Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for MX Series 5G Universal Routing Platform


These release notes accompany Junos OS Release 18.3R3 for the MX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at

New and Changed Features

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for the MX Series routers.

Release 18.3R3 New and Changed Features

  • There are no new features or enhancements to the existing features for MX Series routers in Junos OS Release 18.3R3.

Release 18.3R2 New and Changed Features


  • Control transport address used for targeted-LDP session (MX Series)—Currently, only the router-ID or interface address is used as the LDP transport address. Starting in Junos OS Release 18.3R2, you can configure any other IP address as the transport address of targeted LDP sessions, session-groups, and interfaces. This new configuration is applicable only for configured LDP neighbors that have Layer 2 circuit, MPLS, and VPLS adjacencies.

    This feature is beneficial when you have multiple loopback interface addresses, and different IGPs associated with LDP interfaces, and you can control the session established between targeted LDP neighbors with the configured transport address.

    [See Control Transport Address Used for Targeted-LDP Session.]

Network Management and Monitoring

  • New major alarms on MX Series routers with MPC1 and MPC2—Starting in Junos OS Release 18.3R2, on MX Series routers with MPC1 and MPC2 line cards, a major chassis alarm is raised when the following transient hardware errors occur:

    • CPQ Sram parity error

    • CPQ RLDRAM double bit ECC error

    In the Description column of show chassis alarm outputs, these errors are described as 'FPC <slot number> Major Errors'. See an example below:

    user@host> show chassis alarms

    By default, these errors result in the Packet Forwarding Engine interfaces on the FPC being disabled. You can use the show chassis fpc errors command to view the default or user-configured action that resulted from the error.

    You can check the syslog messages to know more about the errors. See the following examples:

    To resolve the error, restart the line card. If the error is still not resolved, open a support case using the Case Manager link at or call 1-888-314-JTAC (within the United States) or 1-408-745-9500 (from outside the United States).

Routing Protocols

  • Support for creating IS-IS topology independent LFA for prefix-SIDs learned from LDP mapping server—Starting in Junos OS Release 18.3R2, you can configure a point of local repair to create a topology independent loop-free alternate backup path for prefix-SIDs derived from LDP mapping server advertisements in an IS-IS network. In a network configured with segment routing, IS-IS uses the LDP mapping server advertisements to derive prefix-SIDs. LDP Mapping server advertisements for IPv6 are currently not supported.

    To attach flags to LDP mapping server advertisements, include the attached statement at the [edit routing-options source-packet-routing mapping-server-entry mapping-server-name] hierarchy level.

Release 18.3R1 New and Changed Features


  • Support for JNP-SFP-10G-BX10D and JNP-SFP-10G-BX10U transceivers (MX80, MX104, MX240, MX480, and MX960 with MIC-MACSEC-20GE)—Starting in Junos OS Release 18.3R1, the MX80, MX104, MX240, MX480, and MX960 installed with the MIC-MACSEC-20GE support the JNP-SFP-10G-BX10D and the JNP-SFP-10G-BX10U transceivers. The JNP-SFP-10G-BX10D and JNP-SFP-10G-BX10U transceivers are for single SMF bidirectional applications. A JNP-SFP-10G-BX10D transceiver should always be connected to a JNP-SFP-10G-BX10U transceiver with a single SMF. The operating link distance is up to 10 km. With a single LC receptacle, the JNP-SFP-10G-BX10D transmits a 1330 nm wavelength signal and receives a 1270 nm signal, whereas the JNP-SFP-10G-BX10U transmits a 1270 nm wavelength signal and receives a 1330 nm signal.

    [See the Hardware Compatibility Tool.]

  • Support for 10-Gbps ports to operate at 1-Gbps speed (MX204 and MX10003)—Starting in Junos OS Release 18.3R1, you can use the Mellanox 10-Gbps pluggable adapter (QSFP+ to SFP+ adapter or QSA; model number: MAM1Q00A-QSA) to convert 4 lane-based ports to a single lane-based SFP+ port. The QSA adapter has the QSFP+ form factor with a receptacle for the SFP+ module. Use the QSA adapter to convert a 40-Gbps port to a 10-Gbps or a 1-Gbps port.

    • The interface name prefix must be xe.

    • On the MX10003 router, the MACsec MIC does not provide 1-Gbps speed.

    • On MX204 and MX10003 routers, rate selectability at PIC level and port level does not support 1-Gbps speed.

    To configure an interface to operate in the 1-Gbps mode, use the set interfaces xe-0/1/0 gigether-options speed 1g command at the [edit] hierarchy level.

    [See MX10003 MPC Rate-Selectability Overview and MX204 Router Rate-Selectability Overview.]

  • New MIC-MACSEC-20GE (MX80, MX104, MX240, MX480, and MX960)—Starting with Junos OS Release 18.3R1, MIC-MACSEC-20G is supported on MX80, MX104, MX240, MX480, and MX960 routers. The MIC has 20 SFP ports supporting 20 SFP pluggable optics modules operating in 1-Gbps mode or two SFP+ ports supporting 2 SFP+ pluggable optics modules operating in 10-Gbps mode. The MIC enables resiliency support and MACsec capability on 1-Gbps and 10-Gbps ports on MX80, MX104 and on the MPC1, MPC2, MPC3, MPC2E, MPC3E, MPC2E-NG, and MPC3E-NG line cards of MX240, MX480 and MX960 routers. The resiliency support includes software support to handle hardware failures of various components of the MIC.

    [See Gigabit Ethernet MIC with 256b-AES MACsec].

    • FPCs in the MX240, MX480, MX960 routers and the FEB in the MX80 and MX104 routers undergo an automatic bounce or a reboot when the speed toggles between 1-Gbps and 10-Gbps.

    • Rate selectability is supported at the PIC level and not at the port level.

    • When the MIC is operating in the 10-Gbps mode, all the other 1-Gbps ports are disabled.

  • QFX-SFP-1GE-T—Starting with Junos OS Release 18.3R1, the QFX-SFP-1GE-T transceiver is supported on the SFP+ ports on MX204 routers. When using the QFX-SFP-1GE-T transceiver, keep the following limitations in mind:

    • Speed values less than 1 Gbps are not supported.

    • Configuring the speed as speed 1G is required and the no-auto-negotiation option is not supported. By default, auto-negotiation is enabled.

    • Link aggregation group (LAG) and timing (1588/SyncE) features are not supported.

      See the [Hardware Compatibility Tool]

Authentication, Authorization, and Accounting

  • Support for password change policy enhancement (MX Series)—Starting in Junos OS Release 18.3R1, the Junos password change policy for local user accounts is enhanced to comply with certain additional password policies. As part of the policy improvement, you can configure the following:

    • minimum-character-changes—The number of characters by which the new password should be different from the existing password.

    • minimum-reuse—The number of older passwords, which should not match the new password.

    See password

  • MD5 is not supported as an authentication encryption mechanism (MX Series)—Starting with Junos OS Release 18.3R1, the md5 option at the [edit system login password] hierarchy level for user authentication is not supported. However, the sha1, sha256, and sha512 options are supported.


    Before Junos OS upgrade, if the device configuration contains usernames whose plain text passwords are MD5 encrypted, after upgrade of Junos OS, users can still log in with the same username and plain text password.


  • NSR and unified ISSU support for point-to-multipoint LSP for EVPN provider tunnel (MX Series and vMX)—Starting in Junos OS Release 18.3R1, Junos OS provides nonstop routing (NSR) and unified ISSU support for point-to-multipoint (P2MP) inclusive provider tunnels. This ensures that broadcast, unknown unicast, and multicast (BUM) packets continue after a Routing Engine switchover occurs when NSR is enabled.


    Unified ISSU is not supported on the vMX routers.

    [See Understanding P2MPs LSP for the EVPN Inclusive Provider Tunnel.]

  • Support for mLDP P2MP tunnels with EVPN for BUM traffic (MX Series and vMX)—Starting in Junos OS Release 18.3R1, Junos OS provides the ability to configure and signal a P2MP LSP for the EVPN Inclusive Provider Tunnel for BUM traffic. The P2MP LSP manages efficient core bandwidth utilization as it uses multicast replication only at the required nodes instead of ingress replication at the ingress PE device. The new configuration is added to enable P2MP tunnels for EVPN at the [edit routing-instances routing-instance-name provider-tunnel] hierarchy level.

    [See Understanding P2MPs LSP for the EVPN Inclusive Provider Tunnel.]

  • EVPN P2MP bud router support (MX Series and vMX)—Starting in Junos OS Release 18.3R1, Junos OS supports configuring a point-to-multipoint (P2MP) label-switched path (LSP) as a provider tunnel on a bud router. The bud router functions both as an egress router and a transit router.

    To enable a bud router to support P2MP LSP, include the evpn p2mp-bud-support statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level.

    [See Configuring Bud Node Support.]

  • Support for pseudowire termination at an EVPN (MX Series)—Starting in Junos OS Release 18.3R1, Junos OS supports port-based and VLAN-based pseudowire that terminates at an EVPN on a single-homed PE device. The pseudowire tunnel originates on an aggregation node, carrying VLAN traffic from different access nodes and supports packets with no VLAN tags, as well as packets with single VLAN tags and dual VLAN tags.

    [See Overview of Psuedowire in EVPN.]

  • Connectivity fault management support for MIP in an EVPN with ETREE and ELAN Services and up MEP in EVPN with ETREE services (MX Series)—Starting with Junos OS Release 18.3R1, Junos OS supports maintenance association intermediate point (MIP) in an EVPN with ELAN and EVPN ETREE services and connectivity fault management (CFM) up maintenance association end points (MEPs) on attachment circuits (ACs) in an EVPN with ETREE services. This feature also supports Ethernet loopback and Ethernet linktrace for a MEP and delay measurement and synthetic loss measurement for performance monitoring between two MEPs. Monitoring is only supported between a leaf and root node or between two root nodes in an EVPN with ETREE services.

    [See Connectivity Fault Management Support for EVPN.]

  • Support for pseudowire termination at an EVPN using RLT (MX Series)—Starting in Junos OS Release 18.3R1, you can configure a pseudowire tunnel termination at an EVPN using a redundant logical tunnel (RLT). The RLT provides redundancy to the pseudowire tunnel with two logical interfaces, where only one interface is active at any given time. The active and standby logical interface provides redundancy in case of FPC failure.

    [See Overview of Psuedowire in EVPN.]

Forwarding and Sampling

  • Improved hash computation for IPv6 and multiservice flows (MX Series routers with Trio MPCs)—Starting in Junos OS Release 18.3R1, to improve load balancing in certain cases, the default behavior for calculating the enhanced-hash-key at the [forwarding-options enhanced-hash-key family inet6] hierarchy level now includes the flow-label field. This hash is used when choosing an ECMP path where there is an aggregate interface.

    Likewise, for forwarding-options enhanced-hash-key family multiservice, the default calculation now includes the payload field. To revert to the previous method, specify no-payload, or no-flow-label, in the intended hierarchy.

    [See family multiservice.]

High Availability and Resiliency

Interfaces and Chassis

  • Support for flexible tunnel interfaces (MX Series)—Starting in Junos OS Release 18.3R1, a new type of interface, called flexible tunnel interface (FTI), is supported on MX Series routers. FTIs support Layer 3 point-to-point tunnels. These tunnels use Virtual Extensible LAN (VXLAN) encapsulation with a Layer 2 pseudo-header. To configure FTIs on your device and to enable multiple encapsulations on the FTIs, use the vxlan-gpe parameter under the mandatory tunnel-endpoint vxlan encapsulation at the [edit interfaces interface-name unit logical-unit-number tunnel encapsulation] hierarchy level.

  • Support for PTP over Ethernet and hybrid mode over link aggregation group (MX240, MX480, MX960, MX2010, MX2020)—Starting in Junos OS Release 18.3R1, the MPC7E, MPCE8E, and MPC9E line cards support Precision Time Protocol (PTP) over Ethernet and hybrid mode over a link aggregation group (LAG).

    Link aggregation is a mechanism of combining multiple physical links into a single virtual link to achieve linear increase in bandwidth and to provide redundancy in case a link fails. The virtual link is referred to as an aggregated Ethernet interface or a LAG.

    [See Precision Time Protocol Overview.]

  • Support for MIC-MACSEC-20GE (MX80, MX104, MX240, MX480, and MX960)—Starting in Junos OS Release 18.3R1, MIC-MACSEC-20GE, a Media Access Control Security (MACsec)-enabled MIC, is supported on MX80 and MX104 routers and on the MPC1, MPC2, MPC3, MPC2E, MPC3E, MPC2E-NG, and MPC3E-NG MPCs on the MX240, MX480, and MX960 routers. On this MIC, you can configure either twenty 1-Gigabit Ethernet ports or two 10-Gigabit Ethernet ports that support SFP transceivers.

    The 1-Gigabit Ethernet and 10-Gigabit Ethernet port types on MIC-MACSEC-20GE support both 256-bit AES encryption as well as 128-bit AES encryption.

    [See Multi-Rate Ethernet MIC.]

  • Support for SSD upgrade on backup Routing Engines(MX Series)—Starting in Junos OS Release 18.3R1, you can upgrade the SSD firmware on the backup Routing Engines, RE-S-X6-64G and RE-MX2K-X8-64G Routing Engines, without switching mastership. In releases before Junos OS Release 18.3R1, SSD upgrade is only supported on the master Routing Engine and, to upgrade firmware on the backup Routing Engine, you must switch mastership by using the request chassis routing-engine master switch command and then log in to the backup Routing Engine.

    [See Upgrading the SSD Firmware on Routing Engines with VM Host Support.]

  • BGP Monitoring Protocol can run in a non-default management instance (MX Series)—Starting in Junos OS Release 18.3R1, the BGP Monitoring Protocol (BMP) can send monitoring packets to BMP monitoring stations that are reachable through a VRF. This feature can be used with the management-instance configuration statement to create the routing instance mgmt-junos for BMP to move through. Previously, BMP could only send monitoring packets to a BMP monitoring station that could be looked up using the default (inet.0 or inet6.0) routing table.

    [See Configuring BGP Monitoring Protocol to Run Over a Different Routing Instance.]


  • ARP and neighbor discovery command enhancements (MX Series)—Starting with Junos OS Release 18.3R1, enhancements are made to ARP and neighbor discovery command summaries. ARP and Neighbor Discovery protocol (NDP) are used to resolve next hop entries and to maintain next-hop entries in ARP and ND cache.

    The following enhancements are made to the show arp, show ipv6 neighbors, and clear ipv6 neighbors commands:


    These command summaries have the existing parameters along with the additional parameters.

    [See show arp, show ipv6 neighbors, and clear ipv6 neighbors.]

Junos Telemetry Interface

  • Support for the Junos Telemetry Interface (ACX6360, MX Series, and PTX Series)—Starting with Junos OS Release 18.3R1, Junos Telemetry Interface support is available for the ACX6360 Universal Metro Router and MX Series and PTX Series routers with a CFP2-DCO optics module that provides a high-density, long-haul optical transport network (OTN) transport solution with MACsec capability.

    You can provision sensors to export telemetry data to an outside collector.

    The following native (UDP) and gRPC sensors can be provisioned for ET (100-Gigabit Ethernet) interfaces and OT interfaces:

    • /junos/system/linecard/optical

    • /junos/system/linecard/otn

    To provision the sensor to export data through gRPC, use the telemetry Subcribe RPC to specify telemetry parameters. For streaming through UDP, all parameters are configured at the [edit services analytics] hierarchy level. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module.

    [See sensor (Junos Telemetry Interface), Configuring a Junos Telemetry Interface Sensor (CLI Procedure), and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • RPM and TWAMP statistics sensor support for Junos Telemetry Interface (JTI) (MX Series)—Starting with Junos OS Release 18.3R1, you can export Two-Way Active Management Protocol (TWAMP) and real-time performance monitoring (RPM) statistics. TWAMP (described in RFC 5357) and RPM are two methods to measure traffic performance between endpoints. These methods work by sending active probe packets and measuring parameters such as packet loss, delay, and jitter between the endpoints. These statistics provide RPM and TWAMP monitoring data results collected by Juniper devices. You can use this information to ensure service level agreements, improve network design, and optimize traffic engineering.

    Export TWAMP and RPM statistics through JTI using gRPC streaming. The following resource paths are supported:

    • /junos/rpm/probe-results/probe-test-results/

    • /junos/rpm/history-results/history-single-test-results/

    • /junos/rpm/server/active-servers/

    • /junos/twamp/client/control-connection/

    • /junos/twamp/client/probe-test-results/

    • /junos/twamp/client/history-test-result/

    • /junos/twamp/server/control-connection/

    To provision the sensor to export data through remote procedure call (gRPC) streaming, use the telemetrySubscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module.

    Beginning in Junos OS Release 18.2X75-D10, OpenConfig and Network Agent packages are bundled into the Junos image by default. OpenConfig can be found as a default package named junos-openconfig, and Network Agent content exists in the Junos as a daemon through the na-telemetry package. The OpenConfig package can still be installed as an add-on package on top of the default package if you want to upgrade OpenConfig without upgrading Junos OS.

    [See Configuring a Junos Telemetry Interface Sensor (CLI Procedure) and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • Expanded physical interface queue and traffic statistics sensors for Junos Telemetry Interface (JTI) (PTX, MX, EX, QFX, ACX)—Starting with Junos OS Release 18.3R1, additional resource paths are added to stream physical (IFD) statistics.

    Prior to Junos OS Release 18.3R1, both traffic and queue statistics for physical interfaces (IFD) are sent out together using the resource path /interfaces for gRPC streaming (which is internally used to create /junos/system/linecard/interface/) or /junos/system/linecard/interface/ for UDP (native) sensors.

    Now, traffic and queue statistics can be delivered separately. Doing so can reduce the reap time for non-queue data for platforms supporting Virtual Output Queues (VOQ).

    The following UDP resource paths can be configured:

    • /junos/system/linecard/interface/ is the existing resource path (no change). Traffic and queue statistics are sent together.

    • /junos/system/linecard/interface/traffic/ exports all fields except queue statistics.

    • /junos/system/linecard/interface/queue/ exports queue statistics.

    The gRPC resource path /interfaces now has the following behavior:

    • In releases prior to Junos OS 18.3R1, it delivers all IFD traffic and queue statistics. In Junos OS 18.3R1 and higher, it delivers statistics in two sensors:

      • /junos/system/linecard/interface/traffic/ exports all fields except queue statistics.

      • /junos/system/linecard/interface/queue/ exports queue statistics.

    To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC to specify telemetry parameters. For streaming through UDP, all parameters are configured at the [edit services analytics] hierarchy level. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).

    [See sensor (Junos Telemetry Interface), Configuring a Junos Telemetry Interface Sensor (CLI Procedure), and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

    For exporting statistics using UDP native sensors, configure parameters at the [edit services analytics] hierarchy level.

  • Expanded ON_CHANGE support for LLDP telemetry data through Junos Telemetry Interface (JTI) (MX Series)—Starting with Junos OS Release 18.3R1, OpenConfig support through remote procedure calls (gRPC) and JTI is expanded to support additional ON_CHANGE support for LLDP telemetry sensors. Periodical streaming of OpenConfig operational states and counters collects information at regular intervals. ON_CHANGE support streams operational states as events (only when there is a change), and is preferred over periodic streaming for time-sensitive missions.

    When you create a subscription using a top-level container as the resource path (for example, /lldp), a leaf under the resource path /lldp with ON_CHANGE support is automatically streamed based on events. If a leaf under the resource path does not have ON_CHANGE support, it will not be streamed.

    These paths, previously supporting periodical streaming only, now also support ON_CHANGE streaming:

    • /lldp/state/enabled

    • /lldp/state/chassis-id

    • /lldp/state/chassis-id-type

    • /lldp/state/system-name

    • /lldp/state/system-description

    • /lldp/state/hello-timer

    • /lldp/interfaces/interface/state/name

    • /lldp/interfaces/interface/state/enabled

    • /lldp/interfaces/interface/neighbors/neighbor/state/chassis-id

    • /lldp/interfaces/interface/neighbors/neighbor/state/chassis-id-type

    • /lldp/interfaces/interface/neighbors/neighbor/state/port-id

    • /lldp/interfaces/interface/neighbors/neighbor/state/port-id-type

    • /lldp/interfaces/interface/neighbors/neighbor/state/port-description

    • /lldp/interfaces/interface/neighbors/neighbor/state/system-name

    • /lldp/interfaces/interface/neighbors/neighbor/state/system-description

    • /lldp/interfaces/interface/neighbors/neighbor/state/management-address

    • /lldp/interfaces/interface/neighbors/neighbor/state/management-address-type

    • /lldp/interfaces/interface/neighbors/neighbor/capabilities

    These resource paths from the preceding list do not change with an event, but will be streamed on creation and deletion:

    • /lldp/interfaces/interface/neighbors/neighbor/state/chassis-id

    • /lldp/interfaces/interface/neighbors/neighbor/state/chassis-id-type

    • /lldp/interfaces/interface/neighbors/neighbor/state/system-name

    Before events are streamed, there is an initial stream of states to the collector, followed by an END_OF_INITIAL_SYNC. This notice signals the start of event streaming.

    To provision the sensor to export data through gRPC streaming, use the telemetry Subscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module.

    Beginning in Junos OS Release 18.2X75-D10, OpenConfig and Network Agent packages are bundled into the Junos image by default. OpenConfig can be found as a default package named junos-openconfig, and Network Agent content exists in the Junos as a daemon through the na-telemetry package. The OpenConfig package can still be installed as an add-on package on top of the default package if you want to upgrade OpenConfig without upgrading Junos OS.

    [See Configuring a Junos Telemetry Interface Sensor (CLI Procedure) and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • BGP and statically configured SR-TE traffic statistics sensor support for Junos Telemetry Interface (JTI) (MX Series and PTX Series)—Starting with Junos OS Release 18.3R1, you can export traffic statistics for both ingress IP traffic and transit MPLS traffic that take Segment Routing Traffic Engineering (SR-TE) paths. This feature provides support for BGP [DRAFT-SRTE] and statically configured SR-TE policies at ingress routers.

    Export JTI statistics using either gRPC streaming or UDP native sensors. The following resource paths are supported.

    For UDP native sensors:

    • /junos/services/segment-routing/traffic-engineering/ingress/usage/

    • /junos/services/segment-routing/traffic-engineering/transit/usage/

    For gRPC streaming:

    • /mpls/signaling-protocols/segment-routing/

    For exporting statistics using UDP native sensors, configure parameters at the [edit services analytics] hierarchy level.

    To provision the sensor to export data through gRPC streaming, use the telemetry Subscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires you to download the OpenConfig for Junos OS module.

    For both export methods, you also must specify that these statistics be collected. To do this, configure collection at the [edit protocols source-packet-routing telemetry statistics] hierarchy level.

    [See sensor, source-packet-routing, and Guidelines for gRPC Sensors (Junos Telemetry Interface).


  • Support of pseudowire headend termination for L3VPN and MVPN (MX Series)—Starting in Junos OS Release 18.3R1, the support for pseudowire subscriber service interface over redundant logical tunnels is introduced in Layer 3 VPNs and draft-rosen multicast VPNs. Earlier, Layer 3 VPNs provided support for pseudowire subscriber services over logical tunnel interfaces only, and these interfaces used unicast routing protocols, such as OSPF and BGP. This feature introduces provisioning of a multicast routing protocol, Protocol Independent Multicast (PIM), on the pseudowire subscriber interfaces, which gets terminated on the virtual routing and forwarding (VRF) routing instance.

    With this feature, you can enable pseudowire subscriber interfaces for inet, inet6, dual inet, and inet6 stack families, and benefit from the additional resiliency support because of the increase in pseudowire logical interface devices scaling numbers.

    [See Pseudowire Subscriber Logical Interfaces Overview.]


  • Persistent designated-router status for last-hop routers (MX Series)—Starting in Junos OS Release 18.3R1, you can configure a designated router to persist according to your design criteria rather than according to the results of the default designated-router election logic by setting the stickydr CLI command.

    Use stickydr to prevent traffic loss, for example, in situations where the designated router election may result in unintended changes after an interface-down event or device upgrade.

    To enable designated-router persistence on a configured LAN, enable stickydr on all last-hop routers in the LAN, as shown in the following example:

    [See stickydr. ]

Network Management and Monitoring

  • Customized MIBs for sending custom traps based on syslog events (MX Series)—Starting in Junos OS Release 18.3R1, there is a process whereby customers can define their own MIBs for trap notifications. The customized MIB maps a particular error message with a custom OID rather than a generic one. Juniper Networks provides two new MIB roots reserved for customer MIBs, one for the custom MIB modules and the other for the trap notifications. For this process, you must convert the MIB to YANG format, and a tool is available for that.

    [See Customized SNMP MIBs for Syslog Traps.]

  • Support over aggregated Ethernet interfaces added for SNMP CoS MIB for interface-sets queue counters (MX Series)—Starting in Junos OS Release 18.3R1, Junos OS supports SNMP reporting of queue statistics for static interface-sets configured over Aggregate Ethernet (AE) interfaces.

    [See show snmp mib and SNMP MIB Explorer.]

Restoration Procedures Failure

  • Device recovery mode introduced in Junos OS with upgraded FreeBSD (MX Series)—Starting in Junos OS Release 18.3R1, for devices running Junos OS with upgraded FreeBSD, provided you have saved a rescue configuration on the device, there is an automatic device recovery mode that goes into action should the system go into amnesiac mode. The new process is for the system to automatically retry to boot with the saved rescue configuration. In this circumstance, the system displays a banner "Device is in recovery mode” in the CLI (in both the operational and configuration modes). Previously, there was no automatic process to recover from amnesiac mode. A user with load and commit permission had to log in using the console and fix the issue in the configuration before the system would reboot.

    [See Saving a Rescue Configuration File.]

Routing Protocols

  • IPv4 over IPv6 tunnel scaling per chassis by increasing number of line cards—Starting in Junos OS Release 18.3R1, you can configure BGP to tunnel the IPv4 unicast routes along with IPv6 nexthop.

  • Junos OS, OpenConfig, and Network Agent packages are delivered in a single TAR file (MX Series)—Starting in Junos OS Release 18.3R1, the Junos OS image includes the OpenConfig package and Network Agent; therefore, you do not need to install OpenConfig or Network Agent separately on your device.

    [See Installing the OpenConfig Package, and Installing the Agent Network Package.]

  • IS-IS overloading stub networks (MX Series)—Starting in Junos OS Release 18.3R1, new configuration options external-prefixes, and internal-prefixes are available at the [edit protocols isis overload] hierarchy level to control overload of internal prefixes, external prefixes or both internal and external prefixes according to network requirements. The user can choose not to receive any traffic for internal and external prefixes advertised by the overloaded IS-IS routers unless the router is the only node in the network that hosts the prefix. In previous Junos OS releases, overloaded IS-IS routers continued to receive traffic for prefixes even if the user did not want to receive traffic for directly attached prefixes.

    [See Configuring IS-IS Prefix Overload .]


  • Support for configuring MACsec EAPoL destination address (MX Series)—Starting in Junos OS Release 18.3R1, you can configure an Extensible Authentication Protocol over LAN (EAPoL) destination MAC address by including the eapol-address (pae | provider-bridge | lldp-multicast) statement at the [set security macsec connectivity-association connectivity-association-name mka] hierarchy level.

    To establish a MACsec session, MACsec Key Agreement PDUs are sent or received between nodes. These PDUs are EAPoL packets and, by default, their destination MAC address is the EAPoL multicast address 01:80:C2:00:00:03. If the nodes are connected through a provider network, they might consume these multicast packets or drop them depending on their configuration. To overcome this issue, configure the EAPoL address for PAE, provider-bridge, and LLDP multicast by using the aforementioned configuration.

    [See mka (MX Series).]

  • Support for AES-256 MACsec encryption (MX80, MX104, MX240, MX480, and MX960)—Starting in Junos OS Release 18.3R1, the MIC-MACSEC-20G MIC provides 256-bit MACsec encryption on MX80, MX104, MX240, MX480, and MX960 routers. This MIC supports MACsec on twenty 1-Gigabit Ethernet SFP ports and on two 10-Gigabit Ethernet SFP+ ports in the following hardware configurations:

    • Installed directly on the MX80 and MX104 routers

    • Installed on MPC1, MPC2, MPC3, MPC2E, MPC3E, MPC2E-NG, and MPC3E-NG line cards on the MX240, MX480, and MX960

Service Applications

  • Support for filtering DNS requests for blacklisted website domains (MX Series with MS-MPCs)—Starting in Junos OS Release 18.3R1, you can configure DNS filtering to identify DNS requests for blacklisted website domains.

    For DNS request types A, AAAA, MX, CNAME, TXT, SRV, and ANY, you also configure the action to take for a DNS request for a blacklisted domain. You can either:

    • Block access to the website by sending the client a DNS response corresponding to the DNS request type with the IP address or fully qualified domain name (FQDN) of a DNS sinkhole server. This ensures that the client sends further traffic for the blacklisted domain to the sinkhole server.

    • Log the request and allow access.

    For other DNS request types for a blacklisted domain, the request is logged and access is allowed.

    [See Filtering DNS Requests for Blacklisted Website Domains.]

  • MX Series Virtual Chassis NAT support (MX240, MX480, and MX960 routers with MS-MPCs and MS-MICs)—Starting in Junos OS Release 18.3R1, you can configure a two-member MX Series Virtual Chassis to use IPv4-to-IPv4 basic network address translation (NAT), dynamic NAT, static destination NAT, dynamic NAT with port mapping, and stateful NAT64. A two-member MX Series Virtual Chassis configuration supports a maximum of four MS-MPCs and four MS-MICs per Virtual Chassis.

    [See Protocols and Applications Supported by the MS-MIC and MS-MPC.]

Software-Defined Networking

  • Support for PCE-initiated point-to-multipoint LSPs (MX Series)—Starting in Junos OS Release 18.3R1, the Path Computation Element Protocol (PCEP) functionality is extended to allow a stateful PCE to initiate, provision, and modify point-to-multipoint traffic engineering LSPs through a PCC.

    Currently, Junos OS supports only point-to-point PCE-initiated LSPs. With the introduction of point-to-multipoint PCE-initiated LSPs, a PCE can initiate and provision a point-to-multipoint LSP dynamically without the need for local LSP configuration on the PCC. The PCE can also control the timing and sequence of the point-to-multipoint path computations within and across (PCEP) sessions, thereby creating a dynamic network that is centrally controlled and deployed.

    [See Understanding Path Computation Element Protocol for MPLS RSVP-TE with Support for PCE-Initiated Point-to-Multipoint LSPs.]

  • Support for Junos Node Slicing (MX2008 routers)—Starting with Junos OS Release 18.3R1, Junos Node Slicing is supported on MX2008 routers. Junos Node Slicing allows a single MX Series router to be partitioned to appear as multiple, independent routers. Each partition has its own Junos OS control plane, which runs as a virtual machine (VM), and a dedicated set of line cards. Each partition is called a guest network function (GNF). In the node slicing setup, the MX Series router functions as the base system (BSYS).

    [See Junos Node Slicing Overview.]

  • Abstracted Fabric Interface Support for Junos Node Slicing (MX Series Routers with MPC5E and MPC6E)—Junos Node Slicing supports Abstracted Fabric (AF) interface, a pseudo interface that facilitates routing control and management traffic between guest network functions (GNFs) via the switch fabric. An AF interface is created on a GNF to communicate with its peer GNF when the two GNFs are configured to be connected to each other. The bandwidth of the AF interfaces changes based on the insertion or reachability of the remote line card or MPC. Starting in Junos OS Release 18.3R1, GNFs support the following AF-capable MPCs as well:

    • MPC5E (MPC5E-40G10G, MPC5EQ-40G10G, MPC5E-40G100G, MPC5EQ-40G100G)

    • MPC6E (MX2K-MPC6E)

    See [Abstracted Fabric (AF) Interface.]

  • Support for transmit load-balancing statistics on abstracted fabric interface (MX Series)—Starting in Junos OS Release 18.3R1, Junos Node Slicing supports transmit load-balancing statistics on abstracted fabric (AF) interfaces. The show interfaces af-interface-name output provides transmit statistics of each Packet Forwarding Engine peer list on a given AF interface, in addition to the physical interface statistics. The output displays information such as residual transmit statistics, fabric queue statistics, and residual fabric queue statistics.

    [See show interfaces (Abstracted Fabric).]

  • Support for non-root users in JDM for Junos Node Slicing—Starting in Junos OS Release 18.3R1, Juniper Device Manager (JDM) for Junos Node Slicing supports configuration of non-root users. A JDM root user can create non-root users in the JDM by using the set system login user username class class command. The non-root users can interact with JDM; orchestrate and manage the GNFs; and monitor the state of the JDM, host server, and the GNFs by using the existing JDM CLIs.

    [See Configuring Non-Root Users in JDM (Junos Node Slicing).]

  • Support for OpenDaylight controller (Nitrogen) (MX Series) —Starting with Junos OS Release 18.3R1, MX Series routers support the Nitrogen release version of the OpenDaylight (ODL) controller. The ODL controller, also known as ODL platform, provides a southbound Network Configuration Protocol (NETCONF) connector API, which uses NETCONF and YANG models to interact with a network device. You can use the ODL controller to carry out configuration changes in MX Series routers, and provision and orchestrate the routers. The ODL controller provides an open-source platform for network programmability aimed at enhancing software-defined networking (SDN).

    [See Configuring Interoperability Between MX Series Routers and OpenDaylight.]

Subscriber Management and Services

  • DHCPv6 subscriber class differentiation with the DHCPv6-Options VSA (26-207) (MX Series)—Starting in Junos OS Release 18.3R1, you can use VSA 26-207 to differentiate between different classes of subscribers during DHCPv6 relay authentication. Configure your RADIUS server to include the following information in DHCPv6 Option 17:

    • Juniper Networks enterprise number, 2636


    You set a different value for suboption 5 for each class. The VSA conveys this Option 17 information in the Access-Accept message RADIUS returns during DHCPv6 subscriber authentication. The DHCPv6 relay agent extracts the Option 17 information and passes the information to the DHCPv6 local server in the Relay-Forward header.

    In earlier releases, only the DHCP local server supports VSA 26-207; only suboption 1 (hostname) and suboption 4 (location) are supported.

    [See Exchange of DHCPv4 and DHCPv6 Parameters with the RADIUS Server Overview.]

  • Support for per-subscriber application-aware policy control (MX Series routers with Junos Node Slicing)—Starting in Junos OS Release 18.3R1, Junos Node Slicing supports per-subscriber application-aware policy control. With this support, the Multiservices MPCs and Multiservices MICs on the routers configured with Junos Node Slicing provide per-subscriber policy control based on Layer 7 application identification information for the IP flow (for example, YouTube) or Layer 3 and Layer 4 information for the IP flow (for example, the source and destination IP address). Subscriber application-aware policy actions can include:

    • Redirecting HTTP traffic to another URL or IP address

    • Steering with a routing instance

    • Setting the forwarding class

    • Setting the maximum bit rate

    • Setting the gating status to blocked or allowed

    • Setting the allowed burst size

    • Logging data for subscriber application-aware data sessions and sending that data in an IP Flow Information Export (IPFIX) format to an external log collector, using UDP-based transport.

    [See Understanding Application-Aware Policy Control for Subscriber Management.]

  • Support for remote device service management (MX Series)—Starting in Junos OS Release 18.3R1, a new service type is supported on BNGs, remote-device-services. The new remote device services manager (RDSM) provisions and deprovisions services on remote devices that are managed as logical extensions to the BNG. Remote devices are subscriber-facing devices such as OLTs, DSLAMs, and other access nodes. The BNG acts as a proxy server for the remote devices for service configuration. To external management and provisioning (PCRF, RADIUS) systems, the BNG together with its remote devices acts as a single addressable network element. A dynamic service profile is applied by the external authority by reference during subscriber provisioning to initiate service actions on the remote devices.

    [See Remote Device Services Manager (RDSM) Overview.]

  • Enhancements to static subscriber usernames and interface support (MX Series)—Starting in Junos OS Release 18.3R1, the following enhancements are added for subscribers on static interfaces:

    • You can include outer and inner VLAN tags from the static interface in the global or group usernames.

    • You can specify any single character as the delimiter between username elements.

    • Pseudowire interfaces over logical tunnels are supported for static subscribers, which enables full subscriber management equivalent to dynamic subscribers for statically provisioned subscribers whose traffic is transported over IP/MPLS access models (PS/LT).

      The maximum logical unit number range for pseudowire static interfaces is increased from 16,385 to 1,073,741,823.

    [See Configuring the Static Subscriber Global Username and Configuring the Static Subscriber Group Username.]

  • Support for IPFIX mediation on the BNG (MX Series)—Starting in Junos OS Release 18.3R1, you can configure a BNG to act as an intermediary device between IPFIX exporters and collectors, while having the functions of both. The IPFIX mediator function collects performance management data via IPFIX records from downstream access network devices such as OLTs and advanced ONUs. This data along with local performance management data from the MX BNG is aggregated and relayed to an upstream IPFIX collector. From the reference point of the IPFIX collector, IPFIX mediation enables the router and its associated access network devices to appear as a single IPFIX export source leveraging a single TCP/IP connection between the MX BNG and the upstream collector.

    [See IPFIX Mediation on the BNG.]

  • Support for TCP port forwarding (MX Series)—Starting in Junos OS Release 18.3R1, TCP port forwarding enables a BNG to mediate communication between its connected access nodes and service provider back-office systems, such as external management and provisioning systems (leveraging NETCONF XML management protocol) and TACACS+ servers. The BNG and its downstream access nodes are presented to back-office systems as a single addressable network element. Communication requests to and from access nodes are redirected from one address and port number combination to another while packets traverse the MX Series router. You configure unique combinations of listening ports and listening addresses on the BNG. TCP connections are triggered when traffic from acceptable prefixes arrives on the listening port and matching listening address.

    [See TCP Port Forwarding for Remote Device Management.]

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 18.3R3 for MX Series routers.

Class of Service (CoS)

  • Junos commit notification of unsupported configuration—Junos OS does not support changing the hierarchical-scheduler mode of a logical tunnel interface, or redundant logical tunnel interface, if an active pseudowire subscriber interface is attached to it. A commit error has now been added to provide the notification.


  • Support for an VNI of zero—Starting with Junos OS Release 18.3R2, Junos supports using a VXLAN Network Identifier (VNI)=0 when configuring a bridge domain or vlan in an EVPN-VXLAN network.

  • Changes in encoding the ESI label field (MX Series)—Starting in 18.3R2, Junos OS switched from using lower-order bits to higher-order bits in encoding the ESI label field. This results in BUM traffic loss and duplication in traffic. If you encounter this, and you wish to use a mix of Junos OS releases, you must include the es-label-oldstyle statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy on the device that is running the Junos OS release that supports higher-order bit encoding of the ESI label.

General Routing

  • Zero MAC address (00:00:00:00:00:00) treated as "my mac" (MX-Series)—When an Ethernet packet arrives in ingress, pre-classifier engine will perform a lookup of MAC address. If the MAC address matches an entry in the pre-classifier Ternary Content Addressable Memory (TCAM) and the entry has “my mac” attribute, pre-classifier engine will set the “my mac” bit in the cookie prepended to the incoming packet. In current implementation, MAC address “00:00:00:00:00:00” (zero MAC) is programmed as default value for “my mac” TCAM entries when the pre-allocated entries are not used or configured. Hence the packets with zero MAC are marked as “my mac” in the packet cookie. Forwarding engine will check “my mac” bit in the packet cookie. If “my mac” bit is 0, the packet will be dropped. If “my mac” bit is 1, further L2, L3, MPLS lookup will be performed. The “my mac” behavior is applicable since the day one release.

  • User confirmation prompt for configuring the sub-options of request vmhost commands (MX Series and PTX series)—While configuring the following request vmhost commands, the CLI now prompts you to confirm a [yes,no] for the sub-options also.

    • request vmhost reboot

    • request vmhost poweroff

    • request vmhost halt

    In previous releases, the confirmation prompt was available for only the main options.

  • Root XML tag change for show rsvp pop-and-forward | display xml command (MX480)—We’ve changed the root XML tag for the show rsvp pop-and-forward | display xml command to rsvp-pop-and-fwd-information to make it consistent with the XML tag convention. In earlier releases, the command output displays rsvp-pop-and-fwd-info XML tag. Update the scripts with the rsvp-pop-and-fwd-info XML tag to reflect the new rsvp-pop-and-fwd-information XML tag.

    [See Junos XML API Explorer - Operational Tags.]


  • Change in support for interface-transmit-statistics statement (MX Series)—You cannot configure aggregated Ethernet interfaces to capture and report the actual transmitted load statistics by using the interface-transmit-statistics statement. Aggregated Ethernet interfaces do not support reporting of the transmitted load statistics. The interface-transmit-statistics statement is not supported in the aggregated Ethernet interfaces hierarchy. In earlier releases, the interface-transmit-statistics statement was available in the aggregated Ethernet interfaces hierarchy but not supported.

Interfaces and Chassis

  • Error thrown when router configuration updated on live system—In Junos OS Release 18.3R1, on MX Series routers with the RE-S-X6-64G and RE-MX2K-X8-64G Routing Engines, when the user changes the router configuration on a live system, or when the user deletes an interface that has active traffic, the message select: protocol failure in circuit setup is randomly displayed. However, there is no known functional impact.

  • In MX204 routers, the error messages are logged when vlan-tagging for a trunk interface that is not configured. These error messages were previously logged with severity level “critical” even though they were not critical enough to require immediate action. The maximum transmission unit (MTU) of interface with or without VLAN-tagging is now logged in as the informational error message (instead of critical error message).

  • IRB not supported on Pseudowire Subscriber (PS) Logical Interface in bridge-domain (MX Series)—In Junos OS Releases 18.3R2, integrated routing and bridging (IRB) is not supported on Pseudowire Subscriber (PS) logical Interface. Hence you cannot add IRB to bridge domain with PS interface, that is, you cannot configure IRB and PS interface in the same bridge domain.

    Note that adding IRB to a bridge-domain having Pseudowire Subscriber (PS) Logical Interface causes kernel crash and continuous reboot of the router until the configuration is rolled back.


    IRB is not supported on PS only in bridge-domain.

    [See bridge-domain.]

  • Support for MAP-E encapsulation and decapsulation on Inline Service Interfaces (MX2010)—In Junos OS Releases 18.2R3 and 18.3R2 the MX2010 routers support encapsulation and decapsulation of the following ICMP message types for inline service (si) interfaces:

    • Time Exceeded (type 11)

    • Destination unreachable (type 3)

    • Source quench (type 4)

    • Parameter problem (type 12)

    • Address mask request and Address mask reply (type 17 and type 18)

    • Redirect (type 5)

  • New XML tag element <lacp-hold-up-state> added in show lacp interfaces XML display (MX Series)—In Junos OS Release 18.3R2, the show lacp interfaces | display xml command displays a new XML tag element <lacp-hold-up-state>. The <lacp-hold-up-state> displays the time interval an interface holds before it changes from state, down to up. In earlier Junos OS releases, the LACP hold up the information for all interfaces were in a single <lacp-hold-up-information> XML tag. Now, for each interface it is displayed in a separate <lacp-hold-up-information> XML tag.

  • Enhancement to the show interfaces mc-ae extensive command—You can now view additional LACP information about the LACP partner system ID when you run the show interfaces mc-ae extensive command. The output now displays the following two additional fields:

    • Local Partner System ID—LACP partner system ID as seen by the local node.

    • Peer Partner System ID—LACP partner system ID as seen by the MC-AE peer node.

    Previously, the show interfaces mc-ae extensive command did not display these additional fields.

Junos OS XML, API, and Scripting

  • MD5 and SHA-1 hashing algorithms are no longer supported for script checksums (MX Series)—Starting in Junos OS Release 18.3R1, Junos OS does not support configuring an MD5 or SHA-1 checksum hash to verify the integrity of local commit, event, op, SNMP, or Juniper Extension Toolkit (JET) scripts or support using an MD5 or SHA-1 checksum hash with the op url url key option to verify the integrity of remote op scripts.


  • When the no-interface-hello statement is configured under the [edit protocols rsvp] hierarchy, and there is no interface-specific configuration for the hello interval, the show rsvp interface detail command output displayed the default HelloInterval of 9 seconds.

    Starting in Junos OS Release 18.3R1, with a similar configuration, the HelloInterval output field displays 0 as the hello interval.

  • Change in get-pm-mpls-lsp-information tag—Starting in Junos OS Release 18.3R1, the show performance-monitoring mpls lsp command output in the YANG module is changed to match the root XML tag for get-pm-mpls-lsp-information. The tag change is from performance-monitor-mpls-lsp-information to pm-information.

  • Change in get-egress-protection-information tag—Starting in Junos OS Release 18.3R1, the show mpls egress-protection command output in the YANG module is changed to match the root XML tag for get-egress-protection-information. The tag change is from egress-protection-information to ep-operational-information.

  • Bandwidth allocation—For a label-swtiched path (LSP) that has both bandwidth and minimum-bandwidth for autobandwidth configured under the [edit protocols mpls label-switched-path lsp-name] hierarchy level, the LSP bandwidth is adjusted differently.

    The LSP is initiated with the bandwidth value configured under the bandwidth statement at the [edit protocols mpls label-switched-path lsp-name] hierarchy level. At the expiry of the adjust-interval timer, the LSP bandwidth gets adjusted based on the traffic flow.

    If the bandwidth to be signaled is less than the value configured under the minimum-bandwidth statement at the [edit protocols mpls label-switched-path lsp-name autobandwidth] hierarchy level, then the LSP is signaled only using the minimum bandwidth.

    If the bandwidth to be signaled is greater than the value configured under the maximum-bandwidth statement at the [edit protocols mpls label-switched-path lsp-name autobandwidth] hierarchy level, then the LSP is signaled only using the maximum bandwidth.

  • Change in command syntax—Starting in Junos OS Release 18.3R1, the show ldp database label-requests command name is changed to show ldp database-label-requests with no change to command functionality.

  • Previously, when you configured zero (0) as the bandwidth of an RSVP interface, the bandwidth value was overwritten with the default interface bandwidth (raw hardware bandwidth), leading to unexpected behavior in the LSP setup. Starting with Junos OS Release 18.3R2, when you configure zero as the bandwidth, 0 is applied as the RSVP bandwidth.

    [See bandwidth (Protocols RSVP).]

  • Loss of traffic over bypass MPLS LSPs—If RSVP link or node protection is enabled along with global RSVP authentication, there is loss of traffic over bypass MPLS LSPs at the time of local repair, when the point of local repair (PLR) and the merge point devices have different versions of the Junos OS software installed on them. That is, one device is running a release prior to Junos OS Release 16.1, and the other device is running a release starting with Junos OS Release 16.1R4-S12.

  • New debug statistics counter (MX Series)—The show system statistics mpls command has a new output field, called Packets dropped, over p2mp composite nexthop, to record the packet drops over composite point-to-multipoint next hops.

Network Management and Monitoring

  • Junos OS does not support management of YANG packages in configuration mode (MX Series)—Starting in Junos OS Release 18.3R1, adding, deleting, or updating YANG packages using the run command in configuration mode is not supported.

  • The NETCONF server omits warnings in RPC replies when the rfc-compliant statement is configured and the operation returns <ok/> (MX Series)—Starting in Junos OS Release 18.3R2, when you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level to enforce certain behaviors by the NETCONF server, if the server reply after a successful operation includes both an <ok/> element and one or more <rpc-error> elements with a severity level of warning, the warnings are omitted. In earlier releases, or when the rfc-compliant statement is not configured, the NETCONF server might issue an RPC reply that includes both an <rpc-error> element with a severity level of warning and an <ok/> element.

  • Change in severity level of XQSS errors (MX Series)—Starting in Junos OS Release 18.3R2, on MX series routers with the MPC7E-10G, MPC7E-MRATE, MPC8E, and MPC9E line cards, the severity level of the following errors have been changed from Fatal to Major.



    With this change, the above errors no more cause the entire FPC to go offline by default. Instead, these errors cause the affected Packet Forwarding Engine (PFE) to be disabled, as disable-pfe is the default action associated with Major errors on MX series routers.

    Additionally, the severity level of the correctable error XQSS_CMERROR_CORRECTABLE_MEM_ERR has been changed from Fatal to Minor.

    You can use the commands show chassis errors active detail fpc-slot slot and show chassis fpc errors slot to view more details of, and the default actions associated with, these errors.

    [See show chassis fpc errors.]

Platform and Infrastructure

  • NTP Boot Server configuration (MX204, MX960, MX10003, MX10002, MX10016, MX10000, MX480, MX104, MX10008, MX240, MX2010, MXTSR80, MX80, MX2008, MX150, and MX2020)— Use set ntp server address command to set the correct time when we boot the router instead of boot-server address.

    [See Synchronizing and Coordinating Time Distribution Using NTP.]

Routing Protocols

  • IS-IS adjacency SID routes retained only when backup path is available—Starting in Junos OS Release 18.3R1, when an IS-IS link flaps the adjacency SID routes are retained in the RIB, (also known as the routing table) and the FIB, (also known as the forwarding table) only if a backup path is available. In earlier Junos OS releases, adjacency SID routes were retained in the RIB and FIB even when a backup path was not available.

  • Change in the default behavior of advertise-from-main-vpn-tables configuration statement—BGP now advertises EVPN routes from the main bgp.evpn .0 table. You can no longer configure BGP to advertise the EVPN routes from the routing instance table. In earlier Junos OS Releases, BGP advertised EVPN routes from the routing instance table by default.

    [See advertise-from-main-vpn-tables].


  • Syslog updated when configuring XPN cipher suite on a non-xpn supported interface (MX Series Routers)—In Junos OS Release 18.3R1, on MX Series Routers, if you attempt to configure XPN cipher suite (gcm-aes-xpn-128 or gcm-aes-xpn-256) for a connectivity association and attach the connectivity association to an interface on the PIC that does not support XPN cipher suite, then during runtime, a syslog is logged as below (and default non-xpn cipher suite is used):

    macsec_ciphersuite_is_supported MACSec: ifd ifd_id (ifd_name), Cipher suite cipher id (cipher name) NOT SUPPORTED.

Services Applications

  • Change in error message displayed while fragmenting or de-fragmenting IPv6 GRE tunnel interface (MX Series routers)—In Junos OS Release 18.3R2, on a IPv6 GRE tunnel interface, when you enable fragmentation using the allow-fragmentation command or disable fragmentation using the do-not-fragment command, the following error message is displayed:

    Fragmentation for V6 tunnels is not supported

    In earlier Junos OS releases, the following message was displayed:

    dcd_config_ifl_tunnel:Fragmentation for V6 tunnels is notsupported

  • Support for host generated traffic on a GRE over GRE tunnel (MX Series)—In Junos OS Release 18.3R2, you can send host generated traffic on a GRE over GRE tunnel. However, when path maximum transmission unit (PMTU) is updated for the outer GRE tunnel, MTU for inner GRE tunnel is not corrected.

  • New syslog message displayed during NAT port allocation error (MX Series Routers with MS MPC)—With address pooling paired (APP) enabled, an internal host is mapped to a particular NAT pool address. In case, all the ports under a NAT pool address are exhausted, further port allocation requests from the internal host results in a port allocation failure. The following new syslog message is displayed during such conditions:


    This syslog message is generated only once per NAT pool address.

  • Change in NAT port block syslog message display(MX Series Routers)—When you configure a softwire prefix other than 128, all the JSERVICES_NAT_PORT_BLOCK logs now displays the prefixed B4 address. The following JSERVICES_NAT_PORT_BLOCK are modified:




    In earlier releases of Junos OS, when a softwire prefix was configured, some of the B4 addresses displayed in the JSERVICES_NAT_PORT_BLOCK log were /128 addresses(irrespective of the configured prefix). This change is not observed when the softwire prefix is not configured.

Software Installation and Upgrade

  • ZTP is supported on MX PPC platforms (MX Series)—As of Junos OS Release 18.3R1, zero touch provisioning (ZTP) is supported on MX PPC platforms (which are MX5, MX10, MX40, MX80, and MX104 routers). Before the fix, the ZTP process did not start to load image and configuration for MX PPC routers.

    [See Junos OS Installation Package Names.]

Subscriber Management and Services

  • DHCPv6 lease renewal for separate IA renew requests (MX Series)—Starting in Junos OS Release 18.3R1, the jdhcpd process handles the second renew request differently in the situation where the DHCPv6 client CPE device does both of the following:

    • Initiates negotiation for both the IA_NA and IA_PD address types in a single solicit message.

    • Sends separate lease renew requests for the IA_NA and the IA_PD and the renew requests are received back-to-back.

    The new behavior is as follows:

    1. When the reply is received for the first renew request, if a renew request is pending for the second address type, the client stays in the renewing state, the lease is extended for the first IA, and the client entry is updated.

    2. When the reply is received for the second renew request, the lease is extended for the second IA and the client entry is updated again.

    In earlier releases:

    1. The client transitions to the bound state instead of staying in the renewing state. The lease is extended for the first IA and the client entry is updated.

    2. When the reply is received for the second renew request, the lease is not renewed for the second address type and the reply is forwarded to the client. Consequently, when that lease ages out, the binding for that address type is cleared, the access route is removed, and subsequent traffic is dropped for that address or address prefix.

    [See Using DHCPv6 IA_NA with DHCPv6 Prefix Delegation Overview.]

  • Disabling a pseudowire underlying interface (MX Series)—Starting in Junos OS Release 18.3R1, you cannot disable the underlying logical tunnel (lt) interface or redundant logical tunnel (rlt) interface when a pseudowire is anchored on that interface. If you want to disable the underlying interface, you must first deactivate the pseudowire.

    [See Configuring a Pseudowire Subscriber Logical Interface Device.]

  • Bandwidth options match for inline services and tunnel services (MX Series)—Starting in Junos OS Release 18.3R1, you can configure the same bandwidth options for inline services with the bandwidth statement at the [edit chassis fpc slot-number pic number inline-services hierarchy level as you can configure for tunnel services with the bandwidth statement at the [edit chassis fpc slot-number pic number tunnel-services] hierarchy level.

    [See bandwidth (Inline Services) and bandwidth (Tunnel Services)]

  • ICMP error message rate limit increased (MX Series)—Starting in Junos OS Release 18.3R2, the maximum rate limit for generating ICMP messages for IPv4 and IPv6 packet errors is increased from 50 pps to 1000 pps. The rate limit applies only to non-ttl-expired packets.

  • Subscribers allowed to log in with bad framed route (MX Series)—Starting in Junos OS Release 18.3R2, users are allowed to log in if the framed route received from RADIUS is bad; for example, if the format is incorrect. In earlier releases, the subscriber is not allowed to log in. For customers that use multiple framed routes, the new behavior enables the subscriber to have partial access to the network using the routes that are accepted instead of not being allowed any access.

  • Out-of-address SNMP trap requires thresholds to be configured (MX Series)—Starting in Junos OS Release 18.3R2, the behavior has changed for generating an out-of-address SNMP trap for an address pool configured at the [edit access address-assignment] or [edit routing-instance name address-assignment] hierarchy levels. You must now configure both the high-utilization and abated-utilization thresholds. When the number of assigned addresses surpasses the high-utilization threshold, a high-utilization trap is generated. If all the addresses are assigned from the pool, an out-of-address trap is generated and an out-of-address syslog message is sent.

    In earlier releases, an out-of-address trap is generated when the address pool is exhausted, regardless of whether the thresholds are configured.

    If the number of assigned addresses subsequently drops below the abated-utilization threshold, an abate-high-utilization trap is generated; this behavior is unchanged.

  • XML output format change for test aaa type user commands (MX Series)—Starting in Junos OS Release 18.3R3, the XML output format changes for the test aaa authd-lite user, test aaa dhcp user, and test aaa ppp user commands. Each RADIUS server attribute name has an associated attribute value. Each of these pairs is now enclosed by the <radius-server-data> tag. The new tag makes it easier to recognize the name/value pairs, both for operators and API clients. You may have to change any scripts that use the XML output to work properly with the new format.

    [See AAA Testing and Troubleshooting.]

  • Enhancement to commands to display reason for Routing Engine disconnect (MX Series)—Starting in Junos OS Release 18.3R3, several commands display the reason when the master and standby Routing Engines disconnect because of a memory mismatch error. On a chassis with two Routing Engines, a DRAM size mismatch error can result when both of the following are true:

    • The Routing Engines have different amounts of DRAM.

    • A 64-bit Junos OS image is loaded on the chassis.

    You can avoid this problem by doing either of the following:

    • Ensure that both Routing Engines have the same amount of DRAM.

    • Load a 32-bit image.

    The show database-replication summary and show system subscriber-management summary commands display the DRAM mismatch as the reason in the Disconnection field. The request chassis routing-engine master switch check command displays an error message if the DRAM size is different for the two Routing Engines.


  • Output of show l2vpn connections extensive command in XML—Starting in Junos OS Release 18.3R1, the output for show l2vpn connections extensive | display xml will correctly display the output in XML.

Known Behavior

This section contains the known behavior, system maximums, and limitations in hardware and software in Junos OS Release 18.3R3 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Forwarding and Sampling

  • There is an interface for a direct route starting in ifdown condition. The remote side is then brought up, so I/F goes to ifup. Since it is a direct route, rpd does not install the route or nexthop. It receives that information from the kernel, and just updates a nexthop in rpd local storage. route and nexthop for the interface are taken care of in the kernel. There is no route change in rpd. route_record depends on route flash to find out about updates. Since there is no route change, there is no route flash, so route_record is blissfully unaware. In order to change this, we would need to decide that we want a route flash for this case. Currently, for direct and local routes / nexthops, these are "don't care" in rpd, as far as route updates go. We just update our nexthop info, without marking for any other notifications. A complication for the solution is a change that was done for PR 1002287, where if the NOTINSTALL flag is set, do not send the update to srrd. That flag is set for direct and local routes. Incidentally, this is day-one operation. If the interface is up at startup, it should work correctly. FIB table can provide OIF/GW only. SRC_MASK, DST_MASK, SRC_AS and DST_AS are not available in PFE FIB Table. So SRRD connection is required. Listening to both SRRD and FIB table, and consolidating information will complicate implementation. Scanning entire FIB Table just for the few such routes will have performance impact and will complicate present implementation. This is day 1 implementation for SRRD/Sampled. There are two possible workarounds:

    1) Have the far end interface up when the DUT interface is brought up. In the case where that is not happening, a recovery would be to disable the DUT interface, then enable it again. At that point, everything should be initially brought up in the state we are looking for.

    2) Enable the nexthop-learning command. Please refer to the documentation for information on this command. PR1224105

  • For Junos OS Releases 18.4R1 and 18.3R2, if IPv4 prefix is added on a prefix-list referred by IPv6 firewall filter then the log message Prefix-List [Block-Host] in Filter [Protect_V6] not having any relevant prefixes , Match [from prefix-list Block-Host] might be optimized will not be seen. PR1395923

High Availability and Resiliency

  • MX Series Virtual Chassis configurations cannot use unified ISSU to upgrade from Junos OS Release 18.2R1 to 18.3R1.

  • If a MX10003 router is plugged in with SFP/SFP+ via a QSA adapter, then the unified ISSU will not function.

  • MX Series routers with MPC7E MPCs installed cannot use the unified ISSU to upgrade to Junos OS Release 18.3R1.

General Routing

  • When some route or next hop has been created by the application, it is assumed that it can propagate to the rest of the system. KRT asynchronously picks up this state for propagation. There is no reverse indication to the application, if there was an error in propagating the state. The system is supposed to eventually reconcile. So, if SPRING-TE produces a <route, NH> pair that looks legal from the app standpoint, but KRT is not able to download it to the kernel, because the kernel rejected the next hop, the <route, NH> gets stuck in rpd. In the meantime, the previous version of the route (L-ISIS in this case) that was downloaded still lingers in the kernel and Packet Forwarding Engine. PR1253778

  • CFM is not supported for L2-over-GRE tunnel. CCM can pass through as transit traffic through GRE interfaces transparently using data path. Link trace functionality uses MAC-learning and re-injecting LTM on GRE interface in case the bridge is configured with CFM. This is not a supported feature. PR1275833

  • On MX104 JTASK_SCHED_SLIP is seen on commit randomly. PR1281016

  • Support for enterprise profile is only provided for 10-Gigabit Ethernet interfaces. Use of 40-Gigabit Ethernet and 100-Gigabit Ethernet interfaces might result in a phase alignment issue. PR1310048

  • The input int field of the MPLS version 4 data records reports the SNMP index value of the LSI interface instead of the ingress physical interface. PR1312047

  • When cmerror disables Packet Forwarding Engine, it does not power off the EA and HMC chips. The periodic continues monitoring the temperature on HMC and other devices. If the temperature is overheated, the system can take proper actions, such as increase the fan speed or shut down the systems. The periodic calls hmc_eri_config_access() to get temperature readings. It is expected to get ERI timeout continuously in this case. PR1324070

  • Hardware watchdog does not work on QFX10008 and QFX10002-60C/PTX10002-60C. PR1343131

  • The Routing Engine boots from the secondary disk when you a) press the reset button, on the RCB front panel, while Routing Engine is booting up but before Junos OS is up b) upgrade software, by booting from the network using the request vmhost reboot network command, and the system fails to boot from the network c) upgrade BIOS and the upgrade fails d) reboot and the system hangs before the Junos OS is up. PR1344342

  • First packet pertaining to J-Flow Packet Forwarding Engine sensor in UDP mode is missing after line card reboot on PORTER-R platform. PR1344755

  • After disabling the laser for CWDM optics, optics diagnostics will not report o/p power low and laser current low alarm/warnings. PR1349258

  • FPC bounce is required for a mode change from 1-Gigabit to 10-Gigabit PIC speed or vice versa to take effect on the MIC-MACSEC-20G. PR1373400

  • Port-level speed configuration is not supported for 10 Gbps mode on the 2x 10Gigabit Ethernet SFPP / 20x Gigabit Ethernet SFP MACsec MIC: Only the pic-mode configuration under the set chassis fpc <x> pic <a> pic-mode is to be used to set the PICs in 10-Gigabit speed. PR1373473

  • The MIC-MACSEC-20G supports 10 G speed via the set chassis fpc x pic y pic-mode 10G configuration applied to both the PICs in that MIC. Any other PIC mode configuration should be removed and then the 10G PIC mode configuration is to be applied. PR1374680

  • The 10 Gbps speed-capable ports of the MIC-MACSEC-20G MIC might show the link status as up while the peer side might remain down. PR1382024

  • IDS aggregate configuration knob will not be considered for the installation of the IDS dynamic filter. PR1395316

  • Junos OS has a limitation that the ARP/NDP state and the associated kernel routes (destination routes) will not be cleared if the ARP/NDP-created next hop has references from RPD. This might impair the clearing of ARP/NDP state via clear commands or interface down when host routes are added to the FIB. As a result, it is recommended that a FIB policy be configured to reject host routes before enabling host-route-generation. PR1415400

  • Rpd maintains nexthops in a database. Routes from different protocols point to these nexthops. When a route needs to be added to forwarding-table, RPD installs the nexthop and gets a nexthop-index for the installed next hop. The route is installed to the forwarding-table with this next-hop index. Note that in RPD next-hop installation to forwarding-table is need-based that is, when the first route using the nexthop needs to be installed to the forwarding-table, the nexthop is installed. Each nexthop maintains a counter (reference-count) to track its usage by various applications. A nexthop that was installed in the forwarding-table is deleted when there are no users for this next hop, in other words, reference-counts reaches 0. Only when reference-count of a nexthop reaches 0, the nexthop will be deleted from kernel. Due to this logic, there might be a situation where a nexthop remains in forwarding-table even if there are no users of that nexthop in the forwarding-table. For example, A nexthop NH1 was installed in the forwarding-table as part of installation of route R1. Later route R1 becomes inactive in RIB or is blocked by the forwarding policy. However, route R1 still exists in the routing table and still points to the nexthop NH1 that is, there are still users of next hop NH1 in rpd and is still referred. So this nexthop does not get deleted from the forwarding table. PR1415935

  • HQoS configuration on ps interface anchored to logical-tunnel fails to commit with the following error: [edit class-of-service interfaces ps0 unit 10] output-traffic-control-profile cannot configure traffic control profile (pic has no CoS queuing) error: configuration check-out failed. PR1429927

  • DCD errors are seen with scaled interface configuration when interfaces are deleted and added. This is because of the fact that the Packet Forwarding Engine is slower compared to Junos OS kernel. Hardware resources stops for a brief time. Once the Packet Forwarding Engine is able to program the entries, Junos OS kernel pushes the configuration once again and the state is restored in Packet Forwarding Engine. PR1433659

  • Sampling applications like port-mirror and inline J-Flow are not supported on VPLS tunnel interfaces in ingress direction where ingress packets are sent to the IRB interface for routing. Configuration of sampling application on VPLS tunnel interfaces in such scenario causes packets to get dropped in ingress direction. PR1444849

  • PPTP ALG does not work with destination-nat dnat-44 in Junos OS Release 18.3R3. PR1460027

Interfaces and Chassis

  • Previously, the same IP address could be configured on different logical interfaces from different physical interfaces in the same routing instance (including the master routing instance), but only one logical interface is assigned with the identical address after commit. There is no warning during the commit, only syslog messages indicating an incorrect configuration. PR1221993

  • If you configure 64K bridge-domains, with each BD having 2 IFLs and 1 irb interface, you might run into heap memory exhaustion as this requires more than the supported memory on the FPC. As a workaround, configure interfaces in the trunk mode that allow all 4000 vlans, reducing the need to configure IFLs for each BD. The trunk ports are configured in the default instance or for each routing-instance. PR1348363

  • At JDM install time, each JDM instance generates pseudo random MAC addresses to be used for JDM's own management interface and for the associated GNFs' management interfaces. At GNF creation time, each GNF instance generates pseudo random MAC addresses to be used as the chassis MAC address pool for the forwarding interfaces of that GNF. Once generated, JDM and GNF MAC addresses are persistent, and will only be deleted when the JDM or GNF instance itself is deleted.

    At a GNF, the Junos OS CLI command show chassis mac-addresses can be used to examine its chassis MAC address pool, and the Junos OS CLI command show interfaces fxp0 can be used to examine the MAC address of its management interface.

    At JDM, the CLI command show interfaces jmgmt0 can be used to examine the MAC address of its management interface.

    In case of MAC address duplication across JDM or GNF instances, you must delete and then reinstall the respective JDM or GNF instance and check again for duplication.

  • Error thrown when router configuration updated on live system—In Junos OS Release 18.3R1 and 18.3R2, on MX Series routers with the RE-S-X6-64G and RE-MX2K-X8-64G Routing Engines, when the user changes the router configuration on a live system, or when the user deletes an interface that has active traffic, the message select: protocol failure in circuit setup is randomly displayed. However, there is no known functional impact.

  • On MX Series routers, the request support information command executes the following show commands in addition to the existing show commands:

    • show chassis fabric summary

    • show chassis fabric fpcs

    • show chassis fabric plane

    • show chassis fabric reachability

    • show chassis fabric degradation

    • show chassis fabric destinations

    • show chassis fpc

    • show chassis power

    • show pfe statistics traffic

  • The two SFP+ ports on the Routing Control Board (RCB) of an MX2008 router have two port LEDs each - one Link Status LED and one Link Activity LED per port. On an MX2008 router, which is connected to an external x86 server in a Junos Node Slicing setup, behavior of these LEDs with regard to Junos Node Slicing configuration is as follows:

    • The Link Status LEDs and Link Activity LEDs on both the ports are off when Junos Node Slicing is disabled or not configured.

    • When you have configured network-slices on the router (also called base system or BSYS) but have not configured guest network functions (GNFs) on the server, the Link Status LED on each port turns green (steady-glow). In this case, the Link Activity LED on each port is off.

    • When you have configured Junos Node Slicing (including GNFs), the Link Activity LED on each port is amber (blinking), while the Link Status LED on each port remains green (steady-glow).


  • The memory usage of mplsoamd increases gradually. This is coming from a software design with rpd and mplsoamd are communicating internally but since this memory is inactive, it can be released without issue whenever there is memory shortage. PR1413724

Platform and Infrastructure

  • On all Junos OS platforms, execution of Python scripts through enhanced automation does not work on veriexec images. PR1334425

  • It is expected to see few transient FI cell underflow errors during a unified ISSU as long as they do not persist. PR1353904

  • In some cases PS interfaces over RLT might show as up and do not pass traffic. ASIC log error and a chassis alarm for hard FPC errors are reported. PR1400269

Port Security

  • MACsec pre-shared CAK cannot be zeros—In previous releases of Junos OS, it was possible to have an all-zero pre-shared static connectivity association key (CAK). In this and future releases of Junos OS, all-zero pre-shared CAKs are not allowed. Manually entered all-zero configured keys will not commit, and any such inherited configurations will be automatically nulled during system upgrade.

    Pre-shared keys are exchanged between two devices at each end of a point-to-point link to initiate the MACsec Key Agreement (MKA) protocol and enable MACsec using static CAK security mode. The exact Junos statement affected is security macsec connectivity-association <name> pre-shared-key cak <number>.

Routing Protocols

  • BGP peer flap is seen when Routing Engine switchover is triggered from the old backup Routing Engine. This issue is seen only with higher scales. The issue is related to slow draining out of the new backup socket. PR1325804

  • When 32,000 SR-TE policies are configured at once, during configuration time there might be scheduler slips. PR1339829

  • The mcsnoopd error messages are seen in logs while adding or deleting IGMP PIM configuration. These are debug messages and are not harmful. PR1371662

  • When scaling RIB to 80M after FPC restart, not able to scale on backup Routing Engine. PR1444073

Services Applications

  • We do not recommend to configure the ms- interface when AMS bundle in one-to-one mode has the same member interface. PR1209660

  • Broadband-edge platforms do not support service-set integration with dynamic profiles when the service set is representing a carrier-grade NAT configuration. As a workaround, you can use next-hop service set configurations and routing options to steer traffic to a multiservices interface (ms) interface where NAT functionality can be exercised. The following configuration snippet shows the basics of statically configuring the multiservices interface next hop and a next-hop service set. Traffic on which the service is applied is forced to the interface inside the network by configuring that interface as the next hop. This configuration does not show other routing-options or NAT configurations relevant to your network.

    [See Configuring Service Sets to be Applied to Services Interfaces.]

  • Hide HA details if it is not configured on a particular interface. PR1383898

Software Defined Networking

  • JDM restart error—In some cases, restarting Juniper Device Manager (JDM) results in the following error message: Restarting JDM Job for jdm.service failed because the control process exited with error code. See "systemctl status jdm.service" and "journalctl -xe" for details... However, JDM automatically recovers from the error condition and restarts successfully. A possible reason for this message is that the control process exited the last session because of an error. In the case of such errors, you can check the operational state of JDM by using the jdm status command.

  • Starting in Junos OS Release 18.3R2, in Junos Node Slicing, memory allocation to GNFs is shown in gibibytes (GiB), instead of gigabyte (GB). The unit GiB represents memory allocations in multiples of 1024 bytes. This change is applicable only to the JDM CLI help strings at the [edit virtual-network-functions vnf-name resource-template] hierarchy and to the output of the JDM show command show virtual-network-functions vnf-name.

Subscriber Management and Services

  • Before you make any changes to the underlying interface for a demux0 interface, you must ensure that no subscribers are currently present on that underlying interface. If any subscribers are present, you must remove them before you make changes.

  • For dual-stacked clients over the same PPP over L2TP LNS session, enhanced subscriber management does not support configurations where both of the following are true:

    • The CPE sends separate DHCPv6 solicit messages for the IA_NA and the IA_PD.

    • The solicit messages specify a type 2 or type 3 DUID (link-layer address).

    As a workaround, you must configure the CPE to send a single solicit message for both IA_NA and IA_PD when the other configuration elements are present.

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 18.3R3 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • While configuring the rate-limit-burst statement in the CoS hierarchy, the commit needs to push an update for CoS code handling on all the Packet Forwarding Engines and during this time, if an interface settings (internal attributes for an interface) is found to be NULL. Interface settings are usually stored in a memory location and the pointer to it becomes NULL because cosd does not check for the NULL values and results in segmentation fault. Channelized interface setting is found to be NULL for channelized interfaces, but the CoS code handling the configuration statement rate-limit-burst in the Packet Forwarding Engine is de-referenced by the setting without performing a NULL check, resulting in generation of a core file. PR1425667


  • The Layer 2 address learning process (l2ald) might generate a core file in a scaled Layer 2 setup, including bridge domain, VPLS, EVPN, and so on. The l2ald core file usually follows a kernel page fault that recovers on its own. In some cases, a manual restart of the process is needed to recover logs: /kernel: %KERN-3-BAD_PAGE_FAULT: pid 69719 (l2ald), uid 0: pc 0x88beb5ce got a read fault at 0x6ca, x86 fault flags = 0x4 /kernel: %KERN-6: pid 69719 (l2ald), uid 0: exited on signal 11 (core dumped) init: %AUTH-3: l2-learning (PID 69719) terminated by signal number 11. A core file is generated. PR1142719

  • Core link flap might result in inconsistent global MAC count. PR1328956

  • In EVPN-VXLAN scenario, when moving hosts between two multihomed interfaces, old MAC and IP entries were deleted from the global database but retained in one of the local databases. This might generate a l2ald core file. The normal condition is that both entries should have been deleted. PR1339543

  • In Junos OS platforms, the l2ald daemon might crash during MAC address processing. The MAC learning process is impacted during the period of l2ald crash. The l2ald recovers itself. PR1347606

  • Bidirection Layer 2 traffic floods for around 5 seconds for streams from SH to MH, when the clear mac table command is executed on an MX Series router because MAC addressing takes time to develop in the system. The clear mac table is a disruptive command that deletes all dynamic MAC addresses in the system. PR1360348

Forwarding and Sampling

  • The skip-service configuration does not work with IPv6 ndp negotiation or ping. PR1074853

  • Firewall from packet-length match with more than two ranges fails on PE/TL for QFX Series platforms without warning. PR1221777

  • Heap memory leaks occur on the DPC when the flow specification route is changed. PR1305977

  • On Junos Fusion, ingress policing on SD is broken and the configuration statement set interfaces layer2-policer input-policer <policer-name> is not supported. PR1395217

  • Observed error message at dfwd process path: [edit interfaces ae2 unit 0 family inet] statement filter. Index for referenced filter input_ipv4_ngn_filter is not defined. PR1433146

  • Error is observed when traffic is not policied as expected after locally switched for VLAN 100 and 101, while verifying selective local switching functionality with 4000 VLAN’s. PR1436343

General Routing

  • Packet mirroring does not work when family any input filter is applied on a interface that receives the GRE-encapsulated packets along with the firewall filter "decapsulate gre" action. PR1090854

  • SIP session fails when the IPv4 SIP client in a public network initiates a SIP call with the IPv6 SIP client in a private network. PR1139008

  • The jl2tpd process might generate a core file when issuing the CLI command show services l2tp tunnel statistics. PR1146771

  • Source-prefix filtering and protocol filtering of the CGNAT sessions are incorrect. For example, show services sessions extensive protocol udp source-prefix <0:7000::2> displays incorrect filtering of the sessions. PR1179922

  • The smid process stops responding to management requests after a jl2tpd (L2TP daemon) crash on an MX960 BNG. PR1205546

  • When an MPC is removed while the card is online, the link error column in the show chassis fabric summary extended output shows YES for all fabric planes. Conversely, when an MPC is taken offline using the CLI command, output shows correctly. PR1214611

  • The following cosmetic error is observed as the output: mspmand[190]: msvcs_session_send: Plugin id 3 not present in the svc chain for session. Please open a JTAC case to confirm. PR1258970

  • Guest network functions (GNFs) in a node-slicing setup currently do not support Junos OS. snapshot/recovery mechanisms. PR1268943

  • The performance of an X710 NIC is lower compared to that of an 82599 NIC. A 40G line rate can be achieved at 512-byte packet size for the X710 NIC compared to 256 bytes for the 82599 NIC. PR1281366

  • If a VM host snapshot is taken on an alternate disk and there is no further VM host software image upgrade, the expectation is that if the current VM host image gets corrupted, the system will boot with the alternate disk so that user can recover the primary disk to restore the state. However, if the host root file system is corrupted, the node boots with the previous VM host software instead of booting from the alternate disk. PR1281554

  • Because of the vendor code limitation, the ungraceful removing of summit MACsec TIC from chassis might cause a crash or unpredictable result. PR1284040

  • The following error message is seen while creating dynamic logical interface. Jun 16 08:17:17 banaswadi rpd[51849]: Error creating dynamic logical interface from sub-unit 1051592: Device busy Jun 16 08:17:17 banaswadi rpd[51849]: Error creating dynamic logical interface from sub-unit 1051593: Device busy error message: rpd[51849]: Error creating dynamic logical interface from sub-unit 1051680: Device busy PR1286042

  • Junos OS releases with a fix committed in Junos OS Releases 15.1R5-S4, 16.1R4-S3, 16.1R5, and 17.3R1 for devices with XM-based linecards (MPC3E, MPC4E, MPC5E, MPC6E, MPC2E-NG, and MPC3E-NG) might report a DDR3 TEMP ALARM chassisd's error log message. PR1293543

  • On MX204 and MX10003, the Routing Engine might get stuck and boot from the other SSD after vmhost reboot. This is a race condition during BIOS hand-off to OS. You must boot the Routing Engine from the primary SSD. PR1295219

  • The show dynamic-tunnels database summary command might not show an accurate tunnels summary during the time anchor Packet Forwarding Engine linecard is not in the up state. As a workaround, use the following commands: show dynamic-tunnels database and show dynamic-tunnels database terse. PR1314763

  • MPLSoGRE dynamic tunnel localization does not work when chained composite nexthop is enabled. PR1318984

  • In JDM, the jdmd process might generate a core file if the guest network function add-image is aborted by pressing CTRL-C. PR1321803

  • The GRE tunnels created dynamically by a BGP signal are always next-hop-based, even if the user has configured the static tunnels created by GRE to use logical interface base. PR1322941

  • When FPC restarts with Virtual Chassis splits, the design of MX Series Virtual Chassis infrastructure relies on the integrity of the TCP connections. If the integrity of TCP connection fails, the TCP connection timeout occur because of jlock hog crossing boundary value (5 seconds) cause bad consequences in MX Series Virtual Chassis. PR1332765

  • MACsec sessions might not get established when FPCs continuously go offline or come online more than 10 times followed by restarting the dot1xd process. PR1344358

  • The first packet pertaining to the J-Flow Packet Forwarding Engine sensor in UDP mode is missing after a line card reboot on MX150 routers. PR1344755

  • With GRES enabled in subscriber environment, if subscribers are logging in/out very quickly, the service sessions in Session Database (SDB) of backup Routing Engine might be leaked. If the problem is not detected for long enough, the backup Routing Engine might not be able to come back into synchronization with the master Routing Engine and will not be ready for GRES. PR1346300

  • During ISSU that warrants host upgrade, if the router is configured with 8 million IPv4/IPv6 routes or more, the unified ISSU might fail resulting in FPC restart. PR1348825

  • In some cases, online insertion and removal (OIR) of a MIC on an FPC can lead the traffic destined to the FPC to be discarded without notification. The only way to recover from this is to restart the FPC. The issue is not seen if you use the corresponding CLI commands to turn the MIC offline and then online. PR1350103

  • The EX9253 switch does not support interface ranges for channelized interfaces. You need to configure the interfaces individually.PR1350635

  • During stress conditions, error log messages regarding addition, modification, or deletion of routes might be incorrect. PR1350713

  • CRC link errors are seen while performing a unified ISSU to the Junos OS Release 18.2 and later releases. PR1353911

  • Craftd messages are generated on MX10003 and MX204 platforms. They do not have craft interface. Hence, these errors are expected, and can safely be ignored. When the craftd process tries to open the device, it fails with a junk character in the fatal error message because the error number is not mapped to a string in the kernel code. *** messages *** Feb 20 01:49:38 MX craftd[xxxx]: craftd detected platform mx10002 Feb 20 01:49:38 MX craftd[xxxx]: LIBJSNMP_SA_IPC_REG_ROWS: ns_subagent_register_mibs: registering 1 rows Feb 20 01:49:38 MX craftd[xxxx]: fatal error, failed to open smb device: ,JÎÈ"" PR1359929

  • In rare circumstances, a faulty SFP installed in an MX104 might cause the AFEB to go offline. The backup Routing Engine and fan tray will also be in alarm. PR1360426

  • Some of the exported packets for the sessions sensor could get fragmented because of this at times, the collector receives only the telemetry header part and not the payload. PR1364288

  • Syslog is updated when the user tries to configure an extended packet numbering (XPN) cipher over a non-xpn supported platform such as MIC-MACSEC-20G even though the commit goes through. PR1367722

  • Traffic drops might be observed with a swap out of a Virtual Chassis of QFX5100 to the EX9253 for testing some heavy multicast traffic, even when IRB interface comes up. PR1369099

  • When the FPC is booting up (during ISSU, router reboot, or FPC restart), i2c timeout errors for the SFP can be noticed. These errors are seen because i2c action is not completed as device was busy. Once the card is up, all the i2c transactions to the device work correctly, so no periodic failure is observed. There is no functional impact and these errors can be ignored. PR1369382

  • Every L2BSA subscriber creates 2 interfaces, DVLAN and RTSOCK with same subunit (same interafce name). Initially, the CLI output for show interfaces extensive displayed the filter information on both the DVLAN and RTSOCK interfaces. PR1372527

  • If MTU is configured to a value higher than 9500, which is the maximum permissible value, the configuration succeeds. But the actual value is set back to 1518B without any error. The DCD log can be checked to verify the occurrence. PR1372690

  • When the MIC-MACSEC-20G is in offline state after Fake-Kats initiation. The MIC has to be brought up by issuing chassisd restart. Attempting to bring the MIC online by using the CLI could cause the MIC to go into a hardware error state. PR1374532

  • Log messages continuously appearing in the MPC console indicate the presence of faulty SFP/SFP+, which is causing I2C transaction from the main board CPU. There is no software recovery available to recover from this situation. These logs also indicate potential I2C transaction failure with any of the 10 ports available with MIC-MACSEC-20G in PIC 0, resulting in such as the link not coming up or the MIC not booting restart. The following messages are seen: I2C Failed device: group 0xa0 address 0x70 Failed to enable PCA9548(0x70):grp(0xa0)->channel(0) mic_sfp_select_link:MIC(0/0) - Failed to enable PCA9548 channel, PCA9548 unit:0, channel ID: 0, SFP link: 0 mic_sfp_id_read: Failed to select link 0. As a workaround, detect and replace the faulty SFP/SFP+ plugged into theMIC-MACSEC-20G ports. PR1375674

  • A few XE interfaces go down with the following error if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840

  • Traffic from IRB interface toward LSI interface gets dropped with adaptive or per-packet load balancing on aggregated Ethernet interface. PR1381580

  • Commit is not allowed if you are trying to delete the physical-cores statement. However, there is no functional impact of this. PR1384014

  • In low-end 32-bit systems, the rpd has a lower level of available memory. We need a log message to alert the user when the average memory usage or transient memory usage exceeds thresholds. PR1387465

  • On MX Series platform enabled with enhanced subscriber management, if the filter service is enabled for each subscriber, and there is a large scale of Broadband Edge (BBE) subscribers (for example, 10000) logging in and out repeatedly, the Flexible PIC Concentrator (FPC) might crash due to this rare issue. PR1388120

  • In cases of PS over rlt at high scale, removing and adding back a CoS configuration can cause the FPC to enter a hard error state. PR1388487

  • BBE SMGD generates core files if MTU is changed while subscribers are logged in on the physical interface. PR1389611

  • After adding additional sites to existing group and routing instance configuration, configuration commit check might fail with the following error: abcdef# commit check re0: [edit routing-instances ELAN-XYZ protocols vpls site ABC-xe-0/3/2-site17 interface] 'xe-0/3/2.1522' Interface must be part of this routing instance error: configuration check-out failed: (statements constraint check failed). PR1391668

  • On MX2008 platform with MPC9E, in line rate traffic with a redundant SFB2 scenario, if offline one redundant SFB2, there might be tail or sometimes WRED drops in MPC9E, resulting in partial traffic loss. Under normal circumstances, the SFBs should be auto fail-over if one of them fails, and there should be only a little packet dropped momently. PR1395591

  • The router advertises the ESMC quality level of the primary reference clock (PRC) even though the current clock status is holdover. PR1398129

  • In a BGP-PIC case, if a route R1 resolves on top of a multipath-route R2, where R2 has primary and backup indirect next hops, it will be better if the backup leg is not used for resolution of R1. There is no impact on any existing CLI commands. The backup path is never used when the primary path is available. PR1401322

  • When a unified ISSU is done with PS over RLT configuration in MX-VC, upstream traffic is dropped from FRU upgrading phase to final switchover phase. The traffic is restored once the unified ISSU is successfully completed. PR1405083

  • On MX Series routers using MPC7E, MPC8E, MPC9E, MX10K-LC2101, or MX10003, when in an inline-jflow application is used, a fatal error on Hybrid Memory Cube (HMC) performs a disable-Packet Forwarding Engine action. Because J-Flow records are hosted on the HMC memory partition, reading and writing to the HMC memory might trigger an FPC crash and high FPC CPU utilization. This causes slow convergence (adding/deleting routes or next hops) for other Packet Forwarding Engines on the same FPC carrier. PR1407506

  • Configuration database can remain locked after the ssh session is halted. PR1410322

  • Log severity level changes on the MX150. PR1411846

  • It has been noted that a small number of tunneled subscribers might be terminated during ISSU to Junos OS Release 19.1R1 software because of the momentary loss of IP connectivity between the LAC and LNS devices. PR1412818

  • It has been noted that a small number of tunneled subscribers may be terminated during ISSU to 19.1R1 software due to momentary loss of IP connectivity between the LAC and LNS devices. PR1414928

  • After powering on the MPC chassis the voltage reads at 1345 mV-1348 mV for approximately 20 seconds and then it gets stabilized to 1493 mV. During this period, the FPC x Voltage Tolerance Exceeded major alarm is reported. PR1415671

  • Certain JNP10008-SF and JNP10016-SF switch interface boards (SIBs) manufactured between July 2018 and March 2019 might have incorrect core voltage setting. The issue can be corrected by reprogramming the core voltage and updating the setting in nvram memory. PR1420864

  • If the HTTP header enrichment function is used, the traffic throughput decreases when traffic passes through Header Enrichment. PR1420894

  • A user can configure a template in the router and map that template with an external controller. The router inherits the required configuration from the template and then provisions the external controller initiated LSP. Unbinding the template from the external controller or changing the template configuration might delete the PCE initiated LSPs (only LSPs which are using that particular template). Later, the LSPs are reprovisioned by the external controller. PR1421093

  • The XML formatted output of the command show security group-vpn member ipsec statistics is not hierarchically structured which does not allow the user to easily associate <esp-statistics> and <ah-statistics> elements with the respective <usp-ipsec-service-set-statistics> element. PR1422496

  • On all Junos OS platforms, when the file system gets into full state and there is no enough spare disk space, it might get into a problematic system condition in some corner case while doing configuration commit. After that, if consecutive commits are still done in such a problematic status, commit-check failure logs might be seen eventually. Due to this issue, some process might be not running even if its configuration is present. PR1423500

  • On QFX10000 Series with FPC, if the prefix entries configured in prefix-list exceeds the limit what the Packet Forwarding Engine chipset supports, some unexpected behavior might be observed (for example, the host-bound traffic drops) after performing change operation related to the prefix-list configuration (for example, add a prefix to prefix-list which is associated with filter). PR1426539

  • Dual stack subscriber accounting statistics are not baselined when one stack logs out PR1432163

  • L2CCC errors occur if you try to add a logical interface on an aggregated Ethernet interface that does not have any members - this is BCM limitation. Under stress or scale condition, these error messages are displayed. PR1433228

  • Mutiple interfaces on specific FPC are going down on MX480 after baseline profile configuration verification. PR1437221

  • Egress stream flush failure and traffic blackhole could occur on rare occasions for a repeatedly flapping link on MPC7/8/9E cards. PR1441816

  • After rebooting MX2008 the following false alarm is seen: 2019-07-22 05:07:57 UTC Minor VMHost RE 1 Secure BIOS Version Mismatch 2019-07-22 05:07:53 UTC Minor VMHost RE 0 Secure BIOS Version Mismatch 2019-07-22 05:07:53 UTC Minor Mixed Master and Backup RE types labroot@BRAIN-RE0> show chassis hardware Hardware inventory: Item Version Part number Serial number Description Chassis JN1261F13AFL MX2008 Routing Engine 0 BUILTIN BUILTIN RE-MX2008-X8-128G <<<< 128G Routing Engine 1 BUILTIN BUILTIN RE-MX2008-X8-128G <<<< 128G labroot@BRAIN-RE0> show chassis routing-engine Routing Engine status: Slot 0: Current state Master Model RE-MX2008-X8-128 Slot 1: Current state Backup Model RE-MX2008-X8-64G <<< 64G ???. PR1450424

  • On the MX10003 platform, the alarmd will not show alarm messages to the syslog. PR1453533

  • CLI issue is seen after ANCP restart and before ANCP neighbor is re-established and port-ups are received. Under normal working conditions, after ANCP restart, the port-ups should be received right away and the CLI issue is never seen. RADIUS, l2tp are unaffected from this cosmetic issue. PR1453837

  • Mandatory TLV 'ttl' learnt from LLDP neighbors is not streamed along with other learnt parameters from neighbors. PR1459441

  • VRRP logical interface MAC filter is not present in Packet Forwarding Engine when mc-ae is configured under ae interfaces. The same is present when mc-ae configuration is removed. PR1459692


  • The following error messages are seen during FTP: ftpd[14105]: bl_init: connect failed for /var/run/blacklistd.sock (No such file or directory) messages are seen during FTP. PR1315605

  • This is a BIOS firmware issue and does not seem to impact any functionality. All systems running BIOS version earlier than 1.1 report a warning message. As a workaround, upgrade the BIOS firmware on the devices. You can check for the firmware version on the device by querying the sysctl It should be later than 1.1 for this warning to be resolved. PR1345166

  • Junos OS can stop responding trying to acquire the SMP IPI lock while rebooting when it is running as a VM on Linux and QEMU hypervisor. PR1359339

  • On all MX Series routers that are upgraded to Junos OS Release 15.1 and later, when the duplex setting is changed on the management interface (for example, fxp0/em0), the duplex status of the management interface might not be updated in the output of the show interface <>. PR1427233

Interfaces and Chassis

  • Out-of-sequence packets are seen with LSQ interface. PR1258258

  • In Junos OS BNG solutions, after a commit event, when the configuration contains duplicate vlan-id configured on aggregated Ethernet and demux interfaces, the MX Series router might go into database prompt mode and the kernel generates core files. PR1274038

  • Upgrading to Junos OS Release 14.2R5 and later maintenance releases and Junos OS Release 16.1 and later mainline releases with CFM configuration might cause the cfmd process to crash after upgrade. This is because of the presence of an old version of the /var/db/cfm.db file. PR1281073

  • The aggregated Ethernet speed changes from 1 Gbps to 10 Gbps after GRES. PR1326316

  • In MX Virtual chassis, flooding of the Error message ?CHASSISD_CONFIG_ACCESS_ERROR: pic_parse_ifname: Check fpc rnage failed" can be seen with LACP enabled AE interfaces on MPC7/8/9 cards. Errors will only have impact for DWDM pics, which doesnt effect on the MPC7/8/9 cards. Hence this syslog message can be safely suppressed. PR1349277

  • With ppp-service traceoptions configured as: user@router> show configuration protocols ppp-service traceoptions file jtac-jpppd.log size 1g files 10; level all; flag all; filter { user { ""; } }, it is expected to see only PPP negotiation events belonging to the subscriber defined in the filter section. However in releases affected by this issue, several stings of logs related to other (non interested) subscriber might be seen. PR1370994

  • In large scale subscriber environment, changing ae member link configuration might generate core files for two Routing Engines. PR1375638

  • If the ET interface is the underlying interface for the demux interfaces, the demux interfaces will be down after changing the MTU of the underlying ET interface. The issue results in services going down for these demux interfaces. PR1424770

  • If an aggregated Ethernet interface has VRRP configuration, in following use cases, member logical interfaces are not created after the member physical interface comes up and the aggregated Ethernet will be in down state. fpc restart (request chassis fpc restart slot <>) chassis-control restart (restart chassis-control) reboot both Routing Engine (request system reboot both-routing-engines). So, before performing the above operations, it is advisable to remove VRRP configuration from the aggregated Ethernet interface. PR1429045

Layer 2 Features

  • For a router equipped with the following line cards: T4000-FPC5-3D, MX-MPC3E-3D, MPC5E-40G10G, MPC5EQ-40G10G, or MPC6E MX2K-MPC6E line cards, if the router is working as a VPLS PE device, because of MAC aging every 5 minutes, the VPLS unicast traffic is flooded as unknown unicast every 5 minutes. PR1148971

  • When you upgrade to Junos OS Releases 15.1, 16.1, and 17.x, in some circumstances VPLS LSI are not correctly created. This causes remote MACs not learned and L2 VPLS outage. PR1295664

  • On QFX platforms, Q-in-Q might stop working for certain VLAN ID lists configured under a physical interface. PR1395312


  • When using mpls traffic-engineering bgp-igp-both-ribs with LDP and RSVP both enabled, CSPF for interdomain RSVP LSPs cannot find the exit area border router (ABR) when there are two or more such area border routers (ABRs). This causes interdomain RSVP LSPs to break. RSVP LSPs within the same area are not affected. As a workaround, you can either run only RSVP on OSPF ABR or IS-IS L1/L2 routers and switch RSVP off on other OSPF area 0/IS-IS L2 routers, or avoid LDP completely and use only RSVP. PR1048560

  • In a CE-CE setup, traffic loss might be observed over the secondary LSP on primary failover. PR1240892

  • With nonstop active routing (NSR), when the routing protocol process (rpd) restarts on the master Routing Engine, the rpd on the backup Routing Engine might restart. PR1282369

  • In case of CSPF-disabled LSPs, if the primary path ERO is changed to an unreachable strict hop, sometimes the primary path stays up with the old ERO. The LSP does not switch to standby secondary. PR1284138

  • For an SR-TE path with "0" explicit NULL as the innermost label, the SR-TE path does not get installed with the label "0". PR1287354

  • For static short reach traffic engineering (SR-TE), the binding SID entry disappears after modifying binding(swapping) SID values for two SR-TE LSPs. Workaround is to delete the BSID->P1 and create BSID->P2. PR1289950

  • Rpd core file is generated on master Routing Engine after performing restart chassisd. PR1352227

  • When vpn-localization vpn-core-facing-only is configured and configuration is removed completely or restored with baseline configuration, then FPC can get stuck. This is because of the failure in cleanup VT interface. PR1359087

Network Management and Monitoring

  • The etherStatsTable should display data for physical interfaces only. However, the data of parent physical is populated to the logical interfaces. PR1335808

Platform and Infrastructure

  • The issue occurs when 120 bridge domains (among a total of 1000 bridge domains) have XE/GE links toward the downstream switch and LAG bundles as uplinks towards upstream routers. The XE/GE link is part of the physical loop in the topology. Spanning tree protocols such as VSTP/RSTP/MSTP are used for loop avoidance. Some MAC addresses are not learned on DUT when LAG bundles that are part of such bridge domains are flapped and other events such as spanning tree root bridge change occur. PR1275544

  • An accuracy issue occurs with three-color policers of both type single rate and two rate in which the policer rate and burst-size combination of the policer accuracy vary. This issue is present starting in Junos OS Release 11.4 on all platforms that use MX Series ASIC. PR1307882

  • In a filter list (input-list/output-list) scenario, when the filters in the same filter list refer to a same nested filter, the FPC might crash continuously. The issue results in traffic loss during FPC crash and reboot. PR1357531

  • In a Layer 3 VPN topology, traceroute to a remote PE device for a CE-facing network results in an ICMP TTL expired reply with a source address of only one of the many CE-facing networks. In Junos OS Releases 15.1R5, 16.1R3, and 16.2R1 and later releases, there is a kernel sysctl value, icmp.traceroute_l3vpn. Setting this to 1 changes the behavior to select an address-based on the destination specified in the traceroute command. This PR adds the option to the configuration. PR1358376

  • There are multiple failures when a events such as node reboots, ICL flaps, and ICCP flaps occurs. Even with enhanced convergence configured, there is no guarantee that sub-second convergence will be achieved. PR1371493

  • One single port with dual stack subscribers, pppoe/dhcpv6 drops all the connections and no subscribers displayed. PR1382288

  • On MX Series platforms with VPLS scenario, when the interface-mac-limit packet-action-drop statement is configured, in the case of MAC moves, the new MAC might not be learned sometimes because of a race condition of an unusual update of "MAC learn limit" under the Packet Forwarding Engine (the hardware "MAC learn limit exceeded" counter displays unexpected behavior and increases to a very huge and negative number). This can result in packet drops. PR1410162

  • On all Junos platforms with NSR enabled, the BGP session with hold-time 6 seconds or smaller flaps after the backup Routing Engine is disconnected ungracefully. PR1428518

  • Arrival rates are not seen at system level when global-disable fpc is configured on QFX Series platforms. PR1438367

  • A dual Routing Engine Juniper Node Slicing GNF with no GRES configured and with system internet-options no-tcp-reset drop-all-tcp configured could enter dual backup Routing Engine state upon manual GNF RE mastership switchover attempt with request chassis routing-engine master [acquire|release|switch] CLI command from either GNF Routing Engine CLI. PR1456565

  • On all Junos OS platforms, if the device is up for a long period (for example, several weeks or months), a slow memory leak might occur in some error scenarios where an application tries to send some data on a stale TCP socket (for example, a short-lived TCP connections is used by the mgd process), and this issue might lead to FPC reboot with vmcore files. PR1449664

  • In EVPN VXLAN scenario, sometimes host generated packets are getting dropped as hitting "reject route" in Packet Forwarding Engine. For example, when you initiate the ICMP request sourced from EVPN instances Layer 3 gateway IRB address, the ICMP packet might not get out successfully in below scenario 1. control plane generated packet with overlay destination address (irb) belonging to one particular routing instance and the underlay (vtep) is on a different routing instance. This packet is inserted from control plane on the underlay's routing instance lookup which might fail leading to this control plane generated packet not go out. 2. When MPLS traffic engineering is enabled. The underlay vtep route in inet.0 will be labeled MPLS route. PR1451559

Routing Policy and Firewall Filters

  • Rib-group with policy that matches on route next hop might fail to add routes to secondary tables when matched route next hop changes to a different one and becomes active again after some time. PR1450123

Routing Protocols

  • In rare cases, rpd might generate a core file with error rt_notbest_sanity: Path selection failure on .... There is no impact to traffic or routing protocols. PR946415

  • When interoperating with other vendors in a draft-rosen multicast VPN, by default the Junos OS attaches a route target to the multicast distribution tree (MDT) subsequent address family identifier (SAFI) network layer reachability information (NLRI) route advertisements. But some vendors do not support attaching route targets to the MDT-SAFI route advertisements. In this case, the MDT-SAFI route advertisement without route-target extended communities will be excluded from propagating if the BGP route target filtering is enabled on Junos OS device. PR993870

  • The syslog message JTASK_SCHED_SLIP for rpd process might be seen on restarting routing or disabling ospf protocol with scaled BGP routes in the MX104 router. PR1203979

  • Certain BGP traceoption flags (for example, "open", "update", and "keepalive") might result in (trace) logging of debugging messages that do not fall within the specified traceoption category, which results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294

  • LDP and OSPF are in the 'in sync' state and the reason observed for this is that the IGP interface down with LDP synchronization enabled for OSPF. user@host> show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt 1 Type: P2P, Address:, Mask:, MTU: 9100, Cost: 1050 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 2, Not Stub Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTC Protection type: None Topology default (ID 0) -> Cost: 1050 LDP sync state: in sync, for: 00:04:03, reason: IGP interface down config holdtime: infinity. As per the current analysis, "IGP interface down" is observed as the reason because although LDP notified OSPF that LDP synchronization was achieved, OSPF was not able to take note of the LDP synchronization notification, because the OSPF neighbor was not up yet. PR1256434

  • In a scenario where an application allocates and caches next-hop templates, the NH template cache grows continuously. But when application clears the local cache, then memory is freed to the NH template cache. However, the NH template cache does not have code to shrink the cache and free the memory back. Hence the NH template memory is trapped in the cache and cannot be used for other purposes. But if same BGP routes and next hops come up again, they will reuse the templates from the cache and not consume additional memory. PR1346984

  • SCP command with routing option (-JU) is not supported. PR1364825

  • Its possible for a GNF with rosen6 multicast to display stuck KRT queue entries after recovery from a dual Routing Engine reboot at the BSYS. PR1367849

  • At scale, a guest network function (GNF) with PS over RLT and multiple MPCs might show bfd flap at recovery. PR1386574

  • On all devices running Junos OS enabled with GRES and NSR, if Routing Engine switchover is executed, the BGP peers in the new master Routing Engine might flap due to hold-timer expiry after GRES. PR1390113

  • Rpd's route selection mechanism has multiple user-configurable mechanisms by which route ordering may be changed. To assist with debugging issues with defects in the route selection code, a function would generate a low priority soft core that didn't crash rpd when route selection was incorrect. However, there have been circumstances wherein not-best was incorrectly being determined. One such situation that is addressed in this PR involves when routes are learned or redistributed from non-BGP protocols and had an AS_PATH attribute. Using BGP route selection rules, if a BGP route and a non-BGP route had a leading AS_PATH with the same AS, BGP MED selection rules for grouping were being applied. Such MED election should only be done using BGP-only routes. Such a situation can come from various BGP carried VPN protocols wherein routes from the VPN protocol generated IPv4 routes when redistributed from one routing instance to another. An example of this would be an EVPN route. PR1391767

  • When the multicast-only fast reroute (MoFRR) feature is used in a scaled environment (in terms of number of routes and NHs), the actual convergence of multicast traffic might reach hundreds of milliseconds due to sub-optimal handling of MoFRR forwarding states at the Packet Forwarding Engine level. PR1399457

  • With advertise-external statement is configured and auto-export and the same external BGP route is learned in different VRF, the imports policy imports those routes in each VRF, rpd enters into a flash-loop condition between rt-export and bgp-flach callback, causing 100 percent rpd utilisation. PR1442902

  • When BGP-PIC (protect core) is configured with multipath formation such as add-path setting, CPU usage rate for rpd becomes high. PR1446861

  • RPD memory leaks in task msdp_notify_pim_list. PR1454244

  • If the same BGP routes are flapping very fast, a memory leak in rpd on the backup routing engine might happen. Depending on the Junos OS release, the rpd might crash and restart once the rpd runs out of memory. PR1459384

Subscriber Access Management

  • When PPPoE subscribers log in and log out from Junos OS Release 16.1, the following messages are generated: user@host> show log messages | match authd authd[5208]: sdb_app_access_line_entry_read_by_uifl: uifl key 'demux0.xxxxxxxx': snapshot failed (-7) authd[5208]: sdb_app_access_line_entry_read: uifl key 'demux0.xxxxxxxx': read failed. These messages indicate that the authd daemon for subscriber authentication is attempting to read private data for an underlying interface that no longer exists (-7 = SDB_DATA_NOT_FOUND). These messages have no impact and can be safely ignored. PR1236211

  • The authd reuses address quickly before jdhcpd completely cleans up the old subscriber error log: jdhcpd: %USER-3-DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add <host>. PR1402653

User Interface and Configuration

  • The configuration config/<file> fails commit check for dynamic profile when the subscriber is active. PR1376689

  • Changing nested apply groups does not take affect. PR1427962

Resolved Issues

This section lists the issues fixed in the Junos OS 18.3R3 Release for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 18.3R3

Class of Service (CoS)

  • Traffic drop occurs when deleting MPLS family or disabling an interface that has non-default EXP rewrite-rules. PR1408817

  • The host-inbound packets might be dropped when configuring host-outbound FC. PR1428144

  • The dfwd crashes with the forwarding-class configuration in policers. PR1436894


  • The RA packets might be sent out without using the configured virtual gateway address. PR1384574

  • EVPN VXLAN VTEP tunnel does not get deleted when EVPN peer goes down. PR1390965

  • The rpd process crashes with the EVPN type-3 route churn. PR1394803

  • The rpd crashes on the backup Routing Engine after enabling nonstop-routing with the EVPN. PR1425687

  • The device might proxy the ARP probe packets in an EVPN environment. PR1427109

  • The IP address is missing in mac-ip-table of the EVPN but is present in the EVPN database when the CE interface has two primary IP addresses. PR1428581

  • Incorrect MAC count with show evpn/bridge statistics. PR1432293

  • Stale MAC addresses are present in the bridge MAC table in an EVPN-MPLS scenario. PR1432702

  • ARP table and Ethernet switching table become asynchronous when an EVPN ESI link flaps multiple times. PR1435306

  • IRB logical interface is not up when local Layer 2 member is down and IM next hop is present. PR1436207

  • Configuring ESI on a single-homed 25G port might not work. PR1438227

  • The specific source-ports of UDP packet are dropped on an EVPN-VXLAN setup. PR1441047

  • Restarting L2 learning might cause some remote MAC addresses to move into forwarding 'dead' state. PR1441565

  • Traffic gets dropped at MX Series EVPN Layer 3 gateway when the VRRP switchover is initiated at host side. irb_arp_ndp next hop is programmed as discard during the problem state. PR1442319

  • The EVPN routes and MAC/IP are missing from an EVPN database or mac-ip-table when VLAN ID is removed from an EVPN and re-added. PR1443933

  • Instance type is changed from VPLS to EVPN and this results in packet loss. PR1455973

Forwarding and Sampling

  • The kernel might crash when the firewall filter is modified. PR1365265

  • Error is seen when using a bit-length of 128 for IPv6 to configure firewall flexible-match-range functionality. PR1389103

  • EVPN enhancement for MAC flush mechanism in Junos OS is seen. PR1421018

  • The device is in Amnesiac mode after a unified ISSU with the following error message: mgd: error: configuration check-out failed. PR1432664

  • no-normalization of VLAN can now be configured for instance-type virtual-switch with protocols vpls. PR1433542

  • Commit fails while configuring a firewall policer action as "forwarding-class". PR1446556

  • The high CPU utilization of l2ald is seen after replacing an EVPN configuration. PR1446568

  • On MX204, input or output counters of aggregated Ethernet bundle or member links configured on non-default logical systems are not updated. PR1446762

General Routing

  • MX Series Virtual Chassis, suboptimal aggregated Ethernet load balancing is optimal when an aggregated Ethernet bundle is part of an ECMP path. PR1255542

  • The output of the show class-of-service fabric statistics command now includes traffic that was dropped because of internal errors in the drop counts. PR1338647

  • Packet Forwarding Engine selector gets stuck in rerouted state on unilist next hop after the primary aggregated Ethernet link is deactivated or activated. PR1354786

  • Traffic might be blocked on MX Series routers with MS-MPC/MS-MIC. PR1358019

  • Interface with Tri Rate Copper SFP(P/N:740-01311) in "MIC 3D 20x 1GE(LAN)-E,SFP" stops forwarding traffic after unified ISSU upgrade. PR1379398

  • FPC errors might be seen in subscriber scenario. PR1380566

  • Telemetry data export might be missed when multiple LLDP sensors are exported simultaneously. PR1382691

  • Disable reporting of correctable single-bit error on Hybrid Memory Cube (HMC) and prevent the major alarm. PR1384435

  • The rpd process might end up with KRT queue getting stuck in a VRF scenario. PR1386475

  • The rpd might crash when traceoptions are enabled. PR1387050

  • The FPC core file might be observed when J-insight is configured. PR1388112

  • The BNG might not respond with PADO and create any demux interface when a PPPoE PADI packet is received. PR1390989

  • The FPC cards might not come up while performing a unified ISSU on MX10003. PR1393940

  • A Layer 3 gateway does not update ARP entries if IP or MAC quickly move from one router to another router in an EVPN-VXLAN environment. PR1395685

  • VMHost RE 0 Secure BIOS Version Mismatch and VMHost RE 1 Secure Boot Disabled alarms are generated. PR1397030

  • The service PIC might crash while changing CGNAT mode. PR1397294

  • The PPPoE subscribers are unable to reconnect after FPC reboot. PR1397628

  • When the command request vmhost reboot routing-engine both is issued, a confirmation message is not displayed. PR1397912

  • The CLI command show system firmware is hidden on MX Series platforms. PR1398022

  • An alarm might be seen if the PEM's serial number starts with "1F1". PR1398128

  • The DHCPv6 relay-reply packet might be dropped by the DHCP relay. PR1399683

  • The na-grpcd log file is not rotated and keeps growing until the Routing Engine is out of disk space. PR1401817

  • Configuration changes from colored SRTE LSP to uncolored SRTE LSP might generate the rpd core files. PR1403208

  • Incorrect display of assigned prefixes to a subscriber in the output of show interface < dynamic demux interface>. PR1404369

  • Voltage read failed for rail LTC3887-EA1-VDD0V9R2-CH0. PR1405787

  • The rpd might crash because of the race condition with the combination of community actions done at both BGP import policy and a forwarding-table policy. PR1406357

  • Change the default parameters for resource-monitor rtt-parameters. PR1407021

  • FPC might crash during the subscriber related stress tests. PR1407285

  • The rpd process might crash when a commit check is executed on an LDP trace options filtering. PR1407367

  • FPC crash and slow convergence upon HMC fatal error condition when inline-jflow is used. PR1407506

  • openconfig-network-instance:network-instances support for IS-IS must be hidden unless supported. PR1408151

  • MX-MPC2-3D-EQ and MPC-3D-16XGE-SFPP shows "Exhaust A" temperature, rather than intake temperature. PR1409406

  • Slow SNMP on entityMIB during subscribers load test. PR1411062

  • A steady increase of the Packet Forwarding Engine heap memory utilization might happen when PPPoE subscribers are flapping. PR1411389

  • Parity error might cause an FPC alarm. PR1411610

  • JTASK_SCHED_SLIP error might be observed on VRR platform during NTP synchronization. PR1411679

  • Junos PCC might reject PCUpdate/PCCreate message if the metric type is other than type 2. PR1412659

  • PPPoE subscribers might not be able to log in after a unified ISSU. PR1413004

  • In MPC8 line card, enabling both bandwidth configuration statement along with flex-flow-sizing statement might disable J-Flow service. PR1413513

  • The services load balance might not be effective for AMS if the hash key under the forwarding-options hierarchy is configured. PR1414109

  • DHCP subscribers on MX104 cannot connect. PR1414333

  • The QFX10002 might stop forwarding packets after the chassis-control process restarts. PR1414434

  • Anomaly in LED behavior after rebooting the directly connected device. PR1414532

  • NPC might not apply configured resource-monitor thresholds after NPC restarts. PR1414650

  • ICMP MTU exceeded error generated from Packet Forwarding Engine does not reach the expected source. PR1415130

  • MTU issue might cause PS interface to flap during dcd restart or GRES switchover. PR1415207

  • The IRB interface might flap after committing configuration change on any interface. PR1415284

  • Some IPsec tunnels might fail to pass traffic after GRES on MX Series platform. PR1417170

  • The IPv6 neighbor might become unreachable after the primary link goes down in VPLS multihoming scenario. PR1417209

  • An IPv4 packet with a zero checksum might not be translated to IPv6 packet properly under NAT64 scenario. PR1417215

  • An invalid XML reply containing a duplicate tag might be seen when requesting get-arp-table-information through netconf. PR1417269

  • Some subscribers might go offline while performing GRES or daemon restart. PR1417574

  • The BGP session might flap after Routing Engine switchover. PR1417966

  • CGNAT with MS-MPC card does not account for AP-P out of port errors or generate a syslog message when this condition is met. PR1418128

  • MX-GX+ Services are not synchronized up to the backup Routing Engine with GRES/NSR enabled. PR1418594

  • The lsp-cleanup-timer is not being honored when lsp-cleanup-timer is configured to be greater than 2147483647. PR1418937

  • RX alarms are not set as according to the threshold value configured for the DCO tunable optics. PR1419204

  • A PPP session under negotiation might be terminated if another PPPoE client has the same session ID. PR1419500

  • The IPsec tunnel might go down when the Junos OS platforms and the peer both act as the initiator and try to bring an IPsec tunnel up at the same time. PR1420293

  • On MX Series platforms, PTP phase is aligned but TE/cTE is not good. PR1420809

  • The FPC CPU might be hogged if channelized interfaces are configured. PR1420983

  • An interface might go to downstate on QFX10000 platform. PR1421075

  • MX Series LNS might fail to forward the traffic on the subscriber access route. PR1421314

  • Failed to reload keyadmin database for /var/etc/keyadmin.conf. PR1421539

  • bbemg_smgd_lock_cli_instance_db should not log as error messages. PR1421589

  • On MX Series Virtual Chassis, the VCP port reports MTU value 9152 in the ICMP MTU exceeded message while the VCP port MTU is set to 9148. PR1421629

  • The PS access interface is not marked as ccc down on standby/non-designated PE. PR1421648

  • After control plane event few IPsec tunnels failed to send traffic through the tunnel. PR1421843

  • RPT_REG_SERVICES:RPM syslogs are not generated after deactivating aggregate interface. PR1421934

  • The changed value of "remote-gateway" does not take effect when the router acts as an initiator of IPsec VPN tunnel. PR1421977

  • RSI bloat because of the vmhost-based log collection. PR1422354

  • Packet Forwarding Engine wedge might be observed after performing the command show forwarding-options load-balance. PR1422464

  • The CoS ieee-802.1 classifier might not get applied when it is configured with service activation on underlying-interface. PR1422542

  • The allocation of MAC address might fall out of the MAC address pool on MX204 platform. PR1422679

  • SFP-T/SX/LX does not work with QSA adapter in MX10003. PR1422808

  • show system subscriber-management summary to include failure reason for standby disconnect when primary and back Routing Engine memories mismtach. PR1422976

  • While committing huge configuration the following error message is displayed: error: mustd trace init failed. PR1423229

  • set forwarding-options enhanced-hash-key symmetric is not effective on MX10003. PR1423288

  • Traffic is dropped after FPC reboot when aggregated Ethernet member links are deactivated by remote device. PR1423707

  • On MX204 optics SFP-1GE-FE-E-T Iayer 2 circuit read errors are seen when an SFP-T is inserted into a disabled state port. PR1423858

  • PTP asymmetry change needs PTP bounching. PR1423860

  • The bbe-smgd process might crash after executing the command show system subscriber-management route prefix <>. PR1424054

  • The system does not reboot or halt as configuration when encountering the disk error. PR1424187

  • The rpd process keeps crashing after changing the configuration. PR1424819

  • The jdhcpd might consume 100 percent CPU and crash if dhcp-security is configured. PR1425206

  • Interface with FEC disabled might flap after Routing Engine mastership switchover. PR1425211

  • The rpd crashes continuously if MD5 authentication on any protocols is used along with the master password. PR1425231

  • Soft-gre tunnel route lost after reboot/GRES or upgrade in WAG scenario. PR1425237

  • The mspmand process might crash and restart with a mspmand core file created after doing a commit change to deactivate and activate service-set. PR1425405

  • Following log message is generated continuously on MX204 router: fru_is_present: out of range slot 0 for. PR1425411

  • Getting Unisphere-UpStream-Calc-Rate as 0 while verifying L2BSA RADIUS accounting stop packets after performing a GRES. PR1425512

  • All interfaces creation failed after NSSU. PR1425716

  • Logical interfaces targeting 18000 phantom distributed interfaces are displayed for aggregated Ethernet interface with the targeted distribution enabled on it, when there are no active subscribers. PR1426157

  • Interfaces might come down after device reboots. PR1426349

  • PEMs lose DC output power load sharing after PEM switch off and on operation on MX Series platforms. PR1426350

  • Some CFM and BFD sessions might flap while collecting MPLS statistics. PR1426727

  • Traffic loss might be seen when multiple IPsec tunnels are established with the remote peer. PR1426975

  • Traffic might not flow through MACsec interface even after an unsupported cipher-suite is removed. PR1427294

  • Entity MIB has incorrect contained in-values for some fixed MPCs with built-in PICs. PR1427305

  • Rebooting or halting Virtual Chassis member might cause the RTG link to go down for 30 seconds. PR1427500

  • When installing YANG package without proxy-xml statement, the CLI environment might not work well. PR1427726

  • The PPP sessions do not work properly on MX Series platforms. PR1428212

  • The subscriber IP route might got stuck in bbe-smgd if the subscriber IP address is the same with local IP address. PR1428428

  • Incorrect IGMP statistics for dynamic PPP interfaces. PR1428822

  • Fabric drops might be seen on MX10003 platform when two FPCs come online together. PR1428854

  • The statement show igmp statistics does not count the total number of multicast-enabled interfaces correctly. PR1429018

  • L2TP subscriber and MPLS pseudowire subscriber volume accounting statistics value remains unchanged post ISSU. PR1429692

  • rpsd daemon is not getting killed on when unconfigured simultaneous to toggling rpd 'force-64-bit', rpsd core file is generated after 10 minutes. PR1429770

  • The aggregated Ethernet interfaces do not come up after rebooting the FPC/device although the physical member link is up. PR1429917

  • Configuration is prevented from being applied on MX Series routers in subscriber scenario. PR1430360

  • Performance degradation for about 20 seconds after the offline of the fabric board on MX10008 and MX100016. PR1430739

  • Disabling DAC QSFP port might not work on MX204 and MX10003 or EX9251. PR1430921

  • Inline LSQ might not work when it is configured on the same FPC where MIC-3D-16CHE1-T1 is slotted. PR1431069

  • Error might be observed when using a script to load-configuration. PR1431198

  • Destination unreachable counter was counting up without receiving traffic. PR1431384

  • During the stress tests, bbe-smgd process might crash on backup Routing Engine when performing GRES. PR1431455

  • The bbe-smgd might crash if subscribers are trying to log in or log out and a configuration commit activity occurs at the same time. PR1431459

  • Subscribers coming from new physical interfaces might not log in because of the 512 entries limit in the subscriber-limit table. PR1431566

  • SIB Link Error detected on a specific Packet Forwarding Engine might cause complete service impact. PR1431592

  • Allow installation of three identical framed-routes in same routing-instance. PR1431891

  • In MX10003, the PEM not present alarm raised when minimum required PEM exist in the system. PR1431926

  • Traffic might be sent on the standby link of aggregated Ethernet bundle and get lost with LACP fast-failover enabled. PR1432449

  • Change to in-use parameterized filter prefix-list might result in generating a bbe-smgd core file on backup Routing Engine. PR1432655

  • Traffic is dropped if sa-multicast is in the configuration. PR1433306

  • RSI and RSI-brief should not include show route forwarding-table when tomcat is enabled. PR1433440

  • Lawful intercept for subscriber traffic is not programmed in Packet Forwarding Engine if it is activated by Access-Accept. PR1433911

  • URI portion in URL will become case-sensitive through a hidden configuration statement url-case-sensitive under url-filter-template. PR1434004

  • Incorrect PLUGGABLE ID 17 on MX10003-LC2103 is seen. PR1434183

  • Packet Forwarding Engine memory leak might be seen if MLPPP links are flapped. PR1434980

  • DHCPv6 advertise to client might use incorrect destination MAC address. PR1435694

  • Total number of packets mirrored, after DTCP trigger add and DTCP enable is not in expected range while verifying traffic on mirror port after DTCP drop policy is enabled. PR1435736

  • MPC7, MPC8, MPC9, MX10003 MPC, EX9200-12QS, and EX9200-40XS line card might crash in a scaling setup. PR1435744

  • The mc-ae interface might get stuck in waiting state after a device reboot. PR1435874

  • The local route in the secondary routing table gets stuck in the KRT. PR1436080

  • ifHCInOctets counter on aggregated Ethernet interface go to ZERO value when you execute snmp mib walk. PR1436201

  • LASER TX remained enabled while an interface is disabled using the Routing Engine CLI configuration. PR1436286

  • Few static PPP subscriber stuck in init state permanently and error message seen Failed to create client session, err=SDB data corrupted. PR1436350

  • Router is not reachable after downgrading from Junos OS Release 18.2-20190513.0 to Junos OS Release 18.2R2.6. PR1436832

  • The CPU utilization on a daemon might keep around 100 percent or backup Routing Engine might crash in race conditions. PR1437762

  • LNS router might send the router-advertisement packet with NULL source link-layer option field. PR1437847

  • The chassisd might crash after enabling hash-key. PR1437855

  • Subscriber flows might not be synchronized between aggregated Ethernet members on MX Series Virtual Chassis platforms. PR1438621

  • The FPC might crash when a Packet Forwarding Engine memory is exhausted. PR1439012

  • FPC on Virtual Chassis backup router might reboot in MX-VC scenario. PR1439170

  • The "vlan all interface all" combination is not working as expected under VSTP. PR1439583

  • The bbe-smgd core files are seen after restarted. PR1439905

  • CoS related errors are seen and subscribers could not get service. PR1440381

  • DHCP offer packets towards IRB over LT interface getting dropped in DHCP relay environment. PR1440696

  • The layer2 dynamic VLANs miss when an interface is added or removed from an aggregated Ethernet. PR1440872

  • On PE chip-based platforms, if CoS IEEE-802.1 rewrite rule is configured and bound to the aggregated Ethernet interface, the outgoing traffic might be dropped after changes are made to aggregated Ethernet. PR1441772

  • SNMP trap comes twice for FRU removal in MX10000 - one trap with FRU name as FPC: JNP10K-LC2101 and second with FRU name as FPC @ 1/*/*. PR1441857

  • The packets originating from the IRB interface might be dropped in a VPLS scenario. PR1442121

  • The chassisd is unable to power off a faulty FPC after the Routing Engine switchover that is leading to chassisd restart loop. PR1442138

  • The operational status of the interface in hardware and software might be out of synchronization in EVPN setup with arp-proxy feature enabled. PR1442310

  • In "enhanced-ip" or "enhanced-ethernet" mode withdestination-class-usage (DCU) accounting enabled, MS-DPC might drop all traffic that should egress through ae interface. PR1442527

  • EVENT UpDown interface logs are partially collected in syslog messages. PR1442542

  • Different formats of the B4 addresses might be observed in the SERVICES_PORT_BLOCK_ALLOC/RELEASE/ACTIVE log messages. PR1442552

  • Few Path Computation Element Protocol (PCEP) logs are marked as ERROR even though they are not. Now severity of those logs are corrected as INFO. PR1442598

  • DHCPv6 client might fail to get an IP address. PR1442867

  • The kmd process might crash and restart with a kmd core file created if IP of NAT mapping address for IPsec VPN remote peer is changed. PR1444183

  • MX204 larger than MTU packets of GRE data get dropped when sampling is enabled on the egress interface. PR1444186

  • Inline-keepalive might stop working for LNS subscribers if the statement routing-services is enabled. PR1444696

  • Access route might get stuck in bbe-smgd and rpd is not cleared. PR1445155

  • The CPCDD process continuously generates a core file and process stops, in ServicesMgr::ServicesManager::cpcddSmdInterface::processInputMsg. PR1445382

  • Detached LACP member link gets LACP State as enabled in Packet Forwarding Engine when switchover because of device reboot. PR1445428

  • The 1G interface on MX204 might stay down after the device is rebooted. PR1445508

  • Lawful intercept on LAC access interface might not work as expected because of the MTU check failure. PR1445637

  • The mspmand process might crash if URL filtering is configured and one blacklisted domain name is a sub-string of another blacklisted domain name in URL filter database file. PR1445751

  • The jdhcpd process might crash after issuing the command show access-security router-advertisement-guard. PR1446034

  • NAT service-set in certain scale might fail to get programmed. PR1446931

  • The J-Flow version 5 stops working after changing "input rate" value. PR1446996

  • The rpd process might crash if BGP is activated or deactivated multiple times. PR1448325

  • DCD CPU spike seen after a Junos OS upgrade from Junos OS Release 14.2 to 16.1. PR1448858

  • FPC is rebooted while off-lining PIC-0. PR1449067

  • The DHCP relay feature might not work as expected with helpers bootp configured. PR1449201

  • Interfaces might flap forever after deleting the interface disable configuration. PR1450263

  • Burst-size are not updated when using the static traffic-control-profile by dynamic-profile. PR1451033

  • SNMP query for IPsec decrypted or encrypted packets does not fetch right values; observing KMD_SNMP_FATAL_ERROR. PR1451324

  • Error dropped packets seen on MQ/XM-based MPC cards though there is no traffic flowing through the system. PR1451958

  • On MX10003 router, MACsec framing errors are seen when ever sequence number exceed 2 power 32 with XPN (Extended Packet Numbering). PR1452851

  • The FPC might crash when the severity of error is modified by URI format error-id. PR1453871

  • The access request for L2BSA port up might not be retransmitted if the RADIUS server used to be unreachable. PR1454975

  • CRAFTD syslogs fatal errors along with junk characters upon its startup and exits after four startup attempts. PR1454985

  • Device chooses incorrect source address for locally originated IPv6 packets in routing-instance when destination address is reachable through static route with next-table statement. PR1455893

  • After MPC4E insert to slot 5, the output of the show chassis environment statement shows high temperature. PR1456457

  • Default value of 2^32 replay-window size results in framing errors at an average of one in 2^32 frames received. PR1457555


  • SNMP OID IFOutDiscards not updated when drops increasing. PR1411303

  • The traffic to the NLB server might not be forwarded if the NLB cluster works on multicast mode. PR1411549

  • The duplex status of management interface might not be updated in the output of show command. PR1427233

  • The operations on console might not work if the statement system ports console log-out-on-disconnect is configured. PR1433224

Interfaces and Chassis

  • The pfe_disable action does not disable the logical tunnel interfaces belonging to the affected Packet Forwarding Engine. PR1380784

  • Missing mandatory ICCP configuration statement redundancy-group-id-list produces misleading error message. PR1402606

  • Unrelated aggregated Ethernet interfaces might go down if committing configuration changes. PR1409535

  • MX Series Virtual Chassis unified ISSU is not supported when redundant LT (RLT) is configured. PR1411729

  • Monitor ethernet loss-measurement command returns invalid ETH-LM request for unsupported outgoing logical interface. PR1420514

  • Invalid speed value on an interface might cause other interface configuration loss. PR1421857

  • Syslog message /kernel: %KERN-3: pointchange for flag 04000000 not supported on IFD aex upon LFM related configuration commit on aggregated Ethernet interfaces. PR1423586

  • The cfmd might crash on DPCE. PR1424912

  • The logical interfaces in EVPN routing instances might flap after committing configurations. PR1425339

  • The statement flexible-queuing-mode is not working on FPCs of VC member 1. PR1425414

  • CFM message flooding. PR1427868

  • The vrrpd process might crash after deleting VRRP sessions for several times. PR1429906

  • The NCP session might be brought down after IPCP configure-reject is sent. PR1431038

  • VRRP mastership might flap when the tracked route is deleted or the tracked interface goes down. PR1432361

  • jppd no termination acknowledgement for a LACP termination request RFC 1661. PR1433489

  • Mixed link-speed aggregated Ethernet bundle could not add new sub-interface successfully. PR1437929

  • Targeted-distribution for static demux interface over aggregated Ethernet interface does not take correct LACP link status into consideration when choosing the primary and backup links. PR1439257

  • The cfmd process might crash after a restart on Junos OS Release 17.1R1 and later. PR1443353

  • Enhancement of add or delete a single VLAN in vlan-id-list under interface family bridge. PR1443536

  • The OAM CCM messages are sent with a single tagged VLAN even when configuring with two VLANs. PR1445926

  • Initiate a Routing Engine switchover on VRRP backup router through a CLI command might cause VRRP state for an aggregated Ethernet bundle interfaces transitions to 'Master' state even configured with protocols vrrp delegate-processing ae-irb statement, then very shortly afterward to backup again. PR1447028

  • While master Routing Engine failure and System switches to backup Routing Engine, some VRRP sessions ppm transmissions state might be stuck in "Distributed: AWAITING". PR1450652

  • LACPD crashed simultaneously. PR1450978

Layer 2 Ethernet Services

  • LACP PDU might be looped towards peer MC-LAG nodes. PR1379022

  • jdhcpd becomes aware about some of the existing configuration only after commit full or jdhcpd restart. PR1419437

  • Change the nd6 next hops to reject next hop once layer 2 interfaces gets disassociated with IPv6 entries. PR1419809

  • DHCP subscribers on non-default routing instance went down after a unified ISSU. PR1420982

  • jdhcpd daemon might crash during the continuous stress test. PR1421569

  • The DHCP DECLINE packets are not forwarded to DHCP server when forward-only is set within dhcp-reply. PR1429456

  • The jdhcpd memory leak might happen on MX5, MX10, MX40, MX80, and MX104 when testing DHCP subscribers login or logout. PR1432162

  • The dhcp-relay statement might not work on MX10008 and MX10016 platforms. PR1447323

  • PPPoE holding DHCPv6 prefix causes DHCPv6 binding failure because of the duplicate prefix. PR1453464

Layer 2 Features

  • The rpd crashes after iw0 interface is configured under a VPLS instance. PR1406472

  • Broadcast traffics might be discarded in a VPLS local-switching scenario. PR1416228

  • VPLS neighbors might stay in down state after configuration changes in VLAN ID. PR1428862

  • After disabling and enabling the aggregate interface, the next-hop of CE facing aggregate interface might be in an incorrect state. PR1436714


  • Stale LSPs might exist if primary LSP goes down immediately after the bypass LSP. PR1242558

  • The rpd process might restart after a MPLS LSP flap if no-cspf and fast-reroute are configured in an LSR ingress router. PR1368177

  • DSCP bit marking of LSP self-ping is not compliant with rfc7746. PR1371486

  • LDP tunneling configuration triggers huge scheduler slips causing IGP flapping. PR1410827

  • The rpd might crash in BGP-LU with egress-protection while committing configuration changes. PR1412829

  • Traffic drop might be seen because of a long LSP switchover duration in RSVP-signaled LSP scenario. PR1416487

  • RSVP LSP might get stuck in down state in an OSPF multiarea topology. PR1417931

  • Traffic might be dropped because of the LDP label corruption after Routing Engine switchover. PR1420103

  • LDP might not update the LDP ingress route metric when inet.3 route flash happens before inet.0. PR1422645

  • The dynamic bypass RSVP LSP tears down when being used to protect LDP LSP. PR1425824

  • MPLS ping sweep stops working and gets CLI irresponsive. PR1426016

  • MPLS LSP auto-bandwidth statistics miscalculations might lead to high bandwidth reservation. PR1427414

  • The rpd process generates a core file at l2ckt_alloc_label , l2ckt_standby_assign_label , and l2ckt_intf_change_process after a GRES in an MX2010 router. PR1427539

  • Traffic loss might be observed after changing configuration under protocols mpls in ldp-tunneling scenario. PR1428081

  • The LDP might withdraw a label for an FEC once the IGP route is inactive in inet.0. PR1428843

  • When MBB for P2MP LSP fails, it is stuck in an old path. PR1429114

  • MPLS ingress LSP's for LDP link protection are not coming up after disabling or enabling MPLS. PR1432138

  • SRLG entry shows Unknown after removing it from configuration in show mpls lsp extensive output or show mpls srlg. PR1433287

  • The P2MP LSP branch traffic might be dropped for a while when the sender PE device is doing switchover. PR1435014

  • The rpd process might crash after executing ping mpls ldp. PR1436373

  • The LDP route and LDP output label are not showing in the inet.3 table and LDP database respectively if you enable ospf rib-group. PR1442135

  • layer 2 VC goes down on one router in VPLS domain through the MPLS path is still available in inet.3. PR1442495

  • Backup LSP signaling after if NP bypass is an inter-area LSP using loose-hop expansion. PR1442789

  • RSVP refresh-timer interoperability between Junos OS Release 15.1 and Junos OS Release 16.1 and later. PR1443811

  • Traffic drop is seen when two consecutive PLRs along the LSP perform a local repair simultaneously under a certain misconfigured conditions. PR1445994

  • The transit packets might be dropped if an LSP is added or changed on an MX Series router. PR1447170

  • The LDP route timer is reset when committing unrelated configuration changes. PR1451157

  • RPD core file is generated and high CPU on MX104. PR1460292

Network Address Translation (NAT)

  • The nsd process might crash when SNMP query deterministic NAT pool information. PR1436775

Network Management and Monitoring

  • SNMPD crashes generates a core file. PR1392616

  • The SNMP query might not get data in scaled layer 2 circuit environment. PR1413352

Platform and Infrastructure

  • The Platform failed to bind rewrite message might be seen when chassis control restart is done with the CoS rewrite rule configured on an aggregated Ethernet interface. PR1315437

  • MAP-E some ICMP types cannot be encapsulated or decapsulated on SI interface. PR1404239

  • class-of-service configuration changes might lead to traffic drop on cascade port in Junos Fusion setup. PR1408159

  • Traffic is getting dropped when there is a combination of DPC/MX-FPC card and MPC card on egress PE router in L3VPN. PR1409523

  • DDOS violation for lldp, mvrp, provider mvrp and dot1x is incorrectly reported as LACP DDOS violation. PR1409626

  • FPC crash might be observed with scaled subscribers login attempts. PR1409879

  • The VLAN tag is incorrectly inserted on the access interface if the packet is sent from an IRB interface. PR1411456

  • Error logs might be observed after performing a unified ISSU. PR1412463

  • The MPC might crash when one MIC is pulled out during this MIC is booting up. PR1414816

  • Distributed multicast forwarding to the subscriber interface might not work. PR1416415

  • Some applications might not be installed during upgrade from an earlier version that does not support FreeBSD 10 to FreeBSD 10 (based system). PR1417321

  • op url command cannot run a script with libs from /config/scripts. PR1420976

  • The ARP request might not be replied although proxy-arp is configured. PR1422148

  • The traffic from GVPN to MPLSoUDP tunnel is not sent for decryption to MS-MPC. PR1422242

  • show jnh trap-info with incorrect LU instance crashes and generates a core file on an FPC. PR1423508

  • The native VLAN ID of packets might fail when leaving out. PR1424174

  • The policer bandwidth might be incorrect for the aggregated Ethernt interface after activating the statement shared-bandwidth-policer. PR1427936

  • With CNH for 6PE, MPLS EXP rewrite rule for non-VPN IPv4 over MPLS traffic might not work. PR1430878

  • Pre-fragmented ICMP IPv4 packets might fail to arrive at the destination. PR1432506

  • Enable sensor /junos/system/linecard/qmon/ causing continuous ppe_error_interrupt errors. PR1434198

  • Traffic from the same physical interface cannot be forwarded. PR1434933

  • The device might not be accessible after the upgrade. PR1435173

  • BR for MAP-E does not return ICMP type=3/code=4 when over MTU sized packet comes with DF bit. PR1435362

  • MAP-E encapsulation or decapsulation with specific parameter might work incorrectly. PR1435697

  • The BGP session might flap after Routing Engine switchovers simultaneously on both the boxes of BGP peer in scaled BGP session setup. PR1437257

  • The next hop MAC address in the output from show route forwarding-table command might be incorrect. PR1437302

  • The multicast traffic is dropped while multicast ingress replication is configured with local-latency-fairness. PR1438180

  • The inner IPv4 packet might get fragmented using the same size as mtu-v6 setting which is used for the MAP-E software tunnel in MAP-E configuration. PR1440286

  • When host bound packet received in MAP-E BR router, service interface statistics counter shows incorrect number of bytes. PR1443204

  • Packets drop because of the misssing destination MAC in the Packet Forwarding Engine. PR1445191

  • Python op scripts executed as user "nobody" if started from NETCONF session, not as logged in user, resulting in failing PyEZ connection to the device. PR1445917

  • A dual Routing Engine Juniper Node Slicing GNF with no GRES configured and with system internet-options no-tcp-reset drop-all-tcp configured could enter dual backup Routing Engine state upon manual GNF Routing Engine mastership switchover attempt with request chassis routing-engine master [acquire|release|switch] CLI command from either GNF Routing Engine CLI. PR1456565

Routing Policy and Firewall Filters

  • Configuration commit operation after policy change causes an rpd crash. PR1357802

  • The route-filter-list with non-continuous match might not work as expected after being updated. PR1419731

  • Policy matching RD changes next hop of the routes which do not carry RD. PR1433615

Routing Protocols

  • The rpd crashes because of the assert in bgp_io_write_user_handler_int(). PR1351639

  • Qualified next hop of static route might not be withdrawn when BFD is down. PR1367424

  • Routing Engine based micro BFD packets do not go out with configured source IP when the interface is in the logical-system. PR1370463

  • The rpd might crash under a rare condition if GR helper mode is triggered. PR1382892

  • BGP sessions might keep flapping on a backup Routing Engine if proxy-macip-advertisement is configured on IRB interface for EVPN-VXLAN. PR1387720

  • In rare cases, the rpd might crash after Routing Engine switchover when BGP multipath and Layer 3 VPN vrf-table-label are configured. PR1389337

  • Processing a large scale as-path regex might flap the route protocols. PR1396344

  • BFD link-failure detection of the broken path will be delayed when IGP link-state update is received from the same peer through an alternative path. PR1410021

  • BGP stuck in idle (close in progress) after the rpd start on the peer. PR1412538

  • TI-LFA cannot find backup path when IS-IS overLoad bit is set on computing node. PR1412923

  • The unexpected AS prepending action for AS path might be seen after the no-attr-set statement is configured or deleted with vrf-import or vrf-export. configuration PR1413686

  • Dynamic routing protocol flapping with vmhost Routing Engine switchover on NG-RE. PR1415077

  • Route info might be inconsistent between RIB and OSPF database when using OSPF LFA feature. PR1416720

  • On Junos OS the OpenSSL security advisory. PR1419533

  • A memory leak in rpd might be seen if the source packet routing is enabled for IS-IS protocol. PR1419800

  • IPv6 IS-IS routes might be deleted and not be reinstalled when MTU is changed under the logical interface level for family inet6. PR1420776

  • The rpd might crash if no-propagate-ttl is configured in BGP multipath scenario. PR1425173

  • The multicast traffic might be dropped when proxy mode is used for igmp-snooping. PR1425621

  • The rpd might crash in PIM scenario with auto-rp enabled. PR1426711

  • The rpd might crash while removing multicast routes that do not have an associated (S,G) state or activating the accept-remote-source statement on PIM upstream interface. PR1426921

  • The rpd might crash while handling the withdrawal of an imported VRF route PR1427147

  • MVPN traffic might be lost for around 30 seconds during Routing Engine switchover. PR1427720

  • The rpd might crash and generates a core file because of the improper handling of graceful restart stale routes. PR1427987

  • The rpd might crash with ospf overload configuration. PR1429765

  • The next hop of IPv6 route remains empty when a new IS-IS link comes up. PR1430581

  • The BGP configuration statement multipath multiple-as does not work in specific scenario. PR1430899

  • IPv6 aggregate routes are hidden. PR1431227

  • On using the unsupported configuration (EPE with dynamic-next-hop GRE tunnels) the rpd crashes continuously and generates a core file. PR1431536

  • The output of the show isis adjacency extensive statement is in missing state transition details. PR1432398

  • PP-LFA not working on penultimate hop and causing micro-loop. PR1432615

  • PIM-SM join message might be delayed with MSDP enabled. PR1433625

  • With SR enabled 6PE next-hop is not installed. PR1435298

  • BGP session might flap because of the invalid update message generated in independent-domain scenario. PR1435491

  • The rpd might crash during the best path changes in BGP-L3VPN with multipath and no-vrf-propagate-ttl enabled. PR1436465

  • BGP route next hop can be incorrect in some scenarios with PIC edge configuration. PR1437108

  • You can no longer configure set system services ssh protocol-version v1 on Junos OS software. PR1440476

  • RIP routes are discarded by Juniper Networks device when the next hop field in the RIPv2 response packet contains a subnet broadcast address. PR1441452

  • The rpd process might crash in inter-AS option B Layer 3 VPN scenario if CNHs is used. PR1442291

  • The rpd might crash with SRTE configuration change. PR1442952

  • IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507

  • The rpd might crash in OSPF scenario because of the invalid memory access. PR1445078

  • The BGP route prefixes are not being advertised to the peer. PR1446383

  • The as-external route may not work in ospf overload scenario for VRF instance. PR1446437

  • The rpd crashes and commit fails when trying to commit configuration changes. PR1447595

  • Junos OS BFD sessions with authentication flaps after a certain time. PR1448649

  • Intra-router PPMD[RE] to PPMAN[FPC] connection might close if the session timeout is greater than 3 seconds in either direction. PR1448670

  • Routing process crashes when OSPF router-id is changed for NSSA area. PR1459080

Services Applications

  • spd_svc_set_summary_query unable to open connection to si-0/0/0 (No route to host). PR1397259

  • ERA Value does not match with configured values while verify new ERA settings are reflected in messages log. PR1410783

  • IPsec SA might not come up when the local gateway address is a VIP for a VRRP configured interface. PR1422171

  • In subscriber with L2TP scenario, subscribers are stuck in INIT state forever. PR1425919

  • Some problems might be seen if client negotiates LCP with no PPP options to LAC. PR1426164

  • The kmd process might crash when DPD timeout for some IKEv2 SAs happens. PR1434521

  • Traffic might be dropped in IPsec VPN scenario when the VPN peer is behind a NAT device. PR1435182

  • Output of show subscriber user-name on LTS shows only one session instead of two. PR1446572

Software Installation and Upgrade

  • JSU might be deactivated from FPC in case of power cycle. PR1429392

Subscriber Access Management

  • Authd telemetry - leaf attributes added for linked address pool. PR1413291

  • Linked pool head attribute is incorrect for single pools. PR1413293

  • PPPoE session might be disconnected when LI attributes are received in access-accept with invalid data. PR1418601

  • Address allocation issue is seen with linked pools when linked-pool-aggregation is used. PR1426244

  • RADIUS authentication server might always be marked with DEAD. PR1429528

  • Subscriber filtering for general authentication services traceoptions will report debug messages for other users. PR1431614

  • Acct-Session-Time is not zero, though no start event occurred. PR1433251

  • In older releases, the output of the test aaa ppp statement is formatted. PR1444438

  • Subscribers login fails when PCRF server is unreachable. PR1449064

User Interface and Configuration

  • The show chassis hardware satellite command is not available on the Junos OS Release 17.3. PR1388252


  • In a specific CE device environment in which asynchronous-notification is used, after the link between the PE and CE devices goes up, the Layer 2 circuit flaps repeatedly. PR1282875

  • The rpd process generates a core file at rtbit_reset, rte_tgtexport_rth. PR1379621

  • The rpd might crash in rosen MVPN scenario when the same provider tunnel source address is being used for both IPv4 and IPv6. PR1416243

  • The deletion of (S,G) entry might be skipped after the PIM join timeout. PR1417344

  • The rpd crash might be seen if layer 2 circuit or local-switching connections flap continuously. PR1418870

  • The rpd process might crash in rare conditions when an extranet next generation MVPN is configured. PR1419891

  • The rpd process might crash and generates a core file during mpls ping command on layer 2 circuit. PR1425828

  • MVPN using PIM dense mode does not prune the OIF when PIM prune is received. PR1425876

  • The resumed multicast traffic for certain groups might be stopped in an overlapping MVPN scenario. PR1441099

  • Memory leak might happen if PIM messages received over an MDT (mt- interface) in a draft-rosen MVPN scenario. PR1442054

Resolved Issues: 18.3R2

Application Layer Gateways (ALGs)

  • DNS requests with EDNS options might be dropped by DNS ALG. PR1379433

Authentication and Access Control

  • MAC move might occur in a DHCP security scenario. PR1369785

  • The dot1xd might crash when dot1xd receives incorrect reply length from the authd. PR1372421

  • Push-to-JIMS now supports pushing the authenticated entry to all online JIMS servers. PR1407371

Class of Service (CoS)

  • FPC card might reboot when changing CoS mode from hierarchical-scheduler to per-unit-scheduler. PR1387987

  • The cosd process might crash after commiting configuration changes through netconf. PR1403147


  • EVPN type-5 route might be lost if chained-composite-next-hop is configured. PR1362222

  • Packet drop is seen in EVPN stitching with IRB configured. PR1363935

  • The EVPN implementation does not follow RFC-7432. PR1367766

  • Small rpd memory leak is seen when configuring EVPN. PR1369705

  • EVPN A/A multihomed PE device occasionally prefers to route to a directly connected prefix using LSPs toward the multihomed peer instead of going directly out the IRB interface (which is up). PR1376784

  • In an EVPN A/A scenario with an MX Series router or an EX Series switch acting as the PE device, flood next hops to handle BUM traffic might not get created or miss certain branches when the configuration is performed in a particular sequence. PR1377749

  • The RA packets might be sent out without using the configured virtual gateway address. PR1384574

  • A few minutes traffic loss might be observed during recovery from link failure. PR1396597

  • The BUM traffic might not be flooded in an EVPN-MPLS scenario. PR1397325

  • The IPv6 link-local address for virtual-gateway address is marked as duplicate in EVPN. PR1397925

  • When committing a configuration while adding a VLAN to an EVPN instance and an aggregated Ethernet interface respectively the newly added VLAN interface count might be zero (0) in that bridge domain. PR1399371

  • EVPN type 2 MAC+IP route is stuck when the route advertisement has 2 MPLS labels and withdrawal has one label. PR1399726

  • The rpd core file is generated upon Routing Engine switchover with scaled EVPN configuration. PR1401669

  • The rpd crashes due to memory corruption in EVPN. PR1404351

  • EVPN database and bridge MAC table are out of sync post core link flap. PR1404857

  • The rpd might crash on a leaf node when handling the withdrawal of remote or local MAC address in an EVPN-VXLAN scenario. PR1405681

  • The rpd might crash after NSR switchover in an EVPN scenario PR1408749

  • The next hop is not cleaned up properly when one of the multi-homed CE-PE links goes down. PR1412051

Forwarding and Sampling

  • LTS subscriber statistics is reporting to RADIUS. PR1383354

  • Adjusting the mac-table-size configuration might cause l2ald crash. PR1383665

  • The LSI binding for the IPv6 neighbor is missing. PR1388454

  • The filter counter is not written to the accounting file when accounting is enabled on the bridge firewall filter. PR1392550

  • The l2ald process might crash when doing commit check for some specific configurations. PR1395368

  • In Junos OS Release 13.3R9.13, the firewall filter action decapsulates GRE, IP-over-IP, and IPv6-over-IP. However, in Junos OS Release 17.3R3.9, it only decapsulates GRE. PR1398888

General Routing

  • Routing Engine-Packet Forwarding Engine out-of-sync errors might be seen in syslog. PR1232178

  • An mspmand core file might be generated in rare conditions due to a high rate of TCP traffic. PR1253862

  • Error messages might be seen if the aggregated Ethernet interface host on the MPC-3D-16XGE line card flaps. PR1279607

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/mspsmd. PR1284654

  • The RE does not have MAC map for mac type 7 error message might be seen on MX10003 routers. PR1345637

  • Large-scale users log in and log out might cause a mgd memory leak. PR1352504

  • Traffic loss might be seen on the new master Routing Engine after the interface flaps followed by Routing Engine switchover in a VRRP scenario. PR1353583

  • On MX Series routers, network slicing GNF is allowed to install incompatible images without warnings. PR1353773

  • The packets might be dropped when they go through the MX104 built-in interface. PR1356657

  • MPC/FPC might be unable to reply to request messages to the Routing Engine in a highly scaled subscriber scenario. PR1358405

  • The show chassis ethernet-switch command output on MX-TVP platforms is different from that of the MX2010 router. PR1358853

  • FPC core file might be observed after GRES switchover. PR1361015

  • The MX Series router functioning as a BNG does not generate ESMC/SSM quality level failed SNMP trap. PR1361430

  • On the MX10003, the alarm LED reflects stale entry on the backup Routing Engine, post GRES switchover. PR1361728

  • The MS-MPC might reset continuously on MX Series routers. PR1362271

  • The inline J-Flow sampling configuration might cause FPC crash on MX Series routers. PR1362887

  • MX-Virtual Chassid: request to record VCCP heartbeat state change in syslog by default. PR1363565

  • FPM board status is missing in the SNMP MIB walk result. PR1364246

  • Netproxy service client component fails to start after issuing the request vmhost reboot command. PR1365664

  • The following syslog errors are seen on MX960 routers: LOG : Err] Failed to allocate 2 jnh-dwords for encap-ptr(ether-da)!,LOG: Err] gen_encap_common: jnh-alloc failed! 8 PR1366811

  • When you configure VRRP delegate-processing with Apache Tomcat enabled, the Packet Forwarding Enging drops the VRRP packets and counts software error. PR1369503

  • The MPC5E, MPC2E-NG, or MPC3E-NG might crash and restart during unified ISSU. PR1369635

  • SNMP MIB walk causes KMD errors. PR1369938

  • The rpd might crash after Routing Engine switchover is performed or the rpd is restarted if interface-based dynamic GRE tunnel is configured. PR1370174

  • SFP-1FE-FX optics is not coming up on GMIC. PR1370962

  • The bbe-smgd might crash when the FPC is restarted. PR1371926

  • Image installation on SD fails with the Unable to read reply from software add command to re1; error 1 error. PR1372877

  • A core file is generated in ifinfo at pif_af_fe_info pif_af_ifd when displaying af interface information. PR1373436

  • SFP-100BASE-BX10-U and SFP-100BASE-BX10-D are not supported on 20x1-Gigabit Ethernet and 2x10-Gigabit Ethernet MACsec MIC due to a microsemi PHY limitation. PR1373795

  • LDP convergence delay might be seen after IGP metric change with bgp-igp-both-ribs configured. PR1373855

  • Cosmetic log warning: [---] is protected, '---' cannot be deleted is seen after commit using configure private in a configuration with the protect flag present. PR1374244

  • The filter service might fail to get installed for the subscriber in a scaled BBE scenario. PR1374248

  • FPC might not be able to work properly if one child interface is removed from an aggregated Ethernet bundle in a dynamic VLAN subscriber scenario. PR1374478

  • A few L2BSA subscribers might be stuck in init, terminating, or terminated status after previous log out. PR1375070

  • SFB and PDM/PSU related information is missing in jnxBoxAnatomy MIB on high-end MX Series routers. (MX2010/2020). PR1375242

  • The bbe-smgd core file might be seen after doing GRES. PR1376045

  • MS-MPC might have performance degradation under scaled fragmented packets. PR1376060

  • Interface optic output power is not zero when the port has been disabled. PR1376574

  • The Power Supply failed trap might not be generated on MX Series routers. PR1376612

  • Disabling OAM might cause the broadband edge daemon to crash. PR1377090

  • Packets might be dropped on the data plane in an inline J-flow scenario. PR1377500

  • MQTT keepalive timeout messages are seen in case of slow JTI collectors. PR1378587

  • After NAT64 router (with MS-MPC) translates an IPv6 fragment to IPv4 fragment, the router is not inserting the right value in the identification field of the IPv4 header. PR1378818

  • Traffic might get discarded without notification when CoS configuration is changed on a PS interface. PR1379530

  • Protocol adjacency might flap and FPC might reboot if jlock hog occurs. PR1379657

  • Remove the chassisd alarms for FPCs exceeding 90 percent of power budget and exceeding 100 percent of power budget. PR1380056

  • The rpd might crash on the new master Routing Engine when performing GRES. PR1380298

  • Encryption and decryption are not happening because the Packet Forwarding Engine discards it while testing that group-VPN member established using the authentication method preshared key ascii-text. PR1381316

  • Traffic is discarded without notification when an FPC is taken down in an MC-LAG scenario. PR1381446

  • Memory leak is observed in MS-MPC line card. PR1381469

  • Constant memory leak might lead to FPC memory exhaustion. PR1381527

  • Subscribers might not be able to log in after double GRES, after reboot, or after configuration. PR1382050

  • On MX10003 routers running Junos OS Release 18.3R1, unified ISSU might fail if QSA is plugged in. PR1382126

  • The MPC6E might crash while fetching PMC device states. PR1382182

  • Flows are getting exported before the expiration of the configured active timeout value. PR1382531

  • Expected inline-ipv4-export-packet-failures is not listed in the show services accounting error command. PR1382873

  • MAC addresses might disappear if the interface MTU of EVPN PE device is changed. PR1382966

  • The chassisd might crash due to HW-DB errors on TVP-based platforms. PR1383246

  • Domain name is not reported as part of the LLDP system name in the show lldp neighbor command. PR1383295

  • The configuration configured through NETCONF session might fail. PR1383567

  • The kmd crashes with generation of core file after bringing up the IPsec connection. PR1384205

  • CoS attachment might be mistakenly removed for DHCPv4 stack when DHCPv6 stack fails to be brought up for single-session dual-stack subscriber. PR1384289

  • Missing interface-description configuration statement for static subscribers. PR1384421

  • MBFD flaps because clksync congests the scheduler for 100 ms. PR1384473

  • Multiple bbe-smgd core files are generated with reference to bbe_mcast_vbf_dist_policy_service_encoder( ). PR1384491

  • Subscriber connection setup is 30 percent lower than expected. PR1384722

  • The MPLS packets with number of labels more than 8 will not be processed by jflow. PR1385790

  • On vMX, the vFPC CPU utilization is very high.PR1385853

  • The device with more than 5 IP addresses configured in the DHCP server-group goes into amnesiac mode after reboot. PR1385902

  • IPsec VPN traffic might fail when passing through MS-MPC of MX Series routers with CGNAT enabled. PR1386011

  • Representation of memory units is changed from Gigabytes[GB] to Gibibytes[GiB] in the help string under resource template hierarchy. PR1386516

  • In a subscriber management environment, DHCP subscribers might get stuck in terminated state. PR1386662

  • IPv4 and IPv6 VIP routes are not withdrawn after aggregated Ethernet and VLAN with IRB flap. PR1386713

  • The rpd might crash due to a memory leak issue in route resolution code paths. PR1386755

  • Agent ID in the show sflow command is displaying lo interface IP address instead of fxp0 IP address. PR1386890

  • In case an LSP is locally configured without an explicit path ERO, the object remains empty in the PCRpt generated by PCC. PR1386935

  • Uninitialized EDMEM[0x400094] Read (0x6db6db6d6db6db6d) logs are seen with sampling applied to a subscriber with routing-service applied. PR1386948

  • On MX2000 routers, backup CB's chassis environment status displays Testing after the backup CB comes online by removal or insert operation. PR1387130

  • The pccd might crash when changing delegation-priority. PR1387419

  • The bbe-smgd process might crash when two subscribers log in with the same framed-route prefix and preference values. PR1387690

  • Output of the show class-of-service interface command incorrectly shows adjusting application as PPPoE IA tags for DHCP subscribers. PR1387712

  • Some SFBs might go down when one of the PSMs in the chassis generates a bad output voltage which is out-of-range. PR1387737

  • The bbe-smgd process generates repeated core files and stops running as a result of long-term session database shared memory corruption. PR1388867

  • IPsec IKE keys are not cleared when delete or clear notification is received. PR1388290

  • The bbe-smgd might not respond to the NS message for the SLAAC client on dynamic VLAN. PR1388595

  • Fabric drops might be seen when using a newer generation of MPC with SFB2. PR1388780

  • Incorrect value for flow packets or octets fields might be seen in an inline-jflow scenario. PR1389145

  • IGMP group threshold exceed log message prints a wrong demux logical interface. PR1389457

  • Excluding the speed CLI option under the interface level. PR1389918

  • The jnxFruState might show incorrect PIC state after replacing an MPC with another MPC having less PICs. PR1390016

  • CoS adjustment-control-profile configuration for application DHCP tags does not get applied. PR1390101

  • Traffic destined to VRRP VIP gets dropped as filter is not updated to related logical interfaces. PR1390367

  • Delay in CLI output with second or more show subscriber <> extensive queries occur when the first session is at the -(more)- prompt displaying the show subscribers extensive command output. PR1390762

  • Trailing characters appear in GNMI get API reply. PR1390967

  • All the BBE and ESSM subscriber sessions might be lost after GRES or unified ISSU. PR1391409

  • The routing-engine-power-off-button-disable configuration statement does not work on MX204 and MX10003. PR1391548

  • The bbe-smgd process might crash after committing configuration changes. PR1391562

  • The bbe-smgd process might crash in a corner case if family inet6 is used in dynamic profile. PR1391845

  • On MX2000, fans start spinning at high speed upon inserting previously offlined FPC. PR1393256

  • There is a third-generation FPC reboot loop because of internal interface issues. PR1393643

  • FPC might reboot on vMX in a subscriber scenario. PR1393660

  • Junos OS enhancement configuration statement added to modify mcontrol watchdog timeout. PR1393716

  • If FPGA on the new master CB has a specific hardware failure, the chassid might keep crashing after GRES switchover. PR1393884

  • MPC7, MPC8, or MPC9 might not boot on MX Virtual Chassis. PR1396268

  • The MS-MPC might generate a core file when mspmand receives a non-syn packet of TCP. PR1396785

  • Enabling the Flex-Flow-Sizing takes more than 12 minutes to move to steady state. PR1397767

  • The show system errors active command is not showing an error message for MPC3E NG HQoS. PR1398084

  • Kernel core files are generated on vMX. PR1398320

  • MPLSoUDP tunnels do not come up on interface route - dyn_tunnel_fwd_route_eligible because next-hop type is interface. PR1398362

  • High jsd or na-grpcd CPU usage might be seen even if JET or JTI is not used. PR1398398

  • IPsec tunnel cannot be established because the tunnel SA and rule are not installed in the PIC. PR1398849

  • The bbe-smgd process might crash when executing the show pppoe lockout command. PR1398873

  • Wrong timestamp is displayed in the jvision collector log file. PR1399829

  • ARP refresh functionality might fail in an EVPN scenario. PR1399873

  • The mgd-API might crash due to memory leak. PR1400597

  • Only one Packet Forwarding Engine could be disabled on FPC with multiple Packet Forwarding Engines in error/wedge condition. PR1400716

  • The authd might crash when issuing the show network-access requests pending command during the authd restart. PR1401249

  • The show | compare command output on global group changes lose the diff context after a rollback or load update is performed. PR1401505

  • The subscriber route installation fails due to some interfaces states are not properly installed. PR1401506

  • FPC core files are generated due to a corner case scenario (race condition between RPF and IP flow). PR1401808

  • The Framed-Route beyond the first might not be installed in a DHCP subscriber management environment. PR1401148

  • Traffic loss is seen for IGMP subscribers after GRES. PR1402342

  • The MPC might crash due to the CPU hogging by dfw thread. PR1402345

  • Some error logs might be seen on FPC when reading is attempted from uninitialized memory location. PR1402484

  • FPC might crash after you offline or online MIC-3D-16CHE1-T1-CE-H. PR1402563

  • DHCP subscriber cannot reconnect over dynamic VLAN demux interfaces due to RPF check failure. PR1402674

  • Host outbound traffic might be dropped on MPC7, MPC8, and MPC9. PR1402834

  • Smg-service could become unresponsive when doing some GRE-related CLI operations. PR1403480

  • The time synchronization through PTPoE might not work when Enhanced Subscriber Management is enabled on MX Series routers. PR1404002

  • Continuous kernel crashes might be observed on the backup Routing Engine or VC-BM. PR1404038

  • With MS-MPC and MS-MIC service cards, syslog messages for port block interim might show for the private IP address and PBA release messages might show the NAT'd IP address as the private IP address. PR1404089

  • The FPC might crash in a CoS scenario. PR1404325

  • The repd continues to generate core files on VC-BM when there are too many IPv6 addresses on one session. PR1404358

  • The targeted-broadcast statement does not work on IRB interfaces. PR1404442

  • Configuration load override or load replace resets ANCP neighbors. PR1405318

  • MPC might generate a core file after restarting FPC that belongs to targeting aggregated Ethernet and host subscribers. PR1405876

  • NAT64 translation issues of ICMPv6 Packet Too Big message with MS-MPC/MS-PIC. PR1405882

  • Fabric performance drop on MPC7, MPC8, and MPC9E and SFB2-based MX2000 routers. PR1406030

  • Traffic impact might be seen if auto-bandwidth is configured for RSVP LSPs. PR1406822

  • Layer 2 VPN will flap repeatedly after link up between PE device and CE device under "asynchronous-notification" and "some types of MICs" conditions. PR1407345

  • Ephemeral database might get stuck during commit. PR1407924

  • Traffic forwarding fails when crossing VCF members. PR1408058

  • ToS/DSCP byte is not copied into the outer IPsec header during IP header preservation. PR1408168

  • An alarm mismatch in total memory is detected after executing the reboot vmhost both command. PR1408480

  • The MPC line cards might crash when performing unified ISSU to Junos OS Release 19.1R1 or later. PR1408558

  • Python script might stop working due to Too many open files error. PR1408936

  • On MX Series routers, service templates are not cleaned up. PR1409398

  • Non-existent subscribers might appear in the show system resource-monitor subscribers-limit chassis extensive command output. PR1409767

  • FPC might crash during next-hop change when using MPLS inline-jflow. PR1409807

  • When using SFP+, the Interface optic output might be non-zero even though the interface has been disabled. PR1410465

  • Traffic loss might be seen on MPC8E and MPC9E after request one of the SFB2s to go offline/online. PR1410813

  • Kernel replication failure might be seen if an IPv6 route next-hop points to an ether-over-atm-llc ATM interface. PR1411376

  • An rpd crash with switchover-on-routing-crash does not trigger a Routing Engine switchover and the rpd on the master Routing Engine goes into stop state. PR1412322

  • During unified ISSU from Junos OS Release 16.1R4-S11.1 to Junos OS Release 18.2R2-S1.2, CoS GENCFG write failures are observed. PR1413297

  • Broken support of [family inet6 filter] on ATM interface. PR1413663

  • The user cannot enter into configure mode because the mgd is in lockf status. PR1415042

  • The bbe-smgd process might have memory leak while running the show system subscriber-management route route-type <> routing-instance <> command. PR1415922

  • The ECMP fast reroute protection feature might not work on MX5, MX10, MX40, MX80, and MX104. PR1417186

  • SNMP trap message is not generated for jnxHardDiskMissing/jnxHardDiskFailed on MX10003 routers. PR1418461

  • Due to a PPoE compliance issue, the MX Series router allows PPPoE session-id 65535. PR1418960

  • MX Series routers might encounter CPU spikes on the service PIC when bringing up an IPsec peer against a DEP/NAT-T setup due to KMD injecting in route. PR1419541

  • A new tunnel could not be established after changing the NAT mapping IP address until the IPEC SA Clear command is run. PR1419542


  • The jlaunchd: disk-monitoring is thrashing, not restarted error might be seen. PR1380032

Interfaces and Chassis

  • Momentary dip in traffic is seen when a GRES is performed. PR1336455

  • The SONET interface will go down after enabling keep-address-and-control in a Layer 2 VPN scenario. PR1354713

  • In case of MPLS, DMR packets are sent with different MPLS expiration bits if the MX Series router receives CFM DMM packets with varying expiration values on MPLS header. PR1365709

  • In rare cases, L2TP subscribers might be stuck in terminated state. PR1368650

  • Constant dcpfe process crash might be seen in an unsupported GRE interface configuration. PR1369757

  • Unified ISSU could be aborted at Timed out Waiting for protocol backup chassis master switch to complete with MX Virtual Chassis confiiguration. PR1371297

  • Some error logs (Tx unknown LCP packet) might be reported by bbe-smgd on MX Series routers. PR1378912

  • Higher level OAM CFM between CE devices might not work in a VPLS scenario. PR1380799

  • The dcd is restarted unexpectedly after committing a configuration with static demux interface stacking over ps interface. PR1382857

  • The jpppd process might crash if the EPD value contains a format specifier. PR1384137

  • The dcd core file can be seen after FPC restart if channelized interfaces are configured. PR1387962

  • All DPCs might crash while adding or deleting a logical interface from the aggregated Ethernet bundle. PR1389206

  • The interface-control process crashes and dcd does not restart after adding an invalid demux interface to the configuration. PR1389461

  • Interim accounting updates might not be sent for subscribers after Junos OS selective update. PR1391011

  • A dcd memory leak might be seen when committing a configuration change on the static route tag. PR1391323

  • Error message might be seen if GR interface is configured. PR1393676

  • The dcd crashes on deleting the subinterface from VPLS routing-instance when the same subinterface is also part of a mesh group. PR1395620

  • The MIC Error code: 0x1b0002 alarm might not be cleared for MIC on MPC6 when the voltage has returned to normal. PR1398301

  • The backup Routing Engine might get stuck in amnesiac mode after reboot. PR1398445

  • All dcd operations might be blocked if profile-db is corrupt. PR1399184

  • Certain otn-options cause interface flapping during commit. PR1402122

  • The subscriber might not be able to access the device due to the conflicted assigned address. PR1405055

  • The cfmd might fail to start after it is restarted. PR1406165

  • The aaa-options configuration statement for PPPoE subscribers does not work on the MX80 and MX104 routers. PR1410079

Layer 2 Features

  • The backup VPLS router might still have MAC addresses after the primary router is rebooted and recovered in a VPLS environment. PR1356726

  • The unicast traffic from IRB interface towards LSI might be dropped due to Packet Forwarding Engine mismatch at egress processing. PR1381580

  • Flow label is still used by ingress PE though the Egress PE is not configured for Flow label in a VPLS multihomed scenario. PR1393447

  • In a Layer 2 domain, there might be unexpected flooding of unicast traffic at every 32-40 seconds interval toward all local CE-facing interfaces. PR1406807

  • When more than one site is added under protocols vpls in the routing instances, commit error will be seen but the commit is processed. PR1420082

Layer 2 Ethernet Services

  • ZTP infrastructure scripts are not included for MX PPC routers. PR1349249

  • RADIUS accounting statistics are not cleared after subscriber logout. PR1383265

  • The subscriber's authentication might fail when the link-layer address encoded in the DHCPv6 DUID is different from the actual link-layer hardware address. PR1390422

  • The SNMP query on LACP interface might lead to lacpd crash. PR1391545

  • The dot1xd[]: task_connect: task ESP CLIENT:...: Connection refused log messages might be reported in Junos OS Release 17.4 or later. PR1407775

  • DMAC problem of the IRB interface is seen for traffic over the Layer 2 circuit. PR1410970


  • RSVP authentication might fail between some Junos OS releases and cause traffic loss during local repair. PR1370182

  • The rpd process might crash continuously if nsr-synchronization or all flag is used in the RSVP traceoptions. PR1376354

  • The rpd might crash on the backup Routing Engine after switchover. PR1382249

  • MPLS LSP will remains in down state due to routing loop detection after link flaps between PE router and egress PE. PR1384929

  • Ingress LSPs are down due to CSPF failure. PR1385204

  • Configured bandwidth 0 does not get applied on RSVP interface. PR1387277

  • The bypass LSP might pass through unexpected path that includes the same SRLG as the protected down TE link. PR1387497

  • The rpd process might crash repeatedly if the LSP destination address is set to be PR1397018

  • The rpd might crash when LDP route with indirect next hop is deleted. PR1398876

  • A single-hop bypass LSP might not be used for traffic when both transit chaining mode and sensor-based statistics are used. PR1401152

  • High rpd usage results in routing protocols failure when doing SNMP walk of mplsXCTable. PR1402185

  • Resources might be reserved for stale RSVP LSP when RSVP is disabled on the interface. PR1410972

  • LDP crashes with the reason ldp_label_bind_route assert condition. PR1413231

  • LDP route is not present in inet6.3 if IPv6 interface address is not configured. PR1414965

  • LDP route missing in inet.3 when enabling TI-LFA node protection on LDP-SR stitching node. PR1416516

Network Management and Monitoring

  • Syslog filtering (match regular-expression statement) doe not work if each line of /etc/syslog.conf is over 2048 bytes. PR1418705

Platform and Infrastructure

  • MQCHIP CPQ block might report a major alarm. PR1276132

  • Distributed multicast might not be forwarded to a subscriber interface. PR1277744

  • The show igmp statistics command output does not include any statistics under interface aggregate for distributed multicast interfaces. PR1289415

  • RLT subinterfaces not reporting statistics. PR1346403

  • Some line cards might crash in a subscriber scenario enabled with distributed IGMP. PR1355334

  • Traffic might drop on newly added interfaces on MX Series routers after unified ISSU. PR1371373

  • Kernel and ksyncd core file is generated after recovering from a BSYS reboot. PR1372875

  • The traffic traversing an IRB interface might not be tagged with a VLAN if the packets go through an additional routing instance. PR1377526

  • FPC crash might occur after the FPC restarts. PR1380527

  • IPv6 ping might fail for spine node in an EVPN scenario. PR1380590

  • Packet drops on an interface if the gigether-options loopback statement is configured. PR1380746

  • dfwd might crash with DFWD_TRASHED_RED_ZONE log messages. PR1380798

  • Traffic loss is seen in Layer 2 VPN with GRE tunnel. PR1381740

  • MAC learning might get stuck on MX Series routers with DPC and MPC. PR1383233

  • Packet drops might be seen if the packet header is over 252 bytes. PR1385585

  • jlock hog is reported at restart routing. PR1389809

  • Individual command authorization might cause a mgd crash. PR1389944

  • Traffic is dropped when passing through MS-DPC to MPC. PR1390541

  • The RADIUS authentication does not work through management-instance for IPv6 family. PR1391160

  • The lockout-period might not work for the user being locked out. PR1393839

  • In Junos OS Release 18.4R1, after ifconfig goes down for PS logical interface, its link and admin status do not go down as expected. PR1396335

  • RVT interface might start flapping. PR1399102

  • On an MX204 router, when any command under the show class-of-service fabric <> hierarchy is executed, COS_HALP(cos_halp_get_fabric_stats_per_pfe:3211): pfe_id 0 cchip 0 error messages are seen. PR1402377

  • MAP-E for some ICMP types cannot be encapsulated or decapsulated on the SI interface. PR1404239

  • Some files are missing during log archiving. PR1405903

  • Abnormal queue-depth counters are seen in the show interface queue command output on interfaces that are associated to XM2 and 3. PR1406848

  • IPv6 traffic might be dropped between a VXLAN bridge domain and IP/MPLS network. PR1407200

Routing Policy and Firewall Filters

  • The set metric multiplier offset command might overflow or underflow. PR1349462

  • The rpd process might crash if then next-hop is configured for LDP export policy. PR1388156

  • The as-path-expand last-as configuration statement causes commit failure. PR1388159

  • The rpd process might crash when routing-options flow configuration is removed. PR1409672

Routing Protocols

  • BGP might not advertise routes on the existing BGP peer after adding a Layer 3 VPN instance. PR1237006

  • The VRF static route might not be exported when route-distinguisher-id is used on RR in a BGP Layer 3 VPN scenario. PR1341720

  • vFPC might continuously crash on vMX platform. PR1364624

  • sBFD session flaps incrementally with 300 static SR clients configured with 100 ms as minimum-interval. PR1366124

  • Ukernel memory leak and core crash is seen in a BGP environment. PR1366823

  • The rpd process might crash after executing the commit configuration related to mapping-server-entry. PR1379558

  • SSH is not working if [edit system services ssh hostkey-algorithms] is set or in FIPS mode. PR1382485

  • The rpd might crash after issuing the show route detail operational command for RIP route. PR1386873

  • Penultimate-hop router does not install BGP LU label, which causes traffic to be discarded without notification. PR1387746

  • IGMPv3/MLD membership requests might not work normally. PR1389119

  • Unexpected packet loss might be seen for some multicast groups during failure recovery with both MoFRR and PIM automatic MBB join load-balancing features enabled. PR1389120

  • FPC might crash when BGP multipath is configured with protection. PR1389379

  • BGP IPv6 routes with IPv4 next hop causes rpd crash. PR1389557

  • Race condition causes all the BGP sessions to flap after an NSR switchover. PR1391084

  • The ppmd on the Routing Engine might run with high CPU utilization after a Routing Engine switchover. PR1392704

  • The rpd generates core file on the backup Routing Engine during neighborship flap when using authentication key with size larger than 20 characters. PR1394082

  • The rpd process might crash when rp-register-policy is configured with more than 511 terms. PR1394259

  • The best and the second-best routes might have the same weight value if BGP PIC is enabled. PR1395098

  • BGP DMZ LINK BANDWIDTH - not able to aggregate bandwidth, when applying the policy. PR1398000

  • The rpd core file might be generated when Layer 2 VPN is used. PR1398685

  • The rpd might crash in a BGP setup with NSR enabled. PR1398700

  • UHP behavior is not supported for LDP to SR stitching scenario. PR1401214

  • BGP router on the same broadcast subnet as its neighbors might cause IPv6 routing issue on the neighbor from other vendors. PR1402255

  • Memory leaks when labeled IS-IS transit routes are created as chain composite next-hop. PR1404134

  • Extended traffic loss might be seen after link recovery when source-packet-routing is used on OSPF P2P links. PR1406440

  • Race conditions during BGP peer establishment causes an rpd crash. PR1410553

Services Applications

  • IPsec-VPN IKE security associations might get stuck in Not Matured state. PR1369340

  • Twice NAT is not supported on FTP ALG and causes an MS-PIC crash. PR1383964

  • L2TP subscribers might be stuck in init state in a corner case. PR1391847

  • The spd might crash when any-ip is configured in the from clause of the NAT rule with the static translation type. PR1391928

  • IP ToS bits are not copied to the outer IPsec header. PR1398242

  • Invalid Layer 4 checksum might be observed on IPv4 packets generated by NAT64 with MS-DPC after translating fragmented IPv6 UDP/TCP packets. PR1398542

  • The ICMPv6 packet with embedded IPv6 fragment might not be translated correctly to IPv4 ICMP packet in a NAT64 with MS-DPC deployment. PR1402450

  • Inconsistent content might be observed in the access line information between ICRQ and PPPoE messages. PR1404259

  • The stale si logical interface might be seen when L2TP subscribers with duplicated prefixes or framed-route log in. PR1406179

  • The kmd process might crash on MX and ACX platforms when IKEv2 is used. PR1408974

  • The jpppd core file is seen on LNS. PR1414092

  • L2TP LAC might not tunnel static PPP subscriber when you add or change interface events for related PPP logical interface that comes in a short time interval. PR1416016

Subscriber Access Management

  • Address pool does not correctly cycle to the beginning of the pool when the linked-pool-aggregation parameter is defined. PR1374295

  • The subscribers might be stuck in terminating state if RADIUS redirect is used. PR1376265

  • RADIUS VSAs, Actual-Data-Rate-Downstream, and Actual-Data-Rate-Upstream values are not complaint with RFC 4679. PR1379129

  • CoA updates subscriber with original dynamic-profile if RADIUS has returned different dynamic-profile name. PR1381230

  • Some subscribers fail to get SRL service as provided in RADIUS accept message even though the RADIUS messages can be sent and received. PR1381383

  • The value of predefined-variable-defaults routing-instances overrides the RADIUS-supplied VSA (26-1 Virtual-Router). PR1382074

  • The RAA message might consist of additional AVP Destination-Host even though it is not configured for Gx-Plus session. PR1384011

  • The authd: gx-plus: logout: wrong state for request session-id <xyz> log message is seen when a subscriber is manually Llogged out using the clear network-access aaa subscriber username <xyz> command. PR1384599

  • Multiple IPv6 IANA addresses are assigned for one session in IPv6 PD binding failure scenarios. PR1384889

  • Usage-Monitoring-Information AVP as part of PCRF Gx-plus provisioning is causing service accounting activation. PR1391411

  • The DHCPv6-PD client connection might be terminated after commit when the RADIUS-assigned address is not defined within the range of a local pool. PR1401839

  • An authd crash might be seen due to a memory corruption issue. PR1402012

  • JSRC uses RADIUS Service accounting protocol instead of JSRC for SRC installed service. PR1403835

  • The log message authd[18454]: %DAEMON-3-LI: liPollTimerExpired returned 0 can be seen after any LI activity. PR1407923

User Interface and Configuration

  • The max-db-size configuration do not work on some MX Series routers. PR1363048

  • The show configuration and rollback compare commands are causing high CPU utilization. PR1407848


  • The receivers belonging to a routing instance might not receive multicast traffic in an Extranet next-generation MVPN scenario. PR1372613

  • The accept-remote-source statement configured on the core interface might cause traffic outage. PR1375716

  • High rpd CPU utilization on the backup Routing Engine might be observed in a MVPN with NSR scenario. PR1392792

  • The rpd process crashes when the LSP template for a provider tunnel is changed. PR1395353

  • Downstream interface is not removed from multicast route after getting PIM prune. PR1398458

Resolved Issues: 18.3R1

Application Layer Gateways (ALGs)

  • IKEv2 negotiation might fail with the IKE ESP ALG enabled in an IKEv2 redirection scenario. PR1329611

Authentication and Access Control

  • The client moves back to connecting state when VSTP is enabled along with dynamic VLAN assigned once the port gets authenticated by dot1x. PR1304397

  • DHCP security is not working on MX Series platform. PR1354855

  • On all Junos OS products, dynamic filter is retained if the filter attribute is not present in change of authorization (CoA). PR1364156

Class of Service (CoS)

  • Remove CoS IDL from the jet IDL package and update the documentation for the same. PR1347175

  • The Routing Engine might get into amnesiac mode after restarting when excess-bandwidth-share is configured. PR1348698

  • CoS traffic control profiles might fail to apply on an aggregated Ethernet interface in a corner scenario. PR1355498

  • 802.1P bit rewrite in inner-vlan header is not processed after a rewrite rule add or delete for a logical interface under the Packet Forwarding Engine. PR1375189


  • In an EVPN-VXLAN, the MAC entry is incorrectly programmed in the Packet Forwarding Engine, leading to some traffic being dropped or silently discarded. PR1231402

  • MPLS label leak leads to label exhaustion and the rpd process crashes. PR1333944

  • In an EVPN-VXLAN environment, BFD flap causes VTEP flap and then the Packet Forwarding Engine process crashes. PR1339084

  • Traffic loss might be observed in an EVPN-VPWS scenario if the remote PE device interface comes down. PR1339217

  • In EVPN-VXLAN scenarios, the traffic might get silently dropped and discarded to interfaces that are down, but LACP is up. PR1343515

  • Traffic might be lost on Layer2 and Layer3 spine node in a multihomed EVPN scenario. PR1355165

  • EVPN IRB configured with no-gratuitous-arp-request is still sending gratuitous ARP. PR1356360

  • The rpd might crash if the EVPN instance refers to a vrf-export policy that does not have “then community”. PR1360437

  • Proxy ARP might not work as expected in an EVPN environment. PR1368911

Forwarding and Sampling

  • The LSP might take up to 30 seconds to come up when creating a policing filter and applying the filter to the LSP are both configured in a single commit. PR1160669

  • DHCP service crashes after a switch or router is set to factory default by being cleared. PR1329682

  • Junos OS allows firewall filters with the same name at the [edit firewall] and [edit firewall family inet] hierarchy levels. PR1344506

  • The remote MAC might not be added in the forwarding table, which might cause traffic to be dropped in an EVPN scenario with RSVP and CBF configured. PR1353555

  • The backup Routing Engine might write dummy interface accounting records after GRES. PR1361403

General Routing

  • In timing hybrid mode, MX Series MPC2 cards are not working with ACX Series routers with VLAN (native-vlan-id). PR1076666

  • The chassis alarm message Bottom Fan Tray Pred Fail needs to be rewritten so that the meaning is less obscure. PR1202724

  • Tacacs access does not work after upgrade. PR1220671

  • An incorrect TBB Packet Forwarding Engine component temperature might be reported on the MX80. PR1259379

  • On MX Series, the show chassis led command should not be displayed in possible completions of the show chassis command. PR1268848

  • Flexible PIC concentrator (FPC) crash/reboot is observed when bringing up about 12,000 Layer 2 bit stream access (L2BSA) subscribers simultaneously. PR1273353

  • Error messages are observed on the vty session while running a script for IGMP snooping over EVPN-VXLAN. PR1276947

  • Migration from syslog API to errmsg API /src/junos/usr.sbin/mobiled is observed. PR1284625

  • Migration from syslog API to errmsg API /src/junos/usr.sbin/mspmand is observed.PR1284643

  • In an EVPN-VXLAN interface scenario, inter-vrf traffic black hole occurs after repeated restart of routing on redundant gateways. PR1289091

  • PPPoE cannot dial in due to PADI being dropped as unknown iif when the aggregated Ethernet interface configuration is deactivated or activated. PR1291515

  • SSH to the Ubuntu-based JDM is not stable. PR1291836

  • The rpd might crash by executing the command show route extensive during deletion of the IS-IS configuration. PR1301849

  • Incorrect packet statistics is reported in ifHCInUcastPkts OID. PR1306656

  • The error messaged pfeman_inline_ka_steering_gencfg_handler might be seen during FPC restart with BFD configured. PR1308884

  • Subscribers might not be able to access the device if dynamic VLAN is used. PR1309770

  • On the MX10000 need to suppress the chassis alarm for switched-off PEMS. PR1311574

  • The L2TP LAC might drop packets that have incorrect payload length while sending packets to the LNS. PR1315009

  • CoS is not applied to the Packet Forwarding Engine when a VCP link is added. PR1321184

  • The rpd might crash when two next hops are installed with the same next-hop index. PR1322535

  • The CLI command request vmhost halt routing-engine other does not halt the backup Routing Engine. PR1323546

  • Migration from syslog API to errmsg API /src/junos/usr.sbin/aaad is observed. PR1327266

  • With auto-installation USB configured, interface-related commits might not take effect due to dcd error. PR1327384

  • When an AMS bundle has a single mams-interface added to it, the subinterfaces do not recover after the subinterface has been disabled. PR1329498

  • The host outbound traffic cannot be rewritten for IEEE-801.1p bit in a dynamic subscriber over PS interface scenario. PR1329555

  • The Too many supplies missing in Lower/Upper zone alarm flaps (set/clear) every 20 seconds if a zone does not have the minimum number of required PSMs. PR1330720

  • Juniper Development Innovation Diagnostics (JDID) thrashes continuously and continuous log messages are observed in syslog. PR1333632

  • Two subscribers cannot reach the online state at the same time if they have an identical frame-route attribute value. PR1334311

  • Tc_count counters in a filter with the scale-optimized statement, are not incrementing. PR1334580

  • MPC5E line cards went for "restart" after a unified ISSU to Junos OS Release 18.2DCB in MX2010 box. PR1334612

  • The master LED glows on the master and backup Routing Control Board during an image upgrade on the master with GRES/NSR enabled. PR1335514

  • The RIP route updates might be partially dropped when NSR is enabled. PR1335646

  • On MPC7E, ukern crashes and FPC reboots with vty command show agent sensors verbose. PR1366249

  • MS-MPC/MS-PIC might crash in NAT scenario. PR1366259

  • With certificate hierarchy, where intermediate CA profiles are not present on the device, in some corner cases, the pkid can become busy and stop responding. PR1336733

  • The hash value generated for 256-bit key length of AES-GCM-256 algorithm is incorrect PR1336834

  • AI-script can be manually upgraded after a Junos OS upgrade. PR1337028

  • Links are flapping or staying down due to an interoperability issue between the MX Series router (or EX9200 switch) and the transport device. PR1337327

  • MPC throughput degradation might be seen after SBF2 goes online or offline. PR1338216

  • CLI shows CB states online after you press the RCB offline button for more than 4 seconds. PR1340431

  • A few subscribers show the wrong accounting values in a large-scale subscribers scenario. PR1340512

  • VRRP gets stuck on the master during upgrade or cold boot. PR1341044

  • IPv4 or IPV6 traffic is routed out through the wrong interface after rpd restarts the leaf device in the IP-CLOS profile. PR1341381

  • Reboot of the Routing Engine might occur if the PPPoE interface is configured over an aggregated Ethernet or RETH interface. PR1341968

  • SNMP walk might fail for LLDP-related OIDs. PR1342741

  • The vFPC might become absent, resulting in the total loss of traffic. PR1343170

  • In an MPLS or RSVP environment, LSP might get stuck in DN state with Record route: <self> ...incomplete. PR1343289

  • On upgrading from Junos OS Release 18.1 to Junos OS Release 18.2 DCB image, errors are observed in a unified ISSU because of the ffp process. PR1343542

  • MPC8/9E card crashes and generates a core file during logout of DHCPv6 subscribers over on static VLAN. PR1343965

  • The RLT interface might not be able to route and forward traffic in Junos OS Release 17.3. PR1344503

  • The framed-route "" cannot be installed on MX Series platforms with Junos OS enhanced subscriber management releases. PR1344988

  • The ARP reply packet automatically generates the virtual gateway MAC address in the Ethernet header. PR1344990

  • In a Junos Fusion Enterprise, there is an issue with 802.1X reauthentication. PR1345365

  • An rpd crash might be seen if the no-propagate-ttl statement is set in a routing instance that has a specific route. PR1345477

  • The Routing Engine model is changed from JNP10003-RE1 to RE-S-1600x8. PR1346054

  • Additional show commands are called when the request support information command is issued. PR1346129

  • New PPPoE users might fail to log in. PR1346226

  • AC system error counter in show pppoe statistics is not working. PR1346231

  • VCCP-ADJDOWN detection is delayed on the Virtual Chassis backup router when one VCP link is deleted on the Virtual Chassis master router. PR1346328

  • The twice-napt-44 sessions are not synchronizing to the backup SDG with stateful synchronize configured. PR1347086

  • IPv6 MAC address resolution might fail if the DHCPv6 client uses a non-EUI64 link-local address. PR1347173

  • The Juniper Network devices running Junos OS might encounter a chassis alarm indicating FPC 0 Major Errors - PE Error code: 0x2100ba. PR1347805

  • The rpd might crash when the dynamic tunnels next hop resolving migrates to a more specific IGP route. PR1348027

  • The FPC might crash because of the MIC error interrupt hogging. PR1348107

  • Packet loop is detected in the EIBGP multipath environment with an install-nexthop policy enabled. PR1348175

  • Unable to set fti as output for port-mirroring instance. PR1348317

  • Chassisd memory leak issue is observed on MX10003 and MX204 platforms, and it might eventually cause chassisd crash and Routing Engine switchover. PR1348753

  • In certain scenarios on MX Series Virtual Chassis with L2TP LNS, the DHCPv6 solicit packet might be dropped. PR1348846

  • Routing Engine mastership keepalive timer is not updated after the GRES configuration is removed. PR1349049

  • The dcd process might crash after any other smid-related daemon crashes. PR1349154

  • The major alarm Major PEM 0 Input Failure might be observed for DC PEM. PR1349179

  • The mspmand process might crash when executing the show services nat deterministic-nat nat-port-block command. PR1349228

  • Mgd crashes and generates a core file because of an issue in nsindb infrastructure. PR1349288

  • When VOIP VLAN is set as NATIVE VLAN on the port, the interface still shows up as a tagged interface and drops all untagged traffic. PR1349712

  • PS over rLT does not work on MPC7, MPC9; PS over LT for the same scenario works. PR1350115

  • The pccd might crash after a delegated LSP is removed in a PCEP scenario. PR1350240

  • Stale access-internal routes corresponding to BOUND interfaces (clients) might remain in rpd when AIU temporarily fails before succeeding eventually. PR1350401

  • The MTU value for the subscriber's interface might be programmed incorrectly if the statement routing-services or protocol pim is configured in a dynamic profile. PR1350535

  • The VCP port might not come back up after it is removed and added again. PR1350845

  • The subinfo process might crash when the executing show subscribers address <> extensive command for a DHCPv6 address. PR1350883

  • PPE asynchronize extension error occurs when FPC is restarted or removed. PR1350909

  • The pfed process might consume high CPU resources if subscriber or interface statistics are used at a large scale. PR1351203

  • Dynamic physical interface creation fails when the SFP optic is plugged in the MX150. PR1351387

  • High CPU usage of the bbe-smgd process might be seen when L2BSA subscribers get stuck. PR1351696

  • After GRES, the BGP neighbors at the master Routing Engine might reset, and the BGP neighbors at the backup Routing Engine take a long time to establish. PR1351705

  • Multicast route might flap when ephemeral database is enabled. PR1352499

  • Junos node slicing MSE after reinstall causes one JDM server to complains. The pull configuration fails and the system falls back to the push configuration method. PR1352503

  • The bbe-smgd daemon might restart in a subscriber environment. PR1352546

  • The DHCP relay-reply packets are dropped in the DHCPv6 relay scenario. PR1352613

  • CM error CLI is not working on the Junos Node Slicing. PR1352705

  • Taking the MIC6-100G-CFP2 MIC offline by using the CLI command might trigger an FPC card crash. PR1352921

  • Migration from syslog API to errmsg API /bbe-svcs/smd/plugins/cos/ is observed. PR1353179

  • The rpd is permanently hogging CPU resources due to a logical system configuration commit. PR1353548

  • The 3D 40x 1GE(LAN) RJ45 MIC is not recognized on the MX104. PR1353632

  • Traffic interruption is observed after multiple Routing Engine switchovers. PR1354002

  • Observing chasissd crash after chassisd restart in MX10003. PR1354269

  • The syslog error dfw_bbe_filter_bind:1125 BBE Filter bind type 0x84 index 167806251 returned 1 is observed. PR1354435

  • The rpd process crashes and generates a core file when adding an inter-region template in routing instances. PR1354629

  • Aggregated Ethernet operational state goes up even though some of the member interfaces configured under the aggregated Ethernet interface are down. PR1354686

  • The ifinfo process could crash on MX Series routers with BNG running L2BSA service. PR1354712

  • The static-subscribers do not properly update firewall information on the Packet Forwarding Engine when dynamic configuration changes are made to active subscribers. PR1354774

  • There is memory leak on agentd when Junos Telemetry Interface is configured. PR1354922

  • Some of the inline service interfaces cannot send out packets with the default bandwidth value (100 Gbps). PR1355168

  • Alarm LED is not working in MX204 to indicate the minor or major faults. PR1355225

  • Packets destined to the Routing Engine might be dropped in the kernel when LACP is configured. PR1355299

  • Syslog message is observed during a unified ISSU. PR1355345

  • Fabric chip failure alarms are observed in a GRES scenario. PR1355463

  • Syslog messages ui_client_connect_to_kmd_instance: KMD-SHOW connect to kmd-instance failed kmd-instance Routing Engine, fpc slot 0, pic slot 0 are seen. PR1355547

  • The chassis alarm is not reflecting the correct state when INP0 and INP1 have out-of-range AC voltage. PR1355803

  • The flex-flow-sizing is not working on the MX204. PR1356072

  • The MPLS IPv4 templates do not have correct src AS and dst AS as 4294967295, and src Mask and DstMask as 0 after adding mpls-flow table size occurs on the fly. PR1356118

  • The rpd process crashes when issuing the command show dynamic-tunnels database terse for RSVP automatic mesh tunnels. PR1356254

  • L2c messages from PEM and PSM are reported if SNMP is enabled. PR1356259

  • Executing the command show pppoe underlying-interfaces might cause the bbe-smgd to crash in a scaling subscriber environment. PR1356428

  • Link stays up unexpectedly on MX204 with copper cable removed. PR1356507

  • DHCP subscribers fail after reconfiguration of port from tagged to untagged mode. PR1356980

  • Starting with Junos OS Release 18.2R1, PTPoE packet exchanges do not happen with the MIC-3D-SR-4GE-2XGE when PTP master and slave interfaces have "ethernet-bridge" encapsulation and are part of a bridge domain. PR1357017

  • The bbe-smgd process might get stuck in subscriber scenario with node slicing. PR1357252

  • Upgrading from Junos OS Release 15.1F2-S20 to Junos OS Release 15.1X12 using "validate" results in a Fabric Mixed Mode error. PR1357423

  • Routing Engine switchover that occurs before the backup Routing Engine is GRES ready might cause line card restart, Routing Engine kernel crash and multiple chassisd crashes. PR1357427

  • The rpd memory leak occurs with RT_NEXTHOPS_TEMPLATE. PR1357897

  • Traffic might be sent to an incorrect RLT member interface after RLT switchover. PR1358320

  • Incorrect traffic load balance might be seen even if locality-bias is configured on the MX Series Virtual Chassis. PR1358635

  • The show chassis fpc command output might show "Bad Voltage" for an FPC powered off by the configuration or the CLI command after the command show chassis environment fpc is executed. PR1358874

  • The bbe-smgd process might crash and generate a core file at #6 0x00000000006937ad in bbe_set_index (type=<optimized-out>, bbe_index= <optimized out>) at ../../../../../../src/junos/usr.sbin/bbe-svcs/smd/infra/bbe_index.c:459. PR1359290

  • FRU-model-number is not displayed for few FRUs in /component sensor for the MX10008 and MX10003 platforms. PR1359300

  • The IPv6 subscriber might fail to access the network. PR1359520

  • The PSTP subscriber might not be able to log in on the BNG device. PR1359574

  • During a scheduled boot, both Routing Engines might fail with a special time format. PR1359602

  • PluginExit() function is never called. PR1359610

  • Bbe-smgd might fail to add members to some of the aggregated Ethernet interfaces at random when there are many aggregated Ethernet in the access configuration. PR1359986

  • The rpd crashes and generates a core file at ../../../../../../../../src/junos/usr.sbin/rpd/lib/rt/rt_attrib.c, line 3329: "rt_template_get_rtn_ngw(nhp) <= 1" ' on doing Routing Engine switchover with SRTE routes. PR1360354

  • FPC core file is observed after GRES switchover in RE1 at sensor_export_get_format. PR1361015

  • The rpd scheduler slip might be seen when frequently deleting, modifying, or adding groups that are applied on the top level. PR1361304

  • The rpd process get struck at 100 percent after clear bgp neighbor operation. PR1361550

  • Migration from syslog API to errmsg API usp/usr.sbin/nsd/common/nsd_tpm.c is observed. PR1361986

  • Spontaneous bbe-smgd process might generate a core file on the backup Routing Engine. PR1362188

  • Executing show route prefix proto ip detail during route churm in a route scale scenario might lead to FPC crash. PR1362578

  • Unexpected DCD_PARSE_ERROR_SCHEDULER messages are logged when MS-MPC and MS-MIC are brought offline or online. PR1362734

  • A quick memory leak might be seen in the bbe-smgd daemon if the dynamic profile variable name and the default associated value are configured to be the same. PR1362810

  • The non-default routing-instance is not supported correctly for NTP packet in a subscriber scenario. PR1363034

  • Traffic destined to the MAC/IP address of VRRP VIP gets dropped on the platforms that have common TFEB terminals such as MX5, MX10, MX40, MX80, and MX104. PR1363492

  • The pmbus_read_volt: sfb-07 - MAX20751-PF1-0.9v: pmbus read failed for cmd 0x8b. PR1363587

  • The xmlproxyd for internal interfaces is reporting uint32 instead of uint64. PR1363766

  • The l2circuit on MPC7E, MPC8E, MPC9E with asynchronous-notification and ccc configured might keep flapping when the circuit is going up. PR1363773

  • A traffic loop might occur even though that port is blocked by RSTP in a ring topology. PR1364406

  • The traffic is still forwarded through the member link of an aggregated Ethernet bundle interface even with the link-layer-down flag set. PR1365263

  • Traffic is dropped when a three-link training failure is seen in a line card. PR1365668

  • An upgrade to Junos OS Release 18.1R1.9 fails. Installing package nfx-2-routing-data-plane-1.0-0.x86_64 needs 76 MB on the / filesystem. PR1366324

  • Migration from syslog API to errmsg API junos/lib/liboiu-ffp/ is observed. PR1366546

  • The next hop of the MPLS path might get stuck in hold state, which might cause traffic loss. PR1366562

  • SNMP MIB walk for UDP flood gives different output statistics than the CLI. PR1366768

  • Taking the fabric links of PFE 4 and PFE 5 offline is not supported. PR1367412

  • The bbe-smgd crashes if an L2BSA subscriber receives a routing instance name where VPLS is not configured. PR1367472

  • The show system resource-monitor fpc command might show a nonexisting Packet Forwarding Engine. PR1367534

  • RTG interface status will be shown as incorrect status with show interfaces. PR1368006

  • The authd process might not be started after executing Routing Engine switchover on the backup Routing Engine without GRES enabled. PR1368067

  • Multiple provisioning and deprovisioning cycles cause rdmd memory leak. PR1368275

  • For a route resolved to a next hop with multiple gateways, and some of the gateways were rejected during the route resolution, then the final next-hop result might contain incorrect gateway formation. RPD API rt_nexthops_extract_gateway_convert_unnumbered_gf_dli() rectification. PR1368855

  • The commit or commit check command might fail because of the error cannot have lsp-cleanup-timer without lsp-provisioning. PR1368992

  • The subscriber filter is not removed from the Packet Forwarding Engine when routing-services are enabled in the dynamic profile on an L2TP LNS. PR1369968

  • Kernel crash might be seen after committing a demux-related configuration. PR1370015

  • The rpd might crash after Routing Engine switchover is performed or the rpd is restarted if interface-based Dynamic GRE Tunnel is configured. PR1370174

  • Packets that exceed 8,000 bytes might be dropped by MS-MPC in an ALG scenario. PR1370582

  • SFP-1FE-FX optics is not coming up on GMIC. PR1370962

  • All the MX150 devices running VRRP on a LAN are stuck in master state. PR1371838

  • FPC high CPU utilization or crash occurs during a hot-banking condition. PR1372193

  • The smgd process crashes and generates a core file after essmd restarts with reference to mmf_ensure_mapped (mmf=0xe8f0200, offset=4294967295, len=108) at ../src/junos/lib/libmmf/mmf.c:1972. PR1372223

  • On a high scale l3vpn, traffic is dropped when egressing on an AF interface. PR1372310

  • The Routing Engine might crash after a non-GRES switchover. PR1373079

  • BOOTP packets might get dropped if BOOTP-support is not enabled at the global level. PR1373807

  • A vMX QoS performance issue occur in Junos OS Release 18.3. PR1373999

  • The bbe-smgd crashes and generates a core file continuously while deleting a multicast group node from the tree. PR1374530

  • PCE-initiated LSPs remain "Control status became local" after removing PCE configuration. PR1374596

  • The rpd generates core files at io_session_trace ioth_read_request_process jtask_jthr_thread_main_loop. PR1374759

  • The ICMPv6 packets larger than 1024 might be dropped if icmp-large-packet-check is configured on IDs service. PR1378852

High Availability (HA) and Resiliency

  • The backup Routing Engine might go to db prompt after performing a configuration remove and restore. PR1269383

  • The ksyncd process might crash continuously on the new backup Routing Engine after performing GRES. PR1329276

  • The Virtual Chassis backup router cannot synchronize with the Virtual Chassis master router when the Virtual Chassis splits then reforms. PR1361617


  • Cleanup at thread exit causes memory leaks. PR1328273

  • The fxp0 interface does not accept IP address with master-only applied. PR1341325

  • The kernel might crash and the system might reboot in a SNMP query reply scenario. PR1351568

  • Junos OS is no longer going to db prompt at ~ + ctl-b. PR1352217

Interfaces and Chassis

  • L2TP subscribers might not be cleared if the access-internal routes fail to install PR1298160

  • Subscribers might fail to access the device after deleting the needless aggregated Ethernet configuration. PR1322678

  • When in hardware-assisted-pm-mode and pm configuration is scale, deactivating eth-oam can lead to an FPC crash. PR1347250

  • Suppressing cfmd logs: jnxSoamLmDmCfgTable_next_lookup: md 0 ma 0 md_cfg 0x0. PR1347650

  • The PPPoE subscribers might fail to login for authd running on 100 percent CPU with high frequency of On-Demand IP address allocation requests. PR1348578

  • Spontaneous jpppd core file is generated on the backup Routing Engine in longevity test at ../../../../../../src/junos/usr.sbin/jpppd/ PR1350563

  • VRRP VIP becomes unreachable after deleting one of the logical interfaces PR1352741

  • native-vlan-id support on ps-interface. PR1352933

  • The FPC might be stuck at 100% for a long time when MC-aggregate Ethernet with enhanced-convergence is configured with large-scale IFLs. PR1353397

  • Any filter change applied to a FTI interface triggers the FTI interface flap PR1354832

  • The aggregate Ethernet interface might flap when the link speed of the aggregate Ethernet bundle is configured to oc192 PR1355270

  • FPC core related to cfmman PR1358192

  • Clients might not get IPv4 addresses in a PPPoE dual-stack scenario. PR1360846

  • Approximately 50 percent of PPPoE subscribers (PTA and L2TP) and all ESSM subscribers are lost after ISSU during DT CST stress test PR1360870

  • Starting with Junos of Release 17.2R1, the CLI allows you to configure more than 2048 logical interfaces on the LAG interface. PR1361689

  • Error messages like ifname [ds-5/0/2:4:1] is chan ci candidate are seen during a commit operation. PR1363536

  • The EOAM LTM messages might not get forwarded after system reboot in a CFM scenario configured with the CCC interface. PR1369085

  • Subscribers cannot negotiate an MLPPP session with MX Series LNS when the dynamic-profile name contains more than 30 characters. PR1370610

  • The dcd process might go down when vlan-id none is configured for the interface. PR1374933

  • FTI logical interface VNI limits changed from (0..16777215) to (0..16777214) PR1376011

  • Duplicate IP cannot be configured on both sonet (so-) interface and other interfaces. PR1377690

Layer 2 Ethernet Services

  • The MAC address might not be learned due to spanning-tree state "discarding" in kernel table after Routing Engine switchover. PR1205373

  • Migration from syslog API to errmsg API /src/junos/usr.sbin/lacpd is observed. PR1284592

  • The DHCPv6 second Solicit message might not be processed when IA_NA and IA_PD are sent in a separate Solicit message. PR1340614

  • The DHCP client is not able to connect if VLAN is modified on the aggregated Ethernet interface associated with the IRB interface. PR1347115

  • When DHCP subscribers are in BOUND (LOCAL_SERVER_STATE_WAIT_GRACE_PERIOD) state, if dhcp-service is restarted, then the subscribers in this state are logged out. PR1350710

  • The DHCP relay agent will discard the DHCP request message silently if the requested IP address has been allocated to the other client. PR1353471

  • Restarting the FPC that hosts the micro-bfd link might cause LACP to generate a core file. PR1353597

  • DHCPv6 relay ignores replies from the server when renewing. PR1354212

  • Migration from syslog API to errmsg API PPMD client LACP is observed. PR1358599

  • The DHCP leasequery message is replied to with an incorrect source address. PR1367485

  • A rebinding state counter is added to DHCPv4 and DHCPv6 binding sensors. PR1368392

Layer 2 Features

  • VPLS instance stays in NP state after LDP session flaps. PR1354784

  • The Routing Engine kernel might crash when OSPFv3 is configured with IPsec key authentication over the IRB interface. PR1357430

  • The dcpfe/fxpc process might crash on Packet Forwarding Engines with low memory when allocating huge memory. PR1362332

  • The traffic might not be transmitted correctly in large scale of VPLS scenario. PR1371994


  • When the explicit fate-sharing group cost is removed from the configuration, the default value "1" should be used in calculations. PR1330161

  • After a MPLS LSP link flap and local repair, RSVP tries to create a new LSP instance, but the instance might get stuck. PR1338559

  • An rpd crash might happen in an RSVP setup-protection scenario. PR1349036

  • Some LSPs might be stuck on the upstream devices after interfaces flap occurs on downstream devices. PR1349157

  • In a very rare scenario, rpd might crash when LDP failed to allocate self-id for the P2MP FEC. PR1349224

  • Packets destined to the master Routing Engine might be dropped in the kernel when LDP traffic statistics are polled through SNMP. PR1359956

  • L2 circuit might flap after an interface goes down even if the LDP session stays up when l2-smart-policy is configured. PR1360255

  • The rpd process might crash during P2MP LSPs churn. PR1363408

  • The rpd might crash in a BGP LU and LDP scenario. PR1366920

  • The traceroute MPLS LDP to a Huawei fails until TTL expires. PR1372924

  • The traffic might not be load-balanced equally across LSPs with ldp-tunneling configured. PR1373575

  • The rpd process might crash continuously if nsr-synchronization or all flag is used in RSVP traceoptions. PR1376354


  • Some IGMP groups might have the wrong upstream interface because the discard route is installed in the PIM. PR1337591

Network Management and Monitoring

  • Output for the show pfe statistics traffic command output shows traffic statistics as zero for a brief time after doing "test panic" on a non-traffic-carrying line card. PR1349517

  • EVENTD fails to start up with syslog configuration. PR1353364

  • The jnxDcuStatsEntry and jnxScuStatsEntry OIDs are missing after interface configuration changes. PR1354060

  • SNMP process crashes when polling CFM statistics. PR1364001

Platform and Infrastructure

  • The command show configuration | compare shows the unchanged configuration after deleting part of the configuration. PR1042512

  • Error messages might be observed with MPC5E card. PR1283850

  • The apply-path prefix is not inherited under the policy after commit. PR1286987

  • Need to move XQ_CMERROR_XR_CORRECTABLE_ECC_ERR to minor and reclassify remaining XQCHIP CMERROR from fatal to major. PR1320585

  • On the MX104, the backup Routing Engine kernel crashes on committing set system management-instance. PR1335903

  • Configuring the same DHCP server in different routing instances is not supported in DHCP relay scenario. PR1342019

  • The interface remains down after delete interface <int> disable. PR1343317

  • ZTP is not supported for vmhost images on next-generation Routing Engines on MX Series platforms. PR1343338

  • On the MPC5, inline-ka PPP echo requests not transmitted when the anchor-point is lt-x/2/x or lt-x/3/x in a pseudowire deployment. PR1345727

  • Multiple vulnerabilities exist in cURL. For more information, refer to JSA10874. PR1347361

  • The IPv4 GPRS traffic over aggregated Ethernet interface might be dropped if gtp-tunnel-endpoint-identifier is configured. PR1347435

  • EVPN-VXLAN, MX Series: Output policing action does not work on IRB interfaces for VNIs. PR1348089

  • FPC CPU utilization with LT interfaces is pegged continuously at 100 percent. PR1348840

  • Running RSI through the console port might cause the system to crash and reboot. PR1349332

  • ICMP error messages are not generated if “don't fragment” packets exceed the MTU of the multiservice interface. PR1349503

  • [ui] Some commands of system ddos-protection protocols unclassified are missing on MX2020 in Junos OS Release 17.2X75. PR1349782

  • When viewing IPv6 addresses, display rfc5952 does not work when combined with display set.PR1349949

  • The lt- interface gets deleted with the tunnel-services configuration still present. PR1350733

  • Chassis manager daemon (chassisd) memory leak occurs. PR1353111

  • In a Junos Fusion setup, configuring VRRP on an extended port will lead to a kernel crash. PR1353498

  • The FPC would crash due to the memory leak caused by the VTEP traffic. PR1356279

  • A traffic black hole is seen along with the message JPRDS_NH:jprds_nh_alloc(),651: JNH[0] failed to grab new region for NH messages. PR1357707

  • When the forwarding-class-accounting statement is enabled on an interface, inside of a routing-instance of instance-type vrf, aggregate input forwarding-class statistics do not increment (egress statistics work fine). PR1357965

  • Select CLI functions are not triggering properly (for example, set security ssh-known-hosts load-key-file and set system master-password). PR1363475

  • Authentication for adding the DTCP filter is not happening on the router and the filter is not getting added. PR1365515

  • The same vlan-id is not allowed on multiple logical interfaces of the same GR interface. PR1365640

  • Qmon Sensors not working with hyper-mode enabled. PR1365990

  • Subscribers over aggregated Ethernet interface might have tail drops, which will affect the fragmented packets due to the QXCHIP buffer getting filled up. PR1368414

  • The host outbound traffic might get dropped when the class-of-service host-outbound-traffic ieee-802.1 rewrite-rules statement is configured. PR1371304

  • The logical tunnel interface might be unable to send out control packets generated by the Routing Engine. PR1372738

  • JNH memory leaks occur in multicast scenario with MoFRR enabled. PR1373631

Routing Policy and Firewall Filters

  • The policy might not get cleaned up after a configuration is deleted, which could cause an rpd to generate a core file. PR1357724

Routing Protocols

  • BGP extended communities with sub-type 4 are erroneously displayed at LINK_BANDWIDTH. PR1216696

  • The rpd generates core files in the ASBR when BGP is deactivated in the ASBR before all stale labels have been cleaned up. PR1233893

  • Migration from syslog API to errmsg API /src/junos/usr.sbin/ppmd is observed. PR1284621

  • Multihop eBGP peering session exchanging EVPN routes can result in an rpd core file when BGP updates are sent. PR1304639

  • The primary path of MPLS LSP might switch to another address. PR1316861

  • The mcsnoopd process memory leak occurs. PR1326410

  • OSPF rLFA default PQ node selection algorithm does not provide proper protection paths in a large-scale network. PR1335570

  • Changes to the displayed value of AIGP occur with the show route ... extensive command. PR1342139

  • A traffic black hole might be seen if the local device is receiving BFD-down. PR1342328

  • The resetting of SRTE sensors is not predictable after the rpd is restarted (restart-routing). Transit sensors are reset all the time but ingress sensor resetting is unpredictable. PR1345229

  • The rpd process might crash after GRES when multipath is configured. PR1346954

  • The rpd might generate a core file when running streaming telemetry. PR1347431

  • The rpd might crash if a route for RPF uses a qualified-next-hop. PR1348550

  • The rpd might crash while restarting routing or deactivating IS-IS. PR1348607

  • The rpd might crash after executing Routing Engine switchover. PR1349167

  • Traffic loss might be seen after the upstream interface shifts from one to another when receiving the PIM prune packet. PR1350806

  • The rpd might crash when BGP route damping and BGP multipath feature are configured. PR1350941

  • The source-as community statement is not appended to RP (display issue in show route detail output). PR1353210

  • Static route flap occurs on commit when configured with resolve statement. PR1366940

  • On MX Series Virtual Chassis, a 10 minute traffic loss might be caused by BGP flap during a unified ISSU. PR1368805

  • Route entry might be missing when IS-IS shortcut is enabled and MPLS link flap. PR1372937

Services Applications

  • SNMP MIBs are not yielding data related to sp- interfaces. PR1318339

  • The software should selectively start the ZLB delay timer at the Packet Forwarding Engine for LAC tunnels. PR1338450

  • The bbe-smgd process might crash if there are 65,535 L2TP sessions in a single L2TP tunnel. PR1346715

  • Session limit per tunnel on LAC does not work as expected. PR1348589

  • When performing an SNMP walk on the IKE SA that is deleted, IPsec tunnels might go down and an infinite loop scenario might be seen. PR1348797

  • UDP checksum inserted by MS-DPC after NAT64 is not valid when incoming IPv4 packet has UDP checksum set to 0. PR1350375

  • The show services stateful-firewall flows counter shows exceedingly high numbers. PR1351295

  • Jl2tpd process might crash shortly after one of the L2TP destinations becomes unavailable. PR1352716

  • IPsec tunnels might flap when SNMP walk is executed if IPsec is configured with DPD enabled. PR1353240

  • In an L2TP, tunnel-switch clients in the subscriber session database reference the incorrect routing instance. PR1355396

  • L2TP access concentrator (LAC) tunnel connection request packets might be discarded on LNS device. PR1362542

  • Some subscriber might be stuck in terminating state in L2TP scenario. PR1363194

  • The L2TP subscribers might not be able to log in successfully because of the jl2tpd memory leak. PR1364774

  • Accounting stop message is not sent to RADIUS server after bringing down the L2TP subscriber. PR1368840

  • Actual data rate downstream value is not included in the L2TP ICRQ message from the LAC. PR1370699

  • NAT64 does not translate ICMPv6 Type 2 packet (packet is too big) correctly when MS-DPC is used for NAT64. PR1374255

Subscriber Access Management

  • Multiple RADIUS servers having different dynamic request ports is not supported. PR1330802

  • Subscriber might get stuck in terminated state when the JSRC synchronization state is stuck in "FULL-SYNC in progress". PR1337729

  • In a dual-stack subscribers scenario with NDRA pool configured, the linked pools are not used when the first NDRA pool is exhausted. PR1351765

  • When attempting to scale clients, sdbsts_lock_holder.bbe-smgd.pid10686.core crashes and generates a core file. PR1358339

  • CoA updates subscriber with original dynamic-profile if RADIUS has returned different dynamic-profile name. PR1381230

User Interface and Configuration

  • The mustd process crashes and generates a core file ppool_bkt (phdr=0xde918024, pfile=0xde933004, no_pages=1) at ../../../../../../src/ui/lib/memory/page_pool.c. PR1309074

  • Automatic completion of interface range with ae1+TAB results in an invalid value error. PR1353741


  • The multicast route might be rejected when Junos OS PE devices receive C-Mcast route from other vendors' PE device. PR1327439

  • The rpd crashes after committing interface-related parameters (for example, MTU change, VRF RD/RT, QoS) on PS interface with vlan-ccc encapsulation and no vlan-id. PR1329880

  • The rpd might continuously crash on the backup Routing Engine and some protocols might flap on the master Routing Engine when hot-standby is configured for l2circuit or VPLS backup neighbor. PR1340474

  • The rpd might crash on the backup Routing Engine when changing the l2circuit virtual-circuit-id in an NSR scenario. PR1345949

  • The rpd process might crash after a configuration change in an L2VPN scenario. PR1351386

  • In a dual-homed next-generation MVPN, the receipt of Type 5 withdrawal removes downstream join states for some routes. PR1368788

Documentation Updates

This section lists the errata and changes in Junos OS Release 18.3R3 documentation for MX Series.

Subscriber Management Access Network Guide

  • The Broadband Subscriber Access Protocols User Guide has been updated to clearly describe when you must commit changes during the process of moving the anchor point for a pseudowire subscriber logical interface device on MX Series routers. See Changing the Anchor Point for a Pseudowire Subscriber Logical Interface Device for information about moving the anchor point from one logical tunnel to another logical tunnel, from a logical tunnel to a redundant logical tunnel, and from a redundant logical tunnel to a logical tunnel.

  • The guide failed to include a feature that enables you to override the information that the LAC sends to the LNS in L2TP Calling Number AVP 22 when the LAC is configured to use the Calling-Station-ID format. You can configure the access profile to override that value for AVP 22 with any combination of the agent circuit identifier and the agent remote identifier received by the LAC in the PADR packet.

    [See Override the Calling-Station-ID Format for the Calling Number AVP].

  • The guide incorrectly stated that the linked-pool-aggregation statement is located at the [edit access address-assignment pool pool-name] hierarchy level. In fact, this statement is located at the [edit access] hierarchy level.

    See Configuring Address-Assignment Pool Linking.

Subscriber Management Provisioning Guide

  • Starting in Junos OS Release 15.1, the Broadband Subscriber Sessions User Guide and the CLI Explorer incorrectly included information about the show extensible-subscriber-services accounting command. This command is not present in the CLI. Instead, you can use accounting profiles to collect statistics from the Packet Forwarding Engine for Extensible Subscriber Services Manager (ESSM) subscribers. See Flat-File Accounting Overview for information about accounting for ESSM subscribers.

Subscriber Management VLANs Interfaces Guide

  • The Broadband Subscriber VLANs and Interfaces User Guide did not clearly indicate that only demux0 is supported for demux interfaces. If you configure a different demux interface, such as demux1, the configuration commit fails.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

Starting in Junos OS 18.3R3 release, FreeBSD 11.x is the underlying OS for all Junos OS platforms which were previously running on FreeBSD 10.x based Junos OS. FreeBSD 11.x does not introduce any new Junos OS related modifications or features but is the latest version of FreeBSD.

The following table shows detailed information about which Junos OS can be used on which products:


FreeBSD 6.x-based Junos OS

FreeBSD 11.x-based Junos OS

MX5,MX10, MX40,MX80, MX104



MX240, MX480, MX960,

MX2010, MX2020



Basic Procedure for Upgrading to Release 18.3


Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files) might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Installation and Upgrade Guide.

For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.

Procedure to Upgrade to FreeBSD 11.x based Junos OS

Products impacted: MX240, MX480, MX960, MX2010, and MX2020.

To download and install FreeBSD 11.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-18.3R3.9-signed.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-18.3R3.9-signed.tgz

    Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos package):

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-18.3R3.x-limited.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-18.3R3.9-limited.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 11.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 11.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.


You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.


After you install a Junos OS Release 18.3 jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.x) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.


Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.

Procedure to Upgrade to FreeBSD 6.x based Junos OS

Products impacted: MX5, MX10, MX40, MX80, MX104.

To download and install FreeBSD 6.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    • All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

      user@host> request system software add validate reboot source/jinstall-ppc-18.3R3.9-signed.tgz
    • Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos OS package):

      user@host> request system software add validate reboot source/jinstall-ppc-18.3R3.9-limited-signed.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.


After you install a Junos OS Release 18.3 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2 and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see

Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:

  1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.

  2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

  3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

  4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Downgrading from Release 18.3

To downgrade from Release 18.3 to another supported release, follow the procedure for upgrading, but replace the 18.3 jinstall package with one that corresponds to the appropriate release.


You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices, and special compatibility guidelines with the release, see the Hardware Guide and the Interface Module Reference for the product.

To determine the features supported on MX Series devices in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at:

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.

Release History Table
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).