Junos OS 20.4R1 User Manual

Download

Release

Published

2021-03-04

Notes

Junos®OS 20.4R1 Release Notes

SUPPORTED ON

ACX Series, cRPD, cSRX, EX Series, JRR Series, Juniper Secure Connect, Junos Fusion

•

Enterprise, Junos Fusion Provider Edge, MX Series, NFX Series, PTX Series, QFX Series, SRX Series, vMX, vRR, and vSRX

SOFTWARE HIGHLIGHTS

Support for mobility on Junos Multi-Access User Plane (MX204, MX240, MX480, MX960,

•

MX10003)

Static VXLAN at VLAN or bridge domain level (MX5, MX10, MX40, MX80, MX150, MX240,

•

MX480, MX960, MX2008, MX2010, MX2020, MX10003, MX10008, MX10016 routers and QFX5120-32C, QFX5120-48T, and QFX5120-48Y switches)

Support for cRPD in SONiC (PTX10008)

•

Phone-home client (EX4300-48MP Virtual Chassis)

•

RADIUS attributes for dynamic VLAN assignment on colorless ports (EX2300, EX2300-MP,

•

EX3400, EX4300, and EX4300-MP)

ZTP with DHCPv6 client support (EX3400, EX4300, PTX1000, PTX5000, PTX10002-60C,

•

PTX10008, QFX5100, QFX5200, QFX10002, and QFX10002-60C)

Support for express segments to establish end-to-end segment routing path (MX Series

•

and PTX Series)

MAC VRF with EVPN-VXLAN (MX Series and vMX routers; QFX5100, QFX5110, QFX5120,

•

QFX5200, QFX10002, QFX10008, and QFX10016 switches)

Support for tunneling applications in unified policies (NFX Series and SRX Series)

•

Support for unidirectional session refreshing (SRX Series)

•

Support for captive portal on Wi-Fi Mini-Physical Interface Module (SRX320, SRX340,

•

SRX345, SRX380, and SRX550HM)

Support for Annex J and G.Fast with specialized SFP (SRX380, SRX300, SRX320, SRX340,

•

and SRX345)

Security policy support for security inspection on VXLAN tunnels (SRX4100, SRX4200,

•

SRX4600, and vSRX)

AWS Key Management Service (KMS) Integration support (vSRX 3.0)

•

IN FOCUS GUIDE

Use this new guide to quickly learn about the most important Junos OS features and how

•

you can deploy them in your network.

Day One+

Use this new setup tool to get your Junos OS up and running in three quick steps.

•

Release Notes: Junos®OS Release 20.4R1 for

the ACX Series, cRPD, cSRX, EX Series, JRR

Series, Juniper Secure Connect, Junos Fusion,

MX Series, NFX Series, PTX Series, QFX Series,

SRX Series, vMX, vRR, and vSRX

4 March 2021

Introduction | 15

Junos OS Release Notes for ACX Series | 15

What's New | 16

Hardware | 17

High Availability (HA) and Resiliency | 20

Junos Telemetry Interface | 20

Routing Protocols | 21

Timing and Synchronization | 21

What's Changed | 22

General Routing | 22

MPLS | 23

Network Management and Monitoring | 23

Routing Protocols | 23

User Interface and Configuration | 23

Known Limitations | 24

General Routing | 24

Timing and Synchronization | 24

Open Issues | 26

Class of Service (CoS) | 26

General Routing | 26

Platform and Infrastructure | 27

VPNs | 27

Resolved Issues | 28

Forwarding and Sampling | 28

General Routing | 28

Interfaces and Chassis | 31

Layer 2 Features | 31

Routing Protocols | 31

Documentation Updates | 31

Migration, Upgrade, and Downgrade Instructions | 32

Upgrade and Downgrade Support Policy for Junos OS Releases | 32

Junos OS Release Notes for cRPD | 33

What’s New | 33

Platform and Infrastructure | 34

What's Changed | 34

Junos Telemetry Interface | 35

Known Limitations | 35

Open Issues | 35

Resolved Issues | 35

Routing Policy and Firewall Filters | 36

Junos OS Release Notes for cSRX | 36

What’s New | 36

What's Changed | 36

Platform and Infrastructure | 37

Known Limitations | 37

Open Issues | 38

Resolved Issues | 38

Junos OS Release Notes for EX Series | 38

What's New | 39

Authentication, Authrorization, and Accounting | 39

EVPN | 39

Interfaces and Chassis | 42

Junos OS XML, API, and Scripting | 42

Network Management and Monitoring | 43

Routing Protocols | 43

Software Installation and Upgrade | 44

Subscriber Management and Services | 45

What's Changed | 45

MPLS | 47

Network Management and Monitoring | 47

Platform and Infrastructure | 47

User Interface and Configuration | 47

Known Limitations | 48

EVPN | 48

Platform and Infrastructure | 48

Open Issues | 49

Infrastructure | 50

Juniper Extension Toolkit (JET) | 50

Platform and Infrastructure | 50

Routing Policy and Firewall Filters | 51

Routing Protocols | 51

User Interface and Configuration | 52

Resolved Issues | 52

Authentication and Access Control | 53

EVPN | 53

Infrastructure | 53

Layer 2 Features | 53

Network Management and Monitoring | 53

Platform and Infrastructure | 53

Routing Protocols | 54

User Interface and Configuration | 55

Virtual Chassis | 55

Documentation Updates | 55

Migration, Upgrade, and Downgrade Instructions | 56

Upgrade and Downgrade Support Policy for Junos OS Releases | 56

Junos OS Release Notes for JRR Series | 57

What's New | 57

Routing Protocols | 58

What's Changed | 58

Known Limitations | 59

Routing Protocols | 59

Open Issues | 60

Resolved Issues | 60

Resolved Issues: 20.4R1 Release | 60

Documentation Updates | 61

Migration, Upgrade, and Downgrade Instructions | 61

Upgrade and Downgrade Support Policy for Junos OS Releases | 62

Junos OS Release Notes for Juniper Secure Connect | 63

What’s New | 63

What's Changed | 63

Known Limitations | 63

Open Issues | 64

Juniper Secure Connect Client | 64

Resolved Issues | 64

Junos OS Release Notes for Junos Fusion for Enterprise | 64

What’s New | 65

What's Changed | 65

Known Limitations | 66

Open Issues | 66

Resolved Issues | 67

Resolved Issues: Release 20.4R1 | 67

Documentation Updates | 68

Migration, Upgrade, and Downgrade Instructions | 68

Basic Procedure for Upgrading Junos OS on an Aggregation Device | 68

Upgrading an Aggregation Device with Redundant Routing Engines | 70

Preparing the Switch for Satellite Device Conversion | 71

Converting a Satellite Device to a Standalone Switch | 72

Upgrade and Downgrade Support Policy for Junos OS Releases | 72

Downgrading Junos OS | 73

Junos OS Release Notes for Junos Fusion for Provider Edge | 74

What's New | 74

Hardware | 75

What's Changed | 75

Known Limitations | 76

Open Issues | 76

Resolved Issues | 77

Documentation Updates | 77

Migration, Upgrade, and Downgrade Instructions | 78

Basic Procedure for Upgrading an Aggregation Device | 78

Upgrading an Aggregation Device with Redundant Routing Engines | 81

Preparing the Switch for Satellite Device Conversion | 81

Converting a Satellite Device to a Standalone Device | 83

Upgrading an Aggregation Device | 85

Upgrade and Downgrade Support Policy for Junos OS Releases | 85

Downgrading from Junos OS Release 20.1 | 86

Junos OS Release Notes for MX Series | 86

What's New | 87

Hardware | 88

EVPN | 90

High Availability (HA) and Resiliency | 91

Interfaces and Chassis | 92

Juniper Extension Toolkit (JET) | 92

Junos OS, XML, API, and Scripting | 93

Junos Telemetry Interface | 93

MPLS | 95

Network Management and Monitoring | 96

Routing Policy and Firewall Filters | 97

Routing Protocols | 97

Services Applications | 99

Software Defined Networking | 99

Software Installation and Upgrade | 101

Software Licensing | 101

Subscriber Management and Services | 101

System Management | 102

System Logging | 103

What's Changed | 103

Class of Service (CoS) | 105

EVPN | 105

General Routing | 105

Interfaces and Chassis | 106

Infrastructure | 107

J-Web | 107

MPLS | 108

Network Management and Monitoring | 108

User Interface and Configuration | 108

Known Limitations | 109

General Routing | 109

Interfaces and Chassis | 109

MPLS | 110

Network Management and Monitoring | 110

Open Issues | 110

Class of Service (CoS) | 111

EVPN | 111

Forwarding and Sampling | 111

General Routing | 111

Infrastructure | 114

Interfaces and Chassis | 114

Juniper Extension Toolkit (JET) | 114

Layer 2 Ethernet Services | 114

MPLS | 114

Platform and Infrastructure | 115

Routing Policy and Firewall Filters | 115

Routing Protocols | 115

User Interface and Configuration | 116

VPNs | 116

Resolved Issues | 117

EVPN | 118

Forwarding and Sampling | 118

General Routing | 119

Infrastructure | 125

Interfaces and Chassis | 125

Intrusion Detection and Prevention (IDP) | 126

Juniper Extension Toolkit (JET) | 126

J-Web | 126

Layer 2 Ethernet Services | 126

Layer 2 Features | 127

MPLS | 127

Network Address Translation (NAT) | 128

Network Management and Monitoring | 128

Platform and Infrastructure | 128

Routing Policy and Firewall Filters | 129

Routing Protocols | 129

Services Applications | 131

Subscriber Access Management | 131

User Interface and Configuration | 131

VPNs | 131

Documentation Updates | 132

Migration, Upgrade, and Downgrade Instructions | 132

Basic Procedure for Upgrading to Release 20.4R1 | 133

Procedure to Upgrade to FreeBSD 11.x-Based Junos OS | 133

Procedure to Upgrade to FreeBSD 6.x-Based Junos OS | 136

Upgrade and Downgrade Support Policy for Junos OS Releases | 138

Upgrading a Router with Redundant Routing Engines | 138

Downgrading from Release 20.4R1 | 139

Junos OS Release Notes for NFX Series | 139

What’s New | 140

Application Security | 140

High Availability | 142

Flow-Based and Packet-Based Processing | 142

Logical Systems and Tenant Systems | 142

Routing Protocols | 142

Security | 143

What's Changed | 143

Junos OS XML API and Scripting | 144

Known Limitations | 144

Interfaces | 145

Open Issues | 145

Interfaces | 146

Platform and Infrastructure | 146

Virtual Network Functions (VNFs) | 146

Resolved Issues | 146

High Availability | 147

Interfaces | 147

Platform and Infrastructure | 147

Documentation Updates | 147

Migration, Upgrade, and Downgrade Instructions | 148

Upgrade and Downgrade Support Policy for Junos OS Releases | 148

Basic Procedure for Upgrading to Release 20.4 | 149

Junos OS Release Notes for PTX Series | 150

What's New | 151

Junos OS XML, API, and Scripting | 151

Junos Telemetry Interface | 152

MPLS | 154

Network Management and Monitoring | 155

Routing Policy and Firewall Filters | 155

Routing Protocols | 156

Software Installation and Upgrade | 158

System Logging | 158

What's Changed | 159

Class of Service (CoS) | 159

General Routing | 159

MPLS | 160

Network Management and Monitoring | 160

User Interface and Configuration | 160

Known Limitations | 161

General Routing | 161

Routing Protocols | 161

Open Issues | 162

General Routing | 162

Layer 2 Ethernet Services | 164

MPLS | 164

Platform and Infrastructure | 164

Routing Protocols | 164

Resolved Issues | 165

General Routing | 165

Infrastructure | 166

Interfaces and Chassis | 166

MPLS | 166

Network Management and Monitoring | 166

Routing Protocols | 167

Documentation Updates | 167

Migration, Upgrade, and Downgrade Instructions | 168

Basic Procedure for Upgrading to Release 20.4 | 168

Upgrade and Downgrade Support Policy for Junos OS Releases | 171

Upgrading a Router with Redundant Routing Engines | 171

Junos OS Release Notes for the QFX Series | 172

What's New | 172

Hardware | 173

Class of Service (CoS) | 187

EVPN | 188

Flow-Based and Packet-Based Processing | 191

High Availability (HA) and Resiliency | 194

Interfaces and Chassis | 194

IP Tunneling | 194

Juniper Extension Toolkit | 194

Junos OS XML, API, and Scripting | 195

Junos Telemetry Interface | 195

Network Management and Monitoring | 195

Platform and Infrastructure | 197

Routing Policy and Firewall Filters | 197

Routing Protocols | 198

Software Defined Networking (SDN) | 199

Software Installation and Upgrade | 200

System Management | 201

System Logging | 201

What's Changed | 202

Class of Service (CoS) | 202

General Routing | 202

MPLS | 203

Network Management and Monitoring | 203

User Interface and Configuration | 203

Known Limitations | 204

General Routing | 204

Layer 2 Features | 206

Routing Protocols | 206

Open Issues | 207

EVPN | 208

General Routing | 208

High Availability (HA) and Resiliency | 210

Layer 2 Ethernet Services | 210

Layer 2 Features | 210

Platform and Infrastructure | 210

Routing Policy and Firewall Filters | 211

Routing Protocols | 211

Virtual Chassis | 211

Resolved Issues | 212

Resolved Issues: 20.4R1 Release | 212

Documentation Updates | 216

Migration, Upgrade, and Downgrade Instructions | 217

Upgrading Software on QFX Series Switches | 217

Installing the Software on QFX10002-60C Switches | 220

Installing the Software on QFX10002 Switches | 220

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release

15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches | 221

Installing the Software on QFX10008 and QFX10016 Switches | 223

Performing a Unified ISSU | 227

Preparing the Switch for Software Installation | 228

Upgrading the Software Using Unified ISSU | 228

Upgrade and Downgrade Support Policy for Junos OS Releases | 230

Junos OS Release Notes for SRX Series | 231

What’s New | 232

Application Layer Gateways (ALGs) | 233

Application Security | 233

ATP Cloud | 234

Authentication and Access Control | 235

Chassis Clustering | 235

Flow-Based and Packet-Based Processing | 237

Interfaces and Chassis | 238

Intrusion Detection and Prevention | 239

Juniper Extension Toolkit (JET) | 240

Junos OS XML and API Scripting | 241

J-Web | 241

Layer 2 Features | 243

Logical Systems and Tenant Systems | 243

Multinode High Availability | 243

Network Management and Monitoring | 244

Securing GTP and SCTP Traffic | 245

Security | 246

Unified Threat Management (UTM) | 247

VPNs | 247

What's Changed | 248

Class of Service (CoS) | 249

Flow-Based and Packet-Based Processing | 249

Intrusion Detection and Prevention (IDP) | 250

Interfaces and Chassis | 250

J-Web | 250

Network Address Translation (NAT) | 251

Network Management and Monitoring | 251

Platform and Infrastructure | 251

Securing GTP and SCTP Traffic | 251

User Interface and Configuration | 252

VPNs | 252

Known Limitations | 253

Class of Service (CoS) | 254

Flow-Based and Packet-Based Processing | 254

J-Web | 254

VPNs | 255

Open Issues | 255

Flow-Based Packet-Based Processing | 256

Interfaces and Chassis | 256

J-Web | 256

Protocols | 256

Routing Policy and Firewall Filters | 256

VPNs | 257

Resolved Issues | 257

Application Layer Gateways (ALGs) | 258

Flow-Based and Packet-Based Processing | 258

Interfaces and Chassis | 259

Intrusion Detection and Prevention (IDP) | 259

J-Web | 259

Layer 2 Ethernet Services | 260

Network Address Translation (NAT) | 260

Platform and Infrastructure | 260

Routing Policy and Firewall Filters | 260

Routing Protocols | 261

Subscriber Access Management | 261

Unified Threat Management (UTM) | 261

VPNs | 261

Documentation Updates | 261

Migration, Upgrade, and Downgrade Instructions | 262

Upgrade and Downgrade Support Policy for Junos OS Releases and Extended End-Of-Life

Releases | 262

Junos OS Release Notes for vMX | 263

What’s New | 264

EVPN | 264

Juniper Extension Toolkit (JET) | 264

Junos OS XML ,API, and Scripting | 265

Network Management and Monitoring | 265

Routing Protocols | 266

What's Changed | 266

Licensing | 267

Known Limitations | 267

Open Issues | 267

Resolved Issues | 267

Interfaces and Chassis | 267

Network Management and Monitoring | 268

Licensing | 268

Upgrade Instructions | 268

Junos OS Release Notes for vRR | 269

What’s New | 269

Routing Protocols | 270

What's Changed | 270

Known Limitations | 270

Open Issues | 270

Resolved Issues | 271

Junos OS Release Notes for vSRX | 271

What’s New | 271

ATP Cloud | 272

Flow-Based Packet-Based Processing | 272

High Availability | 273

Juniper Extension Toolkit (JET) | 273

Junos OS XML ,API, and Scripting | 274

Network Management and Monitoring | 274

Platform and Infrastructure | 275

Routing Protocols | 275

VPNs | 275

What's Changed | 275

Platform and Infrastructure | 276

Known Limitations | 276

Open Issues | 276

J-Web | 277

Platform and Infrastructure | 277

Resolved Issues | 277

Application Security | 277

Chassis Clustering | 278

CLI | 278

Flow-Based and Packet-Based Processing | 278

Install and Upgrade | 278

Interfaces and Chassis | 278

Intrusion Detection and Prevention (IDP) | 278

Platform and Infrastructure | 279

Routing Policy and Firewall Filters | 279

User Access and Authentication | 279

VPNs | 279

Migration, Upgrade, and Downgrade Instructions | 279

Upgrading Software Packages | 281

Validating the OVA Image | 286

Upgrading Using ISSU | 286

Licensing | 287

Compliance Advisor | 287

Finding More Information | 287

Documentation Feedback | 288

Requesting Technical Support | 288

Self-Help Online Tools and Resources | 289

Creating a Service Request with JTAC | 289

Revision History | 290

Introduction

Junos OS runs on the following Juniper Networks®products: ACX Series, cRPD, cSRX, EX Series, JRR

Series, Juniper Secure Connect, Junos Fusion Enterprise, Junos Fusion Provider Edge, MX Series, NFX Series, PTX Series, QFX Series, SRX Series, vMX, vRR, and vSRX.

These release notes accompany Junos OS Release 20.4R1 for the ACX Series, Containerized Routing Protocol Process (cRPD), cSRX Container Firewall (cSRX), EX Series, JRR Series, Juniper Secure Connect, Junos Fusion Enterprise, Junos Fusion Provider Edge, MX Series, NFX Series, PTX Series, QFX Series, SRX Series, virtual MX Series router (vMX), Virtual Route Reflector (vRR), and vSRX Virtual Firewall (vSRX). They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

In Focus guide—We have a document called In Focus that provides details on the most important features

•

for the release in one place. We hope this document will quickly get you to the latest information about Junos OS features. Let us know if you find this information useful by sending an e-mail to techpubs-comments@juniper.net.

Important Information:

•

Upgrading Using ISSU on page 286

•

Licensing on page 287

•

Compliance Advisor on page 287

•

Finding More Information on page 287

•

Documentation Feedback on page 288

•

Requesting Technical Support on page 288

•

Junos OS Release Notes for ACX Series

IN THIS SECTION

What's New | 16

What's Changed | 22

Known Limitations | 24

Open Issues | 26

Resolved Issues | 28

Documentation Updates | 31

Migration, Upgrade, and Downgrade Instructions | 32

These release notes accompany Junos OS Release 20.4R1 for the ACX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

IN THIS SECTION

Hardware | 17

High Availability (HA) and Resiliency | 20

Junos Telemetry Interface | 20

Routing Protocols | 21

Timing and Synchronization | 21

This section describes the new features or enhancements to existing features in Junos OS Release 20.4R1 for the ACX Series.

Hardware

We've added the following features to the ACX5448 in Junos OS Release 20.4R1.

•

Table 1: Features Supported by the ACX5448 Routers

DescriptionFeature

Authentication, Authorization and

Accounting

Automation

Class of service (CoS)

Ethernet OAM

Support for 802.1X authentication on Layer 3 interfaces. 802.1X is an

•

IEEE standard for port-based network access control that authenticates

users connected to a LAN port. [See 802.1X Authentication.]

Support for either WAN interfaces or management interfaces to

•

automatically download and install the appropriate software and the

configuration file on your device during the ZTP bootstrap process.

[See Zero Touch Provisioning.]

Support for up to three levels of hierarchical scheduling (physical

•

interfaces, logical interfaces, and queues). Configurable buffer support

is also added. By default, all interfaces on the ACX5448 use port-based

scheduling (eight queues per physical port). To enable hierarchical scheduling, set the hierarchical-scheduler statement at the [edit interfaces interface-name] hierarchy level. [See Hierarchical Class of

Service in ACX Series Routers.]

Support for Ethernet OAM CFM. You can now synchronize

•

local-interface status between two connected devices with remote

interface up/down trigger with OAM CFM. CFM provides end-to-end

signals even if the two devices are not directly connected. [See

Introduction to OAM Connectivity Fault Management (CFM).]

EVPN

Layer 2 features

Layer 3 features

Support for EVPNs and Interfaces. In EVPN-MPLS and MC-LAG

•

environments, the configuration of anycast gateways on ACX5448

routers that are multihomed in all-active mode is supported. [See

Anycast Gateways.]

Support for pseudowire redundancy in MC-LAG. ACX5448 routers

•

support pseudowire redundant Layer 2 circuits in MC-LAG routers.

VPLS is not supported. [See Understanding Pseudowire Redundancy

Mobile Backhaul Scenarios.]

Support for Layer 3 VPN in MC-LAG chassis. ACX5448 routers support

•

Layer 3 VPN in VRRP over IRB interfaces in MC-LAG routers. Layer

3 routing and Layer 3 VPN are not directly supported on the MC-LAG

interfaces. [See Understanding VRRP and Understanding Layer 3

VPNs.]

Table 1: Features Supported by the ACX5448 Routers (continued)

DescriptionFeature

Network Security

Software installation and upgrade

Timing and synchronization

Support for control plane DDoS protection, which is enabled by default

•

on ACX5448 routers for many Layer 2 and Layer 3 protocols. Control

Plane DDoS protection uses firewall filters and policers to discard or

rate-limit control plane traffic at the Routing Engine level, which

prevents malicious traffic from interfering with device operations. You

can disable this feature or change the default policer parameters for

supported protocol groups. [See Control Plane Distributed

Denial-of-Service (DDoS) Protection Overview]

Support for the ACX5448-M-LT, a top-of-rack router that supports

•

only Junos Limited image. The Junos Limited image does not have

data-plane encryption and is intended only for countries in the Eurasian

Customs Union because these countries have import restrictions on

software containing data-plane encryption. Unlike the JunosWorldwide

image, the Junos Limited image supports control plane encryption

through Secure Shell (SSH) and Secure Sockets Layer (SSL), thus

allowing secure management of the system. [See ACX5448 System

Overview.]

Support for Precision Time Protocol (PTP) G.8275.2 enhanced profile

•

with PTP over IPv4 and IPv6 unicast traffic. [See Understanding the

PTP G.8275.2 Enhanced Profile (Telecom Profile).]

Support for SFP-1GE-LH-ET transceivers (ACX1100 and ACX2100)—Starting in Junos OS Release

•

20.4R1, the ACX1100 and ACX2100 Universal Metro Routers support the SFP-1GE-LH-ET transceivers.

[See the Hardware Compatibility Tool (HCT) for details.]

Support for SFP-GE80KT14R15 and SFP-GE80KT15R14 transceivers (ACX5448, ACX5448-D, and

•

ACX5448-M)—Starting in Junos OS Release 20.4R1, the ACX5448, ACX5448-D, and ACX5448-M Universal Metro Routers support the SFP-GE80KT14R15 and SFP-GE80KT15R14 transceivers.

[See the Hardware Compatibility Tool (HCT) for details.]

Support for SFPP-10GE-DWDM-IT transceivers (ACX5448, ACX5448-D, and ACX5448-M)—Starting

•

in Junos OS Release 20.4R1, the ACX5448, ACX5448-D, and ACX5448-M Universal Metro Routers support the SFPP-10GE-DWDM-IT transceivers.

[See the Hardware Compatibility Tool (HCT) for details.]

High Availability (HA) and Resiliency

NSR support for IS-IS with SR (ACX Series, MX Series)—Starting in Junos OS Release 20.4R1, ACX Series

•

devices support NSR for IS-IS with segment routing (SR). To use NSR, you must first enable GRES on your device.

[See Nonstop Active Routing Concepts]

Junos Telemetry Interface

•

JTI support for persistent active gRPC sessions between collector and server during an SSL certificate update (ACX Series, MX Series, and PTX Series)—Junos OS Release 20.4R1 supports persistent active

remote procedure call (gRPC) sessions between the collector (client) and server during an SSL certificate update.

For secure channel authentication, the TLS protocol is used to maintain a secure channel between the collector and the server. TLS uses the server certificate and the client certificate to authenticate each other and send encrypted messages over the network. When an SSL certificate is updated, existing gRPC sessions are abruptly terminated, forcing the collector to initiate a new gRPC connection and subscribe to sensors again.

To avoid this problem, you can enable persistent active gRPC sessions by configuring hot-reloading at the [edit system services extension-service request-response grpc ssl] hierarchy level. After you enable this feature, gRPC sessions will remain active even when authentication certificates are updated.

After the certificate is updated, any new gRPC session will use the updated certificate.

[See gRPC Services for Junos Telemetry Interface and ssl.]

•

Juniper Resiliency Interface for exception reporting and null route detection (ACX Series, PTX Series, and MX Series)—Starting in Junos OS Release 20.4R1, you can use Juniper Resiliency Interface to detect

and reduce Mean Time to Repair (MTTR) first-order network issues. Juniper Resiliency Interface uses a push model for data reporting from the entities in the system which encounter packet drops. This automates the workflow for detecting, reporting, and mitigating adverse exceptions.

To collect kernel routing table and routing protocol process exceptions, configure the set system resiliency exceptions statement at the [edit] hierarchy level to specify exception reporting based on kernel exceptions, and routing exceptions.

You can display exceptions from a remote collector by means of remote procedure call (gRPC) services or gRPC network management interface (gNMI) services. Display on-box exceptions by accessing the /var/log file or the database at /var/db/ResiliencyExceptions.db. No Junos operational mode commands display these exceptions.

Routing Protocols

Support for multiple single-hop EBGP sessions on different links using the same IPv6 link-local address

•

(ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—Starting in Junos OS Release 20.4R1, you are no longer required to have unique peer addresses for Juniper devices for every EBGP session. You can now enable single-hop EBGP sessions on different links over multiple directly connected peers that use the same IPv6 link-local address.

In earlier Junos OS Releases, BGP peers could be configured with link-local addresses, but multiple BGP peers could not be configured to use the same link-local address on different interfaces.

[See Configure Multiple Single-Hop EBGP Sessions on Different Links Using the Same Link-Local Address

(IPv6).]

Timing and Synchronization

Support for PTP G.8275.2 profile (ACX710)—Starting in Junos OS Release 20.4R1, we support the

•

Precision Time Protocol (PTP) G.8275.2 profile with node type T-BC-P (BC).

You can use the [edit protocols ptp profile-type g.8275.2 ] hierarchy level to configure the G.8275.2 profile.

[See Understanding the Time Management Administration Guide and profile-type.]

SEE ALSO

What's Changed | 22

Known Limitations | 24

Open Issues | 26

Resolved Issues | 28

Documentation Updates | 31

Migration, Upgrade, and Downgrade Instructions | 32

What's Changed

IN THIS SECTION

General Routing | 22

MPLS | 23

Network Management and Monitoring | 23

Routing Protocols | 23

User Interface and Configuration | 23

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands in Junos OS Release 20.4R1 for the ACX Series routers.

General Routing

Support for unicast ARP request on table entry expiration—You can configure the device to send a

•

unicast ARP request instead of the default broadcast request when an ARP table entry is about to expire. The retry requests are unicast at intervals of 5 seconds. Without this option, the retry requests are broadcast at intervals of 800 milliseconds. This behavior reduces ARP overall broadcast traffic. It also supports the use case where access nodes are configured not to forward broadcast ARP requests toward customer CPEs for security reasons and instead translate ARP broadcasts to unicast requests. To confirm whether this is configured, you can issue the following command: show configuration system arp | grep unicast-mode-on-expire.

[See arp.]

Support for gigether-options statement (ACX5048, ACX5096)—Junos OS supports the gigether-options

•

statement at the edit interfaces interface-name hierarchy on the ACX5048 and ACX5096 routers. Previously, support for the gigether-statement was deprecated. See gigether-options and

MPLS

The show mpls lsp extensivel and show mpls lsp detail commands display next-hop gateway LSPid —

•

When you use the show mpls lsp extensivel and show mpls lsp detail commands, you'll see next-hop gateway LSPid in the output.

Network Management and Monitoring

Warning changed for configuration statements that correspond to "deviate not-supported" nodes in

•

YANG data models (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—If you configure a statement corresponding to a YANG data model node that defines the deviate not-supported statement, the Junos OS configuration annotates that statement with the comment Warning: statement

ignored: unsupported platform. In earlier releases, the warning is Warning: 'statement' is deprecated.

Routing Protocols

Inet6 is disabled in VT interface (ACX5448)—Starting in this release, the inet6 statement at the edit

•

interfaces vt-interface-number unit unit-number family hierarchy level is disabled.

User Interface and Configuration

Verbose format option to export JSON configuration data (ACX Series, EX Series, MX Series, PTX

•

Series, QFX Series, and SRX Series)—The Junos OS CLI exposes the verbose statement at the edit system export-format json hierarchy level. The default format to export configuration data in JSON changed

from verbose format to ietf format starting in Junos OS Release 16.1R1. You can explicitly specify the default export format for JSON configuration data by configuring the appropriate statement at the edit system export-format json hierarchy level. Although the verbose statement is exposed in the Junos OS CLI as of the current release, you can configure this statement starting in Junos OS Release 16.1R1.

[See export-format.]

SEE ALSO

What's New | 16

Known Limitations | 24

Open Issues | 26

Resolved Issues | 28

Documentation Updates | 31

Migration, Upgrade, and Downgrade Instructions | 32

Known Limitations

IN THIS SECTION

General Routing | 24

Timing and Synchronization | 24

Learn about known limitations in this release for the ACX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

On the ACX710 router, Servo moves to the Holdover-in/Holdover-out/Acq state from the Phase-aligned

•

state with impairment. PR1550367

On the ACX710 router, PTP with Vlan-id-range does not work for specific VLANs. PR1550482

•

On the ACX710 router, the holdover error HOLDOVER OUT OF SPEC does not reset during the Servo

•

state change. PR1556798

Timing and Synchronization

On the ACX5448 router, the two-way time error and CTE for 1 PPS does not meet the class A metrics.

•

PR1535434

On the ACX5448-M router, the 1 PPS CTE does not meet the class A performance in 1-Gigabits interface.

•

PR1542744

On the ACX5448 router, due to BRCM KBP issue route lookup might fail. PR1533557

•

On the ACX5448 router, ping stops working even though the ARP entry is present during continuous

•

script executions. PR1533513

On the ACX710 router, T1 or T4 cTE should be tuned closer to two-way CTE. PR1527347

•

On the ACX710 router, huge offset is observed initially with ACQ and holdover inspec and outspec

•

conditions. PR1534470

On the ACX710 router, the incremental PTP FPGA upgrades do not bundle along with the regular image

•

upgrades. PR1540799

On the ACX710 router, changing the PTP profile type from g.8275.1 to g.8275.2 requires the Packet

•

Forwarding Engine to reboot and the clksyncd process to restart. As a workaround, you must reboot the Packet Forwarding Engine and restart the clocking process before you change the profile. PR1546614

On the ACX710 router, the Servo transition is incorrect after chassis restart. PR1550270

•

On the ACX710 router, the delay-asymmetry compensation update does not work at CLI with the

•

G.8275.2 profile. PR1550441

On the ACX710 router, the PTP Servo status shows holdover during transition between virtual port and

•

PTP. PR1510880

On the ACX710 router, if the client clock candidate is configured with a virtual port, the clock class is

•

on T-BC. PR1520204

On the ACX710 router, the SyncE to 1PPS transient test results do not meet G.8273.2 SyncE to 1PPS

•

transient metric. PR1522796

On the ACX710 router, the clock parameters are incorrect in certain scenarios when the Servo is in the

•

FREERUN state. PR1548192

On the ACX710 router, the PTP Servo takes longer time to lock after the clksyncd process restarts.

•

PR1549952

On the ACX710 router, the show ptp global-information command does not display correct Clock Class

•

or ESMC QL details when the Servo goes to the Holdover-in state. PR1553213

On the ACX710 router, the Servo transition is incorrect during the T-GM switchover scenario. PR1553439

•

SEE ALSO

What's New | 16

What's Changed | 22

Open Issues | 26

Resolved Issues | 28

Documentation Updates | 31

Migration, Upgrade, and Downgrade Instructions | 32

Open Issues

IN THIS SECTION

Class of Service (CoS) | 26

General Routing | 26

Platform and Infrastructure | 27

VPNs | 27

Learn about open issues in this release for the ACX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

Unexpected behavior of Class of Service is observed with the wildcard classifier. PR1559516

•

General Routing

On the ACX5448 router, latency is observed for the host-generated ICMP traffic. PR1380145

•

Tx power cannot be configured using the + sign. PR1383980

•

On the ACX710 router, alarm is not raised when booting the system with recovery snapshot. PR1517221

•

On the ACX5448 router, the BGPV6LU traffic drop is observed when the node is deployed in ingress.

•

PR1538819

On the ACX500-I router, the show services session count does not work as expected. PR1520305

•

The ARP packets from the CE device are added with VLAN tag if the VLAN-ID is configured in the EVPN

•

routing instance. PR1555679

On the ACX710 router, the global configuration of IPv4-dscp naming convention must be corrected as

•

per the stream level dscp, which is more meaningful for both the the IPv6 and IPv4 services. PR1557262

On the ACX5448 router, the unicast packets from the CE devices might be forwarded by the PE devices

•

with additional VLAN tag if IRB is used. PR1559084

On the ACX5048 router, the fxpc process generates core file on the analyzer configuration. PR1559690

•

On the ACX5448 router, the following syslog message is reported every 30 seconds;

•

ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_dyn_entry_counter_get : Entry is invalid. PR1562323

On the ACX5448 router, the transit DHCPv4 and DHCPv6 packets drop in a Layer 2 domain. PR1517420

•

On the ACX5448 router, the ISSU upgrade fails due to the Packet Forwarding Engine restart issue.

•

PR1554915

On the ACX5048 router, all the OAM sessions are not established. PR1561751

•

Even though enhanced-ip is active, the following alarm is observed during ISSU: RE0 network-service

•

mode mismatch between configuration and kernel setting. PR1546002

The ACX5448 device as TWAMP server delays the start session acknowledgment by 10 seconds.

•

PR1556829

On the ACX2100 device, laser-output-power is seen after the interface is disabled and rebooted.

•

PR1560501

Inline BFD stays down with IS-IS or Static clients. PR1561590

•

Platform and Infrastructure

The CFM REMOTE MEP does not come up after configuration or if the MEP remains in the Start state.

•

PR1460555

VPNs

On the ACX5448 router, the MC-AE Layer 2 circuit states are not updated instantly and for some time

•

after disabling the core interface on the MC-LAG active node, double hit in traffic is observed. PR1543408

SEE ALSO

What's New | 16

What's Changed | 22

Known Limitations | 24

Resolved Issues | 28

Documentation Updates | 31

Migration, Upgrade, and Downgrade Instructions | 32

Resolved Issues

IN THIS SECTION

Forwarding and Sampling | 28

General Routing | 28

Interfaces and Chassis | 31

Layer 2 Features | 31

Routing Protocols | 31

This section lists the issues fixed in Junos OS Release 20.4R1 for the ACX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Forwarding and Sampling

VLAN-ID based firewall match conditions might not work for the VPLS service. PR1542092

•

General Routing

The gigether-options command is enabled again under the interface hierarchy. PR1430009

•

Repeated powering-off or powering-on of the device, the SMBUS transactions timeout occurs. PR1463745

•

On the ACX5048 router, the egress queue statistics do not work for the aggregated Ethernet interfaces.

•

PR1472467

On the ACX5048 router, traffic loss is observed during the unified ISSU upgrade. PR1483959

•

The following syslog error message is observed: ACX_DFW_CFG_FAILED. PR1490940

•

On the ACX5048 and ACX5096 routers, the LACP control packets might be dropped due to high CPU

•

utilization. PR1493518

On the ACX710 router, high convergence is observed with the EVPN-ELAN service in a scaled scenario

•

during FRR switchover. PR1497251

On the ACX5448 router, the EXP rewrite for the Layer 3 VPN sends all traffic with incorrect EXP.

•

PR1500928

The following error message is observed during MPLS route add, change, and delete operation: mpls_extra

•

NULL. PR1502385

The ACX1100, ACX2100, ACX2200, ACX2000, and ACX4000 routers might stop forwarding transit

•

and control traffic. PR1508534

On the ACX710 router, the Packet Forwarding Engine might crash and the fpc process might remain

•

down. PR1509402

The loopback filter cannot take more than 2 TCAM slices. PR1513998

•

On the ACX710 router, the following error message is observed in the Packet Forwarding Engine while

•

the EVPN core link flaps: dnx_l2alm_add_mac_table_entry_in_hw. PR1515516

The VM process generates a core file while running stability test in a multidimensional scenario.

•

PR1515835

The l2ald process crashes during stability test with traffic on a scaled setup. PR1517074

•

On the ACX710 router, whenever a copper optic interface is disabled and enabled, the speed shows 10

•

Gbps rather than 1 Gbps. This issue is not seen with the fiber interface. PR1518111

Tagged traffic matching the vlan-list configuration in the vlan-circuit cross-connect logical interface gets

•

dropped in the ingress interface. PR1519568

The Incompatible Media alarm is not raised when the Synchronous Ethernet source is configured over

•

the copper SFP. PR1519615

On the ACX710 router, the alarm port configuration is not cleared after deleting the alarm-port.

•

PR1520326

PTP to 1PPS noise transfer test fails for frequency 1.985 Hz. PR1522666

•

The show class-of-service interface command does not show the classifier information. PR1522941

•

Interface does not come up with the auto-negotiation setting between the ACX1100 router and the

•

other ACX Series routers, MX Series routers and QFX Series switches as the other end. PR1523418

With the ACX5448 router with 1000 CFM, the CCM state does not go in the Ok state after loading the

•

configuration or restarting the Packet Forwarding Engine. PR1526626

On the ACX5448 and ACX710 routers, the vlan-id-list statement might not work as expected. PR1527085

•

The FEC field is not displayed when the interface is down. PR1530755

•

The show class-of-service routing-instance does not show the configured classifier. PR1531413

•

Memory leak in Local OutLif in VPLS/CCC topology is observed. PR1532995

•

The clksyncd process generates core file on Junos OS Release 20.3R1.3 image. PR1537107

•

The rpd process generates core file at l2ckt_vc_adv_recv, l2ckt_adv_rt_flash (taskptr=0x4363b80,

•

rtt=0x4418100, rtl=< optimized out>, data=< optimized out>, opcode=< optimized out>) at ../../../../../../../../../src/junos/usr.sbin/rpd/l2vpn/l2ckt.c:7982. PR1537546

The Management Ethernet link down alarm is observed while verifying the system alarms in the Virtual

•

Chassis setup. PR1538674

On the ACX5448 router, unexpected behavior of the show chassis network-services command is

•

observed. PR1538869

The following error message is observed while deleting the remote stream 0 0 0 0 0 0 along with feb

•

core file at 0x00ae6484 in bcmdnx_queue_assert (queue=0xc599b60) at ../../../../../src/pfe/common/drivers/bcmdnx/bcmdnx_sdk_ukern_layer.c: Err] clksync_mimic_delete_clock_entry Unexpected error. PR1539953

The announcement or synchronization interval rate range is not as expected. PR1542516

•

Synchronization Ethernet goes in the Holdover state and comes back to the Locked state when the PTP

•

configuration is deleted. PR1546681

The ACX5448 router as transit for the BGP labeled unicast drops traffic. PR1547713

•

Multicast traffic is stopped when HQoS with multicast configurations are applied. PR1551248

•

With the no-local-switching command, traffic between the local and remote CE devices are affected.

•

PR1527231

On the ACX710 router, the T-BC-P switch-over performance fails beyond the standard mask and servo

•

moving to multiple Holdover-in state, Acquiring state, Holdover-in state, Holdover-out state, and Acquiring state. PR1556087

Running SNMP MIB walk and executing the show interfaces command might cause the picd process to

•

crash. PR1533766

On the ACX5448 router, you cannot downgrade to Junos OS Release 18.4 code-base. PR1556377

•

BIND does not sufficiently limit the number of fetches while processing referrals. PR1512212

•

The clksyncd process generates core file during the stability test with traffic and scale. PR1518253

•

The fxpc process generates core file during EEPROM read when SFP is removed. PR1518480

•

On the ACX5448 routers, multicast traffic loop over ICL might be observed. PR1521113

•

On the ACX710 router, PIR/CIR HQoS behavior is inconsistent. PR1525789

•

Error messages are displayed while attaching tcp on physical interfaces. PR1527541

•

The l2cpd memory leak might be observed with the aggregated Ethernet interface flap. PR1527853

•

Upon classifying the Layer 3 packets, DSCP is not preserved and is lost at the egress due to the limitations

•

of a chipset. PR1535876

Other than IPv4 and IPV6, other IPs should not be forwarded. Only IP header with version 4 and 6 can

•

pass through. PR1550748

Profile switch between G.8275.1 and G.8275.2 works as expected. PR1533263

•

Interfaces and Chassis

The fpc process might crash in the inline mode with CFM configured. PR1500048

•

Layer 2 Features

On the ACX5448 routers, the VPLS traffic statistics are not displayed when the show vpls statistics

•

command is executed. PR1506981

The rpd might crash on the new primary Routing Engine after GRES in the VPLS or Layer 2 circuit scenario.

•

PR1507772

Routing Protocols

The rpd process might report 100 percent CPU usage with the BGP route damping enabled. PR1514635

•

On the ACX5448 routers, the family inet6 configuration under the vt- interface is disabled. PR1514595

•

SEE ALSO

What's New | 16

What's Changed | 22

Known Limitations | 24

Open Issues | 26

Documentation Updates | 31

Migration, Upgrade, and Downgrade Instructions | 32

Documentation Updates

There are no errata or changes in Junos OS Release 20.4R1 documentation for ACX Series routers.

SEE ALSO

What's New | 16

What's Changed | 22

Open Issues | 26

Known Limitations | 24

Resolved Issues | 28

Migration, Upgrade, and Downgrade Instructions | 32

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION

Upgrade and Downgrade Support Policy for Junos OS Releases | 32

This section contains the upgrade and downgrade support policy for Junos OS for ACX Series routers. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 19.3,

19.4, and 20.1 are EEOL releases. You can upgrade from Junos OS Release 19.3 to Release 19.4 or from Junos OS Release 19.3 to Release 20.1.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see

https://www.juniper.net/support/eol/junos.html.

For information about software installation and upgrade, see the Installation and Upgrade Guide.

SEE ALSO

What's New | 16

What's Changed | 22

Known Limitations | 24

Open Issues | 26

Resolved Issues | 28

Documentation Updates | 31

Junos OS Release Notes for cRPD

IN THIS SECTION

What’s New | 33

What's Changed | 34

Known Limitations | 35

Open Issues | 35

Resolved Issues | 35

These release notes accompany Junos OS Release 20.4R1 for the containerized routing protocol process (cRPD) container. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What’s New

IN THIS SECTION

Platform and Infrastructure | 34

Learn about new features introduced in the Junos OS main and maintenance releases for cRPD.

Platform and Infrastructure

Support for eventd (cRPD)—Starting in Junos OS Release 20.4R1, we support only external event policies.

•

You can enable these policies in container RPD. In cRPD, eventd and rsyslogd run as two independent processes. The eventd process provides event interface to processes such as rpd/auditd/mgd and supports automated event policy execution.

Use the set event-options policy policy name events [events] then command to enable an event policy and restart event-processing to restart event processing.

By default, Python 3.x support is enabled along with existing on-box Python/SLAX functions in cRPD environment.

Use the [edit system scripts language python3] command to enable and to support python event automation.

[See event-options, events and event-policy.]

Support for Configuring cRPD through SONiC (PTX10008)—Juniper Networks’ PTX10008 router

•

supports configuring cRPD in SONiC through the config_db.json configuration utility. The config_db.json utility is a local redis database (redis-db). You need to do a config save and config load for the configurations to take effect in cRPD.

Support for cRPD in SONiC (PTX10008)—cRPD routing stack is supported on PTX10008 router running

•

SONiC.

What's Changed

IN THIS SECTION

Junos Telemetry Interface | 35

Learn about what changed in the Junos OS main and maintenance releases for cRPD.

Junos Telemetry Interface

cRPD supports the Junos Telemetry Interface (JTI) over TLS similar to Junos OS (cRPD)—cRPD supports

•

local (server-side) certificate validation for gRPC and JTI similar to Junos OS. cRPD doesn't support bidirectional authentication for gRPC and JTI. See Configuring gRPC for the Junos Telemetry Interface

and Importing SSL Certificates for Junos XML Protocol Support.

Known Limitations

There are no known behavior for cRPD in Junos OS Release 20.4R1.

Open Issues

There are no open issues for cRPD in Junos OS Release 20.4R1.

Resolved Issues

Learn which issues were resolved in the Junos OS main and maintenance releases for cRPD.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Routing Policy and Firewall Filters

The show route forwarding-table or show route instance operational commands output is incomplete.

•

PR1545415

Junos OS Release Notes for cSRX

IN THIS SECTION

What’s New | 36

What's Changed | 36

Known Limitations | 37

Open Issues | 38

Resolved Issues | 38

These release notes accompany Junos OS Release 20.4R1 for the cSRX Container Firewall, a containerized version of the SRX Series Services Gateway. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What’s New

There are no new features in Junos OS Release 20.4R1 for cSRX.

What's Changed

IN THIS SECTION

Platform and Infrastructure | 37

Learn about what changed in the Junos OS main and maintenance releases for cSRX.

Platform and Infrastructure

Downloading of Signature Pack You can download the signature pack from the Signature Pack directly

•

when the cSRX doesn’t have pre-installed signature pack.

Configure proxy server so that IP address of proxy server is reachable from cSRX.

•

Run the following command to enter the configurational mode from CLI.

•

root@host> configure [edit] root@host#

Configure proxy server profile on cSRX using IP address and port of proxy server.

•

root@host#set services proxy profile appid_sigpack_proxy protocol http host 4.0.0.1 root@host#set services proxy profile appid_sigpack_proxy protocol http port 3128

Attach the profile to AppID and IDP.

•

root@host#set services application-identification download proxy-profile appid_sigpack_proxy root@host#set security idp security-package proxy-profile appid_sigpack_proxy

Commit the configuration.

•

root@host#commit and-quit commit complete

Download IDP and APPID sigpack through proxy server.

•

root@host>request services application-identification download root@host>request security idp security-package download

To verify if download is going through proxy server:

•

Verify the logs in proxy server. [root@srxdpi-lnx39 squid]# cat /var/log/squid/access.log 1593697174.470 1168 4.0.0.254 TCP_TUNNEL/200 5994 CONNECT signatures.juniper.net:443 - HIER_DIRECT/66.129.242.156 -

1593697175.704 1225 4.0.0.254 TCP_TUNNEL/200 11125 CONNECT signatures.juniper.net:443 HIER_DIRECT/66.129.242.156 - 1593697176.950 1232 4.0.0.254 TCP_TUNNEL/200 5978 CONNECT signatures.juniper.net:443 - HIER_DIRECT/66.129.242.156 - 1593697178.195 1236 4.0.0.254 TCP_TUNNEL/200 11188 CONNECT signatures.juniper.net:443 - HIER_DIRECT/66.129.242.156 -

1593697198.337 1243 4.0.0.254 TCP_TUNNEL/200 6125 CONNECT signatures.juniper.net:443 HIER_DIRECT/66.129.242.156 In cSRX, TLS protocol is used and traffic through proxy is encrypted.

Known Limitations

There are no known behavior for cSRX in Junos OS Release 20.4R1.

Open Issues

There are no open issues for cSRX in Junos OS Release 20.4R1.

Resolved Issues

There are no resolved issues for cSRX in Junos OS Release 20.4R1.

Junos OS Release Notes for EX Series

IN THIS SECTION

What's New | 39

What's Changed | 45

Known Limitations | 48

Open Issues | 49

Resolved Issues | 52

Documentation Updates | 55

Migration, Upgrade, and Downgrade Instructions | 56

These release notes accompany Junos OS Release 20.4R1 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

IN THIS SECTION

Authentication, Authrorization, and Accounting | 39

EVPN | 39

Interfaces and Chassis | 42

Junos OS XML, API, and Scripting | 42

Network Management and Monitoring | 43

Routing Protocols | 43

Software Installation and Upgrade | 44

Subscriber Management and Services | 45

Learn about new features introduced in this release for EX Series Switches.

NOTE: The following EX Series switches are supported in Release 20.4R1: EX2300, EX3400,

EX4300, EX4600, EX4650, EX9200, EX9204, EX9208, EX9214, EX9251, and EX9253.

Authentication, Authrorization, and Accounting

RADIUS attributes for dynamic VLAN assignment on colorless ports (EX2300, EX2300-MP, EX3400,

•

EX4300, and EX4300-MP)—We now support IETF-defined RADIUS attributes that provide VLAN assignments and also indicate whether frames on the VLAN are in tagged or untagged format. This enables the network access control server to dynamically assign VLANs on colorless ports. The VLAN assignments, which are based on device profiling, can be made on either access ports or trunk ports.

[See Dynamic VLAN Assignment on Colorless Ports.]

EVPN

MAC limit, MAC move limit, and persistent MAC learning with EVPN-VXLAN (EX4300-48MP)—We

•

support the following Layer 2 port security features in an EVPN-VXLAN overlay network:

MAC limit—You can limit the number of MAC addresses learned by network (local) interfaces.

•

NOTE: We don’t support MAC limits on virtual tunnel endpoint (VTEP) interfaces.

MAC move limit—You can limit the number of times a MAC address is moved to a different interface

•

within 1 second. To configure this feature, you apply a limit to a VLAN. In an EVPN-VXLAN network, a VLAN’s members can include network (local) and VTEP interfaces. We support the following MAC move use cases and actions:

MAC moves between network interfaces—By default, the configured action is applied on the interface

•

to which the MAC address is last moved. If you configured action priority on the interfaces, the action is applied on the interface with the lesser priority.

MAC moves between network and VTEP interfaces and vice-versa—The action is applied on the

•

network interface.

NOTE: We don’t support MAC moves between the following:

VTEP interfaces.

•

A VTEP interface and a network interface on which persistent MAC learning and static

•

MAC addresses are configured.

Persistent MAC learning (sticky MAC)—You can enable network interfaces to retain dynamically learned

•

MAC addresses when the switch is restarted or when an interface goes down and comes back up again.

NOTE: We don’t support persistent MAC learning on VTEP interfaces.

[See Understanding MAC Limiting and MAC Move Limiting and Understanding and Using Persistent

MAC Learning.]

MC-LAG emulation in an EVPN deployment (EX Series, MX Series, and vMX)—Starting in Junos OS

•

Release 20.4R1, you can emulate the function of an MC-LAG in active-standby mode in an EVPN configuration without having to configure an ICCP or ICL interface. In a standard EVPN configuration, logical interfaces configured on an aggregated Ethernet interface can have different designated forwarder election roles. To emulate an MC-LAG configuration, the designated forwarder (DF) takes on the role of the aggregated Ethernet interface. The provider edge (PE) that is the non-DF will send LACP out-of-sync packets to the CE. This causes LACP to go down on the CE device, and the CE device does not use the links connected to the non-DF for sending traffic. If the connection between a CE and a DF PE fails, the PE is re-elected as a DF. If the connection between a CE and a non-DF PE fails, the current DF PE is not changed.

To enable this functionality, configure the lacp-oos-on-ndf statement at the [edit interfaces interface

name esi df-election-granularity per-esi] hierarchy.

Support for IGMP snooping and selective multicast forwarding (EX4300-MP)—Starting in Junos OS

•

Release 20.4R1, the EX4300-MP switch supports IGMP snooping and selective multicast forwarding in an EVPN-VXLAN centrally-routed bridging overlay network with all-active multihoming. Selective multicast Ethernet (SMET) forwarding is part of IGMP snooping. IGMP snooping and SMET forwarding reduce the volume of multicast traffic in a broadcast domain by forwarding multicast traffic only to interfaces that have IGMP listeners. SMET forwarding sends multicast packets to the leaf devices in the core that have expressed an interest in that multicast group. SMET forwarding is supported only in intra-VLAN replication. This feature supports EVPN Type 7 (IGMP Join Synch Route) and EVPN Type 8 (IGMP Leave Synch Routes). To configure IGMP snooping, include the igmp-snooping proxy configuration statement at the [edit routing-instances routing-instance-name protocols] hierarchy level.

[See Overview of Multicast Forwarding with IGMP Snooping in an EVPN-VXLAN Environment and

Overview of Selective Multicast Forwarding.]

Support for assisted replication (EX4300MP)—Starting in Junos OS Release 20.4R1, the EX4300-MP

•

switch supports assisted replication in an EVPN-VXLAN centrally-routed bridging overlay network with all-active multihoming. Assisted replication (AR) optimizes multicast traffic flow by offloading traffic replication to devices that can more efficiently handle replication and forwarding. You can configure the EX4300-MP only as an AR-leaf device. You can further optimize multicast traffic by configuring AR with IGMP snooping. To configure the EX4300-MP as an AR leaf, include the assisted-replication leaf statement at the [edit routing-instances routing-instance-name protocols evpn] or [edit protocols evpn] hierarchy level.

[See Assisted Replication Multicast Optimization in EVPN Networks

Support for sFlow in an EVPN-VXLAN network (EX4300-MP)—Starting in Junos OS Release 20.4R1,

•

sFlow monitoring is supported on EX4300-MP switches in an EVPN-VXLAN network. sFlow monitoring provides visibility into your EVPN VXLAN network by sampling VXLAN-encapsulated traffic at the ingress and egress interfaces. You can configure sFlow technology on a device to monitor traffic continuously at wire speed on all interfaces simultaneously. You must enable sFlow monitoring on each interface individually. Configure sFlow monitoring at the [edit protocols sflow] hierarchy level. Use the show sflow collector command to display the collector statistics and the clear sflow collector command to delete the collector statistics.

[See Overview of sFlow Technology.]

Layer 3 gateway in an EVPN-MPLS environment (EX9200 with EX9200-SF3 switch fabric module and

•

EX9200-15C line card)—Starting in Junos OS Release 20.4R1, an EX9200 switch with an EX9200-SF3 switch fabric module and an EX9200-15C line card can act as a default Layer 3 gateway for an EVPN instance (EVI) that can span a set of devices. In this role, the EX9200 switch can perform inter-subnet forwarding. With inter-subnet forwarding, each subnet represents a distinct broadcast domain.

The Layer 3 gateway supports the following features:

IRB interfaces through which the default gateway routes IPv4 and IPv6 traffic from one VLAN to

•

another [See Example: Configuring EVPN with IRB Solution.]

Dynamic list next hop [See Configuring Dynamic List Next Hop.]

•

EVPN proxy ARP and ARP suppression, and proxy NDP and NDP suppression on IRB interfaces [See

•

EVPN Proxy ARP and ARP Suppression, and Proxy NDP and NDP Suppression.]

Substitution of a source MAC address with a proxy MAC address in an ARP or NDP reply [See ARP

•

and NDP Request with a Proxy MAC Address.]

Data center interconnectivity using EVPN Type 5 routes [See EVPN Type-5 Route with MPLS

•

encapsulation for EVPN-MPLS.]

Interfaces and Chassis

10GBASE-T SFP+ transceiver for EX4600-40F—Starting in Junos OS Release 20.4R1, EX4600-40F

•

switches support the 10GBASE-T SFP+ transceiver (JNP-SFPP-10GE-T), capable of working at speeds of 10 Gbps, 1Gbps, and 100Mbps, and also auto-negotiation. You can use the existing show commands such as the show interfaces media command to view the details of the transceivers.

[See speed(Ethernet).]

Junos OS XML, API, and Scripting

Support for Certificate Authority Chain Profile (EX2300, EX3400, EX4300, MX240, MX480, MX960,

•

PTX-5000, VMX, vSRX and QFX5200)—Starting in Junos OS Release 20.4R1, you can configure intermediate Certificate Authority (CA) chain profile certificate and perform https REST API request using mutual and server authentications.

To configure intermediate ca-chain certificate, configure ca-chain ca-chain statement at the [edit system

services rest https] hierarchy level.

Start time option for interval-based internal events that trigger event policies (EX Series, MX Series,

•

PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 20.4R1, when you create an interval-based internal event for triggering event policies, you can specify the start date and time for the initial event. To specify a start time, configure the start-time option along with the time-interval option at the [edit event-options generate-event] hierarchy level.

[See Generating Internal Events to Trigger Event Policies.]

Network Management and Monitoring

Configuration retrieval using the configuration revision identifier (EX3400, EX4300, MX204, MX240,

•

MX480, MX960, MX2020, PTX3000, PTX10008, QFX5100, QFX10002-60C, SRX5800, vMX, and vSRX)—Starting in Junos OS Release 20.4R1, you can use the configuration revision identifier feature

to view the configuration for a specific revision. This configuration database revision can be viewed with the CLI command show system configuration revision.

[See show system configuration revision.]

Junos XML protocol operations support loading and comparing configurations using the configuration

•

revision identifier (EX3400, EX4300, MX204, MX240, MX480, MX960, MX2020, PTX3000, PTX10008, QFX5100, QFX10002-60C, SRX5800, vMX, and vSRX)—Starting in Junos OS Release 20.4R1, the Junos

XML management protocol operations support loading and comparing configurations by referencing the configuration revision identifier of a committed configuration. You can execute the <load-configuration> operation with the configuration-revision attribute to load the configuration with the given revision identifier into the candidate configuration. Additionally, you can compare the candidate or active configuration to a previously committed configuration by referencing the configuration revision identifier for the comparison configuration. The <get-configuration> operation supports the compare="configuration-revision" and configuration-revision attributes to perform the comparison.

[See <get-configuration> and <load-configuration>.]

Routing Protocols

BGP Prefix-Independent Convergence (PIC) Edge for MPLS VPNs (EX9200)—You can now install a

•

Layer 3 VPN route in the forwarding table as an alternate path, enabling fast failover when a provider edge (PE) router fails or you lose connectivity to a PE router. This already installed path is used until global convergence through the IGP is resolved.

To enable BGP PIC Edge in an MPLS VPN, include the protect-core statement at the [edit routing-instances routing-instance-name routing-options] hierarchy level. Both IS-IS LDP and OSPF LDP are supported. When BGP PIC Edge is enabled, the show route extensive command now displays the weight assigned to the indirect hop.

[See Configuring BGP PIC Edge for MPLS Layer 3 VPNs.]

Support for multiple single-hop EBGP sessions on different links using the same IPv6 link-local address

•

In earlier Junos OS Releases, BGP peers could be configured with link-local addresses, but multiple BGP peers could not be configured to use the same link-local address on different interfaces.

[See Configure Multiple Single-Hop EBGP Sessions on Different Links Using the Same Link-Local Address

(IPv6).]

Software Installation and Upgrade

Phone-home client (EX4600, EX4650, EX9200, QFX5110, QFX5200, QFX5210, QFX5120-32C, and

•

QFX5120-48Y)—Starting with Junos OS Release 20.4R1, you can use either the legacy DHCP-options-based ZTP or the phone-home client (PHC) to provision software for the switch. When the switch boots up, if there are DHCP options that have been received from the DHCP server for ZTP, ZTP resumes. If DHCP options are not present, PHC is attempted. PHC enables the switch to securely obtain bootstrapping data, such as a configuration or software image, with no user intervention other than having to physically connect the switch to the network. When the switch first boots up, PHC connects to a redirect server, which redirects to a phone home server to obtain the configuration or software image.

To initiate either DHCP-options-based ZTP or PHC, the switch must be in a factory-default state, or you can issue the request system zeroize command.

[See Understanding the Phone-Home Client

ZTP with DHCPv6 client support (EX3400, EX4300, PTX1000, PTX5000, PTX10002-60C, PTX10008,

•

QFX5100, QFX5200, QFX10002, and QFX10002-60C)—Starting in Junos OS Release 20.4R1, zero touch supports the DHCPv6 client. During the bootstrap process, the device first uses the DHCPv4 client to request for information regarding image and configuration file from the DHCP server. The device checks the DHCPv4 bindings sequentially. If one of the DHCPv4 bindings fails, the device continues to check for bindings until provisioning is successful. However, if there are no DHCPv4 bindings, the device checks for DHCPv6 bindings and follows the same process as for DHCPv4 until the device can be provisioned successfully. Both DHCPv4 and DHCPv6 clients are included as part of the default configuration on the device.

The DHCP server uses DHCPv6 options 59 and 17 and applicable suboptions to exchange ZTP-related information between itself and the DHCP client.

NOTE: ZTP supports only HTTP and HTTPS transport protocols.

[See Zero Touch Provisioning.]

Phone-home client (EX4300-48MP Virtual Chassis)—Starting in Junos OS Release 20.4R1, the

•

phone-home client (PHC) can securely provision a Virtual Chassis consisting of all EX4300-48MP member switches without requiring user interaction. If the switches all have the factory-default configuration, you just need to:

Connect the switches using the Virtual Chassis ports.

•

Connect any network port or the management port to the network.

•

Power on the Virtual Chassis.

•

The PHC automatically starts up and connects to the phone-home server (PHS), which responds with bootstrapping information. The PHC then upgrades each member with the new image and applies the configuration, and the Virtual Chassis is ready to go.

[See Provision a Virtual Chassis Using the Phone-Home Client.]

Subscriber Management and Services

Control plane DDoS protection against DDoS attacks (EX9200 with MPC10E)—Starting in Junos OS

•

Release 20.4R1, control plane distributed denial of service (DDoS) protection is enabled by default on EX9200 switches with MPC10E line cards. To prevent malicious traffic from interfering with device operations, this feature uses firewall filters and policers to discard or rate-limit control plane traffic. You can disable this feature at different levels or change the default policer parameters for many protocol groups and individual packet types in the supported protocol groups.

[See Control Plane Distributed Denial-of-Service (DDoS) Protection Overview.]

SEE ALSO

What's Changed | 45

Known Limitations | 48

Open Issues | 49

Resolved Issues | 52

Documentation Updates | 55

Migration, Upgrade, and Downgrade Instructions | 56

What's Changed

IN THIS SECTION

MPLS | 47

Network Management and Monitoring | 47

Platform and Infrastructure | 47

User Interface and Configuration | 47

Learn about what changed in this release for EX Series Switches in Junos OS Release 20.4R1.

MPLS

The show mpls lsp extensivel and show mpls lsp detail commands display next hop gateway LSPid—When

•

you use the show mpls lsp extensivel and show mpls lsp detail commands, you'll see next hop gateway LSPid in the output as well.

Network Management and Monitoring

Warning changed for configuration statements that correspond to deviate not-supported nodes in

•

ignored: unsupported platform. In earlier releases, the warning is Warning: 'statement' is deprecated.

Platform and Infrastructure

Support for unicast ARP request on table entry expiration—You can configure the device to send a

•

[See arp.]

User Interface and Configuration

Verbose format option for exporting JSON configuration data (ACX Series, EX Series, MX Series, PTX

•

Series, QFX Series, and SRX Series)—The Junos OS CLI exposes the verbose statement at the edit system export-format json hierarchy level. The default format for exporting configuration data in JSON changed

[See export-format.]

SEE ALSO

What's New | 39

Known Limitations | 48

Open Issues | 49

Resolved Issues | 52

Documentation Updates | 55

Migration, Upgrade, and Downgrade Instructions | 56

Known Limitations

IN THIS SECTION

EVPN | 48

Platform and Infrastructure | 48

Learn about known limitations in this release for EX Series. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

EVPN

After a reboot during recovery process, the ESI LAGs come up before the BGP sessions and routes/ARP

•

entries are not synced. PR1487112

Platform and Infrastructure

Junos OS can hang trying to acquire the SMP IPI lock while rebooting when it is running as a VM on

•

Linux and QEMU hypervisor. Device can be recovered using power-cycle of the device. PR1385970

10G Channels shows false up even when peer end is configured with different speed. The LED on the

•

box also shows green. PR1530061

In a qinq configuration, xSTP should not be enabled on interface having ifls with vlan-id-list configured.

•

If xSTP is enabled on such interface, it will only run on ifl whose vlan-id range includes native-vlan-id configured, and all other ifls of this interface will in discarding state. So, user should not enable xSTP on these kind of interfaces. Sample configuration which is not allowed: set interfaces ge-0/0/1 flexible-vlan-tagging set interfaces ge-0/0/1 native-vlan-id 3000 set interfaces ge-0/0/1 encapsulation extended-vlan-bridge set interfaces ge-0/0/1 unit 2000 vlan-id-list 1-200 set interfaces ge-0/0/1 unit

2000 input-vlan-map push set interfaces ge-0/0/1 unit 2000 output-vlan-map pop set vlans csvlan1 interface ge-0/0/1.2000 set protocols mstp interface ge-0/0/1. PR1532992

SEE ALSO

What's New | 39

What's Changed | 45

Open Issues | 49

Resolved Issues | 52

Documentation Updates | 55

Migration, Upgrade, and Downgrade Instructions | 56

Open Issues

IN THIS SECTION

Infrastructure | 50

Juniper Extension Toolkit (JET) | 50

Platform and Infrastructure | 50

Routing Policy and Firewall Filters | 51

Routing Protocols | 51

User Interface and Configuration | 52

Learn about open issues in Junos OS Release 20.4R1 for EX Series switches. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report

Search application.

Infrastructure

On EX Series legacy Switches, fsck is run with '-C' option, which skips the file system corruption check

•

if the partition has been marked clean during the boot 'nand-media' check. Due to this, there have been multiple instances where the partition has had file system issues even when cleanly shut down. This change is to enforce fsck during the boot cycle to strengthen the file system check during boot time. Fixed in releases: 12.3R12-S7, 14.1X53-D46, 15.1R6 HOW TO RECOVER:* The switch will repair the corruption during the boot cycle when the file system check (fsck) is run.* In the rare instance that the file system check (fsck) is completed, and there are continued file system corruptions, then the next step is to do an 'install -format'. This will format the file system and all file system corruptions will be removed, along with the previous logs and configuration. PR1191072

On EX Series switches except EX4300/EX4600/EX9200, an interface is configured for single VLAN or

•

multiple VLANs, if all these VLANs of this interface have IGMP snooping enabled, then this interface will drop HSRPv2 (Hot Standby Router Protocol for IPv6) packets. But if some VLANs do not have IGMP snooping enabled, then this interface works fine. PR1232403

On EX Series switches, If you are configuring a large number of firewall filters on some interfaces, the

•

FPC might crash and generate core files. PR1434927

PROTOCOLS:SWITCHING: AI: Unable to Verify jais-7.0R3-THIN.0.tgz in EX4600 box due to space

•

issue. PR1548668

On EX3400 Virtual Chassis, traffic destined to IRB interface would be dropped after mac-persistence-timer

•

was expired. PR1557229

Juniper Extension Toolkit (JET)

gRPC stack uses IPV4 mapped IPV6 address internally, so that gRPC server can work with pure/mapped

•

IPV4/IPV6 addresses. However, a recent change in kernel IPv4/v6 handling causes a problem when a management IP is configured. Workaround: Changing address to 0.0.0.0 solves the issue set system services extension-service request-response grpc clear-text address 0.0.0.0. PR1559064

Platform and Infrastructure

On EX, OCX or QFX based platforms using Broadcom chipset, with SFP+ implemented, interface on the

•

platforms might be in active status when TX or RX connector is removed. When this issue happens, traffic could be dropped. PR1495564

Do not renumber the Virtual Chassis in non consecutive fashion , for SNMP POE MIB walk to work

•

correctly. PR1503985

35 seconds delay is added in reboot time from Junos OS Release 20.2R1 release compared to Release

•

19.4R2. PR1514364

The request chassis fpc slot <slot_num> restart command is unsupported in EX series platforms, so

•

avoid using that command. PR1536997

OSPF and OSPF3 adjacency uptime is more than expected after NSSU upgrade and Outage is higher

•

than the expected. PR1551925

Traffic drop is seen after l2 gres switchover with Layer 2 forwarding database. PR1561344

•

Limited images are not supported for EX92XX on this release. PR1561741

•

Client authentication is failing after performing graceful switchover. PR1563431

•

On certain Junos platforms with Dual-REs (platforms capable of installing Junos packages with name

•

format as "junos*install"), BGP replication may fail to start under GRES/NSR setup after a crash on backup Routing Engine. NSR starts un-replicating the socket since backup Routing Engine is no longer present. Massive unreplicated request leads to memory buffer getting full with multiple BGP sessions (e.g., 20 BGP peers). Hence BGP unreplicated request returned with an error. Besides, the kernel is left with stale data. It does not allow the JSR (Juniper Socket Replication, BGP in this case) when backup RE comes up due to the stale data. BGP-NSR (Nonstop Routing) is broke under the conditions. Traffic outage will be observed after performing GRES. PR1552603

Routing Policy and Firewall Filters

On all Junos OS platforms with "set policy-options rtf-prefix-list" configured, if you upgrade to a specific

•

version, the device might fail to validate its configuration, which eventually causes rpd to crash unexpectedly due to a software fault. PR1538172

Routing Protocols

When l2 and l3 ifls are configured on the same ifd and vport scale is enabled on QFX 5110 and QFX

•

5120 and the l2 ifl is part of a vxlan, then SVP is derived from source_trunk_map table. In this case, the packet will not match with the SOURCE_FIELDS in my_station_tcam table due to which the entry is not getting hit. OSPF unicast pkts will be dropped due to this and it will be stuck in ExStart State. PR1519244

On Trio based Virtual Chassis (VC) platform, when there are multicast tunneled packets being received,

•

which come into the Virtual Chassis Ports (VCP) and then pop out of the tunnel, if the VCP ports and the interfaces where multicast packets enter/leave the router are located on the same Packet Forwarding Engine (PFE), it might fail in sending multicast traffic to downstream receiver due to this issue. PR1555518

User Interface and Configuration

In Junos OS 20.4R1 release, if your switch is not connected to the Internet, then J-Web UI cannot

•

download and install the J-Web application package automatically. PR1563588

SEE ALSO

What's New | 39

What's Changed | 45

Known Limitations | 48

Resolved Issues | 52

Documentation Updates | 55

Migration, Upgrade, and Downgrade Instructions | 56

Resolved Issues

IN THIS SECTION

Authentication and Access Control | 53

EVPN | 53

Infrastructure | 53

Layer 2 Features | 53

Network Management and Monitoring | 53

Platform and Infrastructure | 53

Routing Protocols | 54

User Interface and Configuration | 55

Virtual Chassis | 55

This section lists the issues fixed in Junos OS Release 20.4R1 for EX Series switches.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Authentication and Access Control

The dot1x client won't be moved to held state when the authenticated PVLAN is deleted. PR1516341

•

EVPN

Unable to create a new VTEP interface. PR1520078

•

Infrastructure

qmon-sw sensor is not supported in EX3400. PR1506710

•

The IP communication between directly connected interfaces on EX4600 would fail. PR1515689

•

The VC system might get hanged after committing the VSTP configurations. PR1520351

•

OID ifOutDiscards reports zero and sometimes shows valid value. PR1522561

•

Firewall policer with discard action might fail on EX4300. PR1532670

•

Errors might be seen when dumping vmcore on EX2300 and EX3400 switches. PR1537696

•

The LLDP neighborship with the VoIP phones can't be established. PR1538482

•

Layer 2 Features

The dcpfe/FPC might crash due to the memory leak during the vlan add/delete operation. PR1505239

•

On the QFX5000 line of switches, traffic imbalance might be observed if hash-params is not configured.

•

PR1514793

The MAC address in the hardware table might become out of synchronization between the primary and

•

member in Virtual Chassis after the MAC flaps. PR1521324

Network Management and Monitoring

EX4300: SNMP OID 1.3.6.1.2.1.25.3.3.1.2.0 (hrProcessorLoad ) always returns 0 irrespective of the real

•

CPU utilization. PR1508364

Platform and Infrastructure

IPv6 neighbor solicitation packets might be dropped in a transit device. PR1493212

•

DHCP Binding is not happening after Graceful switchover. PR1515234

•

LLDP adjacency might fail for non-AE interfaces on EX4300 platform. PR1538401

•

uRPF in the Strict mode does not work. PR1417546

•

Virtual Chassis split after network topology changed. PR1427075

•

IRB MAC will not be programmed in hardware when MAC persistence timer expires. PR1484440

•

Authentication session might be terminated if PEAP request is retransmitted by authenticator. PR1494712

•

In some cases, if we have an OSPF session on the IRB over LAG interface with 40-Gigabit Ethernet port

•

as member, the session gets stuck in restart. PR1498903

On the EX4300, EX3400, and EX2300 Virtual Chassis with NSB and xSTP enabled, continuous traffic

•

loss might be observed while performing GRES. PR1500783

The mge interface might still stay up while the far end of its link goes down. PR1502467

•

LLDP is not acquired when native-VLAN-ID and tagged VLAN-ID are the same on a port. PR1504354

•

The output VLAN push might not work. PR1510629

•

Traffic might not flow as per configured policer parameters. PR1512433

•

LACP goes down after performing Routing Engine switchover if MACsec is enabled on the LAG members

•

on EX4300. PR1513319

Last commit line in configuration is updated after the configuration backup has been done. PR1513499

•

The 100M SFP-FX is not supported on satellite device in a Junos Fusion setup. PR1514146

•

ARP learning issue might be seen on EX4300-MP platform when configuring Layer 3 gateway interfaces.

•

PR1514729

"dot1x" memory leak is seen. PR1515972

•

The dcpfe (PFE) process might crash due to memory leak. PR1517030

•

MPPE-Send/Recv-key attribute is not extracted correctly by dot1xd. PR1522469

•

"Drops" and "Dropped packets" counters in the output by "show interface extensive" are double counting.

•

PR1525373

EX4300-48MP device might go out of service during a software upgrade operation. PR1526493

•

PoE messages "poe_get_dev_class: Failed to get PD class info" seen on EX2300. PR1536408

•

EX3400, EX2300 : Upgrade failure do to lack of available storage. PR1539293

•

Slaac-Snoopd child process core is observed upon multiple switchovers on Routing Engine. PR1543181

•

EX9200 SF3 Fabric OIR Issues with Junos 23.1R1.8. PR1555727

•

Routing Protocols

The rpd process might report 100 percent CPU usage with the BGP route damping enabled. PR1514635

•

Packet loss might be observed while verifying traffic from access to core network for IPv4 and IPv6

•

interfaces. PR1520059

OSPFv3 adjacency should not be established when IPsec authentication is enabled. PR1525870

•

User Interface and Configuration

J-Web does not display the correct Flow-control status on EX Series devices. PR1520246

•

Virtual Chassis

On the EX4650 device, the following error message is observed during booting: kldload: an error occurred

•

while loading the module. PR1527170

SEE ALSO

What's New | 39

What's Changed | 45

Known Limitations | 48

Open Issues | 49

Documentation Updates | 55

Migration, Upgrade, and Downgrade Instructions | 56

Documentation Updates

There are no errata or changes in Junos OS Release 20.4R1 documentation for EX Series switches.

SEE ALSO

What's New | 39

What's Changed | 45

Known Limitations | 48

Open Issues | 49

Resolved Issues | 52

Migration, Upgrade, and Downgrade Instructions | 56

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION

Upgrade and Downgrade Support Policy for Junos OS Releases | 56

This section contains the upgrade and downgrade support policy for Junos OS for EX Series switches. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade

Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

19.4, and 20.1 are EEOL releases. You can upgrade from Junos OS Release 19.3 to Release 19.4 or from Junos OS Release 19.3 to Release 20.1.

For more information about EEOL releases and to review a list of EEOL releases, see

https://support.juniper.net/support/eol/software/junos/.

SEE ALSO

What's New | 39

What's Changed | 45

Known Limitations | 48

Open Issues | 49

Resolved Issues | 52

Documentation Updates | 55

Junos OS Release Notes for JRR Series

IN THIS SECTION

What's New | 57

What's Changed | 58

Known Limitations | 59

Open Issues | 60

Resolved Issues | 60

Documentation Updates | 61

Migration, Upgrade, and Downgrade Instructions | 61

These release notes accompany Junos OS Release 20.4R1 for the JRR Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

IN THIS SECTION

Routing Protocols | 58

Learn about new features introduced in Junos OS Release 20.4R1 for JRR Series Route Reflectors.

Routing Protocols

Support for BGP Sharding (JRR200)—Starting in Junos OS Release 20.4R1, we support BGP sharding.

•

BGP sharding splits a BGP RIB into several sub RIBs and each sub RIB handles a subset of BGP routes. Each sub RIB is served by a separate RPD thread to achieve parallel processing. This results in reduced convergence time and faster performance. BGP sharding is disabled by default.

To enable BGP sharding, configure rib-sharding at the [edit system processes routing bgp] hierarchy level. Sharding is dependent on the update I/O thread feature. Therefore, you need to enable update I/O thread when you configure sharding. To enable update I/O, configure update-threading at the [edit system processes routing bgp] hierarchy level for rib-sharding configuration to pass commit check.

If you configure rib-sharding on a routing engine, RPD will create sharding threads. By default the number of sharding and update threads created is same as the number of CPU cores on the routing engine. Optionally, you can specify the number-of-shards and number-of-threads you want to create.

NOTE: BGP sharding is supported for IPv4, IPv6, L3VPN and BGP-LU. All the other RIBs are

processed without sharding.

[See rib-sharding and update-threading.]

SEE ALSO

What's Changed | 58

Known Limitations | 59

Open Issues | 60

Resolved Issues | 60

Documentation Updates | 61

Migration, Upgrade, and Downgrade Instructions | 61

What's Changed

There are no changes in behavior and syntax in Junos OS Release 20.4R1 for JRR Series Route Reflectors.

SEE ALSO

What's New | 57

Known Limitations | 59

Open Issues | 60

Resolved Issues | 60

Documentation Updates | 61

Migration, Upgrade, and Downgrade Instructions | 61

Known Limitations

IN THIS SECTION

Routing Protocols | 59

Learn about known limitations in this release for JRR200 Route Reflectors.

Routing Protocols

These features are not supported in Junos OS 20.4R1 release for BGP Sharding:

•

routing-options validations with rib sharding

•

inet4/6 unicast rib-group along with rib sharding

•

outbound route-filter with bgp sharding.

•

SEE ALSO

What's New | 57

What's Changed | 58

Open Issues | 60

Resolved Issues | 60

Documentation Updates | 61

Migration, Upgrade, and Downgrade Instructions | 61

Open Issues

There are no open issues in Junos OS 20.4R1 Release for JRR Series Route Reflectors.

SEE ALSO

What's New | 57

What's Changed | 58

Known Limitations | 59

Resolved Issues | 60

Documentation Updates | 61

Migration, Upgrade, and Downgrade Instructions | 61

Resolved Issues

IN THIS SECTION

Resolved Issues: 20.4R1 Release | 60

This section lists the issues fixed in Junos OS Release 20.4R1 for JRR Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 20.4R1 Release

General Routing

On the JRR200 routers, the firewall filter with non-zero TTL value might cause a commit error. PR1531034

•

tcp_timer_keep logs flood on JRR200. PR1533168

•

Optics info of physical interfaces is not available for JRR200 on Junos OS. PR1537261

•

The CLI "request system power-off" and "request system halt" commands do not work as expected on

•

JRR200. PR1534795

SEE ALSO

What's New | 57

What's Changed | 58

Known Limitations | 59

Open Issues | 60

Documentation Updates | 61

Migration, Upgrade, and Downgrade Instructions | 61

Documentation Updates

There are no errata or changes in Junos OS Release 20.4R1 documentation for JRR200 Route Reflectors.

SEE ALSO

What's New | 57

What's Changed | 58

Known Limitations | 59

Open Issues | 60

Resolved Issues | 60

Migration, Upgrade, and Downgrade Instructions | 61

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION

Upgrade and Downgrade Support Policy for Junos OS Releases | 62

This section contains the upgrade and downgrade support policy for Junos OS for the JRR Series Route Reflector. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

For information about software installation and upgrade, see the JRR200 Route Reflector Quick Start and the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

19.4, and 20.1 are EEOL releases. You can upgrade from Junos OS Release 19.3 to Release 19.4 or from Junos OS Release 19.3 to Release 20.1.

For more information about EEOL releases and to review a list of EEOL releases, see

https://www.juniper.net/support/eol/junos.html.

SEE ALSO

What's New | 57

What's Changed | 58

Known Limitations | 59

Open Issues | 60

Resolved Issues | 60

Documentation Updates | 61

Junos OS Release Notes for Juniper Secure Connect

IN THIS SECTION

What’s New | 63

What's Changed | 63

Known Limitations | 63

Open Issues | 64

Resolved Issues | 64

These release notes accompany Junos OS Release 20.4R1 for Juniper Secure Connect. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What’s New

There are no new features in Junos OS Release 20.4R1 for Juniper Secure Connect.

What's Changed

There are no changes in behavior or syntax for Juniper Secure Connect in Junos OS Release 20.4R1.

Known Limitations

There are no known behavior or limitation for Juniper Secure Connect in Junos OS Release 20.4R1.

Open Issues

IN THIS SECTION

Juniper Secure Connect Client | 64

Learn about open issues in this release for Juniper Secure Connect.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Juniper Secure Connect Client

IKE configure mode payload is not pushing secondary DNS and secondary WINS attributes to Xauth

•

module with IKEv1. Hence client is not getting assigned with secondary DNS and secondary WINS with IKEv1. PR1558831

Resolved Issues

There are no resolved issues for Juniper Secure Connect in Junos OS Release 20.4R1.

Junos OS Release Notes for Junos Fusion for Enterprise

IN THIS SECTION

What’s New | 65

What's Changed | 65

Known Limitations | 66

Open Issues | 66

Resolved Issues | 67

Documentation Updates | 68

Migration, Upgrade, and Downgrade Instructions | 68

These release notes accompany Junos OS Release 20.4R1 for the Junos fusion for enterprise. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What’s New

There are no new features or enhancements to existing features in Junos OS Release 20.4R1 for Junos fusion for enterprise.

NOTE: For more information about Junos fusion for enterprise, see the Junos Fusion for

Enterprise User Guide.

SEE ALSO

What's Changed | 65

Known Limitations | 66

Open Issues | 66

Resolved Issues | 67

Documentation Updates | 68

Migration, Upgrade, and Downgrade Instructions | 68

What's Changed

There are no changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands in Junos OS Release 20.4R1 for Junos fusion for enterprise.

SEE ALSO

What's New | 65

Known Limitations | 66

Open Issues | 66

Resolved Issues | 67

Documentation Updates | 68

Migration, Upgrade, and Downgrade Instructions | 68

Known Limitations

There are no known behaviors, system maximums, and limitations in hardware and software in Junos OS Release 20.4R1 for Junos fusion for enterprise.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

SEE ALSO

What's New | 65

What's Changed | 65

Open Issues | 66

Resolved Issues | 67

Documentation Updates | 68

Migration, Upgrade, and Downgrade Instructions | 68

Open Issues

There are no known issues in hardware and software in Junos OS Release for 20.4R1 Junos fusion for enterprise.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

SEE ALSO

What's New | 65

What's Changed | 65

Known Limitations | 66

Resolved Issues | 67

Documentation Updates | 68

Migration, Upgrade, and Downgrade Instructions | 68

Resolved Issues

IN THIS SECTION

Resolved Issues: Release 20.4R1 | 67

Learn which issues were resolved in the Junos OS main and maintenance releases for Junos fusion for enterprise.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: Release 20.4R1

The 100M SFP-FX is not supported on satellite devices in a Junos fusion setup. PR1514146

•

SEE ALSO

What's New | 65

What's Changed | 65

Known Limitations | 66

Open Issues | 66

Documentation Updates | 68

Migration, Upgrade, and Downgrade Instructions | 68

Documentation Updates

There are no errata or changes in Junos OS Release 20.4R1 for documentation for Junos fusion for enterprise.

SEE ALSO

What's New | 65

What's Changed | 65

Known Limitations | 66

Open Issues | 66

Resolved Issues | 67

Migration, Upgrade, and Downgrade Instructions | 68

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION

Basic Procedure for Upgrading Junos OS on an Aggregation Device | 68

Upgrading an Aggregation Device with Redundant Routing Engines | 70

Preparing the Switch for Satellite Device Conversion | 71

Converting a Satellite Device to a Standalone Switch | 72

Upgrade and Downgrade Support Policy for Junos OS Releases | 72

Downgrading Junos OS | 73

This section contains the procedure to upgrade or downgrade Junos OS and satellite software for a Junos fusion for enterprise. Upgrading or downgrading Junos OS and satellite software might take several hours, depending on the size and configuration of the Junos fusion for enterprise topology.

Basic Procedure for Upgrading Junos OS on an Aggregation Device

When upgrading or downgrading Junos OS for an aggregation device, always use the junos-install package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support

representative. For information about the contents of the junos-install package and details of the installation process, see the Installation and Upgrade Guide.

NOTE: Before upgrading, back up the file system and the currently active Junos OS configuration

so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

user@host> request system snapshot

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files), might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. See the Junos OS Administration Library.

To download and install Junos OS:

1. Using a Web browser, navigate to the Download Software URL on the Juniper Networks webpage:

https://www.juniper.net/support/downloads/

2. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.

3. Select By Technology > Junos Platform > Junos fusion to find the software that you want to download.

4. Select the release number (the number of the software version that you want to download) from the Version drop-down list on the right of the page.

5. Select the Software tab.

6. Select the software package for the release.

7. Review and accept the End User License Agreement.

8. Download the software to a local host.

9. Copy the software to the routing platform or to your internal software distribution site.

10. Install the new junos-install package on the aggregation device.

NOTE: We recommend that you upgrade all software packages out of band using the console

because in-band connections are lost during the upgrade process.

Customers in the United States and Canada, use the following commands, where n is the spin number.

user@host> request system software add validate reboot source/package-name.n.tgz

All other customers, use the following commands, where n is the spin number.

user@host> request system software add validate reboot source/package-name.n-limited.tgz

Replace source with one of the following values:

/pathname—For a software package that is installed from a local directory on the router.

•

For software packages that are downloaded and installed from a remote location:

•

ftp://hostname/pathname

•

http://hostname/pathname

•

scp://hostname/pathname (available only for Canada and U.S. version)

•

The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

Adding the reboot command reboots the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

Rebooting occurs only if the upgrade is successful.

Upgrading an Aggregation Device with Redundant Routing Engines

If the aggregation device has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to minimize disrupting network operations as follows:

1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine and save the configuration change to both Routing Engines.

2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Preparing the Switch for Satellite Device Conversion

There are multiple methods to upgrade or downgrade satellite software in your Junos fusion for enterprise. See Configuring or Expanding a Junos fusion for enterprise.

For satellite device hardware and software requirements, see Understanding Junos fusion for enterprise

Software and Hardware Requirements.

Use the following command to install Junos OS on a switch before converting it into a satellite device:

user@host> request system software add validate reboot source/package-name

NOTE: The following conditions must be met before a Junos switch that is running Junos OS

Release 14.1X53-D43 can be converted to a satellite device when the action is initiated from the aggregation device:

The switch running Junos OS can be converted only to SNOS 3.1 and later.

•

Either the switch must be set to factory-default configuration by using the request system

•

zeroize command, or the following command must be included in the configuration: set chassis auto-satellite-conversion.

When the interim installation has completed and the switch is running a version of Junos OS that is compatible with satellite device conversion, perform the following steps:

1. Log in to the device using the console port.

2. Clear the device:

[edit] user@satellite-device# request system zeroize

NOTE: The device reboots to complete the procedure for resetting the device.

If you are not logged in to the device using the console port connection, your connection to the device is lost after you enter the request system zeroize command.

If you lose connection to the device, log in using the console port.

3. (EX4300 switches only) After the reboot is complete, convert the built-in 40-Gbps QSFP+ interfaces from Virtual Chassis ports (VCPs) into network ports:

user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port port-number

For example, to convert all four built-in 40-Gbps QSFP+ interfaces on an EX4300-24P switch into network ports:

user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 0 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 1 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 2 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 3

This step is required for the 40-Gbps QSFP+ interfaces that will be used as uplink interfaces in a Junos fusion topology. Built-in 40-Gbps QSFP+ interfaces on EX4300 switches are configured into VCPs by default, and the default settings are restored after the device is reset.

After this initial preparation, you can use one of three methods to convert your switches into satellite devices—autoconversion, manual conversion, or preconfiguration. See Configuring or Expanding a Junos

fusion for enterprise for detailed configuration steps for each method.

Converting a Satellite Device to a Standalone Switch

If you need to convert a satellite device to a standalone device, you must install a new Junos OS software package on the satellite device and remove it from the Junos fusion topology. For more information, see

Converting a Satellite Device to a Standalone Device.

Upgrade and Downgrade Support Policy for Junos OS Releases

19.4, and 20.1 are EEOL releases. You can upgrade from Junos OS Release 19.3 to Release 19.4 or from

Junos OS Release 19.3 to Release 20.1.

For more information about EEOL releases and to review a list of EEOL releases, see

https://www.juniper.net/support/eol/junos.html

Downgrading Junos OS

Junos fusion for enterprise is first supported in Junos OS Release 16.1, although you can downgrade a standalone EX9200 switch to earlier Junos OS releases.

NOTE: You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.

To downgrade a Junos fusion for enterprise, follow the procedure for upgrading, but replace the junos-install package with one that corresponds to the appropriate release.

SEE ALSO

What's New | 65

What's Changed | 65

Known Limitations | 66

Open Issues | 66

Resolved Issues | 67

Documentation Updates | 68

Junos OS Release Notes for Junos Fusion for Provider Edge

IN THIS SECTION

What's New | 74

What's Changed | 75

Known Limitations | 76

Open Issues | 76

Resolved Issues | 77

Documentation Updates | 77

Migration, Upgrade, and Downgrade Instructions | 78

These release notes accompany Junos OS Release 20.4R1 for Junos fusion for provider edge. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

IN THIS SECTION

Hardware | 75

Learn about new features introduced in this release for Junos fusion for provider edge.

Hardware

Support for QFX5110 as a satellite device in a Junos fusion for provider edge environment on a GNF

•

(MX480, MX960, MX2010, and MX2020)—With Junos node slicing, you can create guest network functions (GNFs), which are partitions where an aggregation device can be configured. The aggregation device on a GNF supports a maximum of 10 satellite devices. Starting in Junos OS Release 20.4R1, you can configure QFX5110 switches as satellite devices in a Junos fusion for provider edge environment on a GNF.

[See Understanding Junos Fusion Provider Edge Software and Hardware Requirements and Junos Node

Slicing Overview.]

SEE ALSO

What's Changed | 75

Known Limitations | 76

Open Issues | 76

Resolved Issues | 77

Documentation Updates | 77

Migration, Upgrade, and Downgrade Instructions | 78

What's Changed

There are no changes in the behavior of Junos OS features or in the syntax of Junos OS statements and commands in this release for Junos fusion for provider edge.

SEE ALSO

What's New | 74

Known Limitations | 76

Open Issues | 76

Resolved Issues | 77

Documentation Updates | 77

Migration, Upgrade, and Downgrade Instructions | 78

Known Limitations

There are no known behaviors, system maximums, and limitations in hardware and software in Junos OS Release 20.4R1 for Junos fusion for provider edge.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

SEE ALSO

What's New | 74

What's Changed | 75

Open Issues | 76

Resolved Issues | 77

Documentation Updates | 77

Migration, Upgrade, and Downgrade Instructions | 78

Open Issues

There are no open issues in the Junos OS Release 20.4R1 for Junos fusion for provider edge.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

SEE ALSO

What's New | 74

What's Changed | 75

Known Limitations | 76

Resolved Issues | 77

Documentation Updates | 77

Migration, Upgrade, and Downgrade Instructions | 78

Resolved Issues

There are no fixed issues in the Junos OS Release 20.4R1 for Junos fusion for provider edge.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

SEE ALSO

What's New | 74

What's Changed | 75

Known Limitations | 76

Open Issues | 76

Documentation Updates | 77

Migration, Upgrade, and Downgrade Instructions | 78

Documentation Updates

There are no errata or changes in Junos OS Release 20.4R1 documentation for Junos fusion for provider edge.

SEE ALSO

What's New | 74

What's Changed | 75

Known Limitations | 76

Open Issues | 76

Resolved Issues | 77

Migration, Upgrade, and Downgrade Instructions | 78

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION

Basic Procedure for Upgrading an Aggregation Device | 78

Upgrading an Aggregation Device with Redundant Routing Engines | 81

Preparing the Switch for Satellite Device Conversion | 81

Converting a Satellite Device to a Standalone Device | 83

Upgrading an Aggregation Device | 85

Upgrade and Downgrade Support Policy for Junos OS Releases | 85

Downgrading from Junos OS Release 20.1 | 86

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for Junos fusion for provider edge. Upgrading or downgrading Junos OS might take several hours, depending on the size and configuration of the network.

Basic Procedure for Upgrading an Aggregation Device

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and

Upgrade Guide.

NOTE: Before upgrading, back up the file system and the currently active Junos OS configuration

so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

user@host> request system snapshot

The download and installation process for Junos OS Release 20.4R1 is different from that for earlier Junos OS releases.

1. Using a Web browser, navigate to the Download Software URL on the Juniper Networks webpage:

https://www.juniper.net/support/downloads/

2. Log in to the Juniper Networks authentication system by using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.

3. Select By Technology > Junos Platform > Junos fusion to find the software that you want to download.

4. Select the release number (the number of the software version that you want to download) from the Version drop-down list to the right of the page.

5. Select the Software tab.

6. Select the software package for the release.

7. Review and accept the End User License Agreement.

8. Download the software to a local host.

9. Copy the software to the routing platform or to your internal software distribution site.

10. Install the new jinstall package on the aggregation device.

NOTE: We recommend that you upgrade all software packages out-of-band using the console,

because in-band connections are lost during the upgrade process.

Customers in the United States and Canada, use the following commands.

For 64-bit software:

•

NOTE: We recommend that you use 64-bit Junos OS software when implementing Junos

fusion for provider edge.

user@host> request system software add validate reboot

source/jinstall64-20.4R1.SPIN-domestic-signed.tgz

For 32-bit software:

•

user@host> request system software add validate reboot

source/jinstall-20.4R1.SPIN-domestic-signed.tgz

All other customers, use the following commands.

For 64-bit software:

•

NOTE: We recommend that you use 64-bit Junos OS software when implementing Junos

fusion for provider edge.

user@host> request system software add validate reboot

source/jinstall64-20.4R1.SPIN-export-signed.tgz

For 32-bit software:

•

user@host> request system software add validate reboot

source/jinstall-20.4R1.SPIN-export-signed.tgz

Replace source with one of the following values:

/pathname—For a software package that is installed from a local directory on the router.

•

For software packages that are downloaded and installed from a remote location:

•

ftp://hostname/pathname

•

http://hostname/pathname

•

scp://hostname/pathname (available only for the Canada and U.S. version)

•

The validate option validates the software package against the current configuration as a prerequisite for adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is for a different release.

Rebooting occurs only if the upgrade is successful.

NOTE: After you install a Junos OS Release 20.4R1 jinstall package, you cannot return to the

previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrading an Aggregation Device with Redundant Routing Engines

If the aggregation device has two Routing Engines, perform a Junos OS installation on each Routing Engine separately as follows to minimize disrupting network operations:

1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine and save the configuration change to both Routing Engines.

2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Preparing the Switch for Satellite Device Conversion

Satellite devices in a Junos fusion topology use a satellite software package that is different from the standard Junos OS software package. Before you can install the satellite software package on a satellite device, you first need to upgrade the target satellite device to an interim Junos OS software version that can be converted to satellite software. For satellite device hardware and software requirements, see

Understanding Junos fusion Software and Hardware Requirements

NOTE: The following conditions must be met before a standalone switch that is running Junos

OS Release 14.1X53-D43 can be converted to a satellite device when the action is initiated from the aggregation device:

The switch can be converted to only SNOS 3.1 and later.

•

Either the switch must be set to factory-default configuration by using the request system

•

zeroize command, or the following command must be included in the configuration: set chassis auto-satellite-conversion.

Customers with EX4300 switches, use the following command:

user@host> request system software add validate reboot

source/jinstall-ex-4300-14.1X53-D43.3-domestic-signed.tgz

Customers with QFX5100 switches, use the following command:

user@host> request system software add reboot

source/jinstall-qfx-5-14.1X53-D43.3-domestic-signed.tgz

When the interim installation has completed and the switch is running a version of Junos and OS on one line that is compatible with satellite device conversion, perform the following steps:

1. Log in to the device by using the console port.

2. Clear the device:

[edit] user@satellite-device# request system zeroize

NOTE: The device reboots to complete the procedure for resetting the device.

If you are not logged in to the device by using the console port connection, your connection to the device is lost after you enter the request system zeroize command.

If you lose your connection to the device, log in using the console port.

3. (EX4300 switches only) After the reboot is complete, convert the built-in 40-Gbps QSFP+ interfaces from Virtual Chassis ports (VCPs) into network ports:

user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port port-number

For example, to convert all four built-in 40-Gbps QSFP+ interfaces on an EX4300-24P switch into network ports:

After this initial preparation, you can use one of three methods to convert your switches into satellite devices—autoconversion, manual conversion, and preconfiguration. See Configuring Junos fusion for

provider edge for detailed configuration steps for each method.

Converting a Satellite Device to a Standalone Device

If you need to convert a satellite device to a standalone device, you must install a new Junos OS software package on the satellite device and remove the satellite device from the Junos fusion topology.

NOTE: If the satellite device is a QFX5100 switch, you need to install a PXE version of Junos

OS. The PXE version of Junos OS is software that includes pxe in the Junos OS package name when it is downloaded from the Software Center—for example, the PXE image for Junos OS Release 14.1X53-D43 is named install-media-pxe-qfx-5-14.1X53-D43.3-signed.tgz . If the satellite device is an EX4300 switch, you install a standard jinstall-ex-4300 version of Junos OS.

The following steps explain how to download software, remove the satellite device from Junos fusion, and install the Junos OS software image on the satellite device so that the device can operate as a standalone device.

1. Using a Web browser, navigate to the Junos OS software download URL on the Juniper Networks webpage:

https://www.juniper.net/support/downloads

2. Log in to the Juniper Networks authentication system by using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.

3. Select By Technology > Junos Platform > Junos fusion from the drop-down list and select the switch platform series and model for your satellite device.

4. Select the Junos OS Release 14.1X53-D30 software image for your platform.

5. Review and accept the End User License Agreement.

6. Download the software to a local host.

7. Copy the software to the routing platform or to your internal software distribution site.

8. Remove the satellite device from the automatic satellite conversion configuration.

If automatic satellite conversion is enabled for the satellite device’s member number, remove the member number from the automatic satellite conversion configuration. The satellite device’s member number is the same as the FPC slot ID.

[edit] user@aggregation-device# delete chassis satellite-management auto-satellite-conversion

satellite member-number

For example, to remove member number 101 from Junos fusion:

[edit] user@aggregation-device# delete chassis satellite-management auto-satellite-conversion

satellite 101

You can check the automatic satellite conversion configuration by entering the show command at the [edit chassis satellite-management auto-satellite-conversion] hierarchy level.

9. Commit the configuration.

To commit the configuration to both Routing Engines:

[edit] user@aggregation-device# commit synchronize

Otherwise, commit the configuration to a single Routing Engine:

[edit] user@aggregation-device# commit

10. Install the Junos OS software on the satellite device to convert the device to a standalone device.

[edit] user@aggregation-device> request chassis satellite install URL-to-software-package fpc-slot

member-number

For example, to install a PXE software package stored in the /var/tmp directory on the aggregation device onto a QFX5100 switch acting as the satellite device using FPC slot 101:

[edit] user@aggregation-device> request chassis satellite install

/var/tmp/install-media-pxe-qfx-5-14.1X53-D43.3-signed.tgz fpc-slot 101

For example, to install a software package stored in the var/tmp directory on the aggregation device onto an EX4300 switch acting as the satellite device using FPC slot 101:

[edit] user@aggregation-device> request chassis satellite install

/var/tmp/jinstall-ex-4300-14.1X53-D30.3-domestic-signed.tgz fpc-slot 101

The satellite device stops participating in the Junos fusion topology after the software installation starts. The software upgrade starts after this command is entered.

11. Wait for the reboot that accompanies the software installation to complete.

12. When you are prompted to log back into your device, uncable the device from the Junos fusion topology. See Removing a Transceiver from a QFX Series Device or Remove a Transceiver, as needed. Your device has been removed from Junos fusion.

NOTE: The device uses a factory-default configuration after the Junos OS installation is

complete.

Upgrading an Aggregation Device

When you upgrade an aggregation device to Junos OS Release 20.4R1, you must also upgrade your satellite device to Satellite Device Software version 3.1R1.

Upgrade and Downgrade Support Policy for Junos OS Releases

19.4, and 20.1 are EEOL releases. You can upgrade from Junos OS Release 19.3 to Release 19.4 or from

Junos OS Release 19.3 to Release 20.1.

For more information about EEOL releases and to review a list of EEOL releases, see

https://www.juniper.net/support/eol/junos.html.

Downgrading from Junos OS Release 20.1

To downgrade from Release 20.1 to another supported release, follow the procedure for upgrading, but replace the 20.1 jinstall package with one that corresponds to the appropriate release.

NOTE: You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.

SEE ALSO

What's New | 74

What's Changed | 75

Known Limitations | 76

Open Issues | 76

Resolved Issues | 77

Documentation Updates | 77

Junos OS Release Notes for MX Series

IN THIS SECTION

What's New | 87

What's Changed | 103

Known Limitations | 109

Open Issues | 110

Resolved Issues | 117

Documentation Updates | 132

Migration, Upgrade, and Downgrade Instructions | 132

These release notes accompany Junos OS Release 20.4R1 for the MX Series 5G Universal Routing Platforms. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

IN THIS SECTION

Hardware | 88

EVPN | 90

High Availability (HA) and Resiliency | 91

Interfaces and Chassis | 92

Juniper Extension Toolkit (JET) | 92

Junos OS, XML, API, and Scripting | 93

Junos Telemetry Interface | 93

MPLS | 95

Network Management and Monitoring | 96

Routing Policy and Firewall Filters | 97

Routing Protocols | 97

Services Applications | 99

Software Defined Networking | 99

Software Installation and Upgrade | 101

Software Licensing | 101

Subscriber Management and Services | 101

System Management | 102

System Logging | 103

This section describes the new features and enhancements to existing features in Junos OS Release 20.4R1 for the MX Series routers.

Hardware

•

We've added the following features to the MX Series routers in Junos OS Release 20.4R1.

Table 2: Features Supported by MPC10E and MPC11E Line Cards on MX Series Routers

DescriptionFeature

EVPN

Interfaces and chassis

Support for configuring an Ethernet VPN Ethernet Tree (E-Tree) service

•

on MX240, MX480, and MX960 routers using MPC10E-15C-MRATE

line cards. [See EVPN-ETREE Overview.]

Support for configuring an EVPN point-to multipoint (P2MP) label

•

switch path (LSP) as a provider tunnel on a bud router. The bud router

functions both as an egress router and a transit router. [See Configuring

Bud Node Support.]

Support for configuring and signalling a P2MP LSP for the EVPN

•

Inclusive Provider Tunnel for BUM traffic. [See Understanding P2MPs

LSP for the EVPN Inclusive Provider Tunnel.]

Support for configuring VLAN rewrite operations on CCC interfaces.

•

[See Stacking and Rewriting Gigabit Ethernet VLAN Tags Overview

and Stacking and Rewriting Gigabit Ethernet VLAN Tags.]

Support for 100GE AOC optics on MPC10E-15C-MRATE and

•

MPC10E-10C-MRATE (with SCBE3-MX) in the MX240, MX480, and

MX960 routers. [See Hardware Compatibility Tool.]

Support for 4X100G FR transceivers and the channelization option

•

on the 400G-DR4 transceiver on MPC10E-15C-MRATE and

MPC10E-10C-MRATE (with SCBE3) in the MX240, MX480, and

MX960 routers. [See Hardware Compatibility Tool.]

Support for configuring dynamic learning of the source and destination

•

MAC addresses on aggregated Ethernet interfaces on the

MPC10E-15C-MRATE, MPC10E-10C-MRATE, and MX2K-MPC11E

line cards. [See MAC Address Accounting for Dynamically Learned

Addresses.]

Support for monitoring link degradation of the 25GbE interfaces and

•

400GbE interfaces on the MPC10E (MPC10E-15C-MRATE and

MPC10E-10C-MRATE) line cards. [See Link Degrade Monitoring

Overview.]

Support for Layer 2 address learning process (ALD). [See Understanding

•

Layer 2 Learning and Forwarding.]

Support for a bandwidth of 500 Gbps per Packet Forwarding Engine

•

with four fabric planes on MPC10E-10C-MRATE and

MPC10E-15C-MRATE (with the Packet Forwarding Engine 2 powered

off) line cards. [See MPC10E-10C-MRATE and MPC10E-15C-MRATE.]

Table 2: Features Supported by MPC10E and MPC11E Line Cards on MX Series Routers (continued)

DescriptionFeature

General routing

Layer 2 features

Support for configuring the TCP maximum segment size (MSS). [See

•

Configure TCP Options.]

Support for configuring the GRE key to identify the traffic flows in a

•

GRE tunnel on the MPC10E-10C-MRATE, MPC10E-15C-MRATE, and

MX2K-MPC11E line cards. [See dynamic-tunnel-gre-key.]

Support for packet mirroring with Layer 2 headers for Layer 3

•

forwarded traffic. [See Firewall Filter Nonterminating Actions.]

Support for Layer2 Ethernet services over GRE tunnel interfaces. [See

•

Configuring Layer 2 Ethernet Services over GRE Tunnel Interfaces.]

Support for Spanning-Tree Protocol (STP), Rapid Spanning-Tree

•

Protocol (RSTP), Multiple Spanning-Tree Protocol (MSTP), and VLAN

Spanning-Tree Protocol (VSTP). [See Configuring STP Protocol.]

Support for the base bridging feature commands.

•

NOTE: You can configure propagate option under the mac-flush

command.

[See clear bridge mac-table, global-mac-move, global-no-mac-learning,

mac-flush, global-no-control-mac-aging, and global-no-hw-mac-learning

Multicast

Network management and monitoring

Support for redundant virtual tunnels (RVTs) and fast re-route (FRR)

•

for both active/backup and active/active redundancy models (MX240,

MX480, MX960, MX2010, and MX2020). RVT interfaces are used in

Multicast Layer 3 VPNs (MVPN) to facilitate virtual routing and

forwarding (VRF) table lookup based on MPLS labels and to provide

resiliency. [See Resiliency in Multicast L3 VPNs with Redundant Virtual

Tunnels.]

Support for verifying the global table multicast (GTM) with IPv6 and

•

Type-7 on MPC10 and MPC11 line cards. [See Multicast Overview.]

Support for configuring ITU-T Y.1731 standard-compliant Ethernet

•

synthetic loss measurement (ETH-SLM) and Ethernet delay

measurement (ETH- DM) capabilities on MPC10E-10C-MRATE,

MPC10E-15C-MRATE, and MX2K-MPC11E line cards. [See ITU-T

Y.1731 Ethernet Service OAM Overview.]

Table 2: Features Supported by MPC10E and MPC11E Line Cards on MX Series Routers (continued)

DescriptionFeature

Services Applications

Support for QSFP-100G-FR, QSFP-100G-DR, and QSFP-100G-LR transceivers (MX2010 and MX2020

•

Support for inline monitoring services to provide the flexibility to

•

monitor different streams of traffic at different sampling rates on the

same interface. [See Inline Monitoring Services Configuration.]

Support for Aggregated Multiservices Interfaces (AMS) on the

•

MPC10E-10C-MRATE, MPC10E-15C-MRATE, and MX2K-MPC11E

line cards to provide load balancing (LB) and high availability (HA)

features for stateful firewall and NAT services. You can configure AMS

with next-hop style service-sets and with MS-MPC or MS-MIC only.

[See Understanding Aggregated Multiservices Interfaces.]

with MX2K-MPC11E)—Starting in Junos OS Release 20.4R1, the MX2K-MPC11E MPCs in the MX2010 and MX2020 routers support the QSFP-100G-FR, QSFP-100G-DR, and QSFP-100G-LR transceivers.

[See the Hardware Compatibility Tool (HCT) for details.]

EVPN

MAC VRF with EVPN-VXLAN (MX Series and vMX routers; QFX5100, QFX5110, QFX5120, QFX5200,

•

QFX10002, QFX10008, and QFX10016 switches)—Data center service providers must support multiple customers with their own routing and bridging policies in the same physical network. To accommodate this requirement, you can now configure multiple customer-specific EVPN instances (EVIs) of type mac-vrf, each of which can support a different EVPN service type. This configuration results in customer-specific virtual routing and forwarding (VRF) tables with MAC addresses on each Juniper Networks device that serves as a virtual tunnel endpoint (VTEP) in the EVPN-VXLAN network.

NOTE: We support MAC VRF routing instances for EVPN unicast routes only.

To support this feature, we introduce a uniform routing instance configuration, which complies with RFC 7432, BGP MPLS-Based Ethernet VPN. The uniform configuration eliminates hardware restrictions that limit the number of EVIs and combinations of EVIs with their respective policies that can simultaneously exist. The common configuration includes the following new CLI elements:

The mac-vrf keyword at the [edit routing-instances name instance-type] hierarchy level.

•

The service-type configuration statement at the [edit routing-instances name] hierarchy level. We

•

support VLAN-based, VLAN-aware, and VLAN-bundle service types.

(QFX10000 line of switches only) The forwarding-instance configuration statement at the [edit

•

routing-instances name] hierarchy level. With this optional configuration statement, you can map

multiple routing instances to a single forwarding instance. If you don’t include this configuration statement, the default forwarding instance is used.

We continue to support the existing method of routing instance configuration along with the new uniform routing instance configuration.

[See EVPN User Guide.]

MC-LAG emulation in an EVPN deployment (EX-Series, MX-Series, and vMX)—Starting in Junos OS

•

Release 20.4R1, you can emulate the function of an MC-LAG in active-standby mode in an EVPN configuration without having to configure an ICCP or ICL interface. In a standard EVPN configuration, logical interfaces configured on an aggregated Ethernet interface can have different designated forwarder election roles. To emulate an MC-LAG configuration, the designated forwarder (DF) takes on the role of the aggregated Ethernet interface. The provider edge (PE) that is the non-DF will send LACP out-of-sync packets to the CE. This will cause LACP to go down on the CE device, and the CE device will not use the links connected to the non-DF for sending traffic. If the connection between a CE and a DF PE fails, the PE is re-elected as a DF. If the connection between a CE and a non-DF PE fails, the current DF PE is not changed.

To achieve this functionality, configure the lacp-oos-on-ndf statement at the [edit interfaces interface name esi df-election-granularity per-esi] hierarchy.

Support for EVPN E-Tree service (MX240, MX480, and MX960)—Starting in Junos OS 20.4R1, on

•

MX240, MX480, and MX960 routers using MPC10E-15C-MRATE line cards you can configure an Ethernet VPN Ethernet-Tree (E-Tree) service.

[See EVPN-ETREE Overview.]

High Availability (HA) and Resiliency

Support for pause and resume options with unified ISSU (MX Series)—Starting in Junos OS Release

•

20.4R1, MX Series routers support pausing and resuming unified ISSU operations. Use the pause and resume options with the request system software in-service-upgrade command to control when to

pause and resume unified ISSU.

[See request system software in-service-upgrade]

NSR support for IS-IS with SR (ACX Series, MX Series)—Starting in Junos OS Release 20.4R1, MX Series

•

routers support NSR for IS-IS with segment routing (SR). To use NSR, you must first enable GRES on your device.

[See Nonstop Active Routing Concepts]

Interfaces and Chassis

464XLAT support for mobility on MS-MPC (MX Series)—Starting in Junos OS Release 20.4R1, you can

•

specify the IPv6 prefix length for the CLAT source address using the new command clat-ipv6-prefix-length. When you configure this command, NAT rules apply 464XLAT based on destination-address of the traffic, and source-address and source-prefix are no longer required. The

clat-ipv6-prefix-length command is available at the [edit services nat rule rule-name term term-name then translated] hierarchy level.

[See translated and clat-ipv6-prefix-length.]

Juniper Extension Toolkit (JET)

Juniper Extension Toolkit (JET) support for 64-bit applications (MX5, MX10, MX40, MX80, MX104,

•

MX150, MX204, MX240, MX480, MX960, MX2008, MX2010, MX2020, MX10003, MX10008, MX ELM, JunosV Firefly, cSRX, SRX100, SRX110, SRX210, SRX220, SRX240, SRX300, SRX320, SRX340, SRX345, SRX550, SRX550HM, SRX650, SRX720E, SRX750E, SRX1400, SRX1500,SRX3400, SRX3600, SRX4100, SRX4200, SRX4400, SRX4600, SRX4800, SRX5400, SRX5600, SRX5800, SRX7X0E, SRX-ES7, SRX-ES8, VMX, and VSRX)—Starting in Junos OS Release 20.4R1, JET supports 64-bit applications. Use

the following commands to compile 64-bit applications for use with the AMD64 or ARM64 64-bit processor architecture.

mk-amd64: Compiles the application for use with AMD64 and Junos OS with FreeBSD.

•

mk-amd64,bsdx: Compiles the application for use with AMD64 and Junos OS with upgraded FreeBSD.

•

mk-arm64,bsdx: Compiles the application for use with ARM64 and Junos OS with upgraded FreeBSD.

•

[See Develop On-Device JET Applications.]

Configure inner source MAC address for flexible VXLAN tunnels (MX Series and vMX with MPC1-MPC9E

•

or LC2101)—Starting in Junos OS Release 20.4R1, you can use the Juniper Extension Toolkit (JET) RIB Service API to configure the source MAC address used in IPv4 and IPv6 flexible VXLAN tunnel encapsulation profiles. The source MAC addresses is stored in the inner Ethernet header of VXLAN encapsulation. If you don’t specify a source MAC address, the default source MAC address 00:00:5e:00:52:01 is used to encapsulate IPv4 and IPv6 flexible VXLAN tunnels.

Use the show route detail, show route extensive, and show flexible-tunnels profiles CLI commands or the get-route-information and get-flexible-tunnels-profiles RPC/NETCONF commands to view the source MAC address that is specified in the flexible tunnel profile.

[See Understanding Programmable Flexible VXLAN Tunnels and JET APIs on Juniper EngNet.]

Junos OS, XML, API, and Scripting

Support for Certificate Authority Chain Profile (EX2300, EX3400, EX4300, MX240, MX480, MX960,

•

To configure intermediate ca-chain certificate, configure ca-chain ca-chain statement at the [edit system

services rest https] hierarchy level.

Start time option for interval-based internal events that trigger event policies (EX Series, MX Series,

•

[See Generating Internal Events to Trigger Event Policies.]

Junos Telemetry Interface

•

JTI support for inline Junos Traffic Vision sensors with gRPC services (MX Series and PTX Series)—Junos OS Release 20.4R1 supports inline Jflow sensors for FPC3 and MPC 1 through 9. This feature enables you to monitor inline Junos Traffic Vision (previously known as Jflow) service statistics on a router and to export statistics to an outside collector at configurable intervals using remote procedure call (gRPC) services.

Use the resource path /junos/system/linecard/services/inline-jflow/ in a subscription to export statistics.

You can view statistics in the collector output under /components/. The collector component ID in the statistics output will include the FPC slot number for which inline Junos Traffic Vision statistics are exported. For example, inline Jflow statistics for FPC 0 will be under component id 0, and inline Jflow statistics for FPC 1 will be under component id 1.

Inline Junos Traffic Vision statistics are slightly different, depending on the routing platform.

[See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

•

remote procedure call (gRPC) sessions between the collector (client) and server during an SSL certificate update.

After the certificate is updated, any new gRPC session will use the updated certificate.

[See gRPC Services for Junos Telemetry Interface and ssl.]

•

BGP neighbor telemetry with sharding (MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 20.4R1, BGP neighbor telemetry with sharding (multi-threading) is supported.

[See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

•

LACP sensors for actor partner states on JTI (MX Series and PTX Series)—Starting in Junos OS Release

20.4R1, you can use Junos telemetry interface (JTI) and gRPC Network Management Interface (gNMI) services to export LACP actor partner states (also known as LACP port states). When a subscription is configured, ON_CHANGE or periodic streaming statistics are sent from devices to an outside collector.

You can subscribe to /lacpd/ to collect all statistics or include the following resource paths individually in a subscription:

/lacpd/ae/member/partner_collecting

•

/lacpd/ae/member/partner_synchronization

•

/lacpd/ae/member/partner_timeout

•

/lacpd/ae/member/partner_aggregatable

•

/lacpd/ae/member/partner_distributing

•

/junos/system/linecard/interface/traffic/

•

[See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

•

Juniper Resiliency Interface for exception reporting and null route detection (ACX Series, PTX Series and MX Series)—Starting in Junos OS Release 20.4R1, you can use Juniper Resiliency Interface to detect

MPLS

Re-engineering of SR-TE (MX Series, PTX Series)—Starting with Junos OS Release 20.4R1, you can

•

incorporate the following features to enhance the debugging capability of segment routing traffic-engineering (SR-TE):

rib-group import functionality.

•

Display of SR-TE routes installed from various tunnel sources using the show spring-traffic-engineering

•

command.

Template map for BGP SR-TE tunnels.

•

Compute profile in template with distributed Constrained Shortest Path First (CSPF) for dynamic SR-TE

•

tunnels.

6PE (IPv6 over IPv4 SR-TE tunnel)

•

no-chained-composite-next-hop option

•

[See source-packet-routing and show spring-traffic-engineering.]

Support for optimizing auto-bandwidth adjustments for MPLS LSPs (MX Series and PTX Series)—Starting

•

in Junos OS Release 20.4R1, you can configure faster auto-bandwidth adjustment for MPLS LSPs under overflow or underflow conditions. This feature decreases the minimum allowed adjust-threshold-overflow-limit and adjust-interval to 150 seconds when adjust-threshold-overflow-limit and adjust-threshold-underflow-limit cross the configured threshold values. In releases earlier than Junos OS Evolved Release 20.4R1, the adjust-interval is 300 seconds under overflow or underflow conditions.

You can configure faster in-place LSP bandwidth update that avoids signaling of a new LSP instance as part of make-before-break. To configure faster in-place LSP bandwidth update, include the in-place-lsp-bandwidth-update configuration statement at the [edit protocols mpls label-switched-path lsp-name] hierarchy level.

You can also configure RSVP interfaces to support subscription percentage per priority. To configure subscription percentage per priority, include the subscription priority priority percent value configuration statement at the [edit protocols rsvp interface interface-name] hierarchy level.

[See Configuring Optimized Auto-bandwidth Adjustments for MPLS LSPs.]

Support for express segments to establish end-to-end segment routing path (MX Series and PTX

•

Series)—Starting in Junos OS Release 20.4R1, express segments can be used to establish end-to-end TE paths between interconnected TE networks. Express segments (also known as virtual TE links) are generated dynamically through policies matching the underlay LSPs. Express segments and the corresponding abstracted topology (required by RFC7926) is generated with policies.

To apply a policy, include the policy policy-name statement at the [edit protocols express-segment traffic-engineering] hierarchy level.

To configure express segment, include the express-segment statement under the [edit protocols] hierarchy level.

[See How to Establish End-to-End Segment Routing Paths Using Express Segments.]

Network Management and Monitoring

Configuration support to prevent drifting of accounting records (MX Series routers, vMX) —You can

•

configure accounting records to record data in accounting files and archive the accounting files to analyze the information collected. Drifting of the accounting records happens if the time at which the records are written to the accounting file spills beyond the transfer window of the file. Starting in Junos OS Release 20.4R1, to prevent drifting of accounting records:

Use the start-time statement with the accounting profiles (class-usage-profile, filter-profile,

•

flat-file-profile, interface-profile, mib-profile, and routing-engine-profile) to have a predictable start time of the profiles.

Use the timestamp statement with the request accounting add records command to record the

•

timestamp externally instead of epoch timestamp when the command is executed.

[See routing-engine-profile, class-usage-profile, interface-profile, filter-profile, mib-profile, flat-file-profile.]

Configuration retrieval using the configuration revision identifier (EX3400, EX4300, MX204, MX240,

•

MX480, MX960, MX2020, PTX3000, PTX10008, QFX5100, QFX10002-60C, SRX5800, vMX, and vSRX)—Starting in Junos OS Release 20.4R1, you can use the configuration revision identifier feature

to view the configuration for a specific revision. This configuration database revision can be viewed with the CLI command show system configuration revision.

[See show system configuration revision.]

Junos XML protocol operations support loading and comparing configurations using the configuration

•

revision identifier (EX3400, EX4300, MX204, MX240, MX480, MX960, MX2020, PTX3000, PTX10008, QFX5100, QFX10002-60C, SRX5800, vMX, and vSRX)—Starting in Junos OS Release 20.4R1, the Junos

[See <get-configuration> and <load-configuration>.]

Support for an extension to the rpm-tracked static routes (MX Series, PTX Series, and vMX)—Starting

•

in Junos OS Release 20.4R1, you can configure route preference and tag values for each destination-prefix. This feature supports both IPv4 and IPv6 rpm-tracked static routes.

[See show route rpm-tracking.]

Limitations

Qualified next hop is not supported with rpm-tracked static routes. Hence, the setting of preference, metric, and tags applies only to the rpm-tracking static route and not to the related next hops.

Routing Policy and Firewall Filters

Support for route’s next-hop weight in policy match condition (MX Series, PTX Series, and QFX

•

Series)—Starting in Junos OS Release 20.4R1, a route with multiple next-hop paths can use the weight associated with a path to identify primary and backup paths. The path with the lowest weight is used as the primary path, and any paths with higher weights are treated as backup paths. You can use the next-hop weight as a match condition in export policies to redistribute IGP and BGP routes based on whether the primary or backup paths are active.

Configure this match condition using the [edit policy-options policy-statement policy-name term term-name from] statement.

[See policy-statement and show policy.]

Routing Protocols

Support for relaxing BGP router ID format from /32 to a nonzero ID per RFC 6286 ( MX204, NFX

•

Series, PTX5000, QFX Series, and vRR)—Starting in Junos OS Release 20.4R1, you can establish a BGP connection using a BGP identifier that is a 4-octet, unsigned, nonzero integer and it needs to be unique only within the autonomous system (AS) per RFC 6286. In earlier releases, the BGP ID of a BGP speaker was required to be a valid IPv4 host address assigned to the BGP speaker.

To enable this feature, use the bgp-identifier identifier group bgp group name bgp-identifier identifier neighbor peer address bgp-identifier identifier configuration statement at the [edit protocols bgp] hierarchy level.

[See router-id]

Support for multiple single-hop EBGP sessions on different links using the same IPv6 link-local address

•

(ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—Starting in Junos OS Release 20.4R1, you are no longer required to have unique peer addresses for Juniper devices for every EBGP session. You can now enable single-hop EBGP sessions on different links over multiple directly-connected peers that use the same IPv6 link-local address.

In earlier Junos OS Releases, BGP peers could be configured with link-local addresses, but multiple BGP peers could not be configured to use the same link-local address on different interfaces.

[See Configure Multiple Single-Hop EBGP Sessions on Different Links Using the Same Link-Local Address

(IPv6).]

Support for IPv6 L3VPN over IPv6 SR-TE and IPv6 Underlay (MX Series)—Starting in Junos OS Release

•

20.4R1, You can configure an IPv6 Layer3 VPN connection with an IPv6 local address and an IPv6

neighbor address. We have extended BGP support for IPv6 Layer 3 VPN over BGP IPv6 SR-TE in IS-IS networks. You can connect an IPv6 provider edge device with a colored or non-colored IPv6 penultimate nexthop (PNH) address mapped to IPv6 SR-TE tunnels.

To configure an IPv6 address for Layer 3 VPN connection, include the family inet6-vpn configuration statement at the [edit protocols bgp group name] hierarchy level.

[See Understanding Static Segment Routing LSP in MPLS Networks.]

Support for BGP Labeled Unicast prefix SID (MX Series and PTX Series)—Starting in Junos OS 20.4R1,

•

BGP labeled unicast can carry segment routing global block label range and index information through the prefix segment attribute. With this feature we support segment routing using the BGP labeled unicast prefix segments and the MPLS data plane in medium to large scaled data centers. The controller directs the server to assign a stack- of labels to an incoming packet based on the available network state information. The assigned label stack avoids congested paths and steers the packet through a best available path.

To configure and advertise the SRGB label range specifically for BGP include the source-packet-routing

srgb start-label start-label index-range index-rante and advertise-srgb configuration statements at the [edit protocols bgp] hierarchy level.

To advertise prefix SIDs to external BGP peers, include the advertise-prefix-sid configuration statement at the [edit protocols bgp] hierarchy level. You can configure this statement globally or for specific BGP groups or BGP neighbors.

[See srgb.]

Support for SRv6 network programming and Layer 3 Services over SRv6 in BGP (MX Series)—Starting

•

in Junos OS Release 20.4R1, you can configure BGP based Layer 3 service over SRv6 core. You can enable Layer 3 overlay services with BGP as control plane and SRv6 as dataplane. SRv6 network programming provides flexibility to leverage segment routing without deploying MPLS. Such networks depend only on the IPv6 headers and header extensions for transmitting data.

To configure IPv4 and IPv6 transport over SRv6 core, include the end-dt4-sid sid and the end-dt6-sid sid statements at the [edit protocols bgp source-packet-routing srv6 locator name] hierarchy level.

To configure IPv4 VPN and IPv6 VPN service over SRv6 core, include the end-dt4-sid sid and the

end-dt6-sid sid statements at the [edit routing-instances routing-instance name protocols bgp source-packet-routing srv6 locator name] hierarchy level.

[See Understanding SRv6 Network Programming and Layer 3 Services over SRv6 in BGP.]

Support for unicast ARP request on table entry expiration (MX Series)—Starting in Junos OS Release

•

20.4R1, you can configure the device to send a unicast ARP request instead of the default broadcast request when an ARP table entry is about to expire. The retry requests are unicast at intervals of 5 seconds. Without this option, the retry requests are broadcast at intervals of 800 milliseconds. This behavior reduces overall ARP broadcast traffic. It also supports the use case where access nodes are configured not to forward broadcast ARP requests toward customer CPEs for security reasons and to

Junos OS 20.4R1 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

SUPPORTED ON

Contents

Introduction

Junos OS Release Notes for ACX Series

What's New

Hardware

High Availability (HA) and Resiliency

Junos Telemetry Interface

Routing Protocols

Timing and Synchronization

What's Changed

General Routing

MPLS

Network Management and Monitoring

Routing Protocols

User Interface and Configuration

Known Limitations

General Routing

Timing and Synchronization

Open Issues

Class of Service (CoS)

General Routing

Platform and Infrastructure

VPNs

Resolved Issues

Forwarding and Sampling

General Routing

Interfaces and Chassis

Layer 2 Features

Routing Protocols

Documentation Updates

Migration, Upgrade, and Downgrade Instructions

Upgrade and Downgrade Support Policy for Junos OS Releases

Junos OS Release Notes for cRPD

What’s New

Platform and Infrastructure

What's Changed

Junos Telemetry Interface

Known Limitations

Open Issues

Resolved Issues

Routing Policy and Firewall Filters

Junos OS Release Notes for cSRX

What’s New

What's Changed

Platform and Infrastructure

Known Limitations

Open Issues

Resolved Issues

Junos OS Release Notes for EX Series

What's New

Authentication, Authrorization, and Accounting

EVPN

Interfaces and Chassis

Junos OS XML, API, and Scripting

Network Management and Monitoring

Routing Protocols

Software Installation and Upgrade

Subscriber Management and Services

What's Changed

MPLS

Network Management and Monitoring

Platform and Infrastructure

User Interface and Configuration

Known Limitations

EVPN

Platform and Infrastructure

Open Issues

Infrastructure

Juniper Extension Toolkit (JET)

Platform and Infrastructure

Routing Policy and Firewall Filters

Routing Protocols

User Interface and Configuration

Resolved Issues

Authentication and Access Control