes and map service routes over an intended transport class. You can also extend the transport tunnels to span across m domains (ASs or IGP areas) by using the new BGP transport address family called BGP Classful Transport (BGP CT).
This feature lays the |
n |
n for network slicing and allows the |
r n |
domains to interoperate |
||||||||
rr s |
c |
v |
of the transport signaling protocols used in each domain. |
|
|
|
||||||
[See |
|
s |
www |
n |
r n |
c m n |
n |
s n s ftw r |
n s m |
s |
cs |
c m m s |
r |
c |
n |
n r n |
c n |
r |
n m |
|
vxq 2 b.] |
|
|
|
|
• Packet-based ECMP support for Express Path (SRX5400, SRX5600, and SRX5800)—In earlier |
||||||||||||
releases, Express Path supported only session-based ECMP |
r c S r |
n |
in Junos OS Release |
|||||||||
21.1R1, Express Path also supports packet-based ECMP r |
c from |
r n network processors of |
||||||||||
the SRX Series device. In the packet-based ECMP mode, the SPU creates m |
|
network processor |
||||||||||
sessions on m |
network processors at a |
m This feature is enabled by default. |
||||||||||
[See Express Path.]
• Support for BGP unnumbered neighbor (MX Series, PTX1000, PTX10008, QFX5120-32C, QFX5200,
QFX5210, and QFX10008) —S |
r n |
in Junos OS Release 21.1R1, we support the BGP unnumbered |
||||||||
neighbor feature using the IPv6 Neighbor Discovery Protocol (NDP). This feature allows BGP to |
||||||||||
|
m c |
y create peer neighbor sessions using link local IPv6 addresses of directly connected |
||||||||
neighbor routers using IPv6 NDP. |
|
|
|
|
||||||
• Support for BGP MVPN (Junos fusion for provider edge)—S |
r n in Junos OS Release 21.1R1, Junos |
|||||||||
fusion for provider edge supports BGP m |
c s VPN (MVPN). BGP MVPN is a method for |
|||||||||
|
m m n |
n |
m |
r |
c m |
c s |
services over a BGP MPLS Layer 3 VPN. Junos fusion for |
|||
provider edge supports the c nn c |
n of a BGP-based MVPN customer edge (CE) device on the |
|||||||||
extended ports of the satellite device in Junos fusion for provider edge. |
|
|||||||||
[See Junos Fusion Provider Edge Supported Protocols.] |
|
|
||||||||
• Support for c |
n |
r n |
m |
independent IGP instances of IS-IS (ACX Series, MX Series, and PTX |
||||||
Series)—S |
r |
n |
in Junos OS Release 21.1R1, you can c n |
r and run m |
independent IGP |
|||||
instances of IS-IS simultaneously on a router. |
|
|
||||||||
|
|
|
|
|||||||
|
NOTE: Junos OS does not support c n |
r n the same logical interface in m |
IGP |
|||||||
|
instances of IS-IS. |
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
[See How to C n r M |
Independent IGP Instances of IS-IS.] |
4
• Support for displaying the |
m s |
m in syslog (MX Series routers with MS-MPC, MS-MIC, and MX- |
||||||||||||||||||
SPC3)—S r |
n in Junos OS Release 21.1R1, you can enable system log (syslog) |
m s |
m |
s in local |
||||||||||||||||
system |
m s m |
format or UTC format. |
|
|
|
|
|
|
|
|
|
|
|
|||||||
On routers with MS-MPC, you can override the default UTC |
m s |
m |
to local system m s |
m |
||||||||||||||||
format by c |
n |
r n the new statement, sys |
c |
sys |
m |
m s |
m , at the edit interfaces ms- |
|||||||||||||
interface\ams-interfaces |
rv c |
s |
ns hierarchy level. |
|
|
|
|
|
|
|
|
|
||||||||
On routers with MX-SPC3 cards, you can override the default local system |
m s m |
in syslog to |
||||||||||||||||||
UTC format by c |
n |
r n |
the |
|
x s n |
statement, c |
m s |
m , at the edit interfaces vms- |
|
|||||||||||
interface\ams-interfaces |
rv c |
s |
ns hierarchy level or at the [edit services service-set- |
|
||||||||||||||||
namesyslog hierarchy level. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||
For the routers with MX-SPC3 cards, s |
r n in Release 21.1R1 you can c |
n |
r the |
c |
|
|
||||||||||||||
|
m s |
m statement at the edit interfaces vms-interface\ams-interfaces |
rv c s |
ns hierarchy |
||||||||||||||||
level. In earlier releases, we support this statement at the [edit services service-set-namesyslog |
||||||||||||||||||||
hierarchy level. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
[See syslog (Services Service Set).] |
|
|
|
|
|
|
|
|
|
|
|
|
||||||||
• Support for EVPN-MPLS (Junos fusion for provider edge)—S |
|
r n |
in Junos OS Release 21.1R1, |
|||||||||||||||||
Junos fusion for provider edge supports EVPN-MPLS. EVPN-MPLS is a s |
n that extends Layer 2 |
|||||||||||||||||||
VPN services over an MPLS network. Junos fusion for provider edge supports the c nn c |
n of a |
|||||||||||||||||||
customer edge (CE) device on the extended port of the satellite device in an EVPN-MPLS network. |
||||||||||||||||||||
[See Junos Fusion Provider Edge Supported Protocols.] |
|
|
|
|
|
|
|
|
|
|
||||||||||
• Support for m cr s |
m n |
n on VLANs and VXLANs (QFX5110 and QFX5120)—S |
r n |
in Junos |
||||||||||||||||
OS Release 21.1R1, you can c |
n |
r egress |
rs with Layer 2 and Layer 3 match c |
n |
ns in |
|||||||||||||||
both VLAN and VXLAN deployments. Junos OS already supports |
r n in Layer 2 match |
|
|
|||||||||||||||||
c |
n |
ns in the ingress |
r c |
|
n |
|
|
|
|
|
|
|
|
|
|
|
|
|||
To use egress |
rs for m cr s |
|
m n |
n in a VXLAN, enable the |
|
c |
r w |
|
m z |
|
n |
|||||||||
statement at the [edit chassis] level of the hierarchy and create the |
r w |
rules with the match |
||||||||||||||||||
c |
n |
ns that you want to |
r on. For egress |
r n |
on VLANs, you don't need to enable |
c |
||||||||||||||
|
r w |
|
m z n. Both the QFX5110 and QFX5120 support egress |
r n for VLANs and |
||||||||||||||||
VXLANs, with the following match c n |
ns |
|
|
|
|
|
|
|
|
|
|
|
||||||||
• ip-source-address |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||
• |
|
s n |
n |
|
r ss |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
• |
s |
n |
n |
r |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
• |
s |
n |
n m c |
r ss |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
• |
user-vlan-id |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
5
•ip-protocol
•source-mac-address
Valid c |
ns for these rules are accept, count, and discard. |
|
|
|||
[See Overview of Firewall Filters (QFX Series) and Understanding Firewall Filter Match C n |
ns.] |
|||||
• Support for fl x b algorithm in OSPFv2 for segment r |
n |
r c engineering (ACX Series, MX |
||||
Series, and PTX Series)—S |
r n in Junos OS Release 21.1R1, you can thin-slice a network by |
|||||
n n |
fl x b algorithms that compute paths using |
r n parameters and link constraints based |
||||
on your requirements. For example, you can |
n a fl x b |
algorithm that computes a path to |
||||
minimize IGP metric and |
n another fl x b |
algorithm to compute a path based on r |
c |
|||
engineering metric to divide the network into separate planes. This feature allows networks without
a controller to c n |
r r c engineering and |
z |
segment r |
n capability of a device. |
|||
To |
n a fl x b |
algorithm, include the fl x |
r |
m statement at the [edit r |
n |
ns |
|
hierarchy level. |
|
|
|
|
|
|
|
To c n |
r a device to |
r c |
the [edit protocols ospf s |
rc |
|
|
in a fl |
x b |
algorithm, include the fl x |
r m statement at |
c |
r |
n |
hierarchy level. |
|
[See How to C n r Flexible Algorithms in OSPF for Segment R |
n |
r c Engineering.] |
||||
• Support for interprovider and carrier-of-carrier VPNs (Junos fusion for provider edge)—S |
r n in |
|||||
Junos OS Release 21.1R1, Junos fusion for provider edge supports Interprovider and Carrier-of- |
||||||
Carrier VPNs. The Carrier-of-Carrier VPN service describes a hierarchical VPN (also known as a |
||||||
recursive VPN) model where one carrier (VPN service customer) transports its VPN |
r |
c inside |
||||
another carrier’s VPN (VPN service provider). Junos fusion for provider edge currently supports |
||||||
provider edge (PE) routers for VPN service customers. In Junos OS Release 21.1R1, we introduce |
||||||
support for PE routers for VPN service providers along with VPN service customers. |
|
|
||||
Interprovider VPNs provide c nn c v y between |
r n service providers that are using separate |
|||||
autonomous systems (ASs) or one service provider that is using |
r n |
ASs for |
r n |
geographic |
||
c |
ns For Interprovider VPNs, Junos fusion for provider edge supports only intra-AS c nn c n |
|||||
on an AS boundary router (ASBR) to the extended port. |
|
|
|
|
||
[See Junos Fusion Provider Edge Supported Protocols.]
• Support for PWHT (over EVPN-VPWS, on a transport logical interface) with subscriber management
(BNG) service logical interfaces (MX Series routers)—S r n |
in Junos OS Release 21.1R1, you can |
||
deploy broadband network gateways (BNGs) that are connected to |
r |
n networks running |
|
EVPN-VPWS. You c n r pseudowire headend rm n |
n (PWHT) on a transport logical |
||
interface that is on the pseudowire subscriber interface. The BNG pops the EVPN and VPWS headers and terminates subscribers at Layer 2.
This feature includes support for:
6
•All broadband features available on PWHT on MX Series routers
•Single-homed EVPN-VPWS with the pseudowire subscriber interface anchored to a logical tunnel (LT) interface
•Choice of whether or not to use a control word
• Support for Snort IPS signatures (SRX Series and NFX Series)—S |
r n |
in Junos OS Release 21.1R1, |
||||
Juniper Networks IDP supports Snort IPS signatures. IDP secures your network by using signatures |
||||||
that help to detect |
c s Snort is an open-source intrusion r v |
n |
n system (IPS). You can |
|
||
convert the Snort IPS rules into Juniper IDP custom |
c |
signatures using the Juniper n r |
n of |
|||
Snort Tool (JIST). These rules help detect malicious |
c |
s |
|
|
|
|
• JIST is included in Junos OS by default. The tool supports Snort version 2 and version 3 rules.
• JIST converts the Snort rules with snort-ids into equivalent custom |
c signatures on Junos OS |
|
with r s c v snort-ids as the custom |
c names. |
|
•When you run the request command with Snort IPS rules, JIST generates set commands equivalent to the Snort IPS rules. Use the request security idp jist-conversion command to generate the set commands as CLI output. To load the set commands, use the load set terminal
|
statement or copy and paste the commands in the c n r |
n mode, and then commit. You can |
|||
|
then c |
n r the x s |
n IDP policy with the converted custom |
c signatures. |
|
• |
All the Snort IPS rule |
s that didn’t get converted are wr |
n to /tmp/jist-failed.rules. The error |
||
|
log |
s generated during the conversion are wr n to /tmp/jist-error.log. |
|||
• |
To view the jist-package version, use the show security idp jist-package-version command. |
||||
[See Understanding Snort IPS Signatures, request security idp jist-conversion , and show security idp jist-package-version .]
• Support for strict SPF and IGP shortcut (ACX710, MX960, MX10008, MX2020, PTX5000, and
PTX1000)—S r |
n |
in Junos OS Release 21.1R1, you can c n |
r segment r |
n algorithm 1 |
|||||
(strict SPF) and |
v r |
s |
its SIDs in IS-IS link-state PDU (LSPDU) and use these SIDs to create SR-TE |
||||||
tunnels to forward the |
r |
c by using the shortest IGP path to reach the tunnel endpoint while |
|||||||
avoiding loops. You can also specify a set of |
r x s in the import policy, based on which the tunnel |
||||||||
can redirect the |
r |
c to a certain s n |
n You can use algorithm 1 (strict SPF) along with |
|
|||||
algorithm 0 (default SPF) by default when Source Packet R |
n in Networking (SPRING) is enabled. |
||||||||
[See How to Enable Strict SPF SIDs and IGP Shortcut, r x s |
m n , and s rc |
c |
r |
n .] |
|||||
• Support for VRRP (PTX1000, PTX10002, PTX10008, and PTX10016)—S r n in Junos OS Release 21.1R1, PTX1000, PTX10002, PTX10008, and PTX10016 routers support VRRP. However, these routers do not support the following VRRP features:
• VRRP on IRB
7
•Dual tagging
•GRES
•VRRP on logical tunnel (LT) interfaces
•Layer 2 VRRP
[See Understanding VRRP.] |
|
• Policy-based threat r n |
(SRX Series devices and vSRX)—S r n in Junos OS Release 21.1R1, |
you can add the user source |
n y (username) to a security policy to generate security feeds. |
Juniper ATP Cloud service consolidates the generated feeds from SRX Series device and shares the duplicated results back with that security device. The security device uses the feeds to perform
|
c |
ns against the designated r c You can enable the security device to use the feeds by |
||
c |
n |
r n |
security policies with the feeds as matching criteria. When r c matches policy |
|
c |
n |
ns the device applies policy c ns |
||
[See Threat |
r |
n Support in Security Policy.] |
||
Junos OS Release Notes for ACX Series
IN THIS SECTION |
|
||
|
What's New | |
8 |
|
|
What's Changed | 11 |
||
|
|||
|
Known |
m |
ns | 14 |
|
|||
|
Open Issues | 15 |
||
|
|||
|
Resolved Issues | 16 |
||
|
|||
|
c m n |
n Updates | 19 |
|
|
|||
|
M r |
n Upgrade, and Downgrade ns r c ns | 19 |
|
|
|||
|
|
|
|
These release notes accompany Junos OS Release 21.1R1 for the ACX Series. They describe new and changed features, m ns and known and resolved problems in the hardware and s ftw r
You can also |
n |
these release notes on the Juniper Networks Junos OS |
c |
m n |
n webpage, |
||
located at |
s |
www n r n |
c m n |
n r c n S n s |
s. |
|
|
8
What's New
IN THIS SECTION
What's New in 21.1R1 | 8
Learn about new features introduced in the Junos OS main and maintenance releases for ACX Series routers.
What's New in 21.1R1
IN THIS SECTION
EVPN | 8
MPLS | 9
Network Management and Monitoring | 10
R n Protocols | 10
Segment R n | 11
Learn about new features or enhancements to x s |
n features in this release for the ACX Series. |
||||
EVPN |
|
|
|
|
|
• |
Support for EVPN E-Tree service (ACX5448)—S |
r n |
with Junos OS Release 21.1R1, you can |
||
|
c n r an EVPN Ethernet Tree (E-Tree) service on ACX5448 routers. |
||||
|
[See EVPN-ETREE Overview.] |
|
|
|
|
• |
Support for inter-DC c nn c v |
y over a Layer 3 network (ACX5448)—S r n with Junos OS |
|||
|
Release 21.1R1, you can c |
n |
r the ACX5448 router to support IRB interfaces in an EVPN-MPLS |
||
|
network. This feature supports EVPN Type 2 (MAC/IP |
v r s m n ) and EVPN Type 5 (IP r x) |
|||
|
routes. |
|
|
|
|
|
[See EVPN with IRB S |
n Overview.] |
|
|
|
9
• Support for s n |
c v |
m |
m n |
redundancy in EVPN-VPWS with fl x b |
cross-connect |
|||||||||||
support (ACX5448)—S |
r n |
with Junos OS Release 21.1R1, you can c |
n |
r the interfaces on the |
||||||||||||
ACX5448 router in an Ethernet VPN–virtual private wire service (EVPN-VPWS) network with |
||||||||||||||||
fl x b |
cross-connect (FXC) or legacy cross-connect (non-FXC) service to support s n |
c v |
||||||||||||||
m |
|
m n redundancy for |
r |
c that fl ws from customer edge devices to the core. EVPN-VPWS |
||||||||||||
also supports load balancing with equal-cost m |
(ECMP) fast reroutes (FRR) on IGP and over |
|||||||||||||||
BGP m |
s that face the core. |
|
|
|
|
|
|
|
|
|
|
|||||
[See Overview of Flexible Cross-Connect Support on VPWS with EVPN and C n |
r n |
EVPN |
||||||||||||||
c |
v |
S n by M |
m n .] |
|
|
|
|
|
|
|
|
|
|
|
||
• Tunnel endpoint in the PMSI tunnel |
r b |
for EVPN Type 3 routes (ACX5448, EX4600, |
||||||||||||||
EX4650, EX9200, and QFX10002)—S |
r n in Junos OS Release 21.1R1, you can set the tunnel |
|||||||||||||||
endpoint in the provider m |
c s |
service interface (PMSI) tunnel |
|
r b |
|
|
to use the ingress |
|||||||||
router’s secondary loopback address. When you c |
n r m |
|
loopback IP addresses on the |
|||||||||||||
local provider edge (PE) router and the primary router ID is not part of the MPLS network, the |
||||||||||||||||
remote PE router cannot set up a PMSI tunnel route back to the ingress router. |
|
|
|
|||||||||||||
To c |
n |
r the router to use a secondary IP address that is part of the MPLS network, include the |
||||||||||||||
pmsi-tunnel-endpointpmsi-tunnel-endpoint statement at the [edit r |
|
n |
ns |
nc |
s r |
n |
||||||||||
ns |
nc |
n m |
protocols evpn] hierarchy level for both EVPN and virtual-switch instance types. |
|||||||||||||
[See EVPN.] |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
• Aliasing for |
c v m |
|
m n with EVPN-MPLS (ACX5448)—S |
r |
n in Junos OS Release |
|||||||||||
21.1R1, ACX5448 routers support aliasing for EVPN-MPLS |
c |
v |
m |
|
m n with ELAN |
|||||||||||
services. Aliasing enables remote provider edge (PE) devices to load balance Layer 2 |
r |
c toward a |
||||||||||||||
m |
|
m customer edge (CE) device among the PEs that have the same EVPN segment ID (ESI) |
||||||||||||||
for that CE device. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
You enable aliasing when you c n |
r |
the load-balance per-packet r |
n |
policy statement at the |
||||||||||||
[edit |
cy |
ns policy-statement] hierarchy and export the policy statement at the [edit |
||||||||||||||
r |
n |
ns forwarding-table] hierarchy. This feature is supported in r |
n |
instances of type |
||||||||||||
evpn with VLAN-based and VLAN bundle services. |
|
|
|
|
|
|
|
|
||||||||
[See EVPN M |
m n |
Overview.] |
|
|
|
|
|
|
|
|
|
|
||||
MPLS
• New transport class-based architecture to facilitate service mapping over colored tunnels (ACX Series, PTX Series, MX Series)—S r n in Junos OS Release 21.1R1, you can classify colored transport tunnels (RSVP, IS-IS fl x b algorithm) in your network into transport classes and map service routes over an intended transport class. You can also extend the transport tunnels to span across m domains (ASs or IGP areas) by using the new BGP transport address family called BGP Classful Transport (BGP CT).
10
This feature lays the |
n |
n for network slicing and allows the |
r n domains to interoperate |
||||||||||||||
rr |
s |
c v |
of the transport signaling protocols used in each domain. |
|
|
|
|
|
|||||||||
[See |
s |
www |
n |
r n |
c m n |
n |
s |
n s ftw r |
|
n s m |
s |
cs |
c m m |
s |
|||
r |
c |
n |
n r n |
c n |
r |
n |
m |
vxq 2 b.] |
|
|
|
|
|
|
|
||
Network Management and Monitoring |
|
|
|
|
|
|
|
|
|
|
|||||||
• |
r |
n command RPCs support returning JSON and XML output in m n |
|
format in |
|
||||||||||||
NETCONF sessions (ACX1000, ACX1100, ACX2100, ACX4000, ACX5048, ACX5096, ACX5448, |
|||||||||||||||||
EX2300, EX2500, EX3400, EX4300, EX4400-24P, EX4400-24T, EX4400-48F, EX4400-48P, |
|
||||||||||||||||
EX4400-48T, EX4600, EX4650, EX9200, MX104, MX204, MX240, MX480, MX960, MX2008, |
|
||||||||||||||||
MX2010, MX2020, MX10003, MX10008, MX10016, PTX1000, PTX5000, PTX10001, PTX10002, |
|||||||||||||||||
PTX10008, PTX10016, QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, QFX10002, |
|
||||||||||||||||
QFX10002-60C, QFX10008, QFX10016, SRX550, SRX4100, SRX4200, SRX4600, SRX5400, |
|
||||||||||||||||
SRX5600, SRX5800, vMX, and vSRX)—S |
r n |
in Junos OS Release 21.1R1, |
r |
n |
command |
||||||||||||
RPCs, including the |
|
c n |
r |
n |
RPC, support the |
rm |
s n m n |
|
and |
rm |
xm |
||||||
m n |
|
r b s in NETCONF sessions to return JSON or XML output in m n |
format. M n |
||||||||||||||
format removes any characters that are not required for computer processing—for example, |
|
||||||||||||||||
unnecessary spaces, tabs, and newlines. M n |
|
format decreases the size of the data, and as a |
|
||||||||||||||
result, can reduce transport costs as well as data delivery and processing m |
s |
|
|
|
|||||||||||||
[See Specifying the Output Format for |
r |
n |
n rm |
n Requests in a NETCONF Session.] |
|||||||||||||
Rn Protocols
• |
Support for c |
n |
|
r n |
m |
independent IGP instances of IS-IS (ACX Series, MX Series, and PTX |
|||||||
|
Series)—S r |
n |
in Junos OS Release 21.1R1, you can c |
n |
r and run m |
independent IGP |
|||||||
|
instances of IS-IS simultaneously on a router. |
|
|
|
|
|
|||||||
|
|
|
|
|
|||||||||
|
NOTE: Junos OS does not support c |
n |
r n the same logical interface in m |
IGP |
|||||||||
|
instances of IS-IS. |
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|||||
|
[See How to C |
n |
r |
M |
Independent IGP Instances of IS-IS.] |
|
|
|
|||||
• |
Support for fl |
x b |
algorithms in IS-IS for segment r |
n – r |
c engineering (SR-TE) (ACX Series)— |
||||||||
|
S r n in Junos OS Release 21.1R1, you can thin-slice a network by |
n n |
fl x b |
algorithms that |
|||||||||
|
compute paths using |
r n parameters and link constraints based on your requirements. For |
|||||||||||
|
example, you can |
n |
a fl x b |
algorithm that computes a path to minimize the IGP metric and |
|||||||||
|
another fl x b |
algorithm to compute a path based on the r |
c engineering metric to divide the |
||||||||||
|
network into separate planes. This feature enables networks without a controller to c |
n r r c |
|||||||||||
|
engineering and |
z |
the segment r |
n |
capability of a device. |
|
|
|
|||||
11
To |
n |
a fl x b |
algorithm, include the fl |
x |
r m statement at the [edit r |
n |
ns |
|||
hierarchy level. To c n |
r a device to r |
c |
in a fl |
x b |
algorithm, include the fl x |
r m |
||||
statement at the [edit protocols isis segment r |
n hierarchy level. |
|
|
|||||||
[See Understanding IS-IS Flexible Algorithm for Segment R |
n .] |
|
|
|||||||
Segment R |
n |
|
|
|
|
|
|
|
|
|
• Support for fl x b |
algorithm in OSPFv2 for segment r |
n |
r c engineering (ACX Series, MX |
|||||||
Series, and PTX Series)—S |
r n in Junos OS Release 21.1R1, you can thin-slice a network by |
|||||||||
|
n n |
fl x b algorithms that compute paths using |
r n |
parameters and link constraints based |
||||||
on your requirements. For example, you can |
|
n a fl x b algorithm that computes a path to |
||||||||
minimize IGP metric and |
n another fl x b |
algorithm to compute a path based on r |
c |
|||||||
engineering metric to divide the network into separate planes. This feature allows networks without
a controller to c n |
r r c engineering and |
z |
segment r |
n capability of a device. |
|||
To |
n a fl x b |
algorithm, include the fl x |
r |
m statement at the [edit r |
n |
ns |
|
hierarchy level. |
|
|
|
|
|
|
|
To c n |
r a device to |
r c |
the [edit protocols ospf s |
rc |
|
|
in a fl |
x b |
algorithm, include the fl x |
r m statement at |
c |
r |
n |
hierarchy level. |
|
[See How to C n |
|
r Flexible Algorithms in OSPF for Segment R |
n r |
c Engineering.] |
|
||||||
• Support for strict SPF and IGP shortcut (ACX710, MX960, MX10008, MX2020, PTX5000, and |
|||||||||||
PTX1000)—S r |
n |
in Junos OS Release 21.1R1, you can c n |
r |
segment r |
n |
algorithm 1 |
|||||
(strict SPF) and |
v r |
s |
its SIDs in IS-IS link-state PDU (LSPDU) and use these SIDs to create SR-TE |
||||||||
tunnels to forward the |
r |
c by using the shortest IGP path to reach the tunnel endpoint while |
|||||||||
avoiding loops. You can also specify a set of |
r x s in the import policy, based on which the tunnel |
||||||||||
can redirect the |
r |
c to a certain s n |
n You can use algorithm 1 (strict SPF) along with |
|
|||||||
algorithm 0 (default SPF) by default when Source Packet R |
n in Networking (SPRING) is enabled. |
||||||||||
[See How to Enable Strict SPF SIDs and IGP Shortcut, r x s |
m n , and s |
rc |
c |
r |
n .] |
||||||
What's Changed
IN THIS SECTION
What’s Changed in Release 21.1R1 | 12
12
Learn about what changed in the Junos OS main and maintenance releases for ACX Series routers.
What’s Changed in Release 21.1R1
IN THIS SECTION
General R n | 12
Junos XML API and Scr n | 12
Network Management and Monitoring | 13
User Interface and C n r n | 13
General R |
n |
|
Support for unicast ARP request on table entry x r n—You can c n r |
the device to send a |
|
unicast ARP request instead of the default broadcast request when an ARP table entry is about to |
||
expire. The retry requests are unicast at intervals of 5 seconds. Without this |
n the retry requests |
|
are broadcast at intervals of 800 milliseconds. This behavior reduces ARP overall broadcast r c It also supports the use case where access nodes are c n r not to forward broadcast ARP requests toward customer CPEs for security reasons and to instead translate ARP broadcasts to unicast requests.
To c n rm whether this is c n r you can issue the following command: show c n r |
n system |
arp | grep unicast-mode-on-expire. |
|
[See arp.] |
|
Junos XML API and Scr |
n |
|
|
|
|||
• |
The jcs:invoke() |
nc |
n supports suppression of root login and logout events in system log |
s for |
|||
|
SLAX commit scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)— |
||||||
|
The jcs:invoke() extension |
nc |
n supports the no-login-logout parameter in SLAX commit scripts. |
||||
|
If you include the parameter, the |
nc n does not generate and log UI_LOGIN_EVENT and |
|
||||
|
UI_LOGOUT_EVENT messages when the script logs in as root to execute the s c |
remote |
|
||||
|
procedure call (RPC). If you omit the parameter, the nc n behaves as in earlier Junos OS releases |
||||||
|
in which the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log |
||||||
|
s |
|
|
|
|
|
|
|
[See invoke() F nc |
|
n (SLAX and XSLT).] |
|
|
||
• |
The jcs:invoke() |
nc |
n supports suppression of root login and logout events in system log |
s for |
|||
|
SLAX event scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The |
||||||
13
jcs:invoke() extension nc |
n supports the no-login-logout parameter in SLAX event scripts. If you |
|||||
include the parameter, the |
nc n does not generate and log UI_LOGIN_EVENT and |
|
||||
UI_LOGOUT_EVENT messages when the script logs in as root to execute the s c |
remote |
|||||
procedure call (RPC). If you omit the parameter, the |
nc |
n behaves as in earlier releases in which |
||||
the root UI_LOGIN_EVENT and UI_LOGOUT_EVENT messages are included in system log s |
||||||
[See invoke() F nc |
n (SLAX and XSLT).] |
|
|
|
||
• Python 2.7 |
r c |
n (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, |
||||
and vSRX)—S |
r n |
in Junos OS Release 21.1R1, devices running Junos OS no longer support |
||||
Python 2.7. We've deprecated the corresponding language python statement at the [edit system |
||||||
scripts] hierarchy level. To execute Python scripts, c |
n |
r the language python3 statement at the |
||||
[edit system scripts] hierarchy level to execute the scripts using Python 3. |
|
|||||
[See Understanding Python |
m n Scripts for Devices Running Junos OS.] |
|
||||
Network Management and Monitoring
• Support for specifying the YANG modules to |
v r s |
in the NETCONF c b |
s and supported |
|||||||
schema list (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—You can |
||||||||||
c |
n |
r devices to |
v r s third-party, standard, and Junos OS n v YANG modules in the |
|||||||
c |
b |
s exchange of a NETCONF session by c n |
r n the appropriate statements at the [edit |
|||||||
system services netconf hello-message y n |
m |
c b |
s hierarchy level. In |
n you |
||||||
can specify the YANG schemas that the NETCONF server should include in its list of supported |
||||||||||
schemas by c |
n |
r n |
the appropriate statements at the [edit system services netconf netconf- |
|||||||
monitoring netconf-state-schemas] hierarchy level. |
|
|
|
|
||||||
[See hello-message and netconf-monitoring.] |
|
|
|
|
|
|||||
• Support for |
sc |
nn c |
n unresponsive NETCONF-over-SSH clients (ACX Series, EX Series, MX |
|||||||
Series, NFX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—You can enable devices to m c y disconnect unresponsive NETCONF-over-SSH clients by c n r n the client-alive- interval and client-alive-count-max statements at the [edit system services netconf ssh] hierarchy level. The client-alive-interval statement s c s the m interval in seconds, ft r which, if no data has been received from the client, the device requests a response. The client-alive-count-max
statement s c s the threshold of missed client-alive responses that triggers the device to
disconnect the client, thereby |
rm n n the NETCONF session. |
|
[See ssh (NETCONF).] |
|
|
User Interface and n |
r |
n |
Verbose format n to export JSON c n r n data (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—The Junos OS CLI exposes the verbose statement at the [edit system
14
export-format json] hierarchy level. We changed the default format to export c n |
r |
n data in |
||||
JSON from verbose to |
s |
r n |
in Junos OS Release 16.1R1. You can explicitly specify the default |
|||
export format for JSON c |
n |
r |
n data by c n |
r n the appropriate statement at the [edit system |
||
export-format json] hierarchy level. Although the verbose statement is exposed in the Junos OS CLI as
of the current release, you can c n |
r this statement s r n in Junos OS Release 16.1R1. |
[See export-format.] |
|
Known L m ns
IN THIS SECTION
General R n | 14
Learn about known m ns in this release for ACX Series routers.
For the most complete and latest n rm online Junos Problem Report Search
n about known Junos OS defects, use the Juniper Networks
cn
General R n
• On the ACX710 router, the PTP Servo status shows holdover during r ns n between virtual port and PTP. PR1510880
•On the ACX710 router, the SyncE to 1PPS transient test results do not meet G.8273.2 SyncE to 1PPS transient metric. PR1522796
•On the ACX710 router, T1 or T4 cTE should be tuned closer to two-way CTE. PR1527347
• |
On the ACX5448 router, there is a two-way |
m error and CTE for 1PPS does not meet the class A |
|
metrics. PR1535434 |
|
• |
On the ACX710 router, changing the PTP r |
type from g.8275.1 to g.8275.2 requires the Packet |
|
Forwarding Engine to reboot and the clksyncd process to restart. As a workaround, you must reboot |
|
|
the Packet Forwarding Engine and restart the clocking process before you change the r |
|
|
PR1546614 |
|
15
•On the ACX710 router, the clock parameters are incorrect in certain scenarios when the Servo is in the FREERUN state. PR1548192
•The ACX5448 router as TWAMP server delays the start session acknowledgment by 10 seconds. PR1556829
•On the ACX5048 router, the ISSU upgrade fails due to the Packet Forwarding Engine restart issue . PR1554915
Open Issues
IN THIS SECTION
General R n | 15
Learn about open issues in this release for ACX Series routers.
For the most complete and latest n rm |
|
n about known Junos OS defects, use the Juniper Networks |
online Junos Problem Report Search |
c |
n |
General R |
n |
|
• |
On the ACX5448 router, latency is observed for the host-generated ICMP r c PR1380145 |
|
• |
Tx power cannot be c n r using the + sign. PR1383980 |
|
•The vpls-oam sessions are detected with error (RDI sent by some MEP) ft r changing VLANs. PR1478346
• |
In ZTP DHCP, |
n012 or |
n host-name does not work as expected. PR1503958 |
• |
On the ACX710 router, an alarm is not raised when b n the system using the recovery snapshot. |
||
|
PR1517221 |
|
|
16
• Even though enhanced-ip is c v the following alarm is observed during ISSU:
RE0 network-service mode mismatch between configuration and kernel setting.
PR1546002
•In the Layer 3 VPN scenario, the CE device r c drops on ingress PE device while resolving using default route in VRF. PR1551063
•On the ACX5448 router, you cannot downgrade to Junos OS Release 18.4 code-base. PR1556377
• On the ACX5048 routers, entry for MAC address from which no r c is seen for MAC age m r does not age out if there is c v r c s n for this MAC address. PR1565642
•On the ACX5448 routers, the untagged r c is being incorrectly queued and marked. PR1570899
•On the ACX5448 routers, single rate three color policer does not work. PR1559665
•On the ACX500 routers, service MIC does not work. PR1569103
•Packets might get tagged with the default VLAN-ID and dropped at the peer under Layer 2 circuits local switching scenario. PR1574623
Resolved Issues
IN THIS SECTION
Resolved Issues: 21.1R1 | 17
Learn which issues were resolved in the Junos OS main and maintenance releases for ACX Series routers.
For the most complete and latest n rm |
|
n about known Junos OS defects, use the Juniper Networks |
online Junos Problem Report Search |
c |
n |
17
Resolved Issues: 21.1R1
IN THIS SECTION
Forwarding and Sampling | 17
General R n | 17
Layer 2 Features | 19
Forwarding and Sampling
• VLAN-ID-based r w match c n ns might not work for the VPLS service. PR1542092
General R |
n |
|
• |
Memory |
z n enhancement is needed. PR1481151 |
• |
The ACX1100, ACX2100, ACX2200, ACX2000, and ACX4000 routers might stop forwarding transit |
|
|
and control |
r c PR1508534 |
•On the ACX5448 routers, transit DHCP packets drop are observed. PR1517420
•On the ACX500-I router, the show services session count command does not work as expected. PR1520305
•PTP to 1PPS noise transfer test fails for frequency 1.985 Hz. PR1522666
• |
Interface does not come up with the |
n |
n s n between the ACX1100 router and the |
||
|
other ACX Series routers, MX Series routers, and QFX Series switches as the other end. PR1523418 |
||||
• On the ACX710 routers, PIR or CIR Hqos behaviour is inconsistent. PR1525789 |
|||||
• |
With the ACX5448 router with 1000 CFM, the CCM state does not go in the Ok state ft r loading |
||||
|
the c n r |
n or r s |
r n the Packet Forwarding Engine. PR1526626 |
||
• |
The l2cpd process might leak memory with the aggregated Ethernet interface fl PR1527853 |
||||
• |
The FEC |
is not displayed when the interface is down. PR1530755 |
|||
• |
Unable to switch r |
between G.8275.1 and G.8275.2. PR1533263 |
|||
•Upon classifying the Layer 3 packets, DSCP is not preserved and is lost at the egress due to the m ns of a chipset. PR1535876
18
• |
The clksyncd process generates core |
on Junos OS Release 20.3R1.3 image. PR1537107 |
||||
• |
The rpd process generates a core |
at l2ckt_vc_adv_recv, 2c |
v r fl s |
(taskptr=0x4363b80, |
||
|
r 0x441 100 rtl=< |
m z out>, data=< |
m z out>, opcode=< |
m z out>) |
||
at ../../../../../../../../../src/junos/usr.sbin/rpd/l2vpn/l2ckt.c:7982. PR1537546
•Management Ethernet link down alarm is seen while verifying the system alarms in a Virtual Chassis setup. PR1538674
•On the ACX5448 router, the BGPV6LU r c drop is observed when the node is deployed in ingress. PR1538819
•On the ACX5448 router, unexpected behavior of the show chassis network-services command is observed. PR1538869
• The following error message is observed while |
n the remote stream 0 0 0 0 0 0 along with feb |
|
core |
at 0x00ae6484 in bcmdnx_queue_assert (queue=0xc599b60) at ../../../../../src/pfe/ |
|
common/drivers/bcmdnx/bcmdnx_sdk_ukern_layer.c:
Err] clksync_mimic_delete_clock_entry Unexpected error.
PR1539953
•The announcement or sync r n z n interval rate range is not as expected. PR1542516
•Sync r n z n Ethernet goes in the Holdover state and comes back to the Locked state when the
|
PTP c n |
r |
n is deleted. PR1546681 |
|
|
• |
The ACX5448 router as transit for the BGP labeled unicast drops |
r |
c PR1547713 |
||
• IP addresses other than IPv4 and IPv6 must not be forwarded. PR1550748 |
|||||
• |
M c s |
r |
c is stopped when HQoS with m c s c n r |
ns is applied. PR1551248 |
|
• |
Verifying m |
PD sync r n z ns with relay deletes and adds c |
n r ns PR1554647 |
||
• |
The ARP packets from the CE device are added with VLAN tag if the VLAN-ID is c n r in the |
||||
|
EVPN r |
n |
instance. PR1555679 |
|
|
•On the ACX710 router, the T-BC-P switch-over performance fails beyond the standard mask and servo moves to m Holdover-in state, Acquiring state, and Holdover-out state. PR1556087
•On the ACX5448 router, you cannot downgrade to Junos OS Release 18.4 code-base. PR1556377
•On the ACX5448 router, the unicast packets from the CE devices might be forwarded by the PE
devices with an |
n VLAN tag if IRB is used. PR1559084 |
Loading...