Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Known Behavior


This section contains the known behavior, system maximums, and limitations in hardware and software in Junos OS Release 17.4R2 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • On MX Series routers with MS-MPC/MS-MIC, memory leaks will be seen with jnx_msp_jbuf_small_oc object, upon sending millions of Point-to-Point Tunneling Protocol control connections (3-5M) alone at higher cells per second (cps) (greater than 150K cps). This issue is not seen with up to 50,000 control connections at 10,000-30,000 cps. PR1087561

  • Source-prefix filtering and protocol filtering of the CGNAT sessions are incorrect. For example, the show services sessions extensive protocol udp source-prefix <0:7000::2> command displays incorrect filtering of the sessions. PR1179922

  • Chef for Junos OS supports additional resources to enable easier configuration of networking devices. These are available in the form of netdev-resources. The netdev-resource developed for interface configuration has a limitation to configure the XE interface. The netdev-interface resource determines that speed is a configurable parameter that is supported on a GE interface but not on an XE interface. Hence, the netdev-interface resource cannot be used to configure an XE interface due to this limitation. This limitation is applicable to packages chef-11.10.4_1.1.*.tgz chef-11.10.4_2.0_*.tgz in all platforms {i386/x86-32/powerpc}. PR1181475

  • In certain interface scaling scenarios, during configuration commit/rollback, you might see an fpcx error message. You can safely ignore this message because of the FPGA monitor mechanism on DPC cards for logical interface mapping (ifl_map). Between the deletion of a physical interface and the monitoring event, this mechanism checks through the stored logical interfaces. While the mechanism tries to find the family of a recently deleted logical interface that was not cleaned from the the ifl_map, harmless messages might populate the log file. PR1210877

  • There is no unified ISSU from Junos OS Release 15.1 and earlier releases to Junos OS Release 16.2R1. PR1222540

  • The Routing Engine shows it is using Spring LSP, but forwarding actually uses L-ISIS label. The problem is, when some route or next hop has been created by the app, it is assumed that it can propagate to the rest of the system. The KRT asynchronously picks up this state for propagation. There is no reverse indication to the app, if there was an error in propagating the state. The system is supposed to eventually reconcile. So, if SPRING-TE produces a pair that looks legal from the app standpoint, but KRT is not able to download it to the kernel, because kernel rejected the NH, the sort of gets stuck in RPD. In the meantime, the previous version of the route (L-ISIS in this case) that was downloaded still lingers in the kernel and the Packet Forwarding Engine. PR1253778

  • On MX104 routers, JTASK_SCHED_SLIP is seen on commit, randomly. PR1281016

  • At reboot the RHEL 7.3 servers report libvirtd[6282]: segfault at 10 ip 00007f87eab09bd0. There is no core file generated and no operational impact is known. PR1287808

  • When LLDP is configured on multihomed extended ports, the peer might have duplicate entries for a duration of the hold timer (default: 120 seconds) during catastrophic configuration events such as redundancy group ID change and redundancy group name change. The duplicate entry would be deleted after the LLDP hold timer expires on the peer. PR1291519

  • A race condition is observed on Ubuntu based external servers, G-ARP might not be sent from the jmgmt0 interface, resulting in loss of connectivity to management IP of JDM. PR1291836

  • This is a limitation/expected behavior for smart SFPs. When you insert a smart-sfp, it is observed that the link remains up for some time; for example, during smart SFP firmware initialization, the green LED on the transceiver glows green. PR1293522

  • The af interface bandwidth that is shown is based on the peer GNF's Packet Forwarding Engine type. The local FPC on the GNF could have a higher capacity for throughput than af interface’s statically configured bandwidth. Also, the fabric capacity of the Packet Forwarding Engine is slightly higher than that of WAN interface of same bandwidth. Since the fabric can accept more traffic, the af interface shows higher throughput rate than what the Packet Forwarding Engine is capable of. This is the expected behavior until the CoS shaping is supported on the interface. PR1295050

  • Rpd sends a KStat request to the kernel, every time the show dynamic-tunnels database command is processed. Because Kstat is an asynchronous call and the CLI is not blocked until rpd receives a response from the kernel, there might be a mismatch in statistics between the Packet Forwarding Engine and kernel for some time. Eventually the statistics will be updated in rpd, whenever the response for the last statistics request is received. These statistics will be reflected in the next show dynamic-tunnels database command. PR1297913

  • For CFP2-DCO-T-WDM-1 pluggable, Rx payload type shown incorrectly (shown 0 vs 7). PR1300423

  • The UDP setup rate for DetNat64 is approximately 10 percent lesser than the setup rate of stateful-nat64 for 15M sessions on a single NPU. DetNat64 needs extra processing while creating sessions and hence, it’s setup rate is 10 percent less than setup rate of stateful-nat64. PR1307451

  • Support for enterprise profile support is with only 10G interfaces. 40G & 100G may result in phase alignment issue. PR1310048

  • Parametrized (converged) HTTP redirect/rewrite services (CPCD) are not supported on MX104 routers with MS-MIC. Note that other flavors of CPCD continue to work fine with this combination, MX104 router with MS-MIC. PR1330340


  • Routing instances of type EVPN configured with a VLAN ID will advertise MAC (type 2) routes with the VLAN value in the Ethernet tag field of the MAC route. Advertising MAC routes with a nonzero VLAN is incompatible with the EVPN VLAN-based service type. To enable interoperability between a Junos OS routing instance of type EVPN and a remote EVPN device operating in VLAN-based mode, the Junos routing instance should be configured with vlan-id none so that the Ethernet tag in advertised MAC routes is set to zero. PR945247

  • A PE device running EVPN IRB with an IGP configured in a VRF associated with the EVPN instance will be unable to establish an IGP adjacency with a CE device attached to a remote PE device. The IGP instance running in the VRF on the PE might be able to discover the IGP instance running on the remote CE through broadcast or multicast traffic, but will be unable to send unicast traffic directly to the remote CE device. PR977945

  • In scaled up EVPN-VPWS configurations(approximately 8000 EVPN VPWS), during a Routing Engine switchover, the rpd scheduler slip messages might be seen. PR1225153

  • In an EVPN network with VXLAN encapsulation configured for direct-nexthop mode ("pure type 5" mode without overlay gateway addresses), at least one type 5 route per VRF from a remote endpoint must be received and installed in the local routing table of a device, to enable the local device to forward inbound type 5 traffic received from the remote endpoint. If the local device has not installed at least one route with a next hop pointing toward a specific remote endpoint, type 5 VXLAN-encapsulated IP traffic sent by the remote endpoint toward the local device will not be forwarded correctly. PR1305068

  • When changing encapsulation from VXLAN to MPLS or vice versa, you must deactivate and reactivate the instance. PR1326430

Interfaces and Chassis

  • In a node slicing context, issuing the command set chassis fpc slot-number power off on the base system (BSYS) powers off even those FPCs that are assigned to guest network functions (GNFs) in which unified in-service software upgrade (ISSU) is in progress.

    Learn more about Junos Node Slicing.

  • At JDM install time, each JDM instance generates pseudo random MAC addresses to be used for JDM's own management interface and for the associated GNFs' management interfaces. At GNF creation time, each GNF instance generates pseudo random MAC addresses to be used as the chassis MAC address pool for the forwarding interfaces of that GNF. Once generated, JDM and GNF MAC addresses are persistent, and will only be deleted when the JDM or GNF instance itself is deleted.

    At a GNF, the Junos OS CLI command show chassis mac-addresses can be used to examine its chassis MAC address pool, and the Junos OS CLI command show interfaces fxp0 can be used to examine the MAC address of its management interface.

    At JDM, the CLI command show interfaces jmgmt0 can be used to examine the MAC address of its management interface.

    In case of MAC address duplication across JDM or GNF instances, you must delete and then reinstall the respective JDM or GNF instance and check again for duplication.

Layer 2 Ethernet Services

  • Junos Fusion device supports Aggregate Interface with 16 member links. PR1300504


  • For an SR-TE path with "0" explicit NULL as inner most label, the SR-TE path does not get installed with label "0". PR1287354

Routing Protocols

  • The BGP NSR replication starts after some delay in certain cases. PR1256965

Services Applications

  • Session counters for cleartext traffic are not updated after decryption. Decrypted packet count can, however, be obtained by running the show security group-vpn member ipsec statistics command. PR1068094

  • Broadband-edge platforms do not support service-set integration with dynamic profiles when the service set is representing a carrier-grade NAT configuration. As a workaround, you can use next-hop service set configurations and routing options to steer traffic to a multiservices (ms) interface where NAT functionality can be exercised. The following configuration snippet shows the basics of statically configuring the multiservices interface next hop and a next-hop service set. Traffic on which the service is applied is forced to the interface inside the network by configuring that interface as the next hop. This configuration does not show other routing-options or NAT configurations relevant to your network.

    [See Configuring Service Sets to be Applied to Services Interfaces.]

Software Installation and Upgrade

  • Unified ISSU with active BBE subscribers using advanced services supported only to 17.4R2 and later 17.4 releases—If you have active broadband edge subscribers that are using advanced services, you cannot perform a successful unified in-service software upgrade (ISSU) to a Junos OS 17.4 release earlier than 17.4R2. If you perform an ISSU to a 17.4 release earlier than 17.4R2, the advanced services PCC rules are not attached to subscribers.

Subscriber Management and Services

  • The all option is not intended to be used as a means to perform a bulk logout of L2TP subscribers. We recommend that you do not use the all option with the clear services l2tp destination, clear services l2tp session, or clear services l2tp tunnel statements in a production environment. Instead of clearing all subscribers at once, consider clearing subscribers in smaller group, based on interface, tunnel, or destination end point.