Junos OS Release 17.1R2 User Manual

Release Notes: Junos®OS Release 17.1R2 for
the ACX Series, EX Series, MX Series and PTX
Series, QFX Series, and Junos Fusion
3 September 2020
1

Contents

Introduction | 9
New and Changed Features | 10
Release 17.1R2 New and Changed Features | 10
Release 17.1R1 New and Changed Features | 10
Changes in Behavior and Syntax | 16
Interfaces and Chassis | 17
General Routing | 17
MPLS | 17
Services Applications | 17
System Management | 17
User Interface and Configuration | 17
Known Behavior | 18
Known Issues | 19
Network Address Translation (NAT) and Stateful Firewall Services | 19
Generic Routing Encapsulation | 20
Firewall | 20
Layer 2 Features | 20
MPLS | 20
SNMP | 20
Timing and Synchronization | 21
Resolved Issues | 21
Resolved Issues: 17.1R2 | 22
Resolved Issues: 17.1R1 | 22
Documentation Updates | 22
Migration, Upgrade, and Downgrade Instructions | 23
Upgrade and Downgrade Support Policy for Junos OS Releases | 23
Product Compatibility | 24
Hardware Compatibility | 24
Junos OS Release Notes for EX Series Switches | 25
New and Changed Features | 25
Release 17.1R2 New and Changed Features | 26
Release 17.1R1 New and Changed Features | 26
Changes in Behavior and Syntax | 30
High Availability (HA) and Resiliency | 31
2
MPLS | 31
Services Applications | 31
System Management | 31
User Interface and Configuration | 31
Known Behavior | 32
Known Issues | 33
Authentication, Authorization, and Accounting (AAA) (RADIUS) | 33
High Availability (HA) and Resiliency | 33
Infrastructure | 34
Interfaces and Chassis | 34
Junos Fusion Enterprise | 34
Network Management and Monitoring | 35
Platform and Infrastructure | 35
Port Security | 35
Security | 36
Virtual Chassis | 36
Resolved Issues | 36
Resolved Issues: 17.1R2 | 37
Resolved Issues: 17.1R1 | 39
Documentation Updates | 41
Migration, Upgrade, and Downgrade Instructions | 42
Upgrade and Downgrade Support Policy for Junos OS Releases | 42
Product Compatibility | 43
Hardware Compatibility | 43
Junos OS Release Notes for Junos Fusion Enterprise | 44
New and Changed Features | 44
Release 17.1R2 New and Changed Features | 45
Release 17.1R1 New and Changed Features | 45
Changes in Behavior and Syntax | 49
System Management | 50
Known Behavior | 50
Junos Fusion Enterprise | 50
Known Issues | 53
Junos Fusion Enterprise | 53
3
Resolved Issues | 55
Resolved Issues: 17.1R2 | 55
Resolved Issues: 17.1R1 | 55
Documentation Updates | 56
Migration, Upgrade, and Downgrade Instructions | 56
Basic Procedure for Upgrading Junos OS on an Aggregation Device | 57
Upgrading from Junos OS Release 16.1 to 17.1 in a JUNOS OS Fusion Enterprise
System | 59
Upgrading an Aggregation Device with Redundant Routing Engines | 60
Preparing the Switch for Satellite Device Conversion | 60
Converting a Satellite Device to a Standalone Switch | 62
Upgrade and Downgrade Support Policy for Junos OS Releases | 64
Downgrading from Release 17.1 | 64
Product Compatibility | 65
Hardware and Software Compatibility | 65
Hardware Compatibility Tool | 66
Junos OS Release Notes for Junos Fusion Provider Edge | 66
New and Changed Features | 67
Release 17.1R2 New and Changed Features | 67
Release 17.1R1 New and Changed Features | 67
Changes in Behavior and Syntax | 68
System Management | 68
Known Behavior | 69
Known Issues | 69
Junos Fusion | 70
Resolved Issues | 70
Resolved Issues: 17.1R2 | 71
Resolved Issues: 17.1R1 | 71
Documentation Updates | 71
Migration, Upgrade, and Downgrade Instructions | 72
4
Basic Procedure for Upgrading an Aggregation Device | 72
Upgrading an Aggregation Device with Redundant Routing Engines | 75
Preparing the Switch for Satellite Device Conversion | 75
Converting a Satellite Device to a Standalone Device | 76
Upgrading an Aggregation Device | 79
Upgrade and Downgrade Support Policy for Junos OS Releases | 79
Downgrading from Release 17.1 | 79
Product Compatibility | 80
Hardware Compatibility | 80
Junos OS Release Notes for MX Series 5G Universal Routing Platforms | 81
New and Changed Features | 82
Release 17.1R2 New and Changed Features | 82
Release 17.1R1 New and Changed Features | 84
Changes in Behavior and Syntax | 106
Interfaces and Chassis | 107
Junos OS XML API and Scripting | 108
LDP | 109
Management | 109
MPLS | 109
Network Management and Monitoring | 110
Operation, Administration, and Maintenance (OAM) | 111
Routing Protocols | 111
Security | 113
Services Applications | 113
Subscriber Management and Services | 114
System Management | 116
User Interface and Configuration | 116
VPNs | 116
Known Behavior | 117
Class of Service (CoS) | 118
General Routing | 118
High Availability (HA) and Resiliency | 118
Interfaces and Chassis | 118
Software Installation and Upgrade | 118
5
Subscriber Management and Services | 119
Known Issues | 120
Forwarding and Sampling | 120
General Routing | 121
High Availability (HA) and Resiliency | 125
Infrastructure | 125
Interfaces and Chassis | 125
Layer 2 Ethernet Services | 126
Layer 2 Features | 126
MPLS | 126
Network Management and Monitoring | 127
Platform and Infrastructure | 127
Routing Protocols | 128
Services Applications | 129
Subscriber Access Management | 129
User Interface and Configuration | 130
VPNs | 130
Resolved Issues | 130
Resolved Issues: 17.1R2 | 131
Resolved Issues: 17.1R1 | 140
Documentation Updates | 147
Subscriber Management Access Network Guide | 147
Subscriber Management Provisioning Guide | 148
Migration, Upgrade, and Downgrade Instructions | 148
Basic Procedure for Upgrading to Release 17.1 | 150
UProcedure to Upgrade to FreeBSD 10.x based Junos OS | 150
Procedure to Upgrade to FreeBSD 6.x based Junos OS | 152
Upgrade and Downgrade Support Policy for Junos OS Releases | 154
Upgrading a Router with Redundant Routing Engines | 155
Downgrading from Release 17.1 | 155
Product Compatibility | 156
Hardware Compatibility | 156
Junos OS Release Notes for PTX Series Packet Transport Routers | 157
New and Changed Features | 157
6
Release 17.1R2 New and Changed Features | 158
Release 17.1R1 New and Changed Features | 158
Changes in Behavior and Syntax | 167
General Routing | 168
Interfaces and Chassis | 168
Management | 168
MPLS | 169
Network Management and Monitoring | 169
Routing Protocols | 170
Services Applications | 170
System Management | 170
User Interface and Configuration | 170
Known Behavior | 171
High Availiablity (HA) and Resiliency | 171
Known Issues | 172
General Routing | 172
Interfaces and Chassis | 173
Platform and Infrastructure | 173
User Interface and Configuration | 174
Resolved Issues | 174
Resolved Issues: 17.1R2 | 175
Resolved Issues: 17.1R1 | 176
Documentation Updates | 177
Migration, Upgrade, and Downgrade Instructions | 178
Basic Procedure for Upgrading to Release 17.1 | 178
Upgrade and Downgrade Support Policy for Junos OS Releases | 181
Upgrading a Router with Redundant Routing Engines | 181
Product Compatibility | 182
Hardware Compatibility | 182
Junos OS Release Notes for the QFX Series | 183
New and Changed Features | 183
Release 17.1R2 New and Changed Features | 184
Release 17.1R1 New and Changed Features | 184
7
Changes in Behavior and Syntax | 203
MPLS | 204
Network Management and Monitoring | 204
Services Applications | 204
Software Installation and Upgrade | 204
System Management | 204
User Interface and Configuration | 205
Known Behavior | 205
Known Issues | 206
Hardware | 207
Infrastructure | 207
Layer 2 Features | 207
Network Management and Monitoring | 207
Open vSwitch Database Management Protocol (OVSDB) | 207
OpenFlow | 207
Platform and Infrastructure | 207
Routing Protocols | 208
System Management | 209
Resolved Issues | 209
Resolved Issues: 17.1R2 | 210
Resolved Issues: 17.1R1 | 212
Documentation Updates | 214
Migration, Upgrade, and Downgrade Instructions | 215
Upgrading Software on QFX Series Switches | 215
Installing the Software on QFX10002 Switches | 218
Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release
15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches | 218
Installing the Software on QFX10008 and QFX10016 Switches | 220
Performing a Unified ISSU | 224
Preparing the Switch for Software Installation | 225
Upgrading the Software Using Unified ISSU | 225
8
Product Compatibility | 228
Hardware Compatibility | 228
Upgrading Using ISSU | 229
Compliance Advisor | 229
Finding More Information | 229
Requesting Technical Support | 230
Self-Help Online Tools and Resources | 230
Opening a Case with JTAC | 231
Revision History | 231

Introduction

Junos OS runs on the following Juniper Networks®hardware: ACX Series, EX Series, MX Series, PTX Series, QFabric systems, QFX Series, SRX Series, and Junos Fusion.
These release notes accompany Junos OS Release 17.1R2 for the ACX Series, EX Series, Junos Fusion Enterprise, Junos Fusion Provider Edge, MX Series, PTX Series, and QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

Junos OS Release Notes for ACX Series

IN THIS SECTION
9
New and Changed Features | 10
Changes in Behavior and Syntax | 16
Known Behavior | 18
Known Issues | 19
Resolved Issues | 21
Documentation Updates | 22
Migration, Upgrade, and Downgrade Instructions | 23
Product Compatibility | 24
These release notes accompany Junos OS Release 17.1R2 for the ACX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release noteson the Juniper Networks Junos OS Documentation webpage, located at http://www.juniper.net/techpubs/software/junos/.

New and Changed Features

IN THIS SECTION
Release 17.1R2 New and Changed Features | 10
Release 17.1R1 New and Changed Features | 10
This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for ACX Series Universal Metro Routers.

Release 17.1R2 New and Changed Features

There are no new features or enhancements to existing features for ACX Series Universal Metro Routers in Junos OS Release 17.1R2.
10

Release 17.1R1 New and Changed Features

This section describes the new features or enhancements to existing features for ACX Series Universal Metro Routers in Junos OS Release 17.1R1.
Application Level Gateways (ALGs)
Support for Application Level Gateways (ALGs) for NAT processing (ACX500)—Starting with Junos OS
Release 17.1R1, ACX500 routers support basic TCP, basic UDP, DNS, FTP, ICMP, TFTP, and UNIX Remote-Shell Services ALGs for NAT processing.
NOTE: The ALG for NAT is supported only on the ACX500 indoor routers.
[See ALGs Available by Default for Junos OS Address Aware NAT on ACX500 Router.]
Bridging
Support for DHCP option 82 over bridge domain (ACX5000)—Starting with Junos OS Release 17.1R1,
ACX Universal Metro Routers supports configuring DHCP option 82 over bridge domain. ACX routers support option 82 type, length, and value (TLV) information for DHCP client messages over bridge domain.
[See Using DHCP Relay Agent Option 82 Information.]
11
Firewall
Support for stateful firewall (ACX500)—Starting with Junos OS Release 17.1R1, ACX500 Universal
Metro Routers supports configuring stateful firewall rules. Contrasted with a stateless firewall that inspects packets in isolation, a stateful firewall provides an extra layer of security by using state information derived from past communications and other applications to make dynamic control decisions for new communication attempts.
NOTE: The stateful firewall configuration is supported only on the ACX500 indoor routers.
[See Junos Network Secure Overview.]
Generic Routing
Support for generic routing encapsulation (GRE) (ACX Series)—Starting with Junos OS Release 17.1R1,
ACX Series Universal Metro Routers support configuring generic routing encapsulation (GRE). GRE provides a private, secure path for transporting packets through an otherwise public network by encapsulating (or tunneling) the packets inside a transport protocol known as an IP encapsulation protocol.
[See Understanding Generic Routing Encapsulation on ACX Series.]
Interfaces and Chassis
Aggregated Ethernet load-balancing support for circuit cross-connect (CCC), VPLS, bridge domain, and
Layer 3 VPN (ACX5000)—Starting with Junos OS Release 17.1R1, ACX5000 Universal Metro Routers support aggregated Ethernet (AE) operation over Layer 2 circuit, Layer 3 VPN, bridge domain, CCC, OAM, no-local-switching, and IGMP snooping. Also supported are AE class of service and firewall support for families such as bridge domain, VPLS, CCC, MPLS, IPv4, and IPv6. The firewall support extends the support for single-rate two-color policer and two-rate two-color policer.
[See Understanding Ethernet Link Aggregation on ACX Series Routers.]
Junos OS XML API and Scripting
Support for Python language for commit, event, op, and SNMP scripts (ACX500, ACX1000, ACX1100,
ACX2000, ACX2100, ACX2200, and ACX4000)—Starting in Junos OS Release 17.1R1, you can author commit, event, op, and SNMP scripts in Python on devices that include the Python extensions package in the software image. Creating automation scripts in Python enables you to take advantage of Python features and libraries as well as leverage Junos PyEZ APIs to perform operational and configuration tasks on devices running Junos OS. To enable execution of Python automation scripts, which must be owned by either root or a user in the Junos OS super-user login class, configure the language python statement at the [edit system scripts] hierarchy level, and configure the filename for the Python script under the hierarchy level appropriate to that script type. Supported Python versions include Python 2.7.x.
12
[See Understanding Python Automation Scripts for Devices Running Junos OS.]
Layer 2 Features
Support for pseudowire cross-connect (ACX5000)—Starting with Junos OS Release 17.1R1, ACX5000
Universal Metro Routers supports pseudowire cross-connect. The pseudowire cross-connect feature enables virtual circuit (VC) to terminate locally on a router and supports local switching of Layer 2 circuits. Layer 2 circuits allows the creation of point-to-point Layer 2 connections over an IP and MPLS-based network. Physical circuits with the same Layer 2 encapsulations can be connected together across such a network.
[See Configuring Local Interface Switching in Layer 2 Circuits.]
Mirroring
Support for port mirroring (ACX5000)—Starting with Junos OS Release 17.1R1, ACX5000 Universal
Metro Routers supports port mirroring to mirror a copy of a packet to a configured destination, in addition to the normal processing and forwarding of the packet. Port mirroring is supported on both ingress and egress ports, using a protocol analyzer application that passes the input to mirror through a list of ports configured through the logical interface.
[See Port, VLAN, and Flow Mirroring Overview.]
MPLS
Support for the Path Computation Element Protocol (ACX Series)—Starting with Junos OS Release
17.1R1, ACX Series Universal Metro Routers support the Path Computation Element Protocol (PCEP). A Path Computation Element (PCE) is an entity (component, application, or network node) that is capable of computing a network path or route based on a network graph and applying computational constraints. A Path Computation Client (PCC) is any client application requesting a path computation to be performed by a PCE. PCEP enables communications between a PCC and a PCE, or between two PCEs (defined in RFC 5440). PCEP is a TCP-based protocol defined by the IETF PCE Working Group, and defines a set of messages and objects used to manage PCEP sessions and to request and send paths for multidomain traffic engineered LSPs (TE LSPs). It provides a mechanism for a PCE to perform path computation for a PCC’s external LSPs. The PCEP interactions include LSP status reports sent by the PCC to the PCE, and PCE updates for the external LSPs.
[See PCEP Overview.]
Network Management and Monitoring
Support for hrProcessorTable object (ACX Series)—Starting in Junos OS Release 17.1R1, support is
provided for the hrProcessorTable object (object id: 1.3.6.1.2.1.25.3.3) described in the RFC2790, Host Resources MIB. The hrProcessorTable object provides the load statistics information per CPU for multi-core
devices.
13
[See SNMP MIB Explorer.]
Support for RFC 2544 reflector (ACX5000)—Starting with Junos OS Release 17.1R1, ACX5000 Universal
Metro Routers support the Layer 1 reflector functionality for performing RFC 2544 benchmarking tests. The device that is configured as a reflector reflects or sends back the packets as they are received on the pseudowire. This feature does not support any packet modification functionality. To enable your ACX5000 router to reflect the packets back to the initiator, you can configure any unused physical port on the router as the reflector port. Use the reflector-port statement at the [edit services rpm rfc2544-benchmarking tests test-name] hierarchy level to configure the reflector port.
[See RFC 2544-Based Benchmarking Tests Overview.]
Operations, Administration, and Management (OAM)
SNMP support for Service OAM (SOAM) performance monitoring functions (ACX Series)—Starting with
Junos OS Release 17.1R1, ACX Series Universal Metro Routers SNMP support Service OAM (SOAM) performance monitoring functions that are defined in Technical Specification MEF 17, the Service OAM performance monitoring requirements specified in SOAM-PM, and the Service OAM management objects specified in Technical Specification MEF 7.1.
A new enterprise-specific MIB, SOAM PM MIB, that defines the management objects for Ethernet services operations, administration, and maintenance for performance monitoring, has been added and SNMP support is available for the MIB objects defined in Technical Specification MEF 36.
[See Interpreting the Enterprise-Specific Service OAM MIB.]
Spanning Tree Protocols
Support for bridge protocol data unit, loop protect, and root protect (ACX Series)—Starting with Junos
OS Release 17.1R1, ACX Series Universal Metro Routers support configuring bridge protocol data unit (BPDU), loop protect, and root protect on spanning-tree instance interface. You can configure BPDU protection on individual interfaces or on all the edge ports of the bridge.
14
[See Understanding BPDU Protection for Spanning-Tree Instance Interfaces, Understanding Loop
Protection for Spanning-Tree Instance Interfaces, Understanding Root Protection for Spanning-Tree Instance Interfaces in a Layer 2 Switched Network.]
Timing and Synchronization
Support for precision time protocol over integrated routing and bridging (ACX Series)—Starting with
Junos OS Release 17.1R1, ACX Series Universal Metro Routers support configuring precision time protocol (PTP) over integrated routing and bridging (IRB). You can configure a boundary clock node with PTP (IPv4) over IRB in a master-only mode across single or multiple IRB logical interfaces.
[See Configuring Precision Time Protocol Over Integrated Routing and Bridging.]
Support for Timing and Synchronization (ACX Series)—Starting with Junos OS Release 17.1R1, ACX
Universal Metro Routers support external clock synchronization and automatic clock selection for Synchronous Ethernet, T1 or E1 line timing sources, and external inputs. The IEEE 1588v2 standard defines the Precision Time Protocol (PTP), which is used to synchronize clocks throughout a network. ACX Series routers support PTP ordinary clock and boundary clock features. ACX Series routers also support PTP over Ethernet.
[See External Clock Synchronization Overview for ACX Series Routers, Automatic Clock Selection
Overview.]
Support for transparent clock (ACX5000)—Starting with Junos OS Release 17.1R1, ACX5000 Universal
Metro Routers support the transparent clock functionality. Transparent clocks measure packet residence time for Precision Time Protocol (PTP) events. The packet delay variation experienced by PTP packets can be attributed to queuing and buffering delays inside the router. ACX5000 routers support only end-to-end transparent clock functionality as defined in the IEEE 1588 standard. The transparent clock functionality works for both PTP over IP (PTPoIP), and PTP over Ethernet (PTPoE).
To configure the transparent clock functionality, you must include the e2e-transparent statement at the [edit protocol ptp] hierarchy level.
Use the show ptp global-information command to check the status of the transparent clock functionality configured on the router.
[See Understanding Transparent Clocks in Precision Time Protocol.]
Tunneling
Support for remote loop-free alternate (LFA) over LDP tunnels in IS-IS and OSPF networks
(ACX5000)—Starting with Junos OS Release 17.1R1, ACX5000 Universal Metro Routers support remote LFA over LDP tunnels in an IS-IS and OSPF network. Remote LFA increases the backup coverage for IS-IS and OSPF routes and provides protection especially for Layer 1 metro-rings. The IS-IS protocol creates a dynamic LDP tunnel to reach the remote LFA node from the point of local repair (PLR). The PLR uses this remote LFA backup path when the primary link fails.
[See Configuring Remote LFA Backup over LDP Tunnels in an OSPF Network, Configuring Remote LFA
Backup over LDP Tunnels in an IS-IS Network.]
Support for automatic bandwidth allocation for label-switched paths (ACX5000)—Starting with Junos
OS Release 17.1R1, ACX5000 Universal Metro Routers support automatic bandwidth allocation for label-switched paths (LSPs). Automatic bandwidth allocation allows an MPLS tunnel to automatically adjust its bandwidth allocation based on the volume of traffic flowing through the tunnel. You can configure an LSP with minimal bandwidth, and this feature can dynamically adjust the LSP’s bandwidth allocation based on current traffic patterns. The bandwidth adjustments do not interrupt traffic flow through the tunnel.
15
[See Automatic Bandwidth Allocation for LSPs.]
VPLS
Mesh group support for VPLS routing (ACX5000)—Starting with Junos OS Release 17.1R1, ACX5000
Universal Metro Routers support mesh group configuration for VPLS routing instances. A mesh group within the routing instance is a group of PE interface members with common forwarding attributes. The following are the default member attributes in a mesh group:
no-local-switching—Traffic will not switch between members of the same mesh group (known-unicast,
multicast, broadcast, unknown-unicast).
flood-to-all-other-mesh-group—Traffic can flow from a member of one mesh group to any set of
members of other mesh groups.
[See Configuring Interoperability Between BGP Signaling and LDP Signaling in VPLS.]
SEE ALSO
Changes in Behavior and Syntax | 16
Known Behavior | 18
Known Issues | 19
Resolved Issues | 21
Documentation Updates | 22
Migration, Upgrade, and Downgrade Instructions | 23
Product Compatibility | 24

Changes in Behavior and Syntax

IN THIS SECTION
Interfaces and Chassis | 17
General Routing | 17
16
MPLS | 17
Services Applications | 17
System Management | 17
User Interface and Configuration | 17
This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 17.1R2 for the ACX Series.

Interfaces and Chassis

Support for logical interfaces (ACX5048 and ACX5096)—ACX5048 and ACX5096 routers do not support
configuring more than 1000 logical interfaces.

General Routing

For the routing command, starting in Junos 15.1F3, 15.1R2, 15.1R3, and 15.2R1, 64-bit mode is enabled
by default on systems that support it and that have at least 16 GB of RAM.

MPLS

Representation for OSPF DR node—Up until version -10 of the BGP-LS draft, the OSPF DR node representation was ambiguous. One could represent DR node as 'AdvertisingRouterId-InterfaceIpAddress' or 'InterfaceIpAddress-1'. Junos OS used to follow 'InterfaceIpAddress-1' format. Starting with version '-11' of the BGP-LS draft, the representation for OSPF DR node must be 'AdvertisingRouterId-InterfaceIpaddress'. Junos OS now follows the latest format.
17

Services Applications

Device discovery with device-initiated connection (ACX Series)—In Junos OS Release 17.1R1 and later
releases, when you configure statements and options under the [system services ssh] hierarchy and commit the configuration, make sure that the system reaches a stable state before you commit any outbound-ssh configurations.
You use the device discovery feature in the Devices workspace to add devices to Junos Space Network Management Platform. By default, Junos Space manages devices by initiating and maintaining a connection to the device.
[See Device Discovery Overview.]

System Management

Peers option not supported in batch configuration mode— Starting in Junos OS Release 17.1R1, the
peers option at the [edit system commit] hierarchy level is not supported in batch configuration mode.

User Interface and Configuration

Integers in configuration data in JSON format are displayed without quotation marks (ACX
Series)—Starting in Junos OS Release 17.1R1, integers in Junos OS configuration data emitted in JavaScript
Object Notation (JSON) format are not enclosed in quotation marks. Prior to Junos OS Release 17.1, integers in JSON configuration data were treated as strings and enclosed in quotation marks.
Changes to the show system schema module juniper-command output directory (ACX Series)—Starting
in Junos OS Release 17.1R1, when you issue the show system schema module juniper-command operational command in the Junos OS CLI, the device places the generated output files in the current working directory, which defaults to the user’s home directory. Prior to Junos OS Release 17.1R1, the generated output files are placed in the /var/tmp directory.
SEE ALSO
New and Changed Features | 10
Known Behavior | 18
Known Issues | 19
Resolved Issues | 21
18
Documentation Updates | 22
Migration, Upgrade, and Downgrade Instructions | 23
Product Compatibility | 24

Known Behavior

There are no known limitations in Junos OS Release 17.1R2 for the ACX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
SEE ALSO
New and Changed Features | 10
Changes in Behavior and Syntax | 16
Known Issues | 19
Resolved Issues | 21
Documentation Updates | 22
Migration, Upgrade, and Downgrade Instructions | 23
Product Compatibility | 24

Known Issues

IN THIS SECTION
Network Address Translation (NAT) and Stateful Firewall Services | 19
Generic Routing Encapsulation | 20
Firewall | 20
Layer 2 Features | 20
MPLS | 20
SNMP | 20
Timing and Synchronization | 21
19
This section lists the known issues in hardware and software in Junos OS Release 17.1R2 for the ACX Series Universal Metro Routers.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Network Address Translation (NAT) and Stateful Firewall Services

On the ACX500 routers, when service application logging is enabled at [edit services service-set
service-set-name syslog host host-name class] hierarchy level and when packets containing errors are received at higher rate toward the service engine, the resource scale requirements at the service engine cannot be met and the service processor might reboot. As a workaround, you can disable the application logging. PR1223500
On the ACX500 routers, when there is a fast ramp-up of scaled user applications, the resource
requirements of the service engine cannot be met. As a workaround, you can disable the application logging. PR1226153

Generic Routing Encapsulation

Traffic loss is seen after restarting the chassis-control when 64 gr- logical interfaces are configured. This
occurs when you restart the Packet Forwarding Engine (PFE) and when there are multiple gr- logical interfaces configured. The traffic automatically resumes once all the ARP entries for the traffic are learned. PR1228216

Firewall

On the ACX5000 line of routers, if you apply firewall filter to an interface using input-list at the [edit
interfaces interface-name unit unit-name family ethernet-switching filter] hierarchy level, then commit does not happen. PR1037604

Layer 2 Features

On the ACX5000 line of routers, when you issue the show ethernet-switching table summary vlan-name
CLI command, an l2ald.core.0.gz core is generated. PR1042995
20
When interface flaps or process restarts occurs, the interface configured for RSTP with root protection
may not transit to DESG state. There is no workaround available.PR1223137

MPLS

The link protection does not work properly when auto bandwidth is configured on the ACX5000 line of
routers. After the interface disable has been deleted, the backup will remain active for 90 seconds. The auto-adjustment of bandwidth does not happen at the first instance when the auto-adjustment timer expires and the bandwidth is adjusted only at the second instance when the timer expires. PR1233761

SNMP

ACX Series routers do not have control board and when you issue the show snmp mib walk
jnxOperatingState CLI command, the parameter always shows online.
The following is an example of the show snmp mib walk jnxOperatingState CLI command output:
user@host> show snmp mib walk jnxOperatingState jnxOperatingState.1.1.0.0 = 2 jnxOperatingState.6.1.0.0 = 2 jnxOperatingState.7.1.0.0 = 2 jnxOperatingState.9.1.0.0 = 2 jnxOperatingState.12.0.0.0 = 2
PR1191995

Timing and Synchronization

When you run the restart clksyncd-service CLI command, incorrect correction field values are seen
when transparent clock is INACTIVE. This does not have any functional impact. PR1067583
When interface flaps or process restarts occurs, the interface configured for RSTP with root protection
may not transit to DESG state. There is no workaround available.PR1223137
SEE ALSO
New and Changed Features | 10
Changes in Behavior and Syntax | 16
Known Behavior | 18
21
Resolved Issues | 21
Documentation Updates | 22
Migration, Upgrade, and Downgrade Instructions | 23
Product Compatibility | 24

Resolved Issues

IN THIS SECTION
Resolved Issues: 17.1R2 | 22
Resolved Issues: 17.1R1 | 22
This section lists the issues fixed in the Junos OS main release and the maintenance releases.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 17.1R2

General Routing
The SNMP MIB walk for jnxOperatingState incorrectly shows the CB status as down. PR1191995
10-Gigabit Ethernet interface fault detection behavior changed. PR1223457

Resolved Issues: 17.1R1

There are no fixed issues in Junos OS 17.1R1 for ACX Series.
SEE ALSO
New and Changed Features | 10
Changes in Behavior and Syntax | 16
22
Known Behavior | 18
Known Issues | 19
Documentation Updates | 22
Migration, Upgrade, and Downgrade Instructions | 23
Product Compatibility | 24

Documentation Updates

There are no errata or changes in Junos OS Release 17.1R2 for the ACX Series documentation.
SEE ALSO
New and Changed Features | 10
Changes in Behavior and Syntax | 16
Known Behavior | 18
Known Issues | 19
Resolved Issues | 21
Migration, Upgrade, and Downgrade Instructions | 23
Product Compatibility | 24

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION
Upgrade and Downgrade Support Policy for Junos OS Releases | 23
This section contains the upgrade and downgrade support policy for Junos OS for the ACX Series Universal Metro Routers. Upgrading or downgrading Junos OS might take several hours, depending on the size and configuration of the network.
For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

23
Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 15.1,
16.1 and 16.2 are EEOL releases. You can upgrade from Junos OS Release 15.1 to Release 16.1 or even from Junos OS Release 15.1 to Release 16.2. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.
To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see
https://www.juniper.net/support/eol/junos.html.
SEE ALSO
New and Changed Features | 10
Changes in Behavior and Syntax | 16
Known Behavior | 18
Known Issues | 19
Resolved Issues | 21
Documentation Updates | 22
Product Compatibility | 24

Product Compatibility

IN THIS SECTION
Hardware Compatibility | 24

Hardware Compatibility

24
To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.
To determine the features supported on ACX Series routers in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at https://pathfinder.juniper.net/feature-explorer/.
Hardware Compatibility Tool
For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.
SEE ALSO
New and Changed Features | 10
Changes in Behavior and Syntax | 16
Known Behavior | 18
Known Issues | 19
Resolved Issues | 21
Documentation Updates | 22
Migration, Upgrade, and Downgrade Instructions | 23

Junos OS Release Notes for EX Series Switches

IN THIS SECTION
New and Changed Features | 25
Changes in Behavior and Syntax | 30
Known Behavior | 32
Known Issues | 33
Resolved Issues | 36
Documentation Updates | 41
Migration, Upgrade, and Downgrade Instructions | 42
Product Compatibility | 43
25
These release notes accompany Junos OS Release 17.1R2 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at http://www.juniper.net/techpubs/software/junos/.

New and Changed Features

IN THIS SECTION
Release 17.1R2 New and Changed Features | 26
Release 17.1R1 New and Changed Features | 26
This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for EX Series.
NOTE: The following EX Series switches are supported in Release 17.1R2: EX4300, EX4600,
and EX9200.
NOTE: In Junos OS Release 17.1R2, J-Web is supported on the EX4300 and EX4600 switches
in both standalone and Virtual Chassis setup.
The J-Web distribution model being used provides two packages:
Platform package—Installed as part of Junos OS; provides basic functionalities of J-Web.
Application package—Optionally installable package; provides complete functionalities of
J-Web.
For details about the J-Web distribution model, see Release Notes: J-Web Application Package
Release 17.1A1 for EX4300 and EX4600 Switches.
26

Release 17.1R2 New and Changed Features

There are no new features or enhancements to existing features for EX Series in Junos OS Release
17.1R2.

Release 17.1R1 New and Changed Features

Hardware
New Routing Engine for EX9200 Switches—Starting with Junos OS Release 17.1R1, EX9200 switches
support the new Routing Engine EX9200-RE2.
[See Routing Engine Module in an EX9200 Switch.]
New Configurations for EX9200 Switches—Starting with Junos OS Release 17.1R1, EX9200 switches
are available in the following configurations:
EX9204-AC-BND2
EX9204-RED3B-AC
EX9204-RED3B-DC
EX9204-BASE3B-AC
EX9208-BASE3B-AC
EX9208-RED3B-AC
EX9208-RED3B-DC
EX9214-BASE3B-AC
EX9214-RED3B-AC
EX9214-RED3B-DC
See
EX9204 Switch Configurations
EX9208 Switch Configurations
EX9214 Switch Configurations
Authentication, Authorization and Accounting (AAA) (RADIUS)
Access control and authentication (EX4300-EX4600 mixed VC)—Starting with Junos OS Release 17.1R1,
EX4600 switches operating in a mixed Virtual Chassis with EX4300 switches support controlling access to your network using 802.1X authentication and MAC RADIUS authentication.
27
802.1X authentication provides port-based network access control (PNAC) as defined in the IEEE 802.1X standard. Supported features include guest VLAN, private VLAN, server fail fallback, dynamic changes to a user session, RADIUS accounting, and configuration of port-filtering attributes on the RADIUS server using VSAs.
MAC RADIUS authentication is used to authenticate end devices independently of whether they are enabled for 802.1X authentication. You can permit end devices that are not 802.1X-enabled to access the LAN by configuring MAC RADIUS authentication on the switch interfaces to which the end devices are connected.
Access control features in a mixed EX4300-EX4600 Virtual Chassis are supported only on EX4300 ports.
This feature was previously supported in an “X” release of Junos OS.
[See Access Control on a Mixed EX4300-EX4600 Virtual Chassis.]
Class of Service (CoS)
Support for classification of multidestination traffic (EX4300)—Multidestination traffic includes BUM
(broadcast, unknown unicast, and multicast) traffic and Layer 3 multicast traffic. By default on EX4300 Series switches, all multidestination traffic is classified to the Mcast-BE traffic class mapped to queue
8. Beginning with Junos OS Release 17.1R1, you can classify multidestination traffic to four different queues, queues 8-11, based on either the IEEE 802.1p bits or the DSCP IPv4/v6 bits. You can classify multidestination traffic by including the multi-destination statement at the [edit class-of-service] (to apply globally) or to an individual interface at the [edit class-of-service interfaces interfaces-name] hierarchy. Classification at an individual interface takes precedence over global classification.
[See Example: Configuring Multidestination (Multicast, Broadcast, DLF) Classifiers.]
Firewall filter with policer action as forwarding-class and loss priority (PLP) (EX4300 switches)—Starting
with Junos OS Release 14.1X53-D35 and Junos OS Release 17.1R1, on EX4300 switches you can
configure the firewall with policer action as forwarding-class and loss priority (PLP). When the traffic hits the policer, PLP changes as per the action rule. The supported PLP designations are low, medium-low, medium-high, and high. You configure policer actions at the [edit firewall] hierarchy level.
See then (Policer Action)
High Availability (HA) and Resiliency
New options for the show vrrp track command (EX Series)—Starting in 17.1R1, the show vrrp track
routes command gives you the option to view all tracked routes. Another new option for the show vrrp track command, all, is equivalent to the already existing command show vrrp track.
[See show vrrp track.]
Interfaces and Chassis
LLDP-MED power negotiation (EX4300 Switches) —Starting with Junos OS Release 17.1R1, EX4300
switches support Link Layer Discovery Protocol Media Endpoint Discovery (LLDP-MED) power negotiation with high power (802.3at) devices. LLDP-MED power negotiation enables the PoE controller to dynamically allocate power to an interface based on the power required by the connected powered device.
28
[See Power over Ethernet (PoE) User Guide for EX4300 Switches.]
Half-duplex link support (EX4300 switches)—Starting with Junos OS 17.1R1, half-duplex communication
is supported on all built-in network copper ports on EX4300 switches. Half-duplex is bidirectional communication, but signals can flow in only one direction at a time. Full-duplex communication means that both ends of the communication can send and receive signals at the same time. Half-duplex is configured by default on EX4300 switches. This feature was previously supported in an “X” release of Junos OS.
[See Configuring Gigabit Ethernet Interfaces (CLI Procedure).]
Junos OS XML API and Scripting
Support for Python language for commit, event, op, and SNMP scripts (EX Series)—Starting in Junos
OS Release 17.1R1, you can author commit, event, op, and SNMP scripts in Python on devices that include the Python extensions package in the software image. Creating automation scripts in Python enables you to take advantage of Python features and libraries as well as leverage Junos PyEZ APIs supported in Junos PyEZ Release 1.3.1 and earlier releases to perform operational and configuration tasks on devices running Junos OS. To enable execution of Python automation scripts, which must be owned by either root or a user in the Junos OS super-user login class, configure the language python statement at the [edit system scripts] hierarchy level, and configure the filename for the Python script under the hierarchy level appropriate to that script type. Supported Python versions include Python
2.7.x.
[See Understanding Python Automation Scripts for Devices Running Junos OS.]
Management
Support for adding non-native YANG modules to the Junos OS schema (EX Series)—Starting in Junos
OS Release 17.1R1, you can load custom YANG models on devices running Junos OS to add data models that are not natively supported by Junos OS but can be supported by translation. Doing this enables you to extend the configuration hierarchies and operational commands with data models that are customized for your operations. The ability to add data models to a device is also beneficial when you want to create device-agnostic and vendor-neutral data models that enable the same configuration or RPC to be used on different devices from one or more vendors. You can load custom YANG modules by using the request system yang add operational command.
29
[See Understanding the Management of Non-Native YANG Modules on Devices Running Junos OS.]
OpenFlow
Support for OpenFlow v1.0 and v1.3.1 (EX4600 switches)—Starting with Junos OS Release 17.1R1,
EX4600 switches support OpenFlow v1.0 and v1.3.1. OpenFlow v1.0 enables you to control traffic in a network by adding, deleting, and modifying flows in the switch. You can configure one OpenFlow virtual switch and one active OpenFlow controller at the [edit protocols openflow] hierarchy level on each EX4600 switch in the network.
Also, OpenFlow v1.3.1 allows the action specified in one or more flow entries to direct packets to a base action called a group. The group action further processes these packets and assigns a more specific forwarding action to them. You can view groups that were added, modified, or deleted from the group table by using the show openflow groups command. You can view group statistics by using the show openflow statistics groups command.
[See Understanding OpenFlow Operation and Forwarding Actions on Devices Running Junos OS.]
Software Installation and Upgrade
Support for unified in-service software upgrade (ISSU) (EX9200-6QS)—Starting with Junos OS Release
17.1R1,you can perform a unified ISSU on the EX9200-6QS line card. ISSU enables you to upgrade between two different Junos OS releases with no disruption on the control plane and with minimal disruption of traffic.
[See Unified ISSU System Requirements.]
SEE ALSO
Changes in Behavior and Syntax | 30
Known Behavior | 32
Known Issues | 33
Resolved Issues | 36
Documentation Updates | 41
Migration, Upgrade, and Downgrade Instructions | 42
30
Product Compatibility | 43

Changes in Behavior and Syntax

IN THIS SECTION
High Availability (HA) and Resiliency | 31
MPLS | 31
Services Applications | 31
System Management | 31
User Interface and Configuration | 31
This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 17.1R2 for the EX Series.

High Availability (HA) and Resiliency

In-service software upgrade (EX4600 switches)—Starting with Junos OS Release 17.1R1, you cannot perform an ISSU from a Junos OS Release earlier than 17.1R1 to later Junos OS releases.

MPLS

Representation for OSPF DR node—Up until version -10 of the BGP-LS draft, the OSPF DR node representation was ambiguous. One could represent DR node as 'AdvertisingRouterId-InterfaceIpAddress' or 'InterfaceIpAddress-1'. Junos OS used to follow 'InterfaceIpAddress-1' format. Starting with version '-11' of the BGP-LS draft, the representation for OSPF DR node must be 'AdvertisingRouterId-InterfaceIpaddress'. Junos OS now follows the latest format.

Services Applications

Device discovery with device-initiated connection (EX Series)—In Junos OS Release 17.1R1 and later
releases, when you configure statements and options under the [system services ssh] hierarchy and commit the configuration, make sure that the system reaches a stable state before you commit any outbound-ssh configurations.
31
You use the device discovery feature in the Devices workspace to add devices to Junos Space Network Management Platform. By default, Junos Space manages devices by initiating and maintaining a connection to the device.
[See Device Discovery Overview.]

System Management

Peers option not supported in batch configuration mode— Starting in Junos OS Release 17.1R1, the
peers option at the [edit system commit] hierarchy level is not supported in batch configuration mode.

User Interface and Configuration

Integers in configuration data in JSON format are displayed without quotation marks (EX Series)—Starting
in Junos OS Release 17.1R1, integers in Junos OS configuration data emitted in JavaScript Object Notation (JSON) format are not enclosed in quotation marks. Prior to Junos OS Release 17.1R1, integers in JSON configuration data were treated as strings and enclosed in quotation marks.
Changes to the show system schema module juniper-command output directory (EX Series)—Starting
in Junos OS Release 17.1, when you issue the show system schema module juniper-command operational command in the Junos OS CLI, the device places the generated output files in the current working
directory, which defaults to the user’s home directory. Prior to Junos OS Release 17.1, the generated output files are placed in the /var/tmp directory.
SEE ALSO
New and Changed Features | 25
Known Behavior | 32
Known Issues | 33
Resolved Issues | 36
Documentation Updates | 41
Migration, Upgrade, and Downgrade Instructions | 42
Product Compatibility | 43
32

Known Behavior

There are no known limitations for the EX Series switches in Junos OS Release 17.1R2.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
SEE ALSO
New and Changed Features | 25
Changes in Behavior and Syntax | 30
Known Issues | 33
Resolved Issues | 36
Documentation Updates | 41
Migration, Upgrade, and Downgrade Instructions | 42
Product Compatibility | 43

Known Issues

IN THIS SECTION
Authentication, Authorization, and Accounting (AAA) (RADIUS) | 33
High Availability (HA) and Resiliency | 33
Infrastructure | 34
Interfaces and Chassis | 34
Junos Fusion Enterprise | 34
Network Management and Monitoring | 35
Platform and Infrastructure | 35
Port Security | 35
Security | 36
Virtual Chassis | 36
33
This section lists the known issues in hardware and software in Junos OS Release 17.1R2 for the EX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Authentication, Authorization, and Accounting (AAA) (RADIUS)

On EX9200 and EX4300 switches, 802.1X supplicants might not be reauthenticated by server fail fallback
authentication after the server becomes reachable. PR1157032
On EX4300 switches, when 802.1X single-supplicant authentication is initiated, multiple "EAP Request
Id Frame Sent" packets might be sent. PR1163966

High Availability (HA) and Resiliency

During a nonstop software upgrade (NSSU) on an EX4300 Virtual Chassis, a traffic loop or loss might
occur if the Junos OS software version that you are upgrading and the Junos OS software version that you are upgrading to use different internal message formats. PR1123764
On an EX4300 or a QFX5100 Virtual Chassis, when you perform an NSSU, there might be more than
five seconds of traffic loss for multicast traffic. PR1125155
In a rare scenario, GRES might not reach the ready state and might fail to start, because the Routing
Engine does not receive the state ack message from the Packet Forwarding Engine after performing
GRES. This is a timing issue. It might also stop Routing Engine resource releasing and then cause resource exhausting. Reboot the system if this problem occurs. PR1236882

Infrastructure

On an EX4300 egress VLAN-based firewall filter on a Q-in-Q interface, after a switch reboot, firewall
counters might not increment as expected. PR1165450

Interfaces and Chassis

On EX Series platforms with a Junos OS release 15.1R1 or later, LLDP PDU gets dropped on the FXP
interface. PR1188342
On EX Series Virtual Chassis that support PoE, when the master Routing Engine member is rebooted,
PoE devices connected to the master might not come back online after the reboot. As a workaround to avoid this issue, when configuring PoE interfaces, use the set poe interface all configuration command instead of configuring specific interfaces individually. To recover connections after seeing this issue, disable and reenable the ports affected by the issue. PR1203880
34

Junos Fusion Enterprise

On a Junos Fusion Enterprise, Link Layer Discovery Protocol-Media Endpoint Discovery (LLDP-MED)
fast start does not work. PR1171899
Loss of connectivity of the link connecting the standalone box might lead to conversion failure from
Junos OS to SNOS. PR1232798
On a Junos Fusion Enterprise, in order to use a non-default port as a clustering port in a clustering port
policy, the policy must include at least one port that is a default uplink/clustering port for that platform.
PR1241808
On a Junos Fusion Enterprise, the satellite device might not come online when the systems is converted
from cluster to non-cluster mode without accompanying topology changes. PR1251790

Network Management and Monitoring

On EX9200 switches, analyzer configurations with analyzer input and output stanzas containing members
of the same VLAN or the VLAN itself are not supported. With such configurations, packets can mirror in a loop, resulting in LU chip errors. As a workaround, use the mirror-once option if the input is for ingress mirroring. If it is for ingress and egress mirroring, configure the output interface as an access interface. PR1068405

Platform and Infrastructure

On EX4300, EX4600, and QFX5100 switches, if a remote analyzer has an output IP address that is
reachable through a route learned by BGP, the analyzer might be in a DOWN state. PR1007963
On a EX4300-VC platform, if a Q-in-Q S-VLAN interface with MC-LAG is configured, when the backup
EX4300 is acting as master, you might lose connection to the management IP address through the interface. As a result, management traffic will be dropped. PR1131755
On EX4300 Series switches, certain multicast traffic might impact the network, for example, cause OSPF
to flap. Issues might occur when multicast packets use the same interface queue as certain network protocol packets (for example, OSPF, RIP, PIM, and VRRP). PR1244351
35

Port Security

When LACP is configured together with MACsec, the links in the bundle might not all work. Rebooting
the switch might solve the problematic links, but could also create the same issue on other child interfaces.
PR1093295
On a dot1x-enabled interface, sometimes when you log in, log off, and then log in within a short interval
(within subseconds), the logical interface plus the bridge domain or VLAN remain in a pending state, and you will not be able to access the network. As a workaround, restart the l2-learning process to recover the port/interface from the problematic state. PR1230073

Security

On EX4300 switches, when storm-control or storm-control-profiles with action-shutdown is configured,
if the storm-triggered traffic is control traffic such as LACP, the physical interface might be put into an STP blocking state rather than turned down, so valid control traffic might be trapped at the control plane and unrelated interfaces might be set down as an LACP timeout. PR1130099

Virtual Chassis

When the linecard role FPC is removed and rejoined to the Virtual Chassis immediately, the LAG interface
on the master/backup would not be reprogrammed in the rejoined FPC. PR1255302
SEE ALSO
New and Changed Features | 25
36
Changes in Behavior and Syntax | 30
Known Behavior | 32
Resolved Issues | 36
Documentation Updates | 41
Migration, Upgrade, and Downgrade Instructions | 42
Product Compatibility | 43

Resolved Issues

IN THIS SECTION
Resolved Issues: 17.1R2 | 37
Resolved Issues: 17.1R1 | 39
This section lists the issues fixed in the Junos OS main release and the maintenance releases.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 17.1R2

Authentication, Authorization, and Accounting (AAA) (RADIUS)
On an EX4300 switch or Virtual Chassis with 802.1X (dot1x) enabled, in a scenario with more than 254
clients (supplicants), plenty of clients might be going to the server-reject VLAN and have limited access to the server-reject VLAN although the clients have correct credentials. For a few authenticated clients, the authentication method might be displayed as "Server-Reject" although the client was authenticated in the correct VLAN---that is, the data VLAN. PR1251530
After configuration change with "commit", "dot1x" radius authentication request may not be sent out
when having the "wait-for-acct-on-ack" configuration option within "access profile" PR1252456
EVPN
If an EX9200 switch is configured as a PE router connected to a multihomed site in an EVPN/MPLS
network, RPD core files might be created on the EX9200 when more than 255 logical interfaces from the same physical interface/ESI are added to the virtual switch instance configuration. Then some logical interfaces are removed from the ESI (that is, rollback of the configuration). PR1251473
37
Infrastructure
On EX/QFX Series switches, if the switch was power cycled then some process (like
jdhcp/lacp/lldpd...could be any other process) might stop working after rebooting. PR1222504
Interfaces and Chassis
MPC might crash during ISSU from Junos OS Release 15.1R1 to a later release when QSFP/CXP/CFP2
optics are present. PR1216924
Junos Fusion Enterprise
On a Junos Fusion Enterprise: SDPD core files might be seen while converting an EX2300 or EX3400
cluster from Junos OS to SNOS. PR1239915
On a Junos Fusion Enterprise, the EX4300 running Junos OS Release 17.1R2 cannot be added as a
satellite. PR1267767
On a Junos Fusion Enterprise, restarting satellite-related daemons and L2 learning result in some MAC
entries getting stuck in DLR state. PR1268619
Network Management and Monitoring
On EX9208 switches, after ISSU, storm control is taking effect only after deletion and re-creation.
PR1151346
The following system error is logged: JAM: Plugin installed for %s PIC. PR1189100
After the reboot of the EX4600 Virtual Chassis, authentication of SNMPv3 users fails due to the change
of the local engine ID. PR1256166
Platform and Infrastructure
On EX4300 switches, Layer 2 traffic is dropped in some cases. PR1157058
When a policer with the action of loss of priority is applied to the lo0 interface, all ICMP packets might
be dropped. PR1243666
SFP+ might not be recognized after EX4300 reboot. PR1247172
On EX9200 switches, if ISSU is used to upgrade Junos, it is possible that an unnecessary thread will run
on an FPC after the upgrade procedure. This thread can potentially enter into a loop and trigger a stop of forwarding traffic on that particular FPC. PR1249375
The egress PE device (EX4300) sends out LLDP frames toward the CE device with the destination MAC
address of 01:00:0c:cd:cd:d0 which is a duplicated frame and rewritten by ingress (PE) device. PR1251391
On EX4300 switches, traffic is not forwarded through the GRE tunnel in some cases. PR1254638
After you deactivate IPv6 RA and commit the configuration, the feature is not deactivated. PR1257697
The filter applied to the lo0 interface with policer action might break the BGP session. PR1258038
On the EX4300-VC, FPC crash and PFEX core file might occur. PR1261852
38
Port Security
MACsec connections are deleted randomly in some scenarios. PR1234447
High CPU usage caused by fxpc can lead to MACsec session drops. PR1247479
After MACsec link flaps, traffic stops forwarding across the MACsec link. PR1269229
Routing Protocols
The BGP session might flap during ISSU, resulting in 40-50 seconds of dropped traffic. PR1247937
Spanning Tree Protocols
RSTP interface all edge with the BPDU block configures all interfaces to go into BPDU block even if an
interface is explicitly disabled under RSTP. PR1266035
Subscriber Access Management
The authd process generates core files continuously during RADIUS authentication. PR1241326
System Management
On MX Series and EX9200 platforms, an enhancement for implementing sensor-specific temperature
thresholds is needed. PR1199447
Virtual Chassis
When you add the EX4300 to the VCF, the following error message is seen: ch_opus_map_alarm_id
alarm ignored: object 0x7e reason. PR1234780
39

Resolved Issues: 17.1R1

Authentication and Access Control
A dot1xd core file is observed during CoA with Juniper-Switching-Filter. PR1219538
Security certificates are lost after reboot or upgrade, and the following error is seen: Unable to derive
certificate from input . PR1237732
Infrastructure
BGP sessions are dropped on the EX4300 when sending BGP host-inbound traffic. PR1090033
GRE counters are incrementing very slowly after deactivating and activating the gr- interface. PR1183521
DHCP return packets received across a GRE tunnel are not forwarded to clients. PR1226868
A timeout error occurs when using the request system snapshot slice alternate command. PR1229520
Interfaces and Chassis
MPC might crash during ISSU from Junos OS Release 15.1R1 to a later release when QSFP/CXP/CFP2
optics are present. PR1216924
Restarting the interface process causes traffic loss in aggregate Ethernet (ae) bundle in MC-LAG scenario.
PR1229001
On QFX10000 switches with MC-LAG configured, CDP packets are looping to the other QFX10000
devices in the MC-LAG. PR1237227
MPLS
Virtual Chassis/Virtual Chassis Fabric-l2ckt: FXPC core file is seen when deactivating core interface on
MPLS l2ckt configuration using IRB interface. PR1242203
Platform and Infrastructure
Firewall filter is getting deleted when a new bind point is added. PR1214151
EBGP packets with ttl=1 and non-EBGP packets with ttl=1 go to the same queue on EX4300. PR1215863
The dcd process might crash with configuration of set vlans xxx interface all. PR1221803
Frame with CFI / DEI bit set to 1 dropped on ingress L3 interface on EX4300 in Junos OS Release
14.1X53-D40.8 PR1237945
EX4300: Too many interfaces after >request system zeroize in default configuration. PR1238848
Stale dot1x state leads to packet loss on trunk links if they are converted from access to trunk. PR1239252
Certain multicast traffic might cause network impact on EX4300 switch. PR1244351
EX4300 connectivity issue with 10/100M and full/half duplex interface. PR1249170
40
On Junos Fusion Enterprise, Power over Ethernet (PoE) telemetries do not work. PR1112953
Changes made in PoE configuration during SD Offline state are not getting reflected once the SD is back
Online. PR1154486
On a Junos Fusion Enterprise, issues with ARP traffic might occur if the Junos Fusion topology exceeds
the documented limit of 6,000 extended port interfaces. PR1186077
On EX3400 some of the IPV6 clients do not get bind if two dhcpv6 relays are present with VRRP between
them. PR1189333
FF reject tcp-reset does not work on IRB interface. PR1219953
On a Junos Fusion Enterprise: SDPD core files might be seen while converting an EX2300 or EX3400
cluster from Junos OS to SNOS. PR1239915
Issue with the show command occurs in single supplicant mode captive portal. PR1240259
On EX3400 Virtual Chassis, RA guard-enabled Interface stays in Trusted mode even after the
mark-interface trusted statement is deleted. PR1242937
On EX3400 Virtual Chassis, executing request access-security router-advertisement-guard-block
interface and restart dhcp-service commands triggers the jdhcpd to generate a core file. PR1243147
On EX3400 Virtual Chassis, RA guard Policy discard does not discard the packet matching with
policy-option. PR1244666
ELS Style -There is no command to enable DHCP snooping without having to enable other FHS features.
PR1245559
Routing Protocols
Hops through GRE tunnel endpoints are seen in traceroute. PR1236343
Virtual Chassis
Repeated log message kernel: %KERN-5: tcp_timer_keep: Dropping socket connection due to keepalive
timer expiration is seen on EX4300. PR1209847
SEE ALSO
New and Changed Features | 25
Changes in Behavior and Syntax | 30
Known Behavior | 32
Known Issues | 33
Documentation Updates | 41
41
Migration, Upgrade, and Downgrade Instructions | 42
Product Compatibility | 43

Documentation Updates

There are no errata or changes in Junos OS Release 17.1R2 for the EX Series switches documentation.
SEE ALSO
New and Changed Features | 25
Changes in Behavior and Syntax | 30
Known Behavior | 32
Known Issues | 33
Resolved Issues | 36
Migration, Upgrade, and Downgrade Instructions | 42
Product Compatibility | 43

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION
Upgrade and Downgrade Support Policy for Junos OS Releases | 42
This section contains the upgrade and downgrade support policy for Junos OS for the EX Series. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
42
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 15.1,
16.1 and 16.2 are EEOL releases. You can upgrade from Junos OS Release 15.1 to Release 16.1 or even from Junos OS Release 15.1 to Release 16.2. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.
To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see
https://www.juniper.net/support/eol/junos.html.
SEE ALSO
New and Changed Features | 25
Changes in Behavior and Syntax | 30
Known Behavior | 32
Known Issues | 33
Resolved Issues | 36
Documentation Updates | 41
Product Compatibility | 43

Product Compatibility

IN THIS SECTION
Hardware Compatibility | 43

Hardware Compatibility

To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.
43
To determine the features supported on EX Series switches in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at https://pathfinder.juniper.net/feature-explorer/.
Hardware Compatibility Tool
For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.
SEE ALSO
New and Changed Features | 25
Changes in Behavior and Syntax | 30
Known Behavior | 32
Known Issues | 33
Resolved Issues | 36
Documentation Updates | 41
Migration, Upgrade, and Downgrade Instructions | 42

Junos OS Release Notes for Junos Fusion Enterprise

IN THIS SECTION
New and Changed Features | 44
Changes in Behavior and Syntax | 49
Known Behavior | 50
Known Issues | 53
Resolved Issues | 55
Documentation Updates | 56
Migration, Upgrade, and Downgrade Instructions | 56
Product Compatibility | 65
44
These release notes accompany Junos OS Release 17.1R2 for Junos Fusion Enterprise. Junos Fusion Enterprise is a Junos Fusion that uses EX9200 switches in the aggregation device role. These release notes describe new and changed features, limitations, and known problems in the hardware and software.
NOTE: For a complete list of all hardware and software requirements for a Junos Fusion
Enterprise, including which Juniper Networks devices can function as satellite devices, see
Understanding Junos Fusion Enterprise Software and Hardware Requirements in the Junos Fusion Enterprise User Guide.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at http://www.juniper.net/techpubs/software/junos/.

New and Changed Features

IN THIS SECTION
Release 17.1R2 New and Changed Features | 45
Release 17.1R1 New and Changed Features | 45
This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for Junos Fusion Enterprise.
NOTE: For more information about the Junos Fusion Enterprise features, see the Junos Fusion
Enterprise User Guide.

Release 17.1R2 New and Changed Features

There are no new features or enhancements to existing features for Junos Fusion Enterprise in Junos OS Release 17.1R2.

Release 17.1R1 New and Changed Features

Hardware
45
Satellite device support (EX2300 and EX3400)—Starting with Junos OS Release 17.1R1, you can configure
EX2300 and EX3400 switches as satellite devices in a Junos Fusion Enterprise topology. The satellite device in a Junos Fusion topology is managed and configured by the aggregation device. Junos Fusion Enterprise uses EX9200 switches in the aggregation device role.
[See Junos Fusion Enterprise Overview.]
Authentication, Authorization, and Accounting (AAA) (RADIUS)
Authentication and access control features (Junos Fusion Enterprise)—Starting with Junos OS Release
17.1R1, Junos Fusion Enterprise supports controlling access to the network by using the following features:
802.1X authentication
MAC RADIUS authentication
Server-fail fallback
TACACS+ authentication
Central Web authentication
RADIUS-initiated changes to an authorized user session (RFC 3576)
Flexible authentication order
RADIUS accounting interim updates
Dynamic filtering with multiple filter terms using VSAs
EAP-PAP protocol support for MAC RADIUS authentication
RADIUS accounting attributes Client-system-Name, Framed-MTU, Session-timeout, Acct-authentic,
Nas-port-ID, and Filter-ID
[See Understanding Authentication on Switches.]
Class of Service (CoS)
Class of Service support (Junos Fusion Enterprise)—Starting with Junos OS Release 17.1R1, Junos Fusion
Enterprise supports the standard Junos CoS features and operational commands. Each extended port on a satellite device is a logical extension to the aggregation device. Therefore, the default CoS policy on the aggregation device applies to each extended port. An EX9200 aggregation device supports the following CoS features for each extended port:
BA classifier
Multifield classifier
Input and output policer
Egress rewrite
46
The satellite devices support the following CoS features for each extended port:
BA classifier
Queuing and scheduling
A cascade port is a physical interface on an aggregation device that provides a connection between the aggregation device and a satellite device. Port scheduling is supported on cascade ports. A Junos Fusion Enterprise reserves a separate set of queues with minimum bandwidth guarantees for in-band management traffic to protect against congestion caused by data traffic.
[See Understanding CoS in Junos Fusion Enterprise.]
Layer 2 Features
Support for Layer 2 Features (Junos Fusion Enterprise)—Starting in Junos OS Release 17.1R1, the following features are supported:
Storm control—Monitor traffic levels and take a specified action when a defined traffic level (called
the storm control level) is exceeded, preventing packets from proliferating and degrading service. You can configure the switch to drop broadcast and unknown unicast packets, shut down interfaces, or temporarily disable interfaces when a traffic storm occurs. [See Understanding Storm Control for
Managing Traffic Levels on Switching Devices.]
Persistent MAC learning (Sticky MAC)—Configure persistent MAC addresses (also called sticky MAC
addresses) to help restrict access to an access port by identifying the MAC addresses of workstations that are allowed access to a given port. Secure access to these workstations is retained even if the switch is restarted. [See Understanding Persistent MAC Learning (Sticky MAC).]
MAC limiting—Configure MAC limiting on an interface or a VLAN, and specify the action to take on
the next packet the interface or the VLAN receives after the limit is reached. Limiting the number of MAC addresses protects the switch from flooding the Ethernet switching table (also known as the MAC forwarding table or Layer 2 forwarding table). [See MAC Limiting.]
Loop detection on extended ports—Enable downstream loop detection on the satellite device to
prevent accidental loops caused by miswiring or misconfiguration on the extended ports.
Support for MAC/PHY features on Junos Fusion Enterprise—Starting with Junos OS Release 17.1R1, the following MAC/PHY features are supported on Junos Fusion Enterprise:
Digital optical monitoring (DOM)—You can run the show interfaces diagnostics optics interface-name
command to display the DOM information. The information includes diagnostics data and alarms for Gigabit Ethernet optical transceivers.
Energy Efficient Ethernet (EEE)—EEE reduces the power consumption of physical layer devices during
periods of low link utilization. EEE saves energy by putting part of the transmission circuit into low power mode when a link is idle. You can run the set interfaces interface-name ether-options ieee-802-3az-eee command at the [edit] hierarchy level to enable energy efficiency at the Ethernet ports. You can view the EEE status by using the show interfaces interface-name detail command. By default, EEE is disabled on EEE-capable ports.
47
Jumbo frames—You can configure jumbo frames by using the set interfaces interface-name mtu 9216
command at the [edit] hierarchy level.
Medium-dependent Interface (MDI)—By default, the auto MDI/MDI-X feature is enabled on Junos
Fusion Enterprise. This feature eliminates the need for a cross-over cable to connect the LAN port to a port on another device, as the crossover function is automatically enabled, when required.
Multicast
Support for multicast traffic forwarding (Junos Fusion Enterprise)—Starting with Junos OS Release
17.1R1, multicast traffic forwarding is supported in Junos Fusion Enterprise. Multicast replication is supported only on the aggregation device. The aggregation device performs ingress multicast replication to a set of extended ports. On the satellite device, multicast traffic is received for each of the extended ports. The following scenarios are supported for both IPv4 and IPv6 traffic: Layer 2 multicast with VLAN flooding and Layer 3 multicast.
[See Understanding Multicast Forwarding on a Junos Fusion Enterprise.]
Network Management and Monitoring
Network monitoring and analysis (Junos Fusion Enterprise)—Starting with Junos OS Release 17.1R1,
sFlow monitoring and port mirroring and analyzers are supported in Junos Fusion Enterprise:
sFlow technology, which is a monitoring technology for high-speed switched or routed networks,
randomly samples network packets and sends the samples to a monitoring station. You can configure sFlow technology to continuously monitor traffic at wire speed on all interfaces simultaneously.
Port mirroring and analyzers facilitate analyzing traffic on switches at the packet level. You configure
port mirroring on a switch to send copies of unicast traffic to an output destination such as an interface, a routing instance, or a VLAN. You can configure an analyzer to define both the input traffic and output traffic in the same analyzer configuration. The input traffic to be analyzed can be traffic that enters or exits an interface, or traffic that enters a VLAN.
[See Understanding sFlow Technology on a Junos Fusion Enterprise and Understanding Port Mirroring
Analyzers on a Junos Fusion Enterprise.]
Port Security
Media Access Control Security (MACsec) support on extended ports (Junos Fusion Enterprise)—Starting
with Junos OS Release 17.1R1, MACsec is supported on extended ports in a Junos Fusion Enterprise topology. MACsec is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on point-to-point Ethernet links. MACsec is capable of identifying and preventing most security threats and can be used in combination with other security protocols to provide end-to-end network security. Enabling MACsec on extended ports in a Junos Fusion Enterprise topology provides secure communication between the satellite device and connected hosts.
48
[See Understanding Media Access Control Security (MACsec).]
Access security support (Junos Fusion Enterprise)—Starting with Junos OS Release 17.1R1, the following
access security features are supported in Junos Fusion Enterprise:
DHCP snooping—DHCP snooping allows the switch to monitor and control DHCP messages received
from untrusted devices connected to the switch. When DHCP snooping is enabled, the system snoops the DHCP messages to view DHCP lease information, which it uses to build and maintain a database of valid IP-address-to-MAC-address (IP-MAC) bindings called the DHCP snooping database. Clients on untrusted ports are only allowed to access the network only if they are validated against the database.
DHCPv6 snooping—DHCP snooping for DHCPv6.
Dynamic ARP inspection (DAI)—DAI inspects Address Resolution Protocol (ARP) packets on the LAN
and uses the information in the DHCP snooping database on the switch to validate ARP packets and to protect against ARP spoofing (also known as ARP poisoning or ARP cache poisoning). ARP requests and replies are compared against entries in the DHCP snooping database, and filtering decisions are made based on the results of those comparisons.
IP source guard—IP source guard prevents IP address spoofing by examining each packet sent from
a host attached to an untrusted access interface on the switch. The IP address, MAC address, VLAN, and interface associated with the host are checked against entries stored in the DHCP snooping database. If the packet header does not match a valid entry in the DHCP snooping database, the packet is discarded.
IPv6 source guard—IP source guard for IPv6.
IPv6 neighbor discovery (ND) inspection—IPv6 ND inspection mitigates attacks based on Neighbor
Discovery Protocol; by inspecting neighbor discovery messages and verifying them against the DHCPv6 snooping table.
[See Understanding Port Security Features to Protect the Access Ports on Your Device Against the Loss
of Information and Productivity.]
SEE ALSO
Changes in Behavior and Syntax | 49
Known Behavior | 50
Known Issues | 53
Resolved Issues | 55
Documentation Updates | 56
49
Migration, Upgrade, and Downgrade Instructions | 56
Product Compatibility | 65

Changes in Behavior and Syntax

IN THIS SECTION
System Management | 50
This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands in Junos OS Release 17.1R2 for Junos Fusion Enterprise.

System Management

Peers option not supported in batch configuration mode— Starting in Junos OS Release 17.1R1, the
peers option at the [edit system commit] hierarchy level is not supported in batch configuration mode.
SEE ALSO
New and Changed Features | 44
Known Behavior | 50
Known Issues | 53
Resolved Issues | 55
Documentation Updates | 56
Migration, Upgrade, and Downgrade Instructions | 56
Product Compatibility | 65
50

Known Behavior

IN THIS SECTION
Junos Fusion Enterprise | 50
This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 17.1R2 for Junos Fusion Enterprise.
For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

Junos Fusion Enterprise

On a Junos Fusion Enterprise, 'show ethernet-switching table' takes a few minutes to show entries when
an extended port receives with MAC count set to 150K. PR1117567
While applying a loopback filter on aggregation devices in a Junos Fusion Enterprise, Callback Control
Protocol (CBCP) packets might be filtered, which might cause CBCP sessions to be dropped and one of
the satellite devices in a redundant pair to be in the SplitBrainDn state. To work around this issue, you can add a filter similar to the following to the existing set of loopback filters:
set firewall family inet filter accept-icl term accept-icl from source-address
10.0.0.0/30 set firewall family inet filter accept-icl term accept-icl from destination-address 10.0.0.0/30
PR1183680
On a Junos Fusion, when using LLDP, the "Power via MDI" and "Extended Power via MDI" TLVs are not
transmitted. PR1105217
In a Junos Fusion Enterprise topology with dual aggregation devices, firewall statistics are not synchronized
across the aggregation devices. PR1105612
On a Junos Fusion Enterprise, when the satellite devices of a cluster are rebooted, the output of the CLI
command show chassis satellite shows the port state of the cascade ports as Present. PR1175834
In a Junos Fusion Enterprise, conversion of EX2300 and EX3400 switches from satellite devices to Junos
OS devices cannot be performed from the aggregation device using the command request chassis satellite install junos-package-name fpc-slot slot-id. As a workaround, use the following procedure:
51
1. If automatic satellite conversion is enabled for the satellite device’s FPC slot ID, remove the FPC slot ID from the automatic satellite conversion configuration.
[edit] user@aggregation-device# delete chassis satellite-management auto-satellite-conversion
satellite slot-id
For example, to remove FPC slot ID 101 from the Junos Fusion.
[edit] user@aggregation-device# delete chassis satellite-management auto-satellite-conversion
satellite 101
If automatic satellite conversion is enabled for the FPC slot ID, the Junos Fusion tries to convert the device back into a satellite device later in this procedure.
You can check the automatic satellite conversion configuration by entering the show statement at the [edit chassis satellite-management auto-satellite-conversion] hierarchy level.
2. Log in to the satellite software (SNOS) on the switch to be converted back to Junos OS and use the following sequence of commands to install the Junos package:
####################################### dd bs=512 count=1 if=/dev/zero of=/dev/sda echo -e "o\nn\np\n1\n\n\nw" | fdisk /dev/sda mkfs.vfat /dev/sda1 fw_setenv target_os reboot ################################## >>Get to the loader prompt ################################## loader> install --format tftp://<tftp server>/<Junos package name>
PR1213023
In a Junos Fusion Enterprise, conversion of an EX2300 switch from Junos OS to satellite software (SNOS)
takes 13-14 minutes. PR1213853
In a Junos Fusion Enterprise, analyzer output is not supported for the aggregation device native interfaces.
As a workaround, use RSPAN to capture analyzer output for the aggregation device. PR1214596
52
In a Junos Fusion Enterprise, EX3400 and EX2300 operating as satellite devices might take longer time
to re-converge from single-home to dual-home cluster due to a hardware limitation, compared to an EX4300 switch operating as a satellite device. PR1226366
In a Junos Fusion Enterprise with dual aggregation devices, duplicate multicast packets are observed
until L3 convergence happens between the aggregation devices, which might take a few seconds.
PR1231101
In a Junos Fusion Enterprise, a delay might result from moving a satellite device from cluster to non-cluster
mode and vice versa. PR1231678
Loss of connectivity of the link connecting the standalone switch might lead to conversion failure from
Junos OS to satellite software (SNOS). As a workaround, reboot the standalone switch again to restart the conversion process. PR1232798
In a Junos Fusion Enterprise, in order to use a non-default port as a clustering port in a clustering port
policy, the policy must include at least one port that is a default uplink/clustering port for that platform.
PR1241808
In a Junos Fusion Enterprise, a satellite device might not come online when it is converted from cluster
to non-cluster mode without accompanying topology changes. As a workaround, ensure the configuration of satellite devices matches the wiring topology: non-cluster devices should not be connected to other clustered devices by means of default or configured clustering/uplink ports. PR1251790
In Junos Fusion Enterprise, when 802.1X authentication is configured in single-secure mode, a firewall
counter is created for the default discard term in addition to the configured term. PR1254503
During RE switchover on a Junos Fusion Enterprise, the BUM traffic is duplicated to indirectly connected
satellite devices. This is because there is no current support to notify the GRES event to indirectly connected satellite devices. PR1298434
SEE ALSO
New and Changed Features | 44
Changes in Behavior and Syntax | 49
Known Issues | 53
Resolved Issues | 55
Documentation Updates | 56
Migration, Upgrade, and Downgrade Instructions | 56
53
Product Compatibility | 65

Known Issues

IN THIS SECTION
Junos Fusion Enterprise | 53
This section lists the known issues in hardware and software in Junos OS Release 17.1R2 for Junos Fusion Enterprise.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Junos Fusion Enterprise

In a Junos Fusion Enterprise that has enabled PoE for all extended ports, the show poe interface command
output displays the PoE administrative status as Enabled for non-PoE-capable interfaces. PR1150955
In a Junos Fusion Enterprise, Link Layer Discovery Protocol-Media Endpoint Discovery (LLDP-MED)
fast start does not work. PR1171899
On a Junos Fusion Enterprise, control packets from the aggregation device - including ping and DHCP
packets - might not be forwarded to hosts connected to extended ports when the cascade ports on the aggregation device are down. PR1173212
In a Junos Fusion Enterprise, restarting satellite processes from the aggregated device might not work.
As a workaround, use the following commands to get the process ID and restart the process:
user@aggregated-device> request chassis satellite shell-command fpc-slot <slot-id> "ps -aef |
grep <process> | grep -v grep”
user@aggregated-device> request chassis satellite shell-command fpc-slot <slot-id> "kill -9
<process-id>”
Processes details:
amd—api-management-daemon
lcmd—chassis-management-daemon
54
dpd—discovery-and-provisioning-daemon
spfe—packet-forwarding-engine
ppman—ppman
ppman-lite—ppman-lite
PR1244166
In a Junos Fusion Enterprise, backup link information might not be displayed in the output of the show
chassis satellite command if cluster configuration is deleted and then added again on a single aggregated device. As a workaround, delete and then add configuration on both aggregated devices. PR1247633
In a Junos Fusion Enterprise it can take 6 to 30 seconds for the traffic to converge when the aggregation
device is powered off or powered on. PR1257057
SEE ALSO
New and Changed Features | 44
Changes in Behavior and Syntax | 49
Known Behavior | 50
Resolved Issues | 55
Documentation Updates | 56
Migration, Upgrade, and Downgrade Instructions | 56
Product Compatibility | 65

Resolved Issues

IN THIS SECTION
Resolved Issues: 17.1R2 | 55
Resolved Issues: 17.1R1 | 55
This section lists the issues fixed in the Junos OS main release and the maintenance releases.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 17.1R2

55
Junos Fusion Enterprise
EX4300 with Junos OS Release 17.1R1 cannot be converted to satellite mode. PR1267767
In Junos Fusion Enterprise, for show ethernet-switching table, a few entries are stuck in DLR state after
l2-learning restart. PR1268619

Resolved Issues: 17.1R1

Junos Fusion Enterprise
For Junos Fusion Enterprise, PoE telemetrics is not working. PR1112953
Changes made in PoE configuration during SD Offline state are not getting reflected once the SD is back
Online. PR1154486
Some ARPs are not resolving on Spirent when you exceed 6000 extended ports. PR1186077
Traffic loss is seen after rebooting a satellite device in a satellite device cluster. PR1168820
SNMP trap for satellite device reboot is not sent. PR1182895
LLDP might stop working if manually deactivated and reactivated. PR1188254
SDPD core files might be generated during conversion of EX2300/EX3400 cluster from JUNOS OS to
SNOS. PR1239915
SEE ALSO
New and Changed Features | 44
Changes in Behavior and Syntax | 49
Known Behavior | 50
Known Issues | 53
Documentation Updates | 56
Migration, Upgrade, and Downgrade Instructions | 56
Product Compatibility | 65

Documentation Updates

There are no errata or changes in Junos OS Release 17.1R2 for Junos Fusion Enterprise documentation.
56
SEE ALSO
New and Changed Features | 44
Changes in Behavior and Syntax | 49
Known Behavior | 50
Known Issues | 53
Resolved Issues | 55
Migration, Upgrade, and Downgrade Instructions | 56
Product Compatibility | 65

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION
Basic Procedure for Upgrading Junos OS on an Aggregation Device | 57
Upgrading from Junos OS Release 16.1 to 17.1 in a JUNOS OS Fusion Enterprise System | 59
Upgrading an Aggregation Device with Redundant Routing Engines | 60
Preparing the Switch for Satellite Device Conversion | 60
Converting a Satellite Device to a Standalone Switch | 62
Upgrade and Downgrade Support Policy for Junos OS Releases | 64
Downgrading from Release 17.1 | 64
This section contains the procedure to upgrade or downgrade Junos OS and satellite software for a Junos Fusion Enterprise. Upgrading or downgrading Junos OS and satellite software might take several hours, depending on the size and configuration of the Junos Fusion Enterprise topology.

Basic Procedure for Upgrading Junos OS on an Aggregation Device

When upgrading or downgrading Junos OS for an aggregation device, always use the junos-install package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the junos-install package and details of the installation process, see the Installation and Upgrade Guide.
57
NOTE: Before upgrading, back up the file system and the currently active Junos OS configuration
so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:
user@host> request system snapshot
The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files), might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. See the Junos OS Administration Library.
To download and install Junos OS Release 17.1R2:
1. Using a Web browser, navigate to the Download Software URL on the Juniper Networks webpage:
https://www.juniper.net/support/downloads/
2. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
3. Select By Technology > Junos Platform > Junos Fusion to find the software that you want to download.
4. Select the release number (the number of the software version that you want to download) from the Version drop-down list on the right of the page.
5. Select the Software tab.
6. Select the software package for the release.
7. Review and accept the End User License Agreement.
8. Download the software to a local host.
9. Copy the software to the routing platform or to your internal software distribution site.
10. Install the new junos-install package on the aggregation device.
NOTE: We recommend that you upgrade all software packages out of band using the console
because in-band connections are lost during the upgrade process.
58
Customers in the United States and Canada, use the following commands.
user@host> request system software add validate reboot source/package-name
All other customers, use the following commands.
user@host> request system software add validate reboot source/package-name
Replace source with one of the following values:
/pathname—For a software package that is installed from a local directory on the router.
For software packages that are downloaded and installed from a remote location:
ftp://hostname/pathname
http://hostname/pathname
scp://hostname/pathname (available only for Canada and U.S. version)
The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.
Adding the reboot command reboots the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
NOTE: After you install a Junos OS Release 17.1R2 junos-install package, you cannot return to
the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the
junos-install package that corresponds to the previously installed software.

Upgrading from Junos OS Release 16.1 to 17.1 in a JUNOS OS Fusion Enterprise System

When the Junos Fusion Enterprise System includes clustered devices, use the following procedure to first upgrade the clustered devices to SNOS 3.0R1 and then upgrade the aggregation device from 16.1 to 17.1.
1. Enable hop-by-hop forwarding for control-traffic the on aggregation device using VTY commands.
a. Start a shell on the aggregated device:
59
user@aggregation-device> start shell
b. For each FPC which has cascade ports, start a VTY session. For example:
root@aggregation-device% vty fpc1
c. At the VTY prompt, enter the following command:
FPC1(aggregation-device vty)# set jnh ep stack-hostpath 0
2. Enable hop-by-hop forwarding for control-traffic on all satellite devices in a cluster.
user@aggregation-device> request chassis satellite shell-command vty -c 'test sd-cluster
hop-to-hop enable' range fpc-start fpc-end
3. Update the satellite device cluster to the new image, which must be SNOS 3.0R1 or higher.
user@aggregation-device> request system software add upgrade-group cluster-upgrade-group
image-location
4. Confirm all satellite devices are upgraded to the new image.
user@aggregation-device> show chassis satellite upgrade-group upgrade-group-name
5. Upgrade the aggregation device to the 17.1 image.
user@aggregation-device> request system software add aggregation-device-package-name
6. To complete the upgrade, reboot the system, including all satellite devices and aggregation device.
To reboot the satellite devices:
user@aggregation-device> request chassis satellite reboot range fpc-start fpc-end
To reboot the aggregation device:
user@aggregation-device> request system reboot

Upgrading an Aggregation Device with Redundant Routing Engines

If the aggregation device has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to minimize disrupting network operations as follows:
1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine and save the configuration change to both Routing Engines.
60
2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.
3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.
4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.
For the detailed procedure, see the Installation and Upgrade Guide.

Preparing the Switch for Satellite Device Conversion

There are multiple methods to upgrade or downgrade satellite software in your Junos Fusion Enterprise. See Configuring or Expanding a Junos Fusion Enterprise.
For satellite device hardware and software requirements, see Understanding Junos Fusion Enterprise
Software and Hardware Requirements.
Use the following command to install Junos OS on a switch before converting it into a satellite device:
user@host> request system software add validate reboot source/package-name
NOTE: The following conditions must be met before a Junos switch that is running Junos OS
Release 17.1R2 can be converted to a satellite device when the action is initiated from the aggregation device:
The Junos switch can only be converted to SNOS 3.0 and later.
The Junos switch must be either set to factory default configuration using the request system
zeroize command, or the following command must be included in the configuration: set chassis auto-satellite-conversion.
When the interim installation has completed and the switch is running a version of Junos OS that is compatible with satellite device conversion, perform the following steps:
1. Log in to the device using the console port.
2. Clear the device:
61
[edit] user@satellite-device# request system zeroize
NOTE: The device reboots to complete the procedure for resetting the device.
If you are not logged in to the device using the console port connection, your connection to the device is lost after you enter the request system zeroize command.
If you lose connection to the device, log in using the console port.
3. (EX4300 switches only) After the reboot is complete, convert the built-in 40-Gbps QSFP+ interfaces from Virtual Chassis ports (VCPs) into network ports:
user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port port-number
For example, to convert all four built-in 40-Gbps QSFP+ interfaces on an EX4300-24P switch into network ports:
user@satellite-device>request virtual-chassis vc-port delete pic-slot 1 port 0 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 1 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 2 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 3
This step is required for the 40-Gbps QSFP+ interfaces that will be used as uplink interfaces in a Junos Fusion topology. Built-in 40-Gbps QSFP+ interfaces on EX4300 switches are configured into VCPs by default, and the default settings are restored after the device is reset.
After this initial preparation, you can use one of three methods to convert your switches into satellite devices—autoconversion, manual conversion, or preconfiguration. See Configuring or Expanding a Junos
Fusion Enterprise for detailed configuration steps for each method.

Converting a Satellite Device to a Standalone Switch

In the event that you need to convert a satellite device to a standalone device, you will need to install a new Junos OS software package on the satellite device and remove the satellite device from the Junos Fusion topology.
The following steps explain how to download software, remove the satellite device from the Junos Fusion, and install the Junos OS software image on the satellite device so that the device can operate as a standalone device.
62
1. Using a Web browser, navigate to the Junos OS software download URL on the Juniper Networks webpage:
https://www.juniper.net/support/downloads
2. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
3. Select By Technology > Junos Platform > Junos Fusion from the menu and select the switch platform series and model for your satellite device.
4. Select the software image for your platform. For satellite device software requirements, see
Understanding Junos Fusion Enterprise Software and Hardware Requirements.
5. Review and accept the End User License Agreement.
6. Download the software to a local host.
Copy the software to the routing platform or to your internal software distribution site.
7. Remove the satellite device from the automatic satellite conversion configuration.
If automatic satellite conversion is enabled for the satellite device’s member number, remove the member number from the automatic satellite conversion configuration. The satellite device’s member number is the same as the FPC slot ID.
[edit]
user@aggregation-device# delete chassis satellite-management auto-satellite-conversion
satellite member-number
For example, to remove member number 101 from the Junos Fusion:
[edit] user@aggregation-device# delete chassis satellite-management auto-satellite-conversion
satellite 101
You can check the automatic satellite conversion configuration by entering the show command at the [edit chassis satellite-management auto-satellite-conversion] hierarchy level.
8. Commit the configuration.
To commit the configuration to both Routing Engines:
[edit] user@aggregation-device# commit synchronize
63
To commit the configuration to a single Routing Engine:
[edit] user@aggregation-device# commit
9. Install Junos OS on the satellite device to convert the device to a standalone device.
[edit] user@aggregation-device> request chassis satellite install URL-to-software-package fpc-slot
member-number
For example, to install a software package stored in the /var/tmp directory on the aggregation device onto an EX4300 switch acting as the satellite device using FPC slot 102:
[edit] user@aggregation-device> request chassis satellite install
/var/tmp/jinstall-ex-4300-14.1X53-D35.3-domestic-signed.tgz fpc-slot 102
The satellite device stops participating in the Junos Fusion topology once the software installation starts. The software upgrade starts after this command is entered.
10. Wait for the reboot that accompanies the software installation to complete.
11. When you are prompted to log back in to your device, uncable the device from the Junos Fusion topology. See or Remove a Transceiver. Your device is removed from the Junos Fusion.
NOTE: The device uses a factory-default configuration after the Junos OS installation is
complete.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 15.1,
16.1 and 16.2 are EEOL releases. You can upgrade from Junos OS Release 15.1 to Release 16.1 or even
from Junos OS Release 15.1 to Release 16.2. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.
64
To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see
https://www.juniper.net/support/eol/junos.html.

Downgrading from Release 17.1

Junos Fusion Enterprise is first supported in Junos OS Release 16.1R1, although you can downgrade a standalone EX9200 switch to earlier Junos OS releases.
NOTE: It is not recommended to downgrade the aggregation device from 17.1 to 16.1 if there
are cluster satellite devices in the setup.
To downgrade a Junos Fusion Enterprise from Junos OS Release 17.1 to 16.1, you must first downgrade the satellite software version on the satellite devices from 3.0R1 to 2.0R1.
1. Downgrade the satellite software on the satellite devices from 3.0R1 to 2.0R1:
user@aggregation-device> request system software add satellite-2.0R1-signed.tgz no-validate
upgrade-group cluster1
After the satellite devices are downgraded to satellite software 2.0R1, they will not show as being online until the aggregation device is downgraded to 16.1.
2. Downgrade the aggregation device. Follow the procedure for upgrading, but replace the 17.1 junos-install package with one that corresponds to the appropriate release.
NOTE: You cannot downgrade more than three releases.
For more information, see the Installation and Upgrade Guide.
SEE ALSO
New and Changed Features | 44
65
Changes in Behavior and Syntax | 49
Known Behavior | 50
Known Issues | 53
Resolved Issues | 55
Documentation Updates | 56
Product Compatibility | 65

Product Compatibility

IN THIS SECTION
Hardware and Software Compatibility | 65
Hardware Compatibility Tool | 66

Hardware and Software Compatibility

For a complete list of all hardware and software requirements for a Junos Fusion Enterprise, including which Juniper Networks devices function as satellite devices, see Understanding Junos Fusion Enterprise
Software and Hardware Requirements in the Junos Fusion Enterprise User Guide.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.
SEE ALSO
New and Changed Features | 44
Changes in Behavior and Syntax | 49
Known Behavior | 50
Known Issues | 53
Resolved Issues | 55
Documentation Updates | 56
Migration, Upgrade, and Downgrade Instructions | 56
66

Junos OS Release Notes for Junos Fusion Provider Edge

IN THIS SECTION
New and Changed Features | 67
Changes in Behavior and Syntax | 68
Known Behavior | 69
Known Issues | 69
Resolved Issues | 70
Documentation Updates | 71
Migration, Upgrade, and Downgrade Instructions | 72
Product Compatibility | 80
These release notes accompany Junos OS Release 17.1R2 for the Junos Fusion Provider Edge. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at http://www.juniper.net/techpubs/software/junos/.

New and Changed Features

IN THIS SECTION
Release 17.1R2 New and Changed Features | 67
Release 17.1R1 New and Changed Features | 67
This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for Junos Fusion Provider Edge.
67

Release 17.1R2 New and Changed Features

There are no new features or enhancements to existing features for Junos Fusion Provider Edge in Junos
OS Release 17.1R2.

Release 17.1R1 New and Changed Features

Junos Fusion
Support for satellite device clustering—Starting in Junos OS Release 17.1R1, Junos Fusion Provider
Edge supports satellite device clustering. Satellite device clustering enables you to connect up to 10 satellite devices into a single cluster, and to connect the satellite device cluster to the aggregation device as a single group instead of as individual satellite devices.
[See Understanding Satellite Device Clustering in a Junos Fusion.]
Support for LLDP-MED with VoIP integration—Starting in Junos OS Release 17.1R1, Junos Fusion
Provider Edge supports Link Layer Discovery Protocol–Media Endpoint Discovery (LLDP-MED) with VoIP integration on the extended ports of satellite devices in a VoIP network. LLDP-MED with VoIP integration is an extension of LLDP that is used to support device discovery of VoIP telephones and to create location databases for these telephone locations.
[See Understanding LLDP and LLDP-MED on Junos Fusion..]
SEE ALSO
Changes in Behavior and Syntax | 68
Known Behavior | 69
Known Issues | 69
Resolved Issues | 70
Documentation Updates | 71
Migration, Upgrade, and Downgrade Instructions | 72
Product Compatibility | 80

Changes in Behavior and Syntax

IN THIS SECTION
68
System Management | 68
This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands in Junos OS Release 17.1R2 for Junos Fusion Provider Edge.

System Management

Peers option not supported in batch configuration mode— Starting in Junos OS Release 17.1R1, the
peers option at the [edit system commit] hierarchy level is not supported in batch configuration mode.
SEE ALSO
New and Changed Features | 67
Known Behavior | 69
Known Issues | 69
Resolved Issues | 70
Documentation Updates | 71
Migration, Upgrade, and Downgrade Instructions | 72
Product Compatibility | 80

Known Behavior

There are no known behaviors, system maximums, and limitations in hardware and software in Junos OS Release 17.1R2 for Junos Fusion Provider Edge.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
SEE ALSO
New and Changed Features | 67
Changes in Behavior and Syntax | 68
Known Issues | 69
Resolved Issues | 70
Documentation Updates | 71
69
Migration, Upgrade, and Downgrade Instructions | 72
Product Compatibility | 80

Known Issues

IN THIS SECTION
Junos Fusion | 70
This section lists the known issues in hardware and software in Junos OS Release 17.1R2 for Junos Fusion Provider Edge.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Junos Fusion

Junos Fusion transit traffic fails between two VLANS on the same extended port. As a workaround,
configure extended port with LAG.PR1264900
SEE ALSO
New and Changed Features | 67
Changes in Behavior and Syntax | 68
Known Behavior | 69
Resolved Issues | 70
Documentation Updates | 71
Migration, Upgrade, and Downgrade Instructions | 72
Product Compatibility | 80
70

Resolved Issues

IN THIS SECTION
Resolved Issues: 17.1R2 | 71
Resolved Issues: 17.1R1 | 71
This section lists the issues fixed in the Junos OS main release and the maintenance releases.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 17.1R2

Junos Fusion Provider Edge
LACP on extended ports does not come up after GRES Routing Engine switchover event on
MX104.PR1262674

Resolved Issues: 17.1R1

Junos Fusion
Junos OS to satellite conversion initiated from aggregation device must use SNOS 3.0, SNOS 1.0R5, or
SNOS 2.0R2.PR1249877
SEE ALSO
New and Changed Features | 67
71
Changes in Behavior and Syntax | 68
Known Behavior | 69
Known Issues | 69
Documentation Updates | 71
Migration, Upgrade, and Downgrade Instructions | 72
Product Compatibility | 80

Documentation Updates

There are no errata or changes in Junos OS Release 17.1R2 for Junos Fusion Provider Edge documentation.
SEE ALSO
New and Changed Features | 67
Changes in Behavior and Syntax | 68
Known Behavior | 69
Known Issues | 69
Resolved Issues | 70
Migration, Upgrade, and Downgrade Instructions | 72
Product Compatibility | 80

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION
Basic Procedure for Upgrading an Aggregation Device | 72
Upgrading an Aggregation Device with Redundant Routing Engines | 75
Preparing the Switch for Satellite Device Conversion | 75
Converting a Satellite Device to a Standalone Device | 76
Upgrading an Aggregation Device | 79
Upgrade and Downgrade Support Policy for Junos OS Releases | 79
Downgrading from Release 17.1 | 79
72
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for Junos Fusion Provider Edge. Upgrading or downgrading Junos OS might take several hours, depending on the size and configuration of the network.

Basic Procedure for Upgrading an Aggregation Device

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and
Upgrade Guide.
NOTE: Before upgrading, back up the file system and the currently active Junos OS configuration
so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:
user@host> request system snapshot
The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files), might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. See the Junos OS Administration Library.
The download and installation process for Junos OS Release 16.1R1 and later is different that for earlier Junos OS releases.
73
1. Using a Web browser, navigate to the Download Software URL on the Juniper Networks webpage:
https://www.juniper.net/support/downloads/
2. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
3. Select By Technology > Junos Platform > Junos Fusion to find the software that you want to download.
4. Select the release number (the number of the software version that you want to download) from the Version drop-down list to the right of the page.
5. Select the Software tab.
6. Select the software package for the release.
7. Review and accept the End User License Agreement.
8. Download the software to a local host.
9. Copy the software to the routing platform or to your internal software distribution site.
10. Install the new jinstall package on the aggregation device.
NOTE: We recommend that you upgrade all software packages out-of-band using the console,
because in-band connections are lost during the upgrade process.
NOTE: We highly recommend that you see 64-bit Junos OS software when implementing
Junos Fusion Provider Edge.
For upgrades from Junos Release 14.2 and earlier:
user@host> request system software add no-validate reboot source/package-name
All other upgrades:
user@host> request system software add validate reboot source/package-name
74
Replace source with one of the following values:
/pathname—For a software package that is installed from a local directory on the router.
For software packages that are downloaded and installed from a remote location:
ftp://hostname/pathname
http://hostname/pathname
scp://hostname/pathname (available only for the Canada and U.S. version)
The validate option validates the software package against the current configuration as a prerequisite for adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is for a different release.
Adding the reboot command reboots the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
NOTE: After you install a Junos OS Release 17.1R2 jinstall package, you cannot return to the
previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrading an Aggregation Device with Redundant Routing Engines

If the aggregation device has two Routing Engines, perform a Junos OS installation on each Routing Engine separately as follows to minimize disrupting network operations:
1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine and save the configuration change to both Routing Engines.
2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.
3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.
4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.
For the detailed procedure, see the Installation and Upgrade Guide.

Preparing the Switch for Satellite Device Conversion

75
Satellite devices in a Junos Fusion topology use a satellite software package that is different from the standard Junos OS software package. Before you can install the satellite software package on a satellite device, you first need to upgrade the target satellite device to an interim Junos OS software version that can be converted to satellite software. For satellite device hardware and software requirements, see
Understanding Junos Fusion Software and Hardware Requirements
Customers with EX4300 switches, use the following command:
user@host> request system software add validate reboot
source/jinstall-ex-4300-14.1X53-D30.3-domestic-signed.tgz
Customers with QFX5100 switches, use the following command:
user@host> request system software add validate reboot
source/jinstall-qfx-5-14.1X53-D30.3-domestic-signed.tgz
When the interim installation has completed and the switch is running a version of Junos OS that is compatible with satellite device conversion, perform the following steps:
1. Log in to the device using the console port.
2. Clear the device:
[edit]
user@satellite-device# request system zeroize
NOTE: The device reboots to complete the procedure for resetting the device.
If you are not logged in to the device using the console port connection, your connection to the device is lost after you enter the request system zeroize command.
If you lose your connection to the device, log in using the console port.
3. (EX4300 switches only) After the reboot is complete, convert the built-in 40-Gbps QSFP+ interfaces from Virtual Chassis ports (VCPs) into network ports:
user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port port-number
For example, to convert all four built-in 40-Gbps QSFP+ interfaces on an EX4300-24P switch into network ports:
76
user@satellite-device>request virtual-chassis vc-port delete pic-slot 1 port 0 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 1 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 2 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 3
This step is required for the 40-Gbps QSFP+ interfaces that will be used as uplink interfaces in a Junos Fusion topology. Built-in 40-Gbps QSFP+ interfaces on EX4300 switches are configured into VCPs by default, and the default settings are restored after the device is reset.
After this initial preparation, you can use one of three methods to convert your switches into satellite devices—autoconversion, manual conversion, and preconfiguration. See Configuring Junos Fusion Provider
Edge for detailed configuration steps for each method.

Converting a Satellite Device to a Standalone Device

In the event that you need to convert a satellite device to a standalone device, you will need to install a new Junos OS software package on the satellite device and remove the satellite device from the Junos Fusion topology.
NOTE: If the satellite device is a QFX5100 switch, you need to install a PXE version of Junos
OS. The PXE version of Junos OS is software that includes pxe in the Junos OS package name when it is downloaded from the Software Center—for example, the PXE image for Junos OS Release 14.1X53-D30 is named install-media-pxe-qfx-5-14.1X53-D30.3.tgz. If the satellite device is an EX4300 switch, you install a standard jinstall-ex-4300 version of Junos OS.
The following steps explain how to download software, remove the satellite device from Junos Fusion, and install the Junos OS software image on the satellite device so that the device can operate as a standalone device.
1. Using a Web browser, navigate to the Junos OS software download URL on the Juniper Networks webpage:
https://www.juniper.net/support/downloads
2. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
77
3. Select By Technology > Junos Platform > Junos Fusion from the drop-down list and select the switch platform series and model for your satellite device.
4. Select the Junos OS Release 14.1X53-D30 software image for your platform.
5. Review and accept the End User License Agreement.
6. Download the software to a local host.
7. Copy the software to the routing platform or to your internal software distribution site.
8. Remove the satellite device from the automatic satellite conversion configuration.
If automatic satellite conversion is enabled for the satellite device’s member number, remove the member number from the automatic satellite conversion configuration. The satellite device’s member number is the same as the FPC slot ID.
[edit] user@aggregation-device# delete chassis satellite-management auto-satellite-conversion
satellite member-number
For example, to remove member number 101 from Junos Fusion:
[edit]
user@aggregation-device# delete chassis satellite-management auto-satellite-conversion
satellite 101
You can check the automatic satellite conversion configuration by entering the show command at the [edit chassis satellite-management auto-satellite-conversion] hierarchy level.
9. Commit the configuration.
To commit the configuration to both Routing Engines:
[edit] user@aggregation-device# commit synchronize
Otherwise, commit the configuration to a single Routing Engine:
[edit] user@aggregation-device# commit
78
10. Install the Junos OS software on the satellite device to convert the device to a standalone device.
[edit] user@aggregation-device> request chassis satellite install URL-to-software-package fpc-slot
member-number
For example, to install a PXE software package stored in the /var/tmp directory on the aggregation device onto a QFX5100 switch acting as the satellite device using FPC slot 101:
[edit] user@aggregation-device> request chassis satellite install
/var/tmp/install-media-pxe-qfx-5-14.1X53-D30.3.tgz fpc-slot 101
For example, to install a software package stored in the var/tmp directory on the aggregation device onto an EX4300 switch acting as the satellite device using FPC slot 101:
[edit] user@aggregation-device> request chassis satellite install
/var/tmp/jinstall-ex-4300-14.1X53-D30.3-domestic-signed.tgz fpc-slot 101
The satellite device stops participating in the Junos Fusion topology once the software installation starts. The software upgrade starts after this command is entered.
11. Wait for the reboot that accompanies the software installation to complete.
12. When you are prompted to log back into your device, uncable the device from the Junos Fusion topology. See Removing a Transceiver from a QFX Series Device or Remove a Transceiver, as needed. Your device has been removed from Junos Fusion.
NOTE: The device uses a factory-default configuration after the Junos OS installation is
complete.

Upgrading an Aggregation Device

When you upgrade an aggregation device to Junos OS Release 17.1R2, you must also upgrade your satellite device to Satellite Device Software version 3.0R1.
79

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 15.1,
16.1 and 16.2 are EEOL releases. You can upgrade from Junos OS Release 15.1 to Release 16.1 or even
from Junos OS Release 15.1 to Release 16.2. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.
To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see
https://www.juniper.net/support/eol/junos.html.

Downgrading from Release 17.1

To downgrade from Release 17.1 to another supported release, follow the procedure for upgrading, but replace the 17.1 jinstall package with one that corresponds to the appropriate release.
NOTE: You cannot downgrade more than three releases.
For more information, see the Installation and Upgrade Guide.
SEE ALSO
New and Changed Features | 67
Changes in Behavior and Syntax | 68
Known Behavior | 69
Known Issues | 69
Resolved Issues | 70
Documentation Updates | 71
80
Product Compatibility | 80

Product Compatibility

IN THIS SECTION
Hardware Compatibility | 80

Hardware Compatibility

Hardware Compatibility
To obtain information about the components that are supported on the devices, and special compatibility guidelines with the release, see the Hardware Guide and the Interface Module Reference for the product.
To determine the features supported on MX Series devices in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. See the Feature
Explorer.
Hardware Compatibility Tool
For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.
SEE ALSO
New and Changed Features | 67
Changes in Behavior and Syntax | 68
Known Behavior | 69
Known Issues | 69
Resolved Issues | 70
Documentation Updates | 71
Migration, Upgrade, and Downgrade Instructions | 72
81

Junos OS Release Notes for MX Series 5G Universal Routing Platforms

IN THIS SECTION
New and Changed Features | 82
Changes in Behavior and Syntax | 106
Known Behavior | 117
Known Issues | 120
Resolved Issues | 130
Documentation Updates | 147
Migration, Upgrade, and Downgrade Instructions | 148
Product Compatibility | 156
These release notes accompany Junos OS Release 17.1R2 for the MX Series routers. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at http://www.juniper.net/techpubs/software/junos/.

New and Changed Features

IN THIS SECTION
Release 17.1R2 New and Changed Features | 82
Release 17.1R1 New and Changed Features | 84
This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for MX Series.
82

Release 17.1R2 New and Changed Features

Interfaces and Chassis
Enhancement to ambient-temperature statement (MX Series)—In Junos OS Release 17.1R2 and later,
the default ambient temperature is set at 40° C on MX480, MX960, MX2010, and MX2020 Universal Routing Platforms. You can override ambient temperature by setting the temperature at 55° C or 25° C.
[edit] user@router# set chassis ambient-temperature ? Possible completions: 25C 25 degree celsius 40C 40 degree celsius 55C 55 degree celsius [edit]
When a router restarts, the system adjusts the power allocation or the provisioned power for the line cards on the basis of the configured ambient temperature. If enough power is not available, a minor chassis alarm is raised. However, the chassis continues to run with the configured ambient temperature. You can configure a new higher ambient temperature only after you make more power available by adding new power supply modules or by taking a few line cards offline. By using the provisioned power that is saved by configuring a lower ambient temperature, you can bring more hardware components online.
Routing Protocols
IGP cost calculation for next-hop-based dynamic tunnels(MX Series)—Starting in Junos OS Release
17.1R2, IGP cost calculation is supported for next-hop-based dynamic tunnels. In multihoming networks with next-hop-based GRE or UDP tunnel, rpd chooses the best path by calculating IGP metrics. However, in single-homed networks, rpd installs the tunnel composite next hop in the Packet Forwarding Engine without any IGP cost calculation.
In earlier Junos OS releases, BGP preferred a path with the lowest router ID, which was not cost effective. When multiple PE devices advertise the same route, BGP did not take into account the IGP cost to those devices. This new feature allows BGP to choose an IGP path with the lowest metric and set up a tunnel to a PE device with the lowest cost. Note that in the absence of IGP connectivity, Junos OS does not install the advertised routes in the Packet Forwarding Engine or create a dynamic tunnel.
Subscriber Management and Services
Configurable grace period for unresponsive RADIUS servers (MX Series)—Starting in Junos OS Release
17.1R2, you can use the timeout-grace statement at the [edit access radius-options] hierarchy level to configure a grace period that determines when an unresponsive RADIUS authentication server is marked as down or unreachable. When the server fails to respond to any of the attempts made for an authentication request, it times out, the time is noted, and the grace period begins. If the server is unresponsive for subsequent authentication requests, the grace period is checked each time the server times out. When the check determines that the grace period has expired, the server is marked as down or unreachable.
83
You can configure the grace period in the range 0 through 30 seconds; the default is 10 seconds. Use a short grace period to declare servers unavailable sooner and direct requests to available servers. Use a long grace period to give unresponsive servers more opportunities to respond.
In earlier releases, the grace period is 10 seconds and is not configurable.
Support for excluding tunnel attributes from RADIUS Access-Request messages (MX Series)—Starting
in Junos OS Release 17.1R2, you can use the exclude statement at the [edit access profile profile-name radius attribute] hierarchy level to exclude the following tunnel attributes from RADIUS Access-Request
messages in addition to the previously supported Accounting-Start, and Accounting-Stop messages:
acct-tunnel-connection—RADIUS attribute 68, Acct-Tunnel-Connection
tunnel-assignment-id—RADIUS attribute 82, Tunnel-Assignment-Id
tunnel-client-auth-id—RADIUS attribute 90, Tunnel-Client-Auth-Id
tunnel-client-endpoint—RADIUS attribute 66, Tunnel-Client-Endpoint
tunnel-medium-type—RADIUS attribute 65, Tunnel-Medium-Type
tunnel-server-auth-id—RADIUS attribute 91, Tunnel-Server-Auth-Id
tunnel-server-endpoint—RADIUS attribute 67, Tunnel-Server-Endpoint
tunnel-type—RADIUS attribute 64, Tunnel-Type

Release 17.1R1 New and Changed Features

Hardware
Support for ODU path delay measurement for 100-Gigabit DWDM OTN MIC and 100-Gigabit DWDM
OTN PIC (MX Series)—Starting in Junos OS Release 17.1R1, Junos OS supports ODU path delay measurement for the 100-Gigabit DWDM OTN MIC (MIC3-100G-DWDM) on MPC3E (MX-MPC3E-3D) and MPC3E-NG (MPC3E-3D-NG) on MX Series routers and for the 100-Gigabit Ethernet DWDM OTN PIC (PTX-5-100G-WDM) on PTX3000 and PTX5000 routers. Delay is measured by transmitting a known pattern (delay measurement pattern) in a selected bit of the delay measurement (DM) field and measuring the number of frames that are missed when the delay measurement pattern is received at the transmitting end (local interface).
To enable delay measurement, first enable looping of the delay measurement pattern at the remote interface by including the remote-loop-enable statement at the [edit interfaces interfacename otn-options odu-delay-management] hierarchy level. Then, measure the delay by including the start-measurement statement at the [edit interfaces interfacename otn-options odu-delay-management] hierarchy level. Use the stop-measurement statement to stop measuring the delay. To disable looping of the delay measurement pattern at the remote interface, use the no-remote-loop-enable statement.
84
1-port 100-Gigabit DWDM OTN MIC with CFP2 (MX240, MX480, MX960, MX2010, and
MX2020)—Starting in Junos OS release 17.1R1, support is provided for the 1-port 100-Gigabit Ethernet dense wavelength division multiplexing (DWDM) optical transport network (OTN) MIC (MIC3-100G-DWDM) with CFP2 analog coherent optical (CFP2-ACO) pluggable optics on MPC3E (MX-MPC3E-3D) and MPC3E NG (MPC3E-3D-NG). The 100-Gigabit Ethernet DWDM OTN MIC supports the following features:
Transparent transport of 100-Gigabit Ethernet signals with optical channel transport unit, OTU4 (V)
framing
Dual-polarization quadrature phase shift keying (DP-QPSK) modulation with coherent receiver and
soft-decision forward error correction (SD-FEC) for long-haul and metro applications
International Telecommunication Union (ITU)-standard OTN performance monitoring and alarm
management
Extensive optical, digital signal processing (DSP), and bit error ratio (BER) performance monitoring
statistics for the optical link
[See 100-Gigabit DWDM OTN MIC with CFP2-ACOand Configuring OTN Interfaces on
MIC3-100G-DWDM MIC.]
Class of Service (CoS)
Copy ToS bits from incoming IP header to outer GRE IP header (MX Series with MPCs)—Starting in
Junos OS Release 17.1R1, you can set GRE tunnel interfaces to copy the ToS bits (DSCP value) from the incoming IPv4 header to the outer GRE IP header for transit traffic. You can set this at the individual GRE interface level by including the copy-tos-to-outer-ip-header-transit statement at the [edit interfaces
gr-fpc/pic/port unit logical-unit-number] hierarchy level, or globally by including the copy-tos-to-outer service-type ([ gre ] | [ mt ]) statement at the [edit chassis] hierarchy level.
You can also now rewrite the DSCP/IP precedence value in both the inner and outer headers with the
rewrite rules ([ dscp ] | [ inet-precedence ]) default protocol ([ inet-both ] | [ inet-outer ]) statement at the [edit class-of-service interfaces interface-name] hierarchy level.
[See Configuring a GRE Tunnel to Copy ToS Bits to the Outer IP Header.]
EVPNs
Support for multihoming in an MSAN scenario with EVPN (MX Series routers with MPCs)—Starting in Junos OS Release 17.1R1, the EVPN multihoming feature enables you to connect a customer site to two or more provider edge (PE) devices to provide redundant connectivity. A customer edge (CE) device can be multihomed to different PE devices or the same PE device. A redundant PE device can provide network service to the customer site as soon as a failure is detected. Thus, EVPN multihoming helps maintain EVPN service and traffic forwarding to and from the multihomed site in case of network failures such as:
85
Failure of the link between PE device to CE device
PE device failure
MPLS-reachability failure between the local PE device and a remote PE device
[See EVPN Multihoming Overview.]
Support for VPWS with EVPN signaling mechanisms (MX Series)—The Ethernet VPN (EVPN)-virtual
private wire service (VPWS) network provides a framework for delivering the VPWS with EVPN signaling mechanisms. The VPWS with EVPN signaling mechanisms supports single-active or all-active multihoming capabilities and inter-autonomous system (AS) options associated with BGP-signaled VPNs. Starting with Junos OS Release 17.1R1, the vpws-service-id statement identifies the endpoints of the EVPN-VPWS network based on the local and remote identifiers configured on the provider edge (PE) routers in the network. These endpoints are autodiscovered by BGP and are used to exchange the service labels (learned from the respective PE routers) that are used by autodiscovered routes per EVPN instance (EVI).
Use the show evpn vpws-instance command to verify the routes and interfaces of the VPWS instance of the EVPN.
[See Overview of VPWS Service with EVPN Signaling Mechanisms.]
Support for inter-data center connectivity over pure Layer 3 network with EVPN (MX Series routers with MPCs)—Starting in Junos OS Release 17.1R1, the control plane EVPN Type-5 supports IP prefix
for inter-subnet connectivity across data centers. The data packet is sent as the L2 Ethernet frame encapsulated in the VXLAN header over the IP network across the data centers to reach the tenant through the connectivity provided by the EVPN Type-5 IP prefix route.
[See EVPN Type-5 Route with VXLAN encapsulation for EVPN/VXLAN.]
Support for LACP in EVPN active-active multihoming (MX Series routers with MPCs)—Starting with
Junos OS Release 17.1R1, an extra level of redundancy can be achieved in an Ethernet VPN (EVPN) active-active multihoming network by configuring the Link Aggregation Control Protocol (LACP) on both the endpoints of the link between the multihomed customer edge (CE) and provider edge (PE) devices. The link aggregation group (LAG) interface of the multihomed CE-PE link can either be in the active or in the standby state. The interface state is monitored and operated by LACP to ensure fast convergence on isolation of a multihomed PE device from the core.
When there is a core failure, a traffic black hole can occur at the isolated PE device. With the support for LACP on the CE-PE link, at the time of core isolation, the CE-facing interface of the multihomed PE device is set to the standby state, thereby blocking data traffic transmission from and toward the multihomed CE device. After the core recovers from the failure, the interface state is switched back from standby to active.
86
To configure LACP in an EVPN active-active multihoming network:
On the multihomed CE device
Include the lacp active statement at the [edit interfaces aex aggregated-ether-options] hierarchy.
On the multihomed PE device
Include the lacp active statement at the [edit interfaces aex aggregated-ether-options] hierarchy.
Include the service-id number statement at the [edit switch-options] hierarchy.
[See Example: Configuring LACP for EVPN Active-Active Multihoming.]
Support for IPv6 over IRB interfaces with EVPN (MX Series routers with MPCs)—Starting in Junos OS Release 17.1R1, IPv6 addresses are supported on IRB interfaces with EVPN using the Neighbor Discovery Protocol (NDP). The following capabilities are introduced for IPv6 support with EVPN:
IPv6 addresses on IRB interfaces in master routing instances
Learning IPv6 neighborhood from solicited NA message
NS and NA packets on the IRB interfaces are disabled from network core
Virtual gateway addresses are used as Layer 3 addresses
Host MAC-IP synchronization for IPv6
You can configure the IPv6 addresses in the IRB interface at the [edit interfaces irb] hierarchy level.
[See EVPN with IRB Solution Overview.]
Support for VLAN bundle service for EVPN (MX Series)—Starting in Junos OS Release 17.1R1, Junos
OS supports the VLAN bundle service for EVPN. The VLAN bundle service maps multiple VLAN IDs to one EVPN instance. Because a separate instance for each VLAN ID is not needed, this feature lowers the control plane overhead on the router by reducing the number of EVPN instances.
[See VLAN Bundle Service for EVPN.]
General Routing
PHY timestamping support for MIC-3D-20GE-SFP-EH, MIC-3D-20GE-SFP-E, and built-in 10-Gigabit
Ethernet ports (MX104)—Starting with Junos OS Release 17.1R1, timestamping at the physical layer, also known as PHY timestamping, is supported on MIC-3D-20GE-SFP-EH, MIC-3D-20GE-SFP-E, and the built-in 10-Gigabit Ethernet ports on MX104 routers. PHY timestamping is the timestamping of the IEEE 1588 event packets at the physical layer. Timestamping the packet at the physical layer eliminates the noise or the packet delay variation (PDV) that is introduced by the Packet Forwarding Engine.
To enable PHY timestamping on MX104 routers, include the phy-timestamping statement at the edit [protocols ptp] hierarchy level.
87
[See PHY Timestamping.]
Support for PTP over Ethernet, hybrid mode, and G.8275.1 profile (MPC5E and MX104)—Starting in
Junos OS Release 17.1R1, MPC5E and MX104 support the following features:
PTP over Ethernet—PTP over Ethernet enables effective implementation of packet-based technology
that enables the operator to deliver synchronization services on packet-based mobile backhaul networks. PTP over Ethernet uses multicast addresses for communication of PTP messages between the slave clock and the master clock.
Hybrid mode—In hybrid mode, the synchronous Ethernet equipment clock (EEC) derives the frequency
from Synchronous Ethernet and the phase and time of day from PTP.
G.8275.1 profile—G.8275.1 is a PTP profile for applications that require accurate phase and time
synchronization. It supports the architecture defined in ITU-T G.8275 to enable the distribution of phase and time with full timing support and is based on the second version of PTP defined in IEEE
1588. You can configure the G.8275.1 profile by including the profile-type g.8275.1 statement at the [edit protocols ptp] hierarchy level.
[See Profile Type.]
High Availability (HA) and Resiliency
ISSU Feature Explorer—The unified ISSU Feature Explorer is an interactive tool that you can use to
verify your device’s unified ISSU compatibility with different Junos OS releases.
[See ISSU Feature Explorer.]
Support for unified ISSU on MX Series routers and MX Series Virtual Chassis with MPC3E-3D-NG,
MPC3E-3D-NG-Q, MPC2E-3D-NG, MPC2E-3D-NG-Q, and MPC5E (MX240, MX480, MX960, MX2010,
and MX2020)—Starting with Junos OS Release 17.1R1, unified in-service software upgrade (ISSU) is
supported on MX Series routers and MX Series Virtual Chassis with MPC3E-3D-NG, MPC3E-3D-NG-Q, MPC2E-3D-NG, MPC2E-3D-NG-Q, and MPC5E.
Unified ISSU is supported on MPC5E with the following MICs in non-OTN mode:
3X40GE QSFPP
12X10GE-SFPP OTN
1X100GE-CFP2
2X10GE SFPP OTN
NOTE: Unified ISSU is not supported on MPC3E-3D-NG, MPC3E-3D-NG-Q, MPC2E-3D-NG,
and MPC2E-3D-NG-Q with the following MICs:
MS-MIC-16G
MIC-3D-8DS3-E3
88
MIC-3D-1OC192-XFP
Unified ISSU enables you to upgrade between two different Junos OS releases with no disruption on the control plane and with minimal disruption of traffic.
[See Protocols and Applications Supported by MX240, MX480, MX960, MX2010, and MX2020 MPC2E,
Protocols and Applications Supported by the MX240, MX480, MX960, MX2010, and MX2020 MPC3E,
and Protocols and Applications Supported by the MX240, MX480, MX960, MX2010, and MX2020
MPC5Es.]
Unified in-service software upgrade support for 100-Gigabit DWDM OTN MIC (MX960)—Starting with
Junos OS Release 17.1R1, unified in-service software upgrade (unified ISSU) is supported for the 1-port 100-Gigabit Ethernet dense wavelength division multiplexing (DWDM) OTN MIC (MIC3-100G-DWDM) on MX960 routers with MPC3E (MX-MPC3E-3D) and MPC3E-NG (MX-MPC3E-NG).
Unified ISSU is a process to upgrade the system software with minimal disruption of transit traffic and no disruption of the control plane. You can use unified ISSU only to upgrade to a later version of the system software. When unified ISSU completes, the new system software state is identical to that of the system software when the system upgrade is performed through a cold boot.
[See Unified ISSU System Requirements.]
New options for the show vrrp track command (MX Series)—Starting with Junos OS Release 17.1R1,
the show vrrp track routes command gives you the option to view all tracked routes. Another new option for the show vrrp track command, all, is equivalent to the already existing command show vrrp track.
[See show vrrp track.]
Interfaces and Chassis
Getting load-balancing hash result information (MX Series)—Starting in Junos OS Release 17.1R1, you can get the details for load-balancing hash results. You can get information for up to three levels of load balancing.
To get load-balancing results for routed IPv4, IPv6, and other L3 traffic, use the show forwarding-options
load-balance ingress-interface <interface-name> family <family-type> source-address <src-IP> destination-address <dest-IP> transport-protocol <transport-protocol> source-port <src-port> destination-port <dest-port> tos <TOS> command. To get load-balancing results for raw packet dumps, use the show forwarding-options load-balance ingress-interface <interface-name> family <family-type> packet-dump <pkt-dump> command.
[See show forwarding-options load-balance.]
Support for PPP-TCC encapsulation on MIC-3D-16CHE1-T1-CE (MX Series)—Starting in Junos OS
Release 17.1R1, Junos OS supports PPP-TCC encapsulation on channelized E1/T1 Circuit Emulation MIC (MIC-3D-16CHE1-T1-CE). PPP-TCC encapsulation is used for circuits with different media on either sides of the connection.
89
Removing the native VLAN ID from untagged traffic (MX Series)—Starting in Junos OS Release 17.1R1, you can send untagged traffic without a native VLAN ID to the remote end of the network. To do this, remove the native VLAN ID from the untagged traffic configuration by setting the no-native-vlan-insert statement. If you do not configure this statement, the native VLAN ID is added to the untagged traffic.
[See Sending Untagged Traffic Without VLAN ID to Remote End.]
Inline MultilinkPPP, Multilink FrameRelay, and Multilink FrameRelay End-to-End for time-division
multiplexing WAN interfaces (MX Series)—The ability to provide bundling services through the Packet Forwarding Engine without requiring a PIC or DPC by using inline Multilink PPP (MLPPP), Multilink Frame Relay (MLFR) FRF.16, and MLFR end-to-end FRF.15 for time-division multiplexing (TDM) WAN interfaces was first rolled out in Junos OS Release 14.1. Starting in Junos OS Release 17.1R1, this feature is also supported on the following MPCs: MPC5E (MX240, MX480, MX960, MX2010, and MX2020 routers) and MPC6E (MX2010 and MX2020 routers). Support includes multiple links on the same bundle as well as multiclass extensions for MLPPP. You can enable bundling services without additional DPC slots, freeing the slots for other MICs.
[See Inline MLPPP for WAN Interfaces Overview, Example: Configuring Inline MLPPP and Multilink
Frame Relay End-to-End (FRF.15) for WAN Interfaces,] and [Example: Configuring Inline Multilink Frame Relay (FRF.16) for WAN Interfaces.]
Enhancement to policer configuration (MX Series)—Starting in Junos OS Release 17.1R1, you can
configure the MPC to take a value in the range 0 through 5 for the policer tick byte by using the policer-limit statement at the [edit chassis] hierarchy level. If this statement is not configured, the policer tick byte can take values up to 7, which is the default behavior. You can use the set chassis policer-limit command to enable this feature.
You must restart the MPC or the router for the changes to take effect.
Support for inline Two-Way Active Measurement Protocol (TWAMP) server and client on MPC7E (MX240, MX480, MX960)—Starting in Junos OS Release 17.1R1, MX Series routers with MPC7E cards
support the inline Two-Way Active Measurement Protocol (TWAMP) control-client and server for transmission of TWAMP IPv4 UDP probes between the session-sender (control-client) and the session-reflector (server). The TWAMP control-client and server can also work with a third-party server and control-client implementation.
TWAMP is an open protocol for measuring network performance between any two devices that support TWAMP. To configure the TWAMP server, specify the logical interface on the service PIC that provides the TWAMP service by including the twamp-server statement at the:[edit interfaces si-fpc/pic/ port unit logical-unit-number rpm] hierarchy level. To configure the TWAMP client, include the twamp-client statement at the:[edit interfaces si-fpc/pic/ port unit logical-unit-number rpm] hierarchy level.
[See Two-Way Active Measurement Protocol Overview.]
Support for frame relay inverse ARP on MIC-3D-16CHE1-T1-CE (MX Series)—Starting in Junos OS
Release 17.1R1, Junos OS supports frame relay inverse ARP requests on channelized E1/T1 Circuit Emulation MIC (MIC-3D-16CHE1-T1-CE). You can configure MIC-3D-16CHE1-T1-CE to operate in either T1 or E1 mode. By default, all the ports operate in T1 mode.
90
[See Configuring Inverse Frame Relay ARP.]
Layer 2 Features
Enhancement to MAC limit function (MX Series with MPCs)—Starting in Junos OS Release 17.1R1, the
handling of a burst of packets with new source MAC addresses is improved to reduce resource use and processing time. In earlier releases, new source MAC addresses are learned and placed in the MAC table even after the limit is exceeded. The Routing Engine later deletes the MAC address entries that are over the limit.
Now, the learning limit configured with the interface-mac-limit statement for new source MAC addresses is enforced at all levels: global, bridge domain, and VPLS. The MAC table is not updated with any new addresses after the limit has been reached. When any static MAC addresses are configured, the learning limit is the configured limit minus the number of static addresses.
[See Limiting MAC Addresses Learned from an Interface in a Bridge Domain and Limiting the Number
of MAC Addresses Learned from Each Logical Interface.]
Layer 2 VPN
Support for ETH-SLM and ETH-DM on aggregated Ethernet interfaces and LAG members on MPCs (MX Series)—Starting in Junos OS Release 17.1R1, you can configure ITU-T Y.1731 standard-compliant
Ethernet synthetic loss measurement (ETH-SLM) and Ethernet delay measurement (ETH-DM) capabilities on aggregated Ethernet interfaces and LAG members on all MX Series MPCs. These ITU-T Y.1731 OAM services or performance-monitoring techniques can be measured in on-demand mode (triggered through the CLI) or proactive mode (triggered by the iterator application).
91
ETH-SLM is an application that enables the calculation of frame loss by using synthetic frames instead of data traffic. ETH-DM provides fine control to operators for triggering delay measurement on a given service and can be used to monitor service-level agreements (SLAs).
Management
Support for Junos Telemetry Interface sensor for queue depth statistics (MX Series)—Starting with Junos OS Release 17.1R1 , you can configure a Junos Telemetry Interface sensor that exports queue depth statistics for ingress and egress queue traffic. Telemetry data is exported directly from the line card. You can also apply one or more regular expressions to filter data. Include the resource /junos/system/linecard/qmon/ statement at the [edit system services analytics sensor sensor-name] hierarchy level. Only UDP streaming of data is supported. gRPC streaming of queue depth statistics is not currently supported. Only MPC7E, MPC8E, and MPC9E are supported.
[See sensor (Junos Telemetry Interface).]
gRPC support for the Junos Telemetry Interface (MX Series)—Starting with Junos OS Release 17.1R1, the Junos Telemetry Interface supports using a set of gRPC remote procedure call interfaces to provision sensors, subscribe to, and receive telemetry data. gRPC is based on an open source framework and provides secure and reliable transport of data. Use the telemetrySubscribe RPC to specify telemetry parameters and stream data for a specified list of OpenConfig commands paths. Telemetry data is generated as Google protocol buffers (gpb) messages in a universal key/value format. If your Juniper Networks device is running a version of Junos OS with an upgraded FreeBSD kernel, you must download
the Network Agent package, which provides the interfaces to manage gRPC subscriptions. The package is available on the All Junos Platforms software download URL on the Juniper Networks webpage.
[See Understanding OpenConfig and gRPC on Junos Telemetry Interface.]
Support for Junos Telemetry Interface (MX Series)—Starting with Junos OS Release 17.1R1, the Junos Telemetry Interface enables you to export telemetry data from supported interface hardware. Sensor data, such as interface events, are sent directly to configured collection points without involving polling. On MX Series routers, only MPC1 through MPC9E are supported. For sensors that stream data through the User Datagram Protocol, all parameters are configured at the [edit services analytics] hierarchy level. For sensors that stream data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. Not all hardware and sensors are supported in those previous releases.
[See Overview of the Junos Telemetry Interface.]
MPLS
Support for subscriber management over MPLS pseudowire logical interface on virtual chassis (MX
Series)—Starting with Junos OS Release 17.1R1, MPLS pseudowire logical interface for subscriber management is supported on virtual chassis. The functionality of Ethernet interface types such as ae/ge/xe, works on virtual chassis.
92
Support for Layer 2 services provisioning on the services side of the pseudowire service logical interface
(MX Series)—Starting with Junos OS Release 17.1R1, Layer 2 services provisioning such as bridge domain or VPLS instance is possible on the services side of the pseudowire service logical interface anchored to logical tunnel interface.
Prior to Junos OS Release 17.1R1, Layer 2 encapsulations and features such as Spanning Tree Protocol (STP), VLAN and many more could not be configured on pseudowire service on the service logical interface.
[See Layer 2 Services Provisioning on Services Side of Pseudowire Service Interface Overview.]
Support for port mirroring on pseudowire subscriber logical interface (MX Series)—Starting with Junos
OS Release 17.1R1, port mirroring is supported on the services side of an MPLS pseudowire subscriber logical interface.
You can configure pseudowire service interface in the same way as the logical interface or physical interface. The main purpose of port mirroring on pseudowire service interface is to allow configurations of pseudowire service interface as a mirrored interface at Layer 2 and Layer 3 levels as supported by firewall filters.
Support for LDP pseudowire auto-sensing (MX Series)—Starting with Junos OS Release 17.1R1, Label
Distribution Protocol (LDP) pseudowire auto-sensing addresses zero-touch provisioning. LDP pseudowire auto-sensing enables pseudowire headend termination to be dynamically provisioned rather than statically configured. Hence, it is referred to as zero-touch provisioning.
In Junos OS, pseudowire headend termination on service nodes is supported through the use of pseudowire service logical interfaces and physical interfaces. This approach is considered as superior in scalability to the old logical tunnel interface based approach, due to its capability of multiplexing and
demultiplexing subscribers or customers over a single pseudowire. Currently, the creation and deletion of the pseudowire service logical interfaces, pseudowire service physical interfaces, Layer 2 circuits, and Layer 2 VPNs for pseudowire headend termination rely on static configuration. This is not considered as ideal from the perspective of scalability, efficiency, and flexibility, especially in a network where each service node might potentially host a large number of pseudowires.
[See LDP Pseudowire Auto-Sensing Overview.]
Order-aware abstract hops for MPLS LSPs (MX Series)—Junos OS Release 17.1R1 introduces abstract
hops, which are user-defined router clusters or groups that can be sequenced and used for setting up a label-switched path (LSP), similar to real-hop constraints.
The router groups are created using constituent lists that include constituent attributes, which is a logical combination of the existing traffic engineering constraints, such as administrative groups, extended administrative groups, and Shared Risk Link Groups (SRLGs). Ordering among the router groups that satisfy the specified constituent attributes is achieved by using operational qualifiers in the abstract-hop definition.
A path can use a combination of real and abstract hops as constraints. To configure abstract hops, you need to create constituent lists with traffic engineering attributes, include the lists in the abstract-hop definition, and define path constraints that use the abstract hops.
93
[See Abstract Hops For MPLS LSPs Overview and Example: Configuring Abstract Hops for MPLS LSPs.]
Support for extension of pseudowire redundancy condition to logical Interfaces (MX Series)—Starting
with Junos OS Release 17.1R1, pseudowire redundancy condition is supported on MPLS pseudowire subscriber logical interface. This is similar to the pseudowire redundancy feature for mobile backhaul by using the logical tunnel paired (lt-) interfaces.
The primary or backup pseudowire is terminated at the provider edge routers (ps0.0) and the corresponding pseudowire (ps0.1 to ps0.n) service logical interfaces connected to Layer 3 domain by configuring those service logical interfaces in the Layer 3VPN routing instances. There is a Layer 2 circuit across MLPS access node and provider edge with the pseudowire service on transport logical interface (ps0.0) as the local interface of Layer 2 circuit terminating at the provider edge device.
[See Extension of Pseudowire Redundancy Condition Logic to Pseudowire Subscriber Logical Interface
Overview.]
Increased scaling values for MPLS-over-UDP tunnels (MX Series routers with MPCs/MICs)—The
next-hop-based dynamic UDP tunnels are referred to as MPLS-over-UDP tunnels, and support the creation of a tunnel composite next hop for every dynamic tunnel created. Starting in Junos OS Release
17.1, the limit for the maximum number of next-hop-based dynamic MPLS-over-UDP tunnels that can be created on an MX series router with MPCs or MICs is increased. This provides additional scaling advantage for the total number of IP tunnels that can be created on the router.
[See Example: Configuring Next-Hop-Based MPLS-Over-UDP Dynamic Tunnels.]
Multicast
Rate sensitive upstream multicast hop (UMH) selection for multicast VPN source-active routes (MX
Series)—Starting in Junos OS Release 17.1R1, you can use the traffic rate on the ingress PE to trigger the egress PE to use an alternative UHM. Two new commands are introduced to support this feature, min-rate and dampen.
Use this feature, for example, to ensure that egress PEs only receive Source-Active A-D route advertisements from ingress PEs that are receiving traffic at or above a specified rate. Rather than advertising the Source-Active A-D route immediately upon learning of the S,G, the ingress PE waits the time specified in the dampen command for the traffic rate to remain above the min-rate before it sends Source-Active A-D route advertisements. If the rate drops below the threshold, the Source-Active A-D route is withdrawn. These new commands can be found at the [edit routing-instancesinstance-name protocols mvpn mvpn-mode spt-only source-active-advertisement] hierarchy level.
[See min-rate and dampen.]
Network Management and Monitoring
Support for hrProcessorTable object (MX Series)—Starting in Junos OS Release 17.1R1, support is
provided for the hrProcessorTable object (object id: 1.3.6.1.2.1.25.3.3) described in the RFC2790, Host Resources MIB. The hrProcessorTable object provides the load statistics information per CPU for multi-core
devices.
94
[See SNMP MIB Explorer.]
Get and walk support for SNMP Timing MIB objects (MX104)—Starting in Junos OS Release 17.1R1,
the get and walk functionality is supported for the following SNMP timing MIB objects:
jnxPtpClass
jnxPtpGmId
jnxPtpAdvClockClass
jnxPtpUtcOffset
jnxPtpUtcValid
jnxPtpOperationalSlaves
jnxPtpOperationalMaster
jnxPtpServoState
jnxPtpSlaveOffset
jnxTimingFrequencyTraceability
jnxTimingTimeTraceability
jnxClksyncQualityCode
jnxClksyncQualityCodeStr
jnxClksyncIfIndex
jnxClksyncIntfName
jnxClksyncSynceQualityTable
jnxClksyncSynceQualityIntfIndex
jnxClksyncSynceQualityValue
jnxClksyncSynceQualityIntfName
[See SNMP MIB Explorer.]
Support for mplsL3VpnIfConfTable object (MX Series)— Starting in Junos OS Release 17.1R1, support
is provided for the mplsL3VpnIfConfTable object (object id: 1.3.6.1.2.1.10.166.11.1.2.1) described in RFC 4382, MPLS/BGP Layer 3 Virtual Private Network (VPN) MIB. The mplsL3VpnIfConfTable object represents the Layer 3 VPN enabled interfaces that are associated with a specific Virtual Routing and Forwarding (VRF) instance and shows the bitmask values of the supported protocols. The mplsL3VpnIfConfTable object creates entries for the interfaces that are associated with the VRF instances. If an interface is later removed from a VRF instance, the corresponding entry in the mplsL3VpnIfConfTable object gets deleted. To view details of the mplsL3VpnIfConfTable object, use the show snmp mib walk mplsL3VpnIfConfTable command.
95
[See SNMP MIB Explorer.]
Port mirroring enhancements (MX Series)—Starting in Junos OS Release 17.1R1, the port mirroring
feature supports several new enhancements:
Packet mirroring for both ingress and egress directions on subscriber IFLs
Support for the encapsulation of mirrored packets onto per-subscriber L2TP tunnels
Support for the removal of S-VLAN tags from mirrored packets
[See Configuring Protocol-Independent Firewall Filter for Port Mirroring.]
OpenFlow
Destination MAC address rewrites for OpenFlow (MX80, MX240, MX480, and MX960)—Some types of network equipment that function as routers accept and handle packets only if the destination MAC address in the packet is the same as the MAC address of the Layer 3 interface on which the packet is received. To interoperate with these routers, connected devices must also be able to rewrite the destination MAC address of an incoming packet. Starting with Junos OS Release 17.1R1, an OpenFlow controller can configure an MX Series router that supports OpenFlow to rewrite the destination MAC address of an incoming packet.
[See Understanding How the OpenFlow Destination MAC Address Rewrite Action Works.]
Operation, Administration, and Maintenance (OAM)
Enhanced scale support for MIPs per chassis (MXSeries with MPCs)—Starting in Junos OS Release 17.1R1,
Junos OS supports 8000 maintenance association intermediate points (MIPs) per chassis for bridge
domain and VPLS domain interfaces. Increasing the number of MIPs per chassis for specific domains enables effective Ethernet OAM deployment in scaling networks. To support the increased number of MIPs, configure the network services mode on the router as enhanced-ip. If you do not configure the network services mode, then Junos OS supports only 4000 MIPs.
[See Configuring Maintenance Intermediate Points (MIPs).]
Support for sender ID TLV—Starting with Junos OS Release 17.1R1, you can configure Junos OS to
send the sender ID TLV along with the packets. The sender ID TLV is an optional TLV that is sent in continuity check messages (CCMs), loopback messages, and Link Trace Messages (LTMs), as specified in the IEEE 802.1ag standard. The sender ID TLV contains the chassis ID, which is the unique, CFM-based MAC address of the device, and the management IP address, which is an IPv4 or an IPv6 address.
You can enable Junos OS to send the sender ID TLV at the global level by using the set protocols oam
ethernet connectivity-fault-management sendid-tlv and the set protocols oam ethernet connectivity-fault-management sendid-tlv send-chassis-tlv commands. If the sender ID TLV is configured
at the global level, then the default maintenance domain, maintenance association, and the maintenance association intermediate point (MIP) half function inherit this configuration.
The sender ID TLV, if configured at the hierarchy levels mentioned above, takes precedence over the global-level configuration.
96
NOTE: The sender ID TLV is supported only for 802.1ag PDUs and is not supported for
performance monitoring protocol data units (PDUs).
[See Junos OS Support for Chassis ID TLV.]
CFM enhancement for interoperability during unified ISSU (MX Series on MPC1, MPC2, MPC2-NG,
MPC3-NG, MPC5, and MPC6 cards)—Starting in Junos OS Release 17.1R1, Junos OS CFM works during a unified ISSU when the peer device is not a Juniper Networks router. Interoperating with the router of another vendor, the Juniper Networks router retains session information and continues to transmit CCM PDU (continuity check messages) during the unified ISSU upgrade.
To provide this interoperability, enable inline (Packet Forwarding Engine) keepalives with the
hardware-assisted-keepalives statement at the [edit protocols oam ethernet connectivity-fault-management performance-monitoring] hierarchy level. You must also configure the continuity-check interval to 1 second with the interval statement at the [edit protocols oam ethernet connectivity-fault-management maintenance-domain domain-name maintenance-association ma-name continuity-check] hierarchy level. Interoperability during unified ISSU is not supported for any other
interval value.
[See Configuring Connectivity Fault Management for interoperability during Unified In-Service Software
Upgrades.]
Platform and Infrastructure
Virtual broadband network gateway support on virtual MX Series router (vMX)—Starting in Junos OS
Release 17.1R1, vMX supports most of the subscriber management features available with Junos OS Release 17.1 on MX Series routers to provide a virtual broadband network gateway on x86 servers.
vBNG runs on vMX, so it has similar exceptions; the following subscriber management features available on MX Series routers are not supported for vBNG:
High availability features such as hot-standby backup for enhanced subscriber management and MX
Series Virtual Chassis.
To deploy a vBNG instance, you must purchase these licenses:
vMX PREMIUM application package license with 1 Gbps, 5 Gbps, 10 Gbps, or 40 Gbps bandwidth
vBNG subscriber scale license with 1000, 10 thousand, 100 thousand, or 1 million subscriber sessions
for one of these tiers: Introductory, Preferred, or Elite
Virtual MX Series router (vMX)—Starting in Junos OS Release 17.1R1, you can deploy vMX routers on
x86 servers. FreeBSD 10 is the underlying OS for Junos OS for vMX. vMX uses DPDK 2.2 to support improved performance.
97
vMX supports most of the features available on MX Series routers and allows you to leverage Junos OS to provide a quick and flexible deployment. vMX provides the following benefits:
Optimizes carrier-grade routing for the x86 environment
Simplifies operations by consistency with MX Series routers
Introduces new services without reconfiguration of current infrastructure
Routing Protocols
IS-IS import policy and route prioritization ( MX Series)—Beginning with Junos OS Release 17.1R1, you
can prioritize IS-IS routes that are installed in the routing table for better convergence. In a network with a large number of interior gateway protocol prefixes with BGP Layer 3 VPN or label-based pseudowire service established on top of some interior gateway protocol prefixes, it is important to control the order in which routes get updated in the forwarding table.
In previous releases, Junos OS installed IS-IS routes lexicographically in the routing table. Starting with Junos OS Release 17.1R1, you can configure an import policy to prioritize IS-IS routes as per your network requirements. Use a route tag, or filter the routes based on their prefix before setting a priority of high, medium, or low. Use the reject policy option to reject routes from a specific prefix or routes marked with a particular tag. The IS-IS protocol downloads routes to the rpd routing table based on the configured priority. If you do not configure an import policy, all routes are set to a medium priority by default.
[See Example: Configuring a Routing Policy to Prioritize IS-IS Routes.]
Adjustable TCP MSS values (MX Series)—Starting in Junos OS Release 17.1R1, you can use the tcp-mss
statement to configure the maximum segment size (MSS) for transient TCP packets that traverse a router.
Adjusting the TCP MSS value helps reduce the likelihood of fragmentation and packet loss. The tcp-mss statement can be enabled on dynamic interfaces and supports protocols families inet and inet6.
[See tcp-mss.]
BGP advertises multiple add-paths based on community value (MX Series)—Beginning with Junos OS
17.1R1, you can define a policy to identify eligible multiple path prefixes based on community values. BGP advertises these community-tagged routes in addition to the active path to a given destination. If the community value of a route does not match the community value defined in the policy, then BGP does not advertise that route. This feature allows BGP to advertise not more than 20 paths to a given destination. You can limit and configure the number of prefixes that BGP considers for multiple paths without actually knowing the prefixes in advance. Instead, a known BGP community value determines whether or not a prefix is advertised.
[See Example: Configuring a Routing Policy to Select and Advertise Multipaths Based on BGP Community
Value.]
Selective advertising of BGP multiple paths (MX Series)—Beginning with Junos OS Release 17.1R1, you
can restrict BGP add-path to advertise contributor multiple paths only. Advertising all available multiple paths might result in a large overhead of processing on device memory and is a scaling consideration, too. You can limit and configure up to six prefixes that the BGP multipath algorithm selects. Selective advertising of multiple paths facilitates internet service providers and data centers that use route reflector to build in-path diversity in IBGP.
98
[See Example: Configuring Selective Advertising of BGP Multiple Paths for Load Balancing.]
System performance enhancements for rpd, Packet Forwarding Engine, and kernel (MX Series)—Beginning
with Junos OS Release 17.1R1, performance of the routing protocol process (rpd), the Packet Forwarding Engine, and the kernel is enhanced to speed up the process with which the rpd learns the route states and changes, and reflects these changes in the ASIC-based Packet Forwarding Engine residing in the line cards. The key enhancements are faster route download rates when a router comes up after a reboot, or when you add a new line card, and faster update of the data plane in convergence scenarios. We recommend disabling daemons, such as Layer 2 address learning process (l2ald) and connectivity-fault management process (cfmd) —if they are not required— to improve system performance. Though these enhancements are mainly for the MX Series, other platforms might see some performance improvements as well.
Services Applications
Support for inline 6rd and 6to4 (MX Series routers with MPC5Es and MPC6Es)—Starting in Junos OS
Release 17.1R1, you can configure inline 6rd or 6to4 on MPC5Es and MPC6Es. You can use the inline capability to avoid the cost of using MS-DPCs for required tunneling, encapsulation, and decapsulation processes. Anycast is supported for 6 to 4 using next-hop service interfaces. Hairpinning is also supported for traffic between 6rd domains.
[See Tunneling Services for IPv4-to-IPv6 Transition Overview, show services inline softwire statistics, and clear services inline softwire statistics.]
Support for IP reassembly on GRE tunnel interfaces (MX Series routers with MPCs)—Starting in Junos
OS Release 17.1R1, you can configure fragmentation and reasssembly of generic routing encapsulation (GRE) packets on GRE tunnel interfaces on MX Series routers with the following Modular Port Concentrators: MPC2E-NGs, MPC3E-NGs, MPC5Es, and MPC6Es.
[See Configuring Unicast Tunnels.]
Support for 464XLAT PLAT on MS-MPCs and MS-MICs (MX Series)—Starting in Junos OS Release
17.1R1, the XLAT464 provider-side translater (PLAT) is supported on MS-MICs and MS-MPCs. The 464XLAT architecture provides a simple and scalable technique to provide IPv4 client-server connectivity across an IPv6-only network without having to maintain an IPv4 network and assign additional public IPv4 addresses on the customer side.
99
[See 464XLAT Overview.]
Logging and reporting framework (MX Series with MS-MPC and MS-MIC)—Starting in Junos OS Release
17.1R1, the logging and reporting framework (LRF) enables you to log data for subscriber application-aware data sessions and send that data in an IP flow information export (IPFIX) format to an external log collector, using UDP-based transport. These data session logs can include subscriber information, application information, HTTP metadata, data volume, time-of-day information, and source and destination details. An external collector, which is not a Juniper Networks product, can then use this data to perform analytics that provide you with insights about subscriber and application usage.
[See Logging and Reporting Function for Subscribers.]
Network attack protection for MS-MPCs and MS-MICs (MX Series)—Starting in Junos OS Release
17.1R1, the MS-MPC and MS-MIC can detect and prevent network probing attacks, network flooding attacks, header anomaly attacks, and suspicious packet pattern attacks.
[See Configuring Protection Against Network Attacks (MS-MPCs and MS-MICs).]
Support for inline video monitoring on MPC7E, MPC8E, and MCP9E (MX Series)—Starting in Junos OS
Release 17.1R1, support for video monitoring using media delivery indexing (MDI) criteria is expanded to include the following Modular Port Concentrators: MPC7E, MPC8E, and MCP9E.
[See Inline Video Monitoring Overview.]
CLI command parity for carrier-grade NAT and stateful firewall (MX Series with MS-MPC)—Starting in
Junos OS Release 17.1R1, new operational commands and configuration options provide information previously available only when using the MS-DPC as the services PIC.
To display information equivalent to that provided by show services stateful-firewall flow-analysis
for the MS-DPC, use show services sessions analysis for the MS-MPC.
To display information equivalent to that provided by show services stateful-firewall subscriber-analysis
for the MS-DPC, use show services subscriber analysis for the MS-MPC.
To drop sessions after a certain session setup rate is reached, include the new CLI option
max-session-creation-rate at the [edit services service-set service-set-name] hierarchy level.
[See max-session-creation-rate (Service Set), show services subscriber analysis, and show services
sessions analysis.]
Enhancements to stateful synchronization (MS-MIC, MS-MPC)—Starting in Junos OS Release 17.1R1,
stateful synchronization for long-running flows is enhanced for MS-MPC services PICs. These enhancements include:
Automatic replication of NAT flows for all service sets: NAT44 flows are automatically synchronized
for all eligible service sets. You can selectively disable replication for individual service sets.
Checkpointing of IPv4 and IPv6 stateful firewall flows and NAPT-44 with address pooling paired (APP),
with configurable timeout for checkpointing.
100
[See Configuring Inter-Chassis Stateful Synchronization for Long Lived Flows (MS-MPC, MS-MIC).]
Subscriber-aware and application-aware traffic treatment (MX Series with MS-MPC)—Starting in Junos
OS Release 17.1R1, Junos OS can perform subscriber-aware and application-aware policy enforcement for mobile or fixed-line subscribers. Junos OS determines the subscriber identity of traffic flow and applies the subscriber’s policy rules to the flow. Application identification is performed through deep packet inspection (DPI) at Layer 7 and Layer 4. Subscriber policy actions can include:
Redirecting HTTP traffic to another URL or IP address
Forwarding packets to a routing instance to direct packets to external service chains
Setting the forwarding class
Setting the maximum bit rate
Performing HTTP header enrichment
Setting the gating status to blocked or allowed
[See Subscriber-Aware and Application-Aware Traffic Treatment User Guide.]
Usage monitoring for subscribers (MX Series with MS-MPC)—Starting in Junos OS Release 17.1R1,
Junos OS can monitor the volume of traffic and the amount of time that a subscriber uses during a session if that subscriber’s policy control rules are controlled by a policy and charging rules function (PCRF) server. The PCRF initiates this monitoring, and the MX Series sends the reports to the PCRF. Monitoring can take place for the entire subscriber session or for only specific data flows and applications. The PCRF provides threshold values to indicate when the Service Control Gateway sends a report to the PCRF, or the PCRF can request a report at any time.
[See Understanding Usage Monitoring for TDF Subscribers.]
Loading...