Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
[+] Expand All
[-] Collapse All

Known Issues in NFX250 Network Services Platform

This section lists the known issues in hardware and software in Junos OS Release 15X53-D47 for NFX250.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.


  • There might be no checks when you configure the IP address on different logical units of interfaces. The commit will go through, and will be displayed in the configuration. [PR1150512]
  • The following commands are not supported:
    • clear system reboot and clear system commit
    • restart gracefully, restart immediately, restart init, and restart soft
    • show ethernet-switching, show version brief, show version all members, and show system services service-deployment


  • When you use the netconf command to display system information details such as model and OS, the system OS is displayed as QFX. [PR1194377]
  • Ubuntu package does not successfully install on the JDM container. As a workaround, install the package passwd by using the sudo apt-get install passwd command, which enables the useradd command again. [PR1168680]
  • When you configure a static route on JDM in enhanced-orchestration disabled mode, there might not be an explicit check to validate the IP address. [PR1173039]
  • The Network Service Orchestrator module commits the configuration on JDM, Junos Control Plane, and IPSec-NM sequentially. If the commit fails on any one of these system VNFs, the Network Service Orchestrator module automatically rolls back to the older configuration on the VNF where the commit error is seen. But, all prior Network Service Orchestrator module configuration commits on the earlier VNFs continue to exist and is not reversed. [PR1196253]
  • There is no commit check if the PCI address is reused for different interfaces in a VNF. It is recommend to stop the VNF and then add or delete interfaces [PR1205497]
  • Certain VNFs support hot plugging of virtio interfaces when the VNF is running. When a VLAN mapped interface is hot plugged to VNFs such as Centos, it is seen that the interface is not reachable from the vjunos0 VM. As a workaround, delete the VNF configuration and re-commit the complete configuration along with the new interface. [PR1213451]
  • After enabling or disabling the ipsec-nm service on the NFX250 platform, a warning message might not be displayed asking for a consent to reboot the device. The enabling or disabling action will be effective only after the device is rebooted. Similarly, no warning is displayed when Enhanced orchestration is either enabled or disabled. [PR1213489]
  • Pre-allocation of hugepages might not consider the available memory and proper commit check is required. It is advisable to use the feature based on free system memory availability. By default, the system requires up to 6 to 7 gigabytes of memory for various operations. The system might not function properly if more memory than what is available is allocated. [1213944]
  • While spawning a VNF, there might not be a commit check for the valid image type supported. [PR1221642]
  • If a VNF requests for more memory than the available system memory, commit might go through without any errors resulting in VNF going into a shut off state. As a workaround, use the show system visibility memory command to check the available free memory before spawning a VNF. Alternatively, check the log files and the VNF shut off reason will be captured in /var/log/syslog file. [PR1221647]
  • The following commands are not supported:
    • show host
    • request system software delete
    • request system software rollback
    • request system storage cleanup


  • DHCP service can be configured on custom system bridges for service chaining. There might be no commit check if the lower and higher values of the pool range are swapped. [PR1223247]
  • If the configured TACACS+ server has an IP that can be accessed from JDM, the tacplus pam might not wait till timeout in case TACACS+ server is unreachable. [PR1224420]
  • The Swap memory information displays incorrect values in the show system visibility jdm command output for NFX250 platforms with optimized SSD layouts. [PR1227528]
  • With enhanced-orchestration mode enabled and routing over management configured on vSRX for WAN redundancy for critical traffic, the system CPU utilization will reach 100% if WAN link goes down and traffic routes through out-of-band management. vSRX may not respond to ping or management requests. Egress traffic through management might be throttled. [PR1233478]
  • Removing the IRB configuration along with the DHCP configuration on JDM and rolling back the configuration might result in the DHCP service not functioning for service chaining of VNFs. [PR1234055]
  • Hugepages that are pre-configured through CLI are not used if a custom init-descriptor is used. [PR1245330]
  • When a VLAN tag is configured through a JDM CLI on a VNF that is provisioned to a DPDK enabled VM and the VM is spawned, the VLAN filtering or striping configuration on the VNF stops taking effect. Removing and recommitting the JDM vlan-id configuration on the VNF can resolve the issue unless the system or the VNF is rebooted. [PR 1251596]
  • show system visibility cpu command on JDM has the field values for IOWait and Intr always set to zero. [PR1258361]
  • Cross connect is not supported between the hsxe0 or hsxe1 interface, and the VNF interface that has vlan with vlan-id as none. However, the commit for such configuration might work without any commit errors. [PR1258879]
  • There might be warning messages displayed on the console during the boot-up process. [PR1259740]
  • Configuring more than the available number of SR-IOV interfaces in Enhanced mode might result in a state where the used MAC addresses for such interfaces are not released back to the system MAC pool on deletion of the VNF. [PR1259975]
  • Cross connect configuration is not supported for SR-IOV interfaces even though a commit error does not occur when the SR-IOV interface of a VNF is added to the cross connect. [PR1265128]
  • The performance of a service chain in the Enhanced Orchestration mode is reduced by 25Kpps for all SKUs when compared to 15.1x53-D47 release with the 15.1x49-D64 vSRX release. [PR1280720]
  • The number of VNF interfaces that can be configured on an NFX250 device is 20 in the Enhanced Orchestration mode. [PR1281134]
  • Internal management of VNFs happen over the 192.168.1.x internal subnet and the virbr0 bridge. Each VNF is allocated an IP in this subnet and the IP is assigned when the DHCP client is enabled on the interface mapped to virbr0. For the 15.1x53-D47 release, the IP assigned over DHCP also adds a default route to the routing table of the VNF. This does not have an impact on the regular data traffic. [PR 1281578]


  • There is no CLI command to clear interface flow-statistics on ipsec-nm. [PR1216474]
  • Initial allocation of hugepages is not guaranteed when the srxpfe is killed or restarted. [PR1233794]


  • The Alarm LED will be Amber for Major alarm instead of Red. In the NFX250-S1E model, the Alarm LED does not blink for any alarms. [PR1146307]
  • Configuring DSCP and DSCPv6 classifiers together on a Layer 2 interface is not supported. [PR1169529]
  • When the option accept-source-mac mac-address is configured on an interface and then deleted, no additional MAC's will be learnt on the interface. Only the MAC's which were earlier configured will be available. [PR1168197]
  • When LLDP is configured on vjunos0 on an NFX250 Network Services platform, the system name TLV(5) might not be advertised. [PR1169479]
  • There might a traffic drop in IPv4 multicast traffic on JCP when the flow-control is configured on interfaces and multicast traffic is more than 400pps. [PR1191794]
  • On an interface with family inet configured, you might not be able to configure a classifier or rewrite rules. [PR1262840]
  • If the traffic in the out-of-band interface is more, the control plane connectivity may get blocked for some time while the packets are processed. If this interruption persists, the connection between the PFE and control plane is cleared, which results in PFE restart or shutdown. You must make sure that there is no heavy traffic flow in the mgmt-VLAN. [PR1270689]


  • On an NFX250-S1E platform running vSRX VNF, the performance of SR-IOV with UTM and IDP is lower than VirtIO with UTM and IDP. [PR1214118]
  • If per-unit-scheduler is not configured, the IFD shaping fails and no packet is queued. [PR1264556 ]
  • After configuring the IFD shaping, the ingress interface cannot receive packets. [PR1264850]
  • The current maximum number of concurrent SIP calls is below the specified maximum limit. [PR1273356]

Related Documentation

Modified: 2017-09-08