Junos OS Release 17.1R2 User Manual

Download

Release Notes: Junos®OS Release 17.1R2 for

the ACX Series, EX Series, MX Series and PTX

Series, QFX Series, and Junos Fusion

3 September 2020

Introduction | 9

Junos OS Release Notes for ACX Series | 9

New and Changed Features | 10

Release 17.1R2 New and Changed Features | 10

Release 17.1R1 New and Changed Features | 10

Changes in Behavior and Syntax | 16

Interfaces and Chassis | 17

General Routing | 17

MPLS | 17

Services Applications | 17

System Management | 17

User Interface and Configuration | 17

Known Behavior | 18

Known Issues | 19

Network Address Translation (NAT) and Stateful Firewall Services | 19

Generic Routing Encapsulation | 20

Firewall | 20

Layer 2 Features | 20

MPLS | 20

SNMP | 20

Timing and Synchronization | 21

Resolved Issues | 21

Resolved Issues: 17.1R2 | 22

Resolved Issues: 17.1R1 | 22

Documentation Updates | 22

Migration, Upgrade, and Downgrade Instructions | 23

Upgrade and Downgrade Support Policy for Junos OS Releases | 23

Product Compatibility | 24

Hardware Compatibility | 24

Junos OS Release Notes for EX Series Switches | 25

New and Changed Features | 25

Release 17.1R2 New and Changed Features | 26

Release 17.1R1 New and Changed Features | 26

Changes in Behavior and Syntax | 30

High Availability (HA) and Resiliency | 31

MPLS | 31

Services Applications | 31

System Management | 31

User Interface and Configuration | 31

Known Behavior | 32

Known Issues | 33

Authentication, Authorization, and Accounting (AAA) (RADIUS) | 33

High Availability (HA) and Resiliency | 33

Infrastructure | 34

Interfaces and Chassis | 34

Junos Fusion Enterprise | 34

Network Management and Monitoring | 35

Platform and Infrastructure | 35

Port Security | 35

Security | 36

Virtual Chassis | 36

Resolved Issues | 36

Resolved Issues: 17.1R2 | 37

Resolved Issues: 17.1R1 | 39

Documentation Updates | 41

Migration, Upgrade, and Downgrade Instructions | 42

Upgrade and Downgrade Support Policy for Junos OS Releases | 42

Product Compatibility | 43

Hardware Compatibility | 43

Junos OS Release Notes for Junos Fusion Enterprise | 44

New and Changed Features | 44

Release 17.1R2 New and Changed Features | 45

Release 17.1R1 New and Changed Features | 45

Changes in Behavior and Syntax | 49

System Management | 50

Known Behavior | 50

Junos Fusion Enterprise | 50

Known Issues | 53

Junos Fusion Enterprise | 53

Resolved Issues | 55

Resolved Issues: 17.1R2 | 55

Resolved Issues: 17.1R1 | 55

Documentation Updates | 56

Migration, Upgrade, and Downgrade Instructions | 56

Basic Procedure for Upgrading Junos OS on an Aggregation Device | 57

Upgrading from Junos OS Release 16.1 to 17.1 in a JUNOS OS Fusion Enterprise

System | 59

Upgrading an Aggregation Device with Redundant Routing Engines | 60

Preparing the Switch for Satellite Device Conversion | 60

Converting a Satellite Device to a Standalone Switch | 62

Upgrade and Downgrade Support Policy for Junos OS Releases | 64

Downgrading from Release 17.1 | 64

Product Compatibility | 65

Hardware and Software Compatibility | 65

Hardware Compatibility Tool | 66

Junos OS Release Notes for Junos Fusion Provider Edge | 66

New and Changed Features | 67

Release 17.1R2 New and Changed Features | 67

Release 17.1R1 New and Changed Features | 67

Changes in Behavior and Syntax | 68

System Management | 68

Known Behavior | 69

Known Issues | 69

Junos Fusion | 70

Resolved Issues | 70

Resolved Issues: 17.1R2 | 71

Resolved Issues: 17.1R1 | 71

Documentation Updates | 71

Migration, Upgrade, and Downgrade Instructions | 72

Basic Procedure for Upgrading an Aggregation Device | 72

Upgrading an Aggregation Device with Redundant Routing Engines | 75

Preparing the Switch for Satellite Device Conversion | 75

Converting a Satellite Device to a Standalone Device | 76

Upgrading an Aggregation Device | 79

Upgrade and Downgrade Support Policy for Junos OS Releases | 79

Downgrading from Release 17.1 | 79

Product Compatibility | 80

Hardware Compatibility | 80

Junos OS Release Notes for MX Series 5G Universal Routing Platforms | 81

New and Changed Features | 82

Release 17.1R2 New and Changed Features | 82

Release 17.1R1 New and Changed Features | 84

Changes in Behavior and Syntax | 106

Interfaces and Chassis | 107

Junos OS XML API and Scripting | 108

LDP | 109

Management | 109

MPLS | 109

Network Management and Monitoring | 110

Operation, Administration, and Maintenance (OAM) | 111

Routing Protocols | 111

Security | 113

Services Applications | 113

Subscriber Management and Services | 114

System Management | 116

User Interface and Configuration | 116

VPNs | 116

Known Behavior | 117

Class of Service (CoS) | 118

General Routing | 118

High Availability (HA) and Resiliency | 118

Interfaces and Chassis | 118

Software Installation and Upgrade | 118

Subscriber Management and Services | 119

Known Issues | 120

Forwarding and Sampling | 120

General Routing | 121

High Availability (HA) and Resiliency | 125

Infrastructure | 125

Interfaces and Chassis | 125

Layer 2 Ethernet Services | 126

Layer 2 Features | 126

MPLS | 126

Network Management and Monitoring | 127

Platform and Infrastructure | 127

Routing Protocols | 128

Services Applications | 129

Subscriber Access Management | 129

User Interface and Configuration | 130

VPNs | 130

Resolved Issues | 130

Resolved Issues: 17.1R2 | 131

Resolved Issues: 17.1R1 | 140

Documentation Updates | 147

Subscriber Management Access Network Guide | 147

Subscriber Management Provisioning Guide | 148

Migration, Upgrade, and Downgrade Instructions | 148

Basic Procedure for Upgrading to Release 17.1 | 150

UProcedure to Upgrade to FreeBSD 10.x based Junos OS | 150

Procedure to Upgrade to FreeBSD 6.x based Junos OS | 152

Upgrade and Downgrade Support Policy for Junos OS Releases | 154

Upgrading a Router with Redundant Routing Engines | 155

Downgrading from Release 17.1 | 155

Product Compatibility | 156

Hardware Compatibility | 156

Junos OS Release Notes for PTX Series Packet Transport Routers | 157

New and Changed Features | 157

Release 17.1R2 New and Changed Features | 158

Release 17.1R1 New and Changed Features | 158

Changes in Behavior and Syntax | 167

General Routing | 168

Interfaces and Chassis | 168

Management | 168

MPLS | 169

Network Management and Monitoring | 169

Routing Protocols | 170

Services Applications | 170

System Management | 170

User Interface and Configuration | 170

Known Behavior | 171

High Availiablity (HA) and Resiliency | 171

Known Issues | 172

General Routing | 172

Interfaces and Chassis | 173

Platform and Infrastructure | 173

User Interface and Configuration | 174

Resolved Issues | 174

Resolved Issues: 17.1R2 | 175

Resolved Issues: 17.1R1 | 176

Documentation Updates | 177

Migration, Upgrade, and Downgrade Instructions | 178

Basic Procedure for Upgrading to Release 17.1 | 178

Upgrade and Downgrade Support Policy for Junos OS Releases | 181

Upgrading a Router with Redundant Routing Engines | 181

Product Compatibility | 182

Hardware Compatibility | 182

Junos OS Release Notes for the QFX Series | 183

New and Changed Features | 183

Release 17.1R2 New and Changed Features | 184

Release 17.1R1 New and Changed Features | 184

Changes in Behavior and Syntax | 203

MPLS | 204

Network Management and Monitoring | 204

Services Applications | 204

Software Installation and Upgrade | 204

System Management | 204

User Interface and Configuration | 205

Known Behavior | 205

Known Issues | 206

Hardware | 207

Infrastructure | 207

Layer 2 Features | 207

Network Management and Monitoring | 207

Open vSwitch Database Management Protocol (OVSDB) | 207

OpenFlow | 207

Platform and Infrastructure | 207

Routing Protocols | 208

System Management | 209

Resolved Issues | 209

Resolved Issues: 17.1R2 | 210

Resolved Issues: 17.1R1 | 212

Documentation Updates | 214

Migration, Upgrade, and Downgrade Instructions | 215

Upgrading Software on QFX Series Switches | 215

Installing the Software on QFX10002 Switches | 218

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release

15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches | 218

Installing the Software on QFX10008 and QFX10016 Switches | 220

Performing a Unified ISSU | 224

Preparing the Switch for Software Installation | 225

Upgrading the Software Using Unified ISSU | 225

Product Compatibility | 228

Hardware Compatibility | 228

Upgrading Using ISSU | 229

Compliance Advisor | 229

Finding More Information | 229

Requesting Technical Support | 230

Self-Help Online Tools and Resources | 230

Opening a Case with JTAC | 231

Revision History | 231

Introduction

Junos OS runs on the following Juniper Networks®hardware: ACX Series, EX Series, MX Series, PTX Series, QFabric systems, QFX Series, SRX Series, and Junos Fusion.

These release notes accompany Junos OS Release 17.1R2 for the ACX Series, EX Series, Junos Fusion Enterprise, Junos Fusion Provider Edge, MX Series, PTX Series, and QFX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

Junos OS Release Notes for ACX Series

IN THIS SECTION

New and Changed Features | 10

Changes in Behavior and Syntax | 16

Known Behavior | 18

Known Issues | 19

Resolved Issues | 21

Documentation Updates | 22

Migration, Upgrade, and Downgrade Instructions | 23

Product Compatibility | 24

These release notes accompany Junos OS Release 17.1R2 for the ACX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release noteson the Juniper Networks Junos OS Documentation webpage, located at http://www.juniper.net/techpubs/software/junos/.

New and Changed Features

IN THIS SECTION

Release 17.1R2 New and Changed Features | 10

Release 17.1R1 New and Changed Features | 10

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for ACX Series Universal Metro Routers.

Release 17.1R2 New and Changed Features

There are no new features or enhancements to existing features for ACX Series Universal Metro Routers in Junos OS Release 17.1R2.

Release 17.1R1 New and Changed Features

This section describes the new features or enhancements to existing features for ACX Series Universal Metro Routers in Junos OS Release 17.1R1.

Application Level Gateways (ALGs)

Support for Application Level Gateways (ALGs) for NAT processing (ACX500)—Starting with Junos OS

•

Release 17.1R1, ACX500 routers support basic TCP, basic UDP, DNS, FTP, ICMP, TFTP, and UNIX Remote-Shell Services ALGs for NAT processing.

NOTE: The ALG for NAT is supported only on the ACX500 indoor routers.

[See ALGs Available by Default for Junos OS Address Aware NAT on ACX500 Router.]

Bridging

Support for DHCP option 82 over bridge domain (ACX5000)—Starting with Junos OS Release 17.1R1,

•

ACX Universal Metro Routers supports configuring DHCP option 82 over bridge domain. ACX routers support option 82 type, length, and value (TLV) information for DHCP client messages over bridge domain.

[See Using DHCP Relay Agent Option 82 Information.]

Firewall

Support for stateful firewall (ACX500)—Starting with Junos OS Release 17.1R1, ACX500 Universal

•

Metro Routers supports configuring stateful firewall rules. Contrasted with a stateless firewall that inspects packets in isolation, a stateful firewall provides an extra layer of security by using state information derived from past communications and other applications to make dynamic control decisions for new communication attempts.

NOTE: The stateful firewall configuration is supported only on the ACX500 indoor routers.

[See Junos Network Secure Overview.]

Generic Routing

Support for generic routing encapsulation (GRE) (ACX Series)—Starting with Junos OS Release 17.1R1,

•

ACX Series Universal Metro Routers support configuring generic routing encapsulation (GRE). GRE provides a private, secure path for transporting packets through an otherwise public network by encapsulating (or tunneling) the packets inside a transport protocol known as an IP encapsulation protocol.

[See Understanding Generic Routing Encapsulation on ACX Series.]

Interfaces and Chassis

Aggregated Ethernet load-balancing support for circuit cross-connect (CCC), VPLS, bridge domain, and

•

Layer 3 VPN (ACX5000)—Starting with Junos OS Release 17.1R1, ACX5000 Universal Metro Routers support aggregated Ethernet (AE) operation over Layer 2 circuit, Layer 3 VPN, bridge domain, CCC, OAM, no-local-switching, and IGMP snooping. Also supported are AE class of service and firewall support for families such as bridge domain, VPLS, CCC, MPLS, IPv4, and IPv6. The firewall support extends the support for single-rate two-color policer and two-rate two-color policer.

[See Understanding Ethernet Link Aggregation on ACX Series Routers.]

Junos OS XML API and Scripting

Support for Python language for commit, event, op, and SNMP scripts (ACX500, ACX1000, ACX1100,

•

ACX2000, ACX2100, ACX2200, and ACX4000)—Starting in Junos OS Release 17.1R1, you can author commit, event, op, and SNMP scripts in Python on devices that include the Python extensions package in the software image. Creating automation scripts in Python enables you to take advantage of Python features and libraries as well as leverage Junos PyEZ APIs to perform operational and configuration tasks on devices running Junos OS. To enable execution of Python automation scripts, which must be owned by either root or a user in the Junos OS super-user login class, configure the language python statement at the [edit system scripts] hierarchy level, and configure the filename for the Python script under the hierarchy level appropriate to that script type. Supported Python versions include Python 2.7.x.

[See Understanding Python Automation Scripts for Devices Running Junos OS.]

Layer 2 Features

Support for pseudowire cross-connect (ACX5000)—Starting with Junos OS Release 17.1R1, ACX5000

•

Universal Metro Routers supports pseudowire cross-connect. The pseudowire cross-connect feature enables virtual circuit (VC) to terminate locally on a router and supports local switching of Layer 2 circuits. Layer 2 circuits allows the creation of point-to-point Layer 2 connections over an IP and MPLS-based network. Physical circuits with the same Layer 2 encapsulations can be connected together across such a network.

[See Configuring Local Interface Switching in Layer 2 Circuits.]

Mirroring

Support for port mirroring (ACX5000)—Starting with Junos OS Release 17.1R1, ACX5000 Universal

•

Metro Routers supports port mirroring to mirror a copy of a packet to a configured destination, in addition to the normal processing and forwarding of the packet. Port mirroring is supported on both ingress and egress ports, using a protocol analyzer application that passes the input to mirror through a list of ports configured through the logical interface.

[See Port, VLAN, and Flow Mirroring Overview.]

MPLS

Support for the Path Computation Element Protocol (ACX Series)—Starting with Junos OS Release

•

17.1R1, ACX Series Universal Metro Routers support the Path Computation Element Protocol (PCEP). A Path Computation Element (PCE) is an entity (component, application, or network node) that is capable of computing a network path or route based on a network graph and applying computational constraints. A Path Computation Client (PCC) is any client application requesting a path computation to be performed by a PCE. PCEP enables communications between a PCC and a PCE, or between two PCEs (defined in RFC 5440). PCEP is a TCP-based protocol defined by the IETF PCE Working Group, and defines a set of messages and objects used to manage PCEP sessions and to request and send paths for multidomain traffic engineered LSPs (TE LSPs). It provides a mechanism for a PCE to perform path computation for a PCC’s external LSPs. The PCEP interactions include LSP status reports sent by the PCC to the PCE, and PCE updates for the external LSPs.

[See PCEP Overview.]

Network Management and Monitoring

Support for hrProcessorTable object (ACX Series)—Starting in Junos OS Release 17.1R1, support is

•

provided for the hrProcessorTable object (object id: 1.3.6.1.2.1.25.3.3) described in the RFC2790, Host Resources MIB. The hrProcessorTable object provides the load statistics information per CPU for multi-core

devices.

[See SNMP MIB Explorer.]

Support for RFC 2544 reflector (ACX5000)—Starting with Junos OS Release 17.1R1, ACX5000 Universal

•

Metro Routers support the Layer 1 reflector functionality for performing RFC 2544 benchmarking tests. The device that is configured as a reflector reflects or sends back the packets as they are received on the pseudowire. This feature does not support any packet modification functionality. To enable your ACX5000 router to reflect the packets back to the initiator, you can configure any unused physical port on the router as the reflector port. Use the reflector-port statement at the [edit services rpm rfc2544-benchmarking tests test-name] hierarchy level to configure the reflector port.

[See RFC 2544-Based Benchmarking Tests Overview.]

Operations, Administration, and Management (OAM)

SNMP support for Service OAM (SOAM) performance monitoring functions (ACX Series)—Starting with

•

Junos OS Release 17.1R1, ACX Series Universal Metro Routers SNMP support Service OAM (SOAM) performance monitoring functions that are defined in Technical Specification MEF 17, the Service OAM performance monitoring requirements specified in SOAM-PM, and the Service OAM management objects specified in Technical Specification MEF 7.1.

A new enterprise-specific MIB, SOAM PM MIB, that defines the management objects for Ethernet services operations, administration, and maintenance for performance monitoring, has been added and SNMP support is available for the MIB objects defined in Technical Specification MEF 36.

[See Interpreting the Enterprise-Specific Service OAM MIB.]

Spanning Tree Protocols

Support for bridge protocol data unit, loop protect, and root protect (ACX Series)—Starting with Junos

•

OS Release 17.1R1, ACX Series Universal Metro Routers support configuring bridge protocol data unit (BPDU), loop protect, and root protect on spanning-tree instance interface. You can configure BPDU protection on individual interfaces or on all the edge ports of the bridge.

[See Understanding BPDU Protection for Spanning-Tree Instance Interfaces, Understanding Loop

Protection for Spanning-Tree Instance Interfaces, Understanding Root Protection for Spanning-Tree Instance Interfaces in a Layer 2 Switched Network.]

Timing and Synchronization

Support for precision time protocol over integrated routing and bridging (ACX Series)—Starting with

•

Junos OS Release 17.1R1, ACX Series Universal Metro Routers support configuring precision time protocol (PTP) over integrated routing and bridging (IRB). You can configure a boundary clock node with PTP (IPv4) over IRB in a master-only mode across single or multiple IRB logical interfaces.

[See Configuring Precision Time Protocol Over Integrated Routing and Bridging.]

Support for Timing and Synchronization (ACX Series)—Starting with Junos OS Release 17.1R1, ACX

•

Universal Metro Routers support external clock synchronization and automatic clock selection for Synchronous Ethernet, T1 or E1 line timing sources, and external inputs. The IEEE 1588v2 standard defines the Precision Time Protocol (PTP), which is used to synchronize clocks throughout a network. ACX Series routers support PTP ordinary clock and boundary clock features. ACX Series routers also support PTP over Ethernet.

[See External Clock Synchronization Overview for ACX Series Routers, Automatic Clock Selection

Overview.]

Support for transparent clock (ACX5000)—Starting with Junos OS Release 17.1R1, ACX5000 Universal

•

Metro Routers support the transparent clock functionality. Transparent clocks measure packet residence time for Precision Time Protocol (PTP) events. The packet delay variation experienced by PTP packets can be attributed to queuing and buffering delays inside the router. ACX5000 routers support only end-to-end transparent clock functionality as defined in the IEEE 1588 standard. The transparent clock functionality works for both PTP over IP (PTPoIP), and PTP over Ethernet (PTPoE).

To configure the transparent clock functionality, you must include the e2e-transparent statement at the [edit protocol ptp] hierarchy level.

Use the show ptp global-information command to check the status of the transparent clock functionality configured on the router.

[See Understanding Transparent Clocks in Precision Time Protocol.]

Tunneling

Support for remote loop-free alternate (LFA) over LDP tunnels in IS-IS and OSPF networks

•

(ACX5000)—Starting with Junos OS Release 17.1R1, ACX5000 Universal Metro Routers support remote LFA over LDP tunnels in an IS-IS and OSPF network. Remote LFA increases the backup coverage for IS-IS and OSPF routes and provides protection especially for Layer 1 metro-rings. The IS-IS protocol creates a dynamic LDP tunnel to reach the remote LFA node from the point of local repair (PLR). The PLR uses this remote LFA backup path when the primary link fails.

[See Configuring Remote LFA Backup over LDP Tunnels in an OSPF Network, Configuring Remote LFA

Backup over LDP Tunnels in an IS-IS Network.]

Support for automatic bandwidth allocation for label-switched paths (ACX5000)—Starting with Junos

•

OS Release 17.1R1, ACX5000 Universal Metro Routers support automatic bandwidth allocation for label-switched paths (LSPs). Automatic bandwidth allocation allows an MPLS tunnel to automatically adjust its bandwidth allocation based on the volume of traffic flowing through the tunnel. You can configure an LSP with minimal bandwidth, and this feature can dynamically adjust the LSP’s bandwidth allocation based on current traffic patterns. The bandwidth adjustments do not interrupt traffic flow through the tunnel.

[See Automatic Bandwidth Allocation for LSPs.]

VPLS

Mesh group support for VPLS routing (ACX5000)—Starting with Junos OS Release 17.1R1, ACX5000

•

Universal Metro Routers support mesh group configuration for VPLS routing instances. A mesh group within the routing instance is a group of PE interface members with common forwarding attributes. The following are the default member attributes in a mesh group:

no-local-switching—Traffic will not switch between members of the same mesh group (known-unicast,

•

multicast, broadcast, unknown-unicast).

flood-to-all-other-mesh-group—Traffic can flow from a member of one mesh group to any set of

•

members of other mesh groups.

[See Configuring Interoperability Between BGP Signaling and LDP Signaling in VPLS.]

SEE ALSO

Changes in Behavior and Syntax | 16

Known Behavior | 18

Known Issues | 19

Resolved Issues | 21

Documentation Updates | 22

Migration, Upgrade, and Downgrade Instructions | 23

Product Compatibility | 24

Changes in Behavior and Syntax

IN THIS SECTION

Interfaces and Chassis | 17

General Routing | 17

MPLS | 17

Services Applications | 17

System Management | 17

User Interface and Configuration | 17

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 17.1R2 for the ACX Series.

Interfaces and Chassis

Support for logical interfaces (ACX5048 and ACX5096)—ACX5048 and ACX5096 routers do not support

•

configuring more than 1000 logical interfaces.

General Routing

For the routing command, starting in Junos 15.1F3, 15.1R2, 15.1R3, and 15.2R1, 64-bit mode is enabled

•

by default on systems that support it and that have at least 16 GB of RAM.

MPLS

•

Representation for OSPF DR node—Up until version -10 of the BGP-LS draft, the OSPF DR node representation was ambiguous. One could represent DR node as 'AdvertisingRouterId-InterfaceIpAddress' or 'InterfaceIpAddress-1'. Junos OS used to follow 'InterfaceIpAddress-1' format. Starting with version '-11' of the BGP-LS draft, the representation for OSPF DR node must be 'AdvertisingRouterId-InterfaceIpaddress'. Junos OS now follows the latest format.

Services Applications

Device discovery with device-initiated connection (ACX Series)—In Junos OS Release 17.1R1 and later

•

releases, when you configure statements and options under the [system services ssh] hierarchy and commit the configuration, make sure that the system reaches a stable state before you commit any outbound-ssh configurations.

You use the device discovery feature in the Devices workspace to add devices to Junos Space Network Management Platform. By default, Junos Space manages devices by initiating and maintaining a connection to the device.

[See Device Discovery Overview.]

System Management

Peers option not supported in batch configuration mode— Starting in Junos OS Release 17.1R1, the

•

peers option at the [edit system commit] hierarchy level is not supported in batch configuration mode.

User Interface and Configuration

Integers in configuration data in JSON format are displayed without quotation marks (ACX

•

Series)—Starting in Junos OS Release 17.1R1, integers in Junos OS configuration data emitted in JavaScript

Object Notation (JSON) format are not enclosed in quotation marks. Prior to Junos OS Release 17.1, integers in JSON configuration data were treated as strings and enclosed in quotation marks.

Changes to the show system schema module juniper-command output directory (ACX Series)—Starting

•

in Junos OS Release 17.1R1, when you issue the show system schema module juniper-command operational command in the Junos OS CLI, the device places the generated output files in the current working directory, which defaults to the user’s home directory. Prior to Junos OS Release 17.1R1, the generated output files are placed in the /var/tmp directory.

SEE ALSO

New and Changed Features | 10

Known Behavior | 18

Known Issues | 19

Resolved Issues | 21

Documentation Updates | 22

Migration, Upgrade, and Downgrade Instructions | 23

Product Compatibility | 24

Known Behavior

There are no known limitations in Junos OS Release 17.1R2 for the ACX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

SEE ALSO

New and Changed Features | 10

Changes in Behavior and Syntax | 16

Known Issues | 19

Resolved Issues | 21

Documentation Updates | 22

Migration, Upgrade, and Downgrade Instructions | 23

Product Compatibility | 24

Known Issues

IN THIS SECTION

Network Address Translation (NAT) and Stateful Firewall Services | 19

Generic Routing Encapsulation | 20

Firewall | 20

Layer 2 Features | 20

MPLS | 20

SNMP | 20

Timing and Synchronization | 21

This section lists the known issues in hardware and software in Junos OS Release 17.1R2 for the ACX Series Universal Metro Routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Network Address Translation (NAT) and Stateful Firewall Services

On the ACX500 routers, when service application logging is enabled at [edit services service-set

•

service-set-name syslog host host-name class] hierarchy level and when packets containing errors are received at higher rate toward the service engine, the resource scale requirements at the service engine cannot be met and the service processor might reboot. As a workaround, you can disable the application logging. PR1223500

On the ACX500 routers, when there is a fast ramp-up of scaled user applications, the resource

•

requirements of the service engine cannot be met. As a workaround, you can disable the application logging. PR1226153

Generic Routing Encapsulation

Traffic loss is seen after restarting the chassis-control when 64 gr- logical interfaces are configured. This

•

occurs when you restart the Packet Forwarding Engine (PFE) and when there are multiple gr- logical interfaces configured. The traffic automatically resumes once all the ARP entries for the traffic are learned. PR1228216

Firewall

On the ACX5000 line of routers, if you apply firewall filter to an interface using input-list at the [edit

•

interfaces interface-name unit unit-name family ethernet-switching filter] hierarchy level, then commit does not happen. PR1037604

Layer 2 Features

On the ACX5000 line of routers, when you issue the show ethernet-switching table summary vlan-name

•

CLI command, an l2ald.core.0.gz core is generated. PR1042995

When interface flaps or process restarts occurs, the interface configured for RSTP with root protection

•

may not transit to DESG state. There is no workaround available.PR1223137

MPLS

The link protection does not work properly when auto bandwidth is configured on the ACX5000 line of

•

routers. After the interface disable has been deleted, the backup will remain active for 90 seconds. The auto-adjustment of bandwidth does not happen at the first instance when the auto-adjustment timer expires and the bandwidth is adjusted only at the second instance when the timer expires. PR1233761

SNMP

ACX Series routers do not have control board and when you issue the show snmp mib walk

•

jnxOperatingState CLI command, the parameter always shows online.

The following is an example of the show snmp mib walk jnxOperatingState CLI command output:

user@host> show snmp mib walk jnxOperatingState jnxOperatingState.1.1.0.0 = 2 jnxOperatingState.6.1.0.0 = 2 jnxOperatingState.7.1.0.0 = 2 jnxOperatingState.9.1.0.0 = 2 jnxOperatingState.12.0.0.0 = 2

PR1191995

Timing and Synchronization

When you run the restart clksyncd-service CLI command, incorrect correction field values are seen

•

when transparent clock is INACTIVE. This does not have any functional impact. PR1067583

When interface flaps or process restarts occurs, the interface configured for RSTP with root protection

•

may not transit to DESG state. There is no workaround available.PR1223137

SEE ALSO

New and Changed Features | 10

Changes in Behavior and Syntax | 16

Known Behavior | 18

Resolved Issues | 21

Documentation Updates | 22

Migration, Upgrade, and Downgrade Instructions | 23

Product Compatibility | 24

Resolved Issues

IN THIS SECTION

Resolved Issues: 17.1R2 | 22

Resolved Issues: 17.1R1 | 22

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 17.1R2

General Routing

The SNMP MIB walk for jnxOperatingState incorrectly shows the CB status as down. PR1191995

•

10-Gigabit Ethernet interface fault detection behavior changed. PR1223457

•

Resolved Issues: 17.1R1

There are no fixed issues in Junos OS 17.1R1 for ACX Series.

SEE ALSO

New and Changed Features | 10

Changes in Behavior and Syntax | 16

Known Behavior | 18

Known Issues | 19

Documentation Updates | 22

Migration, Upgrade, and Downgrade Instructions | 23

Product Compatibility | 24

Documentation Updates

There are no errata or changes in Junos OS Release 17.1R2 for the ACX Series documentation.

SEE ALSO

New and Changed Features | 10

Changes in Behavior and Syntax | 16

Known Behavior | 18

Known Issues | 19

Resolved Issues | 21

Migration, Upgrade, and Downgrade Instructions | 23

Product Compatibility | 24

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION

Upgrade and Downgrade Support Policy for Junos OS Releases | 23

This section contains the upgrade and downgrade support policy for Junos OS for the ACX Series Universal Metro Routers. Upgrading or downgrading Junos OS might take several hours, depending on the size and configuration of the network.

For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 15.1,

16.1 and 16.2 are EEOL releases. You can upgrade from Junos OS Release 15.1 to Release 16.1 or even from Junos OS Release 15.1 to Release 16.2. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.

To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see

https://www.juniper.net/support/eol/junos.html.

SEE ALSO

New and Changed Features | 10

Changes in Behavior and Syntax | 16

Known Behavior | 18

Known Issues | 19

Resolved Issues | 21

Documentation Updates | 22

Product Compatibility | 24

Product Compatibility

IN THIS SECTION

Hardware Compatibility | 24

Hardware Compatibility

To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.

To determine the features supported on ACX Series routers in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at https://pathfinder.juniper.net/feature-explorer/.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.

SEE ALSO

New and Changed Features | 10

Changes in Behavior and Syntax | 16

Known Behavior | 18

Known Issues | 19

Resolved Issues | 21

Documentation Updates | 22

Migration, Upgrade, and Downgrade Instructions | 23

Junos OS Release Notes for EX Series Switches

IN THIS SECTION

New and Changed Features | 25

Changes in Behavior and Syntax | 30

Known Behavior | 32

Known Issues | 33

Resolved Issues | 36

Documentation Updates | 41

Migration, Upgrade, and Downgrade Instructions | 42

Product Compatibility | 43

These release notes accompany Junos OS Release 17.1R2 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at http://www.juniper.net/techpubs/software/junos/.

New and Changed Features

IN THIS SECTION

Release 17.1R2 New and Changed Features | 26

Release 17.1R1 New and Changed Features | 26

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for EX Series.

NOTE: The following EX Series switches are supported in Release 17.1R2: EX4300, EX4600,

and EX9200.

NOTE: In Junos OS Release 17.1R2, J-Web is supported on the EX4300 and EX4600 switches

in both standalone and Virtual Chassis setup.

The J-Web distribution model being used provides two packages:

Platform package—Installed as part of Junos OS; provides basic functionalities of J-Web.

•

Application package—Optionally installable package; provides complete functionalities of

•

J-Web.

For details about the J-Web distribution model, see Release Notes: J-Web Application Package

Release 17.1A1 for EX4300 and EX4600 Switches.

Release 17.1R2 New and Changed Features

There are no new features or enhancements to existing features for EX Series in Junos OS Release

•

17.1R2.

Release 17.1R1 New and Changed Features

Hardware

New Routing Engine for EX9200 Switches—Starting with Junos OS Release 17.1R1, EX9200 switches

•

support the new Routing Engine EX9200-RE2.

[See Routing Engine Module in an EX9200 Switch.]

New Configurations for EX9200 Switches—Starting with Junos OS Release 17.1R1, EX9200 switches

•

are available in the following configurations:

EX9204-AC-BND2

•

EX9204-RED3B-AC

•

EX9204-RED3B-DC

•

EX9204-BASE3B-AC

•

EX9208-BASE3B-AC

•

EX9208-RED3B-AC

•

EX9208-RED3B-DC

•

EX9214-BASE3B-AC

•

EX9214-RED3B-AC

•

EX9214-RED3B-DC

•

See

EX9204 Switch Configurations

•

EX9208 Switch Configurations

•

EX9214 Switch Configurations

•

Authentication, Authorization and Accounting (AAA) (RADIUS)

Access control and authentication (EX4300-EX4600 mixed VC)—Starting with Junos OS Release 17.1R1,

•

EX4600 switches operating in a mixed Virtual Chassis with EX4300 switches support controlling access to your network using 802.1X authentication and MAC RADIUS authentication.

802.1X authentication provides port-based network access control (PNAC) as defined in the IEEE 802.1X standard. Supported features include guest VLAN, private VLAN, server fail fallback, dynamic changes to a user session, RADIUS accounting, and configuration of port-filtering attributes on the RADIUS server using VSAs.

MAC RADIUS authentication is used to authenticate end devices independently of whether they are enabled for 802.1X authentication. You can permit end devices that are not 802.1X-enabled to access the LAN by configuring MAC RADIUS authentication on the switch interfaces to which the end devices are connected.

Access control features in a mixed EX4300-EX4600 Virtual Chassis are supported only on EX4300 ports.

This feature was previously supported in an “X” release of Junos OS.

[See Access Control on a Mixed EX4300-EX4600 Virtual Chassis.]

Class of Service (CoS)

Support for classification of multidestination traffic (EX4300)—Multidestination traffic includes BUM

•

(broadcast, unknown unicast, and multicast) traffic and Layer 3 multicast traffic. By default on EX4300 Series switches, all multidestination traffic is classified to the Mcast-BE traffic class mapped to queue

8. Beginning with Junos OS Release 17.1R1, you can classify multidestination traffic to four different queues, queues 8-11, based on either the IEEE 802.1p bits or the DSCP IPv4/v6 bits. You can classify multidestination traffic by including the multi-destination statement at the [edit class-of-service] (to apply globally) or to an individual interface at the [edit class-of-service interfaces interfaces-name] hierarchy. Classification at an individual interface takes precedence over global classification.

[See Example: Configuring Multidestination (Multicast, Broadcast, DLF) Classifiers.]

Firewall filter with policer action as forwarding-class and loss priority (PLP) (EX4300 switches)—Starting

•

with Junos OS Release 14.1X53-D35 and Junos OS Release 17.1R1, on EX4300 switches you can

configure the firewall with policer action as forwarding-class and loss priority (PLP). When the traffic hits the policer, PLP changes as per the action rule. The supported PLP designations are low, medium-low, medium-high, and high. You configure policer actions at the [edit firewall] hierarchy level.

See then (Policer Action)

High Availability (HA) and Resiliency

New options for the show vrrp track command (EX Series)—Starting in 17.1R1, the show vrrp track

•

routes command gives you the option to view all tracked routes. Another new option for the show vrrp track command, all, is equivalent to the already existing command show vrrp track.

[See show vrrp track.]

Interfaces and Chassis

LLDP-MED power negotiation (EX4300 Switches) —Starting with Junos OS Release 17.1R1, EX4300

•

switches support Link Layer Discovery Protocol Media Endpoint Discovery (LLDP-MED) power negotiation with high power (802.3at) devices. LLDP-MED power negotiation enables the PoE controller to dynamically allocate power to an interface based on the power required by the connected powered device.

[See Power over Ethernet (PoE) User Guide for EX4300 Switches.]

Half-duplex link support (EX4300 switches)—Starting with Junos OS 17.1R1, half-duplex communication

•

is supported on all built-in network copper ports on EX4300 switches. Half-duplex is bidirectional communication, but signals can flow in only one direction at a time. Full-duplex communication means that both ends of the communication can send and receive signals at the same time. Half-duplex is configured by default on EX4300 switches. This feature was previously supported in an “X” release of Junos OS.

[See Configuring Gigabit Ethernet Interfaces (CLI Procedure).]

Junos OS XML API and Scripting

Support for Python language for commit, event, op, and SNMP scripts (EX Series)—Starting in Junos

•

OS Release 17.1R1, you can author commit, event, op, and SNMP scripts in Python on devices that include the Python extensions package in the software image. Creating automation scripts in Python enables you to take advantage of Python features and libraries as well as leverage Junos PyEZ APIs supported in Junos PyEZ Release 1.3.1 and earlier releases to perform operational and configuration tasks on devices running Junos OS. To enable execution of Python automation scripts, which must be owned by either root or a user in the Junos OS super-user login class, configure the language python statement at the [edit system scripts] hierarchy level, and configure the filename for the Python script under the hierarchy level appropriate to that script type. Supported Python versions include Python

2.7.x.

[See Understanding Python Automation Scripts for Devices Running Junos OS.]

Management

Support for adding non-native YANG modules to the Junos OS schema (EX Series)—Starting in Junos

•

OS Release 17.1R1, you can load custom YANG models on devices running Junos OS to add data models that are not natively supported by Junos OS but can be supported by translation. Doing this enables you to extend the configuration hierarchies and operational commands with data models that are customized for your operations. The ability to add data models to a device is also beneficial when you want to create device-agnostic and vendor-neutral data models that enable the same configuration or RPC to be used on different devices from one or more vendors. You can load custom YANG modules by using the request system yang add operational command.

[See Understanding the Management of Non-Native YANG Modules on Devices Running Junos OS.]

OpenFlow

Support for OpenFlow v1.0 and v1.3.1 (EX4600 switches)—Starting with Junos OS Release 17.1R1,

•

EX4600 switches support OpenFlow v1.0 and v1.3.1. OpenFlow v1.0 enables you to control traffic in a network by adding, deleting, and modifying flows in the switch. You can configure one OpenFlow virtual switch and one active OpenFlow controller at the [edit protocols openflow] hierarchy level on each EX4600 switch in the network.

Also, OpenFlow v1.3.1 allows the action specified in one or more flow entries to direct packets to a base action called a group. The group action further processes these packets and assigns a more specific forwarding action to them. You can view groups that were added, modified, or deleted from the group table by using the show openflow groups command. You can view group statistics by using the show openflow statistics groups command.

[See Understanding OpenFlow Operation and Forwarding Actions on Devices Running Junos OS.]

Software Installation and Upgrade

•

Support for unified in-service software upgrade (ISSU) (EX9200-6QS)—Starting with Junos OS Release

17.1R1,you can perform a unified ISSU on the EX9200-6QS line card. ISSU enables you to upgrade between two different Junos OS releases with no disruption on the control plane and with minimal disruption of traffic.

[See Unified ISSU System Requirements.]

SEE ALSO

Changes in Behavior and Syntax | 30

Known Behavior | 32

Known Issues | 33

Resolved Issues | 36

Documentation Updates | 41

Migration, Upgrade, and Downgrade Instructions | 42

Product Compatibility | 43

Changes in Behavior and Syntax

IN THIS SECTION

High Availability (HA) and Resiliency | 31

MPLS | 31

Services Applications | 31

System Management | 31

User Interface and Configuration | 31

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 17.1R2 for the EX Series.

High Availability (HA) and Resiliency

•

In-service software upgrade (EX4600 switches)—Starting with Junos OS Release 17.1R1, you cannot perform an ISSU from a Junos OS Release earlier than 17.1R1 to later Junos OS releases.

MPLS

•

Services Applications

Device discovery with device-initiated connection (EX Series)—In Junos OS Release 17.1R1 and later

•

[See Device Discovery Overview.]

System Management

Peers option not supported in batch configuration mode— Starting in Junos OS Release 17.1R1, the

•

peers option at the [edit system commit] hierarchy level is not supported in batch configuration mode.

User Interface and Configuration

Integers in configuration data in JSON format are displayed without quotation marks (EX Series)—Starting

•

in Junos OS Release 17.1R1, integers in Junos OS configuration data emitted in JavaScript Object Notation (JSON) format are not enclosed in quotation marks. Prior to Junos OS Release 17.1R1, integers in JSON configuration data were treated as strings and enclosed in quotation marks.

Changes to the show system schema module juniper-command output directory (EX Series)—Starting

•

in Junos OS Release 17.1, when you issue the show system schema module juniper-command operational command in the Junos OS CLI, the device places the generated output files in the current working

directory, which defaults to the user’s home directory. Prior to Junos OS Release 17.1, the generated output files are placed in the /var/tmp directory.

SEE ALSO

New and Changed Features | 25

Known Behavior | 32

Known Issues | 33

Resolved Issues | 36

Documentation Updates | 41

Migration, Upgrade, and Downgrade Instructions | 42

Product Compatibility | 43

Known Behavior

There are no known limitations for the EX Series switches in Junos OS Release 17.1R2.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

SEE ALSO

New and Changed Features | 25

Changes in Behavior and Syntax | 30

Known Issues | 33

Resolved Issues | 36

Documentation Updates | 41

Migration, Upgrade, and Downgrade Instructions | 42

Product Compatibility | 43

Known Issues

IN THIS SECTION

Authentication, Authorization, and Accounting (AAA) (RADIUS) | 33

High Availability (HA) and Resiliency | 33

Infrastructure | 34

Interfaces and Chassis | 34

Junos Fusion Enterprise | 34

Network Management and Monitoring | 35

Platform and Infrastructure | 35

Port Security | 35

Security | 36

Virtual Chassis | 36

This section lists the known issues in hardware and software in Junos OS Release 17.1R2 for the EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Authentication, Authorization, and Accounting (AAA) (RADIUS)

On EX9200 and EX4300 switches, 802.1X supplicants might not be reauthenticated by server fail fallback

•

authentication after the server becomes reachable. PR1157032

On EX4300 switches, when 802.1X single-supplicant authentication is initiated, multiple "EAP Request

•

Id Frame Sent" packets might be sent. PR1163966

High Availability (HA) and Resiliency

During a nonstop software upgrade (NSSU) on an EX4300 Virtual Chassis, a traffic loop or loss might

•

occur if the Junos OS software version that you are upgrading and the Junos OS software version that you are upgrading to use different internal message formats. PR1123764

On an EX4300 or a QFX5100 Virtual Chassis, when you perform an NSSU, there might be more than

•

five seconds of traffic loss for multicast traffic. PR1125155

In a rare scenario, GRES might not reach the ready state and might fail to start, because the Routing

•

Engine does not receive the state ack message from the Packet Forwarding Engine after performing

GRES. This is a timing issue. It might also stop Routing Engine resource releasing and then cause resource exhausting. Reboot the system if this problem occurs. PR1236882

Infrastructure

On an EX4300 egress VLAN-based firewall filter on a Q-in-Q interface, after a switch reboot, firewall

•

counters might not increment as expected. PR1165450

Interfaces and Chassis

On EX Series platforms with a Junos OS release 15.1R1 or later, LLDP PDU gets dropped on the FXP

•

interface. PR1188342

On EX Series Virtual Chassis that support PoE, when the master Routing Engine member is rebooted,

•

PoE devices connected to the master might not come back online after the reboot. As a workaround to avoid this issue, when configuring PoE interfaces, use the set poe interface all configuration command instead of configuring specific interfaces individually. To recover connections after seeing this issue, disable and reenable the ports affected by the issue. PR1203880

Junos Fusion Enterprise

On a Junos Fusion Enterprise, Link Layer Discovery Protocol-Media Endpoint Discovery (LLDP-MED)

•

fast start does not work. PR1171899

Loss of connectivity of the link connecting the standalone box might lead to conversion failure from

•

Junos OS to SNOS. PR1232798

On a Junos Fusion Enterprise, in order to use a non-default port as a clustering port in a clustering port

•

policy, the policy must include at least one port that is a default uplink/clustering port for that platform.

PR1241808

On a Junos Fusion Enterprise, the satellite device might not come online when the systems is converted

•

from cluster to non-cluster mode without accompanying topology changes. PR1251790

Network Management and Monitoring

On EX9200 switches, analyzer configurations with analyzer input and output stanzas containing members

•

of the same VLAN or the VLAN itself are not supported. With such configurations, packets can mirror in a loop, resulting in LU chip errors. As a workaround, use the mirror-once option if the input is for ingress mirroring. If it is for ingress and egress mirroring, configure the output interface as an access interface. PR1068405

Platform and Infrastructure

On EX4300, EX4600, and QFX5100 switches, if a remote analyzer has an output IP address that is

•

reachable through a route learned by BGP, the analyzer might be in a DOWN state. PR1007963

On a EX4300-VC platform, if a Q-in-Q S-VLAN interface with MC-LAG is configured, when the backup

•

EX4300 is acting as master, you might lose connection to the management IP address through the interface. As a result, management traffic will be dropped. PR1131755

On EX4300 Series switches, certain multicast traffic might impact the network, for example, cause OSPF

•

to flap. Issues might occur when multicast packets use the same interface queue as certain network protocol packets (for example, OSPF, RIP, PIM, and VRRP). PR1244351

Port Security

When LACP is configured together with MACsec, the links in the bundle might not all work. Rebooting

•

the switch might solve the problematic links, but could also create the same issue on other child interfaces.

PR1093295

On a dot1x-enabled interface, sometimes when you log in, log off, and then log in within a short interval

•

(within subseconds), the logical interface plus the bridge domain or VLAN remain in a pending state, and you will not be able to access the network. As a workaround, restart the l2-learning process to recover the port/interface from the problematic state. PR1230073

Security

On EX4300 switches, when storm-control or storm-control-profiles with action-shutdown is configured,

•

if the storm-triggered traffic is control traffic such as LACP, the physical interface might be put into an STP blocking state rather than turned down, so valid control traffic might be trapped at the control plane and unrelated interfaces might be set down as an LACP timeout. PR1130099

Virtual Chassis

When the linecard role FPC is removed and rejoined to the Virtual Chassis immediately, the LAG interface

•

on the master/backup would not be reprogrammed in the rejoined FPC. PR1255302

SEE ALSO

New and Changed Features | 25

Changes in Behavior and Syntax | 30

Known Behavior | 32

Resolved Issues | 36

Documentation Updates | 41

Migration, Upgrade, and Downgrade Instructions | 42

Product Compatibility | 43

Resolved Issues

IN THIS SECTION

Resolved Issues: 17.1R2 | 37

Resolved Issues: 17.1R1 | 39

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 17.1R2

Authentication, Authorization, and Accounting (AAA) (RADIUS)

On an EX4300 switch or Virtual Chassis with 802.1X (dot1x) enabled, in a scenario with more than 254

•

clients (supplicants), plenty of clients might be going to the server-reject VLAN and have limited access to the server-reject VLAN although the clients have correct credentials. For a few authenticated clients, the authentication method might be displayed as "Server-Reject" although the client was authenticated in the correct VLAN---that is, the data VLAN. PR1251530

After configuration change with "commit", "dot1x" radius authentication request may not be sent out

•

when having the "wait-for-acct-on-ack" configuration option within "access profile" PR1252456

EVPN

If an EX9200 switch is configured as a PE router connected to a multihomed site in an EVPN/MPLS

•

network, RPD core files might be created on the EX9200 when more than 255 logical interfaces from the same physical interface/ESI are added to the virtual switch instance configuration. Then some logical interfaces are removed from the ESI (that is, rollback of the configuration). PR1251473

Infrastructure

On EX/QFX Series switches, if the switch was power cycled then some process (like

•

jdhcp/lacp/lldpd...could be any other process) might stop working after rebooting. PR1222504

Interfaces and Chassis

MPC might crash during ISSU from Junos OS Release 15.1R1 to a later release when QSFP/CXP/CFP2

•

optics are present. PR1216924

Junos Fusion Enterprise

On a Junos Fusion Enterprise: SDPD core files might be seen while converting an EX2300 or EX3400

•

cluster from Junos OS to SNOS. PR1239915

On a Junos Fusion Enterprise, the EX4300 running Junos OS Release 17.1R2 cannot be added as a

•

satellite. PR1267767

On a Junos Fusion Enterprise, restarting satellite-related daemons and L2 learning result in some MAC

•

entries getting stuck in DLR state. PR1268619

Network Management and Monitoring

On EX9208 switches, after ISSU, storm control is taking effect only after deletion and re-creation.

•

PR1151346

The following system error is logged: JAM: Plugin installed for %s PIC. PR1189100

•

After the reboot of the EX4600 Virtual Chassis, authentication of SNMPv3 users fails due to the change

•

of the local engine ID. PR1256166

Platform and Infrastructure

On EX4300 switches, Layer 2 traffic is dropped in some cases. PR1157058

•

When a policer with the action of loss of priority is applied to the lo0 interface, all ICMP packets might

•

be dropped. PR1243666

SFP+ might not be recognized after EX4300 reboot. PR1247172

•

On EX9200 switches, if ISSU is used to upgrade Junos, it is possible that an unnecessary thread will run

•

on an FPC after the upgrade procedure. This thread can potentially enter into a loop and trigger a stop of forwarding traffic on that particular FPC. PR1249375

The egress PE device (EX4300) sends out LLDP frames toward the CE device with the destination MAC

•

address of 01:00:0c:cd:cd:d0 which is a duplicated frame and rewritten by ingress (PE) device. PR1251391

On EX4300 switches, traffic is not forwarded through the GRE tunnel in some cases. PR1254638

•

After you deactivate IPv6 RA and commit the configuration, the feature is not deactivated. PR1257697

•

The filter applied to the lo0 interface with policer action might break the BGP session. PR1258038

•

On the EX4300-VC, FPC crash and PFEX core file might occur. PR1261852

•

Port Security

MACsec connections are deleted randomly in some scenarios. PR1234447

•

High CPU usage caused by fxpc can lead to MACsec session drops. PR1247479

•

After MACsec link flaps, traffic stops forwarding across the MACsec link. PR1269229

•

Routing Protocols

The BGP session might flap during ISSU, resulting in 40-50 seconds of dropped traffic. PR1247937

•

Spanning Tree Protocols

RSTP interface all edge with the BPDU block configures all interfaces to go into BPDU block even if an

•

interface is explicitly disabled under RSTP. PR1266035

Subscriber Access Management

The authd process generates core files continuously during RADIUS authentication. PR1241326

•

System Management

On MX Series and EX9200 platforms, an enhancement for implementing sensor-specific temperature

•

thresholds is needed. PR1199447

Virtual Chassis

When you add the EX4300 to the VCF, the following error message is seen: ch_opus_map_alarm_id

•

alarm ignored: object 0x7e reason. PR1234780

Resolved Issues: 17.1R1

Authentication and Access Control

A dot1xd core file is observed during CoA with Juniper-Switching-Filter. PR1219538

•

Security certificates are lost after reboot or upgrade, and the following error is seen: Unable to derive

•

certificate from input . PR1237732

Infrastructure

BGP sessions are dropped on the EX4300 when sending BGP host-inbound traffic. PR1090033

•

GRE counters are incrementing very slowly after deactivating and activating the gr- interface. PR1183521

•

DHCP return packets received across a GRE tunnel are not forwarded to clients. PR1226868

•

A timeout error occurs when using the request system snapshot slice alternate command. PR1229520

•

Interfaces and Chassis

MPC might crash during ISSU from Junos OS Release 15.1R1 to a later release when QSFP/CXP/CFP2

•

optics are present. PR1216924

Restarting the interface process causes traffic loss in aggregate Ethernet (ae) bundle in MC-LAG scenario.

•

PR1229001

On QFX10000 switches with MC-LAG configured, CDP packets are looping to the other QFX10000

•

devices in the MC-LAG. PR1237227

MPLS

Virtual Chassis/Virtual Chassis Fabric-l2ckt: FXPC core file is seen when deactivating core interface on

•

MPLS l2ckt configuration using IRB interface. PR1242203

Platform and Infrastructure

Firewall filter is getting deleted when a new bind point is added. PR1214151

•

EBGP packets with ttl=1 and non-EBGP packets with ttl=1 go to the same queue on EX4300. PR1215863

•

The dcd process might crash with configuration of set vlans xxx interface all. PR1221803

•

Frame with CFI / DEI bit set to 1 dropped on ingress L3 interface on EX4300 in Junos OS Release

•

14.1X53-D40.8 PR1237945

EX4300: Too many interfaces after >request system zeroize in default configuration. PR1238848

•

Stale dot1x state leads to packet loss on trunk links if they are converted from access to trunk. PR1239252

•

Certain multicast traffic might cause network impact on EX4300 switch. PR1244351

•

EX4300 connectivity issue with 10/100M and full/half duplex interface. PR1249170

•

On Junos Fusion Enterprise, Power over Ethernet (PoE) telemetries do not work. PR1112953

•

Changes made in PoE configuration during SD Offline state are not getting reflected once the SD is back

•

Online. PR1154486

On a Junos Fusion Enterprise, issues with ARP traffic might occur if the Junos Fusion topology exceeds

•

the documented limit of 6,000 extended port interfaces. PR1186077

On EX3400 some of the IPV6 clients do not get bind if two dhcpv6 relays are present with VRRP between

•

them. PR1189333

FF reject tcp-reset does not work on IRB interface. PR1219953

•

On a Junos Fusion Enterprise: SDPD core files might be seen while converting an EX2300 or EX3400

•

cluster from Junos OS to SNOS. PR1239915

Issue with the show command occurs in single supplicant mode captive portal. PR1240259

•

On EX3400 Virtual Chassis, RA guard-enabled Interface stays in Trusted mode even after the

•

mark-interface trusted statement is deleted. PR1242937

On EX3400 Virtual Chassis, executing request access-security router-advertisement-guard-block

•

interface and restart dhcp-service commands triggers the jdhcpd to generate a core file. PR1243147

On EX3400 Virtual Chassis, RA guard Policy discard does not discard the packet matching with

•

policy-option. PR1244666

ELS Style -There is no command to enable DHCP snooping without having to enable other FHS features.

•

PR1245559

Routing Protocols

Hops through GRE tunnel endpoints are seen in traceroute. PR1236343

•

Virtual Chassis

Repeated log message kernel: %KERN-5: tcp_timer_keep: Dropping socket connection due to keepalive

•

timer expiration is seen on EX4300. PR1209847

SEE ALSO

New and Changed Features | 25

Changes in Behavior and Syntax | 30

Known Behavior | 32

Known Issues | 33

Documentation Updates | 41

Migration, Upgrade, and Downgrade Instructions | 42

Product Compatibility | 43

Documentation Updates

There are no errata or changes in Junos OS Release 17.1R2 for the EX Series switches documentation.

SEE ALSO

New and Changed Features | 25

Changes in Behavior and Syntax | 30

Known Behavior | 32

Known Issues | 33

Resolved Issues | 36

Migration, Upgrade, and Downgrade Instructions | 42

Product Compatibility | 43

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION

Upgrade and Downgrade Support Policy for Junos OS Releases | 42

This section contains the upgrade and downgrade support policy for Junos OS for the EX Series. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

For more information about EEOL releases and to review a list of EEOL releases, see

https://www.juniper.net/support/eol/junos.html.

SEE ALSO

New and Changed Features | 25

Changes in Behavior and Syntax | 30

Known Behavior | 32

Known Issues | 33

Resolved Issues | 36

Documentation Updates | 41

Product Compatibility | 43

Product Compatibility

IN THIS SECTION

Hardware Compatibility | 43

Hardware Compatibility

To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.

To determine the features supported on EX Series switches in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at https://pathfinder.juniper.net/feature-explorer/.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.

SEE ALSO

New and Changed Features | 25

Changes in Behavior and Syntax | 30

Known Behavior | 32

Known Issues | 33

Resolved Issues | 36

Documentation Updates | 41

Migration, Upgrade, and Downgrade Instructions | 42

Junos OS Release Notes for Junos Fusion Enterprise

IN THIS SECTION

New and Changed Features | 44

Changes in Behavior and Syntax | 49

Known Behavior | 50

Known Issues | 53

Resolved Issues | 55

Documentation Updates | 56

Migration, Upgrade, and Downgrade Instructions | 56

Product Compatibility | 65

These release notes accompany Junos OS Release 17.1R2 for Junos Fusion Enterprise. Junos Fusion Enterprise is a Junos Fusion that uses EX9200 switches in the aggregation device role. These release notes describe new and changed features, limitations, and known problems in the hardware and software.

NOTE: For a complete list of all hardware and software requirements for a Junos Fusion

Enterprise, including which Juniper Networks devices can function as satellite devices, see

Understanding Junos Fusion Enterprise Software and Hardware Requirements in the Junos Fusion Enterprise User Guide.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at http://www.juniper.net/techpubs/software/junos/.

New and Changed Features

IN THIS SECTION

Release 17.1R2 New and Changed Features | 45

Release 17.1R1 New and Changed Features | 45

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for Junos Fusion Enterprise.

NOTE: For more information about the Junos Fusion Enterprise features, see the Junos Fusion

Enterprise User Guide.

Release 17.1R2 New and Changed Features

There are no new features or enhancements to existing features for Junos Fusion Enterprise in Junos OS Release 17.1R2.

Release 17.1R1 New and Changed Features

Hardware

Satellite device support (EX2300 and EX3400)—Starting with Junos OS Release 17.1R1, you can configure

•

EX2300 and EX3400 switches as satellite devices in a Junos Fusion Enterprise topology. The satellite device in a Junos Fusion topology is managed and configured by the aggregation device. Junos Fusion Enterprise uses EX9200 switches in the aggregation device role.

[See Junos Fusion Enterprise Overview.]

Authentication, Authorization, and Accounting (AAA) (RADIUS)

Authentication and access control features (Junos Fusion Enterprise)—Starting with Junos OS Release

•

17.1R1, Junos Fusion Enterprise supports controlling access to the network by using the following features:

802.1X authentication

•

MAC RADIUS authentication

•

Server-fail fallback

•

TACACS+ authentication

•

Central Web authentication

•

RADIUS-initiated changes to an authorized user session (RFC 3576)

•

Flexible authentication order

•

RADIUS accounting interim updates

•

Dynamic filtering with multiple filter terms using VSAs

•

EAP-PAP protocol support for MAC RADIUS authentication

•

RADIUS accounting attributes Client-system-Name, Framed-MTU, Session-timeout, Acct-authentic,

•

Nas-port-ID, and Filter-ID

[See Understanding Authentication on Switches.]

Class of Service (CoS)

Class of Service support (Junos Fusion Enterprise)—Starting with Junos OS Release 17.1R1, Junos Fusion

•

Enterprise supports the standard Junos CoS features and operational commands. Each extended port on a satellite device is a logical extension to the aggregation device. Therefore, the default CoS policy on the aggregation device applies to each extended port. An EX9200 aggregation device supports the following CoS features for each extended port:

BA classifier

•

Multifield classifier

•

Input and output policer

•

Egress rewrite

•

The satellite devices support the following CoS features for each extended port:

BA classifier

•

Queuing and scheduling

•

A cascade port is a physical interface on an aggregation device that provides a connection between the aggregation device and a satellite device. Port scheduling is supported on cascade ports. A Junos Fusion Enterprise reserves a separate set of queues with minimum bandwidth guarantees for in-band management traffic to protect against congestion caused by data traffic.

[See Understanding CoS in Junos Fusion Enterprise.]

Layer 2 Features

•

Support for Layer 2 Features (Junos Fusion Enterprise)—Starting in Junos OS Release 17.1R1, the following features are supported:

Storm control—Monitor traffic levels and take a specified action when a defined traffic level (called

•

the storm control level) is exceeded, preventing packets from proliferating and degrading service. You can configure the switch to drop broadcast and unknown unicast packets, shut down interfaces, or temporarily disable interfaces when a traffic storm occurs. [See Understanding Storm Control for

Managing Traffic Levels on Switching Devices.]

Persistent MAC learning (Sticky MAC)—Configure persistent MAC addresses (also called sticky MAC

•

addresses) to help restrict access to an access port by identifying the MAC addresses of workstations that are allowed access to a given port. Secure access to these workstations is retained even if the switch is restarted. [See Understanding Persistent MAC Learning (Sticky MAC).]

MAC limiting—Configure MAC limiting on an interface or a VLAN, and specify the action to take on

•

the next packet the interface or the VLAN receives after the limit is reached. Limiting the number of MAC addresses protects the switch from flooding the Ethernet switching table (also known as the MAC forwarding table or Layer 2 forwarding table). [See MAC Limiting.]

Loop detection on extended ports—Enable downstream loop detection on the satellite device to

•

prevent accidental loops caused by miswiring or misconfiguration on the extended ports.

•

Support for MAC/PHY features on Junos Fusion Enterprise—Starting with Junos OS Release 17.1R1, the following MAC/PHY features are supported on Junos Fusion Enterprise:

Digital optical monitoring (DOM)—You can run the show interfaces diagnostics optics interface-name

•

command to display the DOM information. The information includes diagnostics data and alarms for Gigabit Ethernet optical transceivers.

Energy Efficient Ethernet (EEE)—EEE reduces the power consumption of physical layer devices during

•

periods of low link utilization. EEE saves energy by putting part of the transmission circuit into low power mode when a link is idle. You can run the set interfaces interface-name ether-options ieee-802-3az-eee command at the [edit] hierarchy level to enable energy efficiency at the Ethernet ports. You can view the EEE status by using the show interfaces interface-name detail command. By default, EEE is disabled on EEE-capable ports.

Jumbo frames—You can configure jumbo frames by using the set interfaces interface-name mtu 9216

•

command at the [edit] hierarchy level.

Medium-dependent Interface (MDI)—By default, the auto MDI/MDI-X feature is enabled on Junos

•

Fusion Enterprise. This feature eliminates the need for a cross-over cable to connect the LAN port to a port on another device, as the crossover function is automatically enabled, when required.

Multicast

•

Support for multicast traffic forwarding (Junos Fusion Enterprise)—Starting with Junos OS Release

17.1R1, multicast traffic forwarding is supported in Junos Fusion Enterprise. Multicast replication is supported only on the aggregation device. The aggregation device performs ingress multicast replication to a set of extended ports. On the satellite device, multicast traffic is received for each of the extended ports. The following scenarios are supported for both IPv4 and IPv6 traffic: Layer 2 multicast with VLAN flooding and Layer 3 multicast.

[See Understanding Multicast Forwarding on a Junos Fusion Enterprise.]

Network Management and Monitoring

Network monitoring and analysis (Junos Fusion Enterprise)—Starting with Junos OS Release 17.1R1,

•

sFlow monitoring and port mirroring and analyzers are supported in Junos Fusion Enterprise:

sFlow technology, which is a monitoring technology for high-speed switched or routed networks,

•

randomly samples network packets and sends the samples to a monitoring station. You can configure sFlow technology to continuously monitor traffic at wire speed on all interfaces simultaneously.

Port mirroring and analyzers facilitate analyzing traffic on switches at the packet level. You configure

•

port mirroring on a switch to send copies of unicast traffic to an output destination such as an interface, a routing instance, or a VLAN. You can configure an analyzer to define both the input traffic and output traffic in the same analyzer configuration. The input traffic to be analyzed can be traffic that enters or exits an interface, or traffic that enters a VLAN.

[See Understanding sFlow Technology on a Junos Fusion Enterprise and Understanding Port Mirroring

Analyzers on a Junos Fusion Enterprise.]

Port Security

Media Access Control Security (MACsec) support on extended ports (Junos Fusion Enterprise)—Starting

•

with Junos OS Release 17.1R1, MACsec is supported on extended ports in a Junos Fusion Enterprise topology. MACsec is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on point-to-point Ethernet links. MACsec is capable of identifying and preventing most security threats and can be used in combination with other security protocols to provide end-to-end network security. Enabling MACsec on extended ports in a Junos Fusion Enterprise topology provides secure communication between the satellite device and connected hosts.

[See Understanding Media Access Control Security (MACsec).]

Access security support (Junos Fusion Enterprise)—Starting with Junos OS Release 17.1R1, the following

•

access security features are supported in Junos Fusion Enterprise:

DHCP snooping—DHCP snooping allows the switch to monitor and control DHCP messages received

•

from untrusted devices connected to the switch. When DHCP snooping is enabled, the system snoops the DHCP messages to view DHCP lease information, which it uses to build and maintain a database of valid IP-address-to-MAC-address (IP-MAC) bindings called the DHCP snooping database. Clients on untrusted ports are only allowed to access the network only if they are validated against the database.

DHCPv6 snooping—DHCP snooping for DHCPv6.

•

Dynamic ARP inspection (DAI)—DAI inspects Address Resolution Protocol (ARP) packets on the LAN

•

and uses the information in the DHCP snooping database on the switch to validate ARP packets and to protect against ARP spoofing (also known as ARP poisoning or ARP cache poisoning). ARP requests and replies are compared against entries in the DHCP snooping database, and filtering decisions are made based on the results of those comparisons.

IP source guard—IP source guard prevents IP address spoofing by examining each packet sent from

•

a host attached to an untrusted access interface on the switch. The IP address, MAC address, VLAN, and interface associated with the host are checked against entries stored in the DHCP snooping database. If the packet header does not match a valid entry in the DHCP snooping database, the packet is discarded.

IPv6 source guard—IP source guard for IPv6.

•

IPv6 neighbor discovery (ND) inspection—IPv6 ND inspection mitigates attacks based on Neighbor

•

Discovery Protocol; by inspecting neighbor discovery messages and verifying them against the DHCPv6 snooping table.

[See Understanding Port Security Features to Protect the Access Ports on Your Device Against the Loss

of Information and Productivity.]

SEE ALSO

Changes in Behavior and Syntax | 49

Known Behavior | 50

Known Issues | 53

Resolved Issues | 55

Documentation Updates | 56

Migration, Upgrade, and Downgrade Instructions | 56

Product Compatibility | 65

Changes in Behavior and Syntax

IN THIS SECTION

System Management | 50

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands in Junos OS Release 17.1R2 for Junos Fusion Enterprise.

System Management

Peers option not supported in batch configuration mode— Starting in Junos OS Release 17.1R1, the

•

peers option at the [edit system commit] hierarchy level is not supported in batch configuration mode.

SEE ALSO

New and Changed Features | 44

Known Behavior | 50

Known Issues | 53

Resolved Issues | 55

Documentation Updates | 56

Migration, Upgrade, and Downgrade Instructions | 56

Product Compatibility | 65

Known Behavior

IN THIS SECTION

Junos Fusion Enterprise | 50

This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 17.1R2 for Junos Fusion Enterprise.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

Junos Fusion Enterprise

On a Junos Fusion Enterprise, 'show ethernet-switching table' takes a few minutes to show entries when

•

an extended port receives with MAC count set to 150K. PR1117567

While applying a loopback filter on aggregation devices in a Junos Fusion Enterprise, Callback Control

•

Protocol (CBCP) packets might be filtered, which might cause CBCP sessions to be dropped and one of

the satellite devices in a redundant pair to be in the SplitBrainDn state. To work around this issue, you can add a filter similar to the following to the existing set of loopback filters:

set firewall family inet filter accept-icl term accept-icl from source-address

10.0.0.0/30 set firewall family inet filter accept-icl term accept-icl from destination-address 10.0.0.0/30

PR1183680

On a Junos Fusion, when using LLDP, the "Power via MDI" and "Extended Power via MDI" TLVs are not

•

transmitted. PR1105217

In a Junos Fusion Enterprise topology with dual aggregation devices, firewall statistics are not synchronized

•

across the aggregation devices. PR1105612

On a Junos Fusion Enterprise, when the satellite devices of a cluster are rebooted, the output of the CLI

•

command show chassis satellite shows the port state of the cascade ports as Present. PR1175834

In a Junos Fusion Enterprise, conversion of EX2300 and EX3400 switches from satellite devices to Junos

•

OS devices cannot be performed from the aggregation device using the command request chassis satellite install junos-package-name fpc-slot slot-id. As a workaround, use the following procedure:

1. If automatic satellite conversion is enabled for the satellite device’s FPC slot ID, remove the FPC slot ID from the automatic satellite conversion configuration.

[edit] user@aggregation-device# delete chassis satellite-management auto-satellite-conversion

satellite slot-id

For example, to remove FPC slot ID 101 from the Junos Fusion.

[edit] user@aggregation-device# delete chassis satellite-management auto-satellite-conversion

satellite 101

If automatic satellite conversion is enabled for the FPC slot ID, the Junos Fusion tries to convert the device back into a satellite device later in this procedure.

You can check the automatic satellite conversion configuration by entering the show statement at the [edit chassis satellite-management auto-satellite-conversion] hierarchy level.

2. Log in to the satellite software (SNOS) on the switch to be converted back to Junos OS and use the following sequence of commands to install the Junos package:

####################################### dd bs=512 count=1 if=/dev/zero of=/dev/sda echo -e "o\nn\np\n1\n\n\nw" | fdisk /dev/sda mkfs.vfat /dev/sda1 fw_setenv target_os reboot ################################## >>Get to the loader prompt ################################## loader> install --format tftp://<tftp server>/<Junos package name>

PR1213023

In a Junos Fusion Enterprise, conversion of an EX2300 switch from Junos OS to satellite software (SNOS)

•

takes 13-14 minutes. PR1213853

In a Junos Fusion Enterprise, analyzer output is not supported for the aggregation device native interfaces.

•

As a workaround, use RSPAN to capture analyzer output for the aggregation device. PR1214596

In a Junos Fusion Enterprise, EX3400 and EX2300 operating as satellite devices might take longer time

•

to re-converge from single-home to dual-home cluster due to a hardware limitation, compared to an EX4300 switch operating as a satellite device. PR1226366

In a Junos Fusion Enterprise with dual aggregation devices, duplicate multicast packets are observed

•

until L3 convergence happens between the aggregation devices, which might take a few seconds.

PR1231101

In a Junos Fusion Enterprise, a delay might result from moving a satellite device from cluster to non-cluster

•

mode and vice versa. PR1231678

Loss of connectivity of the link connecting the standalone switch might lead to conversion failure from

•

Junos OS to satellite software (SNOS). As a workaround, reboot the standalone switch again to restart the conversion process. PR1232798

In a Junos Fusion Enterprise, in order to use a non-default port as a clustering port in a clustering port

•

policy, the policy must include at least one port that is a default uplink/clustering port for that platform.

PR1241808

In a Junos Fusion Enterprise, a satellite device might not come online when it is converted from cluster

•

to non-cluster mode without accompanying topology changes. As a workaround, ensure the configuration of satellite devices matches the wiring topology: non-cluster devices should not be connected to other clustered devices by means of default or configured clustering/uplink ports. PR1251790

In Junos Fusion Enterprise, when 802.1X authentication is configured in single-secure mode, a firewall

•

counter is created for the default discard term in addition to the configured term. PR1254503

During RE switchover on a Junos Fusion Enterprise, the BUM traffic is duplicated to indirectly connected

•

satellite devices. This is because there is no current support to notify the GRES event to indirectly connected satellite devices. PR1298434

SEE ALSO

New and Changed Features | 44

Changes in Behavior and Syntax | 49

Known Issues | 53

Resolved Issues | 55

Documentation Updates | 56

Migration, Upgrade, and Downgrade Instructions | 56

Product Compatibility | 65

Known Issues

IN THIS SECTION

Junos Fusion Enterprise | 53

This section lists the known issues in hardware and software in Junos OS Release 17.1R2 for Junos Fusion Enterprise.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Junos Fusion Enterprise

In a Junos Fusion Enterprise that has enabled PoE for all extended ports, the show poe interface command

•

output displays the PoE administrative status as Enabled for non-PoE-capable interfaces. PR1150955

In a Junos Fusion Enterprise, Link Layer Discovery Protocol-Media Endpoint Discovery (LLDP-MED)

•

fast start does not work. PR1171899

On a Junos Fusion Enterprise, control packets from the aggregation device - including ping and DHCP

•

packets - might not be forwarded to hosts connected to extended ports when the cascade ports on the aggregation device are down. PR1173212

In a Junos Fusion Enterprise, restarting satellite processes from the aggregated device might not work.

•

As a workaround, use the following commands to get the process ID and restart the process:

user@aggregated-device> request chassis satellite shell-command fpc-slot <slot-id> "ps -aef |

grep <process> | grep -v grep”

user@aggregated-device> request chassis satellite shell-command fpc-slot <slot-id> "kill -9

<process-id>”

Processes details:

amd—api-management-daemon

lcmd—chassis-management-daemon

dpd—discovery-and-provisioning-daemon

spfe—packet-forwarding-engine

ppman—ppman

ppman-lite—ppman-lite

PR1244166

In a Junos Fusion Enterprise, backup link information might not be displayed in the output of the show

•

chassis satellite command if cluster configuration is deleted and then added again on a single aggregated device. As a workaround, delete and then add configuration on both aggregated devices. PR1247633

In a Junos Fusion Enterprise it can take 6 to 30 seconds for the traffic to converge when the aggregation

•

device is powered off or powered on. PR1257057

SEE ALSO

New and Changed Features | 44

Changes in Behavior and Syntax | 49

Known Behavior | 50

Resolved Issues | 55

Documentation Updates | 56

Migration, Upgrade, and Downgrade Instructions | 56

Product Compatibility | 65

Resolved Issues

IN THIS SECTION

Resolved Issues: 17.1R2 | 55

Resolved Issues: 17.1R1 | 55

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 17.1R2

Junos Fusion Enterprise

EX4300 with Junos OS Release 17.1R1 cannot be converted to satellite mode. PR1267767

•

In Junos Fusion Enterprise, for show ethernet-switching table, a few entries are stuck in DLR state after

•

l2-learning restart. PR1268619

Resolved Issues: 17.1R1

Junos Fusion Enterprise

For Junos Fusion Enterprise, PoE telemetrics is not working. PR1112953

•

Changes made in PoE configuration during SD Offline state are not getting reflected once the SD is back

•

Online. PR1154486

Some ARPs are not resolving on Spirent when you exceed 6000 extended ports. PR1186077

•

Traffic loss is seen after rebooting a satellite device in a satellite device cluster. PR1168820

•

SNMP trap for satellite device reboot is not sent. PR1182895

•

LLDP might stop working if manually deactivated and reactivated. PR1188254

•

SDPD core files might be generated during conversion of EX2300/EX3400 cluster from JUNOS OS to

•

SNOS. PR1239915

SEE ALSO

New and Changed Features | 44

Changes in Behavior and Syntax | 49

Known Behavior | 50

Known Issues | 53

Documentation Updates | 56

Migration, Upgrade, and Downgrade Instructions | 56

Product Compatibility | 65

Documentation Updates

There are no errata or changes in Junos OS Release 17.1R2 for Junos Fusion Enterprise documentation.

SEE ALSO

New and Changed Features | 44

Changes in Behavior and Syntax | 49

Known Behavior | 50

Known Issues | 53

Resolved Issues | 55

Migration, Upgrade, and Downgrade Instructions | 56

Product Compatibility | 65

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION

Basic Procedure for Upgrading Junos OS on an Aggregation Device | 57

Upgrading from Junos OS Release 16.1 to 17.1 in a JUNOS OS Fusion Enterprise System | 59

Upgrading an Aggregation Device with Redundant Routing Engines | 60

Preparing the Switch for Satellite Device Conversion | 60

Converting a Satellite Device to a Standalone Switch | 62

Upgrade and Downgrade Support Policy for Junos OS Releases | 64

Downgrading from Release 17.1 | 64

This section contains the procedure to upgrade or downgrade Junos OS and satellite software for a Junos Fusion Enterprise. Upgrading or downgrading Junos OS and satellite software might take several hours, depending on the size and configuration of the Junos Fusion Enterprise topology.

Basic Procedure for Upgrading Junos OS on an Aggregation Device

When upgrading or downgrading Junos OS for an aggregation device, always use the junos-install package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the junos-install package and details of the installation process, see the Installation and Upgrade Guide.

NOTE: Before upgrading, back up the file system and the currently active Junos OS configuration

so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

user@host> request system snapshot

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files), might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. See the Junos OS Administration Library.

To download and install Junos OS Release 17.1R2:

1. Using a Web browser, navigate to the Download Software URL on the Juniper Networks webpage:

https://www.juniper.net/support/downloads/

2. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.

3. Select By Technology > Junos Platform > Junos Fusion to find the software that you want to download.

4. Select the release number (the number of the software version that you want to download) from the Version drop-down list on the right of the page.

5. Select the Software tab.

6. Select the software package for the release.

7. Review and accept the End User License Agreement.

8. Download the software to a local host.

9. Copy the software to the routing platform or to your internal software distribution site.

10. Install the new junos-install package on the aggregation device.

NOTE: We recommend that you upgrade all software packages out of band using the console

because in-band connections are lost during the upgrade process.

Customers in the United States and Canada, use the following commands.

user@host> request system software add validate reboot source/package-name

All other customers, use the following commands.

user@host> request system software add validate reboot source/package-name

Replace source with one of the following values:

/pathname—For a software package that is installed from a local directory on the router.

•

For software packages that are downloaded and installed from a remote location:

•

ftp://hostname/pathname

•

http://hostname/pathname

•

scp://hostname/pathname (available only for Canada and U.S. version)

•

The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

Adding the reboot command reboots the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

Rebooting occurs only if the upgrade is successful.

NOTE: After you install a Junos OS Release 17.1R2 junos-install package, you cannot return to

the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the

junos-install package that corresponds to the previously installed software.

Upgrading from Junos OS Release 16.1 to 17.1 in a JUNOS OS Fusion Enterprise System

When the Junos Fusion Enterprise System includes clustered devices, use the following procedure to first upgrade the clustered devices to SNOS 3.0R1 and then upgrade the aggregation device from 16.1 to 17.1.

1. Enable hop-by-hop forwarding for control-traffic the on aggregation device using VTY commands.

a. Start a shell on the aggregated device:

user@aggregation-device> start shell

b. For each FPC which has cascade ports, start a VTY session. For example:

root@aggregation-device% vty fpc1

c. At the VTY prompt, enter the following command:

FPC1(aggregation-device vty)# set jnh ep stack-hostpath 0

2. Enable hop-by-hop forwarding for control-traffic on all satellite devices in a cluster.

user@aggregation-device> request chassis satellite shell-command vty -c 'test sd-cluster

hop-to-hop enable' range fpc-start fpc-end

3. Update the satellite device cluster to the new image, which must be SNOS 3.0R1 or higher.

user@aggregation-device> request system software add upgrade-group cluster-upgrade-group

image-location

4. Confirm all satellite devices are upgraded to the new image.

user@aggregation-device> show chassis satellite upgrade-group upgrade-group-name

5. Upgrade the aggregation device to the 17.1 image.

user@aggregation-device> request system software add aggregation-device-package-name

6. To complete the upgrade, reboot the system, including all satellite devices and aggregation device.

To reboot the satellite devices:

•

user@aggregation-device> request chassis satellite reboot range fpc-start fpc-end

To reboot the aggregation device:

•

user@aggregation-device> request system reboot

Upgrading an Aggregation Device with Redundant Routing Engines

If the aggregation device has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to minimize disrupting network operations as follows:

1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine and save the configuration change to both Routing Engines.

2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Preparing the Switch for Satellite Device Conversion

There are multiple methods to upgrade or downgrade satellite software in your Junos Fusion Enterprise. See Configuring or Expanding a Junos Fusion Enterprise.

For satellite device hardware and software requirements, see Understanding Junos Fusion Enterprise

Software and Hardware Requirements.

Use the following command to install Junos OS on a switch before converting it into a satellite device:

user@host> request system software add validate reboot source/package-name

NOTE: The following conditions must be met before a Junos switch that is running Junos OS

Release 17.1R2 can be converted to a satellite device when the action is initiated from the aggregation device:

The Junos switch can only be converted to SNOS 3.0 and later.

•

The Junos switch must be either set to factory default configuration using the request system

•

zeroize command, or the following command must be included in the configuration: set chassis auto-satellite-conversion.

When the interim installation has completed and the switch is running a version of Junos OS that is compatible with satellite device conversion, perform the following steps:

1. Log in to the device using the console port.

2. Clear the device:

[edit] user@satellite-device# request system zeroize

NOTE: The device reboots to complete the procedure for resetting the device.

If you are not logged in to the device using the console port connection, your connection to the device is lost after you enter the request system zeroize command.

If you lose connection to the device, log in using the console port.

3. (EX4300 switches only) After the reboot is complete, convert the built-in 40-Gbps QSFP+ interfaces from Virtual Chassis ports (VCPs) into network ports:

user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port port-number

For example, to convert all four built-in 40-Gbps QSFP+ interfaces on an EX4300-24P switch into network ports:

user@satellite-device>request virtual-chassis vc-port delete pic-slot 1 port 0 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 1 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 2 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 3

This step is required for the 40-Gbps QSFP+ interfaces that will be used as uplink interfaces in a Junos Fusion topology. Built-in 40-Gbps QSFP+ interfaces on EX4300 switches are configured into VCPs by default, and the default settings are restored after the device is reset.

After this initial preparation, you can use one of three methods to convert your switches into satellite devices—autoconversion, manual conversion, or preconfiguration. See Configuring or Expanding a Junos

Fusion Enterprise for detailed configuration steps for each method.

Converting a Satellite Device to a Standalone Switch

In the event that you need to convert a satellite device to a standalone device, you will need to install a new Junos OS software package on the satellite device and remove the satellite device from the Junos Fusion topology.

The following steps explain how to download software, remove the satellite device from the Junos Fusion, and install the Junos OS software image on the satellite device so that the device can operate as a standalone device.

1. Using a Web browser, navigate to the Junos OS software download URL on the Juniper Networks webpage:

https://www.juniper.net/support/downloads

2. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.

3. Select By Technology > Junos Platform > Junos Fusion from the menu and select the switch platform series and model for your satellite device.

4. Select the software image for your platform. For satellite device software requirements, see

Understanding Junos Fusion Enterprise Software and Hardware Requirements.

5. Review and accept the End User License Agreement.

6. Download the software to a local host.

Copy the software to the routing platform or to your internal software distribution site.

7. Remove the satellite device from the automatic satellite conversion configuration.

If automatic satellite conversion is enabled for the satellite device’s member number, remove the member number from the automatic satellite conversion configuration. The satellite device’s member number is the same as the FPC slot ID.

[edit]

user@aggregation-device# delete chassis satellite-management auto-satellite-conversion

satellite member-number

For example, to remove member number 101 from the Junos Fusion:

[edit] user@aggregation-device# delete chassis satellite-management auto-satellite-conversion

satellite 101

You can check the automatic satellite conversion configuration by entering the show command at the [edit chassis satellite-management auto-satellite-conversion] hierarchy level.

8. Commit the configuration.

To commit the configuration to both Routing Engines:

[edit] user@aggregation-device# commit synchronize

To commit the configuration to a single Routing Engine:

[edit] user@aggregation-device# commit

9. Install Junos OS on the satellite device to convert the device to a standalone device.

[edit] user@aggregation-device> request chassis satellite install URL-to-software-package fpc-slot

member-number

For example, to install a software package stored in the /var/tmp directory on the aggregation device onto an EX4300 switch acting as the satellite device using FPC slot 102:

[edit] user@aggregation-device> request chassis satellite install

/var/tmp/jinstall-ex-4300-14.1X53-D35.3-domestic-signed.tgz fpc-slot 102

The satellite device stops participating in the Junos Fusion topology once the software installation starts. The software upgrade starts after this command is entered.

10. Wait for the reboot that accompanies the software installation to complete.

11. When you are prompted to log back in to your device, uncable the device from the Junos Fusion topology. See or Remove a Transceiver. Your device is removed from the Junos Fusion.

NOTE: The device uses a factory-default configuration after the Junos OS installation is

complete.

Upgrade and Downgrade Support Policy for Junos OS Releases

16.1 and 16.2 are EEOL releases. You can upgrade from Junos OS Release 15.1 to Release 16.1 or even

from Junos OS Release 15.1 to Release 16.2. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.

For more information about EEOL releases and to review a list of EEOL releases, see

https://www.juniper.net/support/eol/junos.html.

Downgrading from Release 17.1

Junos Fusion Enterprise is first supported in Junos OS Release 16.1R1, although you can downgrade a standalone EX9200 switch to earlier Junos OS releases.

NOTE: It is not recommended to downgrade the aggregation device from 17.1 to 16.1 if there

are cluster satellite devices in the setup.

To downgrade a Junos Fusion Enterprise from Junos OS Release 17.1 to 16.1, you must first downgrade the satellite software version on the satellite devices from 3.0R1 to 2.0R1.

1. Downgrade the satellite software on the satellite devices from 3.0R1 to 2.0R1:

user@aggregation-device> request system software add satellite-2.0R1-signed.tgz no-validate

upgrade-group cluster1

After the satellite devices are downgraded to satellite software 2.0R1, they will not show as being online until the aggregation device is downgraded to 16.1.

2. Downgrade the aggregation device. Follow the procedure for upgrading, but replace the 17.1 junos-install package with one that corresponds to the appropriate release.

NOTE: You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.

SEE ALSO

New and Changed Features | 44

Changes in Behavior and Syntax | 49

Known Behavior | 50

Known Issues | 53

Resolved Issues | 55

Documentation Updates | 56

Product Compatibility | 65

Product Compatibility

IN THIS SECTION

Hardware and Software Compatibility | 65

Hardware Compatibility Tool | 66

Hardware and Software Compatibility

For a complete list of all hardware and software requirements for a Junos Fusion Enterprise, including which Juniper Networks devices function as satellite devices, see Understanding Junos Fusion Enterprise

Software and Hardware Requirements in the Junos Fusion Enterprise User Guide.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.

SEE ALSO

New and Changed Features | 44

Changes in Behavior and Syntax | 49

Known Behavior | 50

Known Issues | 53

Resolved Issues | 55

Documentation Updates | 56

Migration, Upgrade, and Downgrade Instructions | 56

Junos OS Release Notes for Junos Fusion Provider Edge

IN THIS SECTION

New and Changed Features | 67

Changes in Behavior and Syntax | 68

Known Behavior | 69

Known Issues | 69

Resolved Issues | 70

Documentation Updates | 71

Migration, Upgrade, and Downgrade Instructions | 72

Product Compatibility | 80

These release notes accompany Junos OS Release 17.1R2 for the Junos Fusion Provider Edge. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at http://www.juniper.net/techpubs/software/junos/.

New and Changed Features

IN THIS SECTION

Release 17.1R2 New and Changed Features | 67

Release 17.1R1 New and Changed Features | 67

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for Junos Fusion Provider Edge.

Release 17.1R2 New and Changed Features

There are no new features or enhancements to existing features for Junos Fusion Provider Edge in Junos

•

OS Release 17.1R2.

Release 17.1R1 New and Changed Features

Junos Fusion

Support for satellite device clustering—Starting in Junos OS Release 17.1R1, Junos Fusion Provider

•

Edge supports satellite device clustering. Satellite device clustering enables you to connect up to 10 satellite devices into a single cluster, and to connect the satellite device cluster to the aggregation device as a single group instead of as individual satellite devices.

[See Understanding Satellite Device Clustering in a Junos Fusion.]

Support for LLDP-MED with VoIP integration—Starting in Junos OS Release 17.1R1, Junos Fusion

•

Provider Edge supports Link Layer Discovery Protocol–Media Endpoint Discovery (LLDP-MED) with VoIP integration on the extended ports of satellite devices in a VoIP network. LLDP-MED with VoIP integration is an extension of LLDP that is used to support device discovery of VoIP telephones and to create location databases for these telephone locations.

[See Understanding LLDP and LLDP-MED on Junos Fusion..]

SEE ALSO

Changes in Behavior and Syntax | 68

Known Behavior | 69

Known Issues | 69

Resolved Issues | 70

Documentation Updates | 71

Migration, Upgrade, and Downgrade Instructions | 72

Product Compatibility | 80

Changes in Behavior and Syntax

IN THIS SECTION

System Management | 68

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands in Junos OS Release 17.1R2 for Junos Fusion Provider Edge.

System Management

Peers option not supported in batch configuration mode— Starting in Junos OS Release 17.1R1, the

•

peers option at the [edit system commit] hierarchy level is not supported in batch configuration mode.

SEE ALSO

New and Changed Features | 67

Known Behavior | 69

Known Issues | 69

Resolved Issues | 70

Documentation Updates | 71

Migration, Upgrade, and Downgrade Instructions | 72

Product Compatibility | 80

Known Behavior

There are no known behaviors, system maximums, and limitations in hardware and software in Junos OS Release 17.1R2 for Junos Fusion Provider Edge.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

SEE ALSO

New and Changed Features | 67

Changes in Behavior and Syntax | 68

Known Issues | 69

Resolved Issues | 70

Documentation Updates | 71

Migration, Upgrade, and Downgrade Instructions | 72

Product Compatibility | 80

Known Issues

IN THIS SECTION

Junos Fusion | 70

This section lists the known issues in hardware and software in Junos OS Release 17.1R2 for Junos Fusion Provider Edge.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Junos Fusion

Junos Fusion transit traffic fails between two VLANS on the same extended port. As a workaround,

•

configure extended port with LAG.PR1264900

SEE ALSO

New and Changed Features | 67

Changes in Behavior and Syntax | 68

Known Behavior | 69

Resolved Issues | 70

Documentation Updates | 71

Migration, Upgrade, and Downgrade Instructions | 72

Product Compatibility | 80

Resolved Issues

IN THIS SECTION

Resolved Issues: 17.1R2 | 71

Resolved Issues: 17.1R1 | 71

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 17.1R2

Junos Fusion Provider Edge

LACP on extended ports does not come up after GRES Routing Engine switchover event on

•

MX104.PR1262674

Resolved Issues: 17.1R1

Junos Fusion

Junos OS to satellite conversion initiated from aggregation device must use SNOS 3.0, SNOS 1.0R5, or

•

SNOS 2.0R2.PR1249877

SEE ALSO

New and Changed Features | 67

Changes in Behavior and Syntax | 68

Known Behavior | 69

Known Issues | 69

Documentation Updates | 71

Migration, Upgrade, and Downgrade Instructions | 72

Product Compatibility | 80

Documentation Updates

There are no errata or changes in Junos OS Release 17.1R2 for Junos Fusion Provider Edge documentation.

SEE ALSO

New and Changed Features | 67

Changes in Behavior and Syntax | 68

Known Behavior | 69

Known Issues | 69

Resolved Issues | 70

Migration, Upgrade, and Downgrade Instructions | 72

Product Compatibility | 80

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION

Basic Procedure for Upgrading an Aggregation Device | 72

Upgrading an Aggregation Device with Redundant Routing Engines | 75

Preparing the Switch for Satellite Device Conversion | 75

Converting a Satellite Device to a Standalone Device | 76

Upgrading an Aggregation Device | 79

Upgrade and Downgrade Support Policy for Junos OS Releases | 79

Downgrading from Release 17.1 | 79

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for Junos Fusion Provider Edge. Upgrading or downgrading Junos OS might take several hours, depending on the size and configuration of the network.

Basic Procedure for Upgrading an Aggregation Device

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and

Upgrade Guide.

NOTE: Before upgrading, back up the file system and the currently active Junos OS configuration

so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

user@host> request system snapshot

The download and installation process for Junos OS Release 16.1R1 and later is different that for earlier Junos OS releases.

1. Using a Web browser, navigate to the Download Software URL on the Juniper Networks webpage:

https://www.juniper.net/support/downloads/

2. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.

3. Select By Technology > Junos Platform > Junos Fusion to find the software that you want to download.

4. Select the release number (the number of the software version that you want to download) from the Version drop-down list to the right of the page.

5. Select the Software tab.

6. Select the software package for the release.

7. Review and accept the End User License Agreement.

8. Download the software to a local host.

9. Copy the software to the routing platform or to your internal software distribution site.

10. Install the new jinstall package on the aggregation device.

NOTE: We recommend that you upgrade all software packages out-of-band using the console,

because in-band connections are lost during the upgrade process.

NOTE: We highly recommend that you see 64-bit Junos OS software when implementing

Junos Fusion Provider Edge.

For upgrades from Junos Release 14.2 and earlier:

user@host> request system software add no-validate reboot source/package-name

All other upgrades:

user@host> request system software add validate reboot source/package-name

Replace source with one of the following values:

/pathname—For a software package that is installed from a local directory on the router.

•

For software packages that are downloaded and installed from a remote location:

•

ftp://hostname/pathname

•

http://hostname/pathname

•

scp://hostname/pathname (available only for the Canada and U.S. version)

•

The validate option validates the software package against the current configuration as a prerequisite for adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is for a different release.

Rebooting occurs only if the upgrade is successful.

NOTE: After you install a Junos OS Release 17.1R2 jinstall package, you cannot return to the

previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrading an Aggregation Device with Redundant Routing Engines

If the aggregation device has two Routing Engines, perform a Junos OS installation on each Routing Engine separately as follows to minimize disrupting network operations:

1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine and save the configuration change to both Routing Engines.

2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Preparing the Switch for Satellite Device Conversion

Satellite devices in a Junos Fusion topology use a satellite software package that is different from the standard Junos OS software package. Before you can install the satellite software package on a satellite device, you first need to upgrade the target satellite device to an interim Junos OS software version that can be converted to satellite software. For satellite device hardware and software requirements, see

Understanding Junos Fusion Software and Hardware Requirements

Customers with EX4300 switches, use the following command:

user@host> request system software add validate reboot

source/jinstall-ex-4300-14.1X53-D30.3-domestic-signed.tgz

Customers with QFX5100 switches, use the following command:

user@host> request system software add validate reboot

source/jinstall-qfx-5-14.1X53-D30.3-domestic-signed.tgz

When the interim installation has completed and the switch is running a version of Junos OS that is compatible with satellite device conversion, perform the following steps:

1. Log in to the device using the console port.

2. Clear the device:

[edit]

user@satellite-device# request system zeroize

NOTE: The device reboots to complete the procedure for resetting the device.

If you are not logged in to the device using the console port connection, your connection to the device is lost after you enter the request system zeroize command.

If you lose your connection to the device, log in using the console port.

3. (EX4300 switches only) After the reboot is complete, convert the built-in 40-Gbps QSFP+ interfaces from Virtual Chassis ports (VCPs) into network ports:

user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port port-number

For example, to convert all four built-in 40-Gbps QSFP+ interfaces on an EX4300-24P switch into network ports:

After this initial preparation, you can use one of three methods to convert your switches into satellite devices—autoconversion, manual conversion, and preconfiguration. See Configuring Junos Fusion Provider

Edge for detailed configuration steps for each method.

Converting a Satellite Device to a Standalone Device

NOTE: If the satellite device is a QFX5100 switch, you need to install a PXE version of Junos

OS. The PXE version of Junos OS is software that includes pxe in the Junos OS package name when it is downloaded from the Software Center—for example, the PXE image for Junos OS Release 14.1X53-D30 is named install-media-pxe-qfx-5-14.1X53-D30.3.tgz. If the satellite device is an EX4300 switch, you install a standard jinstall-ex-4300 version of Junos OS.

The following steps explain how to download software, remove the satellite device from Junos Fusion, and install the Junos OS software image on the satellite device so that the device can operate as a standalone device.

1. Using a Web browser, navigate to the Junos OS software download URL on the Juniper Networks webpage:

https://www.juniper.net/support/downloads

2. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.

3. Select By Technology > Junos Platform > Junos Fusion from the drop-down list and select the switch platform series and model for your satellite device.

4. Select the Junos OS Release 14.1X53-D30 software image for your platform.

5. Review and accept the End User License Agreement.

6. Download the software to a local host.

7. Copy the software to the routing platform or to your internal software distribution site.

8. Remove the satellite device from the automatic satellite conversion configuration.

[edit] user@aggregation-device# delete chassis satellite-management auto-satellite-conversion

satellite member-number

For example, to remove member number 101 from Junos Fusion:

[edit]

user@aggregation-device# delete chassis satellite-management auto-satellite-conversion

satellite 101

You can check the automatic satellite conversion configuration by entering the show command at the [edit chassis satellite-management auto-satellite-conversion] hierarchy level.

9. Commit the configuration.

To commit the configuration to both Routing Engines:

[edit] user@aggregation-device# commit synchronize

Otherwise, commit the configuration to a single Routing Engine:

[edit] user@aggregation-device# commit

10. Install the Junos OS software on the satellite device to convert the device to a standalone device.

[edit] user@aggregation-device> request chassis satellite install URL-to-software-package fpc-slot

member-number

For example, to install a PXE software package stored in the /var/tmp directory on the aggregation device onto a QFX5100 switch acting as the satellite device using FPC slot 101:

[edit] user@aggregation-device> request chassis satellite install

/var/tmp/install-media-pxe-qfx-5-14.1X53-D30.3.tgz fpc-slot 101

For example, to install a software package stored in the var/tmp directory on the aggregation device onto an EX4300 switch acting as the satellite device using FPC slot 101:

[edit] user@aggregation-device> request chassis satellite install

/var/tmp/jinstall-ex-4300-14.1X53-D30.3-domestic-signed.tgz fpc-slot 101

The satellite device stops participating in the Junos Fusion topology once the software installation starts. The software upgrade starts after this command is entered.

11. Wait for the reboot that accompanies the software installation to complete.

12. When you are prompted to log back into your device, uncable the device from the Junos Fusion topology. See Removing a Transceiver from a QFX Series Device or Remove a Transceiver, as needed. Your device has been removed from Junos Fusion.

NOTE: The device uses a factory-default configuration after the Junos OS installation is

complete.

Upgrading an Aggregation Device

When you upgrade an aggregation device to Junos OS Release 17.1R2, you must also upgrade your satellite device to Satellite Device Software version 3.0R1.

Upgrade and Downgrade Support Policy for Junos OS Releases

16.1 and 16.2 are EEOL releases. You can upgrade from Junos OS Release 15.1 to Release 16.1 or even

from Junos OS Release 15.1 to Release 16.2. However, you cannot upgrade directly from a non-EEOL release that is more than three releases ahead or behind.

For more information about EEOL releases and to review a list of EEOL releases, see

https://www.juniper.net/support/eol/junos.html.

Downgrading from Release 17.1

To downgrade from Release 17.1 to another supported release, follow the procedure for upgrading, but replace the 17.1 jinstall package with one that corresponds to the appropriate release.

NOTE: You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.

SEE ALSO

New and Changed Features | 67

Changes in Behavior and Syntax | 68

Known Behavior | 69

Known Issues | 69

Resolved Issues | 70

Documentation Updates | 71

Product Compatibility | 80

Product Compatibility

IN THIS SECTION

Hardware Compatibility | 80

Hardware Compatibility

To obtain information about the components that are supported on the devices, and special compatibility guidelines with the release, see the Hardware Guide and the Interface Module Reference for the product.

To determine the features supported on MX Series devices in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. See the Feature

Explorer.

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.

SEE ALSO

New and Changed Features | 67

Changes in Behavior and Syntax | 68

Known Behavior | 69

Known Issues | 69

Resolved Issues | 70

Documentation Updates | 71

Migration, Upgrade, and Downgrade Instructions | 72

Junos OS Release Notes for MX Series 5G Universal Routing Platforms

IN THIS SECTION

New and Changed Features | 82

Changes in Behavior and Syntax | 106

Known Behavior | 117

Known Issues | 120

Resolved Issues | 130

Documentation Updates | 147

Migration, Upgrade, and Downgrade Instructions | 148

Product Compatibility | 156

These release notes accompany Junos OS Release 17.1R2 for the MX Series routers. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at http://www.juniper.net/techpubs/software/junos/.

New and Changed Features

IN THIS SECTION

Release 17.1R2 New and Changed Features | 82

Release 17.1R1 New and Changed Features | 84

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for MX Series.

Release 17.1R2 New and Changed Features

Interfaces and Chassis

Enhancement to ambient-temperature statement (MX Series)—In Junos OS Release 17.1R2 and later,

•

the default ambient temperature is set at 40° C on MX480, MX960, MX2010, and MX2020 Universal Routing Platforms. You can override ambient temperature by setting the temperature at 55° C or 25° C.

[edit] user@router# set chassis ambient-temperature ? Possible completions: 25C 25 degree celsius 40C 40 degree celsius 55C 55 degree celsius [edit]

When a router restarts, the system adjusts the power allocation or the provisioned power for the line cards on the basis of the configured ambient temperature. If enough power is not available, a minor chassis alarm is raised. However, the chassis continues to run with the configured ambient temperature. You can configure a new higher ambient temperature only after you make more power available by adding new power supply modules or by taking a few line cards offline. By using the provisioned power that is saved by configuring a lower ambient temperature, you can bring more hardware components online.

Routing Protocols

IGP cost calculation for next-hop-based dynamic tunnels(MX Series)—Starting in Junos OS Release

•

17.1R2, IGP cost calculation is supported for next-hop-based dynamic tunnels. In multihoming networks with next-hop-based GRE or UDP tunnel, rpd chooses the best path by calculating IGP metrics. However, in single-homed networks, rpd installs the tunnel composite next hop in the Packet Forwarding Engine without any IGP cost calculation.

In earlier Junos OS releases, BGP preferred a path with the lowest router ID, which was not cost effective. When multiple PE devices advertise the same route, BGP did not take into account the IGP cost to those devices. This new feature allows BGP to choose an IGP path with the lowest metric and set up a tunnel to a PE device with the lowest cost. Note that in the absence of IGP connectivity, Junos OS does not install the advertised routes in the Packet Forwarding Engine or create a dynamic tunnel.

Subscriber Management and Services

Configurable grace period for unresponsive RADIUS servers (MX Series)—Starting in Junos OS Release

•

17.1R2, you can use the timeout-grace statement at the [edit access radius-options] hierarchy level to configure a grace period that determines when an unresponsive RADIUS authentication server is marked as down or unreachable. When the server fails to respond to any of the attempts made for an authentication request, it times out, the time is noted, and the grace period begins. If the server is unresponsive for subsequent authentication requests, the grace period is checked each time the server times out. When the check determines that the grace period has expired, the server is marked as down or unreachable.

You can configure the grace period in the range 0 through 30 seconds; the default is 10 seconds. Use a short grace period to declare servers unavailable sooner and direct requests to available servers. Use a long grace period to give unresponsive servers more opportunities to respond.

In earlier releases, the grace period is 10 seconds and is not configurable.

Support for excluding tunnel attributes from RADIUS Access-Request messages (MX Series)—Starting

•

in Junos OS Release 17.1R2, you can use the exclude statement at the [edit access profile profile-name radius attribute] hierarchy level to exclude the following tunnel attributes from RADIUS Access-Request

messages in addition to the previously supported Accounting-Start, and Accounting-Stop messages:

acct-tunnel-connection—RADIUS attribute 68, Acct-Tunnel-Connection

•

tunnel-assignment-id—RADIUS attribute 82, Tunnel-Assignment-Id

•

tunnel-client-auth-id—RADIUS attribute 90, Tunnel-Client-Auth-Id

•

tunnel-client-endpoint—RADIUS attribute 66, Tunnel-Client-Endpoint

•

tunnel-medium-type—RADIUS attribute 65, Tunnel-Medium-Type

•

tunnel-server-auth-id—RADIUS attribute 91, Tunnel-Server-Auth-Id

•

tunnel-server-endpoint—RADIUS attribute 67, Tunnel-Server-Endpoint

•

tunnel-type—RADIUS attribute 64, Tunnel-Type

•

Release 17.1R1 New and Changed Features

Hardware

Support for ODU path delay measurement for 100-Gigabit DWDM OTN MIC and 100-Gigabit DWDM

•

OTN PIC (MX Series)—Starting in Junos OS Release 17.1R1, Junos OS supports ODU path delay measurement for the 100-Gigabit DWDM OTN MIC (MIC3-100G-DWDM) on MPC3E (MX-MPC3E-3D) and MPC3E-NG (MPC3E-3D-NG) on MX Series routers and for the 100-Gigabit Ethernet DWDM OTN PIC (PTX-5-100G-WDM) on PTX3000 and PTX5000 routers. Delay is measured by transmitting a known pattern (delay measurement pattern) in a selected bit of the delay measurement (DM) field and measuring the number of frames that are missed when the delay measurement pattern is received at the transmitting end (local interface).

To enable delay measurement, first enable looping of the delay measurement pattern at the remote interface by including the remote-loop-enable statement at the [edit interfaces interfacename otn-options odu-delay-management] hierarchy level. Then, measure the delay by including the start-measurement statement at the [edit interfaces interfacename otn-options odu-delay-management] hierarchy level. Use the stop-measurement statement to stop measuring the delay. To disable looping of the delay measurement pattern at the remote interface, use the no-remote-loop-enable statement.

1-port 100-Gigabit DWDM OTN MIC with CFP2 (MX240, MX480, MX960, MX2010, and

•

MX2020)—Starting in Junos OS release 17.1R1, support is provided for the 1-port 100-Gigabit Ethernet dense wavelength division multiplexing (DWDM) optical transport network (OTN) MIC (MIC3-100G-DWDM) with CFP2 analog coherent optical (CFP2-ACO) pluggable optics on MPC3E (MX-MPC3E-3D) and MPC3E NG (MPC3E-3D-NG). The 100-Gigabit Ethernet DWDM OTN MIC supports the following features:

Transparent transport of 100-Gigabit Ethernet signals with optical channel transport unit, OTU4 (V)

•

framing

Dual-polarization quadrature phase shift keying (DP-QPSK) modulation with coherent receiver and

•

soft-decision forward error correction (SD-FEC) for long-haul and metro applications

International Telecommunication Union (ITU)-standard OTN performance monitoring and alarm

•

management

Extensive optical, digital signal processing (DSP), and bit error ratio (BER) performance monitoring

•

statistics for the optical link

[See 100-Gigabit DWDM OTN MIC with CFP2-ACOand Configuring OTN Interfaces on

MIC3-100G-DWDM MIC.]

Class of Service (CoS)

Copy ToS bits from incoming IP header to outer GRE IP header (MX Series with MPCs)—Starting in

•

Junos OS Release 17.1R1, you can set GRE tunnel interfaces to copy the ToS bits (DSCP value) from the incoming IPv4 header to the outer GRE IP header for transit traffic. You can set this at the individual GRE interface level by including the copy-tos-to-outer-ip-header-transit statement at the [edit interfaces

gr-fpc/pic/port unit logical-unit-number] hierarchy level, or globally by including the copy-tos-to-outer service-type ([ gre ] | [ mt ]) statement at the [edit chassis] hierarchy level.

You can also now rewrite the DSCP/IP precedence value in both the inner and outer headers with the

rewrite rules ([ dscp ] | [ inet-precedence ]) default protocol ([ inet-both ] | [ inet-outer ]) statement at the [edit class-of-service interfaces interface-name] hierarchy level.

[See Configuring a GRE Tunnel to Copy ToS Bits to the Outer IP Header.]

EVPNs

•

Support for multihoming in an MSAN scenario with EVPN (MX Series routers with MPCs)—Starting in Junos OS Release 17.1R1, the EVPN multihoming feature enables you to connect a customer site to two or more provider edge (PE) devices to provide redundant connectivity. A customer edge (CE) device can be multihomed to different PE devices or the same PE device. A redundant PE device can provide network service to the customer site as soon as a failure is detected. Thus, EVPN multihoming helps maintain EVPN service and traffic forwarding to and from the multihomed site in case of network failures such as:

Failure of the link between PE device to CE device

•

PE device failure

•

MPLS-reachability failure between the local PE device and a remote PE device

•

[See EVPN Multihoming Overview.]

Support for VPWS with EVPN signaling mechanisms (MX Series)—The Ethernet VPN (EVPN)-virtual

•

private wire service (VPWS) network provides a framework for delivering the VPWS with EVPN signaling mechanisms. The VPWS with EVPN signaling mechanisms supports single-active or all-active multihoming capabilities and inter-autonomous system (AS) options associated with BGP-signaled VPNs. Starting with Junos OS Release 17.1R1, the vpws-service-id statement identifies the endpoints of the EVPN-VPWS network based on the local and remote identifiers configured on the provider edge (PE) routers in the network. These endpoints are autodiscovered by BGP and are used to exchange the service labels (learned from the respective PE routers) that are used by autodiscovered routes per EVPN instance (EVI).

Use the show evpn vpws-instance command to verify the routes and interfaces of the VPWS instance of the EVPN.

[See Overview of VPWS Service with EVPN Signaling Mechanisms.]

•

Support for inter-data center connectivity over pure Layer 3 network with EVPN (MX Series routers with MPCs)—Starting in Junos OS Release 17.1R1, the control plane EVPN Type-5 supports IP prefix

for inter-subnet connectivity across data centers. The data packet is sent as the L2 Ethernet frame encapsulated in the VXLAN header over the IP network across the data centers to reach the tenant through the connectivity provided by the EVPN Type-5 IP prefix route.

[See EVPN Type-5 Route with VXLAN encapsulation for EVPN/VXLAN.]

Support for LACP in EVPN active-active multihoming (MX Series routers with MPCs)—Starting with

•

Junos OS Release 17.1R1, an extra level of redundancy can be achieved in an Ethernet VPN (EVPN) active-active multihoming network by configuring the Link Aggregation Control Protocol (LACP) on both the endpoints of the link between the multihomed customer edge (CE) and provider edge (PE) devices. The link aggregation group (LAG) interface of the multihomed CE-PE link can either be in the active or in the standby state. The interface state is monitored and operated by LACP to ensure fast convergence on isolation of a multihomed PE device from the core.

When there is a core failure, a traffic black hole can occur at the isolated PE device. With the support for LACP on the CE-PE link, at the time of core isolation, the CE-facing interface of the multihomed PE device is set to the standby state, thereby blocking data traffic transmission from and toward the multihomed CE device. After the core recovers from the failure, the interface state is switched back from standby to active.

To configure LACP in an EVPN active-active multihoming network:

On the multihomed CE device

•

Include the lacp active statement at the [edit interfaces aex aggregated-ether-options] hierarchy.

•

On the multihomed PE device

•

Include the lacp active statement at the [edit interfaces aex aggregated-ether-options] hierarchy.

•

Include the service-id number statement at the [edit switch-options] hierarchy.

•

[See Example: Configuring LACP for EVPN Active-Active Multihoming.]

•

Support for IPv6 over IRB interfaces with EVPN (MX Series routers with MPCs)—Starting in Junos OS Release 17.1R1, IPv6 addresses are supported on IRB interfaces with EVPN using the Neighbor Discovery Protocol (NDP). The following capabilities are introduced for IPv6 support with EVPN:

IPv6 addresses on IRB interfaces in master routing instances

•

Learning IPv6 neighborhood from solicited NA message

•

NS and NA packets on the IRB interfaces are disabled from network core

•

Virtual gateway addresses are used as Layer 3 addresses

•

Host MAC-IP synchronization for IPv6

•

You can configure the IPv6 addresses in the IRB interface at the [edit interfaces irb] hierarchy level.

[See EVPN with IRB Solution Overview.]

Support for VLAN bundle service for EVPN (MX Series)—Starting in Junos OS Release 17.1R1, Junos

•

OS supports the VLAN bundle service for EVPN. The VLAN bundle service maps multiple VLAN IDs to one EVPN instance. Because a separate instance for each VLAN ID is not needed, this feature lowers the control plane overhead on the router by reducing the number of EVPN instances.

[See VLAN Bundle Service for EVPN.]

General Routing

PHY timestamping support for MIC-3D-20GE-SFP-EH, MIC-3D-20GE-SFP-E, and built-in 10-Gigabit

•

Ethernet ports (MX104)—Starting with Junos OS Release 17.1R1, timestamping at the physical layer, also known as PHY timestamping, is supported on MIC-3D-20GE-SFP-EH, MIC-3D-20GE-SFP-E, and the built-in 10-Gigabit Ethernet ports on MX104 routers. PHY timestamping is the timestamping of the IEEE 1588 event packets at the physical layer. Timestamping the packet at the physical layer eliminates the noise or the packet delay variation (PDV) that is introduced by the Packet Forwarding Engine.

To enable PHY timestamping on MX104 routers, include the phy-timestamping statement at the edit [protocols ptp] hierarchy level.

[See PHY Timestamping.]

Support for PTP over Ethernet, hybrid mode, and G.8275.1 profile (MPC5E and MX104)—Starting in

•

Junos OS Release 17.1R1, MPC5E and MX104 support the following features:

PTP over Ethernet—PTP over Ethernet enables effective implementation of packet-based technology

•

that enables the operator to deliver synchronization services on packet-based mobile backhaul networks. PTP over Ethernet uses multicast addresses for communication of PTP messages between the slave clock and the master clock.

Hybrid mode—In hybrid mode, the synchronous Ethernet equipment clock (EEC) derives the frequency

•

from Synchronous Ethernet and the phase and time of day from PTP.

G.8275.1 profile—G.8275.1 is a PTP profile for applications that require accurate phase and time

•

synchronization. It supports the architecture defined in ITU-T G.8275 to enable the distribution of phase and time with full timing support and is based on the second version of PTP defined in IEEE

1588. You can configure the G.8275.1 profile by including the profile-type g.8275.1 statement at the [edit protocols ptp] hierarchy level.

[See Profile Type.]

High Availability (HA) and Resiliency

ISSU Feature Explorer—The unified ISSU Feature Explorer is an interactive tool that you can use to

•

verify your device’s unified ISSU compatibility with different Junos OS releases.

[See ISSU Feature Explorer.]

Support for unified ISSU on MX Series routers and MX Series Virtual Chassis with MPC3E-3D-NG,

•

MPC3E-3D-NG-Q, MPC2E-3D-NG, MPC2E-3D-NG-Q, and MPC5E (MX240, MX480, MX960, MX2010,

and MX2020)—Starting with Junos OS Release 17.1R1, unified in-service software upgrade (ISSU) is

supported on MX Series routers and MX Series Virtual Chassis with MPC3E-3D-NG, MPC3E-3D-NG-Q, MPC2E-3D-NG, MPC2E-3D-NG-Q, and MPC5E.

Unified ISSU is supported on MPC5E with the following MICs in non-OTN mode:

3X40GE QSFPP

•

12X10GE-SFPP OTN

•

1X100GE-CFP2

•

2X10GE SFPP OTN

•

NOTE: Unified ISSU is not supported on MPC3E-3D-NG, MPC3E-3D-NG-Q, MPC2E-3D-NG,

and MPC2E-3D-NG-Q with the following MICs:

MS-MIC-16G

•

MIC-3D-8DS3-E3

•

MIC-3D-1OC192-XFP

•

Unified ISSU enables you to upgrade between two different Junos OS releases with no disruption on the control plane and with minimal disruption of traffic.

[See Protocols and Applications Supported by MX240, MX480, MX960, MX2010, and MX2020 MPC2E,

Protocols and Applications Supported by the MX240, MX480, MX960, MX2010, and MX2020 MPC3E,

and Protocols and Applications Supported by the MX240, MX480, MX960, MX2010, and MX2020

MPC5Es.]

Unified in-service software upgrade support for 100-Gigabit DWDM OTN MIC (MX960)—Starting with

•

Junos OS Release 17.1R1, unified in-service software upgrade (unified ISSU) is supported for the 1-port 100-Gigabit Ethernet dense wavelength division multiplexing (DWDM) OTN MIC (MIC3-100G-DWDM) on MX960 routers with MPC3E (MX-MPC3E-3D) and MPC3E-NG (MX-MPC3E-NG).

Unified ISSU is a process to upgrade the system software with minimal disruption of transit traffic and no disruption of the control plane. You can use unified ISSU only to upgrade to a later version of the system software. When unified ISSU completes, the new system software state is identical to that of the system software when the system upgrade is performed through a cold boot.

[See Unified ISSU System Requirements.]

New options for the show vrrp track command (MX Series)—Starting with Junos OS Release 17.1R1,

•

the show vrrp track routes command gives you the option to view all tracked routes. Another new option for the show vrrp track command, all, is equivalent to the already existing command show vrrp track.

[See show vrrp track.]

Interfaces and Chassis

•

Getting load-balancing hash result information (MX Series)—Starting in Junos OS Release 17.1R1, you can get the details for load-balancing hash results. You can get information for up to three levels of load balancing.

To get load-balancing results for routed IPv4, IPv6, and other L3 traffic, use the show forwarding-options

load-balance ingress-interface <interface-name> family <family-type> source-address <src-IP> destination-address <dest-IP> transport-protocol <transport-protocol> source-port <src-port> destination-port <dest-port> tos <TOS> command. To get load-balancing results for raw packet dumps, use the show forwarding-options load-balance ingress-interface <interface-name> family <family-type> packet-dump <pkt-dump> command.

[See show forwarding-options load-balance.]

Support for PPP-TCC encapsulation on MIC-3D-16CHE1-T1-CE (MX Series)—Starting in Junos OS

•

Release 17.1R1, Junos OS supports PPP-TCC encapsulation on channelized E1/T1 Circuit Emulation MIC (MIC-3D-16CHE1-T1-CE). PPP-TCC encapsulation is used for circuits with different media on either sides of the connection.

•

Removing the native VLAN ID from untagged traffic (MX Series)—Starting in Junos OS Release 17.1R1, you can send untagged traffic without a native VLAN ID to the remote end of the network. To do this, remove the native VLAN ID from the untagged traffic configuration by setting the no-native-vlan-insert statement. If you do not configure this statement, the native VLAN ID is added to the untagged traffic.

[See Sending Untagged Traffic Without VLAN ID to Remote End.]

Inline MultilinkPPP, Multilink FrameRelay, and Multilink FrameRelay End-to-End for time-division

•

multiplexing WAN interfaces (MX Series)—The ability to provide bundling services through the Packet Forwarding Engine without requiring a PIC or DPC by using inline Multilink PPP (MLPPP), Multilink Frame Relay (MLFR) FRF.16, and MLFR end-to-end FRF.15 for time-division multiplexing (TDM) WAN interfaces was first rolled out in Junos OS Release 14.1. Starting in Junos OS Release 17.1R1, this feature is also supported on the following MPCs: MPC5E (MX240, MX480, MX960, MX2010, and MX2020 routers) and MPC6E (MX2010 and MX2020 routers). Support includes multiple links on the same bundle as well as multiclass extensions for MLPPP. You can enable bundling services without additional DPC slots, freeing the slots for other MICs.

[See Inline MLPPP for WAN Interfaces Overview, Example: Configuring Inline MLPPP and Multilink

Frame Relay End-to-End (FRF.15) for WAN Interfaces,] and [Example: Configuring Inline Multilink Frame Relay (FRF.16) for WAN Interfaces.]

Enhancement to policer configuration (MX Series)—Starting in Junos OS Release 17.1R1, you can

•

configure the MPC to take a value in the range 0 through 5 for the policer tick byte by using the policer-limit statement at the [edit chassis] hierarchy level. If this statement is not configured, the policer tick byte can take values up to 7, which is the default behavior. You can use the set chassis policer-limit command to enable this feature.

You must restart the MPC or the router for the changes to take effect.

•

Support for inline Two-Way Active Measurement Protocol (TWAMP) server and client on MPC7E (MX240, MX480, MX960)—Starting in Junos OS Release 17.1R1, MX Series routers with MPC7E cards

support the inline Two-Way Active Measurement Protocol (TWAMP) control-client and server for transmission of TWAMP IPv4 UDP probes between the session-sender (control-client) and the session-reflector (server). The TWAMP control-client and server can also work with a third-party server and control-client implementation.

TWAMP is an open protocol for measuring network performance between any two devices that support TWAMP. To configure the TWAMP server, specify the logical interface on the service PIC that provides the TWAMP service by including the twamp-server statement at the:[edit interfaces si-fpc/pic/ port unit logical-unit-number rpm] hierarchy level. To configure the TWAMP client, include the twamp-client statement at the:[edit interfaces si-fpc/pic/ port unit logical-unit-number rpm] hierarchy level.

[See Two-Way Active Measurement Protocol Overview.]

Support for frame relay inverse ARP on MIC-3D-16CHE1-T1-CE (MX Series)—Starting in Junos OS

•

Release 17.1R1, Junos OS supports frame relay inverse ARP requests on channelized E1/T1 Circuit Emulation MIC (MIC-3D-16CHE1-T1-CE). You can configure MIC-3D-16CHE1-T1-CE to operate in either T1 or E1 mode. By default, all the ports operate in T1 mode.

[See Configuring Inverse Frame Relay ARP.]

Layer 2 Features

Enhancement to MAC limit function (MX Series with MPCs)—Starting in Junos OS Release 17.1R1, the

•

handling of a burst of packets with new source MAC addresses is improved to reduce resource use and processing time. In earlier releases, new source MAC addresses are learned and placed in the MAC table even after the limit is exceeded. The Routing Engine later deletes the MAC address entries that are over the limit.

Now, the learning limit configured with the interface-mac-limit statement for new source MAC addresses is enforced at all levels: global, bridge domain, and VPLS. The MAC table is not updated with any new addresses after the limit has been reached. When any static MAC addresses are configured, the learning limit is the configured limit minus the number of static addresses.

[See Limiting MAC Addresses Learned from an Interface in a Bridge Domain and Limiting the Number

of MAC Addresses Learned from Each Logical Interface.]

Layer 2 VPN

•

Support for ETH-SLM and ETH-DM on aggregated Ethernet interfaces and LAG members on MPCs (MX Series)—Starting in Junos OS Release 17.1R1, you can configure ITU-T Y.1731 standard-compliant

Ethernet synthetic loss measurement (ETH-SLM) and Ethernet delay measurement (ETH-DM) capabilities on aggregated Ethernet interfaces and LAG members on all MX Series MPCs. These ITU-T Y.1731 OAM services or performance-monitoring techniques can be measured in on-demand mode (triggered through the CLI) or proactive mode (triggered by the iterator application).

ETH-SLM is an application that enables the calculation of frame loss by using synthetic frames instead of data traffic. ETH-DM provides fine control to operators for triggering delay measurement on a given service and can be used to monitor service-level agreements (SLAs).

Management

•

Support for Junos Telemetry Interface sensor for queue depth statistics (MX Series)—Starting with Junos OS Release 17.1R1 , you can configure a Junos Telemetry Interface sensor that exports queue depth statistics for ingress and egress queue traffic. Telemetry data is exported directly from the line card. You can also apply one or more regular expressions to filter data. Include the resource /junos/system/linecard/qmon/ statement at the [edit system services analytics sensor sensor-name] hierarchy level. Only UDP streaming of data is supported. gRPC streaming of queue depth statistics is not currently supported. Only MPC7E, MPC8E, and MPC9E are supported.

[See sensor (Junos Telemetry Interface).]

•

gRPC support for the Junos Telemetry Interface (MX Series)—Starting with Junos OS Release 17.1R1, the Junos Telemetry Interface supports using a set of gRPC remote procedure call interfaces to provision sensors, subscribe to, and receive telemetry data. gRPC is based on an open source framework and provides secure and reliable transport of data. Use the telemetrySubscribe RPC to specify telemetry parameters and stream data for a specified list of OpenConfig commands paths. Telemetry data is generated as Google protocol buffers (gpb) messages in a universal key/value format. If your Juniper Networks device is running a version of Junos OS with an upgraded FreeBSD kernel, you must download

the Network Agent package, which provides the interfaces to manage gRPC subscriptions. The package is available on the All Junos Platforms software download URL on the Juniper Networks webpage.

[See Understanding OpenConfig and gRPC on Junos Telemetry Interface.]

•

Support for Junos Telemetry Interface (MX Series)—Starting with Junos OS Release 17.1R1, the Junos Telemetry Interface enables you to export telemetry data from supported interface hardware. Sensor data, such as interface events, are sent directly to configured collection points without involving polling. On MX Series routers, only MPC1 through MPC9E are supported. For sensors that stream data through the User Datagram Protocol, all parameters are configured at the [edit services analytics] hierarchy level. For sensors that stream data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. Not all hardware and sensors are supported in those previous releases.

[See Overview of the Junos Telemetry Interface.]

MPLS

Support for subscriber management over MPLS pseudowire logical interface on virtual chassis (MX

•

Series)—Starting with Junos OS Release 17.1R1, MPLS pseudowire logical interface for subscriber management is supported on virtual chassis. The functionality of Ethernet interface types such as ae/ge/xe, works on virtual chassis.

Support for Layer 2 services provisioning on the services side of the pseudowire service logical interface

•

(MX Series)—Starting with Junos OS Release 17.1R1, Layer 2 services provisioning such as bridge domain or VPLS instance is possible on the services side of the pseudowire service logical interface anchored to logical tunnel interface.

Prior to Junos OS Release 17.1R1, Layer 2 encapsulations and features such as Spanning Tree Protocol (STP), VLAN and many more could not be configured on pseudowire service on the service logical interface.

[See Layer 2 Services Provisioning on Services Side of Pseudowire Service Interface Overview.]

Support for port mirroring on pseudowire subscriber logical interface (MX Series)—Starting with Junos

•

OS Release 17.1R1, port mirroring is supported on the services side of an MPLS pseudowire subscriber logical interface.

You can configure pseudowire service interface in the same way as the logical interface or physical interface. The main purpose of port mirroring on pseudowire service interface is to allow configurations of pseudowire service interface as a mirrored interface at Layer 2 and Layer 3 levels as supported by firewall filters.

Support for LDP pseudowire auto-sensing (MX Series)—Starting with Junos OS Release 17.1R1, Label

•

Distribution Protocol (LDP) pseudowire auto-sensing addresses zero-touch provisioning. LDP pseudowire auto-sensing enables pseudowire headend termination to be dynamically provisioned rather than statically configured. Hence, it is referred to as zero-touch provisioning.

In Junos OS, pseudowire headend termination on service nodes is supported through the use of pseudowire service logical interfaces and physical interfaces. This approach is considered as superior in scalability to the old logical tunnel interface based approach, due to its capability of multiplexing and

demultiplexing subscribers or customers over a single pseudowire. Currently, the creation and deletion of the pseudowire service logical interfaces, pseudowire service physical interfaces, Layer 2 circuits, and Layer 2 VPNs for pseudowire headend termination rely on static configuration. This is not considered as ideal from the perspective of scalability, efficiency, and flexibility, especially in a network where each service node might potentially host a large number of pseudowires.

[See LDP Pseudowire Auto-Sensing Overview.]

Order-aware abstract hops for MPLS LSPs (MX Series)—Junos OS Release 17.1R1 introduces abstract

•

hops, which are user-defined router clusters or groups that can be sequenced and used for setting up a label-switched path (LSP), similar to real-hop constraints.

The router groups are created using constituent lists that include constituent attributes, which is a logical combination of the existing traffic engineering constraints, such as administrative groups, extended administrative groups, and Shared Risk Link Groups (SRLGs). Ordering among the router groups that satisfy the specified constituent attributes is achieved by using operational qualifiers in the abstract-hop definition.

A path can use a combination of real and abstract hops as constraints. To configure abstract hops, you need to create constituent lists with traffic engineering attributes, include the lists in the abstract-hop definition, and define path constraints that use the abstract hops.

[See Abstract Hops For MPLS LSPs Overview and Example: Configuring Abstract Hops for MPLS LSPs.]

Support for extension of pseudowire redundancy condition to logical Interfaces (MX Series)—Starting

•

with Junos OS Release 17.1R1, pseudowire redundancy condition is supported on MPLS pseudowire subscriber logical interface. This is similar to the pseudowire redundancy feature for mobile backhaul by using the logical tunnel paired (lt-) interfaces.

The primary or backup pseudowire is terminated at the provider edge routers (ps0.0) and the corresponding pseudowire (ps0.1 to ps0.n) service logical interfaces connected to Layer 3 domain by configuring those service logical interfaces in the Layer 3VPN routing instances. There is a Layer 2 circuit across MLPS access node and provider edge with the pseudowire service on transport logical interface (ps0.0) as the local interface of Layer 2 circuit terminating at the provider edge device.

[See Extension of Pseudowire Redundancy Condition Logic to Pseudowire Subscriber Logical Interface

Overview.]

Increased scaling values for MPLS-over-UDP tunnels (MX Series routers with MPCs/MICs)—The

•

next-hop-based dynamic UDP tunnels are referred to as MPLS-over-UDP tunnels, and support the creation of a tunnel composite next hop for every dynamic tunnel created. Starting in Junos OS Release

17.1, the limit for the maximum number of next-hop-based dynamic MPLS-over-UDP tunnels that can be created on an MX series router with MPCs or MICs is increased. This provides additional scaling advantage for the total number of IP tunnels that can be created on the router.

[See Example: Configuring Next-Hop-Based MPLS-Over-UDP Dynamic Tunnels.]

Multicast

Rate sensitive upstream multicast hop (UMH) selection for multicast VPN source-active routes (MX

•

Series)—Starting in Junos OS Release 17.1R1, you can use the traffic rate on the ingress PE to trigger the egress PE to use an alternative UHM. Two new commands are introduced to support this feature, min-rate and dampen.

Use this feature, for example, to ensure that egress PEs only receive Source-Active A-D route advertisements from ingress PEs that are receiving traffic at or above a specified rate. Rather than advertising the Source-Active A-D route immediately upon learning of the S,G, the ingress PE waits the time specified in the dampen command for the traffic rate to remain above the min-rate before it sends Source-Active A-D route advertisements. If the rate drops below the threshold, the Source-Active A-D route is withdrawn. These new commands can be found at the [edit routing-instancesinstance-name protocols mvpn mvpn-mode spt-only source-active-advertisement] hierarchy level.

[See min-rate and dampen.]

Network Management and Monitoring

Support for hrProcessorTable object (MX Series)—Starting in Junos OS Release 17.1R1, support is

•

devices.

[See SNMP MIB Explorer.]

Get and walk support for SNMP Timing MIB objects (MX104)—Starting in Junos OS Release 17.1R1,

•

the get and walk functionality is supported for the following SNMP timing MIB objects:

jnxPtpClass

•

jnxPtpGmId

•

jnxPtpAdvClockClass

•

jnxPtpUtcOffset

•

jnxPtpUtcValid

•

jnxPtpOperationalSlaves

•

jnxPtpOperationalMaster

•

jnxPtpServoState

•

jnxPtpSlaveOffset

•

jnxTimingFrequencyTraceability

•

jnxTimingTimeTraceability

•

jnxClksyncQualityCode

•

jnxClksyncQualityCodeStr

•

jnxClksyncIfIndex

•

jnxClksyncIntfName

•

jnxClksyncSynceQualityTable

•

jnxClksyncSynceQualityIntfIndex

•

jnxClksyncSynceQualityValue

•

jnxClksyncSynceQualityIntfName

•

[See SNMP MIB Explorer.]

Support for mplsL3VpnIfConfTable object (MX Series)— Starting in Junos OS Release 17.1R1, support

•

is provided for the mplsL3VpnIfConfTable object (object id: 1.3.6.1.2.1.10.166.11.1.2.1) described in RFC 4382, MPLS/BGP Layer 3 Virtual Private Network (VPN) MIB. The mplsL3VpnIfConfTable object represents the Layer 3 VPN enabled interfaces that are associated with a specific Virtual Routing and Forwarding (VRF) instance and shows the bitmask values of the supported protocols. The mplsL3VpnIfConfTable object creates entries for the interfaces that are associated with the VRF instances. If an interface is later removed from a VRF instance, the corresponding entry in the mplsL3VpnIfConfTable object gets deleted. To view details of the mplsL3VpnIfConfTable object, use the show snmp mib walk mplsL3VpnIfConfTable command.

[See SNMP MIB Explorer.]

Port mirroring enhancements (MX Series)—Starting in Junos OS Release 17.1R1, the port mirroring

•

feature supports several new enhancements:

Packet mirroring for both ingress and egress directions on subscriber IFLs

•

Support for the encapsulation of mirrored packets onto per-subscriber L2TP tunnels

•

Support for the removal of S-VLAN tags from mirrored packets

•

[See Configuring Protocol-Independent Firewall Filter for Port Mirroring.]

OpenFlow

•

Destination MAC address rewrites for OpenFlow (MX80, MX240, MX480, and MX960)—Some types of network equipment that function as routers accept and handle packets only if the destination MAC address in the packet is the same as the MAC address of the Layer 3 interface on which the packet is received. To interoperate with these routers, connected devices must also be able to rewrite the destination MAC address of an incoming packet. Starting with Junos OS Release 17.1R1, an OpenFlow controller can configure an MX Series router that supports OpenFlow to rewrite the destination MAC address of an incoming packet.

[See Understanding How the OpenFlow Destination MAC Address Rewrite Action Works.]

Operation, Administration, and Maintenance (OAM)

Enhanced scale support for MIPs per chassis (MXSeries with MPCs)—Starting in Junos OS Release 17.1R1,

•

Junos OS supports 8000 maintenance association intermediate points (MIPs) per chassis for bridge

domain and VPLS domain interfaces. Increasing the number of MIPs per chassis for specific domains enables effective Ethernet OAM deployment in scaling networks. To support the increased number of MIPs, configure the network services mode on the router as enhanced-ip. If you do not configure the network services mode, then Junos OS supports only 4000 MIPs.

[See Configuring Maintenance Intermediate Points (MIPs).]

Support for sender ID TLV—Starting with Junos OS Release 17.1R1, you can configure Junos OS to

•

send the sender ID TLV along with the packets. The sender ID TLV is an optional TLV that is sent in continuity check messages (CCMs), loopback messages, and Link Trace Messages (LTMs), as specified in the IEEE 802.1ag standard. The sender ID TLV contains the chassis ID, which is the unique, CFM-based MAC address of the device, and the management IP address, which is an IPv4 or an IPv6 address.

You can enable Junos OS to send the sender ID TLV at the global level by using the set protocols oam

ethernet connectivity-fault-management sendid-tlv and the set protocols oam ethernet connectivity-fault-management sendid-tlv send-chassis-tlv commands. If the sender ID TLV is configured

at the global level, then the default maintenance domain, maintenance association, and the maintenance association intermediate point (MIP) half function inherit this configuration.

The sender ID TLV, if configured at the hierarchy levels mentioned above, takes precedence over the global-level configuration.

NOTE: The sender ID TLV is supported only for 802.1ag PDUs and is not supported for

performance monitoring protocol data units (PDUs).

[See Junos OS Support for Chassis ID TLV.]

CFM enhancement for interoperability during unified ISSU (MX Series on MPC1, MPC2, MPC2-NG,

•

MPC3-NG, MPC5, and MPC6 cards)—Starting in Junos OS Release 17.1R1, Junos OS CFM works during a unified ISSU when the peer device is not a Juniper Networks router. Interoperating with the router of another vendor, the Juniper Networks router retains session information and continues to transmit CCM PDU (continuity check messages) during the unified ISSU upgrade.

To provide this interoperability, enable inline (Packet Forwarding Engine) keepalives with the

hardware-assisted-keepalives statement at the [edit protocols oam ethernet connectivity-fault-management performance-monitoring] hierarchy level. You must also configure the continuity-check interval to 1 second with the interval statement at the [edit protocols oam ethernet connectivity-fault-management maintenance-domain domain-name maintenance-association ma-name continuity-check] hierarchy level. Interoperability during unified ISSU is not supported for any other

interval value.

[See Configuring Connectivity Fault Management for interoperability during Unified In-Service Software

Upgrades.]

Platform and Infrastructure

Virtual broadband network gateway support on virtual MX Series router (vMX)—Starting in Junos OS

•

Release 17.1R1, vMX supports most of the subscriber management features available with Junos OS Release 17.1 on MX Series routers to provide a virtual broadband network gateway on x86 servers.

vBNG runs on vMX, so it has similar exceptions; the following subscriber management features available on MX Series routers are not supported for vBNG:

High availability features such as hot-standby backup for enhanced subscriber management and MX

•

Series Virtual Chassis.

To deploy a vBNG instance, you must purchase these licenses:

vMX PREMIUM application package license with 1 Gbps, 5 Gbps, 10 Gbps, or 40 Gbps bandwidth

•

vBNG subscriber scale license with 1000, 10 thousand, 100 thousand, or 1 million subscriber sessions

•

for one of these tiers: Introductory, Preferred, or Elite

Virtual MX Series router (vMX)—Starting in Junos OS Release 17.1R1, you can deploy vMX routers on

•

x86 servers. FreeBSD 10 is the underlying OS for Junos OS for vMX. vMX uses DPDK 2.2 to support improved performance.

vMX supports most of the features available on MX Series routers and allows you to leverage Junos OS to provide a quick and flexible deployment. vMX provides the following benefits:

Optimizes carrier-grade routing for the x86 environment

•

Simplifies operations by consistency with MX Series routers

•

Introduces new services without reconfiguration of current infrastructure

•

Routing Protocols

IS-IS import policy and route prioritization ( MX Series)—Beginning with Junos OS Release 17.1R1, you

•

can prioritize IS-IS routes that are installed in the routing table for better convergence. In a network with a large number of interior gateway protocol prefixes with BGP Layer 3 VPN or label-based pseudowire service established on top of some interior gateway protocol prefixes, it is important to control the order in which routes get updated in the forwarding table.

In previous releases, Junos OS installed IS-IS routes lexicographically in the routing table. Starting with Junos OS Release 17.1R1, you can configure an import policy to prioritize IS-IS routes as per your network requirements. Use a route tag, or filter the routes based on their prefix before setting a priority of high, medium, or low. Use the reject policy option to reject routes from a specific prefix or routes marked with a particular tag. The IS-IS protocol downloads routes to the rpd routing table based on the configured priority. If you do not configure an import policy, all routes are set to a medium priority by default.

[See Example: Configuring a Routing Policy to Prioritize IS-IS Routes.]

Adjustable TCP MSS values (MX Series)—Starting in Junos OS Release 17.1R1, you can use the tcp-mss

•

statement to configure the maximum segment size (MSS) for transient TCP packets that traverse a router.

Adjusting the TCP MSS value helps reduce the likelihood of fragmentation and packet loss. The tcp-mss statement can be enabled on dynamic interfaces and supports protocols families inet and inet6.

[See tcp-mss.]

BGP advertises multiple add-paths based on community value (MX Series)—Beginning with Junos OS

•

17.1R1, you can define a policy to identify eligible multiple path prefixes based on community values. BGP advertises these community-tagged routes in addition to the active path to a given destination. If the community value of a route does not match the community value defined in the policy, then BGP does not advertise that route. This feature allows BGP to advertise not more than 20 paths to a given destination. You can limit and configure the number of prefixes that BGP considers for multiple paths without actually knowing the prefixes in advance. Instead, a known BGP community value determines whether or not a prefix is advertised.

[See Example: Configuring a Routing Policy to Select and Advertise Multipaths Based on BGP Community

Value.]

Selective advertising of BGP multiple paths (MX Series)—Beginning with Junos OS Release 17.1R1, you

•

can restrict BGP add-path to advertise contributor multiple paths only. Advertising all available multiple paths might result in a large overhead of processing on device memory and is a scaling consideration, too. You can limit and configure up to six prefixes that the BGP multipath algorithm selects. Selective advertising of multiple paths facilitates internet service providers and data centers that use route reflector to build in-path diversity in IBGP.

[See Example: Configuring Selective Advertising of BGP Multiple Paths for Load Balancing.]

System performance enhancements for rpd, Packet Forwarding Engine, and kernel (MX Series)—Beginning

•

with Junos OS Release 17.1R1, performance of the routing protocol process (rpd), the Packet Forwarding Engine, and the kernel is enhanced to speed up the process with which the rpd learns the route states and changes, and reflects these changes in the ASIC-based Packet Forwarding Engine residing in the line cards. The key enhancements are faster route download rates when a router comes up after a reboot, or when you add a new line card, and faster update of the data plane in convergence scenarios. We recommend disabling daemons, such as Layer 2 address learning process (l2ald) and connectivity-fault management process (cfmd) —if they are not required— to improve system performance. Though these enhancements are mainly for the MX Series, other platforms might see some performance improvements as well.

Services Applications

Support for inline 6rd and 6to4 (MX Series routers with MPC5Es and MPC6Es)—Starting in Junos OS

•

Release 17.1R1, you can configure inline 6rd or 6to4 on MPC5Es and MPC6Es. You can use the inline capability to avoid the cost of using MS-DPCs for required tunneling, encapsulation, and decapsulation processes. Anycast is supported for 6 to 4 using next-hop service interfaces. Hairpinning is also supported for traffic between 6rd domains.

[See Tunneling Services for IPv4-to-IPv6 Transition Overview, show services inline softwire statistics, and clear services inline softwire statistics.]

Support for IP reassembly on GRE tunnel interfaces (MX Series routers with MPCs)—Starting in Junos

•

OS Release 17.1R1, you can configure fragmentation and reasssembly of generic routing encapsulation (GRE) packets on GRE tunnel interfaces on MX Series routers with the following Modular Port Concentrators: MPC2E-NGs, MPC3E-NGs, MPC5Es, and MPC6Es.

[See Configuring Unicast Tunnels.]

Support for 464XLAT PLAT on MS-MPCs and MS-MICs (MX Series)—Starting in Junos OS Release

•

17.1R1, the XLAT464 provider-side translater (PLAT) is supported on MS-MICs and MS-MPCs. The 464XLAT architecture provides a simple and scalable technique to provide IPv4 client-server connectivity across an IPv6-only network without having to maintain an IPv4 network and assign additional public IPv4 addresses on the customer side.

[See 464XLAT Overview.]

Logging and reporting framework (MX Series with MS-MPC and MS-MIC)—Starting in Junos OS Release

•

17.1R1, the logging and reporting framework (LRF) enables you to log data for subscriber application-aware data sessions and send that data in an IP flow information export (IPFIX) format to an external log collector, using UDP-based transport. These data session logs can include subscriber information, application information, HTTP metadata, data volume, time-of-day information, and source and destination details. An external collector, which is not a Juniper Networks product, can then use this data to perform analytics that provide you with insights about subscriber and application usage.

[See Logging and Reporting Function for Subscribers.]

Network attack protection for MS-MPCs and MS-MICs (MX Series)—Starting in Junos OS Release

•

17.1R1, the MS-MPC and MS-MIC can detect and prevent network probing attacks, network flooding attacks, header anomaly attacks, and suspicious packet pattern attacks.

[See Configuring Protection Against Network Attacks (MS-MPCs and MS-MICs).]

Support for inline video monitoring on MPC7E, MPC8E, and MCP9E (MX Series)—Starting in Junos OS

•

Release 17.1R1, support for video monitoring using media delivery indexing (MDI) criteria is expanded to include the following Modular Port Concentrators: MPC7E, MPC8E, and MCP9E.

[See Inline Video Monitoring Overview.]

CLI command parity for carrier-grade NAT and stateful firewall (MX Series with MS-MPC)—Starting in

•

Junos OS Release 17.1R1, new operational commands and configuration options provide information previously available only when using the MS-DPC as the services PIC.

To display information equivalent to that provided by show services stateful-firewall flow-analysis

•

for the MS-DPC, use show services sessions analysis for the MS-MPC.

To display information equivalent to that provided by show services stateful-firewall subscriber-analysis

•

for the MS-DPC, use show services subscriber analysis for the MS-MPC.

To drop sessions after a certain session setup rate is reached, include the new CLI option

•

max-session-creation-rate at the [edit services service-set service-set-name] hierarchy level.

[See max-session-creation-rate (Service Set), show services subscriber analysis, and show services

sessions analysis.]

Enhancements to stateful synchronization (MS-MIC, MS-MPC)—Starting in Junos OS Release 17.1R1,

•

stateful synchronization for long-running flows is enhanced for MS-MPC services PICs. These enhancements include:

Automatic replication of NAT flows for all service sets: NAT44 flows are automatically synchronized

•

for all eligible service sets. You can selectively disable replication for individual service sets.

Checkpointing of IPv4 and IPv6 stateful firewall flows and NAPT-44 with address pooling paired (APP),

•

with configurable timeout for checkpointing.

100

[See Configuring Inter-Chassis Stateful Synchronization for Long Lived Flows (MS-MPC, MS-MIC).]

Subscriber-aware and application-aware traffic treatment (MX Series with MS-MPC)—Starting in Junos

•

OS Release 17.1R1, Junos OS can perform subscriber-aware and application-aware policy enforcement for mobile or fixed-line subscribers. Junos OS determines the subscriber identity of traffic flow and applies the subscriber’s policy rules to the flow. Application identification is performed through deep packet inspection (DPI) at Layer 7 and Layer 4. Subscriber policy actions can include:

Redirecting HTTP traffic to another URL or IP address

•

Forwarding packets to a routing instance to direct packets to external service chains

•

Setting the forwarding class

•

Setting the maximum bit rate

•

Performing HTTP header enrichment

•

Setting the gating status to blocked or allowed

•

[See Subscriber-Aware and Application-Aware Traffic Treatment User Guide.]

Usage monitoring for subscribers (MX Series with MS-MPC)—Starting in Junos OS Release 17.1R1,

•

Junos OS can monitor the volume of traffic and the amount of time that a subscriber uses during a session if that subscriber’s policy control rules are controlled by a policy and charging rules function (PCRF) server. The PCRF initiates this monitoring, and the MX Series sends the reports to the PCRF. Monitoring can take place for the entire subscriber session or for only specific data flows and applications. The PCRF provides threshold values to indicate when the Service Control Gateway sends a report to the PCRF, or the PCRF can request a report at any time.

[See Understanding Usage Monitoring for TDF Subscribers.]

Junos OS Release 17.1R2 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

Introduction

Junos OS Release Notes for ACX Series

New and Changed Features

Release 17.1R2 New and Changed Features

Release 17.1R1 New and Changed Features

Application Level Gateways (ALGs)

Bridging

Firewall

Generic Routing

Interfaces and Chassis

Junos OS XML API and Scripting

Layer 2 Features

Mirroring

MPLS

Network Management and Monitoring

Operations, Administration, and Management (OAM)

Spanning Tree Protocols

Timing and Synchronization

Tunneling

VPLS

Changes in Behavior and Syntax

Interfaces and Chassis

General Routing

MPLS

Services Applications

System Management

User Interface and Configuration

Known Behavior

Known Issues

Network Address Translation (NAT) and Stateful Firewall Services

Generic Routing Encapsulation

Firewall

Layer 2 Features

MPLS

SNMP

Timing and Synchronization

Resolved Issues

Resolved Issues: 17.1R2

General Routing

Resolved Issues: 17.1R1

Documentation Updates

Migration, Upgrade, and Downgrade Instructions

Upgrade and Downgrade Support Policy for Junos OS Releases

Product Compatibility

Hardware Compatibility

Hardware Compatibility Tool

Junos OS Release Notes for EX Series Switches

New and Changed Features

Release 17.1R2 New and Changed Features

Release 17.1R1 New and Changed Features

Hardware

Authentication, Authorization and Accounting (AAA) (RADIUS)

Class of Service (CoS)

High Availability (HA) and Resiliency

Interfaces and Chassis

Junos OS XML API and Scripting

Management

OpenFlow

Software Installation and Upgrade

Changes in Behavior and Syntax

High Availability (HA) and Resiliency

MPLS

Services Applications

System Management

User Interface and Configuration

Known Behavior

Known Issues

Authentication, Authorization, and Accounting (AAA) (RADIUS)

High Availability (HA) and Resiliency

Infrastructure

Interfaces and Chassis

Junos Fusion Enterprise

Network Management and Monitoring

Platform and Infrastructure

Port Security