Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Known Issues


This section lists the known issues in hardware and software in Junos OS Release 17.2R2 for MX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • In Junos OS Release 17.2R2, when a cascade port (CP) is configured, CoS resources are allocated to it and corresponding CoS parameters applied on extended ports are scaled. This is done irrespective of the cascade port. If a configured cascade port goes DOWN, nothing is done. PR1262320

  • In Junos OS 17.2R1 Release, egress rate limit at extended port does not work properly if you have rate limit configuration applied at extended port physical interface (IFD) level by traffic-control-profile-remaining and also at some of the extended port logical interface (IFL) by explicit traffic-control-profile in hierarchical-scheduler mode. PR1271719

Forwarding and Sampling

  • It is known that policing filter application to the LSP is catastrophic. Any active LSP carrying traffic when applied a policing filter tears down and resignals and drops traffic for approximately 2 seconds. In Junos OS Release 16.1R1, it would take up to 30 seconds for the LSP to come up if:

    1. Creation of the policing filter and application of the filter to the LSP through configuration occur in the same commit sequence.

    2. Load override of a configuration file that has a policing filter and a policing filter application to the LSP is followed by commit. PR1160669

  • In some stress test conditions, the sampled crashes and generates a core file when connecting to L2BSA and EVPN subscribers aggressively. PR1293237

General Routing

  • A PE device running EVPN IRB with an IGP configured in a VRF associated with the EVPN instance will be unable to establish an IGP adjacency with a CE device attached to a remote PE. The IGP instance running in the VRF on the PE might be able to discover the IGP instance running on the remote CE through broadcast or multicast traffic, but will be unable to send unicast traffic directly to the remote CE. PR977945

  • On MX Series routers with MS-MPC/MS-MIC, memory leak will be seen with jnx_msp_jbuf_small_oc object, upon sending millions of Point-to-Point Tunneling Protocol control connections (3-5M) alone at higher cells per second (cps) (> 150K cps). This issue is not seen up to 50,000 control connections at 10,000-30,000 cps. PR1087561

  • The Juniper Networks enhanced jdhcpd process might experience high CPU utilization, or crash and restart upon receipt of an invalid IPv6 UDP packet. Both high CPU utilization and repeated crashes of the jdhcpd process might result in a denial of service as DHCP service is interrupted. Refer to JSA10800 for further details. PR1119019

  • In an IPv6 sampling environment, when IPv6 routes flaps frequently due to a software defect, the Packet Forwarding Engine sometimes fails to insert or retrieve the sampling IPv6 route from radix node. So, the Packet Forwarding Engine might crash. This is a corner case; it is hard to reproduce. PR1179776

  • Chef for Junos OS supports additional resources to enable easier configuration of networking devices. These are available in the form of netdev-resources. The netdev-resource developed for interface configuration has a limitation to configuring the XE interface. Netdev-interface resource assumes that speed is a configurable parameter that is supported on a GE interface but not on an XE interface. Hence, netdev-interface resource cannot be used to configure an XE interface due to this limitation. This limitation is applicable to packages chef-11.10.4_1.1.*.tgz chef-11.10.4_2.0_*.tgz in all platforms {i386/x86-32/powerpc}. PR1181475

  • Junos OS might improperly bind Packet Forwarding Engine ukernel application sockets after a unified ISSU due to a bug in IP->TNP fallback logic. Because of that bug, threads running on the ukernel that relay on UDP sockets can experience connectivity issues with the host, which in turn can lead to various problems. For instance, simple network time protocol (SNTP) client might fail to synchronize time, which in turn might lead to other problems such as failure in adjacency formation for HMAC authenticated protocols. PR1188087

  • A few sessions are always dropped during session setup with IPsec; this is consistently seen with more than 1M sessions. PR1204566

  • Changing virtual switch type from IRB type to regular bridge, interfaces under openflow protocol get removed. Openflow daemon failed to program any flows. PR1234141

  • FPCs on MX960 platform might be stuck in offline state with FPC Incompatible with SCB due to delayed PEM-powerup. PR1235132

  • The CLI command show pfe statistics traffic displays 2^64 counter for packets output. show pfe statistics traffic fpc 5 Packet Forwarding Engine traffic statistics: Input packets: 779912402 575 pps Output packets: 18446744073709551615 0 pps <<<<<<< Packet Forwarding Engine local traffic statistics: Local packets input : 1401882 Local packets output : 924839 Software input control plane drops : 0 Software input high drops : 0 Software input medium drops : 0 Software input low drops : 0 Software output drops : 0 Hardware input drops : 0 . PR1253299

  • On MX Series router with XM chipset (for example, MPC3E/MPC4E/MPC5E/MPC6E/MPC2E-NG/MPC3E-NG), the MPC might reboot after a unified ISSU completion. PR1256145

  • Duplicate sensor resources are created when the difference is a trailing "/". PR1263446

  • Because of transient hardware error conditions, only syslog events XMCHIP(x) FI: Cell underflow at the state stage - Stream 0, Count 65535 are reported, which is a sign of a fabric stream wedge. Additional traffic flow register pointers are validated and if stalled a new CMERROR alarm is raised: XMCHIP(x) FI: Cell underflow errors with reorder engine pointers stalled - Stream 0, late_cell_value 65535, max_rdr_ptr 0x6a9, reorder_ptr 0x2ae. PR1264656

  • On a MX Virtual Chassis system in a scaled subscriber management scenario, when you perform a unified ISSU while protocol sessions are active, the protocols might go down and come back up again, which can cause traffic loss. PR1265407

  • If the dynamic VLAN profile does not have IFF configuration (for example, family PPPoE or family inet), but has firewall filter configuration, firewall filter indexes will not be released after the dynamic VLAN is removed. This eventually leads to depletion of available firewall filter indexes. PR1265973

  • Sometimes a l2cpd core file is generated when LLDP neighbors are cleared. PR1270180

  • Multifcast traffic when using iflsets in universal call admission control policy mode, does not work as expected in certain use cases and bbe-smgd might generate a core file. PR1278543

  • For incoming Layer 2 stream (traffic) the following events can occur:

    1. If smac(=irb mac) is learnt before the IRB logical interface is attached to VLAN, then the MAC continues to be present in SLU and DLU until age out.

    2. If the user sets the MAC on IRB logical interface, then the MAC continues to be present in SLU and DLU until age out.

    In both of these cases, the Packet Forwarding Engine software does not explicitly trigger to delete the smac, which is also seen in IRB’s MAC. Users have to clear the MAC from CLI under these circumstances. PR1291184

  • Junos OS releases with a fix for PR 1244375 (committed in: Junos OS Releases 15.1R5-S4, 16.1R4-S3, 16.1R5, and 17.3R1) with XM-based linecards (MPC3E/4E/5E/6E/2E-NG/3E-NG) might report DDR3 TEMP ALARM chassisd's error log message. Such errors are harmless and can be ignored. PR1293543

  • A memory leak is seen when set protocols mld XXX stanza is changed and committed. PR1297454

  • Intermittent core files are observed in instance scaling and auto-rd configuration when NSR is enabled. The core file is generated on the primary Routing Engine. PR1301986

High Availability (HA) and Resiliency

  • In a rare scenario, GRES might not reach the ready state and might fail to start, because the Routing Engine does not receive the state acknowledgement message from the Packet Forwarding Engine after performing GRES. This is a timing issue. It might also stop Routing Engine resource releasing and then cause resource exhausting. As a workaround, reboot the system if this problem occurs. PR1236882


  • When the configuration statement set system log-out-on-disconnect is enabled, Junos OS eventd process will block the console-open() but during this stage with syslog console configured (always logs on console), any logging will continue even if the console session is ended. While console logging is in wait state by eventd, syslog rotation freezes and some processes directly attached to logging in the system would also get into this waiting state, causing an undesirable behavior. PR1253544

Interfaces and Chassis

  • During configuration changes and reuse of virtual IP on an interface as an interface address, it is required that you delete the configuration, perform a commit, and then add the interface address configuration in the following commit. PR1191371

  • In a VPLS multihoming scenario, the CFM packets are forwarded over the standby PE link, resulting in duplicate packets or a loop between the active and standby link. PR1253542

  • When configuring an aggregate interface and after commit some log messages appear,. the MRU of aggregated Ethernet interface might reset to the default value (for example: 1522). The child links of aggregated Ethernet get reset to the default MRU. PR1261423

  • By default, in Junos OS, the minimum length of the CHAP challenge is 16 bytes, and the maximum length is 32 bytes. Without using the configuration statement challenge-length minimum XX maximum XX, MX Series routers do not initialize the default Chap Challenge-Length. PR1280263

  • Junos OS upgrade involving Junos OS Release 14.2R5 and later maintenance releases and Junos OS Release 16.1 and later main releases with CFM configuration can cause cfmd to generate a core file after upgrade. This is due to the old version of /var/db/cfm.db. PR1281073

Layer 2 Ethernet Services

  • When MSTP is configured under a routing-instance, both the primary and standby VPLS pseudowires get struck in ST state due to a bug in the software. That has been fixed and now the PW status is set correctly. PR1206106

  • After changing the underlying physical interface (IFD) for a static VLAN demux interface, the NAS-Port-ID formed is still based on the previous IFD. PR1255377

  • Whenever an MC aggregated Ethernet interface is deactivated or activated on an MC-LAG node, once the MC-AE interfaces are back up, the system clears neighbor discovery entries on the ICL, which triggers a neighbor discovery solicit and thereby neighbor discovery entries are learned on the MC aggregated Ethernet interface. As a workaround, clear neighbor discovery entries on the ICL whenever MC aggregated Ethernet interfaces have been deactivated or activated on MC-LAG nodes. PR1294958

Layer 2 Features

  • On routers running Junos OS with Routing Engine GRES enabled, if VPLS is configured with a dynamic profile association, some traffic loss would be observed when Routing Engine switches from master to standby. This is due to a change in underlying database that handles the dynamic profile sessions, which causes the VPLS connection to be destroyed and re-created after a Routing Engine switchover. PR1220171


  • RSVP signaled p2mp sub-LSP with atleast 1 or more sub-LSPs in a down state might not get reoptimized in the event of a transit core link going down. If there are no sub-LSPs in a down state at the time of re-optimization, then this issue is not seen. This can cause traffic drop over the sub-LSPs carrying traffic that are unable to get reoptimized. PR1174679

  • The routing protocol process (rpd) might stop running unexpectedly if a static MPLS LSP is moved from one routing instance to another routing instance in one single configuration change with one single commit. The routing protocol process (rpd) will need a manual restart with "restart routing". PR1238698

  • Because of current way of calculating BW, you see a minimal discrepancy between MPLS statistics and adjusted BW reported. The algorithm will be enhanced so that both values match 100%. PR1259500

  • When issuing the show mpls lsp extensive CLI command multiple times, you might notice the creation time has drifted by a second. PR1274612

  • The throughput measurement might be inaccurate when doing performance measurement on a MPLS label-switched path. PR1274822

  • Enabling explicit-null might block host-bound traffic that is incoming from LSP. PR1305523

Network Management and Monitoring

  • Symptom: MIB2D_RTSLIB_READ_FAILURE: rtslib_iflm_snmp_pointchange syslog message occurs during configuration restore. Cause: The mib-process sends requests to the kernel to update snmp ifIndex for the interfaces that it is learning. If any interface was already deleted from the kernel, the syslog message is generated. This interface learning by mib-process will happen later, once the kernel sends the ADD notification for these interfaces. There is no impact that caused this syslog message during the configuration restore scenario. PR1279488

Platform and Infrastructure

  • In configurations with IRB interfaces, during times of interface deletion, such as an FPC reboot, the Packet Forwarding Engine might log errors stating nh_ucast_change:291Referenced l2ifl not found. This condition should be transient, with the system reconverging on the expected state. PR1054798

  • Because of transient hardware events, fabric stream might report CPQ1: Queue underrun indication - Queue <q> continuously. For each such event, all fabric traffic is queued for the Packet Forwarding Engine reporting the error, resulting in a high amount of fabric drops. PR1265385

  • PR scenario: Scale used: 1000 bridge domains VSTP VRRP 300k BGP routes 20k PIM joins 120 Bridge domains among the 1000 bridge domains have XE/GE links towards downstream switch and LAG bundles as uplinks towards upstream routers. The XE/GE link is part of the physical loop in the topology. Spanning tree protocols such as VSTP/RSTP/MSTP is used for loop avoidance. Some MAC addresses are not learnt on DUT when LAG bundles part of such bridge domains are flapped along with other events such as spanning tree root bridge change. Impact: Traffic forwarding was not affected, but MAC learning is affected on some bridge domains. PR1275544

  • With ISSU, it is expected to see momentary traffic loss. In EVPN ETREE, in addition to traffic loss, the known unicast frames might be flooded for around 30 seconds during unified ISSU before all forwarding states are restored. This issue does not affect BUM traffic. As a workaround, Non-Stop Bridging (NSB) can be configured [set protocols layer2-control nonstop-bridging]. This reduces traffic flood to around 10 seconds in a moderate setup. PR1275621

  • This issue occurs in the following scenario: A router with service MS-DPC and data MPC cards running Junos OS 14.1 or later, with network services configured as enhanced IP, with an aggregated outgoing interface, and with members spread among two or more Packet Forwarding Engines. The traffic from MS-DPC will pin to one Packet Forwarding Engine of the outgoing aggregated Ethernet interface instead of load-balancing between all aggregated Ethernet Packet Forwarding Engines. PR1287086

  • While adding a new package to the router, you might see the following message: mgd: error: Could not open library: /usr/lib/render/libvccpd-render.tlv. This is cosmetic issue and does not affect anything. PR1289158

Routing Protocols

  • On MX Series routers, when an instance type is changed from VPLS to EVPN, and in the same commit, an interface is added to the EVPN instance, the newly added EVPN interface might not be able to come up. PR1016797

  • The routing protocol process (rpd) goes up to 100%, displaying the following output: {master} root@router> show system processes extensive | no-more last pid: 76128; load averages: 1.51, 1.46, 1.68 up 6+04:38:02 14:32:44 198 processes: 2 running, 195 sleeping, 1 waiting Mem: 1415M Active, 5284M Inact, 2441M Wired, 2088M Buf, 6752M Free Swap: 8192M Total, 8192M Free PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 10 root 4 155 ki31 0K 64K RUN 3 509.5H 304.10% idle 5207 root 4 20 0 3017M 2140M kqread 0 23.0H 100.00% rpd 4925 root 2 -26 r26 556M 47060K nanslp 1 511:02 5.08% chassisd 5185 root 1 20 0 698M 176M select 2 139:31 0.20% authd 5002 root 1 20 0 455M 7464K select 1 32:43 0.10% license-check 11 root 30 -72 - 0K 480K WAIT 255 888:28 0.00% intr 52981 root 1 35 15 459M 10360K select 1 469:19 0.00% sampled . From syslogs we can observe the following messages: Dec 7 03:36:56.615 2016 lab31 rpd[5474]: RPD_KRT_Q_RETRIES: route table add: Resource temporarily unavailable Dec 7 03:36:56.615 2016 lab31 rpd[5474]: RPD_SYSTEM: Get index for rt table failed: Resource temporarily unavailable Dec 7 03:36:56.615 2016 lab31 rpd[5474]: RPD_KRT_Q_RETRIES: route table add: Resource temporarily unavailable Dec 7 03:36:56.615 2016 lab31 rpd[5474]: RPD_SYSTEM: Get index for rt table failed: Resource temporarily unavailable Dec 7 03:36:56.615 2016 lab31 rpd[5474]: RPD_KRT_Q_RETRIES: route table add: Resource temporarily unavailable. PR1240273

  • The commit for PR 1252151 changed a behavior of the BGP monitoring protocol. Before that change, the BGP monitoring protocol session would send both peer down events as well as route withdrawals when peer monitoring was disabled thorough a configuration event. After that commit, only the peer down events are sent. PR1265783

  • When a route reflector is configured for optimal route reflection, it computes an interior gateway protocol SPF tree on behalf of a specified primary node. However, the route reflector does not run this computation when the primary node is configured for IS-IS overload, resulting in no benefit of configuring the route reflector with optimal route reflection. PR1274802

  • A few bidirectional forwarding detection (protocol) sessions are flapping while coming up after FPC restarts. This does not impact the system, because the flap is seen during the initial phase. This is due to a race condition in PPMAN code. PR1274941

Services Applications

  • Session counters for cleartext traffic are not updated after decryption. Decrypted packet count can however be obtained by running the following command: show security group-vpn member ipsec statistics . PR1068094

  • The Network Address Translation (NAT) auto-injected routes might fail to install when back-to-back commits with changes are made and service sets or NAT rules are performed. This issue happens with a unique configuration where thousands of routes are added by service PIC process (spd), which manages installation of NAT return routes and destination routes. PR1223729

  • Business services are activated and a Routing Engine switchover is performed. In this case, if you try to deactivate the business services (ESSM subscribers) by logging out the parent PPP session, the business services get stuck and result in terminating state. Business services that have LI applied are stuck, and the services not having LI are logged out successfully. PR1280074

Subscriber Access Management

  • Subscribers get stuck in terminated state during PPPoE login or logout test. PR1262219