Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Known Issues


This section lists the known issues in hardware and software in Junos OS Release 16.2R2 for MX Series and T Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Forwarding and Sampling

  • Impact of Policing filter creation and application to the LSP in the same commit sequence–It is known that policing filter application to the LSP is catastrophic. Any active LSP carrying traffic when applied a policing filter tears down and resignals and drops traffic for ~2 seconds. In Junos OS Release 16.1R1, it would take up to 30 seconds for the LSP to come up if 1. Creation of the policing filter and application of the same to the LSP through configuration in the same commit sequence 2. Load override of a configuration file that has policing filter and policing filter application to the LSP followed by commit. PR1160669

  • Inline JFlow (MXVC) : NextHop Address/OIF being reported by IPv6 template on MXVC setup is incorrect–Root Cause of the Problem: +++++++++++++++++++++++++ As per the investigation from RPD : we have is an interface for a direct route starting in ifdown condition. The remote side is then brought up, so I/F goes to ifup. Since it is a direct route, rpd does not install the route or nexthop. It receives that info from the kernel, and just updates a nexthop in rpd local storage. route and nexthop for the interface are taken care of in the kernel. There is no route change in rpd. route_record depends on route flash to find out about updates. That is the architecture. Since there is no route change, there is no route flash, so route_record is blissfully unaware. In order to change this, we would need to decide that we want a route flash for this case. Currently, for direct and local routes / nexthops, these are "don't care" in rpd, as far as route updates go. We just update our nexthop info, without marking for any other notifications. To change this, we would need to find the correct place to decide we need to flash the route, and at the same time, make sure we don't do any harm to anything else. That is what I am currently working on finding. A complication for the solution is a change that was done for PR 1002287, where if the NOTINSTALL flag is set, do not send the update to srrd. That flag is set for direct and local routes. Incidently, this is day-one operation. If the interface is up at startup, it should all work correctly. Why is the pfe depending on rpd / srrd to get the info for sampling when it is already there in the forwarding table ? +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++ FIB table can provide OIF/GW only. SRC_MASK, DST_MASK, SRC_AS and DST_AS are not available in PFE FIB Table. So SRRD connection is required. Listening to both SRRD and FIB table, and consolidating information will complicate implementation. Scanning entire FIB Table just for the few such routes will have performance impact and will complicate present implementation. This is day 1 implementation for SRRD/Sampled. Workarounds: ++++++++++++ There are two possible workarounds a) A workaround would be to have the far end interface up when the DUT interface is brought up. In the case where that is not happening, a recovery would be to disable the DUT interface, then enable it again. At that point, everything should be initially brought up in the state we are looking for. b) enable nexthop-learning knob. Please refer to the documentation on the working of this knob before enabling. PR1224105

  • The "dfwinfo: tvptest:dfwlib_owner_create tvp driven policer_byte_count support 0" message is seen after running the show firewall command. This behavior is specific to Junos OS release 16.1 and is a cosmetic issue. << sample config >> set interfaces ge-0/0/0 unit 0 family inet filter input test_filter set interfaces ge-0/0/0 unit 0 family inet address set firewall family inet filter test_filter term policer then policer policer_test set firewall policer policer_test if-exceeding bandwidth-limit 100m set firewall policer policer_test if-exceeding burst-size-limit 125k set firewall policer policer_test then loss-priority low PR1248134

General Routing

  • The static subscriber process (jsscd) might crash in a scaled environment -- The jsscd process might crash in a static-subscribers scaling environment (e.g. 112K total subscribers, 77K dhcp subscribers, 3K static-subscribers, 32K dynamic vlans). When this issue occurs the subscribers might be lost. abc@abc_RE0> show system core-dumps -rw-rw---- 1 root field 8088852 Jan 1 11:11 /var/tmp/jsscd.core-tarball.0.tgz. PR1133780

  • On MX routers simultaneously equipped with DPC and MPC, the following messages are reported by MPC and DPC respectively, and traffic loss might be observed after performing ISSU.

    MPC reports "FI Cell underflow at the state stage" DPC reports "Non first cell drops in ichip fi rord:xxxx"

    The issues is seen on the following MPCs:

    • MX-MPC1-3D

    • MX-MPC1-3D-Q

    • MX-MPC1E-3D

    • MX-MPC1E-3D-Q

    • MX-MPC2-3D

    • MX-MPC2-3D-Q

    • MX-MPC2-3D-EQ

    • MX-MPC2E-3D

    • MX-MPC2E-3D-Q

    • MX-MPC2E-3D-EQ

    • MPC-3D-16XGE-SFPP

    • MPCE-3D-16XGE-SFPP


  • Chef for Junos supports additional resources to enable easier configuration of networking devices. These are available in the form of netdev-resources. The netdev-resource developed for interface configuration has a limitation to configure XE interface. Netdev-interface resource assumes that 'speed' is a configurable parameter which is supported on a GE interface but not on an XE interface. Hence netdev-interface resource cannot be used to configure an XE interface due to this limitation. This limitation is applicable to packages chef-11.10.4_1.1.*.tgz chef-11.10.4_2.0_*.tgz in all platforms {i386/x86-32/powerpc}. PR1181475

  • AMS redundant interfaces not listed under possible- auto-completions the following operational commands:

    • show interfaces redundancy

    • request interface switchover


  • AMS redundant interfaces not listed under possible auto-completions for the following operational commands:

    • show interfaces redundancy

    • request interface switchover


  • As described in RFC7130, when LACP is used and considers the member link to be ready to forward traffic, the member link must not be used by the load balancer until all the micro-BFD sessions of the particular member link are in the up state. PR1192161

  • During ISSU (unified in-service software upgrade) it might be noticed that the below log messages are displayed: SFP: pointer Null, sfp_set_present This might trigger a flap in the interfaces on MX routers while upgrading using ISSU. PR1200045

  • A few sessions are always dropped during session setup with IPsec, consistently seen above 1M sessions. PR1204566

  • Major errors might be seen on MPC3/FPC3 with 1X100 and 5x100 DWDM MIC/PIC. user@router> show chassis alarms no-forwarding 1 alarms currently active Alarm time Class Description <timestamp> Major FPC 3 Major Errors The following messages are seen in the logs: fpc3 Cmerror Op Sub Set: 5-port 100G DWDM MIC/PIC : 5-port 100G DWDM MIC/PIC(3/0) link 0 : DSP loss of lock fpc3 Cmerror Op Sub Set: 5-port 100G DWDM MIC/PIC : 5-port 100G DWDM MIC/PIC(3/0) link 0 : DFE tuning failed alarmd[16241]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 3 Major Errors craftd[15906]: Major alarm set, FPC 3 Major Errors. PR1204566

  • The /etc/passwd file is created in the process of the first commit when a pristine jinstall image is used to boot for the first time. If event-options is configured, the system will try to read the configuration from the available event scripts which requires privileges obtained from the /etc/passwd file. That causes a circular dependency as the commit will not pass if the configuration includes event-options the first time a pristine image boots up, which is the case of an upgrade performed with virsh create. PR1220671

  • No optic lane diag exported for XFP optic in both CLI and snmp. PR1223742

  • A wrong PE is being attached to an ESI when the router receives two copies of the same AD/ESI route (e.g. one through eBGP and another one received from an iBGP neighbor). This will causes partial traffic blackhaule and stale MAC entries. You can confirm the issue by checking the members of the ESI: user@router> show evpn instance extensive ... Number of ethernet segments: 5 ESI: 00:13:78:00:00:00:00:00:00:01 Status: Resolved Number of remote PEs connected: 3 Remote PE MAC label Aliasing label Mode 0 0 all-active 200 0 all-active <<<< this PE is not part of the ESI 200 0 all-active. PR1231402

  • When SW detects an uncorrectable XR2 error, which are in fixed locations relative to queues in XQ, it removes the queues from service by moving the traffic to a new L4 and new set of queues, using other XR2 locations. Currently the queues/L4 that are removed are never returned to service until reset. This mechanism would be expanded to include L4NP parity errors, and possibly others as well. In this case when an L4NP parity error is detected we remove the L4 and queues from service. PR1232952

  • On MX series with rpd in "ASYNC" mode, if the distributed IGMP is configured, rpd core might be seen, and causing rpd crash. PR1238333

  • For ANCP subscribers in Idle state the previously reported speed in ANCP Port UP message is not applied. PR1242992

  • ANCP neighbors going down after commit in case any ANCP related configuration was changed. PR1243164

  • In a junos telemetry interface environment, the FPC might crash when adding physical interface sensor during FPC coming up. It is because during FPC coming up, the IFD (physical interface) does not exist. At this point, if accessing IFD, the FPC might crash. PR1243411

  • VPLS mac table is not being populated properly when checked with CLI "show vpls mac-table", though all subscribers have traffic. Thus it is considered a cosmetic issue. PR1257605

  • On some T series platform routers, the LSI statistics are not shown in Aggregated Ethernet Interface Bundles and also the input stats counter for Aggregated Ethernet does not include MPLS traffic. PR1258003

  • Due to transient Hardware error conditions only syslog events XMCHIP(x) FI: Cell underflow at the state stage - Stream 0, Count 65535 are reported which is a sign of fabric stream wedge. Additional traffic flow register pointers are validated and if stalled a new CMERROR alarm is raised "XMCHIP(x) FI: Cell underflow errors with reorder engine pointers stalled - Stream 0, late_cell_value 65535, max_rdr_ptr 0x6a9, reorder_ptr 0x2ae" PR1264656

  • Due to transient Hardware events, fabric stream may report 'CPQ1: Queue unrderrun indication - Queue <q#>' in continuous occurrence. For each such events, all fabric traffic is queued for this Packet Forwarding Engine reporting the error and causes very high amount of fabric drops.PR1265385

  • HALP-lbnh_xlate_cntr_db_get_stats:250counter id 1573873: Unable to find lbnh xlate counter messages are flooding the syslog. This is only a syslog entry and there is no operational impact. PR1268452

  • On MIC-3D-20GE-SFP-E and MIC-3D-20GE-SFP-EH, an interrupt threshold was introduced, if MIC error interrupts are more than the threshold (> 2500 per 5min), the MIC will be restarted. Due to that change, MIC error interrupts will hog the CPU when restart is initiated. PR1270420

High Availability (HA) and Resiliency

  • In a rare scenario, GRES might not reach the ready state and might fail to start, because the Routing Engine does not receive the state ack message from the Packet Forwarding Engine after performing graceful Routing Engine switchover (GRES). This is a timing issue. It might also stop Routing Engine resource releasing and then cause resource exhausting. Reboot the system if this problem occurs. PR1236882

Interfaces and Chassis

  • After changing the MTU on the IFD, on the static vlan demux interface above the IFD IPv6 Link Local address is not assigned. PR1063404

  • During configuration changes and reuse of Virtual IP on an interface as a interface address, it is required to delete the configuration do a commit and then add the interface address configuration in the following commit. PR1191371

  • IPV6 neighbor ship is not created on the IRB interface. PR1198482

  • In a VPLS Multi-homing scenario, the CFM packets are forwarded over the standby PE link resulting in duplicate packets or loop between the active and standby link. PR1253542

  • JUNOS upgrade involving releases 14.2R5 (and above in 14.2 maintenance releases) and 16.1 above mainline releases with CFM configuration can cause CFMD core post upgrade. This is due the old version of /var/db/cfm.db. PR1281073

Junos Fusion Provider Edge

  • In a Junos Fusion setup, fixed connectivity issues between two VLANs on the same extended port. PR1264900

  • Junos OS upgrade involving Junos OS Release 14.2R5 and later maintenance releases and Junos OS Release 16.1 and later mainline releases with CFM configuration can cause cfmd to generate a core file after upgrade. This is due to the old version of /var/db/cfm.db. PR1281073

Layer 2 Features

  • When input-vlan-map with a push operation is enabled for dual-tagged interfaces in "Enhanced-IP" mode, there is a probability that the broadcast, unknown unicast, and multicast (BUM) traffic might be silently dropped or discarded on some of the child interfaces of the egress Aggregated Ethernet (AE) interfaces or on some of the equal-cost multipath (ECMP) corelinks. PR1078617

  • Starting in Junos OS Release 14.2R3 the show class-of-service fabric statistics CLI command might fail with Error = Operation timed out message in some cases (especially if there are many FPCs in the chassis). This occurs because data structures used to query fabric statistics became significantly larger in later releases. Thus when multiple FPCs start transmitting data to the Routing Engine at the same time, some packets might get dropped in the internal Ethernet switch on the control board. If retransmission does not happen within the timeout, the Operation timed out error is seen. PR1228293

  • After changing the underlying physical interface (IFD) for a static VLAN demux interface the NAS-Port-ID is formed still based on the previous IFD. PR1255377

  • In VPLS topologies the kernel might report the error pointchange for TLV type 00000052 not supported on IFL <name> in /var/log/messages where <name> is a VT or LSI interface used by VPLS. The trigger to cause the issue depends on timing and is most often seen with high VPLS pseudowrite scaling when multihoming is configured, but other triggers might apply as well. The problem might cause high rpd CPU utilization, which can slow routing convergence. PR1279192


  • The routing protocol process (rpd) might stop running unexpectedly if a static MPLS LSP is moved from one routing instance to another routing instance in one single configuration change with one single commit. The rpd will need a manual restart with restart routing. PR1238698

  • A new configuration protocols mpls traffic-engineering bgp-igp-both-ribs in the routing instance is required to make cOC work. PR1252043

  • The throughput measurement might be inaccurate when doing performance measurement on an MPLS label-switched path. PR1274822

  • The throughput measurement may be inaccurate when doing performance measurement on a MPLS label-switched-path. PR1274822

Platform and Infrastructure

  • When TCP authentication is enabled on a TCP session, the TCP session may not use the selective acknowledgement (SACK) TCP extensions. PR1024798

  • On MX Series platform, parity memory errors might happen in pre-classifier engines within a MPC. Packets will be silently discarded as such errors are not reported and makes it harder to diagnose. After the change in this PR, CM-ERRORs, such as syslogs and alarms, will be raised when parity memory errors occur. PR1059137

  • SNMP queries to retrieve jnxRpmResSumPercentLost will return the RPM/TWAMP probe loss percentage as an integer value, whereas the precise value (including decimal points) can be retrieved through the CLI by using the following commands: show services rpm probe-results, and show services rpm twamp client probe-results. PR1104897

  • The mustd daemon might crash when large configurations are committed. PR1186326

  • Multicast traffic might get dropped when the STP port role is changed. As a workaround, toggle the IGMP snooping membership. PR1193325

  • On rare occasions during the route add/delete/change operation, the kernel might encounter a crash with the error rn_clone_unwire no ifclone parent. PR1253362

Routing Protocols

  • In rare cases, rpd might generate a core file with error rt_notbest_sanity: Path selection failure on .... The core is “soft”, which means there should be no impact to traffic or routing protocols. PR946415

  • On MX Series routers, when an instance type is changed from VPLS to EVPN, and in the same commit an interface is added to the EVPN instance, the newly added EVPN interface might not be able to come up. PR1016797

  • In the context of large number of configured VPNs, routes changing in the midst of a bgp path-selection configuration change can sometimes lead to an rpd core. This core has been seen with the removal of the always-compare-med option. PR1213131

  • Starting in Junos OS Release, 16.1R2, when BGP add-path is configured and the same prefix is received from multiple peers with different source AS, depending on the order that the prefix advertisements are received in, the rpd might crash. PR1223651

  • On rpd crash with switchover-on-routing-crash enabled on box, live vmcores might be seen on both Routing Engines without an impact on the system. PR1267796

Services Applications

  • In an L2TP scenario, when the LNS is flooded by high rate L2TP messages from LAC, the CPU on the Routing Engine might keep too busy to bring up new sessions. PR990081

  • When MS-PIC is running on T640/T1600/T4000, the number of maximum service sets is incorrectly limited to 4000, instead of 12000. This might impact a scaled service (IPsec, IDS, NAT, stateful firewall filter, and so on) environment. PR1195088

  • When loading or rolling back a configuration that removes a serviceset and changes where the MS interfaces are assigned, traffic might be silently dropped or discarded to a series of the existing service sets. PR1223302

  • If an L2TP subscriber has static pp0 interface on the LAC side, LCP renegotiation is configured on the LNS side and the CPE has been changed, it can cause an issue with successful negotiation of the PPP session between LNS and CPE. PR1235554

  • Account Session ID, Interface Identifier, and Subscriber User Name trigger attributes are optimized for a scaled subscriber management environment. If you include any of the other, non-optimized, trigger attributes in a scaled subscriber management environment, a significant delay might be observed between the time when the DTCP ADD message is sent and the time when forwarding starts for the mirrored traffic. For example, if there are 10,000 subscriber sessions on the router, forwarding of the mirrored traffic might be delayed for 20 minutes. This delay occurs when you specify any non-optimized attribute, with or without any optimized attribute. The delay occurs regardless of the order of attributes in the DTCP packet. PR1269770

Subscriber Access Management

  • On MX series platform, when using RADIUS dynamic requests for subscriber access management, if the device detects that the CoA-Request it received is he same as one already being processed, the device incorrectly sends the CoA-NAK packet back to the RADIUS server with incorrect code 122 (invalid request), before sending the CoA-ACK packet in response to the original CoA-Request that was being processed. In this case the router should ignore all RADIUS CoA-Request retries and respond only to the original CoA-Request packet. PR1198691

  • On MX Series routers with subscriber management feature enabled, after GRES switchover "show network-access aaa statistics radius" CLI command display only zeros and "clear network-access aaa statistics radius" doesn't clear statistics as it should. It's a cosmetic issue and communication with Radius server is working fine, the only impact is that affected CLI commands do not work as expected. PR1208735

  • Subscribers get stuck in terminated state during pppoe login/logout test. PR1262219


  • In NG-MVPN scenario, when "forwarding-cache timeout never non-discard-entry-only" is configured for an MVPN instance, even though the cache lifetime is shown as forever in the output of CLI command "show multicast route instance X extensive", the route disappears after 7-8 minutes. PR1212061