How it Works
Junos
Loading...
OS Release 18.3R2
User Manual
323 pgs3.87 Mb0
Table of contents
Loading...

Junos OS Release 18.3R2 User Manual

Download
Release Notes: Junos®OS Release 18.3R2 for
the ACX Series, EX Series, MX Series, NFX
Series, PTX Series, QFX Series, SRX Series, and
Junos Fusion
1
13 January 2021

Contents

Junos OS Release Notes for ACX Series | 11
New and Changed Features | 12
Release 18.3R2 New and Changed Features | 12
Release 18.3R1-S1 New and Changed Features | 12
Release 18.3R1 New and Changed Features | 13
Changes in Behavior and Syntax | 21
Junos OS XML, API, and Scripting | 22
Network Management and Monitoring | 22
Platform and Infrastructure | 22
Subscriber Management and Services | 23
Known Behavior | 24
General Routing | 24
Known Issues | 25
General Routing | 26
Interfaces and Chassis | 28
Layer 2 Features | 28
MPLS | 28
Resolved Issues | 29
Resolved Issues: 18.3R2 | 29
Resolved Issues: 18.3R1 | 31
Documentation Updates | 32
Migration, Upgrade, and Downgrade Instructions | 33
Upgrade and Downgrade Support Policy for Junos OS Releases | 33
Product Compatibility | 34
Hardware Compatibility | 34
Junos OS Release Notes for EX Series Switches | 35
New and Changed Features | 35
Release 18.3R2 New and Changed Features | 36
Release 18.3R1 New and Changed Features | 36
Changes in Behavior and Syntax | 49
Interfaces and Chassis | 50
2
Junos OS XML API and Scripting | 50
Layer 2 Features | 50
Network Management and Monitoring | 50
Security | 51
Subscriber Management and Services | 51
Virtual Chassis | 51
Known Behavior | 52
Class of Service (CoS) | 54
Ethernet Switching | 54
Infrastructure | 54
Layer 2 Features | 54
Interfaces and Chassis | 54
Platform and Infrastructure | 54
Routing Protocols | 55
Virtual Chassis | 56
Known Issues | 56
General Routing | 57
Infrastructure | 59
Junos Fusion Enterprise | 59
Layer 2 Features | 60
Multicast | 60
Platform and Infrastructure | 60
Routing Protocols | 60
Subscriber Access Management | 61
Resolved Issues | 61
Resolved Issues: 18.3R2 | 62
Resolved Issues: 18.3R1 | 65
Documentation Updates | 69
Migration, Upgrade, and Downgrade Instructions | 69
Upgrade and Downgrade Support Policy for Junos OS Releases | 70
Product Compatibility | 71
Hardware Compatibility | 71
Junos OS Release Notes for Junos Fusion Enterprise | 72
New and Changed Features | 72
3
Release 18.3R2 New and Changed Features | 73
Release 18.3R1 New and Changed Features | 73
Changes in Behavior and Syntax | 73
Known Behavior | 74
Junos Fusion | 74
Known Issues | 75
Junos Fusion Enterprise | 75
Resolved Issues | 75
Resolved issues: Release 18.3R2 | 76
Resolved issues: Release 18.3R1 | 76
Documentation Updates | 77
Migration, Upgrade, and Downgrade Instructions | 77
Basic Procedure for Upgrading Junos OS on an Aggregation Device | 77
Upgrading an Aggregation Device with Redundant Routing Engines | 79
Preparing the Switch for Satellite Device Conversion | 80
Converting a Satellite Device to a Standalone Switch | 81
Upgrade and Downgrade Support Policy for Junos OS Releases | 81
Downgrading Junos OS | 82
Product Compatibility | 82
Hardware and Software Compatibility | 83
Hardware Compatibility Tool | 83
Junos OS Release Notes for Junos Fusion Provider Edge | 83
New and Changed Features | 84
Release 18.3R2 New and Changed Features | 84
Release 18.3R1 New and Changed Features | 84
Changes in Behavior and Syntax | 85
Known Behavior | 85
Known Issues | 86
Resolved Issues | 86
Resolved Issues: 18.3R2 | 87
Resolved Issues: 18.3R1 | 87
Documentation Updates | 88
4
Migration, Upgrade, and Downgrade Instructions | 88
Basic Procedure for Upgrading an Aggregation Device | 89
Upgrading an Aggregation Device with Redundant Routing Engines | 91
Preparing the Switch for Satellite Device Conversion | 92
Converting a Satellite Device to a Standalone Device | 93
Upgrading an Aggregation Device | 95
Upgrade and Downgrade Support Policy for Junos OS Releases | 96
Downgrading from Junos OS Release 18.3 | 96
Product Compatibility | 97
Hardware Compatibility | 97
Junos OS Release Notes for MX Series 5G Universal Routing Platform | 98
New and Changed Features | 98
Release 18.3R2 New and Changed Features | 99
Release 18.3R1 New and Changed Features | 100
Changes in Behavior and Syntax | 116
Class of Service (CoS) | 117
EVPN | 117
General Routing | 117
Interfaces and Chassis | 118
Junos OS XML, API, and Scripting | 119
MPLS | 119
Network Management and Monitoring | 120
Routing Protocols | 121
Security | 121
Services Applications | 121
Software Installation and Upgrade | 122
Subscriber Management and Services | 122
VPNs | 123
Known Behavior | 124
Forwarding and Sampling | 125
High Availability and Resiliency | 125
General Routing | 126
Interfaces and Chassis | 127
Platform and Infrastructure | 129
5
Port Security | 129
Routing Protocols | 129
Services Applications | 129
Software Defined Networking | 130
Subscriber Management and Services | 131
Known Issues | 131
EVPN | 132
Forwarding and Sampling | 133
General Routing | 133
Infrastructure | 139
Interfaces and Chassis | 140
Layer 2 Features | 140
MPLS | 141
Network Management and Monitoring | 143
Platform and Infrastructure | 143
Routing Policy and Firewall Filters | 145
Routing Protocols | 145
Subscriber Access Management | 147
User Interface and Configuration | 147
VPNs | 147
Resolved Issues | 148
Resolved Issues: 18.3R2 | 148
Resolved Issues: 18.3R1 | 164
Documentation Updates | 181
Subscriber Management Access Network Guide | 181
Subscriber Management Provisioning Guide | 182
Subscriber Management VLANs Interfaces Guide | 182
Migration, Upgrade, and Downgrade Instructions | 182
Basic Procedure for Upgrading to Release 18.3 | 183
Procedure to Upgrade to FreeBSD 11.x based Junos OS | 183
Procedure to Upgrade to FreeBSD 6.x based Junos OS | 186
Upgrade and Downgrade Support Policy for Junos OS Releases | 188
Upgrading a Router with Redundant Routing Engines | 188
Downgrading from Release 18.3 | 188
6
Product Compatibility | 189
Hardware Compatibility | 189
Junos OS Release Notes for NFX Series | 190
New and Changed Features | 191
Release 18.3R2 New and Changed Features | 191
Release 18.3R1 New and Changed Features | 191
Changes in Behavior and Syntax | 192
Release 18.3R2 Changes in Behavior and Syntax | 192
Release 18.3R1 Changes in Behavior and Syntax | 192
Known Behavior | 193
NFX150 Series Devices | 193
Known Issues | 194
Known Issues: 18.3R2 | 194
Resolved Issues | 195
Resolved Issues: 18.3R2 | 195
Resolved Issues: 18.3R1 | 196
Documentation Updates | 196
Migration, Upgrade, and Downgrade Instructions | 197
Upgrade and Downgrade Support Policy for Junos OS Releases | 197
Basic Procedure for Upgrading to Junos OS Release 18.3 | 197
Product Compatibility | 199
Hardware Compatibility | 199
Software Version Compatibility | 199
Junos OS Release Notes for PTX Series Packet Transport Routers | 201
New and Changed Features | 202
Release 18.3R2 New and Changed Features | 203
Release 18.3R1 New and Changed Features | 203
Changes in Behavior and Syntax | 211
Interfaces and Chassis | 211
Junos OS XML API and Scripting | 212
Network Management and Monitoring | 212
Openconfig | 213
Routing Policy and Firewall Filters | 213
Software Installation and Upgrade | 213
7
Subscriber Management and Services | 213
Known Behavior | 214
General Routing | 215
Interfaces and Chassis | 215
Routing Policy and Firewall Filters | 216
User Interface and Configuration | 216
Known Issues | 217
Interfaces and Chassis | 217
General Routing | 217
Routing Protocols | 220
Resolved Issues | 220
Resolved Issues: 18.3R2 | 221
Resolved Issues: 18.3R1 | 223
Documentation Updates | 225
Migration, Upgrade, and Downgrade Instructions | 225
Basic Procedure for Upgrading to Release 18.3 | 226
Upgrade and Downgrade Support Policy for Junos OS Releases | 228
Upgrading a Router with Redundant Routing Engines | 229
Product Compatibility | 230
Hardware Compatibility | 230
Junos OS Release Notes for the QFX Series | 231
New and Changed Features | 231
Release 18.3R2 New and Changed Features | 232
Release 18.3R1-S3 New and Changed Features | 232
Release 18.3R1-S2 New and Changed Features | 233
Release 18.3R1 New and Changed Features | 233
Changes in Behavior and Syntax | 245
Interfaces and Chassis | 246
Junos OS XML API and Scripting | 247
Network Management and Monitoring | 247
Routing Policy and Firewall Filters | 248
Security | 248
Virtual Chassis | 248
Known Behavior | 249
8
Class of Service (CoS) | 250
EVPN | 250
Layer 2 Features | 250
Platform and Infrastructure | 250
Routing Protocols | 251
User Interface and Configuration | 252
Virtual Chassis | 252
Known Issues | 253
EVPN | 253
General Routing | 254
Infrastructure | 257
Layer 2 Features | 257
MPLS | 258
Platform and Infrastructure | 258
Routing Protocols | 258
Resolved Issues | 259
Resolved Issues: 18.3R2 | 260
Resolved Issues: 18.3R1 | 265
Documentation Updates | 270
Migration, Upgrade, and Downgrade Instructions | 271
Upgrading Software on QFX Series Switches | 271
Installing the Software on QFX10002-60C Switches | 274
Installing the Software on QFX10002 Switches | 274
Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release
15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches | 275
Installing the Software on QFX10008 and QFX10016 Switches | 277
Performing a Unified ISSU | 281
Preparing the Switch for Software Installation | 282
Upgrading the Software Using Unified ISSU | 282
Upgrade and Downgrade Support Policy for Junos OS Releases | 284
Product Compatibility | 285
Hardware Compatibility | 285
9
Junos OS Release Notes for SRX Series | 286
New and Changed Features | 287
Release 18.3R2 New and Changed Features | 287
Release 18.3R1 New and Changed Features | 287
Changes in Behavior and Syntax | 295
Authentication and Access Control | 295
Chassis Clustering | 296
Network Management and Monitoring | 296
Platform and Infrastructure | 296
VPN | 296
Known Behavior | 297
Application Firewall | 298
Chassis Clustering | 298
Flow-based and Packet-based Processing | 298
Interfaces and Chassis | 299
J-Web | 299
Unified Threat Management (UTM) | 299
User Firewall | 300
User Interface and Configuration | 300
Known Issues | 300
Authentication and Access Control | 301
Chassis Clustering | 301
Flow-Based and Packet-Based Processing | 301
Forwarding and Sampling | 303
General Routing | 303
J-Web | 303
Network Address Translation (NAT) | 304
Network Management and Monitoring | 304
Platform and Infrastructure | 304
Routing Policy and Firewall Filters | 305
System Logs | 305
Unified Threat Management (UTM) | 305
Upgrade and Downgrade | 305
10
User Interface and Configuration | 305
VPNs | 305
Resolved Issues | 306
Resolved Issues: 18.3R2 | 306
Resolved Issues: 18.3R1 | 312
Documentation Updates | 316
Migration, Upgrade, and Downgrade Instructions | 316
Upgrade and Downgrade Support Policy for Junos OS Releases and Extended End-Of-Life
Releases | 316
Product Compatibility | 317
Hardware Compatibility | 317
Upgrading Using ISSU | 319
Compliance Advisor | 319
Finding More Information | 319
Documentation Feedback | 320
Requesting Technical Support | 321
Self-Help Online Tools and Resources | 321
Opening a Case with JTAC | 322
Revision History | 322

Introduction

Junos OS runs on the following Juniper Networks®hardware: ACX Series, EX Series, M Series, MX Series,
NFX Series, PTX Series, QFabric systems, QFX Series, SRX Series, T Series, and Junos Fusion.
These release notes accompany Junos OS Release 18.3R2 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series, and Junos Fusion. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

Junos OS Release Notes for ACX Series

IN THIS SECTION
11
New and Changed Features | 12
Changes in Behavior and Syntax | 21
Known Behavior | 24
Known Issues | 25
Resolved Issues | 29
Documentation Updates | 32
Migration, Upgrade, and Downgrade Instructions | 33
Product Compatibility | 34
These release notes accompany Junos OS Release 18.3R2 for the ACX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

IN THIS SECTION
Release 18.3R2 New and Changed Features | 12
Release 18.3R1-S1 New and Changed Features | 12
Release 18.3R1 New and Changed Features | 13
This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for ACX Series Universal Metro Routers.

Release 18.3R2 New and Changed Features

12
There are no new features or enhancements to existing features for ACX Series Universal Metro Routers
in Junos OS Release 18.3R2.

Release 18.3R1-S1 New and Changed Features

IN THIS SECTION
Class of Service (CoS) | 13
Timing and Synchronization | 13
Class of Service (CoS)
Support for deep buffer and drop profiles (ACX5448)—Starting with Junos OS Release 18.3R1-S1,
ACX5448 router supports the use of external DRAM memory, along with its on-chip memory, for scheduling and queuing different virtual output queues (VOQs). ACX5448 router also supports different WRED profiles for configuring drop profiles for queues.
NOTE: ACX5448 router does not support buffering for IRB multicast traffic and therefore
CLIs for configuring multicast is not supported.
[See Configuring Shared and Dedicated Buffer Memory Pools.]
Timing and Synchronization
Support for PTP boundary clocks for phase and time synchronization (ACX5448)—Starting with Junos
OS Release 18.3R1-S1, ACX5448 router supports PTP boundary clocks for phase and time synchronization using IEEE-1588 Precision Timing Protocol (PTP). This feature also supports:
13
PTP over IPv4 (IEEE-1588v2)
PTP ordinary and boundary clocks
One step clock mode operation for PTP Master
10Mhz and 1PPS output for measurement purpose
NOTE: All PTP packets uses the best-effort queue instead of network control queue.
The ACX5448 router does not support the following:
Hybrid mode
Boundary clock performance complying to G.8273.2
Dual tagged PTP over IPv4
[See IEEE 1588v2 PTP Boundary Clock Overview.]

Release 18.3R1 New and Changed Features

IN THIS SECTION
Hardware | 14
Authentication, Authorization and Accounting | 14
Interfaces and Chassis | 15
Junos OS XML API and Scripting | 15
Junos Telemetry Interface | 15
Layer 2 Features | 17
MPLS | 18
Multicast | 18
OAM | 18
Routing Policy and Firewall Filters | 19
Routing Protocols | 19
Timing and Synchronization | 20
User Interface and Configuration | 20
VPN | 20
VLAN Infrastructure | 20
14
Hardware
New fixed-configuration universal metro router (ACX Series)—Starting in Junos OS Release 18.3R1,
the ACX6360 is a new fixed-configuration router that provides full IP/MPLS stack and secure packet optical transport convergence. It features a compact, 1U form factor that can perform as either a transponder or a router. It can supply either muxponder-like pass-through connection of client interface traffic to line optical interfaces or IP/MPLS routing services. The ACX6360 has 20 QSFP28 ports and 8 CFP2 ports. When the ACX6360 is configured as a router, the 20 QSFP28 ports can be configured as 10 Gbps, 40 Gbps, or 100 Gbps. When the ACX6360 is configured as a transponder, the 20 QSFP28 ports can be configured as 100 Gbps. The 8 CFP2 ports can be configured as 100 Gbps or 200 Gbps.
[See ACX6360 Documentation.]
Authentication, Authorization and Accounting
Support for password change policy enhancement (ACX Series)—Starting in Junos OS Release 18.3R1,
the Junos password change policy for local user accounts is enhanced to comply with certain additional password policies. As part of the policy improvement, you can configure the following:
minimum-character-changes—The number of characters by which the new password should be
different from the existing password.
minimum-reuse—The number of older passwords, which should not match the new password.
[See password.]
Interfaces and Chassis
Support for pre-FEC BER monitoring (ACX6360)—Starting in Junos OS Release 18.3R1, you can monitor
the condition of an OTN link on an ACX6360 router by using the pre-forward error correction (pre-FEC) bit error rate (BER). The ACX6360 router uses FEC to correct bit errors in the received data. As long as the pre-FEC BER is below the FEC limit, all bit errors are successfully identified and corrected and, therefore, no packet loss occurs. The router monitors the pre-FEC BER on each port, which provides an early indication of possible link degradation. By configuring an appropriate pre-FEC BER threshold and interval, you enable the ACX6360 router to take preemptive action before the FEC limit is reached.
[See Understanding Pre-FEC BER Monitoring and BER Thresholds.]
ACX6360 routers support router mode and transponder mode—Starting in Junos OS Release 18.3R1,
ACX6360 routers support two modes - optical router mode (chassis model: ACX6360-OR) and optical transponder mode (chassis model: ACX6360-OX). While the ACX6360 in optical router mode supports routing centric features, in optical transponder mode, the device functions as an optical transponder, which does not support the routing features. In optical transponder mode, up to 16 cross-connects are created between QSFP28 client ports and CFP2-DCO ports by default. To enable optical transponder mode, install the ACX-OX version of the Junos OS VM host image (ACX-OX) in the chassis. To enable optical router mode, install the ACX-OR version of the Junos OS VM host image (ACX-OR). You can use the Junos OS CLI command request vmhost software add to install the Junos VM host images.
15
[See Understanding Router Mode and Transponder Mode on ACX6360.]
Junos OS XML API and Scripting
Support for Python language for commit, event, op, and SNMP scripts (ACX5048 and ACX5096)—Starting
in Junos OS Release 18.3R1, you can author commit, event, op, and SNMP scripts in Python on devices that include the Python extensions package in the software image. Creating automation scripts in Python enables you to take advantage of Python features and libraries as well as leverage Junos PyEZ APIs to perform operational and configuration tasks on devices running Junos OS. To enable execution of Python automation scripts, which must be owned by either root or a user in the Junos OS super-user login class, configure the language python statement at the [edit system scripts] hierarchy level, and configure the filename for the Python script under the hierarchy level appropriate to that script type. Supported Python versions include Python 2.7.
[See Understanding Python Automation Scripts for Devices Running Junos OS.]
Junos Telemetry Interface
Support for the Junos Telemetry Interface (ACX6360, MX Series, and PTX Series)—Starting with Junos OS Release 18.3R1, Junos Telemetry Interface support is available for the ACX6360 Universal Metro Router and MX Series and PTX Series routers with a CFP2-DCO optics module that provides a high-density, long-haul optical transport network (OTN) transport solution with MAC capability.
You can provision sensors to export telemetry data to an outside collector.
The following native (UDP) and gRPC sensors can be provisioned for ET (100-Gigabit Ethernet) interfaces and OT interfaces:
/junos/system/linecard/optical
/junos/system/linecard/otn
To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC to specify telemetry parameters. For streaming through UDP, all parameters are configured at the [edit services analytics] hierarchy level. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module.
[See sensor (Junos Telemetry Interface), Configuring a Junos Telemetry Interface Sensor (CLI Procedure), and Guidelines for gRPC Sensors (Junos Telemetry Interface).]
Expanded physical interface queue and traffic statistics sensors for Junos Telemetry Interface (JTI) (ACX Series)—Starting with Junos OS Release 18.3R1, additional resource paths are added to stream
physical (IFD) statistics.
Prior to Junos OS Release 18.3R1, both traffic and queue statistics for physical interfaces (IFD) are sent out together using the resource path /interfaces for gRPC streaming (which is internally used to create /junos/system/linecard/interface/) or /junos/system/linecard/interface/ for UDP (native) sensors.
16
Now, traffic and queue statistics can be delivered separately. Doing so can reduce the reap time for non-queue data for platforms supporting Virtual Output Queues (VOQ).
The following UDP resource paths can be configured:
/junos/system/linecard/interface/ is the existing resource path (no change). Traffic and queue statistics
are sent together.
/junos/system/linecard/interface/traffic/ exports all fields except queue statistics.
/junos/system/linecard/interface/queue/ exports queue statistics.
The gRPC resource path /interfaces now has the following behavior:
In releases prior to Junos OS 18.3R1, it delivers all IFD traffic and queue statistics. In Junos OS 18.3R1
and higher, it delivers statistics in two sensors:
/junos/system/linecard/interface/traffic/ exports all fields except queue statistics.
/junos/system/linecard/interface/queue/ exports queue statistics.
To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC to specify telemetry parameters. For streaming through UDP, all parameters are configured at the [edit services analytics] hierarchy level. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).
[See sensor (Junos Telemetry Interface), Configuring a Junos Telemetry Interface Sensor (CLI Procedure), and Guidelines for gRPC Sensors (Junos Telemetry Interface).]
For exporting statistics using UDP native sensors, configure parameters at the [edit services analytics] hierarchy level.
Layer 2 Features
Support for Layer 2 RFC2544 reflection (ACX5448)—Starting with Junos OS Release 18.3R1, ACX5448
router supports the Layer 2 RFC2544 reflector functionality to reflect the test packets back to the network. This feature is useful for verifying the connectivity and fault isolation. It can be used for performance measurement where the RFC2544 feature functionality can loopback the packets to a measuring device. The RFC2544 feature functionality supports:
RFC2544 egress Layer 2 reflection functionality for family bridge.
Multiple RFC2544 reflection sessions.
Reflection on 1G/10G/40G/Ch10G/Ch25G/100G ports.
Ethernet Layer 2 frames to carry IP/UDP packets for RFC2544 reflection.
ACX5448 router do not support the following RFC2544 features:
Any interface in the bridge domain matching the bridge VLAN identifier is not supported.
17
Multiple simultaneous sessions with multiple VLAN bridges are not supported.
Multiple test sessions cannot exceed 100G bandwidth.
IPv6 reflection.
IPV6 filter support to identify the loopback stream.
RFC 2544 reflection functionality for family ccc (PWE reflection) and family inet (Layer 3 IPv4 reflection).
Reflection without MAC swap and MAC overwrite is not supported.
Reflection on ELINE/ELAN services.
[See RFC 2544-Based Benchmarking Tests Overview.]
MPLS
Support for MPLS fast reroute and unicast reverse path forwarding (ACX5448)—Starting with Junos
OS Release 18.3R1, ACX5448 router supports MPLS fast reroute (FRR) and unicast reverse-path forwarding (uRPF). Fast reroute provides redundancy for an LSP path. When you enable fast reroute, detours are precomputed and preestablished along the LSP. In case of a network failure on the current LSP path, traffic is quickly routed to one of the detours. Fast reroute protects traffic against any single point of failure between the ingress and egress routers (or switches).
A unicast reverse-path-forwarding (RPF) check is a tool to reduce forwarding of IP packets that might be spoofing an address. A unicast RPF check performs a route table lookup on an IP packet’s source address, and checks the incoming interface. The router determines whether the packet is arriving from a path that the sender would use to reach the destination. If the packet is from a valid path, the router forwards the packet to the destination address. If it is not from a valid path, the router discards the packet. Unicast RPF is supported for the IPv4 and IPv6 protocol families, as well as for the virtual private network (VPN) address family.
18
[See Fast Reroute Overview and Guidelines for Configuring Unicast RPF on ACX Series Routers.]
Multicast
Support for IPv6 multicast using Multicast Listener Discovery protocol (ACX5448)—Starting with Junos
OS Release 18.3R1, ACX5448 router supports IPv6 multicast using Multicast Listener Discovery (MLD) protocol. To support multicast data delivery, ACX5448 router supports MLD (version 1 and version 2) for forming group membership in IPv6 networks and Protocol Independent Multicast (PIM) version 6 to form IPv6 multicast delivery tree.
[See Understanding MLD, IPv6 Multicast Flow, and Enabling MLD.]
OAM
Support for Operations, Administration, and Management (ACX5448)—Starting with Junos OS Release
18.3R1, ACX5448 router supports the following Operations, Administration, and Management (OAM) feature standards:
IEEE Standard 802.1ag, also known as connectivity fault management (CFM).
ITU-T Recommendation Y.1731, which uses different terminology than IEEE 802.1ag and defines
Ethernet service OAM features for fault monitoring, diagnostics, and performance monitoring.
IEEE Standard 802.3ah for OAM link fault management (LFM).
The OAM feature in ACX5448 router includes support for maintenance endpoints (MEPs). MEPs can be up MEPs or down MEPs. A MEP can be configured to support continuity check message (CCM), loopback message, delay measurement, and synthetic loss message (SLM) message types. ACX5448 router also supports OAM for VPLS.
NOTE: ACX5448 router do not support maintenance association intermediate point (MIP).
[See Ethernet OAM Connectivity Fault Management and Understanding Ethernet OAM Link Fault
Management for ACX Series Routers.]
Routing Policy and Firewall Filters
Support for firewall filters and policers (ACX5448)—Starting with Junos OS Release 18.3R1, you can
configure firewall filters on packets (families such as bridge domain, IPv4, IPv6, CCC, MPLS, VPLS) based on packet match conditions with the support of external TCAM in ACX5448 router. Along with the match conditions, actions such as count, discard, log, syslog, policer are performed on the packets that match the filter. You can configure policers and attach them to a firewall term. This feature also supports configuring ARP policer, forwarding table filters, and policy-based routing.
This feature enables scaling the family filters of the firewall functionality in the ingress direction.
The following ingress family filters can be scaled based on the availability of external-tcam:
19
family ethernet-switching
family ccc
family inet
family inet6
family mpls
family vpls
The loopback (Lo0) filters, family any, and other module applications continue to use internal-tcam and can reach maximum of the internal-tcam.
[See Firewall Filter Match Conditions and Actions on ACX Series Routers Overview.]
Routing Protocols
Support for Virtual Router Redundancy Protocol (ACX5448)—Starting with Junos OS Release 18.3R1,
ACX5448 router supports Virtual Router Redundancy Protocol (VRRP) as per RFC 3798 VRRP version 2 and RFC 5798 VRRP version 3. ACX5448 router also supports configuring VRRP over aggregated Ethernet and integrated routing and bridging (IRB) interfaces.
The following limitations apply while configuring VRRP on ACX5448 router:
Configure a maximum of 16 VRRP groups.
Interworking of VRRP version 2 and VRRP version 3 is not supported.
VRRP delegate processing is not supported.
VRRP version 2 authentication is not supported.
[See Understanding VRRP.]
Timing and Synchronization
Support for frequency synchronization using synchronous Ethernet protocol (ACX5448)—Starting with
Junos OS Release 18.3R1, ACX5448 router supports frequency synchronization using synchronous Ethernet (SyncE) protocol, with ESMC support as per the ITU-T standard G.8262/G.8264. This feature also supports 10Mhz and PPS output for measurement purpose.
[See Clock Sources for ACX Series.]
User Interface and Configuration
Support for configuring the ephemeral database using the NETCONF and Junos XML protocols (ACX
Series)—Starting in Junos OS Release 18.3R1, NETCONF and Junos XML protocol client applications can configure the ephemeral configuration database. The ephemeral database provides a fast programmatic interface that enables multiple clients to simultaneously load and commit configuration changes on a device running Junos OS and with significantly greater throughput than when committing data to the candidate configuration database. The device’s active configuration is a merged view of the committed configuration database and the configuration data in all instances of the ephemeral configuration database. Ephemeral configuration data is volatile and is deleted upon rebooting the device.
20
[See Understanding the Ephemeral Configuration Database.]
VPN
Support for Layer 3 VPN and IPv6 VPN Provider Edge Router (6VPE) over MPLS (ACX5448)—Starting
with Junos OS Release 18.3R1, ACX5448 router supports Layer 3 VPN and IPv6 VPN provider edge router (6VPE) support over MPLS. Layer 3 VPNs are based on RFC 4364 that defines a mechanism by which service providers can use their IP backbones to provide VPN services to their customers. ACX5448 router, acting as a VPN provider edge router, provides IPv6 forwarding over MPLS. 6VPE adds IPv6 support to the current IPv4 MPLS by transporting IPv6 across MPLS core.
[See Understanding Layer 3 VPNs.]
VLAN Infrastructure
Support for VPLS features (ACX5448)—Starting with Junos OS Release 18.3R1, ACX5448 router supports
full-mesh VPLS domain deployment. ACX5448 router supports interworking of both BGP as well as LDP-based VPLS. BGP can be used only for auto-discovery of the VPLS PEs, while LDP signaling for VPLS connectivity.
The following VPLS configurations are supported:
VPLS domains
VLAN identifier and VLAN maps
MAC learning
Logical interface support
Control protocol support
Interworking of LDP and BGP VPLS
VCCV BFD support
Firewalls and filter support
[See Introduction to VPLS.]
SEE ALSO
Changes in Behavior and Syntax | 21
Known Behavior | 24
Known Issues | 25
Resolved Issues | 29
Documentation Updates | 32
21
Migration, Upgrade, and Downgrade Instructions | 33 Product Compatibility | 34

Changes in Behavior and Syntax

IN THIS SECTION
Junos OS XML, API, and Scripting | 22
Network Management and Monitoring | 22
Platform and Infrastructure | 22
Subscriber Management and Services | 23
This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 18.3R2 for the ACX Series routers.

Junos OS XML, API, and Scripting

MD5 and SHA-1 hashing algorithms are no longer supported for script checksums (ACX Series)—Starting
in Junos OS Release 18.3R1, Junos OS does not support configuring an MD5 or SHA-1 checksum hash to verify the integrity of local commit, event, op, SNMP, or Juniper Extension Toolkit (JET) scripts or support using an MD5 or SHA-1 checksum hash with the op url url key option to verify the integrity of remote op scripts.

Network Management and Monitoring

Junos OS does not support management of YANG packages in configuration mode (ACX Series)—Starting
in Junos OS Release 18.3R1, adding, deleting, or updating YANG packages using the run command in configuration mode is not supported.
The NETCONF server omits warnings in RPC replies when the rfc-compliant statement is configured
and the operation returns <ok/> (ACX Series)—Starting in Junos OS Release 18.3R2, when you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level to enforce certain behaviors by the NETCONF server, if the server reply after a successful operation includes both an <ok/> element and one or more <rpc-error> elements with a severity level of warning, the warnings are omitted. In earlier releases, or when the rfc-compliant statement is not configured, the NETCONF server might issue an RPC reply that includes both an <rpc-error> element with a severity level of warning and an <ok/> element.
22

Platform and Infrastructure

DMA recovery mechanism (ACX Series)—A recovery mechanism has been introduced that is triggered
in case the router enters an Idle state on any DMA channels. The recovery mechanism reboots the PFE to recover from Idle state.
The following recovery message is logged in the RE syslog message:
CHASSISD_FPC_ASIC_ERROR: <FPC 0> ASIC Error detected errorno 0x0000ffff FPC restart initiated
The following recovery message is logged in the PFE syslog message:
BCM DMA channel error detected Resetting the PFE

Subscriber Management and Services

DHCPv6 lease renewal for separate IA renew requests (ACX Series)—Starting in Junos OS Release
18.3R1, the jdhcpd process handles the second renew request differently in the situation where the DHCPv6 client CPE device does both of the following:
Initiates negotiation for both the IA_NA and IA_PD address types in a single solicit message.
Sends separate lease renew requests for the IA_NA and the IA_PD and the renew requests are received
back-to-back.
The new behavior is as follows:
1. When the reply is received for the first renew request, if a renew request is pending for the second address type, the client stays in the renewing state, the lease is extended for the first IA, and the client entry is updated.
2. When the reply is received for the second renew request, the lease is extended for the second IA and the client entry is updated again.
23
In earlier releases:
1. The client transitions to the bound state instead of staying in the renewing state. The lease is extended for the first IA and the client entry is updated.
2. When the reply is received for the second renew request, the lease is not renewed for the second address type and the reply is forwarded to the client. Consequently, when that lease ages out, the binding for that address type is cleared, the access route is removed, and subsequent traffic is dropped for that address or address prefix.
[See Using DHCPv6 IA_NA with DHCPv6 Prefix Delegation Overview.]
SEE ALSO
New and Changed Features | 12
Known Behavior | 24
Known Issues | 25
Resolved Issues | 29
Documentation Updates | 32
Migration, Upgrade, and Downgrade Instructions | 33 Product Compatibility | 34

Known Behavior

IN THIS SECTION
General Routing | 24
This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 18.3R2 for the ACX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

24
Upon classifying the Layer 3 packets, DSCP might not be preserved or lost at the egress due to the
limitations of the forwarding asic. PR1322142
The typical transponder propagates the pause frame received from client port to line port. For this Packet
Forwarding Engine transponder, this functionality is not supported. PR1371603
No new commit errors will be thrown when buffer-size temporal is configured along with shared-buffer
maximum. PR1371828
Telemetery infrastructure does not support interface filtering capability. Therefore, once you enable a
particular sensor for telemetry, it is turned-on for all the interfaces. PR1371996
For -et interfaces, only PRE_FEC_SD defect will be raised no OTN alarm will be raised. PR1371997
If you configure an invalid sandbox configuration, CCC functionality will break after reboot or upgrade.
Sandbox configuration is always done initially by default and you must not modify this configuration.
PR1373375
L2 rewrite on outgoing MPLS packets is not supported. PR1376001
When the system is commissioned first time after upgrade, root authentication configuration needs to
be entered. All the default cross-connect configurations done by the script is not saved in configuration till system root authentication configuration is entered. This is a Junos OS product feature. So, if user displays the cross-connect configuration before configuring root authentication then cross-connect configuration would not be visible. Current product limitations are: 1. System root authentication configuration is needed after system is commissioned prior to the init script run otherwise the cross connect installation might fail. 2. If the existing CCC configurations (user defined cross connects) are different than the defaults, the configurations might be lost and will be replaced by default cross-connects after the software upgrade. 3. Software upgrade needs no-validate option during installation. PR1376780
The static-cak encryption does not work between two ACX-OX transponder nodes. PR1389802
For the ACX6360 TIC we only have 8 CFP2-DCO ports so chassis beacon show/requests to ports larger
than 7 will not work (as the ports do not exist) but will also not report an error. user@host> request chassis beacon fpc 0 pic-slot 1 port 15 on FPC 0 PIC 1 PORT 15 ON user@host> show chassis beacon fpc 0 pic-slot 1 port-range lower-limit 0 upper-limit 15 FPC 0 PIC 1 PORT 0 ON FPC 0 PIC 1 PORT 1 ON FPC 0 PIC 1 PORT 2 ON FPC 0 PIC 1 PORT 3 ON FPC 0 PIC 1 PORT 4 ON FPC 0 PIC 1 PORT 5 ON FPC 0 PIC 1 PORT 6 ON FPC 0 PIC 1 PORT 7 ON FPC 0 PIC 1 PORT 8 ON FPC 0 PIC 1 PORT 9 ON FPC 0 PIC 1 PORT 10 OFF FPC 0 PIC 1 PORT 11 OFF FPC 0 PIC 1 PORT 12 OFF FPC 0 PIC 1 PORT 13 OFF FPC 0 PIC 1 PORT 14 OFF FPC 0 PIC 1 PORT 15 ON. PR1399335
The policers applied in IRB will work appropriately when the member links of an aggregated Ethernet
interface is in the same core file applied in the aggregated Ethernet interface. The physical interface might generate a core file mapping: xe-0/0/0 -to- xe-0/0/23 -> CORE 0 xe-0/0/24 -to- xe-0/0/47 -> CORE 1 et-0/1/0 -> CORE 1 et-0/1/1 -> CORE 1 et-0/1/2 -> CORE 0 et-0/1/3 -> CORE 0. The policers applied in IRB will work appropriately when the member links of a bridge domain (BD) is in the same core file. PR1403315
If user configures an invalid speed configuration on TIC ports (PIC slot 1) on ACX6360-OR or
ACX6360-OX, the TIC interfaces are not created. PR1403546
25
SEE ALSO
New and Changed Features | 12
Changes in Behavior and Syntax | 21
Known Issues | 25
Resolved Issues | 29
Documentation Updates | 32
Migration, Upgrade, and Downgrade Instructions | 33 Product Compatibility | 34

Known Issues

IN THIS SECTION
General Routing | 26
Interfaces and Chassis | 28
Layer 2 Features | 28
MPLS | 28
This section lists the known issues in hardware and software in Junos OS Release 18.3R2 for the ACX Series Universal Metro Routers.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

When the ACX2100 and ACX2200 are used as ingress PE routers for L2 circuit connections, and the
PE-CE interface (UNI) is an aggregated Ethernet interface, then upon MPLS path switchover, the traffic might be silently dropped or discarded. PR1194551
26
Enhancement of logical interface scale beyond 1000 on ACX5000 platform is not available in mainline
release starting from Junos OS Release 17.1 and later. PR1229492
On ACX5448 routers, when 1-Gigabit SFP is plugged in the router, autonegotiation is enabled by default.
There is no functional impact. Only the CLI show interfaces <intf-name> extensive command output shows the autonegotiation field as disabled. PR1343679
There is a conflict when an LACP packet come in an untagged/prio-tagged VPLS logical interface. In the
earlier stage of the pipeline, filter entry to snoop an LACP packet takes higher precedence over filter entry to assign SVP/SrcG port for the untagged/prio-tagged VPLS logical interface. Since the "interface-specific/input-list" firewall matches SVP/SrcGport in the later stage of the pipeline, the LACP packets are not hitting the firewall. PR1346380
The logical interface classifier information should not be shown in the output of the show class-of-service
interface <ifd> on the ACX5000 line. PR1353828
On an ACX5448 chassis with loss priority configured as medium-low or medium-high, the rewrite rule
gets applied for loss priority low. PR1358721
Remote fault signalling is not supported for 1-Gigabit fiber SFP during autonegotiation. The following
cosmetic log errors are seen for show interfaces extensive command. Link partner: Link mode: Full-duplex, Flow control: None, Remote fault: Down, Reason: Link partner offline. RFI ignored since AN is in default mode. PR1362490
Dedicated minimum buffers are reserved for some queues according to the Junos OS working model.
These buffers are always available to those queues irrespective of the traffic pattern throughout the system. When the clearing stat statement is used, these values are visible. This cosmetic or minor issue has no functional impact. PR1367978
Because of a race condition, in which the class-of-service configuration request for an interface is
received before the e1-interface is created, a circuit with specified class-of-service parameters is created. Because of this, the interface creation fails, resulting in traffic not flowing on the e1-interface and then (if e1-interfaces are further disabled or enabled) a core file is generated. PR1378747
The dedicated buffer for bytes/packets sometimes exceeds the maximum threshold value under the
show class-of-service packet-buffer usage command output. As per DNX architecture, reserved buffer is not limited to the OCB buffer limit (16 MB), so whenever the buffer goes beyond 16 MB, DNX punts the packet to the DRAM instead of dropping it. This is as per design or behavior. PR1379713
Host bound traffic might be affected and lt interface might go down in ACX Series routers. PR1382166
When packets are sent from Layer 2 to Layer 2 and when you apply MF classifier, all packets are put
into the correct queue on the egress interface but they are dropped. As a workaround, avoid the loss-priority high action in the firewall filters (MF classifiers). PR1388731
On the ACX5000 line, in Junos OS Release 17.3 and later releases, the Packet Forwarding Engine syslog
frequently shows the following error message: acx_cos_tcp_bind_queues:736 parent acx_cos_tcp_ifd for ifd:ae0 doesn't exist for ifl:549. In Junos OS Release 17.3R3-S1, the error logs appear only from time
to time, and this can be related with to an interface flap. In Junos OS Release 18.1R3, the logs appear constantly, without any interface flap. PR1392088
27
Explicit swap-push map operations are now introduced on VPLS logical interfaces in ACX5000. This is
already supported as part of implicit map operations or routing instance-level configurations. PR1398118
A jnxIfOtnOperState trap notification is sent for all ot-interfaces. This is a day-1 issue. PR1406758
Policer discarded packets are marked in black color (black is color-internal to hardware pipeline). Black
color is used to discard the packets in the pipeline. These packets are not really enqueued into the queues (VoQs) in hardware. The hardware queue statistics shows the packets as discarded. However, both actual-enqueued and the discarded counts are shown as queue statistics in software. This is a software queue statistics show issue. PR1414887
Packets transmitted in a queue are not as expected when testing IEEE-802.1ad inner classifier at the
ingress and IEEE-802.1ad rewrite at the egress with various events. PR1422515
Copying images from WAN interface to Routing Engine of ACX5448 router takes long time. PR1422544

Interfaces and Chassis

When an unnumbered interface is binding to an interface that has more than one IP address and one of
the IP addresses is deleted, the family inet of the unnumbered interface might be deleted. The issue results in traffic loss for all the services that rely on the family inet of the unnumbered interface. Configuring preferred-source-address on the unnumbered interface will prevent deletion of the IP address thereby avoiding the deletion of the family inet of the unnumbered interface. PR1412534

Layer 2 Features

On Junos OS ACX5000, on the interfaces where LLDP is disabled (commit) and there is a change on an
interface in the next commit, the l2cpd sends the message to disable LLDP on all the interfaces to the kernel. The kernel then tries to remove the implicit filters, which return ENOENT, since the entries are disabled during the first commit. PR1400606

MPLS

28
Packets transmitted in a queue are not as expected when testing IEEE-802.1ad inner classifier at the
ingress and IEEE-802.1ad rewrite at the egress with various events. PR1432138
SEE ALSO
New and Changed Features | 12
Changes in Behavior and Syntax | 21
Known Behavior | 24
Resolved Issues | 29
Documentation Updates | 32
Migration, Upgrade, and Downgrade Instructions | 33 Product Compatibility | 34

Resolved Issues

IN THIS SECTION
Resolved Issues: 18.3R2 | 29
Resolved Issues: 18.3R1 | 31
This section lists the issues fixed in the Junos OS main release and the maintenance releases for the ACX Series routers.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
29

Resolved Issues: 18.3R2

Class of Service
Error message STUCK_BUFF : port_sp not empty for port 35 sp 1 pkts:1 is seen when a lag bundle is
configured with 64 lag links. PR1346452
General Routing
10G interface fault detection behavior changed. PR1223457
ACX Series routers supports dual-tagged and untagged packets Layer 3 traffic. PR1307666
Port XE-0/3/0 did not come up. PR1328207
ARP request is getting dropped and not forwarded to the NNI interface queue when the CoS configuration
has temporal buffer size. PR1363153
On ACX5000 routers, the log message fpc0 (acx_rt_ip_uc_lpm_install:LPM route add failed) Reason :
Invalid parameter is seen after configuring lpm-profile. PR1365034
VPLS with vlan-id-list does not work when the link between a PE device and a CE device is an aggregated
Ethernet interface with a single member link and child physical interface flap. PR1365894
LIBCOS_COS_TVP_FC_INFO_NOT_FOUND: Forwarding-class information not specified prints while
commit on configuration prompt. PR1376665
The fxpc might crash after an interface is changed on ACX5000 line of routers. PR1378155
On ACX5448 routers, channelized 25-Gbps et-interfaces might not come up after chassis-control restart.
PR1379288
The L2 circuit might stop forwarding traffic when one core interface flaps. PR1381487
On ACX6360 routers, the timestamp is incorrect for BER statistics after clearing. PR1386253
The request chassis beacon CLI command is not working for pic-slot 1 (that is, CFP2 ports). PR1386711
On ACX5448 routers, 100-Gbps link FEC is enabled by default on 100-Gbps LR4. PR1389518
On ACX Series platforms, the forwarding-option dhcp-relay forward-only statement stops working and
the DHCP packets are dropped. PR1392261
Certain builds of Junos OS do not allow you to upgrade or commit configuration changes when the SI
service interface is used. PR1393729
On ACX Series routers, the MTU is not properly applied and the output of ping mpls l2circuit sweep is
giving lower values than expected. PR1393947
ACX Series routers do not support the physical-interface-filter command in egress direction for any
filters. It supports the interface-specific command only. PR1395362
On ACX5048 routers, the RPM RFC2544-benchmarking test fails to start. PR1395730
Error message ACX_PFE_ERROR: dnx_cfm_bd_endpoint_create: Failed to destroy the remote endpoint,
Endpoint id 0x2001001, Entry not found is logged. PR1397878
30
CFM adjacency is not going down with distinct intervals. PR1397883
Error message ACX_ASIC_PROGRAMMING_ERROR: dnx_cfm_bd_endpoint_create: Failed to create
the local endpoint Invalid parameter has been logged on peer node. PR1397951
Output packet error Count is incrementing on 40-Gigabit Ethernet and 100-Gigabit Ethernet ports.
PR1398270
High jsd or na-grpcd CPU usage might be seen even if JET or JTI is not used. PR1398398
Dynamic tunnel is not supported on ACX Series routers. PR1398729
On ACX5448 routers, it is not possible to configure bridge domain (BD) more than 1024, using 100-Gigabit
and aggregated Ethernet interface in bridge domain (BD). PR1399214
FPC might crash after offline/online of MIC-3D-16CHE1-T1-CE-H. PR1402563
ACX5448 supports TrTCM policer configuration parameters as per RFC4115. PR1405798
ACX Series routers drop DNS responses that contain an underscore. PR1410062
The aggregated Ethernet interface TWAMP history statistics verification on client is not getting expected
Request Timed Out error. PR1411344
Number of inet-arp policers implemented on ACX5000 has been increased from 16 to 64. PR1413807
Swap memory is not initialized on boot on ACX5048. PR1415898
Services Applications
The spd might crash when any-ip is configured in the from clause of the NAT rule with the static
translation type. PR1391928

Resolved Issues: 18.3R1

General Routing
Several error logs are seen on ACX5048 router when the link in the primary path of LSP is flapped.
PR1204714
A wrong packet statistics is reported in ifHCInUcastPkts OID. PR1306656
With auto-installation usb configured, interface related commits might not take effect due to dcd error.
PR1327384
CoS is wrongly applied on the Packet Forwarding Engine leading to egress traffic drop. PR1329141
The aggregated Ethernet load balancing based on layer 4 information is not working if ports are in
different cores of hardware. PR1332448
31
The DHCP negotiations might fail and eventually cause outage if scaling number of DHCP clients reboot
at the same time. PR1335957
The ARP-reply packet might be dropped in a l2-circuit secondary path when using IEEE-802.1 classifier.
PR1341126
NAT might not work and the spd might crash. PR1346546
On the ACX5448 router, DHCP bindings are not received for both DHCP v4 and v6 as RIO is dropping
the DHCP Packets. PR1347906
The fxpc process might crash on the Packet Forwarding Engine due to the show pfe context_vlan
command. PR1349721
The required number of the IGMP SNOOPING Membership reports are not received on ACX5448 router.
PR1351422
DHCP Bindings are not received for both DHCP v4 and v6 as ACX5448 router is dropping the DHCP
Packets on aggregated Ethernet interfaces. PR1353887
On ACX routers, the ARP policer for logical interfaces is not working. PR1356170
ACX is wrongly allowing to configure higher values in burst-size-limit than what the hardware can
support. PR1361482
FEC PM error counters are accumulating instead of resetting after a bin rollover. PR1363270
An ACK5000 routers, IPsec SA as OSPFv3 authentication is not working in Junos OS Releases 16.2R2
and 17.3R2. PR1363487
The show chassis hardware commands display inconsistent values for PEMs and fans. PR1364224
The 'commit' or 'commit check' operations might fail due to the cannot have lsp-cleanup-timer without
lsp-provisioning error. PR1368992
Layer 2 Ethernet Services
DHCPv6 relay ignores replies from the server when renewing. PR1354212
SEE ALSO
New and Changed Features | 12
Changes in Behavior and Syntax | 21
Known Behavior | 24
Known Issues | 25
Documentation Updates | 32
32
Migration, Upgrade, and Downgrade Instructions | 33 Product Compatibility | 34

Documentation Updates

There are no errata or changes in Junos OS Release 18.3R2 for the ACX Series documentation.
SEE ALSO
New and Changed Features | 12
Changes in Behavior and Syntax | 21
Known Behavior | 24
Known Issues | 25
Resolved Issues | 29
Migration, Upgrade, and Downgrade Instructions | 33 Changes in Behavior and Syntax | 245

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION
Upgrade and Downgrade Support Policy for Junos OS Releases | 33
This section contains the upgrade and downgrade support policy for Junos OS for the ACX Series Router. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.
For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

33
Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1,
17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.
You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see
https://www.juniper.net/support/eol/junos.html.
For information about software installation and upgrade, see the Installation and Upgrade Guide.
SEE ALSO
New and Changed Features | 12
Changes in Behavior and Syntax | 21
Known Behavior | 24
Known Issues | 25
Resolved Issues | 29
Documentation Updates | 32 Product Compatibility | 34

Product Compatibility

IN THIS SECTION
Hardware Compatibility | 34
34

Hardware Compatibility

To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.
To determine the features supported on ACX Series routers in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at https://apps.juniper.net/feature-explorer/.
Hardware Compatibility Tool
For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.
SEE ALSO
New and Changed Features | 12
Changes in Behavior and Syntax | 21
Known Behavior | 24
Known Issues | 25
Resolved Issues | 29
Documentation Updates | 32 Migration, Upgrade, and Downgrade Instructions | 33

Junos OS Release Notes for EX Series Switches

IN THIS SECTION
New and Changed Features | 35
Changes in Behavior and Syntax | 49
Known Behavior | 52
Known Issues | 56
Resolved Issues | 61
Documentation Updates | 69
Migration, Upgrade, and Downgrade Instructions | 69
Product Compatibility | 71
35
These release notes accompany Junos OS Release 18.3R2 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

IN THIS SECTION
Release 18.3R2 New and Changed Features | 36
Release 18.3R1 New and Changed Features | 36
This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for the EX Series.
NOTE: The following EX Series switches are supported in Release 18.3R2: EX2300, EX3400,
EX4300, EX4600-40F, EX4650, EX9200, EX9204, EX9208, EX9214, EX9251, and EX9253.

Release 18.3R2 New and Changed Features

There are no new features or enhancements to existing features for EX Series switches in Junos OS
Release 18.3R2.

Release 18.3R1 New and Changed Features

IN THIS SECTION
Hardware | 37
36
Authentication, Authorization and Accounting (AAA) (RADIUS) | 37
Class of Service (CoS) | 38
EVPNs | 38
General Routing | 38
Interfaces and Chassis | 39
Junos Telemetry Interface | 40
Layer 2 Features | 42
MPLS | 43
Multicast | 44
Network Management and Monitoring | 45
Operation, Administration, and Maintenance (OAM) | 46
Port Security | 47
Restoration Procedures and Failure Handling | 47
Security | 47
Software Installation and Upgrade | 48
System Management | 48
Hardware
EX4650-48Y switches—Starting with Junos OS Release 18.3R1, the EX4650-48Y switch is available as
a fixed-configuration switch with the following built-in ports:
Forty-eight 25-Gigabit Ethernet ports that can operate at 1-Gbps, 10-Gbps, or 25-Gbps speed and
support SFP, SFP+, or QSFP28 transceivers.
Eight 100-Gigabit Ethernet ports that can operate at 40-Gbps or 100-Gbps speed and support QSFP+
or QSFP28 transceivers. When these ports operate at 40-Gbps speed, you can configure four 10-Gbps interfaces and connect breakout cables, increasing the total number of supported 10-Gbps ports to
80. When these ports operate at 100-Gbps speed, you can configure four 25-Gbps interfaces and connect breakout cables, increasing the total number of supported 25-Gbps ports to 80.
A total of four models are available: two featuring AC power supplies and front-to-back or back-to-front airflow and two featuring DC power supplies and front-to-back or back-to-front airflow.
[See EX4650 Documentation.]
Authentication, Authorization and Accounting (AAA) (RADIUS)
37
802.1X authentication on trunk ports (EX Series)—Starting with Junos OS Release 18.3R1, 802.1X
authentication can be enabled on trunk ports. Authentication on the trunk port is supported only in single supplicant and single-secure supplicant modes.
Multi-domain authentication (EX Series)—Starting with Junos OS Release 18.3R1, multidomain
authentication is supported on EX Series switches. Multidomain authentication is an extension of multiple supplicant mode for 802.1X authentication, and allows one VoIP client and multiple data clients to authenticate to different VLANs while on the same port.
[See Understanding 802.1X and VoIP on EX Series Switches.]
Disable LLDP TLVs (EX2300 and EX3400 switches)—Starting in Junos OS Release 18.3R1, you can
disable specific or all nonmandatory time, length, and value (TLV) messages from being advertised by the Link Layer Discovery Protocol (LLDP) or Link Layer Discovery Protocol—Media Endpoint Discovery (LLDP-MED).
[See LLDP Overview.]
Support for password change policy enhancement (EX Series)—Starting in Junos OS Release 18.3R1,
the Junos password change policy for local user accounts is enhanced to comply with certain additional password policies. As part of the policy improvement, you can configure the following:
minimum-character-changes—The number of characters by which the new password should be
different from the existing password.
minimum-reuse—The number of older passwords, which should not match the new password.
[See password.]
Class of Service (CoS)
Support for CoS on EX4650 switches (EX4650)—Starting in Junos OS Release 18.3R1, the EX4650
switch supports CoS functionality. CoS is the assignment of traffic flows to different service levels. You can use CoS features to define service levels that provide different delay, jitter (delay variation), and packet loss characteristics to ensure quality of service (QoS) to particular applications served by specific traffic flows across the network.
Compared to CoS functionality on EX4600 switches, EX4650 switches provide significantly more buffer memory (32 MB), but do not support hierarchical scheduling or ETS. The EX4650 also supports eight unicast and two multicast queues.
[See CoS Support on QFX Series Switches, EX4600 Line of Switches, and QFabric Systems.]
EVPNs
EVPN P2MP bud node support (EX9200)—Starting in Junos OS Release 18.3R1, Junos OS supports
configuring a point-to-multipoint (P2MP) label-switched path (LSP) as a provider tunnel on a bud node. The bud node functions both as an egress node and a transit node.
To enable a bud node to support P2MP LSP, include the evpn p2mp-bud-support statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level.
38
[See Configuring Bud Node Support.]
General Routing
Layer 3 unicast features (EX4650)—Starting with Junos OS Release 18.3R1, the following Layer 3 unicast
features are supported:
Static routing, ping, and traceroute (IPv4, IPv6)
OSPFv2 (IPv4) and OSPFv3 (IPv6)
RIPv2
BGP (IPv4, IPv6), BGP 4-byte ASN support, and BGP multipath
MBGP (IPv4)
IS-IS (IPv4, IPv6)
BFD (for RIP, OSPF, IS-IS, BGP, PIM)
Unicast reverse path forwarding (RPF)
Filter based forwarding (FBF)
IP directed broadcast traffic forwarding
IPv4 over GRE
Virtual router redundancy protocol (VRRP)
VRRPv3 (IPv6)
Neighbor Discovery Protocol (IPv6)
Path MTU discovery
IPv6 class of service—Behavior aggregate (BA) classifiers, multifield (MF) classifiers and rewrite rules,
traffic-class scheduling)
IPv6 stateless address autoconfiguration
Equal-cost multipath (ECMP)—32-way
VXLAN Layer 3 gateway
MPLS over UDP
Virtual router (VRF-lite) IS-IS, RIP, OSPF, BGP
Interfaces and Chassis
Multichassis link aggregation group (MC-LAG) (EX4650 switches)—Starting with Junos OS Release
18.3R1, MC-LAG enables a client device to form a logical LAG interface using two switches. MC-LAG
provides redundancy and load balancing between the two switches, multihoming support, and a loop-free Layer 2 network without running Spanning Tree Protocol (STP).
39
On one end of an MC-LAG is an MC-LAG client that has one or more physical links in a LAG. This client does not need to detect the MC-LAG. On the other side of the MC-LAG are two MC-LAG switches. Each of these switches has one or more physical links connected to a single client. The switches coordinate with each other to ensure that data traffic is forwarded properly.
To configure an MC-LAG, include the following statements:
mc-ae statement at the [edit interfaces interface-name aggregated-ether-options] hierarchy level
iccp statement at the [edit protocols] hierarchy level
multi-chassis statement at the [edit] hierarchy level
[See Multichassis Link Aggregation Features, Terms, and Best Practices.]
Resilient hashing support for link aggregation groups and equal cost multipath routes (EX4650
switches)—Starting with Junos OS Release 18.3R1, resilient hashing is supported by link aggregation groups (LAGs) and equal cost multipath (ECMP) sets on EX4650 switches. A LAG combines Ethernet interfaces (members) to form a logical point-to-point link that increases bandwidth, provides reliability, and allows load balancing. Resilient hashing enhances LAGs by minimizing destination remapping when a new member is added to or deleted from the LAG. Resilient hashing works in conjunction with the default static hashing algorithm. It distributes traffic across all members of a LAG by tracking the flow’s LAG member utilization. When a flow is affected by a LAG member change, the Packet Forwarding Engine (PFE) rebalances the flow by reprogramming the flow set table. Destination paths are remapped when a new member is added to or existing members are deleted from a LAG. Resilient hashing applies only to unicast traffic and supports a maximum of 1024 LAGs, with each group having a maximum of 256 members. An ECMP group for a route contains multiple next-hop equal cost addresses for the same destination in the routing table. (Routes of equal cost have the same preference and metric values.)
Junos OS uses a hash algorithm to choose one of the next-hop addresses in the ECMP group to install in the forwarding table. Flows to the destination are rebalanced using resilient hashing. Resilient hashing enhances ECMPs by minimizing destination remapping when a new member is added to or deleted from the ECMP group.
[See Understanding the Use of Resilient Hashing to Minimize Flow Remapping in Trunk/ECMP Groups.]
Channelizing Interfaces on EX4650-48Y Switches—On the EX4650-48Y switch, there are a total of 56
ports. Of these 56 ports, 8 ports (labeled 48 through 56) are uplink ports that support 100-Gigabit Ethernet interfaces (QSFP28 ports) and 40-Gigabit Ethernet interfaces(QSFP+ ports). The other 48 ports (labeled 0 through 47) are SFP+ ports that support 25-Gigabit Ethernet interfaces or 10-Gigabit Ethernet interfaces. The default speed for the SFP+ ports is 10 Gbps.
Starting with Junos OS Release 18.3R1, you can channelize the 100-Gigabit Ethernet interfaces to four independent 25-Gigabit Ethernet interfaces. The default 100-Gigabit Ethernet interfaces can also be configured as 40-Gigabit Ethernet interfaces, and in this configuration can either operate as dedicated 40-Gigabit Ethernet interfaces, or can be channelized to four independent 10-Gigabit Ethernet interfaces using breakout cables on the EX4650-48Y switch.
40
NOTE: The uplink ports on the EX4650-48Y switches support auto-channelization.
If you have disabled auto-channelization, then to channelize the ports, manually configure the port speed using the set chassis fpc slot-number port port-number channel-speed speed command, where the speed can be set to 10G or 25G. If a 100-Gigabit Ethernet transceiver is connected, you can only set the speed to 25G. For the SFP+ ports, you can set the speed to 25G or 1G. There is no commit check for this, however.
NOTE: You cannot configure channelized interfaces to operate as Virtual Chassis ports.
[See Channelizing Interfaces on Switches.]
Junos Telemetry Interface
Routing Engine and Packet Forwarding Engine sensors for the Junos Telemetry Interface (EX4650 and QFX5120-48Y switches)—Starting with Junos OS Release 18.3R1, Routing Engine and Packet Forwarding
Engine statistics are supported through the Junos Telemetry Interface on EX4650 and QFX5120-48Y switches with the same level of support found on QFX5100 switches using Junos OS Release 18.1R1.
The following Routing Engine statistics are supported through JTI:
LACP state export
Chassis environmentals export
Network discovery chassis and components
LLDP export and LLDP model
BGP peer information (RPD)
RSVP interface export
RPD task memory utilization export
LSP event export
Network Discovery ARP table state
Network Discovery NDP table state
The following Packet Forwarding Engine statistics are supported through JTI:
Congestion and latency monitoring
Logical interface
Filter
Physical interface
41
LSP
NPU/LC memory
Network Discovery NDP table state
Only gRPC streaming is supported.
To provision the sensor to export data through remote procedure call (gRPC), use the telemetrySubscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module.
[See Guidelines for gRPC Sensors (Junos Telemetry Interface).]
Expanded physical interface queue and traffic statistics sensors for Junos Telemetry Interface (JTI) (PTX, MX, EX, QFX, ACX)—Starting with Junos OS Release 18.3R1, additional resource paths are added
to stream physical (IFD) statistics.
Prior to Junos OS Release 18.3R1, both traffic and queue statistics for physical interfaces (IFD) are sent out together using the resource path /interfaces for gRPC streaming (which is internally used to create /junos/system/linecard/interface/) or /junos/system/linecard/interface/ for UDP (native) sensors.
Now, traffic and queue statistics can be delivered separately. Doing so can reduce the reap time for non-queue data for platforms supporting Virtual Output Queues (VOQ).
The following UDP resource paths can be configured:
/junos/system/linecard/interface/ is the existing resource path (no change). Traffic and queue statistics
are sent together.
/junos/system/linecard/interface/traffic/ exports all fields except queue statistics.
/junos/system/linecard/interface/queue/ exports queue statistics.
The gRPC resource path /interfaces now has the following behavior:
In releases prior to Junos OS 18.3R1, it delivers all IFD traffic and queue statistics. In Junos OS 18.3R1
and higher, it delivers statistics in two sensors:
/junos/system/linecard/interface/traffic/ exports all fields except queue statistics.
/junos/system/linecard/interface/queue/ exports queue statistics.
To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC to specify telemetry parameters. For streaming through UDP, all parameters are configured at the [edit services analytics] hierarchy level. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).
[See sensor (Junos Telemetry Interface), Configuring a Junos Telemetry Interface Sensor (CLI Procedure), and Guidelines for gRPC Sensors (Junos Telemetry Interface).]
For exporting statistics using UDP native sensors, configure parameters at the [edit services analytics] hierarchy level.
42
Layer 2 Features
Layer 2 unicast features (EX4650 switches)—Starting with Junos OS Release 18.3R1, the following Layer
2 unicast features are supported:
802.1Q VLAN trunking
P-VLAN
IRB
Layer 3 Vlan-tagged logical interfaces
4096 VLANs
MAC address filtering
MAC address aging configuration
Static MAC address assignment for interfaces
Per-VLAN MAC learning (limit)
MAC learning disable
Persistent MAC (sticky MAC)
Q-in-Q tag manipulation
MAC address limit per port
MAC limiting
MAC limiting per port, per VLAN
MAC move limiting
P-VLAN on Q-in-Q
802.1D
802.1w (RSTP)
802.1s (MST)
BPDU protection
Loop protection
Root protection
VSTP
RSTP and VSTP running concurrently
Link aggregation (static and dynamic) with LACP (fast and slow LACP)
43
LLDP
Multiple VLAN Registration Protocol (802.1ak)
[See Ethernet Switching User Guide.]
Layer 2 unicast features (EX4650 switches)—Starting with Junos OS Release 18.3R1, you can use the
Unified Forwarding Table (UFT) feature to allocate forwarding table resources to optimize the memory available for different address types based on the needs of your network. You can choose to allocate a higher percentage of memory for one type of address or another.
[See Understanding the Unified Forwarding Table.]
MPLS
MPLS support (EX4650)—Starting with Junos OS Release 18.3R1, the following MPLS features are
supported:
LDP (tunneling over RSVP, targeted LDP, LDP over RSVP)
RSVP-TE
TE++ container LSPs
Automatic bandwidth allocation on LSPs
IPv6 tunneling over an MPLS IPv4 network (6PE and 6VPE)
Ethernet-over-MPLS (L2 circuit)
Layer 3 VPN
Carrier-of-carrier VPNs
ECMP routing
Segment routing
EVPN-VXLAN
MPLS over IRB interfaces
VRF support in IRB Interfaces
[See MPLS Feature Support on QFX Series and EX4600 Switches.]
Multicast
IGMP snooping with private VLANs (EX4300 switches and EX4300 Virtual Chassis)—Starting in Junos
OS Release 18.3R1, EX4300 switches and EX4300 Virtual Chassis support IGMP snooping with private VLANs (PVLANs). A PVLAN consists of secondary isolated and community VLANs configured within a primary VLAN. Without IGMP snooping support on the secondary VLANs, multicast streams received on a primary VLAN are flooded to the secondary VLANs. This feature extends IGMP snooping on a primary VLAN to its secondary VLANs, which further constrains multicast streams only to interested receivers on PVLANs. When IGMP snooping is enabled on a primary VLAN, it is implicitly enabled on all secondary VLANs, and the secondary VLANs learn the multicast group information on the primary VLAN.
44
NOTE: Ports in a secondary VLAN cannot be used as IGMP multicast router interfaces.
Secondary VLANs can receive multicast data streams ingressing on promiscuous trunk ports or inter-switch links acting as multicast router interfaces.
[See IGMP Snooping Overview.]
Multicast VLAN registration (MVR) (EX4300 switches and EX4300 Virtual Chassis)—Starting in Junos
OS Release 18.3R1, EX4300 switches and EX4300 Virtual Chassis support multicast VLAN registration (MVR). MVR efficiently distributes IPTV multicast streams across an Ethernet ring-based Layer 2 network, reducing the bandwidth required for this traffic by using a multicast VLAN (MVLAN) over which multicast traffic is forwarded to interested listeners on other VLANs that are configured as MVR receiver VLANs. You can configure MVR at the [edit protocols igmp-snooping vlan vlan-name data-forwarding] source and receiver hierarchy levels, and use the show igmp snooping data-forwarding CLI command to view configured MVLAN and MVR receiver VLAN associations.
[See Understanding Multicast VLAN Registration.]
Layer 3 multicast features (EX4650)—Starting with Junos OS Release 18.3R1, the following Layer 3
multicast features are supported:
IGMP version 1 (IGMPv1), version 2 (IGMPv2), and version 3 (IGMPv3)
IGMP filtering
PIM sparse mode (PIM-SM)
PIM dense mode (PIM-DM)
PIM source-specific multicast (PIM-SSM)
MSDP
IGMP and PIM are also supported on virtual routers.
[See Multicast Overview.]
Layer 2 multicast features (EX4650)—Starting with Junos OS Release 18.3R1, the following Layer 2
multicast features are supported:
IGMP snooping for IGMPv1, IGMPv2, and IGMPv3
IGMP proxy
IGMP querier
IGMP snooping is also supported on virtual routers.
[See Multicast Overview.]
Network Management and Monitoring
45
Customized MIBs for sending custom traps based on syslog events (EX Series)—Starting in Junos OS
Release 18.3R1, there is a process whereby customers can define their own MIBs for trap notifications. The customized MIB maps a particular error message with a custom OID rather than a generic one. Juniper Networks provides two new MIB roots reserved for customer MIBs, one for the custom MIB modules and the other for the trap notifications. For this process, you must convert the MIB to YANG format, and a tool is available for that.
[See Customized SNMP MIBs for Syslog Traps.]
MIB support for media attachment unit (MAU) information (EX2300, EX3400, and EX4300 switches)—As
of Junos OS Release 18.3R1, remote agents can use SNMP to gather information about media attachment units (MAUs) connected to switches. These switches will populate the Entity (RFC 4133) and Entity State (RFC 4268) standard SNMP MIBs and a new MIB table, ifJnxMediaTable, which is part of the Juniper Networks enterprise-specific interface MIB extensions. The objects in the table represent MAU information such as media type, connector type, link mode, and link speed.
[See SNMP MIB Explorer.]
Services support: sFlow, port mirroring, and storm control (EX4650 switches)—Starting in Junos OS
Release 18.3R1, the following services are provided on EX4650 switches:
sFlow networking monitoring technology—Collects samples of network packets and sends them in a
UDP datagram to a monitoring station called a collector. You can configure sFlow technology on a device to monitor traffic continuously at wire speed on all interfaces simultaneously.
Local and remote port mirroring and remote port mirroring to an IP address—Copies packets entering
or exiting a port or entering a VLAN and sends the copies to a local interface (local port mirroring), to a VLAN (remote port mirroring), or to the IP address of a device running an analyzer application on a
remote network (remote port mirroring to an IP address [GRE encapsulation]). (When you use remote port mirroring to an IP address, the mirrored packets are GRE-encapsulated.)
Storm control—Causes a device to monitor traffic levels and take a specified action when a specified
traffic level—called the storm control level—is exceeded, thus preventing packets from proliferating and degrading service. You can configure devices to drop broadcast and unknown unicast packets, shut down interfaces, or temporarily disable interfaces when the storm control level is exceeded.
[See Overview of sFlow Technology, Understanding Port Mirroring, and Understanding Storm Control.]
Operation, Administration, and Maintenance (OAM)
Connectivity Fault Management (CFM) Support (EX4600)—IEEE 802.1ag Connectivity Fault Management
(CFM) provides fault isolation and detection over large Layer 2 networks which may span several service provider networks. You can configure CFM to monitor, isolate, and verify faults in these interconnected provider bridge networks. Starting in Junos OS Release 18.3R1, Junos OS provides CFM support on EX4600.
CFM support on EX4600 has the following limitations:
46
CFM support is provided via software using filters. This can impact scaling.
Inline Packet Forwarding Engine (PFE) mode is not supported. In Inline PFE mode, you can delegate
periodic packet management (PPM) processing to the Packet Forwarding Engine (PFE) which results in faster packet handling and the CCM interval supported is 10 milliseconds.
Performance monitoring (ITU-T Y.1731 Ethernet Service OAM) is not supported.
CCM interval of less than 1 second is not supported.
CFM is not supported on Routed Interfaces and aggregated Ethernet (lag) interfaces.
MIP half function, to divide the MIP functionality into two unidirectional segments to improve network
coverage, is not supported.
Up MEP is not supported.
Total number of CFM sessions supported is 30.
[See Understanding Ethernet OAM Connectivity Fault Management for an EX Series Switch.]
Port Security
IPv6 Router Advertisement (RA) Guard (EX4600)—Starting with Junos OS Release 18.3R1 for EX Series
switches, IPv6 RA guard is supported on EX4600 switches. RA guard protects against rogue RA messages generated either maliciously or unintentionally by unauthorized or improperly configured routers connecting to the network segment. RA guard works by validating RA messages based on whether they meet certain criteria, which is configured on the switch as a policy. RA guard inspects the RA message and compares the information contained in the message attributes to the policy. Depending on the policy, RA guard either drops or forwards the RA messages that match the conditions.
[See Understanding IPv6 Router Advertisement Guard.]
Restoration Procedures and Failure Handling
Device recovery mode introduced in Junos OS with upgraded FreeBSD (EX Series)—Starting in Junos
OS Release 16.1, for devices running Junos OS with upgraded FreeBSD, provided you have saved a rescue configuration on the device, there is an automatic device recovery mode that goes into action should the system go into amnesiac mode. The new process is for the system to automatically retry to boot with the saved rescue configuration. In this circumstance, the system displays a banner "Device is in recovery mode” in the CLI (in both the operational and configuration modes). Previously, there was no automatic process to recover from amnesiac mode. A user with load and commit permission had to log in using the console and fix the issue in the configuration before the system would reboot.
47
[See Saving a Rescue Configuration File.]
Security
Support for firewall filters (EX4650)—Starting with Junos OS Release 18.3R1, you can configure firewall
rules to filter incoming network traffic based on a series of user-defined rules. You can specify whether to accept, permit, deny, or forward a packet before it enters an interface. If a packet is accepted, you can also configure additional actions to perform on the packet, such as class-of-service (CoS) marking (grouping similar types of traffic together and treating each type of traffic as a class with its own level of service priority) and traffic policing (controlling the maximum rate of traffic sent or received). You configure firewall filters at the [edit firewall] hierarchy level.
[See Firewall Filters Overview.]
Support for distributed denial-of-service protection (EX4650)—Starting with Junos OS Release 18.3R1,
you can configure denial-of-service (DoS) protection on the switches to continue to function while under attack. A denial-of-service (DoS) attack is any attempt to deny valid users access to network or server resources by using up all the resources of the network element or server. DDoS protection identifies and suppress malicious control packets while enabling legitimate control traffic to be processed. A single point of DDoS protection management enables you to customize profiles for your network control traffic. To protect against DDoS attacks, you can configure policers for host-bound exception traffic. The policers specify rate limits for all control traffic for a given protocol. You can also monitor policers,
obtaining information such as the number of violations encountered and the number of packets received or dropped.
[See Understanding Distributed Denial-of-Service Protection on QFX Series Switches.]
Software Installation and Upgrade
Phone-home client (EX4300 switches)—Starting with Junos OS Release 18.3R1, you can use either the
legacy DHCP-options-based ZTP or the phone-home client (PHC) to provision software for the switch. If the switch boots up and there are DHCP options received from the DHCP server for ZTP, ZTP resumes. If DHCP options are not present, PHC is attempted. PHC enables the switch to securely obtain bootstrapping data, such as a configuration or software image, with no user intervention other than having to physically connect the switch to the network. When the switch first boots, PHC connects to a redirect server, which will redirect to a phone home server to get the configuration or software image.
To initiate either DHCP-options-based ZTP or PCH, the switch must either be in a factory-default state, or you can issue the request system zeroize command.
[See Understanding the Phone-Home Client.]
48
System Management
Secure Boot (EX4650 switches)—Starting with Junos OS Release 18.3R1, a significant system security
enhancement is being introduced: Secure Boot. The secure boot implementation is based on the UEFI
2.4 standard. The BIOS has been hardened and serves as a core root of trust. The BIOS updates, the
bootloader, and the kernel are cryptographically protected. No action is required to implement Secure Boot.
SEE ALSO
Changes in Behavior and Syntax | 49
Known Behavior | 52
Known Issues | 56
Resolved Issues | 61
Documentation Updates | 69
Migration, Upgrade, and Downgrade Instructions | 69 Product Compatibility | 71

Changes in Behavior and Syntax

IN THIS SECTION
Interfaces and Chassis | 50
Junos OS XML API and Scripting | 50
Layer 2 Features | 50
Network Management and Monitoring | 50
Security | 51
Subscriber Management and Services | 51
Virtual Chassis | 51
49
This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 18.3R2 for the EX Series.

Interfaces and Chassis

No support for performance monitoring on ae interfaces (EX4300)—Y.1731 performance monitoring
(PM) over aggregated Ethernet interfaces is not supported on EX4300 switches. [See sla-iterator-profile.]

Junos OS XML API and Scripting

MD5 and SHA-1 hashing algorithms are no longer supported for script checksums (EX Series)—Starting
in Junos OS Release 18.3R1, Junos OS does not support configuring an MD5 or SHA-1 checksum hash to verify the integrity of local commit, event, op, SNMP, or Juniper Extension Toolkit (JET) scripts or support using an MD5 or SHA-1 checksum hash with the op url url key option to verify the integrity of remote op scripts.

Layer 2 Features

Configuration option for LLDP VLAN name type, length, and value (TLV) (EX3400, EX4300)—Starting
in Junos OS Release 18.3R1, you can configure the vlan-name-tlv-option (name | vlan-id) statement at the [edit protocols lldp] hierarchy level to select whether to transmit the VLAN name or simply the VLAN ID for the Link Layer Discovery Protocol (LLDP) VLAN name TLV when exchanging LLDP messages. By default, EX Series switches running Enhanced Layer 2 Software (ELS) transmit the VLAN ID for the LLDP VLAN name TLV, and the show lldp detail command displays the default string vlan-vlan-id for an interface’s VLAN name in the Vlan-name output field. Switches that support the vlan-name-tlv-option statement behave the same as the default if you configure the vlan-id option with this statement. If you configure the name option, the switch transmits the VLAN name instead, and the show lldp detail command displays the VLAN name in the Vlan-name output field.
50

Network Management and Monitoring

Junos OS does not support management of YANG packages in configuration mode (EX Series)—Starting
in Junos OS Release 18.3R1, adding, deleting, or updating YANG packages using the run command in configuration mode is not supported.
The NETCONF server omits warnings in RPC replies when the rfc-compliant statement is configured
and the operation returns <ok/> (EX Series)—Starting in Junos OS Release 18.3R2, when you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level to enforce certain behaviors by the NETCONF server, if the server reply after a successful operation includes both an <ok/> element and one or more <rpc-error> elements with a severity level of warning, the warnings are omitted. In earlier releases, or when the rfc-compliant statement is not configured, the NETCONF server might issue an RPC reply that includes both an <rpc-error> element with a severity level of warning and an <ok/> element.

Security

Firewall warning message (EX2300 switches)—Starting in 18.3R1, a warning message is displayed
whenever a firewall term includes log or syslog with the accept filter action.
Syslog or log action on firewall drops packets (EX4600 switches) —Starting in 18.3R2, if you configure
a syslog or log action on an ingress firewall filter, control packets and ICMP packets sent to the Routing Engine might be dropped.

Subscriber Management and Services

DHCPv6 lease renewal for separate IA renew requests (EX Series)—Starting in Junos OS Release 18.3R1,
the jdhcpd process handles the second renew request differently in the situation where the DHCPv6 client CPE device does both of the following:
Initiates negotiation for both the IA_NA and IA_PD address types in a single solicit message.
Sends separate lease renew requests for the IA_NA and the IA_PD and the renew requests are received
back-to-back.
51
The new behavior is as follows:
1. When the reply is received for the first renew request, if a renew request is pending for the second address type, the client stays in the renewing state, the lease is extended for the first IA, and the client entry is updated.
2. When the reply is received for the second renew request, the lease is extended for the second IA and the client entry is updated again.
In earlier releases:
1. The client transitions to the bound state instead of staying in the renewing state. The lease is extended for the first IA and the client entry is updated.
2. When the reply is received for the second renew request, the lease is not renewed for the second address type and the reply is forwarded to the client. Consequently, when that lease ages out, the binding for that address type is cleared, the access route is removed, and subsequent traffic is dropped for that address or address prefix.
[See Using DHCPv6 IA_NA with DHCPv6 Prefix Delegation Overview.]

Virtual Chassis

New configuration option to disable automatic Virtual Chassis port conversion (EX4300 and EX4600
Virtual Chassis)—Starting in Junos OS Release 18.3R1, you can use the no-auto-conversion statement at the [edit virtual-chassis] hierarchy level to disable automatic Virtual Chassis port (VCP) conversion in an EX4300 or EX4600 Virtual Chassis. Automatic VCP conversion is enabled by default on these switches.
When automatic VCP conversion is enabled, if you connect a new member to a Virtual Chassis or add a new link between two existing members in a Virtual Chassis, the ports on both sides of the link are automatically converted into VCPs when all of the following conditions are true:
LLDP is enabled on the interfaces for the members on both sides of the link. The two sides exchange
LLDP packets to accomplish the port conversion.
The Virtual Chassis must be preprovisioned with the switches on both sides of the link already
configured in the members list of the Virtual Chassis using the set virtual-chassis member command.
The ports on both ends of the link are supported as VCPs and are not already configured as VCPs.
Automatic VCP conversion is not needed when using default-configured VCPs on both sides of the link to interconnect two members. On both ends of the link, you can also manually configure network or uplink ports that are supported as VCPs, whether or not the automatic VCP conversion feature is enabled.
Deleting the no-auto-conversion statement from the configuration returns the Virtual Chassis to the default behavior, which reenables automatic VCP conversion.
52
SEE ALSO
New and Changed Features | 35
Known Behavior | 52
Known Issues | 56
Resolved Issues | 61
Documentation Updates | 69
Migration, Upgrade, and Downgrade Instructions | 69 Product Compatibility | 71

Known Behavior

IN THIS SECTION
Class of Service (CoS) | 54
Ethernet Switching | 54
Infrastructure | 54
Layer 2 Features | 54
Interfaces and Chassis | 54
Platform and Infrastructure | 54
Routing Protocols | 55
Virtual Chassis | 56
This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 18.3R2 for the EX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
53

Class of Service (CoS)

On EX4650 switches if the CoS configurations are modified when egress traffic shaped at very low rate
(less than 50 Mbps), packets might get stuck in the MMU buffers permanently. It might cause ingress or egress traffic drops. When low rate shapers (less than 50 Mbps) are applied on egress queues, we suggest to deactivate shaping before any CoS modification or ensure traffic is stopped before doing CoS modification. PR1367432

Ethernet Switching

With software MAC learning enabled, for example, with features such as MAC limiting, MAC move limit,
802.1X authentication, and source MAC filters, MAC learning is slower than with hardware MAC learning.
PR1355758

Infrastructure

54
Issue is specific to downgrade (17.4T) and core is seen only once during downgrade due to timing issue
in sdk toolkit upgradation after which dcpfe recovers by its own and no issues will be seen after that.
PR1337008

Layer 2 Features

For EX4650 the switch might learn its own MAC address on the network interface if it is attached an
IRB interface to a VLAN. As a result of the wrong MAC learning, it might result in wrong forwarding in a MC-LAG scenario. PR1365942

Interfaces and Chassis

Previously, the same IP address could be configured on different logical interfaces from different physical
interfaces in the same routing instance (including master routing instance), but only one logical interface was assigned with the identical address after commit. There was no warning during the commit, only syslog messages indicating incorrect configuration. This issue is fixed and it is now not allowed to configure the same IP address (the length of the mask does not matter) on different logical interfaces.
PR1221993

Platform and Infrastructure

On EX2300 and EX3400 switches, L2PT will not work with tag-protocol-id 0x9100. PR1333475
Smartd verification is not supported on EX4300-48-MP. Instead, "ssd-stats" can be used from Host-OS
to get an overall current health status of SSD. PR1343091
On EX4300-48MP when primary ROOT Partition is corrupted and switch is power cycled, then switch
will get stuck at Linux after boot. Switch needs to be manually rebooted from secondary SSD Partition and recover corrupted primary partition. PR1344938
Broadcast route is not pingable when NTP is configured in broadcast mode. Ping to Broadcast route is
not supported. PR1347480
DIRECTORY CORRUPTED I=149350 OWNER=0 MODE=40755 messages continuously printed in
console during device boot up after power cycle of the device The error logs are coming from inside Junos VM. As soon as any disk write operation is initiated from inside the VM, it will be written on host disk as well. However, if power cycle happens before disk write completes, this issue is bound to occur.
PR1361094
Logical interfaces statistics are not supported for L2 and aggregated Ethernet interfaces, it is supported
only for Layer 3 interfaces (Layer 3 interface should not be member of aggregated Ethernet), please make sure you have only only normal Layer 3 interface. PR1361185
Bi-directional optics channelization is not supported. PR1361891
In QFX5000 switches when more than one interface is attached to an output VLAN for remote port
mirroring, the traffic will be received by only one of the interfaces. PR1363358
55
Few error messages related to function rt_mesh_group_add_check() will be seen during reboot and are
harmless. PR1365049
Auto channelization not supported for 40GBASE-BXSR QSFP+40GE-LX4 QSFP-100G-PSM4
100GBASE-BXSR. PR1366103
QFX5120/EX4650: with 288k MAC scale, Routing Engine command show ethernet-switching table
summary output will show the learned scale entries after a delay of around 60 seconds. PR1367538
Sub-second BFD interval timer is not supported for EX4650 switches. PR1368671
Since this is Vm based system the recovery would be done from Linux recovery. PR1371014
Intermittently after JUNOS reboot two of channelized 25G ports using 4x25G breakout cable may not
come up. PR1384898
Junos OS can hang trying to acquire the SMP IPI lock while rebooting when it is running as a VM on
Linux and QEMU hypervisor. Device can be recovered using power-cycle of the device. PR1385970

Routing Protocols

Issuing the command "scp -l" in the JUNOS shell, will cause a core fire generation. PR1363973
Could scale ISISv4, 254 neighbor and 200k routes together. Beyond 200k routes with 254 neighbor,
Adjacency flaps and thus traffic drop are noticed. However, with 40 neighbor 351k routes got scaled.
PR1368106
Since the flex counters are shared among IFPs and other tables, in an uni-dimensional testing, ipmc stats
counter created will not be equivalent to number of ipmc entries created and stat counter creation will fail with error "No resources for operation" after 60,000 entries. PR1371399
The mcsnoopd error messages are seen in logs while adding or deleting IGMP PIM configuration. These
are debug messages and are not harmful. PR1371662

Virtual Chassis

A Virtual Chassis internal loop might happen at a node coming up from a reboot. During nonstop software
upgrade (NSSU) on a QFX5100 Virtual Chassis, a minimal traffic disruption or traffic loop(>2s) might occur. PR1347902
SEE ALSO
New and Changed Features | 35
56
Changes in Behavior and Syntax | 49
Known Issues | 56
Resolved Issues | 61
Documentation Updates | 69
Migration, Upgrade, and Downgrade Instructions | 69 Product Compatibility | 71

Known Issues

IN THIS SECTION
General Routing | 57
Infrastructure | 59
Junos Fusion Enterprise | 59
Layer 2 Features | 60
Multicast | 60
Platform and Infrastructure | 60
Routing Protocols | 60
Subscriber Access Management | 61
This section lists the known issues in hardware and software in Junos OS Release 18.3R2 for the EX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

On an EX9200-12QS line card, interfaces with the default speed of 10 Gigabit Ethernet are not brought
down even when the remote end of a connection is misconfigured as 40 Gigabit Ethernet. PR1175918
Various common situations lead to different views of forwarding information between kernel and Packet
Forwarding Engines. For example, fpc7 KERNEL/PFE APP=NH OUT OF SYNC: error code 3 REASON: NH add received for an ifl that does not exist ERROR-SPECIFIC INFO: nh_id=562 , type = Hold, ifl index 334 does not exist TYPE-SPECIFIC INFO: none. No service impact is seen in MPC2 and MPC3 type
cards. PR1205593
Interface range is not supported for channelized interfaces on the EX9253. The user has to configure
interfaces individually. PR1350635
57
When me0 ports are connected between two EX3400 switches, the link does not come up. The link
comes up when me0 is connected to network port. PR1351757
The working uplink module SFP-T might go down with Junos OS Release 17.2R1 and later releases.
PR1360602
When a VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter
will not be installed. PR1362609
On EX4650 switches, after deleting sFLOW configuration, every five minutes the following error message
sflow_net_socket_init, 423sflow socket connect failed (socket closed) is displayed on the VTY console.
PR1363381
On EX4650 switches, if lcmd is restarted, a chassisd core file is generated with a traffic drop for a few
seconds. PR1363652
The time lapse between interface down interrupt detection to FRR call back is approximately 148ms on
the QFX5120 platform, though the in-place update FRR programming completes in 1ms. The minimum FRR time achieved with this limitation is approximately 150ms and maximum is approximately 275ms.
PR1364244
When an unified ISSU from Junos OS Release 15.1R7.7 to Junos OS Release 16.1R7.6 is performed on
an EX9200 Routing Engine, integrated routing and bridging (IRB) IPv4 and IPv6 traffic is dropped. This traffic loss occurs towards the end of the unified ISSU operation when the new backup Routing Engine comes up and synchronizes with the new master Routing Engine. PR1365149
EX4300 Virtual Chassis systems might fail to register some jnxOperating SNMP OIDs related to the
Routing Engines. This behavior is more likely if Virtual Chassis members 0 and 1 (FPC0 and FPC1) are not selected as Routing Engines. PR1368845
Traffic drop might be observed with a swap out of a Virtual Chassis of QFX5100 to the EX9253 for
testing some heavy multicast traffic, even when the IRB interface comes up. PR1369099
Multicast router advertisement (RA) packets arriving at a VLAN need to be flooded on ports of all FPCs
belonging to the same VLAN. Packets when traversing through a HighGig port need to hit the hardware filter to transmit packets in other FPCs. In issue state, the filter is not applicable for the HighGig ports, so multicast RA packets are not traversing through other FPCs. PR1370329
There are multiple failures when events such as node reboots, ICL flaps, and ICCP flaps occur; and even
with enhanced convergence configured there is no guarantee that subsecond convergence will be achieved. PR1371493
When both flap-on-disconnect and port-bounce are sent, flap-on-disconnect takes precedence, the
switch might not trigger link flap. So the device connected to the switch might not initiate DHCP request to allocate an IP address in the new subnet. The CLI command show dot1x statistics displays the number of port bounce requests received. PR1372619
An EX4300 configured with a firewall filter on lo0 and DHCP-security on VLAN simultaneously might
drop legitimate DHCP renew requests from clients on the corresponding VLANs. This occurs because of the implementation design and chipset limitation. PR1376454
58
After the MACsec session is deleted, the corresponding interfaces might lose their MACsec function
when LACP is enabled on them and the statement exclude lacp is configured under the [edit security macsec] hierarchy. PR1378710
On EX9200 Series platforms, if there is a packet-length keyword under a firewall filter is applied on the
interface egress, the configuration is not committed, because of the commit-check failure. PR1378901
After unified ISSU from Junos OS Releases 18.1R1, 18.2R1 to 18.3R1, EX9200 32x10-Gigabit SFP
interfaces are flapped with error IFRT: 'IFD add' (opcode 3) failed on EX9214 MCLAG configuration.
PR1384670
On EX4650, an installation error rcu_sched self-detected stall on CPU is seen. PR1384791
Junos OS might hang trying to acquire the SMP IPI lock while rebooting when it is running as a VM on
Linux and QEMU hypervisor. Power-cycle the device to recover it. PR1385970
For EX4300-48MP switches, active SSD firmware upgrade is supported and a power cycle of the switch
is not required after the upgrade. PR1389543
When show command takes a long time to display results, the STP might change states as BPDUs are
no longer processed and cause outages. PR1390330
DCPFE does not come up in some instances of abrupt power-off or power-on of EX4650. Power-cycle
of the device or host reboot will recover the device. PR1393554
Need 1-Gbps speed configuration support on EX9251. PR1400651
After upgrading to Junos OS Release 18.1R3.3, the following output message is seen continuously:
adt7470_set_pwm. PR1401709
On EX4650 platforms, uRPF check in strict mode will not work properly. PR1417546
EFL license on EX4300-XXMP devices fails to get installed. For example, {master:0} root@router> request
system license add terminal Mar 01 12:03:05 [Type ^D at a new line to end input, enter blank line between each license key] EmergencyJUNOS285602007 aeaqia qmlbjd amrrha 2tcmbr gayaqb ycsbdm mjggim gbastv nzuxaz lsebew 45dfoj xgc3ah fbo6ct 7vv3hl ykp4zq 5g6xch szi7aq 3pek5e vh4myw jdi5wq dxyi3c rkgydi 3crzkr szq terminal:1. EmergencyJUNOS285602007: license not valid for this product add license failed (1 errors) This only affects EFL licenses (AFL is not affected) and -MP EX4300 devices. PR1421033
On EX2300, EX3400, EX4300, and EX4600, if igmp-snooping is enabled, multicast traffic might be
dropped silently. PR1423556
I2C read errors are seen when an SFP-T is inserted into a disabled state port configured with set interface
<*> disable command. PR1423858

Infrastructure

Junos OS might hang trying to acquire the SMP IPI lock while rebooting when it is running as a VM on
Linux and QEMU hypervisor. PR1359339
59
When an SNMP poll is performed for the following OIDs, the backup Routing Engine returns the value
6 (6=down) for the FAN and 1 (1=unknown) for the PSUs, even though the FAN and PSUs are up. Fan:
1.3.6.1.4.1.2636.3.1.13.1.6 PSU: 1.3.6.1.4.1.2636.3.1.13.1.6.2. For a permanent fix, upgrade the chassis
to Junos OS Release 15.1R8 or later. PR1360962
In a private VLAN (PVLAN) multiple switches scenario, on EX2300, EX3400, EX4300, EX4600, and QFX
Series switches (except for QFX10000), after rebooting the device, isolated VLAN traffic received from inter-switch link might be dropped. The configuration inter-switch-link statement is used when a PVLAN spans multiple switches. PR1388186
On EX2300, EX2300-C, and EX2300-MP platforms, if Junos OS is with FreeBSD kernel version 11 with
the build date on or after 2019-02-12, the switch might stop forwarding traffic or responding to console. A reboot is required to restore the service. PR1442376

Junos Fusion Enterprise

On a Junos Fusion Enterprise it might take 6 to 30 seconds for the traffic to converge when on the
aggregation device JFE is powered OFF or powered ON. PR1257057
Power over Ethernet (PoE) over Link Layer Discovery Protocol (LLDP) negotiation is not supported in a
Junos Fusion Enterprise (JFE) setup. The issue results in powering up failure when a device makes PoE over LLDP negotiation with the JFE. PR1366106

Layer 2 Features

On EX2300 and EX3400, if L2PT is configured and the user wants to enable LLDP, then the user needs
to configure LLDP individually on the port. The interface all option does not work. There is no functional impact. PR1361114
On EX2300 and EX3400, while configuring L2PT for tunneling LLDP, the LLDP packets are dropped at
the L2PT NNI interface. Issue is seen first time when the configuration is done and recovers with reboot.
PR1362173
eswd[1200]: ESWD_MAC_SMAC_BRIDGE_MAC_IDENTICAL: Bridge Address Add: XX:XX:db:2b:26:81
SMAC is equal to bridge mac hence don't learn is seen in syslog every few minutes on ERPS owner. The logs occur during ERPS PDU in ERPS setup. This message can be ignored. PR1372422
On QFX5000 platform, if storm control is applied on multiple ports, storm control logging might not
take effect. PR1401086

Multicast

60
IGMP query packets might be duplicated between L2 interfaces with IGMP snooping enabled. PR1391753

Platform and Infrastructure

IGMPv3 neighborship information is now in synchronization with the kernel entries. PR1317141
ICMPv6 packets are hitting the dynamic ingress filter with higher priority, thus never reaching an MF
or static classifier. PR1388324

Routing Protocols

On a EX4650 with UFT configuration num-65-127-prefix-4, when scaled the greater than 64 prefix
IPv6 routes, the command show pfe route inet6 hw lpm output will show only a single IPv6 entry but not the scaled entries. PR1369320
On EX4300 and EX4600 switches, if host destined packets (that is, the destination address belongs to
the device) come from the interface with ingress filter of log or syslog action (for example, filter <> term <> then log/syslog), such packets might not be dropped and reach the Routing Engine unexpectedly.
PR1379718
In a multicast routing scenario using PIM, if configuring a static route with qualified-next-hop for multicast
source, the rpd process might crash. This is because qualified-next-hop points to the Gateway Family Data Links (GF_DLI) address which PIM is unable to process, resulting in the crash. PR1408443

Subscriber Access Management

The authd reuse address quickly before jdhcpd has completely cleaned up the old subscriber, which
results in flooding error log. The log such as: jdhcpd: %USER-3-DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 10.1.128.3 as it is already used by 1815. PR1402653
SEE ALSO
New and Changed Features | 35
Changes in Behavior and Syntax | 49
Known Behavior | 52
Resolved Issues | 61
Documentation Updates | 69
Migration, Upgrade, and Downgrade Instructions | 69
61
Product Compatibility | 71

Resolved Issues

IN THIS SECTION
Resolved Issues: 18.3R2 | 62
Resolved Issues: 18.3R1 | 65
This section lists the issues fixed in the Junos OS Release 18.3R2 for the EX Series switches.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 18.3R2

Authentication and Access Control
DHCPv6 client is not supported in this release for EX4300-48MP. PR1373691
EVPN
A few minutes of traffic loss might be observed during recovery from link failure. PR1396597
General Routing
The Routing Engine Packet Forwarding Engine out-of-sync errors might be seen in syslog. PR1232178
The EX4300-32F MACsec session stays down on 1-Gigabit and 10-Gigabit Ethernet links after certain
events, when events are performed with traffic running. PR1299484
On EX3400 and EX2300 platforms, a redirect message is sent from the switch even when no-redirect
is set for the specified interface. PR1333153
The FXPC process might crash after adding or deleting a Q-in-Q VLAN to an interface on EX2300 and
EX3400 platforms. PR1334850
62
The 40G interfaces might not forward traffic. PR1349675
FPM board status is missing in SNMP MIB walk result. PR1364246
OAM Ethernet connectivity-fault-management configured on aggregated Ethernet interfaces is not
supported but no commit error. PR1367588
Unable to use Ansible to collect RSI from EX9200. PR1367913
MAC refresh packet might not be sent out from the new primary link after the RTG failover. PR1372999
The interface in SFP-T module on EX2300 and EX3400 might be down while its peer connected interface
is up. PR1374522
EX4600VC might not send RIPv2 updates when igmp-snooping is enabled. PR1375332
The interface AE480 or above might be in STP discarding state on the EX9200 switches. PR1378272
ARP request packets might be sent out with 802.1Q VLAN tag PR1379138
All interfaces belonging to certain FPCs might be lost after multiple GRES in Virtual Chassis. PR1379790
On EX3400 switches, the error messages are seen after applying firewall filter to loopback interface.
PR1380544
The dot1x does not work with Microsoft NPS server. PR1381017
Constant memory leak might lead to FPC memory exhaustion PR1381527
Commit error is observed for the first time while loading the mini-PDT base configurations. PR1383469
On the EX4650 switch, occasionally two of the channelized 25-Gigabit Ethernet ports that are using
4x25G breakout cable will not come up after Junos OS reboots. PR1384898
ARP and ethernet-table entry in pointing to an aggregated Ethernet interface whose state is down.
PR1385199
On EX4300-48MP, the session-option stanza under the [access profile] hierarchy for EX Series platforms
is not applicable. PR1385229
On EX9200 platforms, the warning message prefer-status-control-active is used with status-control
standby might be seen whenever you commit an operation. PR1386479
On EX2300 with Q-in-Q flexible-vlan-tagging is unable to obtain DHCP IP for IRB after a
reboot/power-cycle. PR1387039
On EX3400 Virtual Chassis, Error tvp_status_led_set" and " Error:tvp_optics_diag_eeprom_read syslog
errors are seen. PR1389407
MAC learning might stop working on some LAG interfaces. PR1389411
"Input rate pps" is not increased on EX2300-MP uplink ports if the packet is a pure Layer 2 packet like
non-etherII or non-EtherSnap. PR1389908
EX3400VC - When an interface in a Virtual Chassis member switch that is not master, is flapped, IGMP
query packets 224.0.0.1 are sent to all the ports of members except the master FPC. PR1393405
63
PTP over Ethernet traffic might be dropped when IGMP and PTP TC are configured together. PR1395186
On EX2300, MAC table is not populated after interface-mode change. PR1396422
High jsd or na-grpcd CPU usage might be seen even if JET or JTI is not used. PR1398398
After upgrading Junos OS Release 15.1X53 to Junos OS Release 18.2R1.9, the EX3400 cannot learn
30,000 MAC addresses. PR1399575
The FBF routing-instance instance-type "forwarding" is missed for EX Series (EX3400). PR1400163
MAC-limit with persistent MAC is not working after reboot. PR1400507
The authd might crash when you issue the show network-access requests pending command during
authd restart. PR1401249
The STP does not work when aggregated interfaces number is ae1000 or above in QFX5110 and
QFX5200 and ae480 or above in other QFX Series switches. PR1403338
The l2cpd might crash if the VSTP traceoptions and VSTP VLAN all commands are configured. PR1407469
EX3400 PSU status is still taking "check" status even though PSU module has been removed PR1408675
The chassisd output power budget is received continuously for 5 seconds without any alarm after
upgrading to Junos OS Release 18.1R3. PR1414267
VXLAN encapsulation next hop (VENH) does not get installed during BGP flap or restart routing.
PR1415450
Infrastructure
IfSpeed and IfHighSpeed erroneously reported as zero on EX2300. PR1326902
Junos Fusion Enterprise
PoE over LLDP negotiation is not supported on Junos Fusion Enterprise setup. PR1366106
An error peer_daemon: bad daemon: scpd is seen on EX9251 switch running Junos OS Release 18.1R1
and 18.1R2. PR1369646
Juniper Fusion Enterprise : Cannot login to SD cluster though it is recognized by AD properly. PR1395570
The l2ald might crash and generate a core file when the clear ethernet-switching table persistent-learning
command is executed. PR1409403
Extended ports do not adjust MTU in Junos Fusion Enterprise on VOIP-enabled ports. PR1411179
Layer 2 Features
RTG MAC refresh packets are sent out from non-RTG ports if the RTG interface belonging to the Virtual
Chassis master flaps. PR1389695
64
Layer 3 Features
The l2ald might crash when the clear ethernet-switching table persistent-learning command is issued.
PR1381739
Platform and Infrastructure
Ping does not go through device after WTR timer expires in ERPS scenario. PR1132770
On EX4300 switches, in a rare situation the remote interface starts flapping unexpectedly. PR1361483
Login lockout might never expire because the timestamps of Lockout start and Lockout end are same.
PR1373803
On EX4300-48MP, unsupported 1 Gigabit optics in the 10 Gigabit uplink module might cause interface
traffic to be dropped. PR1374390
Traffic might be silently discarded with indirect next hop and load balancing. PR1376057
EX4300 upgrade fails during validation of slax script. PR1376750
ECMP route installation failure with log messages such as unilist install failure might be observed on
EX4300 device. PR1376804
Packet drops on interface if the statement gigether-options loopback is configured. PR1380746
IRB interface does not turn down when the master Chassis is rebooted or halted. PR1381272
Traffic loss seen in Layer 2 VPN with GRE tunnel. PR1381740
On the EX4300 switch, if a loss priority value of high is set for multicast packets by a classifier at the
ingress interface, the configuration is overridden by the storm-control filter. PR1382893
The EX4300 device chooses an incorrect bridge ID as the RSTP Bridge ID. PR1383356
On EX4300-48MP mixed Virtual Chassis, the Power over Ethernet interface maximum power configuration
on a member EX4300 gives an error if the power is configured to be more than 30 W. PR1383717
Unicast DHCP request get misforwarded to backup RTG link on EX4300-VC. PR1388211
Layer 3 IP route is destroyed after the Layer 2 next hop is changed. PR1389688
Continuous log messages get printed in EX4300: 17.4 / MCSNOOPD ICCP
Context./var/run/iccpd_control addr /var/run/iccpd_control: Connection refused. PR1391942
EX4300 OAM LFM might not work on extended-vlan-bridge interface with native vlan configured
PR1399864
Traffic drop is seen on EX4300 when 10G fiber port is using 1 Gigabit Ethernet SFP optics with
autonegotiation enabled. PR1405168
Routing Protocols
The PPM mode for BFD session in EX4300 is centralized and not distributed by default. PR1361800
65
On EX4300-48MP, stale VLAN entries are seen after continuous script run involving split, merge, and
reboot. PR1363739
On EX4650 switches, the output of the show pfe route summary hw command shows different scale
values for the IPv4 and IPv6 LPM routes rather than the supported scale. PR1366579
EX4300 might drop incoming IS-IS hello packets when IGMP or MLD snooping is configured. PR1400838
Sometimes, IGMP snooping might not work. As a workaround, restart multicast snooping process.
PR1420921
Subscriber Access Management
EX4300 line of switches /var showing full /var/log/dfcd_enc file grows in size. PR1420921

Resolved Issues: 18.3R1

EVPN
On EVPN-VXLAN scenarios, a traffic black-hole condition might occur on interfaces that are down, but
LACP is up. PR1343515
Proxy ARP might not work as expected in an EVPN environment. PR1368911
High Availability (HA) and Resiliency
The Backup Routing Engine might go to db prompt after configuration remove and restore is performed.
PR1269383
Infrastructure
Unable to provide management when the em0 interface of FPC is connected to another FPC Layer 2
interface of the same Virtual Chassis. PR1299385
Upgrade might fail and the file system might be corrupted if there are blocks in the flash/filesystem.
PR1317628
PFC feature might not work on EX4600. PR1322439
Archiving dmesg file -/var/run/dmesg.boot. PR1327021
Enabling mac-move-limit stops ping on flexible-vlan-tagging enabled interface. PR1357742
Core files are generated when an attempt is made to commit the configuration. PR1376362
Interfaces and Chassis
66
On EX4300- Virtual Chassis platforms, the MAC address assigned to an aggregated Ethernet member
interface is not the same as that of its parent aggregated Ethernet interface upon master Routing Engine halt. PR1333734
PoE device does not receive PoE power. PR1345234
Packets might drop on the ICL of an MC-LAG peer when MC-LAG is up. PR1345316
Layer 2 Features
The dcpfe/fxpc process might crash when you try to allocate large memory on Packet Forwarding Engines
with low memory. PR1362332
Network Management and Monitoring
On EX4600 platforms, unsupported CLI configurations or show commands from the CFM hierarchy or
sub-hierarchy are allowed. PR1359052
CFM: Even after toggling multiple times between baseline and CFM configurations, all 30 CFM sessions
are not up. PR1360907
Platform and Infrastructure
The mismatch of VLAN IDs between an logical interface and VLAN configuration might result in a traffic
black-hole condition. PR1259310
On an EX2300 or EX3400 the bridge ID 02:00:00:00:00:10 is assigned irrespective of base MAC
addresses. PR1315633
Incorrect value of optical power is displayed. PR1326642
CoS is wrongly applied on Packet Forwarding Engine, leading to egress traffic drop. PR1329141
When exhausting TCAM table, the filter might be incorrectly programmed. PR1330148
The FXPC process might crash after adding or deleting a QinQ VLAN to an interface on EX2300/EX3400
platforms. PR1334850
The configured VOIP VLAN scenario does not work when the P-VLAN is configured as VOIP VLAN.
PR1335600
The device might not learn source MAC addresses, which might be stuck in the Hit Pending state.
PR1341518
MAC source address filter with accept-source-mac command does not work if MAC move limit is
configured. PR1341520
On EX4300-MP platforms, the backup Linux cannot be installed first when both SSD partitions are
corrupted. PR1342168
A firewall filter might not be programmed in the Packet Forwarding Engine even though TCAM entries
are available. PR1345296
All the DHCP-Reply or DCHP-Offer packets might be discarded by DHCP snooping if the DHCP snooping
is not enabled on that VLAN. PR1345426
67
On MPC5, the inline-ka PPP echo requests are not transmitted when the anchor-point is lt-x/2/x or
lt-x/3/x in pseudowire deployment. PR1345727
After an EX9200 FPC comes online, the CPU usage on other FPCs might be 100% usage and lead to
traffic loss for near 30 seconds. PR1346949
On EX4300 and EX4600s the VLAN translation feature does not work for the control-plane traffic.
PR1348094
On EX4300 platforms, traffic drop might happen if LLC packets are received with DSAP and SSAP as
0x88 and 0x8e, respectively. PR1348618
Running RSI through console port might cause system crash and reboot. PR1349332
On EX2300 or 3400 platforms, L2PT LACP MAC rewrite on a PE device sends duplicate BPDUs to the
CE devices. PR1350329
The transit traffic for ECMP might not work after the EX2300 switch reboots. PR1351418
On EX4300 platforms (Virtual Chassis and standalone) running Junos OS Release 16.1 and later, a firewall
filter with action then syslog is unable to send syslog messages to the syslog server. PR1351548
A high usage chassis alarm in the /var partition persists on the EX4300 Virtual Chassis when a file is
copied from fpc1 (master) to fpc0 (backup). PR1354007
The ports using the SFP-T transceiver might continue to be up after system halt. PR1354857
A commit error is observed if the switch is downgraded from Junos OS Release 18.2 or Release 18.3 to
Release 17.3R3. PR1355542
EX4300-48MP: When DAI and IPSG are configured for many VLANs in one go then DAI Statistics for
one interface shows garbage (very large) value. PR1355963
The FPC stops responding because of a memory leak caused by the VTEP traffic. PR1356279
On EX2300, EX3400, EX4300-MP platforms in a Virtual Chassis setup, dynamic ARP inspection (DAI)
might fail after Virtual Chassis switchover when VSTP is enabled along with no-mac-table-binding.
PR1359753
On EX2300, EX3400, EX4300-MP and EX2300-MP platforms used as transit switches, the routed traffic
sent out of IRB interfaces uses an old MAC address instead of the configured MAC address for the IRB interface. PR1359816
On EX2300-MP platforms, a wrong fan count of four is shown, instead of three, in jnxFruName,
jnxFilledDescr, and jnxContainersCount. PR1361025
On EX4300-48MP, the 802.1X protocol subsystem takes a long time to respond to management requests
and the following error message is displayed: the dot1x-protocol subsystem is not responding to management requests. PR1361398
A nonexistent fan tray 1 is reported by chassisd on EX2300. PR1361696
68
On EX4300-MP switches, MACsec AES-GCM-128-XPN and AES-GCM-256-XPN cipher suites are not
supported for mge ports. PR1362035
Unexpected DCD_PARSE_ERROR_SCHEDULER messages are logged when MS-MPC/MS-MIC is brought
offline/online. PR1362734
Some interfaces cannot be added under the MSTP configuration. PR1363625
On EX4300 or EX4600 platforms, the l2ald process might crash in an 802.1X scenario. PR1363964
On EX2300 switches, the show filter hardware summary command displays incomplete output.
PR1364930
EX3400 l2cpd crashes when configuring MVRP with Private VLAN and RSTP interface all. PR1365937
The Packet Forwarding Engine might crash if encounters frequent MAC moves. PR1367141
Issuing the request system zeroize command through noninteractive SSH might not erase the
configuration on an EX4300. PR1368452
Unicast ARP packet loop might be observed in a DAI scenario. PR1370607
NTP broadcast packets are not forwarded out on L2 ports. PR1371035
On EX4300 platform with LLDP enabled, LLDP advertisement with incorrect auto-negotiation values
might be sent. PR1372966
BOOTP packets may be dropped if BOOTP-support is not enabled at the global level. PR1373807
The port access list group does not reallocate TCAM slices properly. PR1375022
EX4300-48MP: Syslog error ?Error in bcm_port_sample_rate_set(ifl_cmd) : Reason Invalid port. PR1376504
SEE ALSO
New and Changed Features | 35
Changes in Behavior and Syntax | 49
Known Behavior | 52
Known Issues | 56
Documentation Updates | 69
Migration, Upgrade, and Downgrade Instructions | 69 Product Compatibility | 71

Documentation Updates

There are no errata or changes in Junos OS Release 18.3R2 documentation for the EX Series switches.
69
SEE ALSO
New and Changed Features | 35
Changes in Behavior and Syntax | 49
Known Behavior | 52
Known Issues | 56
Resolved Issues | 61
Migration, Upgrade, and Downgrade Instructions | 69 Product Compatibility | 71

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION
Upgrade and Downgrade Support Policy for Junos OS Releases | 70
This section contains the upgrade and downgrade support policy for Junos OS for the EX Series. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1,
17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.
You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
70
For more information about EEOL releases and to review a list of EEOL releases, see
https://www.juniper.net/support/eol/junos.html.
SEE ALSO
New and Changed Features | 35
Changes in Behavior and Syntax | 49
Known Behavior | 52
Known Issues | 56
Resolved Issues | 61
Documentation Updates | 69 Product Compatibility | 71

Product Compatibility

IN THIS SECTION
Hardware Compatibility | 71

Hardware Compatibility

To obtain information about the components that are supported on the devices, and the special compatibility guidelines with the release, see the Hardware Guide for the product.
To determine the features supported on EX Series switches in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at https://apps.juniper.net/feature-explorer/.
71
Hardware Compatibility Tool
For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.
SEE ALSO
New and Changed Features | 35
Changes in Behavior and Syntax | 49
Known Behavior | 52
Known Issues | 56
Resolved Issues | 61
Documentation Updates | 69 Migration, Upgrade, and Downgrade Instructions | 69

Junos OS Release Notes for Junos Fusion Enterprise

IN THIS SECTION
New and Changed Features | 72
Changes in Behavior and Syntax | 73
Known Behavior | 74
Known Issues | 75
Resolved Issues | 75
Documentation Updates | 77
Migration, Upgrade, and Downgrade Instructions | 77
Product Compatibility | 82
72
These release notes accompany Junos OS Release 18.3R2 for Junos Fusion Enterprise. Junos Fusion Enterprise is a Junos Fusion that uses EX9200 switches in the aggregation device role. These release notes describe new and changed features, limitations, and known problems in the hardware and software.
NOTE: For a complete list of all hardware and software requirements for a Junos Fusion
Enterprise, including which Juniper Networks devices can function as satellite devices, see
Understanding Junos Fusion Enterprise Software and Hardware Requirements .
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

IN THIS SECTION
Release 18.3R2 New and Changed Features | 73
Release 18.3R1 New and Changed Features | 73
This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for Junos Fusion Enterprise.
NOTE: For more information about the Junos Fusion Enterprise features, see the Junos Fusion
Enterprise User Guide.

Release 18.3R2 New and Changed Features

There are no new features or enhancements to existing features for Junos Fusion Enterprise in Junos OS Release 18.3R2.

Release 18.3R1 New and Changed Features

There are no new features or enhancements to existing features for Junos Fusion Enterprise in Junos OS Release 18.3R1.
73
SEE ALSO
Changes in Behavior and Syntax | 73
Known Behavior | 74
Known Issues | 75
Resolved Issues | 75
Documentation Updates | 77
Migration, Upgrade, and Downgrade Instructions | 77 Product Compatibility | 82

Changes in Behavior and Syntax

There are no changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands in Junos OS Release 18.3R2 for Junos Fusion Enterprise.
SEE ALSO
New and Changed Features | 72
Known Behavior | 74
Known Issues | 75
Resolved Issues | 75
Documentation Updates | 77
Migration, Upgrade, and Downgrade Instructions | 77 Product Compatibility | 82

Known Behavior

IN THIS SECTION
Junos Fusion | 74
74
This section lists known behavior, system maximums, and limitations in hardware and software in Junos OS Release 18.3R2 for Junos Fusion Enterprise.
For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

Junos Fusion

On a Junos Fusion Enterprise, it could take 6 to 30 seconds for the traffic to converge when the
aggregation device is powered OFF or powered ON. PR1257057
SEE ALSO
New and Changed Features | 72
Changes in Behavior and Syntax | 73
Known Issues | 75
Resolved Issues | 75
Documentation Updates | 77
Migration, Upgrade, and Downgrade Instructions | 77 Product Compatibility | 82

Known Issues

IN THIS SECTION
Junos Fusion Enterprise | 75
This section lists the known issues in hardware and software in Junos OS Release 18.3R2 for Junos Fusion Enterprise.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Junos Fusion Enterprise

75
Power over Ethernet over LLDP (Link Layer Discovery Protocol) negotiation is not supported in Junos
Fusion Enterprise. The issue results in failure to power up during PoE over LLDP negotiation. PR1366106
SEE ALSO
New and Changed Features | 72
Changes in Behavior and Syntax | 73
Known Behavior | 74
Resolved Issues | 75
Documentation Updates | 77
Migration, Upgrade, and Downgrade Instructions | 77 Product Compatibility | 82

Resolved Issues

IN THIS SECTION
Resolved issues: Release 18.3R2 | 76
Resolved issues: Release 18.3R1 | 76
This section lists the issues fixed in the Junos OS Release 18.3R2 for the Junos Fusion Enterprise.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved issues: Release 18.3R2

The scpd process is not running in EX9251, causing an error message in the CLI. PR1369646
Cannot login to the satellite device cluster on a Junos Fusion Enterprise even though it is recognized by
the aggregation device. PR1395570
The l2ald process might generate a core file if the clear ethernet-switching table persistent-learning
command is issued. PR1409403
Extended ports in Junos Fusion Enterprise do not adjust MTU when VoIP is enabled. PR1411179

Resolved issues: Release 18.3R1

76
A satellite device does not recover Power over Ethernet after the device is offline for more than 10
minutes and rejoins the aggregation device. PR1356478
The Fusion satellite device reboots post automatic POE firmware upgrade. PR1359065
The ppm-lite process might generate a core file on the Fusion satellite devices. It is unexpectedly treating
IEEE PORT VLAN ID TLV on LLDP packets as a DCBXv1.01 TLV. PR1364265
The scpd process is not running in EX9251, causing an error message in the CLI. PR1369646
SEE ALSO
New and Changed Features | 72
Resolved Issues | 75
Known Behavior | 74
Known Issues | 75
Documentation Updates | 77
Migration, Upgrade, and Downgrade Instructions | 77 Product Compatibility | 82

Documentation Updates

There are no errata or changes in Junos OS Release 18.3R2 for Junos Fusion Enterprise documentation.
SEE ALSO
New and Changed Features | 72
Changes in Behavior and Syntax | 73
Known Behavior | 74
Known Issues | 75
Resolved Issues | 75
Migration, Upgrade, and Downgrade Instructions | 77 Product Compatibility | 82
77

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION
Basic Procedure for Upgrading Junos OS on an Aggregation Device | 77
Upgrading an Aggregation Device with Redundant Routing Engines | 79
Preparing the Switch for Satellite Device Conversion | 80
Converting a Satellite Device to a Standalone Switch | 81
Upgrade and Downgrade Support Policy for Junos OS Releases | 81
Downgrading Junos OS | 82
This section contains the procedure to upgrade or downgrade Junos OS and satellite software for a Junos Fusion Enterprise. Upgrading or downgrading Junos OS and satellite software might take several hours, depending on the size and configuration of the Junos Fusion Enterprise topology.

Basic Procedure for Upgrading Junos OS on an Aggregation Device

When upgrading or downgrading Junos OS for an aggregation device, always use the junos-install package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support
representative. For information about the contents of the junos-install package and details of the installation process, see the Installation and Upgrade Guide.
NOTE: Before upgrading, back up the file system and the currently active Junos OS configuration
so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:
user@host> request system snapshot
The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files), might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. See the Junos OS Software Installation and Upgrade Guide.
78
To download and install Junos OS:
1. Using a Web browser, navigate to the Download Software URL on the Juniper Networks webpage:
https://www.juniper.net/support/downloads/
2. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
3. Select By Technology > Junos Platform > Junos Fusion to find the software that you want to download.
4. Select the release number (the number of the software version that you want to download) from the Version drop-down list on the right of the page.
5. Select the Software tab.
6. Select the software package for the release.
7. Review and accept the End User License Agreement.
8. Download the software to a local host.
9. Copy the software to the routing platform or to your internal software distribution site.
10. Install the new junos-install package on the aggregation device.
NOTE: We recommend that you upgrade all software packages out of band using the console
because in-band connections are lost during the upgrade process.
Customers in the United States and Canada, use the following commands, where n is the spin number.
user@host> request system software add validate reboot
source/junos-install-ex92xx-x86-64-18.3R2.n.tgz
All other customers, use the following commands, where n is the spin number.
user@host> request system software add validate reboot
source/junos-install-ex92xx-x86-64-18.3R2.n-limited.tgz
Replace source with one of the following values:
/pathname—For a software package that is installed from a local directory on the router.
79
For software packages that are downloaded and installed from a remote location:
ftp://hostname/pathname
http://hostname/pathname
scp://hostname/pathname (available only for Canada and U.S. version)
The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.
Adding the reboot command reboots the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.

Upgrading an Aggregation Device with Redundant Routing Engines

If the aggregation device has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to minimize disrupting network operations as follows:
1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine and save the configuration change to both Routing Engines.
2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.
3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.
4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.
For the detailed procedure, see the Installation and Upgrade Guide.

Preparing the Switch for Satellite Device Conversion

There are multiple methods to upgrade or downgrade satellite software in your Junos Fusion Enterprise. See Configuring or Expanding a Junos Fusion Enterprise.
For satellite device hardware and software requirements, see Understanding Junos Fusion Enterprise
Software and Hardware Requirements.
Use the following command to install Junos OS on a switch before converting it into a satellite device:
user@host> request system software add validate reboot source/package-name
80
NOTE: The following conditions must be met before a Junos switch that is running Junos OS
Release 14.1X53-D43 can be converted to a satellite device when the action is initiated from the aggregation device:
The Junos switch can only be converted to SNOS 3.1 and higher.
The Junos switch must be either set to factory default configuration to factory default
configuration using the request system zeroize command, or the following command must be included in the configuration: set chassis auto-satellite-conversion.
When the interim installation has completed and the switch is running a version of Junos OS that is compatible with satellite device conversion, perform the following steps:
1. Log in to the device using the console port.
2. Clear the device:
[edit] user@satellite-device# request system zeroize
NOTE: The device reboots to complete the procedure for resetting the device.
If you are not logged in to the device using the console port connection, your connection to the device is lost after you enter the request system zeroize command.
If you lose connection to the device, log in using the console port.
3. (EX4300 switches only) After the reboot is complete, convert the built-in 40-Gbps QSFP+ interfaces from Virtual Chassis ports (VCPs) into network ports:
user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port port-number
For example, to convert all four built-in 40-Gbps QSFP+ interfaces on an EX4300-24P switch into network ports:
user@satellite-device>request virtual-chassis vc-port delete pic-slot 1 port 0 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 1 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 2 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 3
81
This step is required for the 40-Gbps QSFP+ interfaces that will be used as uplink interfaces in a Junos Fusion topology. Built-in 40-Gbps QSFP+ interfaces on EX4300 switches are configured into VCPs by default, and the default settings are restored after the device is reset.
After this initial preparation, you can use one of three methods to convert your switches into satellite devices—autoconversion, manual conversion, or preconfiguration. See Configuring or Expanding a Junos
Fusion Enterprise for detailed configuration steps for each method.

Converting a Satellite Device to a Standalone Switch

In the event that you need to convert a satellite device to a standalone device, you will need to install a new Junos OS software package on the satellite device and remove it from the Junos Fusion topology. For more information, see Converting a Satellite Device to a Standalone Device.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1,
17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from
Junos OS Release 17.1 to Release 17.3.
You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information on EEOL releases and to review a list of EEOL releases, see
https://www.juniper.net/support/eol/junos.html

Downgrading Junos OS

Junos Fusion Enterprise is first supported in Junos OS Release 16.1, although you can downgrade a standalone EX9200 switch to earlier Junos OS releases.
NOTE: You cannot downgrade more than three releases.
For more information, see the Installation and Upgrade Guide.
82
To downgrade a Junos Fusion Enterprise from Junos OS, follow the procedure for upgrading, but replace the junos-install package with one that corresponds to the appropriate release.
SEE ALSO
New and Changed Features | 72
Changes in Behavior and Syntax | 73
Known Behavior | 74
Known Issues | 75
Resolved Issues | 75
Documentation Updates | 77 Product Compatibility | 82

Product Compatibility

IN THIS SECTION
Hardware and Software Compatibility | 83
Hardware Compatibility Tool | 83

Hardware and Software Compatibility

For a complete list of all hardware and software requirements for a Junos Fusion Enterprise, including which Juniper Networks devices function as satellite devices, see Understanding Junos Fusion Enterprise
Software and Hardware Requirements in the Junos Fusion Enterprise User Guide.
To determine the features supported in a Junos Fusion, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at:
https://apps.juniper.net/feature-explorer/

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.
83
SEE ALSO
New and Changed Features | 72
Changes in Behavior and Syntax | 73
Known Behavior | 74
Known Issues | 75
Resolved Issues | 75
Documentation Updates | 77 Migration, Upgrade, and Downgrade Instructions | 77

Junos OS Release Notes for Junos Fusion Provider Edge

IN THIS SECTION
New and Changed Features | 84
Changes in Behavior and Syntax | 85
Known Behavior | 85
Known Issues | 86
Resolved Issues | 86
Documentation Updates | 88
Migration, Upgrade, and Downgrade Instructions | 88
Product Compatibility | 97
These release notes accompany Junos OS Release 18.3R2 for the Junos Fusion Provider Edge. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
84

New and Changed Features

IN THIS SECTION
Release 18.3R2 New and Changed Features | 84
Release 18.3R1 New and Changed Features | 84
This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for Junos Fusion Provider Edge.

Release 18.3R2 New and Changed Features

There are no new features or enhancements to existing features for Junos Fusion Provider Edge in Junos OS Release 18.3R2.

Release 18.3R1 New and Changed Features

There are no new features or enhancements to existing features for Junos Fusion Provider Edge in Junos OS Release 18.3R1.
SEE ALSO
Changes in Behavior and Syntax | 85
Known Behavior | 85
Known Issues | 86
Resolved Issues | 86
Documentation Updates | 88
Migration, Upgrade, and Downgrade Instructions | 88 Product Compatibility | 97

Changes in Behavior and Syntax

There are no changes in default behavior and syntax for Junos Fusion Provider Edge in Junos OS Release
18.3R2.
85
SEE ALSO
New and Changed Features | 84
Known Behavior | 85
Known Issues | 86
Resolved Issues | 86
Documentation Updates | 88
Migration, Upgrade, and Downgrade Instructions | 88 Product Compatibility | 97

Known Behavior

There are no known behaviors, system maximums, and limitations in hardware and software in Junos OS Release 18.3R2 for Junos Fusion Provider Edge.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
SEE ALSO
New and Changed Features | 84
Changes in Behavior and Syntax | 85
Known Issues | 86
Resolved Issues | 86
Documentation Updates | 88
Migration, Upgrade, and Downgrade Instructions | 88 Product Compatibility | 97

Known Issues

There are no known issues in the Junos OS Release 18.3R2 for Junos Fusion Provider Edge.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
86
SEE ALSO
New and Changed Features | 84
Changes in Behavior and Syntax | 85
Known Behavior | 85
Resolved Issues | 86
Documentation Updates | 88
Migration, Upgrade, and Downgrade Instructions | 88 Product Compatibility | 97

Resolved Issues

IN THIS SECTION
Resolved Issues: 18.3R2 | 87
Resolved Issues: 18.3R1 | 87
This section lists the issues fixed in the Junos OS main release and the maintenance releases for Junos Fusion Provider Edge.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 18.3R2

Junos Fusion Provider Edge
Laser receive power of extended ports is higher than the output power of the peer link. PR1358007
Broadcast,Unknown Unicast and Multicast(BUM) traffic might get dropped on peer Fusion Aggregation
Device when link between Satellite Device and local Aggregate Device goes down. PR1384440
Junos Fusion Satellite Software
The shutdown of the cascade port might lead to the invalidation of the MPC linecard. PR1360876
Extended Port (EP) LAG might go down on the Satellite Devices (SDs) if the related Cascade Port (CP)
links to an Aggregation Device (AD) goes down. PR1397992
87

Resolved Issues: 18.3R1

Junos Fusion
In Junos Fusion, the aggregation device LAG interface might flap during satellite device upgrade or
downgrade. PR1321575
ppmd crash after changing the mode of EX4300 from standalone to SD. PR1375647
The spmd core might be seen after executing request support information on Aggregation Device.
PR1375732
SEE ALSO
New and Changed Features | 84
Changes in Behavior and Syntax | 85
Known Behavior | 85
Known Issues | 86
Documentation Updates | 88
Migration, Upgrade, and Downgrade Instructions | 88 Product Compatibility | 97

Documentation Updates

There are no errata or changes in Junos OS Release 18.3R2 documentation for Junos Fusion Provider Edge.
SEE ALSO
New and Changed Features | 84
Changes in Behavior and Syntax | 85
Known Behavior | 85
Known Issues | 86
Resolved Issues | 86
Migration, Upgrade, and Downgrade Instructions | 88 Product Compatibility | 97
88

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION
Basic Procedure for Upgrading an Aggregation Device | 89
Upgrading an Aggregation Device with Redundant Routing Engines | 91
Preparing the Switch for Satellite Device Conversion | 92
Converting a Satellite Device to a Standalone Device | 93
Upgrading an Aggregation Device | 95
Upgrade and Downgrade Support Policy for Junos OS Releases | 96
Downgrading from Junos OS Release 18.3 | 96
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for Junos Fusion Provider Edge. Upgrading or downgrading Junos OS might take several hours, depending on the size and configuration of the network.

Basic Procedure for Upgrading an Aggregation Device

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and
Upgrade Guide.
NOTE: Before upgrading, back up the file system and the currently active Junos OS configuration
so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:
user@host> request system snapshot
The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files), might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. See the Junos OS Administration Library.
89
The download and installation process for Junos OS Release 18.3R2 is different from that for earlier Junos OS releases.
1. Using a Web browser, navigate to the Download Software URL on the Juniper Networks webpage:
https://www.juniper.net/support/downloads/
2. Log in to the Juniper Networks authentication system by using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
3. Select By Technology > Junos Platform > Junos Fusion to find the software that you want to download.
4. Select the release number (the number of the software version that you want to download) from the Version drop-down list to the right of the page.
5. Select the Software tab.
6. Select the software package for the release.
7. Review and accept the End User License Agreement.
8. Download the software to a local host.
9. Copy the software to the routing platform or to your internal software distribution site.
10. Install the new jinstall package on the aggregation device.
NOTE: We recommend that you upgrade all software packages out-of-band using the console,
because in-band connections are lost during the upgrade process.
Customers in the United States and Canada, use the following commands.
For 64-bit software:
NOTE: We recommend that you see 64-bit Junos OS software when implementing Junos
Fusion Provider Edge.
90
user@host> request system software add validate reboot
source/jinstall64-18.3R2.SPIN-domestic-signed.tgz
For 32-bit software:
user@host> request system software add validate reboot
source/jinstall-18.3R2.SPIN-domestic-signed.tgz
All other customers, use the following commands.
For 64-bit software:
NOTE: We recommend that you see 64-bit Junos OS software when implementing Junos
Fusion Provider Edge.
user@host> request system software add validate reboot
source/jinstall64-18.3R2.SPIN-export-signed.tgz
For 32-bit software:
user@host> request system software add validate reboot
source/jinstall-18.3R2.SPIN-export-signed.tgz
Replace source with one of the following values:
/pathname—For a software package that is installed from a local directory on the router.
For software packages that are downloaded and installed from a remote location:
ftp://hostname/pathname
http://hostname/pathname
scp://hostname/pathname (available only for the Canada and U.S. version)
The validate option validates the software package against the current configuration as a prerequisite for adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is for a different release.
Adding the reboot command reboots the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
91
NOTE: After you install a Junos OS Release 18.3R2 jinstall package, you cannot return to the
previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrading an Aggregation Device with Redundant Routing Engines

If the aggregation device has two Routing Engines, perform a Junos OS installation on each Routing Engine separately as follows to minimize disrupting network operations:
1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine and save the configuration change to both Routing Engines.
2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.
3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.
4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.
For the detailed procedure, see the Installation and Upgrade Guide.

Preparing the Switch for Satellite Device Conversion

Satellite devices in a Junos Fusion topology use a satellite software package that is different from the standard Junos OS software package. Before you can install the satellite software package on a satellite device, you first need to upgrade the target satellite device to an interim Junos OS software version that can be converted to satellite software. For satellite device hardware and software requirements, see
Understanding Junos Fusion Software and Hardware Requirements
NOTE: The following conditions must be met before a standalone switch that is running Junos
OS Release 14.1X53-D43 can be converted to a satellite device when the action is initiated from the aggregation device:
The switch can be converted to only SNOS 3.1 and later.
Either the switch must be set to factory-default configuration by using the request system
zeroize command, or the following command must be included in the configuration: set chassis auto-satellite-conversion.
92
Customers with EX4300 switches, use the following command:
user@host> request system software add validate reboot
source/jinstall-ex-4300-14.1X53-D43.3-domestic-signed.tgz
Customers with QFX5100 switches, use the following command:
user@host> request system software add reboot
source/jinstall-qfx-5-14.1X53-D43.3-domestic-signed.tgz
When the interim installation has completed and the switch is running a version of Junos OS that is compatible with satellite device conversion, perform the following steps:
1. Log in to the device by using the console port.
2. Clear the device:
[edit] user@satellite-device# request system zeroize
NOTE: The device reboots to complete the procedure for resetting the device.
If you are not logged in to the device by using the console port connection, your connection to the device is lost after you enter the request system zeroize command.
If you lose your connection to the device, log in using the console port.
3. (EX4300 switches only) After the reboot is complete, convert the built-in 40-Gbps QSFP+ interfaces from Virtual Chassis ports (VCPs) into network ports:
user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port port-number
For example, to convert all four built-in 40-Gbps QSFP+ interfaces on an EX4300-24P switch into network ports:
user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 0 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 1 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 2 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 3
93
This step is required for the 40-Gbps QSFP+ interfaces that will be used as uplink interfaces in a Junos Fusion topology. Built-in 40-Gbps QSFP+ interfaces on EX4300 switches are configured into VCPs by default, and the default settings are restored after the device is reset.
After this initial preparation, you can use one of three methods to convert your switches into satellite devices—autoconversion, manual conversion, and preconfiguration. See Configuring Junos Fusion Provider
Edge for detailed configuration steps for each method.

Converting a Satellite Device to a Standalone Device

If you need to convert a satellite device to a standalone device, you must install a new Junos OS software package on the satellite device and remove the satellite device from the Junos Fusion topology.
NOTE: If the satellite device is a QFX5100 switch, you need to install a PXE version of Junos
OS. The PXE version of Junos OS is software that includes pxe in the Junos OS package name when it is downloaded from the Software Center—for example, the PXE image for Junos OS Release 14.1X53-D43 is named install-media-pxe-qfx-5-14.1X53-D43.3-signed.tgz . If the satellite device is an EX4300 switch, you install a standard jinstall-ex-4300 version of Junos OS.
The following steps explain how to download software, remove the satellite device from Junos Fusion, and install the Junos OS software image on the satellite device so that the device can operate as a standalone device.
1. Using a Web browser, navigate to the Junos OS software download URL on the Juniper Networks webpage:
https://www.juniper.net/support/downloads
2. Log in to the Juniper Networks authentication system by using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.
3. Select By Technology > Junos Platform > Junos Fusion from the drop-down list and select the switch platform series and model for your satellite device.
4. Select the Junos OS Release 14.1X53-D30 software image for your platform.
5. Review and accept the End User License Agreement.
6. Download the software to a local host.
94
7. Copy the software to the routing platform or to your internal software distribution site.
8. Remove the satellite device from the automatic satellite conversion configuration.
If automatic satellite conversion is enabled for the satellite device’s member number, remove the member number from the automatic satellite conversion configuration. The satellite device’s member number is the same as the FPC slot ID.
[edit] user@aggregation-device# delete chassis satellite-management auto-satellite-conversion
satellite member-number
For example, to remove member number 101 from Junos Fusion:
[edit] user@aggregation-device# delete chassis satellite-management auto-satellite-conversion
satellite 101
You can check the automatic satellite conversion configuration by entering the show command at the [edit chassis satellite-management auto-satellite-conversion] hierarchy level.
9. Commit the configuration.
To commit the configuration to both Routing Engines:
[edit] user@aggregation-device# commit synchronize
Otherwise, commit the configuration to a single Routing Engine:
[edit] user@aggregation-device# commit
10. Install the Junos OS software on the satellite device to convert the device to a standalone device.
[edit] user@aggregation-device> request chassis satellite install URL-to-software-package fpc-slot
member-number
For example, to install a PXE software package stored in the /var/tmp directory on the aggregation device onto a QFX5100 switch acting as the satellite device using FPC slot 101:
[edit] user@aggregation-device> request chassis satellite install
/var/tmp/install-media-pxe-qfx-5-14.1X53-D43.3-signed.tgz fpc-slot 101
95
For example, to install a software package stored in the var/tmp directory on the aggregation device onto an EX4300 switch acting as the satellite device using FPC slot 101:
[edit] user@aggregation-device> request chassis satellite install
/var/tmp/jinstall-ex-4300-14.1X53-D30.3-domestic-signed.tgz fpc-slot 101
The satellite device stops participating in the Junos Fusion topology after the software installation starts. The software upgrade starts after this command is entered.
11. Wait for the reboot that accompanies the software installation to complete.
12. When you are prompted to log back into your device, uncable the device from the Junos Fusion topology. See Removing a Transceiver from a QFX Series Device or Remove a Transceiver, as needed. Your device has been removed from Junos Fusion.
NOTE: The device uses a factory-default configuration after the Junos OS installation is
complete.

Upgrading an Aggregation Device

When you upgrade an aggregation device to Junos OS Release 18.3R2, you must also upgrade your satellite device to Satellite Device Software version 3.1R1.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1,
17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from
Junos OS Release 17.1 to Release 17.3.
You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see
https://www.juniper.net/support/eol/junos.html.
96

Downgrading from Junos OS Release 18.3

To downgrade from Release 18.3 to another supported release, follow the procedure for upgrading, but replace the 18.3 jinstall package with one that corresponds to the appropriate release.
NOTE: You cannot downgrade more than three releases.
For more information, see the Installation and Upgrade Guide.
SEE ALSO
New and Changed Features | 84
Changes in Behavior and Syntax | 85
Known Behavior | 85
Known Issues | 86
Resolved Issues | 86
Documentation Updates | 88 Product Compatibility | 97

Product Compatibility

IN THIS SECTION
Hardware Compatibility | 97

Hardware Compatibility

To obtain information about the components that are supported on the devices, and special compatibility guidelines with the release, see the Hardware Guide and the Interface Module Reference for the product.
To determine the features supported on MX Series devices in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. See the Feature
Explorer.
97
Hardware Compatibility Tool
For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.
SEE ALSO
New and Changed Features | 84
Changes in Behavior and Syntax | 85
Known Behavior | 85
Known Issues | 86
Resolved Issues | 86
Documentation Updates | 88 Migration, Upgrade, and Downgrade Instructions | 88

Junos OS Release Notes for MX Series 5G Universal Routing Platform

IN THIS SECTION
New and Changed Features | 98
Changes in Behavior and Syntax | 116
Known Behavior | 124
Known Issues | 131
Resolved Issues | 148
Documentation Updates | 181
Migration, Upgrade, and Downgrade Instructions | 182
Product Compatibility | 189
98
These release notes accompany Junos OS Release 18.3R2 for the MX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

IN THIS SECTION
Release 18.3R2 New and Changed Features | 99
Release 18.3R1 New and Changed Features | 100
This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for the MX Series routers.

Release 18.3R2 New and Changed Features

MPLS
Control transport address used for targeted-LDP session (MX Series)—Currently, only the router-ID or
interface address is used as the LDP transport address. Starting in Junos OS Release 18.3R2, you can configure any other IP address as the transport address of targeted LDP sessions, session-groups, and interfaces. This new configuration is applicable only for configured LDP neighbors that have Layer 2 circuit, MPLS, and VPLS adjacencies.
This feature is beneficial when you have multiple loopback interface addresses, and different IGPs associated with LDP interfaces, and you can control the session established between targeted LDP neighbors with the configured transport address.
[See Control Transport Address Used for Targeted-LDP Session.]
Network Management and Monitoring
New major alarms on MX Series routers with MPC1 and MPC2—Starting in Junos OS Release 18.3R2,
on MX Series routers with MPC1 and MPC2 line cards, a major chassis alarm is raised when the following transient hardware errors occur:
99
CPQ Sram parity error
CPQ RLDRAM double bit ECC error
In the Description column of show chassis alarm outputs, these errors are described as 'FPC <slot number> Major Errors'. See an example below:
user@host> show chassis alarms
5 alarms currently active Alarm time Class Description 2018-10-05 18:48:06 PDT Major FPC 9 Major Errors
By default, these errors result in the Packet Forwarding Engine interfaces on the FPC being disabled. You can use the show chassis fpc errors command to view the default or user-configured action that resulted from the error.
You can check the syslog messages to know more about the errors. See the following examples:
Oct 5 15:58:02 codeine fpc1 MQCHIP(0) CPQ RLDRAM double bit ECC error, bank 0 addr 0x0 Oct 5 15:58:02 codeine fpc1 MQCHIP(0) CPQ Sram parity error, errlog 0x0
To resolve the error, restart the line card. If the error is still not resolved, open a support case using the Case Manager link at https://www.juniper.net/support/ or call 1-888-314-JTAC (within the United States) or 1-408-745-9500 (from outside the United States).
Routing Protocols
Support for creating IS-IS topology independent LFA for prefix-SIDs learned from LDP mapping
server—Starting in Junos OS Release 18.3R2, you can configure a point of local repair to create a topology independent loop-free alternate backup path for prefix-SIDs derived from LDP mapping server advertisements in an IS-IS network. In a network configured with segment routing, IS-IS uses the LDP mapping server advertisements to derive prefix-SIDs. LDP Mapping server advertisements for IPv6 are currently not supported.
To attach flags to LDP mapping server advertisements, include the attached statement at the [edit
routing-options source-packet-routing mapping-server-entry mapping-server-name] hierarchy level.

Release 18.3R1 New and Changed Features

100
Hardware
Support for JNP-SFP-10G-BX10D and JNP-SFP-10G-BX10U transceivers (MX80, MX104, MX240,
MX480, and MX960 with MIC-MACSEC-20GE)—Starting in Junos OS Release 18.3R1, the MX80, MX104, MX240, MX480, and MX960 installed with the MIC-MACSEC-20GE support the JNP-SFP-10G-BX10D and the JNP-SFP-10G-BX10U transceivers. The JNP-SFP-10G-BX10D and JNP-SFP-10G-BX10U transceivers are for single SMF bidirectional applications. A JNP-SFP-10G-BX10D transceiver should always be connected to a JNP-SFP-10G-BX10U transceiver with a single SMF. The operating link distance is up to 10 km. With a single LC receptacle, the JNP-SFP-10G-BX10D transmits a 1330 nm wavelength signal and receives a 1270 nm signal, whereas the JNP-SFP-10G-BX10U transmits a 1270 nm wavelength signal and receives a 1330 nm signal.
[See the Hardware Compatibility Tool.]
Support for 10-Gbps ports to operate at 1-Gbps speed (MX204 and MX10003)—Starting in Junos OS
Release 18.3R1, you can use the Mellanox 10-Gbps pluggable adapter (QSFP+ to SFP+ adapter or QSA; model number: MAM1Q00A-QSA) to convert 4 lane-based ports to a single lane-based SFP+ port. The QSA adapter has the QSFP+ form factor with a receptacle for the SFP+ module. Use the QSA adapter to convert a 40-Gbps port to a 10-Gbps or a 1-Gbps port.
NOTE:
The interface name prefix must be xe.
On the MX10003 router, the MACsec MIC does not provide 1-Gbps speed.
On MX204 and MX10003 routers, rate selectability at PIC level and port level does not
support 1-Gbps speed.
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use