Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Resolved Issues


This section lists the issues fixed in the Junos OS main 16.2R2 Release for MX Series and T Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 16.2R2

Class of Service (CoS)

  • When the "chained-composite-next-hop" is enabled for Layer 3 VPN routes, MPLS CoS rewrite rules attached to the core-facing interface for "protocol mpls-inet-both-non-vpn" are applied not only to non-VPN traffic (which is the correct behavior) but also to Layer 3 VPN traffic. That is, both MPLS and IP headers in Layer 3 VPN traffic receive CoS rewrite. PR1062648

  • If the hidden command "show class-of-service queue-consumption" is executed many times (in this case, for 100 times), in a rare condition, the cosd process might crash with a core file generated. The core files could be seen by executing the CLI command "show system core-dumps". PR1066009

  • In phase 1 of Junos Fusion Provider Edge, extended ports do not support SNMP-based CoS statistics. Polling an EP port for CoS stats can trigger a cosd core file. PR1205512

  • When CoS is configured, in a very rare situation, due to the timing issue between dcd and cosd during commit, the cosd might crash. For example, if you delete an interface that belongs to an AE interface and then configure it as a single port with CoS in a single commit, this issue might occur. PR1220524

  • The "show interfaces queue <if-name>" command has three display options:

    • show interfaces queue <if-name>: Displays queued/transmitted/dropped packets/bytes for all IFD children.

    • show interfaces queue <if-name> aggregate: Displays queued/transmitted/dropped packets/bytes for all IFD children except for IFD RTP traffic

    • show interfaces queue <if-name> remaining: Displays queued/transmitted/dropped packets/bytes for IFD RTP traffic only.

    Note that unlike queued/transmitted/dropped counters, queues depth values cannot be aggregated.

    The following should be true for queues depth values:

    • show interfaces queue <if-name>: Displays queues depth values for RTP queues

    • show interfaces queue <if-name> aggregate: Displays queues depth values for RTP queues

    • show interfaces queue <if-name> remaining: Displays queues depth values for RTP queues

    The above logic is the same for physical interfaces, interface sets and logical interfaces units. PR1226558

  • On MX Series and T Series routers with ingress and egress queueing enabled, input traffic-control-profile is configured, but no output traffic-control-profile on IFL. After you activate/deactivate the CoS configuration, the cosd process might crash. PR1236866

  • The error message of cos_check_temporal_buffer_status might be observed when configuring hierarchical CoS with strict-high scheduling. PR1238719

Forwarding and Sampling

  • On MX Series routers, if the "compress" and "backup-on-failure" options are configured under accounting-options file <file-name> hierarchy, due to an issue in the source file lookup when "compress" option is enabled, local backup might not perform after transfer to archive site fails. PR1198095

  • If a two-color policer is configured on MX Series routers with MPCs/MICs, more traffic than the limited traffic might be passed when packet size is less than 128 bytes. PR1207810

  • Bandwidth-percent policer does not work on the ps interface, which will result in a commit error. PR1225977

  • In firewall_service.proto file, AccessListObjBind changed. The member "bind_object" in AccessListObjBind is no longer a string object; it changed to "one of" structure which is shown as follows:

    message AccessListObjBind { // ACL AccessList acl = 1; // Binding object type AccessListBindObjType obj_type = 2; // Bind object name where the ACL is to be bound string bind_object = 3; // Bind direction AclBindDirection bind_direction = 4; // Family on the bind object. Must match with the ACL family AccessListFamilies bind_family = 5; }

    Starting in Junos OS Release 16.2R2 release AccessListObjBind message member “string bind_object“ changed as follows:

    message AccessListBindObjPoint { oneof OneOf_AclBindPoint { // Bind object name where the ACL is to be bound string intf = 1; } } /* * Per forwarding element ACL binding */ message AccessListObjBind { // ACL AccessList acl = 1; // Binding object type AccessListBindObjType obj_type = 2; // Bind object name where the ACL is to be bound - string bind_object = 3; + AccessListBindObjPoint bind_object = 3; // Bind direction AclBindDirection bind_direction = 4; // Family on the bind object. Must match with the ACL family AccessListFamilies bind_family = 5; }PR1230587

  • When a firewall filter (family "any") with a shared-bandwidth-policer is applied on an MC-AE interface, it will be configured with bandwidth 0 and carve-up factor 0 as expected. But after MC-AE A/S switchover when standby becomes active, the policer would not reconfigure, still have the bandwidth of 0 and drop all packets. PR1232607

  • With sampling configuration, if you do not define a version for the second flow server, after committing configuration, the backup Routing Engine might reboot. It might affect how routing protocols are replicated to the backup Routing Engine. PR1233155

  • On MX Series routers with "ipv4-flow-table-size" or "ipv6-flow-table-size" configuration, if sampling instance is not defined under chassis hierarchy (sampling instance is not associated to FPC), after rebooting the router, the "ipv4-flow-table-size" or "ipv6-flow-table-size" does not propagate to FPC. PR1234905

  • When 'push-backup-to-master' knob is configured under accounting-options file section, the corresponding accounting files need to be pushed to master RE from standby RE. But due to a software defect, the following issues are observed.

    • 1) The files push from standby Routing Engine to master Routing Engine was happening irrespective of this push-backup-to-master configuration statement.

    • 2) The files push from standby Routing Engine to master Routing Engine was not happening when the backup option is configured as 'master-only'.


  • J-Flow version 9 cannot get TCP flag information from IPv6 fragment packets. However, it can get other information like src and dst ports infromation. It can get sampling information partially from the TCP header in IPv6 fragment packets. PR1239817

  • J-Flow version 9 is sending the flows with the source-address inverted in the show firewall log. PR1249553

  • On MX Series routers, after GRES or configuration change that leads to pfed core file and restart, the routers might send for every single session 5 AcctInterim update. PR1249770

  • In MX Series subscriber management environment; the layer 2 address learning daemon (l2ald) daemon might crash during EVPL subscriber login logout stress test. PR1258853

  • The final service stats are queried via the on-demand service stats handling module of the pfed process. When the responses are returned from the Packet Forwarding Engine to the Routing Engine through pfed), they are mapped to the request via the request ID as well as location offset. When there are more than one filter configured for a BBE filter service session (out of IPV4,IPV6 IN,OUT filters), more than one request will be sent to the same location (Packet Forwarding Engine) with the same request ID. PR1262876

  • Routing-instances information of the physical interface is not showing in the flat accounting file when the interface is attached to the aggregate Ethernet interface. This behavior is seen when using flat file accounting for L2BSA subscribers. PR1275225

General Routing

  • This is a timing issue. After deleting and reconfiguring a VRF instance or changing route-distinguisher in VRF instance while rpf-check is enabled, the rpd process might crash. The routing protocols are impacted and traffic disruption will be seen due to loss of routing information. PR911547

  • In an MX Series Virtual Chassis (MX-VC) environment, the private local next hops and routes pointing to private local next hops are sent to the Packet Forwarding Engine from the master Routing Engine and not to the secondary Routing Engine. Next, a Routing Engine switchover happens. Because the new master Routing Engine does not detect such next hops and routes, they are not cleaned up. When a next hop with the same index is added on the new master Routing Engine and sent to the Packet Forwarding Engine, the Packet Forwarding Engine might crash due to a stale next hop. PR951420

  • An incorrect byte count was seen in the ipfix exported statistics packets for MPLS flows. PR1067084

  • When ingress and egress layer2-overhead is configured on a dynamic subscriber interface, the layer2-overhead bytes are not added to the IFL stats. PR1096323

  • On MX Series routers with MS-MPC/MS-MIC in use, if the NAT session is freed/removed without removing the timer wheel entry, the MS-MPC/MS-MIC might crash. This is a timing issue in which just before invoking the timer wheel callback, the NAT session extension got freed/removed. PR1117662

  • With l2tp subscribers, all FPCs except the card that hosts subscribers will report a log message "jnh_if_get_input_feature_list(9723): Could not find ifl state" after every subscriber's login attempt. PR1140527

  • On MX Series routers with services PIC (MS-DPC/MS-MPC/MS-MIC), the ICMP time exceeded error packet is not generated on an IPsec router on the de-encapsulation side. PR1163472

  • On MS-MPC or MS-PIC, OSPF adjacency may fail to establish when there is no static route pointing to service PIC. PR1164517

  • In all Junos OS with EVPN scenario, the Layer 2 address learning daemon (l2ald) might not clean up the RNH_LE entry when the BGP neighbor is down and cause the end-to-end traffic of EVPN to be dropped. PR1173420

  • NAT64 service-set:Port block efficiency and unique pool users statistics display incorrect values when the NAT POOL is modified dynamically with CGNAT traffic for the particular term in the NAT rule. PR1177244

  • On dual Routing Engine systems, the false alarm message "Host 1 failed to mount /var off HDD, emergency /var created" is observed if the master Routing Engine and backup Routing Engine are running on different Junos OS versions. PR1177571

  • Destination-prefix-list support list added for NAT rule with twice-napt-44 translation. Customer will be able to define a prefix list and match it in the NAT rule while using twice-napt-44. PR1177732

  • If the MIC-3D-4XGE-XFP is used with MPC2E-3D-NG or MPC3E-3D-NG, the interfaces on the MIC-3D-4XGE-XFP connected to a DWDM device might flap continuously. PR1180890

  • When MS-MIC/MS-MPC is installed on an MX Series router, PIC card on MS-MIC/MS-MPC might crash in rare cases. This is a timing issue that might cause traffic loss and has no exact aspect of configurations for trigging the issue. PR1182807

  • Fragmented ALG control traffic is not supported on the MS-MPC or MS-MIC. PR1182910

  • On MX Series routers, MS-MIC crash might occur. The exact trigger of the issue is unknown; generally, this issue might happen very rarely without any external triggers. The crash might occur with any services configuration, with core files pointing to a Program terminated with signal 4, Illegal instruction. PR1183828

  • FRU model numbers might be missing or incorrect as follows.

    740-013110 PDM-MX960

    740-057995 FFANTRAY-MX960-HC-S

    750-033205 MX-MPC3E-3D (incorrect)

    750-038493 MX-MPC2E-3D-Q

    750-044130 MX2K-MPC6E

    750-045372 MX-MPC3E-3D

    750-046005 MPC5EQ-100G10G

    750-046532 MIC6-10G

    750-049457 MIC6-100G-CFP2

    750-054563 MPC5E-40G10G

    750-054902 MPC3E-3D-NG

    750-054903 MPC2E-3D-NG-Q

    750-055976 SCBE2-MX-S

    all CFP, CFP2, QSFPP, QSFP28 optics

    all MX2000 FRUs

    all MPC7E, MPC8E, MPC9E, SFB2 FRUs

    Note that 'show chassis hardware models' displays correct information, but optics are missing from that output. PR1186245

  • On a Junos-based platform, CHASSISD_I2CS_READBACK_ERROR error might occur on a single occurrence of I2C read failure. A single occurrence is a transient error and may be seen randomly without any particular trigger. This type of message should be reported only when there are three consecutive I2C read failures. PR1187421

  • When VC-Heartbeat is configured, the MX Series virtual chassis split detection feature should cause the backup chassis to enter line card isolation mode, powering off all FPCs to force external gear to reroute traffic. A race condition in the mechanism can cause the backup chassis to also become protocol master, and leave its line cards in an operational state, which is undesirable. PR1187567

  • On MX Series routers with NAT service configured on AMS interfaces, after rebooting FPC/PIC, the NAT pool split between AMS members is incorrect. There are overlapping IP pools and sometimes missing pools, causing NAT to work incorrectly. PR1190461

  • On MX Series routers with Junos Telemetry Interface, and with the "set routing-options lsp-telemetry" configuration statement configured. When SDN-telemetry (the agentd process) is disabled or continuously restarted, certain messages are repeatedly logged into syslog, the rpd and eventd processes CPU may get near 100%, and eventually the agentd also gets near 100%. When this issue happens, the agentd process is not able to accept new subscriptions, dropping all existing subscriptions. It can be triggered by restarting consecutively SDN-telemetry (the agentd process), or after device reboot. PR1192366

  • In an MX BNG subscriber management environment, Radius accounting statistics provided by the MX Series BNG might slightly deviate from the actual statistics if the subscriber session terminated abruptly while traffic flow was active. PR1192775

  • Configuring an RLT interface and rebooting the router shows the RLT interface is down. The show l2circuit connection shows an MTU mismatch as the immediate cause. PR1192932

  • Prior to this PR, when T-series SCG lost an external clock source, clock state remained hold-over mode forever. This PR has changed the behavior so that the state would automatically be changed from hold-over to free-run after 24 hours. PR1197380

  • On MX Series routers with MPC5E installed, in a high-temperature situation, the temperature thresholds for triggering the high temperature alarm and controlling fan speed are based on the FPC level. Any sensor values in the FPC that exceed the temperature threshold of the FPC trigger the actions associated with temperature thresholds. PR1199447

  • With MPC8/9 MRATE MIC. With a plug-in optics module(QSFP28-100GBASE-LR4), bit errors might be seen. PR1200010

  • On MX Series routers, the mspmand process might crash on the MS-MPC with XLP B2 chip (for example, REV17). The exact trigger is unknown. It is usually seen with 70% to 90+% CPU load conditions. PR1200149

  • When performing unified ISSU on MX Series routers, the MPC might crash during the field-replaceable unit (FRU) upgrade process. PR1200690

  • A dynamic tunnel gets timed out every 15 mins by default, and then re-tries to create another tunnel. This happens if the route obtained from IGP is non-forwarding. PR1202926

  • When PPPoE subscribers log in to or out of the device, an SNMP link up/down trap will be generated by the system if "no-trap" is configured in the corresponding dynamic-profile. PR1204949

  • SMID daemon has stopped responding to the management requests after a jl2tpd (L2TP daemon) crash on a production MX960 BNG. PR1205546

  • Problem - In case of local source and with ASM MoFRR enabled, the default MDT traffic loops back to the originating router on the MoFRR backup interface, thereby causing continous IIF_mismatches. PR1206121

  • In an L2TP scenario, in a rare situation, the command "show subscribers summary port extensive" output might have an incorrect tunneled/terminated sessions count due to an issue with populating the outputs. There is no traffic impact. PR1206208

  • When PCEP is enabled and LSPs are undergoing changes, like make before break (MBB) for rerouting, the rpd has to send those updates to the PCE. However, when the PCEP session to PCE goes down, these updates are cancelled, but the rpd fails to completely reclaim the memory allocated for these updates. This causes increases in the rpd memory every time the connection to PCE goes down while LSPs are simultaneously going through MBB changes. This issue will be especially noticeable when connectivity to PCE goes UP and DOWN continuously. If the connection is in steady state either UP or DOWN, then the memory leak will not happen. PR1206324

  • The l2ald might thrash when the targeted-broadcast is configured on EVPN IRB. PR1206979

  • When using the "show chassis hardware detail" command to display chassis components, the Compact Flash card and hard disk serial numbers may be truncated to 15 characters. PR1209181

  • On MX Series routers, if any inline feature is configured (for example, inline BFD, CFM , and PPP), the FPC might crash and core files are generated. PR1210060

  • The Periodic Packet Manager (ppman) based sessions (such as CFM session) might be flapping when executing offline/online MIC-3D-20GE-SFP (model number) MIC inserted into MPC2E-NG/MPC3E-NG. This occurs because the TNPC-CM thread is hogging the CPU for ~450 ms when executing MIC-3D-20GE-SFP MIC offline/online. PR1211702

  • When an ARP entry is learned through the Aggregated Ethernet interface, and a route is pointing to that ARP next hop, the ARP entry might not expire even though the ARP IP is no longer reachable. This issue is due to the route next hop on the AE interface getting stuck in unicast state even if the remote end is not reachable, and the RPD never gets to determine that ARP is invalid. The route nexthop on Aggregated Ethernet interface should be shown in 'hold' state when the remote end is not reachable. PR1211757

  • On EVPN/VXLAN setup with the MX Series router as PE device, when both arp aging-timer and static MAC applied on the IRB interface associated with EVPN, the packet originating from Routing Engine on the PE router (such as ping) to the core side might be corrupted. This issue only impacts the traffic originated from the Routing Engine and does not impact the transit traffic. PR1213062

  • On MX Series routers with MPC3/MPC4/MPC5/MPC6/MPC2-NG/MPC3-NG line cards, the chassisd process crashes continuously on both Routing Engines because some failure cases caused by underlying software and hardware are not handled gracefully. Both Routing Engines might lost mastership and get stuck in backup mode. PR1213808

  • If a zero-length interface name comes in the SDB database, on detection of a zero-length memory allocation in the SDB database, a forced rpd crash would be seen. PR1215438

  • Syslog message : "fpc_pic_process_pic_power_off_config:xxxx :No FPC in slot y" is displayed on empty FPC slots with no PIC power off configured by committing configuration change under chassis hierarchy. PR1216126

  • In large-scale configurations or environments with high rates of churn, MX Series routers with FPC’s ASIC memory will become "fragmented" over time. In an extreme case, it is possible that memory of a particular size will become exhausted. Also, due to the fragmentation, the available memory will not fulfill the pending allocation. PR1216300

  • When VPLS instances are configured for the first time or when a system with VPLS instances is rebooted, rpd will be consuming high CPU usage (100%) for a period (10-20 mins), the installation of other routes may defer and traffic will be lost. Many other RPD services may also slow down or be unavailable. PR1216332

  • Suspicious log messages like "vbf_ifl_bind_change_var_walker:363: ifl .pp.54615 (1073796438): FILTER (28) Bind change notify ran for 276701162891 us" can be observed. The logs are harmless and can be ignored. PR1217975

  • On MX Series routers, replacing an MQ FPC (MPC Type1, 2, MPC 3D 16x10GE) with an XM one (MPC Type 3,4,5 6. 2E-NG, 3E-NG) might cause all other MQ-based cards to report "FI Cell underflow at the state stage". It will cause packets to be dropped. PR1219444

  • If RS/RA messages were received through an ICL-enabled (MC-AE) IFL, packet loss would be seen and last for a while. PR1219569

  • When MCNH (multicast composite nexthop) is used, packet loss might occur when multicast traffic enters the Packet Forwarding Engine and exits the Packet Forwarding Engine in a different FPC. PR1219962

  • On MX Series routers with enhanced subscriber management, performing a config commit that changes any dynamic profile data after the system has booted might result in login and logout CPS(connections per second) performance degradation for subscribers using the dynamic profile. PR1220642

  • When fpc-pfe-liveness-check is configured, Packet Forwarding Engine liveness detection might incorrectly report a Packet Forwarding Engine failure event under a severe interface congestion situation. PR1220740

  • On MX Series Virtual Chassis partial or complete traffic loss for streams via AE interfaces might be observed in certain scenarios. For example, if VCP ports were de-configured and re-configured again, then two consecutive global GRES switchovers were performed and the MPC hosting aggregated Ethernet child links was reloaded, traffic loss would be observed after the MPC boots up due to incorrect programming of aggregated Ethernet interface on its Packet Forwarding Engine. PR1220934

  • When MX Series router has MACsec under security and the include-sci option is configured, although the interface where MACsec is configured receives traffic with IMIX packet sizes, framing errors might be reported in the interface statistics. PR1221099

  • PPPoE/DHCP subscribers fail to bind due to ProcessPADIFailedUiflNotActive/SML_CLIENT_DELETE_SDB_ADD_FAILED errors after continuous login and logout, and subsequent login will fail. PR1221690

  • Starting in Junos OS release15.1R1, the behavior of storage devices enumeration in kernel level has been changed. Device enumeration in legacy Junos OS releases (before 15.1R1) will show CF and Disk as ad0 and ad1 respectively Device enumeration in Junos OS Release 15.1R1 and later will show CF and Disk as ad1 and ad0 instead in the result of "show chassis hardware". This might be inconsistent for other result of output, such as "show system boot-messages" and "show log messages". PR1222330

  • On setup with IRB configuration and non-enhanced-ip mode, when certain actions which result in the underlying aggregated Ethernet interface of IRB going down, the backup Routing Engine may experience 'panic' and hence reboot. The panic occurs because the backup Routing Engine cannot allocate the next-hop index requested by the master Routing Engine. Because the panic and reboot happen on backup Routing Engine, routing, forwarding, and any other functionality will not be affected. Some examples of triggers are continuous child link flaps of the aggregated Ethernet interface or back-to-back commits of different IRB configurations, and activating/deactivating the bridge family on an underlying interface. PR1222582

  • In an enhanced subscriber management environment ("set system services subscriber-management enable") in which case the 'remove-when-no-subscribers' statement is configured in auto-configure stanza, when the last subscriber logs out (which triggers) dynamic VLAN IFL removal) and immediately then in close proximity a new subscriber logs in before the IFL is set to inactive, the dynamic profile deletion might be failed. Also, subsequent subscriber logins fail. This is a timing issue. PR1222829

  • The "unnumbered-address" under dynamic profile is showing the wrong value. PR1222975

  • The problem of tunnel stream getting misconfigured for LT interfaces is due to internal programming and the same has been corrected to evaluate multiple lt interfaces for FPC and PIC slot combination. PR1223087

  • In MX Series Virtual Chassis with subscriber management environment, the bbe-smgd process may leak memory in the backup Routing Engine when running continuous subscriber login logout loop tests. It seems that memory utilization increases with each login/logout loop until it reaches 809 MB, and it does not increase beyond that. PR1223625

  • In PPPoE subscriber scenario, after demux underlying interface AEx is changed tO AEy, the source MAC used for PPPoE handshake is still the old AEx interface's MAC. This causes PPPoE clients to fail as the PADR packets from the client are dropped due to the MAC address mismatch. PR1224190

  • When you receive alignment errors on a 10 Gigabit Ethernet port, you may see a MAC control frames counter with a huge value. PR1224632

  • SMID was coring when the query was thrown, because session database init was happened. A protection check introduced to check session database status.PR1225449

  • The following error messages might be seen when there is traffic from subscribers with captive-portal-content-delivery service:cpcdd[29943]: %DAEMON-3: early: bad stored heap: heap-ptr=0x0 data-ptr=0x839f742 cpcdd[29943]: %DAEMON-3: opDel: bad stored heap: heap-ptr=0x1000000 data-ptr=0x839f0aa These error messages do not have any affect on functionality. PR1226782

  • On MX Series routers, executing the command "show chassis ucode-rebalance" without a special FPC slot number, might cause chassisd to crash. PR1227445

  • In a subscriber management environment, the log message "vbf_ifl_bind_change_var_walker:377: ifl .demux.22698 (1073764522): IFL TCP (38) Bind change notify ran for 1480 us" can often be seen. This log message is generated when the time needed to complete execution of the routine exceeds. This message is harmless and can be ignored. However, sometimes time calculation yields incorrect results, and this issue has been corrected via this PR. PR1229967

  • When adding or deleting a dynamic-tunnel destination network for IPv6 over IPv4 dynamic UDP tunnels, an rpd core file might be seen. PR1230152

  • For IPv6 static routes derived from weighted LSPs, unequal load balance does not work. PR1230186

  • The random load-balancing feature does not function; all traffic goes to one of the load-shared egress links instead of being shared across all the links. PR1230272

  • Due to a bug in Junos OS, the interface statistic remains unchanged after ISSU on MX Series Virtual Chassis platform. This issue in turn leads to the RADIUS volume accounting value remaining unchanged after ISSU. PR1230524

  • The dynamic-profile service filter matches the traffic that is not defined in prefix-list applied to the filter. This causes the filter to not work not as expected or even match all the traffic. PR1230997

  • ICMP identifier is not translated back to the expected value during traceroute for TTL exceeded packets on NAT using multiservice MPC. This occurs for ICMP ID >255 and causes all hops (except first and last) to appear as "*". PR1231868

  • IPsec tunnels anchored on service-set are not cleared when ms interface inside IFL is disabled through CLI command. PR1232276

  • Optional service session is terminating during session setup when optional service has configuration errors. PR1232287

  • Some PFE statistics counters do not work in MPC7/8/9.

    1. Fabric input/output pps counters do not work in "show pfe statistics traffic"

    2. Output and fabric input/output counters do not work in "show pfe statistics traffic detail"PR1232540

  • Packet Forwarding Engine statistics input packets pps counter may be inaccurate on MPC7E, MPC8E, and MPC9E. PR1232547

  • Input framing errors increment on interfaces connected to MPC2E-NG with 4x10G MIC when interface is configured in "wan-phy" mode. PR1232618

  • On XQ-based linecard, in a rare condition, when the FPC goes offline or online or when flapping occurs, some error messages might be seen. PR1232686

  • Correct the value of module voltage, which was previously off 10 times, displayed in the interface diagnostics optics table for 2X100GE CFP2 OTN MIC. PR1233307

  • High MPC5 CPU on a scaled setup with 64,000 - 128,000 subscribers due to XQ background service that collect internal statistics. PR1233452

  • LSP-ping might fail and IP packets with options will not get mirrored in port-mirror environment. PR1234006

  • For some SNMP traps the description does not match the event, for example: jnxTimingFaultLOESMCClear . jnxTimingFaults 6 JUNIPER-TIMING-NOTFNS-MIB "A trap which signifies Loss of ESMC." PR1234083

  • Due to a software bug, when an SFB goes offline/online, the HSLink crc error values are not cleared properly; this triggers an unexpected link error/ SFB check alarm for another SFB. PR1234224

  • After the backup Routing Engine is replaced, the new backup Routing Engine cannot synchronize with the master Routing Engine if 'dynamic-profile-options versioning' is configured. This is because the code checks if any dynamic profile is configured before enabling dynamic-profile-options versioning. If so, it throws an commit error. But there is no need to check when the Routing Engine is in backup state. PR1234453

  • KRT queue is getting stuck happening because socket buffer is sending an incorrect value to the kernel and the kernel is returning error 'EINVAL -- Bad parameter in request'. PR1234579

  • Phase jump is detected when using hybrid mode PTPoE with SyncE. PR1234685

  • On MX Series routers with MPC7E/MPC8E/MPC9E, noise received on the console port might be interpreted as valid signals. This might cause login failure on the console port and login crash or even reloads. PR1234712

  • When a session is started with a dynamic-profile service using the service volume, it is observed that volumes are checked every 10 minutes instead of every 5 minutes. PR1234887

  • VLNS(VBNG) - Commit generated a "warning: requires 'l2tp-inline-lns' license" but a valid license is installed. PR1235697

  • On MX Series routers, when per-packet load sharing is enabled under the aggregated Ethernet interface, egress traffic over the aggregated Ethernet interface might be dropped unexpectedly. PR1235866

  • Junos Telemetry Interface authentication demon does not close the client connection properly keeping stale connections. Following command “show system connections | match JVISION_PORT” will show multiple stale connections. PR1235874

  • The "show route forwarding-table all" command is needed for tlb (traffic load balancer) and srd (Service Redundancy Daemon) while these daemons are running. And these outputs are being collected from tlb script as well as srd script. The "show system commit" command is getting executed from default-junos-show script. When the CLI command is issued "request support information", "show route forwarding-table all" and "show system commit" are taken twice by RSI (Request Support Information). PR1236180

  • On all platforms that support EVPN-VXLAN, the outer source MAC in the ARP reply packet header does not correspond to the inner virtual MAC if virtual MAC is configured. PR1236225

  • When PIC-based MPLS J-Flow is configured and MPLS packets are being sampled at egress (to be sent to service pic), the sampled packets do not reach the service PIC, which results in no MPLS J-Flow flows getting created. PR1236892

  • Due to a software bug, if there is an MPC6E slot#10 installed in an SFB2-based MX2020 router, and SFB#4~7 is offlined/online once, the next slot SFB will get 'SFB check alarm' unexpectedly. For instance, an SFB#4 offline/online triggers an SFB#5 check alarm. PR1237134

  • In MX Series Virtual Chassis subscriber management environment, LI enabled DHCP subscribers may experience packet drops because of MAC validation errors in the FPC. This issue was seen only when connecting the subscribers for the first time after rebooting the system. PR1237519

  • DNS server IP addresses are not present in the output of 'show subscribers extensive' for DHCP subscribers if the DNS configuration is provided from the access-profile or pool. If such data is provided from RADIUS, the output is correct. PR1237525

  • Due to lack of proper boundary checks in code, the MS-MPC might crash when receiving internally corrupted frames from other FPCs that have hardware failure or incorrect rewrite programming. PR1237667

  • Increased support of number of routing instances from 4000 to 64,000. PR1237854

  • When the interface configured under "router-advertisement" physically comes up for the first time, the rpd might repeatedly send the router-advertisement, which might result in as high as 100% Routing Engine CPU usage. PR1237894

  • After the number of licenses for the scale-subscriber feature was exceeded, customer encountered endless logs on the backup Routing Engine every 10 seconds. PR1238615

  • MPC9E may generate an FPC core file with Junos OS Release 16.1R2.11 when configured with "mixed-rate AE bundles" and "adaptive load balancing". The load-balancing techniques are orthogonal to each other. PR1238964

  • MX Series router is sending accounting interim without the update-interval configuration statement. PR1239273

  • In a BGP-PIC scenario, a change in the IGP topology (for example, a link failure in the IGP path) causes traffic outage for certain prefixes. This issue occurs because the unilist next hops for these prefixes are in a broken state. PR1239357

  • Traceroute will not resolve VRF loopback address where SI and pseudointerface exist. PR1240221

  • Subscriber Management: MIB ifJnxTable is not supported for subscriber interfaces. PR1240632

  • Session database (SDB) synchronization might fail if the master Routing Engine or the master chassis in an MX Series Virtual Chassis configuration (VC-M) is power-cycled. PR1241162

  • During scaled subscriber setup, the lowest dynamic-profile CoS service rate might be applied to other sessions. PR1241201

  • The PTP clock class changes are delayed. When PTP fails and the system goes into holdover, it will send clock class 6 for the next 10-15 minutes. When the system goes from holdover in state "locked". It will send clock class 248 for the next 10-15 minutes. PR1241211

  • In some specific case, untagged bridged traffic might not be mirrored on the second port of the mirrored group. If untagged bridged traffic is to be mirrored/sent on two different interfaces of the mirrored group, traffic might be mirrored/sent only on one of the mirrored interfaces/ports. PR1241403

  • Auto route insertion (ARI) IPv6 routes installed for IPsec dynamic endpoints might disappear from the routing-table after performing a graceful Routing Engine switchover (GRES) with nonstop active routing (NSR) enabled. The issue is triggered for IPv6 ARI routes with masks of /98 or longer. PR1242503

  • Currently MS-MIC supports a maximum of 2000000 routes scale. This includes all IPv4, IPv6, and MPLS routes in the system. When scale limit is exceeded, the FDB (forwarding database) memory will become exhausted and the MS-MIC will start to drop the routes and print logs. PR1243581

  • On MX Series Virtual Chassis, some VBF flows are missing after FPC restart. PR1244832

  • PSM goes to present state whenever there is a feed failure. The logic is changed to update the PSM state based on the number of feeds connected. PR1245459

  • With gRPC subscription for telemetry data with 2 seconds frequency, the jsd process might crash. PR1247254

  • When IGP/link flapping or running the clear mpls lsp command, because of the RSVP stale label entry, traffic for BGP prefixes that are pointing to LSP in inet.0/inet6.0 might get silently dropped or discarded. PR1247900

  • SPMB reboot causes a fabric black hole that lasts for more than 1 minute in TXP-3D. PR1248063

  • PADI dropped due to duplicate client. PR1248282

  • The bbe-smgd process might crash in case of duplicate UID variable names. For example, all CoS configuration elements should be converted implicitly to internal variables so they can be automatically used for different purposes in the dynamic-profile configuration. The bbe-smgd process crash cannot impact the traffic flows for existing subscribers, but does impact the creation of new subscribers. PR1248725

  • Only one IA-NA dhcpv6 (without PD request) could be bound in case two or more subscribers are provided with the same PD from RADIUS. For example, in case of several CPE devices from a household, all sessions will be provided with the same ACI/ARI. If the username is formed based on ACI/ARI (so the username is the same for all sessions), RADIUS can provide the same PD for all sessions and this will allow only one session to be established even though CPE's did not request PD. PR1249837

  • "JAM:PL: Registered attributes for %x \n" will be logged as INFO level. PR1250091

  • MPC5E/MPC2E-NG/MPC3E-NG/MPC7/MPC8/MPC9 might crash in some cases due to a software defect. If queues associated with the L4 node get freed but the L4 node is not freed at that time, later when trying to free the L4 node, because the queues have already been deleted, then a NULL queue node will be received and the MPC crashes. PR1250335

  • FPC ukern process might crash on Linux-based linecards (for example, MPC7/8/9 on MX Series) due to a bug related to ukern scheduler. PR1250691

  • The smihelperd process can crash during subscriber logout process. PR1250760

  • When an IPv6 node receives an ICMPv6 PTB (Packet Too Big) message with MTU < 1280, the node will emit atomic fragments. This behavior might result in a denial-of-service attack. PR1250832

  • Accounting statistics are not correctly preserved across ISSU upgrades. PR1250919

  • On Junos OS platforms with rpd (routing protocol process), if some interfaces go down, which results in some peers going down or BGP-RR (route-reflector) re-advertising routes, rpd (routing-protocol daemon) process might crash. PR1250978

  • During Routing Engine switchover or request MPC/MS-MIC online requests, character corruption is observed in the log. PR1251400

  • There is an rpd problem sending route update messages to the kernel. The KRT queue used to send the messages can get into a state where no more messages can be sent to the kernel. This causes the RIB and FIB to get out of sync. This is a timing problem between multiple rpd threads. It infrequently occurs at very large scale. PR1251556

  • When a MIC is re-inserted into the same slot, it is possible that the software may fail to read the software identification of the MIC. This results are misidentification of the MIC and not being able to initialize properly, and MIC0 info might disappear. It has no traffic impact. PR1252998

  • If "indirect-next-hop-change-acknowledgements" is enabled, the rpd will request an acknowledgment from the kernel when creating the new forwarding next hop for the indirect next hop. In a rare scenario with multipath configured, the rpd might restart while waiting for an acknowledgment from the kernel and the deletion of the old forwarding next hop is queued. PR1254735

  • On MX Series routers with MPC2E-NG/MPC3E-NG, the interfaces of these line cards might not come up when connecting to third-party transport switch. PR1254795

  • In the output of 'show subscribers extensive' the first IP address from the Framed Prefix (returned in Framed-IPv6-Prefix) looks to be assigned to the subscriber interface although it is not. The fix removes incorrect data. PR1255029

  • IRBs that are part of an L3 multicast group allocate ASIC memory when added to the group. A small amount of this memory is not freed when changes are made to the L3 multicast group. This could cause a crash due to an out-of-memory condition if there are continuous changes to multicast groups with IRBs over a long period of time. PR1255290

  • In VMX platform, if a lot of subscribers login/logout activity occurs when there are a large number of flows (500,000), multiple riot core files might be seen. PR1255866

  • Syslog messages may report "krt_decode_comp read a non specific nh from kernel nhid" This is a harmless debug message. PR1256197

  • Adding an application set with inactive applications that are not defined under the [applications] hierarchy will lead to constant core files each time the service PIC boots back up. PR1258060

  • Unable to run show subscribers extensive and some other CLI commands after GRES because subscriber-management database is unavailable. The other symptoms of the bug can be messages like sdb.db: close: Bad file descriptor after commit full. PR1258238

  • In a subscriber service environment, the device control process (DCD) might restart unexpectedly during commit process after changes to ATM interface configuration is applied. PR1258744

  • PPPoE subscribers are not coming up while verifying that IPCP renegotiation is happening properly for terminated PPPoE subscribers. PR1260836

  • When using an AMS interface and running the show interfaces extensive command, the logical interfaces will show only 0 for the packet counters. PR1258946

  • When TRI-RATE SFP-T is installed on MIC-3D-20GE-SFP-E, FPC will generate HEAP: Free at interrupt level /Free interrupt violation! syslog message when the interface is going down. PR1259757

  • Due to a software bug, the QSFPP-40GBASE-LR4 (CLI name is QSFP+-40G-LR4) might remain down after fiber link flap. This issue is specific to this optics module. PR1259930

  • Class of service (CoS ) does not correctly classify egress L3 multicast traffic from an ingress VLAN bridge interface after a configuration change. PR1260413

  • Only the first multicast IP packet was saved when waiting for a route to be resolved. This fix will save up to 20 additional IPv4 Multicast packets and send all saved packets after the route is resolved. PR1260729

  • In MX Series BNG subscriber management environment, there could be a slight deviation in the service accounting statistics when the subscriber session terminated abruptly. PR1260898

  • During multicast activation of dynamic subscribers via a service profile, the bbe-smgd daemon in the backup Routing Engine could sometimes crash. PR1261285

  • In a subscriber management scenario, it is observed that an authenticated dynamic VLAN interface with an idle-timeout is removed if there are no subscribers on top and if "remove-when-no-subscribers" is configured at the auto-configure stanza. The dynamic VLAN interface should only be removed after its idle timeout expires if it stayed idle during this period. PR1262157

  • There is a problem that MX Series routers use the wrong routing table to send out the ICMP network unreachable message back to the source; this might cause some problem on the end-user CPE. PR1263094

  • Dynamic VLAN interface is logged out upon reaching idle-timeout even though there is a client session (PPPoE or DHCP) above it. The proper behavior is to keep the dynamic VLAN interface in case of a client session (PPPoE or DHCP) is present above the dynamic VLAN interface. PR1263131

  • Currently when the CoS adjustment-control-profile (ACP) is configured with radius-coa using the adjust-less algorithm, cosd strictly follows the configured algorithm when (1) only service-profiles and/or CoA is used to apply rates to the subscriber flow and (2) no line rate adjustment protocols such as ANCP or protocol tags (for example, PPPoE-tags) are being used to apply updates. This results in undesirable complexity in applying service profiles in the order activated based on an ACP approach that is intended to control the comparison of a configured-rate and a line rate, where the former represents a policy and the latter the capabilities of the access loop. When only service profiles are in use, such that more than one service profile may be applied to the subscriber via RADIUS CoA and each service profile affects the shaping rate of the subscriber, the correct behavior is for CoS to ignore the algorithm when no line rate protocol is in use. Instead it should use a replacement semantic (logically the algorithm "adjust-always") to apply a service profile initiated via CoA in the order received. Thus a profile chain can be easily managed that includes the client profile and one or more service profiles, thereby allowing predictable and intuitive revert semantics during service-deactivation or re-activation scenarios. Once a line rate protocol such as ANCP is enabled and updates are received, only then should cosd follow the algorithm because it will then be performing comparisons with the configured rate and a line rate (where the intended goal is minimum (policy rate, line rate)). As a follow-on, the ACP configuration syntax will be revisited because it is unnecessarily complex for the intended use case. PR1263337

  • After router reboot or JSD process crash, sometimes the listening socket for JSD is not operational. PR1263748

  • After running show arp with subscribers connected bbe-smgd can become unresponsive/slow to other CLI commands. PR1264038

  • On MX Series routers with MPC7E/MPC8E/MPC9E installed, due to a race condition in reading optic state, after restarting MPC/MIC, extra link transitions might be seen during the period that the port is coming up. This is a timing issue and the affected port is random. The link might transform/flap multiple times before the link stabilizes. PR1264039

  • On MX Series routers with MS-MPC, with the Ethernet frames with more than 2000 bytes of payload, the mspmand process that manages the multiservices PIC might crash. The traffic forwarding might be affected. PR1264712

  • In some situations, MX Series LAC does not encapsulate packets received from CPE in l2tp tunnel if this subscriber has a static pp0 unit configured on the LAC side. This issue is causing a permanent traffic black hole for this subscriber and leads to PPP session flaps or in ability to establish a PPP session between CPE and LNS in case of using lcp re-negociation on the LNS side. PR1265414

  • If the dynamic VLAN profile does not have IFF configuration (for example, family PPPoE or family inet), but has firewall filter configuration, firewall filter indixes will not be released after the dynamic VLAN is removed. This eventually leads to depletion of available firewall filter indixes. PR1265973

  • Per IETF RFCs, IGMPv3 & MLDv2 reports not sent to IANA reserved multicast addresses V3 ROUTERS) and ff02::16(MLD V2 ROUTERS) should be discarded. But BNG processes these reports. With this fix, the reports will be discarded and Rx error counter updated. PR1266309

  • When VSTP is enabled on a double-tagged aggregated Ethernet logical interface and there is another single-tagged aggregated Ethernet logical interface configured with the same outer VLAN tag, then the incoming traffic on that VLAN is incorrectly hitting the AE_RESERVED_IFL_UNIT (AEx.32767) and the traffic is getting dropped. PR1267238

  • It is possible to see a bbe-smgd core under certain boundary conditions on the standby Routing Engine with certain specific configurations. Because the core is on the standby no disruption in service is expected and the system recovers from this condition. PR1267646

  • The CLI configuration command set chassis effective-shaping-rate is enabled for the MX104. PR1267829

  • Command show arp interface xe-x/x/x no-resolve | display xml returns XNM errors in the ouput. PR1269170

  • On MIC-3D-20GE-SFP-E and MIC-3D-20GE-SFP-EH, an interrupt threshold was introduced. If MIC error interrupts are more than the threshold (> 2500 per 5 min), the MIC will be restarted. Due to that change, MIC error interrupts will hog the CPU when restart is initiated. PR1270420

  • In MX Series routers equipped with a next generation Routing Engine (RE-S-X6-64G and REMX2K-X8-64G), the following log messages might be displayed as error messages after a commit command is executed: sdk-vmmd: %USER-3: is_platform_rainier: Platform found as rainier. PR1271134

  • The Routing Engine might stop all services after GRES or ISSU. This issue is caused by corrupted Berkeley DB file after GRES or ISSU.PR1271306

  • Changing the mode of the interfaces causes the interface to go DOWN/UP. For the interface to be down, all the queues (in/out) associated need to emptied. Due to a certain condition, this is timing out, the queue is not getting emptied, and the interface pointer is not getting freed properly resulting in FPC crash. PR1273462

  • On MX Series with MPC7E/MPC8E/MPC9E installed, if the ports on MPC that mix 10-Gigabit Ethernet (GE) and 40GE/100GE, after 40GE/100GE port is configured under an aggregated Ethernet bundle, some received packets might be incorrectly dropped. This is due to a misconfiguration on the Aggregated Ethernet MAC address under the Packet Forwarding Engine. This issue might happen after configuring 40GE/100GE as LAG member. PR1274073

  • GRE MTU initialization: When GRE tunnels come up, the individual tunnel family MTU (which is V4/V6/L2 and so on) is updated based on its underlying interface family address MTU if the MTU is not configured exclusively under this GRE tunnel. However, Junos OS simply copies the MTU size, but it does not deduct the outer IP/GRE header length (20 + 4 bytes). The secondary issue is that while the underlying interface family address MTU size updates, the GRE tunnel MTU size will not be refreshed.

    PMTU discovery mechanism clarification:

    By default, the GRE tunnel source does not send any packets to discover PMTU. When traffic flows from the GRE tunnel source to the destination (or traffic entering GRE tunnel from outside) and if any intermediate router has a lower MTU and DF bit is set in the packet outer IP header, then that router sends an ICMP error message with error code 4 (indicates "packet too big" and cannot fragment because of DF bit) back to the GRE source router. If this ICMP message successfully reaches the source router, then the GRE interface MTU is updated with the MTU value suggested in this ICMP packet. After that, a timer is started in the GRE source router to keep this MTU value for this GRE tunnel within 5 minutes. After 5 minutes, the GRE MTU gets back its previous value, which is based on the underlying interface family address MTU or the configured MTU. However, during this 5-minute timeout, if another ICMP message is received with a lower MTU than the previously updated MTU (from 1st ICMP error packet), then GRE MTU is updated to reflect this new number and the timer is restarted. PR1274203

  • Previous default behavior: when the bfd-admin-down under "routing-options static" stanza is not 'not'-configured, it was passive; that is, the static routes would not be deleted on bfd-admin-down. Now the default behavior is active, that is. static routes will be deleted on bfd-admin-down. PR1275973

High Availability (HA) and Resiliency

  • On all platforms, if running ISSU, connection might be broken between the master Routing Engine and the backup Routing Engine. PR1234196

  • With the local pp0 interface configured for IPv6 and router advertisement, if the other side of the interface is not configured for IPv6, rpd high CPU utilization might be seen. PR1243338

  • Vmcores were generated on both VCMm and VCBm at the same time. PR1274438


  • The GNU debugger, gdb, can be exploited in a way that may allow execution of arbitrary unsigned binary applications. PR968335

  • In an RSVP scenario, provision RSVP LSP with ldp-tunneling enabled and the LSPs configured with link protection, continuous kernel logs and LDP statistics timeout errors might be seen when executing show ldp traffic-statistics. PR1215452

  • During the upgrade harmless "invalid SMART checksum logs" might be seen. This PR will suppress unnecessary "invalid SMART checksum logs". PR1222105

  • Polling SNMP QoS queue statistics along with physical interface statistics might result in flat values for QoS queue statistics. The flat values could give a false impression that spikes are happening in the queues. PR1226781

  • If SSD contains a valid permanent (non-resettable) offline-uncorrectable-sectors positive value, smartd logs on the nonzero value by default every 30 minutes, which is too frequent logging considering that there has not been a change in the value. PR1233992

  • On all Junos OS platforms and on the router with PIM enabled that has a local receiver, stale next hops are present because they did not get deleted by daemons due to a timing issue. PR1250880

  • Legacy Junos Kernel might generate a core file on userland_sysctl / sysctl_root / sysctl_kern_proc_env / panic_on_watchdog_timeout. PR1254742

  • On Junos OS devices with legacy Free BSD (Free BSD version 6.X) based on Junos OS, the devices might crash and reboot if there is a defect in the Junos SDK based multi-threaded application that has been used. PR1259616

Interfaces and Chassis

  • In MX Series Virtual Chassis setup, CFM sessions on aggregated Ethernet interface are not distributed to FPC when member-1 chassis are chosen as primary. PR1198447

  • The show interfaces terse routing-instance all command has the wrong display format when there are multiple addresses. PR1207272

  • If the configuration can be scaled to have the inner list to have more than 4000 VLANS, the commit VLAN configuration operations might fail. PR1207939

  • The dcd cannot start after router reboot because of a non-existing IFL referenced in 'demux-options underlying-interface'. PR1216811

  • MPC might crash during ISSU from Junos OS Release 15.1R1 to a later release when QSFP/CXP/CFP2 optics are present. PR1216924

  • Previously the same IP address could be configured on different IFLs from different IFDs, but only in the same routing instance. Only one IFL was assigned with the identical address after commit. Such behavior could cause confusion: there was no warning during the commit, only syslog messages indicating incorrect configuration. With the fix it is not allowed to configure the same IP address (the length of the mask does not matter). PR1221993

  • PPPoE tunneled subscriber (L2TP) might get stuck in terminating state if radius sends Framed-IP-Address and Framed-IP-Netmask via access-accept in LAC. PR1228802

  • When using the Ethernet OAM Connectivity Fault Management feature, if the remote end deactivates the "protocols oam ethernet connectivity-fault-management maintenance-domain" configuration, the interface will go down as expected. However, once the remote end activates the configuration, the local interface stays down. (The defect is introduced in Junos OS Release 15.1F5 branch and occurs in 15.1F5-S3 or later.) PR1231315

  • When OAM CFM (connectivity-fault-management) MEP is configured on the LSI or tunnel interface that is on DPC card, every time a DMM (two-way frame delay measurement) or 1DM (one-way frame delay measurement) packet is received, certain harmless error messages might be seen. This is due to software time stamping not being used. The fix addresses the time stamp and suppresses the logs as well. PR1232352

  • The configuration change in which a static VLAN demux interface the underlying physical interface is changed to one with a lower bandwidth (for example, from xe to ge) can fail with the following error: "error: Bandwidth on IFL demux0.7000 cannot be greater than that of its IFD". For example: user@router# show | compare [edit interfaces demux0 unit 7000 demux-options] - underlying-interface xe-0/1/0; + underlying-interface ge-0/3/9; user@router# commit re0: error: Bandwidth on IFL demux0.7000 cannot be greater than that of its IFD error: DCD Configuration check FAILED. error: configuration check-out failed. PR1232598

  • There is no SNMP trap for dot1agCfmMepHighestPrDefect with value 0 reported when the OAM CFM session recovers from any other failed state. PR1232947

  • On MX series platform acting as broadband network gateway (BNG), in Point-to-Point Protocol (PPP) scenario, when using the Internet Protocol Control Protocol (IPCP) or Internet Protocol version 6 Control Protocol (IPv6CP) for negotiation, if the router receives Configure-Request packet from the client, MX Series BNG sends the Configure-Request packet, but does not send the Configure-Ack packet (in case it does not receive the Configure-Ack that responds to the Configure-Request packet it sent). The behavior does not follow RFC 1661, which demands that both actions Send-Configure-Request (that is, ConfReq from MX Series to client) and Send-Configure-Ack (i.e. ConfAck from MX to client) must be conducted on the router without any significant delay. PR1234004

  • On MX Series routers acting as broadband network gateway (BNG), in Point-to-Point Protocol (PPP) scenario the router can send LCP Terminate-Ack packet after PPP over Ethernet (PPPoE) PPPoE Active Discovery Terminate (PADT) packet. This behavior does not follow RFC 2516, which explicitly demands that when a PADT is sent, no further PPP traffic is allowed to be sent using that session, including normal PPP termination packets. PR1234027

  • Under a particular condition in configuring interfaces which have vlan-id/vlan-tags configured, the commit operation might fail with an error message. PR1234050

  • T3 interface configured with "compatibility-mode digital-link" may fail to come up due to incorrect subrate. PR1238395

  • If the MTU on BNG and CPE sides has different values, in a rare situation the MX Series router might calculate the MTU value for the corresponding pp0 IFL incorrectly. PR1240257

  • When static PPP over Ethernet (PPPoE) subscriber is trying to negotiate a PPP session exactly at the time when Graceful Routing Engine Switchover (GRES) happens, the negotiation might fail and the following logs can be observed in the output of show log message command. Jan 12 10:17:24.360130 allocateSession: IFL not available: pp0.1 1600!=1600 PR1245465

  • In scaled subscriber management login/logout tests, jpppd might crash if the shmlog entries using the command clear shmlog entries logname all are cleared. PR1245848

  • In some rare situations Ethernet Connectivity Fault Management Daemon (cfmd) might crash when committing a configuration where CFM filter refers to a firewall policy. When hitting this issue, all CFM enabled interfaces are down. PR1246822

  • If more than one IFL (logical interface) is configured under the same IFD (physical interface), and VRRP is configured on one IFL without VLAN and the lower unit number IFL has a VLAN configuration, then vrrpd incorrectly carries the VLAN information from the lower unit number IFL to this IFL's configuration. As a result, VRRP might get stuck (state: unknown, VR State: bringup). This might happen if VRRP is configured on the physical interface with flexible-vlan-tagging or the lt interface without flexible-vlan-tagging. PR1247050

  • When using static demux VLAN interfaces, the link local address will not be synchronized between the kernel and subscriber management demon. When using router advertisement on a static VLAN demux interface and not in a IP dynamic profile, a router solicit from customer equipment might not be answered by the MX Series router. This is dependant on which address the CPE is using. In this PR the option to configure the MX Series router to use EUI-64 address for the demux VLAN, will ensure that the addresses are synchronized between the demons. PR1250313

  • On Junos OS platforms, cfmd process runs by default. When bridge-domain is configured, if performing a commit to configuration that related to physical interface/logical interface (IFD/IFL), cfmd memory leak might occur due to a software defect. As a result, the memory leak could cause cfmd crash. PR1255584

  • The snmp-set command fails when the FPC/PIC/port has a value greater than 9 When the snmp-set command is issued, it encounters the following error due to incomplete port number in the command pushed. Jan 18 10:49:53.626342 snmpd_process_nvset: talking to mgd (60001) Jan 18 10:49:53.626350 >>> xml to mgd >>> Jan 18 10:49:53.626418 RPC-REPLY ERROR: missing or invalid port number in 'et-10/0/' <<<<<<<<<< commit failed PR1259155

  • On MIC-3D-20GE-SFP-E or MIC-3D-20GE-SFP, when SFP diagnostic information is being read out periodically, due to misbehaving SFP or noise on the I2C BUS, SFP thread might be hogging the CPU and a watchdog check will restart the MPC to recover. Enhancements will prevent the SFP thread hogging and MPC restart. PR1260517

  • In a dual-stack PPPoE subscribers environment, when the PPP session has been in "OPEN" state, if the router receives a Conf-Request message from the client, it then sends a Term-Request message as a reply unexpectedly. PR1260829

  • In a subscriber scenario, when traceoptions is enabled with flag GRES under PPPoE, if the subscriber username contains a format. (that is, the character "%" ) that cannot be successfully handled by the traceoption process, pppd might crash. PR1264000

  • These types of messages might be observed with configuration changes in an MX Series Virtual Chassis environment: Mar 2 00:14:30 CHASSISD_IPC_WRITE_ERR_NULL_ARGS: FRU has no connection arguments fru_send_msg Global FPC 14 Mar 2 00:14:30 SCC fru_set_boolean: send: set_boolean_cmd Global FPC 14 setting hold-pic-online-for-fabric-ready on. These messages are benign. PR1264647

  • In a PPPoE scenario, subscribers might get disconnected due to a keepalive failure when CPE is adding an additional data field in PPP Echo Request. PR1273083

  • The message dot1agCfmMepHighestPrDefect might be reported in the SNMP trap with the value of -1 instead of 0 on recovery after RDI. PR1273278

Layer 2 Features

  • When VPLS unicast traffic needs to be passed to a remote PE node via the LSI interface then go through the LAG interface to the L2TP network, packets could be dropped due to improper token handling. PR1240960

  • In VPLS topologies the kernel may report the error "pointchange for TLV type 00000052 not supported on IFL <name> " in /var/log/messages where <name> is a VT or LSI interface used by VPLS. The trigger to cause the issue depends on timing and is most often seen with high VPLS pseudowrite scaling when multihoming is configured, but other triggers might apply as well. The problem might cause high RPD CPU utilization, which can slow routing convergence. PR1279192

Layer 2 Ethernet Services

  • This issue occurs when running LACP between Juniper and Cisco devices with different timers (Juniper fast and Cisco slow) on both sides. On the Cisco side it take almost 90 sec to bring the interface down from the bundle. When one interface is removed from the LAG on the Juniper side, the lead on the Cisco side needs to time out to bring the interface down from the bundle. This results in unexpected outage behavior on the network. PR1169358

  • If the DHCP relay in a forward-only routing instance receives an option-82 embedded DHCP discover, then session establishment might fail. This issue will happen only if forward-only is configured. PR1187766

  • On MX Series routers, if chassis level configuration is used to offline the FPC after detecting major errors, the FPC will be offlined. But if the committing configuration is performed after offlining the FPC, the FPC will be brought online back again. PR1218304

  • MX Series router is not including Delegated-IPv6-Prefix in accounting interim. PR1231665

  • DHCPv6 renegotiation-lockout configuration command range has expanded to 4-600 seconds. This enables the customer to reduce the MX Series BNG wait time for responding to DHCPv6 solicit retransmissions messages according to their requirement. PR1234009

  • When LACP is configured in fast periodic along with the 'fast-hello-issu' configuration statement, LACP might time out if there is any interface commit operation on the peer router during ISSU, which causes OSPF adjacency flapping. PR1240679

  • In a large-scale unified ISSU testing, a MPC/FPC might go offline during the FRU upgrade phase of unified ISSU. PR1256940

  • The duplicate-clients-in-subnet option82 feature has changed in the following way:

    When duplicate-clients-in-subnet option82 is configured, the client is identified using the circuit-id and/or remote-id of option82. Any other suboptions, for example, suboption 9 vendor specific, will not be used as a client identifier. Also, if duplicate-clients-in-subnet option82 is configured, existing clients will be identified using the circuit-id and/or remote-id of option 82 if available rather than being torn down. PR1257701

  • During the DHCPv6 renegotiation lockout time, BNG does not accept any DHCP solicits with rapid commit options for further processing. This may slow down the subscriber initialization in relatively high packet drop access network segments. Fix for this PR eliminates the impact of DHCPv6 renegotiation lockout timer for DHCP solicits with rapid commit options PR1263156


  • When there are statically configured ingress and transit LSPs, due to a timing issue, there could be a scenario wherein the selfID used by the transit LSP might be allocated to the ingress LSP. Ingress static LSP does not reuse the same selfID during rpd restart, whereas the transit static LSP tries to reuse the same selfID. This leads to rpd crash due to the collision when the transit LSP tries to reuse the same selfID. PR1084736

  • User is allowed to configure both "load-balance-label-capability" and "no-load-balance-label-capability" together. This is incorrect and confusing. PR1126439

  • In some Inter-op scenario, sometime a new label is advertised without withdrawing the old label by peer. Under such scenario, Junos OS rejects the new label advertised (as per RFC3036 behavior). Below mentioned logs will be generated in such event:

    Line 408105: Mar 14 14:00:21.716559 LDP: LabelMap FEC L2CKT NoCtrlWord ETHERNET VC 40347 label 53 - received unsolicited additional label for FEC, releasing new label. PR1168184

  • If PCE-controlled LSP is enabled, when the command no-install-to-address is configured under PCE-controlled LSP, the command no-install-to-address might not be honoured due to a code issue. Routes might be installed for the destination of PCE-controlled LSP, which might not be desired when this issue happens. PR1169889

  • When using RSVP-TE protocol to establish LSPs, make before break (MBB) might not be quit and will start again when there is a failure on PSB2 (RSVP Path State Block for new LSP) in some cases where PathErr is not seen. (For example, for a PSB2 that is already up and there is PathErr processing for it in place already, in this case, no PathErr is seen owing to local-reversion and a quick flap.) As a result, no rerouting happens even if the TE metric cost is raised. This issue has more chances of occurring only when there is non-default optimize switchover delay. PR1205996

  • When MPLS OAM with mpls-tp-mode is enabled and the OAM failure-action is configured with make-before-break, the RSVP Explicit Route Objects (EROs) of new path might be removed after Make-Before-Break (MBB). The issue could be observed when BFD packets are dropped or the LSP path link goes down.PR1207039

  • When dynamic-tunnel is configured but RSVP signaling is disabled, any configuration that affects dynamic-tunnels could cause the rpd process to crash. PR1213431

  • Due to an imperfect fix for compatible issue between 64-bit RPD and 32-bit client applications (such as "mpls ping", "monitor label-switched-path", "monitor static-lsp", etc) on Junos OS Release 15.1F5-S3/15.1F6/14.2R7/15.1R4/16.1R1, the function of monitoring signaled or static LSP is broken on either 64-bit or 32-bit RPD. But the other 32-bit client applications (such as "mpls ping" etc) is not impacted. PR1213722

  • In a scaled environment, when there are many unicast NHs related to the same transport LSP (for example, the same RSVP or LDP label), MPLS traffic statistics collection may take too much CPU time in kernel mode. This can in turn lead to various system impacting events, like scheduler slips of various processes and losing connection towards the backup Routing Engine and FPCs. PR1214961

  • If the link/node failure that triggered a bypass persists for a long time, and there are LSPs that do not get globally repaired, multiple stale LSP entries are showing and getting listed multiple times in the MPLS LSP. PR1222179

  • Junos OS supports protocols mpls (MPLS) in the VRF routing-instance, but Junos OS does not support protocols connections (CCC) inside the VRF routing-instance. However, when ANY INTERFACE under protocols mpls (MPLS) inside VRF routing-instance is configured/added, then it affects protocols connections (CCC) inside Master/Main/Default Instance. For instances, if ANY CE FACING INTERFACE under protocols mpls (MPLS) in any VRF routing-instance is configured/added, it is deleting the data structure containing CCC information as Junos OS does not have CCC information inside the VRF routing-instance. PR1222570

  • On MX Series routers with MPCs or MICs, if BGP-LU is configured with the entropy label. The entropy label value being generated might not provide a good load sharing result. PR1235258

  • The rsvp-lsp-enh-lp-upstream-status is taking more time to synchronize on the backup Routing Engine on Egress side. PR1242324

  • On MX Series routers, the LDP might fail to install LDP route in inet.3 table if IS-IS is configured with source-packet-routing and ldp-tunneling is enabled, which might cause the LDP to fail to install routes when IS-IS routes are present. PR1248336

  • With nonstop active routing (NSR) and LDP protocol running, a routing protocol process (RPD) on the backup Routing Engine might consume excessive CPU time if it cannot connect to the RPD on the master Routing Engine. PR1250941

  • When multiple RSVP LSPs are in ECMP and configured with metric values, if one of the LSPs removed the metric, other LSPs in ECMP might not honor the configured metric. PR1261961

  • During MBB (make-before-break), next-hop will change in Packet Forwarding Engine, RSVP route does not request a next-hop ACK before changing the route pointing to a new next-hop. When the scale is high, traffic loss can be seen for up to 1 second. PR1264089

  • Label 0 is assigned as IPv6 explicit null label when "explicit-null" is configured for LDP. However, label 2 should be used instead of label 0. PR1264753

  • With LDP session-protection configured, the LDP session for the remote LDP peer for rLFA (remote loop free alternate) might still remain up, even after rLFA is disabled or after the remote targeted LDP session is no longer needed by rLFA. PR1266802

  • When a container LSP has >10 member LSPs, only the first 10 LSP will be shown in the show mpls container-lsp name <lsp-name> statistics output.PR1267774

  • When MPLS builds the next hop for an mpls.0 route for the scenario with IDP over RSVP LSP over bypass tunnel and the IDP label is implicit-NULL, the label stack constructed for the next hop might be incorrect, with an invalid bottom label value of 1048575. PR1270877

  • During LDP shutdown, route added and deleted by LDP in the inet.0 table may be in the process of being deleted but still in the inet.0 table. The show route extensive CLI command might cause RPD to crash when trying to display the task name for such LDP route. PR1272993


  • RPD creates an indirect next hop when a multicast route (S,G) needs to be installed when listeners show their interest to S,G traffic. Kernel then creates a composite NH. In this case this appears to be P2MP MCNH, which gets created. When any member interface is not a Packet Forwarding Engine specific interface (e.g, Vt, LSI, IRB or any other pseudo interfaces), kernel throws this message indicating that FMBB cannot be supported. These messages are harmless and do not have any impact. PR1230465

Network Management and Monitoring

  • MX Series BNG might send empty SNMPv3 responses for bulk-get requests to poll dot3adAggPortListPorts related OID's when using nondefault maxMsgSize settings. PR1207683

  • In MX Series subscriber management environment, sometimes BNG responds to the SNMP get requests with "Error: status=5 / vb_index=0" for some of the interface related MIBs. PR1218206

  • The statistics of OID ifOutError incorrectly includes ifOutDiscards, the buffer overruns are counted under ifOutErrors along with ifOutDiscards when SNMP Query is performed on ifOutErrors. PR1243071

  • On all platforms, if changing the syslog configuration, the eventd process might stop sending syslog message to a configured syslog server. PR1246712

  • SNMPv2 traps used to have the routing-instance information(context) in the community in the form context@community In SNMPv3, the same routing-instance information will be added to the contextName field of the SNMPv3 trap. For traps originating from a default routing instance, this field will be empty as it was earlier. PR1265288

Platform and Infrastructure

  • NPC cored with reference to [ 0x41490f64 in trinity_policer_free (result_ptr=0x5d671f64, nh_ptr=0x5d671f78) at ../../../src/pfe/common/pfe-arch/trinity/applications/dfw/dfw_action.c:1049 ]. This type of NPC core can be observed with a dynamic configuration change to the policer. The processing time in attempting to update all associated policers was exceeded. PR1071040

  • SNMP queries to retrieve jnxRpmResSumPercentLost will return the RPM/TWAMP probe loss percentage as an integer value, whereas the precise value (including decimal points) can be retrieved through the CLI by using the following commands: show services rpm probe-results and show services rpm twamp client probe-results. PR1104897

  • In a CoS environment with shaping-rate configuration under interface, if flapping that CoS interface, the shaping-rate function does not take effect. PR1163147

  • With the fix, XM-DDR3 boot diagnostics will return the test result of all XM-DDR3 components to the XM driver. If any XM-DDR3 component fails in the boot diagnostics test, the XM driver will abort the XM chip init process and report HW failure. The line card will not be brought up to online with any XM-DDR3 fail, causing a potential risk when sending corrupted packets to the remote Packet Forwarding Engines via the fabric streams. PR1166106

  • When graceful Routing Engine switchover (GRES) is configured, the ksyncd crashes on the backup Routing Engine if a VPN static route has a network address as a next-hop. This occurs because the backup Routing Engine is not ready for a graceful switchover. PR1179192

  • When multicast, vpls-flood or bridge-flood traffic, on an affected FPC type, with packet sizes ranging from 112 - 113 bytes or 108 - 109 bytes cross zone boundaries within the router (zones are defined below), traffic forwarding towards the fabric might stall. The following syslog entry will be reported "FO: Cell packing interface error". The MPC that reports this syslog error message needs to be restarted to recover from this condition. PR1180397

  • IPv6 now defaults to a probe type of ICMP. Prior to this a probe type had to be explicitly specified. This change brings functional parity between IPv4 and IPv6 probe types with regard to a default probe. PR1183196

  • Issue occurs if there is at least one python event-scripts configured with policy defended in configuration database. There are also some policies without the script action that hit the same warning. #commit full Jun 10 13:24:44 re0: [edit event-options] 'policy DOM-SIGNAL-CHECK' warning: Policy 'DOM-SIGNAL-CHECK' is defined in both Junos OS configuration database and event script, ignoring the one defined in the event script. PR1190964

  • In a very rare scenario, during a TAC accounting configuration change, the auditd daemon crashes due to a race condition between auditd and its sigalarm handler. PR1191527

  • Insertion of an offlined MPC6E into the MX2000 chassis can cause the FPC temperature sensor to detect transient "WARM TEMP" condition, and the chassis FAN in the same zone goes to high speed. PR1193273

  • Customer can now set the maximum datasize statement for JET scripts to up to 3 GB. PR1193948

  • Interface link flaps could occur or MPC might generate a core file with any GRES on an MX Series Virtual Chassis. On an MX Series Virtual Chassis, MPC board selects a clock from the next reference after GRES,which is a line interface. If there is no signal on that line, then the clock is bad and link flaps could occur or the MPC might generate a core file. PR1194651

  • On an MX Series router with an MQCHIP line card (MX Series routers with MPCs) with traffic-control-profile, if the overhead-accounting is configured with negative values, it might not work. The shape function will be affected. PR1195866

  • junos:key attribute, which is emitted in the XML format of the configuration, will not be emitted in the JSON format of the configuration. PR1195928

  • Blank firewall logs for IPv6 packets with next-header hop-by-hop is fixed. PR1201864

  • On MX Series routers with MPC2 NG/MPC3 NG/MPC3/MPC4/MPC5/MPC6 installed, when configuring multiple lt interfaces with HQOS on a MPC, due to a software defect, when creating internal lt tunnel stream in Packet Forwarding Engine, the tunnel bandwidth will be overridden to max bandwidth(60G for MPC2 NG/3 NG, 100G for MPC/3/4/5/6). This causes all of the 256 internal FIFO resources to be allocated only two tunnels. The allocation for other tunnels fails due to lack of resources. As a result, only two lt interfaces can stay up, other lt interfaces will go down. PR1209065

  • On MX2000, show chassis hardware detail might show MICs are installed even after MICs are removed. PR1216413

  • MX Series routers with MPCs might crash after firewall filter configuration change is committed. PR1220185

  • Routing protocol process (RPD) might restart unexpectedly if one of its TCP sockets is closed. PR1221183

  • When any MPC line card is offlined, it goes offline via all offline flows and connection is cleaned, but in the end of the offline flow, somehow it delays powering off the line card. The chasd process powers off the MPC via L2cs write the respective power registers, but in hardware it is not really powering off. As a consequence, since MPC is still powered on but the connection is down, it will try to reconnect, then start to come up automatically within 10 secs. It occurs sometimes. PR1222071

  • NTP peers failed to synchronize in symmetric active mode when there is significant downtime of one peer (for example, due to power maintenance, such as HW or SW upgrades). PR1222544

  • IPv6 traffic learned on an L2/bridge/multilink interface and when it has been traversed through MPLS, core random packets might get classified incorrectly by the fabric, which leads to packet loss. PR1223566

  • Interface firewall filters might get mixed up after Routing Engine mastership switchover with GRES disabled. PR1224995

  • This is a race condition between database creation and database access. Rarely reproducible. There is no functional impact of the core. PR1225086

  • Next hop used for Routing Engine generated TCP traffic might differ from the one used for Routing Engine-generated non-TCP traffic if the prefix not subjected to 'then load-balanced per-packet' action and is pointing to an indirect next-hop resolved via unilist next-hop (ECMP). Before the fix for PR1193697, this leads to non-TCP traffic generated from Routing Engine taking one unicast next-hop while TCP traffic generated from Routing Engine is load-balanced across different next-hops. After the fix for PR1193697 this behaviour might lead to non-TCP host outbound traffic taking one unicast next-hop, while TCP host outbound traffic takes another. PR1229409

  • Firewall filter index mapping gets incorrect after Routing Engine switchover, due to the contents of "/var/etc/filters/filter-define.conf" getting wrongly changed after Routing Engine switchover. PR1230954

  • The apply-path change bit does not seem to get applied when prefix-list is modified and the DFWD daemon, which waits for the policy-options, does not get notified and the apply-path function is broken. PR1232299

  • In an AI-Scripts (Advanced Insight Scripts) environment, when there is some special combination of jcs:printf(...) and some special characters (such as \n \t \\) at the boundary of the buffer, the scripts process might crash and high RPD memory usage is observed. PR1232418

  • Incoming interface index could not be used as a load balancing input factor under family multiservice if the traffic payload is a non-Ethernet frame. PR1232943

  • FPC memory leak seen on T4000 FPC Type 5. PR1233003

  • The scale-subscriber license count might increase to an invalid license state with L2TP/LTS clients. This is due to the l2tpd daemon not going through a proper state transition on L2TP/LTS clients logout hence the license count was not getting updated. The fix will ensure the license count is updated on logout regardless of the daemon going through proper state transition or not. PR1233298

  • and FreeBSD have published security advisories for vulnerabilities resolved in ntpd (NTP daemon). Server-side vulnerabilities are only exploitable on systems where NTP server is enabled within the [edit system ntp] hierarchy level. A summary of the vulnerabilities that may impact Junos OS is in JSA10776. Refer to JSA10776 for more information. PR1234119

  • Login for flow-tap DTCP-over-SSH service fails when SSH key-based authentication is configured for the flow-tap user. PR1234464

  • In an MX2010/2020 environment with an MS-PIC with a J-Flow configuration, MX2010/2020 cannot sample multicast traffic when this multicast is copied to multiple interfaces. PR1237164

  • FPC and Routing Engine might get stuck in high CPU when DDoS SCFD is turned on. PR1237486

  • The auditd daemon is on LCC except SFC. So the auditd on LCC generates log message. PR1238002

  • Due to a regression issue, the presence of errors or traps during ISSU might result in an LU/XL based FPC crash. PR1239304

  • On MX Series routers with MPC5/MPC7/MPC8/MPC9, when a low value of temporal buffersize (for example,10k) is configured, the threshold in the drop rule in the Packet Forwarding Engine (PFE) differs from what is expected. PR1240756

  • During an unified ISSU process, an MPC1E/2E/3E/4E or MPC-3D-16XGE-SFPP may restart unexpectedly. This issue shows up as an error in ppe_cfg_morph_ucode_instr( ) routine which can be seen in syslog messages. PR1241729

  • For hardware platforms based on EA or XQ chips (such as MPC2E-3D-NG-Q), the minimum buffer value programmable in the Packet Forwarding Engine is modified from 4096 bytes to 1568 bytes. PR1246197

  • An MPC/FPC may report LUCHIP EDMEM error during ISSU. This may cause inconsistency or incorrect forwarding information (FIB) inside the Packet Forwarding Engine. While the MPC is in the problem state, the Packet Forwarding Engine may experience packets lost. The issue should be self corrected after the ISSU process is complete and the Packet Forwarding Engine learns new FIB entries. However, if the problem persists, the MPC might need to be restarted. PR1249395

  • The configuration database is locked when a user that was in "configure exclusive" is logged out unexpectedly. PR1250305

  • When RADIUS accounting is configured, the Junos OS device will try for the maximum number of times when sending RADIUS accounting requests to a non-reachable RADIUS accounting server. When the last try is sending but the socket is closed due to the 'network is down' between Junos OS device and RADIUS accounting server, the auditd might crash. Auditd will get restarted automatically after it crashes. So accounting continues to work after auditd crashes. However, at the time of crash if there are some messages in the auditd queue that need to be sent out from Junos OS device to accounting server, those messages might get lost. After auditd gets restarted, the next event that has to be sent to RADIUS server, will be sent normally. PR1250525

  • In a logical-systems environment, if there are some failures that cause Routing Engine switchover (not perform Routing Engine switchover manually), the Kernel routing table (KRT) queue might get stuck on the new master Routing Engine with the error "ENOENT -- Item not found". PR1254980

  • On MX Series routers with MPC5E or MPC6E cards, if VPLS or bridging features are configured, it is possible that unicast L2 packets with known MAC addresses are flooded instead of being forwarded to the known ports. It might cause some unicast traffic over VPLS or BRIDGE to be dropped. PR1255073

  • Packets are not encapsulated with GRE header after disable and reenable gr- interface and GRE tunnel traffic might get dropped. PR1255706

  • During an unified ISSU, memory from the previous image related to hash tables is not properly recycled, which leads to blocks of physical memory being left unused. The crash is triggered by an attempt to create a memory pool using one of these blocks. PR1258795

  • mgd might crash after executing the command show ephemeral-configuration | display inheritance. This option is unsupported. PR1258823

  • If IX chipset-based mic(MIC-3D-20GE, for example) is used on an MPC that has two more mic slots, the show pfe statistics traffic detail command could display in/out pps statistics unexpectedly. PR1259427

  • After an interface switch, when the MAC moves from one interface to another, the next hop is incorrectly following the MAC route, which has been corrected via code changes. PR1259551

  • When a DHCP/BOOP reply packet is received from an unnumbered interface, the FUD process might fail. PR1260623

  • After an ISSU upgrade, the WRED drop profile may not be programmed correctly, resulting in an incorrect WRED drop. PR1260951

  • On an MQ chip-based MPC, some DDRIF checksum errors are observed, which might send traffic to a black hole. This PR also includes a chassis management alarm when there is a DDRIF checksum error on the MPC. PR1260983

  • On an MX Series Virtual Chassis setup acting as an MVPN bud node and having a downstream local receiver and a PE node, traffic with few multicast groups are reported not being forwarded to the local receiver. PR1261172

  • MX Series routers with FPCs might crash generating a core file when interface-specific firewall filters are configured with policers. PR1267908

  • On all platforms, fast flapping of interfaces/fast changing of configurations might cause an RPD crash and BGP sessions will flap very quickly. PR1269116

Port Security

  • The transmit delay interval is the maximum time the key server will wait before installing a new TX SAK (default value is 6 seconds). When MKA transmit interval is set to 6 seconds, during key roll over both transmit interval and delay interval timers expire at the same time and a new TX SAK gets installed on the key server before the RX SAK is installed on the peer node causing traffic drop. PR1257041

Routing Policy and Firewall Filters

  • With rib-groups configured for importing routing information to multiple routing tables, unexpected route refresh might happen when committing a configuration change due to a defect in code related to secondary table list handling. PR1201644

Routing Protocols

  • When a BGP speaker (router) has multiple peers configured in a BGP group, there is sometimes an inaccurate count of prefixes. This occurs when the BGP speaker receives a route from a peer and re-advertises the route to another peer within the same group. In such instances, the MIB object "jnxBgpM2PrefixOutPrefixes" for peers in the same group reports the total number of advertised prefixes in the group. MIB value "jnxBgpM2PrefixOutPrefixes" is defined as being used on a per-peer basis. However, it is instead being used to report prefixes on a per-group basis. To display an accurate number of advertised prefixes, use the show bgp neighbor command. PR1116382

  • For devices populated with master and backup Routing Engines and configured for nonstop active routing (NSR) and Protocol Independent Multicast (PIM) configuration, the routing protocol process (RPD) might crash on the backup Routing Engine due to a memory leak. This leak occurs when the backup Routing Engine handling mirror updates about PIM received from the master Routing Engine deletes information about a PIM session from its database. But due to a software defect, a leak of 2 memory blocks (8 or 16 bytes) may occur for every PIM leave. If the memory is exhausted, the rpd may crash on the backup Routing Engine. There is no impact seen on the master Routing Engine when the rpd crashes on the backup Routing Engine. Use the show system processes extensive command to check the memory. PR1155778

  • In a BGP scenario with inet-mdt family configured under protocols BGP, route table <TABLE>.mdt.0 might get deleted if it has no routes. As a result, RPD might crash on the backup Routing Engine, and BGP sessions might flap on the master Routing Engine.PR1207988

  • In large-scale BGP route environments with multipath configured, if BGP sessions go down simultaneously, the rpd might crash because it cannot finish multipath cleanup within a 10-minute limit. PR1209695

  • If BGP and NSR are configured, then doing GRES might cause BGP to get stuck in NSR replication state. PR1210781

  • When multiple labels become stale in stale-label-holddown-duration (default 60 secs), it restarts the timer and accumulates all the stale-labels without getting deleted. This might cause memory for allocating labels to be exhausted and then MPLS traffic might be affected due to abnormal/failing label allocation. PR1211010

  • BGP routes are rejected as cluster ID loop prevention check fails due to a misconfiguration. But when the misconfiguration is removed BGP routes are not refreshed. The fix for this issue sends a soft route refresh dynamically when a cluster ID is deleted. PR1211065

  • When IS-IS is configured with overload timeout of 60 seconds and fragmented LSPs exist (for example, 25 IS-IS neighbors + 10K ipv4 routes + 1K ipv6 routes), if link flap/neighbor down/restart routing event is triggered, the IS-IS routes might miss in the routing table, which might cause some protocol sessions to go down and traffic loss. PR1213166

  • When changing the RD for an existing VRF with established chatty MSDP sessions or deletion/deactivation of MSDP session in the configuration, the rpd process might crash, which leads to traffic disruption. PR1216078

  • The routing protocol process (RPD) on a backup Routing Engine might restart unexpectedly in a large BGP NLRI environment. PR1220651

  • In the rare scenario with a maximum number of routes in the BGP RIB_OUT table (for example: there are more than 700K BGP routes in route table), if flapping BGP protocol, it might cause the rpd process to crash. PR1222554

  • According to the SR draft, the SR Capabilities sub-TLV must be propagated throughout the level and should not be advertised across level boundaries (the S bit in Router Capability Flag is set to 0). When IS-IS segment routing is configured, the S bit in Router Capability Flag is set to 1, which means the IS-IS Router CAPABILITY TLV must be flooded across the entire routing domain. Thus it leads to the IS-IS adjacency failure with other vendor devices. PR1223448

  • When doing multiple back-to-back GRES switchovers the BGP peerings might drop after three or more switchovers. PR1224330

  • On the Junos OS devices during graceful restart, the restarting node might send "End of RIB" maker too soon to its helper nodes, before the actual route updates are completed, causing traffic loss. PR1225868

  • On all platforms, if MPLS goes down due to link flap or FPC reboot or restart, rpd core could be seen. PR1228388

  • When first multicast packet gets fragments because of bigger in size, the receiver in the MVPN scenario does not receive all fragments. The fix for this PR will make sure to wait untill the last fragment of the PIM register packet is received at RP before processing the PIM resolve request. After last fragment of register packet is received, the PIM register state is created and the PIM resolve request is triggered to install a multicast route. So, all fragments of the register packet will get forwarded to the receiver. PR1229398

  • Junos OS 15.1 and later releases might be impacted by the receipt of a crafted BGP UPDATE which can lead to an rpd (routing process daemon) crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition. Refer to JSA10778 for more information. PR1229868

  • Remote LFA protection may not work for the OSPF route in case if - also a LFA protection is available - there is not ECMP to candidate PQ node - PQ node's router-id belongs to different area. PR1230322

  • When a BGP peer goes down on the peer device, there might be a case of freeing the BGP session resources twice on the Junos OS devices and it can result in an rpd crash. This issue occurs when graceful restart is enabled on the peering device. PR1230556

  • In a rare condition after a BGP session flaps, BGP updates might not be sent completely, resulting in BGP routes being shown in the advertising-protocol table on the local end but not shown in the receive-protocol table on the remote end. PR1231707

  • The routing protocol process (rpd) sometimes is interrupted and halted when it tries to free a session reference block. This can occur when the memory red zone check fails and at the same time attempting to free reference memory block. The failure is caused when the red zone check receives an address that is not the beginning of a memory block. PR1232742

  • Juniper Networks implemented BGP4-MIB (including bgpPeerTable and bgpPeerState) per RFC 4273. When there is IPv6 BGP neighbor, Junos OS is unable to return a correct value for the BGP peer. This is caused because bgpPeerTable/bgpPeerEntry is indexed by bgpPeerRemoteAddr, which is syntaxed as IpAddress, a 32-bit integer. But the IPv6 address is 128 bits. This will cause Junos OS to return, which is considered an invalid peer. PR1233790

  • With BGP ORR (optimal-route-reflection) configured, if IS-IS LSP has more than one fragment and the LSP is purged (for example, a topology change after a link flap), then an rpd crash might be seen. PR1235504

  • When a rib-group is configured with a nonexistant routing-instance, after deleting rib-group and deactivating static flow route, a stale route might be present in inetflow.0 rib. It might affect traffic forwarding. PR1236636

  • When there are different LSPs towards the same egress endpoint and they are up and advertised in IS-IS or ISIS TE shortcuts are configured, the active route is expected to use the LSPs as ECMP next hops in inet.0. If in addition, RSVP load-balance bandwidth is configured it would be expected that traffic is load balanced taking into consideration the LSP's bandwidth. The later was not happening and the traffic was load balanced equally across all ECMP LSPs, which should not have been the case. PR1237531

  • A combination of next-hop-self, add-path, and per-prefix-label on a BGP-LU (label-unicast) RR can cause the wrong MPLS.0 routing/forwarding swap state to be installed. PR1238119

  • When a Juniper Networks device is running protocol BGP, and policy configuration is modified, an assertion condition might be hit where the routing protocol process generates a core file. PR1239990

  • When sham-link is configured, doing a series of configuration changes about sham-link might cause sham-link not to bring up. PR1240391

  • In a PIM scenario with BSR configured, after deleting a static RP configuration from another router, then checking an RP table on a BSR router, there might be a stale bootstrap RP entry (which is the static RP deleted from another router) in the RP table. PR1241835

  • Session uptime in show bfd session detail output omits seconds if uptime is longer than 24 hours, which is different from similar output for Label Distribution Protocol (LDP), Open Shortest Path First (OSPF), or Border Gateway Protocol (BGP). Seconds are always included into corresponding outputs for these protocols. PR1245105

  • In BGP configuration, the static rt-constrain feature is configured but family route-target is not present on any BGP configuration, RPD might generate a core file. This is due to cleanup code attempting to free state that was not created since family route-target was not configured. PR1247625

  • On all platforms, OSPF next hop might keep flapping between rLFA (remote LFA) and LFA when multi-area (PQ node sits in different area) rLFA along with policy is configured PR1248746

  • Junos OS supports the mechanism to preserve BGP routing details for a longer period from a failed BGP peer than the duration for which such routing information is maintained using the BGP graceful restart functionality. But due to a software defect, the LLGR (Long-Lived Graceful Restart) feature not working between a Juniper Networks PE to other vendor's RR. PR1248823

  • The configuration statement "learn-pim-router" is not working properly and as a result PIM hello packet will not be forwarded over pseudowire and multicast traffic will be dropped when the statement is configured under igmp-snooping protocol. PR1251439

  • Routing protocol process (rpd) might restart unexpectedly with a reference to ioth_session_delete_internal ( ) routine. PR1261970

  • On MX Series routers, if enabling IS-IS segment routing but certain interface is not enabled RSVP, then it might cause corrupted TLV 22 of IS-IS (the size of the value part of the TLV exceeds 255), and it might cause rpd to crash for parsing the LSP (labeled switchover path). PR1262612

  • If vrf-table-label is configured in carrier of carriers VRF routing-instance and a direct interface route is advertised from the VRF towards a CE device as BGP-LU (BGP Labeled Unicast) route, the MPLS label entry for the direct route is permanently stuck in the kernel routing table (KRT) queue. PR1263291

  • On MX Series router, when configuring import policy of IPv6 prefix with a IPv4 next hop for a BGP neighbor, the Rpd might crash continuously. The rpd crashing stops only after deletion of the policy. PR1265224

  • After configuring "family inet unicast extended-nexthop", in the BGP open message sent to the peer, "Nexthop AFI=2" should be in the message instead of "Nexthop AFI=3". PR1272807

Services Applications

  • When using NAT on the MX Series router, the FTP ALG fails to translate the PORT command when the FTP client uses Active Mode and requests AUTH(SSL-TLS) but the FTP server does not use AUTH. PR1194510

  • Backup SDG reported memory-usage zone in RED, live PIC cores have been collected and PICs have been restarted. PR1202872

  • IDP policy is trashing with the following log messages:

    Aug 23 20:56:25 esst480a jlaunchd: idp-policy (PID 8562) started

    Aug 23 20:56:25 esst480a jlaunchd: idp-policy (PID 8562) exited with status=0 Normal Exit

    Aug 23 20:56:25 esst480a jlaunchd: idp-policy (PID 8564) started

    Aug 23 20:56:30 esst480a jlaunchd: idp-policy (PID 8564) exited with status=0 Normal Exit

    Aug 23 20:56:30 esst480a jlaunchd: idp-policy (PID 8570) started

    Aug 23 20:56:35 esst480a jlaunchd: idp-policy (PID 8570) exited with status=0 Normal Exit

    Aug 23 20:56:35 esst480a jlaunchd: idp-policy (PID 8574) started

    Aug 23 20:56:40 esst480a jlaunchd: idp-policy (PID 8574) exited with status=0 Normal Exit PR1209351

  • The kmd process might hog CPU when continuously polling for IKE-related data through SNMP. This issue is specific to IKE related SNMP polling and not seen when continuously polling IPsec related data through SNMP. PR1209406

  • Once you disable the stateful-high availability feature for an interface and then reenable it for the same interface and it comes up as backup, we might see some delay before it actually starts the session synchronizing. PR1214015

  • L2TP subscribers on LNS might get stuck in Terminated state. PR1215941

  • When BNG receives an ANCP Port Up message for tunneled subscriber and this message contains Actual Interleaving Delay Upstream and Maximum Interleaving Delay Downstream TLVs, then corresponding AVPs in the incoming-call request message will be corrupted. PR1234440

  • On Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC) router where Access Node Control Protocol (ANCP) is used for bandwidth adjustment, L2TP Connect Speed Update Notification (CSUN) message to L2TP network server (LNS) might be sent after a short delay after ANCP Port Up with updated access line parameters was received. This delay is caused by current interaction scheme between ANCP and the L2TP daemons and can last up to 5 seconds. In a production network scenario this delay shouldn't be visible as the L2TP daemon checks for state updates each time when there is an L2TP packet that has to be sent or received. PR1234674

  • PPPoE - L2TP subscribers might get stuck in Terminating state in longevity login/logout test. PR1235996

  • When the stateful firewall flows time out repeatedly, there can be performance degradation on the MS-DPC PIC. This will eventually lead to MS-DPC unable to scale to the peak flows that we allow. PR1242556

  • On Layer 2 Tunneling Protocol (L2TP) network server (LNS) router L2TP tunnels might be stuck in "Terminating" state after execution of particular sequence of CLI commands. Deactivation of tunnel-group on LNS leads to clean up of all logged in L2TP subscribers and L2TP tunnels. If the clear services l2tp tunnel command is issued when the clean up has not been completed, it is possible that the tunnel will not be cleaned up properly and get stuck in "Terminating" state. PR1249768

  • With MS-MIC/MS-MPC used for NAT service, when changing the source-address under a NAT rule term for a BASIC-NAT translation type, all future traffic hitting the NAT term will be dropped. PR1257801

  • L2TP Congestion Window set to 128 instead of 1 when tunnel is created. PR1265001

  • Apply-group configuration may cause KMD process crash during "commit check" process, which causes IPsec tunnel establishment failures. After this fix, apply-group can be used. PR1265404

  • On MX Series routers, in rare cases, If chassis tunnel configuration and the flowtaplite configuration are changed in the same commit, kernel might crash. This is a timing issue and the probability of hitting this issue is low. If NSR/GRES is enabled in the device, the impact might be low that the kernel crashes. On the contrary, if NSR/GRES is not enabled in the device, traffic loss/routing protocol restart might be seen. PR1273357

Subscriber Access Management

  • The auth request does not cause the router to send RADIUS REQUEST message, "Failed to queue the request, will be queued in authd internal queue" PR1178813

  • In a subscriber management environment with two or more RADIUS servers connected to an MX Series router, syslog is not generated when the RADIUS server is marked dead.PR1207904

  • If RADIUS returns Framed-route="" to a subscriber terminated on a Junos OS platform, this subscriber cannot log in due to an authentication error. PR1208637

  • A 3GPPP-SGSN-MCC-MNC svp with value "999999" will send in all CCR-GY requests.PR1233847

  • On MX Series routers with subscriber management, the DHCPv6 solicit packets with IA_PD option from the subscriber are ignored if DHCPv6 server doesn't have prefix to allocate for this subscriber, which is incorrect behavior. According to the RFC standard, DHCPv6 server should reply to such packets using special Status Code: NoPrefixAvail (6), which should be included in Advertise/Reply in case if no delegated prefix is available. PR1234042

  • On MX Series router with dual Routing Engines, after router the GRES, if user adds traceoptions filter during GRES not ready period, the authd process might crash. PR1234395

  • Call rate performance may be impacted under heavy load if there are large numbers of small linked address pools due to a bug in the allocation traversal algorithm. PR1264052

  • show network-access aaa statistics radius detail can display an incorrect number of messages to the RADIUS server in case configured RADIUS server's are continuously flapping. PR1267307

  • In an MX Series BNG environment, it was noticed that the Show network-access requests pending count continues to increase even though there are no pending authentication requests. PR1267702

  • During L2BSA subscriber stress test, some of subscribers may report invalid Event-Timestamp to RADIUS. PR1270162

User Interface and Configuration

  • An rpd memory is increasing and cannot go back after an IS-IS interface flap. If this memory leak reaches a high level that impacts the route calculating, it might cause unexpected network issue. PR1243702

  • Some configuration objects are not properly handled by "delta-export" (dexp). This leads to an omission of the section of the configuration. PR1245187


  • In MVPN SPT-only mode scenario, the first multicast packet is lost when the multicast source is directly connected to the PE. PR1204425

  • In NG-MVPN scenario, when "forwarding-cache timeout never non-discard-entry-only" is configured for an MVPN instance, even though the cache lifetime is shown as forever in the output of CLI command show multicast route instance X extensive, the route disappears after 7-8 minutes. PR1212061

  • On Junos OS platforms, only VPLS supports automatic-site-id. Configuring automatic-site-id under the L2VPN instance could cause an rpd core. The fix has now been provided to add a commit check to disallow configuring automatic-site-id under a L2VPN instance. With this fix, commit error will be thrown if the user tries to configure automatic-site-id under an L2VPN instance. PR1214328

  • The routing protocol process (rpd) might eventually become exhausted and crash when Layer 2 Circuit, Layer 2 VPN, or virtual private LAN service (VPLS) configurations are committed. These commit activities might create a small memory leak of 84 bytes in the rpd. If the rpd memory is exhausted, recovery can be accomplished by restarting rpd. If nonstop routing (NSR) is configured, the master Routing Engine can be switched over to the standby Routing Engine, causing the master rpd to exit and restart and free the leaked memory. PR1220363

  • In NGMVPN scenario with asm-override-ssm configuration statement for source specific multicast (SSM) group, if you issue the clear pim join command on the source PE, downstream interfaces get pruned causing the multicast flow to stop. If you issue clear pim join one more time then the issue is resolved. PR1232623

  • With NSR enabled and a Layer 2 circuit configured, an rpd crash might be observed on the backup Routing Engine when you change the Layer 2 circuit neighbor and then commit the changes. The issue does not exist if NSR is not enabled. PR1241801

  • An rpd crash might be observed with a segmentation fault after applying an L2VPN configuration followed by the ping mpls l2vpn command. PR1272612

Resolved Issues: 16.2R1

Forwarding and Sampling

  • Sampling Route-Record Daemon (SRRD) process does not delete routes when the DELETE is received from RPD in few configuration cases. This results in build-up of memory in SRRD daemon and once SRRD reaches the limit, it crashes and restarts itself. This happens only when one certain family is not configured on all of the FPC clients (e.g., FPC with inline J-Flow enabled or PIC with PIC-based sampling enabled is one client). For example, only IPv4 family is configured in all the clients, and IPv6 and MPLS families are not configured for sampling in any of the clients. PR1180158

  • The changes to srrd (sampling route reflector daemon - new architecture for sampling) process between Junos OS Release 14.2R5.8 and Junos OS Release 14.2R6.5 severely reduce MX80 series available memory and therefore RIB/FIB scaling. PR1187721

  • Starting with Junos OS Release 14.2R1, FPC offline could trigger Sampling Route Record (SRRD) daemon restart. PR1191010

  • On MX Series platform with "Enhanced Subscriber Management" mode, if default forwarding-classes are referenced by subscriber filters, commit configuration changes after GRES will be failed. PR1214040

General Routing

  • In MX Series Virtual Chassis (MX-VC) environment, the private local next hops and routes pointing to private local next hops are sent to Packet Forwarding Engine from master Routing Engine and not sent to slave Routing Engine, then an Routing Engine switchover happens. Now as the new master Routing Engine does not know about such next hops and routes, they are not cleaned up. When a next hop with same index is added on new master Routing Engine and sent to Packet Forwarding Engine, the Packet Forwarding Engine might crash due to a stale next hop. PR951420

  • When ps interface is configured using as anchor interface a logical tunnel (lt) interface without explicit tunnel-bandwidth configuration (under 'chassis fpc<fpc-number> pic <pic-number> tunnel-services' configuration hierarchy), the ps interface is created only in kernel, but not on Packet Forwarding Engine. In order to have ps interface in Packet Forwarding Engine, an explicit tunnel-bandwidth configuration is required. PR 1042737 removes this restriction, and a ps interface may be anchored to an IT interface without explicit tunnel-bandwidth configured. PR1042737

  • Wrong byte count was seen in the ipfix exported statistics packets for mpls flows . This issue is taken care now . PR1067084

  • The configuration support for enabling ingress and egress layer2-overhead is available in dynamic-profile but the functionality is not supported in Junos OS Release 15.1R3 and Junos OS Release 15.1R4. For example, set interfaces ge-4/2/9 unit 0 account-layer2-overhead ingress 30 set interfaces ge-4/2/9 unit 0 account-layer2-overhead egress 30 With the above configuration, the number of layer2-overhead bytes (30) are not added to the input bytes in traffic statistics. PR1096323

  • If any linecard crashes early during unified ISSU warmboot, the CLI might report unified ISSU success, resulting in a "silent ISSU failure". PR1154638

  • In sampling feature, certain scenarios force handling of the sampled packet at the interrupt context , which may have chance to corrupt the BMEB packet context , and lead to BMEB FDB corruption. PR1156464

  • During SIB yanking (pulling a SIB out without offline) on PTX platform with FPC3, it is possible that traffic may be dropped resulting in an overall reduction in traffic throughput. PR1162977

  • On rare occasions the transport daemon may generate a core dump after a configuration change. PR1164377

  • With Junos OS Release 15.1 and later, on MS-MPC or MS-PIC, OSPF adjacency may fail to establish when there is no static route pointing to service PIC. PR1164517

  • Sampled continues logging events in traceoption file after traceoption for sampled deactivated. This can be hit if there is no configuration under 'forwarding-options sampling' but other configuration for sampled is present (for example, port-mirroring). PR1168666

  • When MS-MPC is used, if any bridging domain related configuration exists (for example "family bridge", "“vlan-bridge"”, "“family evpn", etc), in some cases, continuous MS-MPC crashes. Hence traffic loss may occur. PR1169508

  • On MX Series with MS-MPC/MS-MIC, for some reason, out of order execution of instructions on MS-MPC/MS-MIC might happen and then causing the mspmand daemon (which controls the service pic and process the data) core and crash. PR1169946

  • When a CFM down-mep is configured on a STP-blocked interface which is housed on a DPCE card, flooding of traffic in the local L2 broadcast network might happen, leading to side-effects such as flapping of OSPF sessions, BFD sessions, or similar. PR1174175

  • On virtual tunnel (VT) tunnel environment with forwarding-class, customer is using AE interface to terminate subscribers on the box and the AE interface has members on two different FPCs, due to a software defect, the mirrored traffic is not going to the correct forwarding class as expected. The issue is also seen when terminate subscribers and virtual tunnel hosted interface are on two different FPCs (Non-AE case). PR1174257

  • MTU discovery may not be working due to lack of VRF info on egress card for BBE Subscriber traffic. PR1177381

  • CGNAT-NAT64: Few port leak are observed for the EIM/EIF IPv4 traffic(2M sessions) from public side. PR1177679

  • Changes are needed to support dedicated users for control and multicast traffic. This will avoid unicast traffic to be hashed to users doing ucode processing. On JUNOS OS side, this PR introduces new CLI command set chassis fpc X performance-mode num-of-ucode-workers Y. PR1178811

  • If "router-advertisement" protocol is configured in client ppp profile, unsolicited RA might be sent before the IPv6CP Configuration ACK is received. PR1179066

  • A micro BFD session sourced from an interface's L3 address works even when the interface is not assigned the related UBFD address. PR1180109

  • In case of point to point interfaces and unnumbered interfaces rpd crash might be seen in corner cases on configuration changes. There is potential fix given through this PR to avoid the crash. PR1181332

  • With NAT translation-type as napt-44, a few sessions are getting stuck upon deactivating/activating service-set or corresponding applications at a few times with traffic running. The same symptom is seen upon deactivating/activating service-set with traffic running and with 'deterministic-napt44' translation type as well. PR1183193

  • DA mac filter is missing on Child link of AE after FPC restart. PR1184310

  • When IPv4 firewall filter have 2625/32 destination in prefix-list, filter attached to subscriber interface is found broken. PR1184543

  • Continuous reporting of the following messages might be noticed sometimes while bringing up all IFD/IFL/IFF states at once.

    Apr 1 11:16:05 mx2020-1 dot1xd[16641]: %-: task_receive_packet_internal: knl Ifstate packet from zero-len socket 8 truncated Apr 1 11:16:05 mx2020-1 dot1xd[16641]: %-: Free allocated bufp:(a433004) buflen:(16384)task_receive_packet_internal: knl Ifstate packet from zero-len socket 8 truncated Apr 1 11:16:05 mx2020-1 dot1xd[16641]: %-: task_receive_packet_internal: knl Ifstate packet from zero-len socket 8 truncated Apr 1 11:16:05 mx2020-1 dot1xd[16641]: %-: task_receive_packet_internal: knl Ifstate packet from zero-len socket 8 truncated Apr 1 11:16:05 mx2020-1 dot1xd[16641]: %-: Free allocated bufp:(a433004) buflen:(16384)task_receive_packet_internal: knl Ifstate packet from zero-len socket 8 truncated Apr 1 11:16:05 mx2020-1 dot1xd[16641]: %-: task_receive_packet_internal: knl Ifstate packet from zero-len socket 8 truncated During syncing of ifstate dot1xd try to read all the ifd/ifl/iff state at once. In scale scenario the size of these information will be very high. It may exceed demon rlimit / memory availability. PR1184948

  • When ams-interface is configured in warm-standby mode without adding any members, configuration commit will lead to rdd core. PR1185702

  • Next hop attribute in a framed route is not applicable anymore. Since subscriber IP address is used as the next hop in all cases, there is no need to have an additional attribute for next hop for framed routes. PR1186046

  • Traffic destined to VRRP VIP address or transit traffic with destination mac as VRRP VMAC which has paylod beyond 166 bytes (excluding headers) are dropped as "my-mac check failed" on MPC7E/8E/9E. PR1186537

  • After loading COS related configuration on MPC5E/MPC6E/MPC2E-NG/MPC3E-NG linecard, these error messages might be seen: "trinity_insert_ifl_channel:6449 ifl 495 chan_index 495 NOENT" "jnh_ifl_topo_handler_pfe(11591): ifl=495 err=1 updating channel table nexthop" PR1186645

  • On MX Series routers, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet to be accepted by the router rather than discarded. The crafted packet, destined to the router, will then be processed by the Routing Engine (RE). A malicious network-based packet flood, sourced from beyond the local broadcast domain, can cause the Routing Engine CPU to spike, or cause the DDoS protection ARP protocol group policer to engage. When this happens, the DDoS policer may start dropping legitimate IPv6 neighbors as legitimate ND times out. Refer to JSA10749 for more information. PR1188939

  • On MX Series platform, while using routing-instance for EVPN, and traceoptions is configured under global "protocols evpn", configuration of "vtep-source-interface" under global "switch-options" would be rejected. PR1189235

  • On MX240/MX480/MX960/MX2010/MX2020 platform, in rare cases, MPC4 line card might never come back online after rebooting the chassis by "request system reboot both-routing-engine" command. PR1190418

  • If a message received from LLDP neighbor contains "Port Id" TLV which has "Interface alias" subtype and is longer than 34 bytes, subsequent running of "show lldp neighbors" might lead to l2cpd crash. PR1192871

  • On MX Series with MPC3/MPC4/MPC5/MPC6, the VSC8248 firmware on the MPC crashes occasionally. This PR enhances the existing VSC8248 PHY firmware crash detection and recovery, helping recover from a few corner cases where the existing Junos OS workaround does not work. PR1192914

  • Configuring an RLT interface and rebooting the router shows the RLT interface down. The show l2circuit connection shows an mtu mismatch as the immediate cause. For example, the problem may be seen with the following configuration:

    show configuration interfaces rlt0 redundancy-group { member-interface lt-4/0/0; member-interface lt-4/2/0; } unit 0 { encapsulation vlan-ccc; vlan-id 600; peer-unit 1; family ccc; } unit 1 { encapsulation vlan; vlan-id 600; peer-unit 0; family inet { address; } } PR1192932

  • With GRES (graceful-switchover) and nonstop-bridging configured in Juniper devices with dual Routing Engines, the backup Routing Engine might run into high CPU usage due to abnormally high CPU utilization by firewall daemon. The abnormally high CPU usage might impact the functions that backup Routing Engine works for. PR1193891

  • On Junos OS Release 15.1R3 and later with Tomcat model BBE release, if a subscriber login/logout which using multicast service, then another subscriber login and also use multicast service, this may cause bbe-smgd core on backup Routing Engine. PR1195504

  • In inline BFD or distributed BFD (in Packet Forwarding Engine) scenario, Packet Forwarding Engine fast reroute is not invoked anymore if the remote peer signals BFD ADMINDOWN message to local node and convergence time is performed based on protocol signaling. PR1196243

  • Distributed BFD session using inline-redirection on MX-VC might not work if the ANCHOR Packet Forwarding Engine is not within the same chassis member as the interface where the BFD packet is received from peer device. PR1197634

  • Problem: ======== The following continuous error messages are generated during 2X100GE CFP2 OTN MIC online on MX2K. This error message means PCI control signal communication failure between Packet Forwarding Engine on MPC6E and PMC Sierra OTN framer (pm544x) on MIC 2X100GE CFP2 OTN. *** messages *** Jul 25 17:39:04.807 2016 MX2K : %PFE-3: fpc0 cmic_pm544x_hires_periodic: error getting counters Jul 25 17:39:04.893 2016 MX2K : %PFE-3: fpc0 Failed in function pm544x_manage_link:2616 Jul 25 17:39:05.267 2016 MX2K : %PFE-3: fpc0 Failed in function pm544x_link_status:2449 Jul 25 17:39:05.267 2016 MX2K : %PFE-3: fpc0 cmic_pm544x_hires_periodic: error getting counters Jul 25 17:39:05.267 2016 MX2K : %PFE-3: fpc0 Failed in function pm544x_manage_link:2616 Jul 25 17:39:05.267 2016 MX2K : %PFE-3: fpc0 Failed in function pm544x_link_status:2449 Jul 25 17:39:05.321 2016 MX2K : %PFE-3: fpc0 cmic_pm544x_hires_periodic: error getting counters Jul 25 17:39:05.408 2016 MX2K : %PFE-3: fpc0 Failed in function pm544x_manage_link:2616 Jul 25 17:39:05.486 2016 MX2K : %PFE-3: fpc0 Failed in function pm544x_link_status:2449 Root cause: =========== Bug was in converting the 32bit PCI shared address to 64 bit address. When the MSB of the 32bit address was set, the conversion was buggy as it type caused it to signed long int, which resulted in extending the sign bit to first 32 bits of the converted 64bit address. The first 32bit of the converted address is expected to be zero as our memory is only 32 bit addressable. Problem appearance on customer deployments: =========================================== 1. Issue will be seen only when there are large number of nexthops in the Packet Forwarding Engine due to pfe anchor feature before the MIC is made online. 2. If the MIC came online without hitting this issue, then there is no chance of hitting this issue later. Because the bug was in the PCI shared memory allocation, which happens only during the MIC online. 3. This issue started showing after the Packet Forwarding Engine anchoring feature, which delayed the MIC online until the next-hops are sync to Packet Forwarding Engine. As a result the MIC is coming online very late and the shared memory allocation is coming from the higher RAM address, which the PMC vendor code porting layer is failing to handle. After the fix from this PR, we should not hit this issue. PR1198295

  • With MPC-NG or MPC5E hardware, the range of the queue weights on an interface is from 0 to 124. As every queue has to have an integer value of queue weight, it might be impossible to assign the weights in exact proportions to the configured transmit-rate percentage. Therefore, when a physical interface operates in a PIR-only mode, this might cause imprecise scheduling results. PR1200013

  • GUMEM errors for the same address may continually be logged if a parity error occurs in a locked location in GUMEM. These messages should not be impacting. The Parity error in the locked location can be cleared by rebooting the FPC. PR1200503

  • Dynamic firewall filter programs incorrect match prefix on the Packet Forwarding Engine. PR1204291

  • Packet Forwarding Engine may install next-hop incorrectly and cause traffic loss, if there is a next-hop policy pointing to a IPv6 address which need to be resolved. PR1204653

  • If send upstream and downstream IPv4+IPv6 traffic for PPPoE subscribers, mirrored traffic loss would be seen. PR1204804

  • On MX240/MX480/MX960 platform with RE-S-2000 Routing Engine, the Hard-Drive information on Routing Engine RE-S-2000 is missing in show chassis hardware detail output after upgrading to Junos OS Release 15.1 and later. This is just a display issue and this has no impact on any functionality. PR1205004

  • J-UKERN.mpc0 core after filter configuration change on vMX. PR1205325

  • This issue is identified as software defect and the fix is added in Junos Os Release 16.1R2 and above. PR1205914

  • When PCEP is enabled and LSPs are undergoing changes, like make before break (MBB) for rerouting, the rpd has to send those updates to PCE. However, when the PCEP session to PCE goes down, these updates are cancelled, but the rpd fails to completely reclaim the memory allocated for these updates. This causes increasing in the rpd memory every time the connection to PCE goes down while LSPs are simultaneously going through MBB changes. This issue will be especially noticeable when connectivity to PCE goes UP and DOWN continuously. If the connection is in steady state either UP or DOWN, then the memory leak will not happen. PR1206324

  • Multicast traffic is incorrectly forwarded in the multicast vlan for a few seconds for multicast groups disallowed by Universal Call Admission Control policy PR1206598

  • RLT interface configuration is not supported. PR1207982

  • VC link "last flapped" timestamp is reset to "Never" on the new backup Routing Engine after MX VC global GRES switchover. PR1208294

  • The cpcdd daemon might core and restart on the subscriber scenario with CPCD (captive-portal-content-delivery) service configured. PR1208577

  • On MX Series platform running Tomcat release, if route-suppression is configured for access/access-internal routes as well as destination L2 address suppression is configured for the subscriber, wrong destination MAC would be generated for the subscriber. PR1209430

  • BGP PIC installs multiple MPLS LSP next hops as Active instead of Standby in Packet Forwarding Engine, this can cause a routing loop. PR1209907

  • During GRES or unified ISSU, the BFD protocol state of a child ifd may not get replicated on the backup Routing Engine until bfd starts running on the new Active Routing Engine. PR1211015

  • On MX Series routers, when configuring the dynamic access routes for subscribers based on the Framed-Route RADIUS attribute, the route will be created on the device, however, it will be installed as an access-internal route instead of access route if it has /32 mask length. PR1211281

  • Inline J-Flow - Sequence number in flow data template is always set to zero on MPC5E and above line card type. PR1211520

  • On T-series platforms, if interfaces from FPC Type 4 and FPC TYPE 5 are configured together in one VPLS routing instance, incorrect TTL might be seen when packets go through the VPLS domain, for example, packets received via one FPC TYPE 4 might be forwarded to other FPC type 4 with incorrect TTL. The incorrect TTL could cause serious VRRP issue. When VRRP is enabled, after one CE sends the VRRP advertise packets with TTL value 255, other CE might receive the VRRP packet with TTL value 0 and therefor discard these VRRP packets. As a result, the VRRP status in both CE becomes Master/Master. PR1212796

  • The MS-MPC/MS-MIC service cards might encounter a core when using certain ALGs or the EIM (Endpoint-independent mapping )/EIF (Endpoint independent filtering) feature due to a bad mapping in memory. PR1213161

  • AE IFL targeted distribution feature now provides 4 level of prioritization. Please refer document attached in PR for more details. PR1214725

  • Inline J-Flow service will not work after unified ISSU on MPC5E and above type line cards. PR1214842

  • MX-VC: All VCP interface experiences tail-dropped as result of configuration conflict. It is a good idea to reference documentation and customize the COS associated with VCP interfaces. In this scenario customer has configured a corresponding xe-n/n/n interface with just a description to denote that port is dedicated to VCP. Problem is that the resource calculation is impacted and reports smaller queue-depth maximum values when both network interface xe-n/n/n and vcp-n/n/n are defined. Issue is more likely to occur with dynamic modification add/delete of vcp interfaces with a corresponding network interface xe-n/n/n configured. > show interfaces queue vcp-5/3/0 | match max Maximum : 32768 Maximum : 32768 Maximum : 32768 Maximum : 32768 PR1215108

  • On Junos OS Release 15.1R3 and later, MX Series platform release, if DHCPv4 or DHCPv6 subscriber is configured and the subscriber joins more than 29 multicast groups, the line card might crash. PR1215729

  • Incorrect source MAC used for PPPoE after underlying AE is changed. PR1215870

  • Prior to this fix for Tomcat releases, parameterized family i-net filter with term matching on address with non-contiguous mask will result in CLI syntax error which would fail subscriber login or CoA requests. PR1215909

  • The JUNOS OSnow supports extending the SSM groups defined in below CLI for dynamic subscribers using the BBE configuration: guration-statement/ssm-groups-edit-routing-options.html PR1216515

  • This issue happens only with RLT configuration and only on Junos OS Release 16.1 and beyond. PR1216991

  • If RS/RA messages were received through an ICL-enabled(MC-AE) IFL, packet loss would be seen and last for a while. PR1219569

  • The bbe-smgd core occurred in bbe_autoconf_if_l2_input when DHCP client generates ARP. PR1220193

  • Continuous error messages are seen. PR1221340

  • During CoA request there are no changes on schedulers. Requests are received successfully, but no changes from CoS side. PR1222553

  • Due to a defect related to auto-negotiation in a Packet Forwarding Engine driver, making any configuration change to interface in MIC "3D 20x 1GE(LAN)-E,SFP" might lead to interface flapping. PR1222658

  • On rare occasions, offlining a MIC-3D-16CHE1-T1-CE MIC can cause a FPC core. This is very unlikely in general and chances of it happening are very low. There is no workaround for this except to upgrade to an image with this fix present. PR1223277

  • On MX2020 router, when all the SFBs are yanked out, there is no available fabric in system, but FPCs remain online state. There is no problem in offlining these SFB/SFb2s. PR1227342

High Availability (HA) and Resiliency

  • In PPP environment with access-internal and multiple routing instances, after restart RPD process, the access-internal route might disappear. PR1174171


  • The issue is the gstatd process for 64 bit Junos image does not get to the correct path in the code and due to that gstatd process fails to start. PR1074084

  • From Junos OS Release 15.1 and later, smartd error message of Unigen SSD may be seen. Smartd reads SSD attributes and checks on 197-current-uncorrectable, 198-offline-uncorrectable by default. To Unigen, 198 is not = Offline-Uncorrectable, it is 'Total Count of Read Sectors'. As it is Total-Read, such attribute(198) always carries value and smartd reports it as 'Offline Uncorrectable Error'. PR1187389

Interfaces and Chassis

  • In a VPLS scenario, the flood NH for the default mesh group might not be programmed properly. A complete black-holing for the VPLS instance would be seen as a consequence. PR1166960

  • The jpppd might crash with a core dump due to memory heap violation associated with processing MLPPP requests PR1187558

  • MAC addresses are incorrectly assigned to interfaces by the MX-VC SCC (global) chassisd daemon, leading to duplicate addresses for adjacent FPCs. PR1202022

  • A CFMD core will be generated upon commit if the following conditions are met: * CFM is configured * On mis-configuration of icc format for MA. (for example, ICC name-format does not start with a character) PR1202464

  • For the duration of GRES, if an async message for RTTABLE is received at DCD during initialization, it might result in unexpected state changes, the traffic forwarding might be affected. This is a timing issue, it is hard to reproduce. PR1203887

  • In very rare possibility, mpc can be crashed with coredump will be seen when cli command 'request chassis mic offline fpc-slot <fpc-slot> mic-slot <mic-slot>' is executed due to software bug that sfp diagnostics polling function tries to access already destroyed sfp data structure by mic-offline. With fix, software will check if sfp data is valid before tries. PR1204485

  • If version-3 configuration statement is not configured, the command of "show vrrp detail|extensive|interface" display VRRP-Version as 2 for inet6 address family. The VRRP IPv6 never supported any VRRP version 2. It was always version 3. This issue is cosmetic but not actual impact on VRRP IPv6 functionality. The VRRP packets generated for i-net6 address family are of VRRP version 3. PR1206212

  • When configuring "vlan-tags" for any interface, if the interface configuration is changed continually, the dcd process might memory leak. If the memory is exhausted, the dcd process might crash. PR1207233

  • If the configuration can be scaled to have inner list to have more than 4K vlans, the commit vlan configuration operations might fail. PR1207939

  • When VRRP is configured on IRB interface with scaling configuration (300k lines), in corner case, handles might not be released appropriately after their use is over. As a result of that, memory leak on vrrpd might be seen after configuration commit. PR1208038

  • Access-internal route not installed for Dual Stack subscriber terminated in VRF at LNS with on-demand-ip-address PR1214337

  • During L2TP session establishment on MX LAC, if CPE attempts to negotiate MRU higher than 1492 bytes, spurious MRU of 1492 bytes is included into the Last Received ConfReq AVP in ICCN packet. PR1215062

  • In ppp subscriber scenario, if the jpppd process receives a reply message attribute from the radius or tacplus server with a character of %, it might cause the jpppd process to crash and cause the ppp user to be offline PR1216169

  • On Junos OS Release 14.2 and later releases, if asymmetric-hold-time, delegate-processing and preempt hold-time is configured, when neighbor's interface comes up again, "asymmetric-hold-time" feature cannot be used as expected. PR1219757

Layer 2 Features

  • A new static MAC is configured under AE interface, but the MAC of the LACP PDUs sent out is not changed. PR1204895

  • In dhcp relay environment, when delay-authentication and proxy mode are configured at same time. Jdhcpd may core due to NULL session ID. PR1219958

  • During unified ISSU process, if the first unified ISSU is aborted for some reason, an internal timer will not be cleaned up, and the new lacpd will be forked up, this cause the second ISSU in backup Routing Engine to be aborted in daemon prepare phase. It will not proceed further. PR1225523


  • Multiple RLFA backup gateways (one using spring inner label and other using TLDP label) can get programmed if the given node is PQnode to another node in the network that does not use SPRING RLFA backup for its LDP route, resulting in ECMP among backup next hops. Semantically both gateways provide the same protection path and TLDP based gateway is coming in the way of checking sanity of SPRING backup path. PR1176489

  • With a high degree of aggregation and a large number of next hops for the same route, ldp may spend too much CPU updating routes due to topology changes. This may result in scheduler slip and ldp session timing out. PR1192950

  • In L3vpn with chained-composite-next-hop scenario, when receiving a TTL expired packet, the device will transmit a ICMP error message in a MPLS header, but the route next-hop for this ICMP error packet is discard, so the one error message will be logged. PR1194446

  • When ldp is deactivated, there may still be route entries left in the ldp shadow routing table. RPD will core due to stranded route entries in the ldp routing table. PR1196405

  • If RSVP link-protection optimize-timer is enabled, rpd memory might leak in "TED cross-connect" when a bypass LSP is being optimized. PR1198775

  • This behavior is 16.1 release specific. When an ingress side link failure and LSP uses bypass path, LSR(DUT) cannot send proper "RSVP RRO" even if egress side topology changes. Please refer the following example. --- example --- 1. This is initial state. LSP of RRO has Link A and B IP address. bypass bypass Link C Link D +--------------------+ +------------------+ | | | | [Ingress LER] [ LSR ] [ Egress LER] | | | | +--------------------+ +------------------+ Link A Link B strict path strict path 2. Link A is down. LSP of RRO has Link B and C IP address because LSR sends out RSVP RESV including proper RRO to Ingress LER. bypass RSVP RESV bypass Link C <-----+ Link D +--------------------+ | +------------------+ | | | | | [Ingress LER] [ LSR ] [ Egress LER] | | | | +--------- X --------+ +------------------+ Link A Link B strict path strict path 3. Link B is down. LSP of RRO has Link B and C IP address because LSR does not send out RSVP RESV including proper RRO to Ingress LER. (wrong) bypass RSVP RESV bypass Link C <-----+ Link D +--------------------+ | +------------------+ | | | | | [Ingress LER] [ LSR ] [ Egress LER] | | | | +--------- X --------+ +-------- X -------+ Link A Link B strict path strict path PR1207862

  • With two Routing Engines and ldp export policy or l2-smart-policy configured. rpd on the backup Routing Engine may crash when ldp is trying to delete a filtered label binding. PR1211194

  • In VPLS environment, if delete the routing-instance, in rare condition, the rpd process might crash, the routing protocols are impacted and traffic disruption will be seen due to loss of routing information. This is a timing issue and hard to reproduce. PR1223514

Network Management and Monitoring

  • In some cases the output of a show version detail command may pause and take over one minute to finish. Note that trying to abort with control-c does not shorten the delay to regain the cli prompt. PR1196129

  • A trailing newline was erroneously added to the $$.message variable, this had undesirable effects for some use cases when using the 'event-options policy <> then execute-commands commands <>' stanza. The fix escapes any newline chars which mitigates the issue. PR1200820

  • RLI-24802 introduced in 16.1R1 caused some issues with snmp get-bulk. These changes are reverted from 16.1R2 PR1209561

  • The reason for this new PR (1227121) is because the fix for PR-1126532 was accidentally reverted while committing code under another PR-1209561. Hence, the external content for this PR is same as: PR1227121

Platform and Infrastructure

  • show interfaces mac-database mac-address <mac-addr> <intf-name>does not display any mac-specific traffic statistics data on Stout Line cards and also VMX for mac-learning enabled interfces mapped to i-net family. PR1012046

  • In software versions which contain PR 1136360's code changes on MX-VC systems, when J-Flow is not configured and equal-cost multipath (ECMP) load-balanced routes occur, the linecards may stop forwarding packets after logging any of the below errors prior to possible linecard restart or offline: - PPE Thread Timeout Traps - PPE Sync XTXN Err Trap - Uninitialized EDMEM Read Error. - LUCHIP FATAL ERROR - pio_read_u64() failed (A possible workaround is to configure J-Flow and restart all linecards.) In software versions which do not contain PR 1136360 solution, on MX Series Virtual Chassis (MX-VC) with "virtual-chassis locality-bias" configured, when equal-cost multipath (ECMP) load-balancing is occurring in the VC system, multicast streams and flooded Layer 2 streams may be duplicated or lost. Disabling "virtual-chassis locality-bias" from the configuration will eliminate the problem. PR1104096

  • Kernel might crash when deactivate or deleting a static route that is configured to point to an unnumbered interface-name as qualified-next-hop. PR1118681

  • XPATH expressions evaluations for YANG keywords yang leaf-ref/must/when are disabled by default. It means, even though YANG configuration has leaf-ref/must/when expressions, these expressions will not get validated/evaluated. PR1119972

  • This PR fixes an FD (file descriptor) leak problem in MGD process when netconf traceoptions are set. If <commit> rpc is executed via netconf session, there is an FD leak in the corresponding MGD pid. PR1174696

  • The issue happens after GRES. If commit on the new master during the config sync from the old master, commit might fail. PR1179324

  • If igmp snooping is configured in a VPLS routing instance and the VPLS instance has no active physical interfaces, multicast traffic arriving from the core might be send to the Routing Engine. As a result, host queues might get congested and it might cause protocol instability. As a workaround, configure a dummy activate interface in the VPLS routing instance can avoid this issue. PR1183382

  • A customer has reported that if you mistakenly configure a static flow route at the wrong hierarchy in the configuration of an MX80 or MX104 that a core dump occurs upon commit. This does not happen on other MX Series platforms. PR1187469

  • When access accept response from radius server contains class attribute, .class file is created. Normally .class file gets deleted in success scenario after the user logs in and reads the attributes. However, in error scenarios where the login fails or login succeeds but fails to read the user attributes, .class file is not deleted. Due to this, .class files will remain in /tmp folder. As multiple .class files are stored in /tmp folder, /tmp folder is running out of inodes. PR1187477

  • In a very rare scenario, during TAC accounting configuration change, auditd daemon crashes due to a race condition between auditd and its sigalarm handler. PR1191527

  • On Trio platform with network-services enhanced-ip mode, FPC CPU goes high for several minutes (30mins) when bulk (10K) mac/arp are learnt via lsi interfaces, which caused traffic interrupt. The issue can be seen with various triggers (e.g. mac flush, FPC reboot or link flap etc) . PR1192338

  • Syslog storage in a file could abruptly stop due a race condition in handling log file rotation. The fix is available from Junos OS Release 16.1R2 and later.PR1195239

  • When using delta-export , on commit full the configuration on backup Routing Engine will be corrupted. PR1199895

  • After system boot up or after PSM reset we may see "PSM INP1 circuit Failure" error message. PR1203005

  • When a Netconf get-route-information RPC is executed for all routes via ssh transport session and the session is terminated before all the route information is retrieved, the MGD process and RPD daemon will cause high CPU utilization for an extended period of time. Example of issues caused by this high CPU utilization for an extended period is as follows: BGP neighbors holddown timer expires and become ACTIVE OSPF adjacencies reset during database exchange OSPF LSA retransmissions events on neighboring nodes due to missing ACKs LDP sessions time out non distributed BFD sessions being reset due to missing keepalives PR1203612

  • From Junos OS Release 15.1F2/14.2R4, validating configuration fails if commit scripts are used during software upgrade. PR1204881

  • If inline J-Flow is configured in scaled scenarios, inline J-Flow sampler route database is taking huge time to converge. PR1206061

  • When "commit confirmed" is used after performing some changes, and an empty commit is performed to confirm the changes, the previous changes related processes will be notified again which is unnecessary. It might cause session/protocol flap. PR1208230

  • A fusion setup can experience a leak of NH memory when MAC moves result in updated next hops. You must restart the MPC to regain the memory. PR1208514

  • Workaround : Deactivate and Activate Inline J-Flow sampling instance How to Avoid 1. Don't make any Inline J-Flow specific configuration changes when service is not in steady state 2. configuration changes should be done in two steps. a ) First configure the J-Flow related configuration except the Flow Table size. b) Flow table size should be changed in a separate commit from the rest of the J-Flow configuration. PR1210899

  • Several files are copied between Routing Engines during 'ffp synchronize' phase of the commit (for example, /var/etc/, /var/etc/, etc). These files are copied even if there was no corresponding change in the configuration thus unnecessarily increasing commit time. PR1210986

  • If a Unicast or Multicast source sends a fragmented packet (a packet which exceeds the MTU of its outgoing interface) to the router and it needs to resolve the destination route, then only the first fragment of the packet is sent when the route it resolved. PR1212191

  • On MX Series platforms installed both DPC/E and MX Series based MPC, when DPC/E detects a remote destination error toward a MX Series based MPC Packet Forwarding Engine, unexpected fabric drops happened. PR1214461

  • On MX2000, MIC output is seen when there is no MIC in MPC under "show chassis hardware detail". Steps to reproduce the issue: 1. offline MPC 2. physically remove MPC 3. physically remove MIC from the MPC 4. reinsert MPC 5. online MPC usr@MX2K> show chassis hardware detail |find fpc FPC 0 REV 68 750-044130 ABDxxx79 MPC6E 3D CPU REV 12 711-045719 ABDxxx35 RMPC PMB MIC 0 REV 14 750-049457 ABCxxx22 2X100GE CFP2 OTN >>>>>>>> No MIC inside MIC 1 REV 26 750-046532 ABCxxx53 24X10GE SFPP >>>>>>>>>>No MIC inside XLM 0 REV 13 711-046638 ABDxxx59 MPC6E XL XLM 1 REV 13 711-046638 ABDxxx87 MPC6E XL PR1216413

  • This rmopd core was caused by the NULL pointer in SW function. PR1217140

  • For Junos devices supporting FreeBSD10 and with Junos OS Release 16.1R2, 16.1x60-D30 or 16.1x60-D35, when ephemeral database is in use and "persist-groups-inheritance" configuration statement is configured, daemons (for example, bbe-smgd, l2ald, ccmd, dcd but not limited) might crash after deletion of configuration from either ephemeral database or normal static configuration database. PR1217362

  • MX Series with MPC/MICs might crash after firewall configuration change is committed. PR1220185

  • Under certain conditions sync-other-re editing configuration warning might be displayed after reboot: lab@mx> configure exclusive warning: uncommitted changes will be discarded on exit Entering configuration mode Users currently editing the configuration: sync-other-re (pid 9220) on since 2016-10-03 00:16:36 PDT, idle 2d 05:47 sync-other-re (pid 9282) on since 2016-10-03 00:16:40 PDT, idle 2d 05:47 sync-other-re (pid 9333) on since 2016-10-03 00:16:49 PDT, idle 2d 05:47 sync-other-re (pid 9383) on since 2016-10-03 00:16:59 PDT, idle 2d 05:46 sync-other-re (pid 9433) on since 2016-10-03 00:17:07 PDT, idle 2d 05:46 PR1221723

  • Usage of malformed certificates (such as those missing newline characters) may result in rejection. The symptom would be messages such as: mgd: error: Unable to derive certificate from input. PR1223764

Routing Policy and Firewall Filters

  • With rib-groups configured for importing routing information to multiple routing tables, unexpected route refresh might happen when committing configuration change, due to a defect in code related to secondary table list handling. PR1201644

  • From Junos OS Release 15.1, memory leak on policy_object might be observed if the configuration of policies is added and deleted in high frequency. Not all polices make memory leak, and only the container policy referred in policy statement hits this issue: the "from" in policy invokes the terms which is defined in policy-options, for example, community, as-path, prefix-list. This is the configuration example. set policy-options prefix-list pl set policy-options policy-statement from prefix-list pl. PR1202297

  • BGP Flowspec provides for a BGP Extended Community that served to redirect traffic to a Virtual Routing and Forwarding (VRF) instance that matched the flow specification's Network Layer Reachability Information (NLRI). After the fix of the PR, all Junos platforms can support the following Redirect Extended Communities: +--------+--------------------+-------------------------------------+ | type | extended community | encoding | +--------+--------------------+-------------------------------------+ | 0x8008 | redirect AS-2byte | 2-octet AS, 4-octet Value | | 0x8108 | redirect IPv4 | 4-octet IPv4 Address, 2-octet Value | | 0x8208 | redirect AS-4byte | 4-octet AS, 2-octet Value | +--------+--------------------+-------------------------------------+ Please refer to RFC7674 for more information. PR1219724

Routing Protocols

  • When BGP speaker has multiple peers configured in a BGP group and when it receives the route from a peer and re-advertises route to another peer within the same group, MIB object "jnxBgpM2PrefixOutPrefixes" to the peers in the same group reports the total number of advertised prefixes in the group. MIB value "jnxBgpM2PrefixOutPrefixes" is defined as per peer basis but it looks as if it is per group basis. As a workaround, we can get the number of advertised prefixes from CLI command show bgp neighbor instead. PR1116382

  • When a bgp peer has a hold time of zero configured the peer will not reach establishment. PR1138690

  • If we have post-policy BMP configured & import policy rejects the route making it hidden, we will still periodically send this Unreachable Prefix to the BMP station. May 17 15:45:05.047931 bmp_send_rm_msg called, found post-policy prefix, peer (External AS 65101), station BMP_STATION_2 May 17 15:45:05.047943 import policy rejected post-policy prefix, peer (External AS 65101), station BMP_STATION_2 May 17 15:45:05.047986 generating post-policy delete for prefix, peer (External AS 65101), station BMP_STATION_2 May 17 15:45:05.048001 BMP: type 0 (RM), len 76, ver 3, post-policy, for Peer, station BMP_STATION_2 May 17 15:45:05.048018 Peer AS: 65101 Peer BGP Id: Time: 1463492684:0 (May 17 13:44:44) May 17 15:45:05.048027 Update: message type 2 (Update) length 28 May 17 15:45:05.048034 Update: Unreachable prefix data length 5 May 17 15:45:05.048047 Update: PR1184344

  • A route which has an IPv6 nexthop which is resolved recursively over other routes may fail to resolve successfully. This problem could happen because the route resolver may incorrectly use the IPv4 family resolution tree to resolve the nexthop rather than the correct IPv6 resolution tree. As a result, no route covering the IPv6 nexthop address can be located so the route with the IPv6 nexthop remains unresolved and unusable. PR1192591

  • The VRF related routes which are leaked to the global inet.0 table and advertised by the access routers are not being advertised to global inet.0 table on the core. PR1200883

  • With nonstop-routing (NSR) enabled, all running protocols include PIM and NG-MVPN will be replicated, if NSR is disabled only under PIM "set protocol pim nonstop-routing disabled", this will remove both PIM and NG-MPVN from replicated list, then adding PIM NSR again by "delete protocol pim nonstop-routing disabled" will not work as expected and PIM will not be added. PR1203943

  • In a situation which a BGP route is resolved using a secondary OSPF route which is exported from one routing-instance to another routing-instance. If the BGP route is being withdrawn while the OSPF route is deleted, rpd might restart unexpectedly. PR1206640

  • BGP routes are rejected as cluster ID loop prevention check fails due to a mis-configuration. But when the mis-configuration is removed BGP routes are not refreshed. The fix of this issue will send a soft route refresh dynamically when a cluster ID is deleted. PR1211065

  • On Juniper devices with BGP flowspec and Graceful-Restart for BGP configured, after the Routing Engine switchover, the firewall filter __flowspec_default_inet__ might be missed, causing BGP flowspec not working correctly. PR1213227

  • When using 64-bit routing protocol process, if OSPF (either OSPFv2 or OSPFv3) is configured, the device may not handle the LS-Update correctly when receiving the max sequence number (0x7fffffff, which should not happen in normal course) and discarding it without acknowledging it as a newer copy in the database. The issue surfaced because a particular implementation was also setting the LSA-sequence number to max sequence number before flushing out the LSA which was not per RFC. PR1217373

  • When a route in inet.3 has a conditional context associated with it (usually when conditional policy (policy with condition statement) applied on BGP), the rpd process might crash when IS-IS flooding LSP. PR1220533

Services Applications

  • Issue happens in specific corner cases and Acceptable workaround is available. If we bring down the complete subscriber and bring it back up again. Family bring up will work. PR1190939

  • When configuring Network Address Translation (NAT) service, the service route is still available in route table even after disabling service interface. Any types of service interfaces (except ams- interface) that supports NAT might be affected. PR1203147

  • On MX Series with L2TP configured, for some reason the L2TP packet in ICRQ retransmission message is set to incorrect value, and this causes frequent L2TP session flaps. PR1206542

  • On MX Series routers with subscriber management feature enabled used as a LAC (L2TP Access Concentrator), a small amount of memory leak is leaked by jl2tpd process on the backup Routing Engine when subscriber sessions are logged out. PR1208111

Subscriber Access Management

  • In DHCP relay scenario, DHCP relay binding might get stuck in "RELEASE(RELAY_STATE_WAIT_AUTH_REQ_RELEASE" state due to the LOGOUT Request is not processed correctly by authentication manager process (authd) if there were multiple attempts to activate Lawful Intercept (LI) for this DHCP subscriber using RADIUS change of authorization (CoA) packets in quick succession. PR1179199

  • If aborting "test aaa ppp" command with Ctrl-C, due to a software defect, when subscriber logout, the system does not wait for logout response, subscriber is immediately removed. Because of this, dfwd daemon is not able to clear filters in time and results in stale entries. The stale info might affect subscriber login and logout. PR1180352

  • If radius Primary-WINS(Juniper-ERX-VSA) is set as, subscribers is rejected by Authd and does not negotiate further. PR1209789

  • Commit error: "Radius-Flow-Tap LSRI" " is in use by subscriber, cannot be removed from the configuration" might be seen after two consecutive GRES switchovers if a subscriber with lawful intercept mirroring enabled was logged in before the switchovers. PR1210943

User Interface and Configuration

  • If executing rpc get command without newline character at end of <rpc>, then it will cause script execution break for timeout of rpc-reply. PR1146379

  • Configuration database is locked by "root" user when trying to commit vpls circuit configurations in "configure exclusive" mode. PR1208390

  • If user enters configuration mode with configure exclusive command, after configuration is automatic rollback due to commit unconfirmed, user still can make configuration changes with replace pattern command, the subsequent commit fails with error: access has been revoked. After exit configuration mode, user fails to enter configuration mode using "configure exclusive" with error: configuration database modified. PR1210942

  • When persist-groups-inheritance is configured and you issue a rollback, it will be seen that the configuration is not propagated properly after a commit. PR1214743


  • With MVPN and NSR enabled, high CPU on backup Routing Engine might be seen. MVPN on backup Routing Engine is re-queuing c-mcast events for flows as it is unable to find phantom routes from master routing-engine. However as routes is not reaching from master Routing Engine, so backup Routing Engine keeps trying causing high CPU triggered by rpd processing. PR1200867