Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for MX Series 5G Universal Routing Platform


These release notes accompany Junos OS Release 18.4R2 for the MX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at

New and Changed Features

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for MX Series.

Release 18.4R2 New and Changed Features

There are no new features or enhancements to existing features for MX Series in Junos OS Release 18.4R2.

Release 18.4R1 New and Changed Features


  • Smart SFP and smart SFP+ support (MX Series)—Starting in Junos OS Release 18.4R1, the smart SFP transceivers and smart SFP+ transceiver in Table 1 and Table 2 are supported on the listed MX Series routers.

    Table 1: SFP Transceiver Support on the MX Series

    SFP Model

    Supported MPCs, MICs, and Platforms






    Supported MPCs:

    • MX-MPC1E-3D (with MIC)

    • MX-MPC1E-3D-Q (with MIC)

    • MX-MPC2E-3D (with MIC)

    • MX-MPC2E-3D-Q (with MIC)

    • MX-MPC2E-3D-NG (with MIC)

    • MX-MPC3E-3D-NG (with MIC)

    Supported MICs:

    • MIC-3D-20GE-SFP

    • MIC-3D-20GE-SFP-E


    Supported platforms:

    • MX80 (with MIC)

    • MX104 (fixed interfaces as well as MIC)

    • MX240, MX480, and MX960 (with MPC+ MIC)

    Table 2: SFP+ Transceiver Support on the MX Series

    SFP+ Model

    Supported MPCs, MICs, and Platforms


    Supported MPCs:

    • MX-MPC1E-3D (with MIC)

    • MX-MPC1E-3D-Q (with MIC)

    • MX-MPC2E-3D (with MIC)

    • MX-MPC2E-3D-Q (with MIC)

    • MX-MPC2E-3D-NG (with MIC)

    • MX-MPC3E-3D-NG (with MIC)

    Supported MICs:


    Supported platforms:

    • MX80 (with MIC)

    • MX104 (fixed interfaces as well as MIC)

    • MX240, MX480, and MX960 (with MPC+ MIC)

    See the [Hardware Compatibility Tool].

  • Support for 40-Gbps ports to operate at 1-Gbps or 10-Gbps speed (MX10008 )—Starting in Junos OS Release 18.4R1, you can use the Mellanox pluggable adapter (QSFP+ to SFP+ adapter or QSA; model number: MAM1Q00A-QSA) to convert quad-lane based ports to a single-lane based SFP+ port. The QSA adapter has the QSFP+ form factor with a receptacle for the SFP+ module. Use the QSA adapter to convert a 40-gigabit port to a 1-Gbps or a 10-Gbps port. You can plug-in a 10-Gbps SFP+ transceiver into the QSA adapter, which is inserted into the QSFP or QSFP+ ports of the MX10K-LC2101 line cards of the MX10008 router.

Authentication, Authorization and Accounting (AAA) (RADIUS)

  • Support for password change policy enhancement (MX Series)—Starting in Junos OS Release 18.4R1, the Junos OS password change policy for local user accounts is enhanced to comply with additional password policies. As part of the policy improvement, you can configure the following:

    • maximum-lifetime-value—The maximum duration of a password. The password expires after the maximum is reached.

    • minimum-lifetime-value—The minimum duration of a password. You cannot change the password until the minimum duration is reached.

    [See password.]

Class of Service (CoS)

  • Support for five-level hierarchical CoS with dynamic interface set over dynamic interface sets (MX Series) — Starting in Junos OS Release 18.4R1, five-level hierarchical CoS with the ability to configure dynamic interface sets over dynamic interface sets is supported on NG-MPC2E, NG-MPC3E, MPC5, and MPC7 line cards.

    [See stacked-interface-set (Dynamic Profiles).]

  • Support for dynamic and static logical interfaces in the same dynamic interface set (MX Series) — Starting in Junos OS Release 18.4R1, you can apply dynamic and static logical interfaces in the same dynamic interface set on all MPCs that support four-level and five-level hierarchical CoS.

    [See Understanding Hierarchical CoS for Subscriber Interfaces.]


  • Support for VMTO for ingress traffic (MX Series)—Starting in Junos OS Release 18.4R1, you can configure a leaf or spine device that is configured as a Layer 3 gateway to support virtual machine traffic optimization (VMTO) for ingress traffic. VMTO eliminates the unnecessary ingress routing to default gateways when a virtual machine is moved from one data center to another.

    To enable VMTO, configure remote-ip-host routes at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. You can also filter out the unwanted routes by configuring an import policy under the remote-ip-host routes option.

    [See Ingress Virtual Machine Traffic Optimization.]

  • Support for multihomed proxy advertisement (MX Series)—Starting in Junos OS Release 18.4R1, Junos OS now provides enhanced support to proxy advertise the MAC address and IP route entry from all leaf devices that are multihomed to a CE device. This can prevent traffic loss when one of the connections to the leaf device fail. To support the multihomed proxy advertisement, all multihomed PE devices should have the same multihomed proxy advertisement bit value. The multihomed proxy advertisement feature is enabled by default, and Junos OS uses the default multihomed proxy advertisement bit value of 0x20.

    [See EVPN Multihoming Overview.]

  • Automatically generated and assigned Ethernet segment identifiers in EVPN-VXLAN and EVPN-MPLS Networks (MX240, MX480, QFX5100, and QFX5110)—Starting in Junos OS Release 18.4R1, you can configure aggregated Ethernet interfaces and aggregated Ethernet logical interfaces on which LACP is enabled to automatically generate and assign Ethernet segment identifiers (ESIs) to themselves. We support this feature in the following environments:

    • On MX240 or MX480 routers that are multihomed in active-standby or active-active mode in an EVPN-MPLS network.

    • On QFX5100 or QFX5110 switches that are multihomed in active-active mode in an EVPN-VLAN network.

  • MLD snooping support for EVPN-MPLS (MX Series and vMX)—Starting with Junos OS Release 18.4R1, you can configure Multicast Listener Discovery (MLD) protocol snooping on MX Series routers with MPCs and vMX routers in an EVPN over an MPLS network. Enabling MLD snooping helps to constrain IPv6 multicast traffic to interested receivers in a broadcast domain. Multicast sources and receivers in the EVPN instance (EVI) can each be single-homed to one provider edge (PE) device or multihomed in all-active mode to multiple PE devices.

    MLD snooping support in this environment includes:

    • Either MLDv1 and MLDv2 with any-source multicast (*,G) or MLDv2 with source-specific multicast (S,G) (configurable)

    • MLD state synchronization among multihoming PE devices using BGP EVPN Type 7 (Join Sync Route) and Type 8 (Leave Sync Route) network layer reachability information (NLRI)

    • Inclusive multicast forwarding from the ingress PE device into the EVPN core to reach all other PE devices

    • Forwarding across bridge domains (VLANs) using IRB interfaces and PIM operating in passive and distributed designated router (PIM-DDR) modes

    [See Overview of Multicast Forwarding with IGMP or MLD Snooping in an EVPN-MPLS Environment.]

  • Support for graceful restart on EVPN-VXLAN (MX Series)—Starting in Junos OS Release 18.4R1, Junos OS supports graceful restart on EVPN-VXLAN on EX9200 and QFX Series switches and MX Series Routers. Graceful restart allows the device to recover from a routing process restart or Routing Engine switchover without nonstop active routing (NSR) enabled.

    [See NSR and Unified ISSU Support for EVPN Overview.]

Forwarding and Sampling

  • Support for activating or deactivating static routes on the basis of RPM test results (MX Series)—Starting in Junos OS 18.4R1, you can use RPM probes to detect link status, and change the preferred-route state on the basis of the probe results. Tracked routes can be IPv4 or IPv6, and support a single IPv4 or IPv6 next hop. For example, RPM probes can be sent to an IP address to determine if the link is up, and if so, take the action of installing a static route in the route table . RPM-tracked routes are installed with preference 1 and thus are preferred over any existing static routes for the same prefix.

    [See Configuring RPM Probes , rpm-tracking, and show route rpm-tracking.]

General Routing

  • Avoid jlock hogs by configuring jlock hold time (MX Series)—Starting with Junos OS Release 18.4R1, users can configure a jlock hold time threshold value via sysctl. This helps avoid jlock hogs (tight loops) in ifd_walk by dropping the jlock after the threshold time is reached. The default hold time is 50ms.

    [See sysctl() Function]

High Availability (HA) and Resiliency

  • BFD Client for segment routing (MX Series)—This feature is not supported on Junos OS Release 18.4R1. You can configure Junos OS to run Seamless Bidirectional Forwarding Detection (S-BFD) over non colored segment routing tunnels and use S-BFD as a fast mechanism to detect path failures. You can configure bfd-liveness-detection at the [edit protocols source-packet-routing segment-list] hierarchy level for enabling path-level S-BFD for a segment list.

    [See Understanding Bidirectional Forwarding Detection (BFD).]

  • Resiliency support for Switch Interface Boards (MX10016)—Starting in Junos OS Release 18.4R1, resiliency support is enabled for Switch Interface Boards (SIBs) on MX10016 routers. Resiliency support enables the device to monitor hardware anomalies that can appear at boot time or at runtime. IDEEPROM read failure is an example of boot-time error. Voltage and temperature sensor readings that do not match permissible limits are examples of runtime errors.

Interfaces and Chassis

Junos Telemetry Interface

  • Export of subscriber accounting and dynamic interface and interface-set queue statistics through Junos Telemetry Interface (JTI) (MX Series Routers) —Starting in Junos OS Release 18.4R1, you can export statistics associated with dynamic subscriber interface stacking through remote procedure calls (gRPC). Accurate statistics (actual transit statistics) sensor for the subscriber interface includes IP (total) and IPv6 ingress and egress packets and bytes. Queue statistics for dynamic interface and interface sets include include counts of transmitted and dropped packets and bytes. The queue statistics sensors are maintained per contributing slot (as in the case with AE). Separate metadata sensors convey more contextual information about the dynamic interface and interface sets are available. The metadata sensors are also eligible for ON_CHANGE streaming.

    To enable subscriber and queue statistics for telemetry, include the subscriber-statistics and queue-statistics statements at the [edit dynamic-profiles profile-name telemetry] hierarchy level.

    [See dynamic-profiles and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • Expanded ON_CHANGE support for Junos Telemetry Interface (JTI) (MX960, MX2010, MX2020, PTX5000, PTX1000, and PTX10000)—Starting in Junos OS Release 18.4R1, OpenConfig support through remote procedure call (gRPC) and JTI is extended to support additional ON_CHANGE sensors.

    Periodical streaming of OpenConfig operational states and counters collects information at regular intervals. ON_CHANGE support streams operational states as events (only when there is a change), and is preferred over periodic streaming for time-sensitive missions.

    These paths, previously supporting periodical streaming only, now also support ON_CHANGE streaming:

    • /components/component

    • /components/component/name/

    • /components/component/state/type

    • /components/component/state/id

    • /components/component/state/description

    • /components/component/state/serial-no

    • /components/component/state/part-no

    ON_CHANGE notification will be supported on all the hardware components displayed in the Junos OS CLI operational mode command show chassis hardware.

    To provision a sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. To enable ON_CHANGE support, configure the sample frequency in the subscription as zero.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface) and show chassis hardware.]

  • Support for NTF agent (MX240, MX480, MX960, MX2010, MX2020, PTX1000, PTX5000, PTX10000, and VMX)—Junos OS exposes telemetry data over gRPC and UDP as part of the Junos Telemetry Interface (JTI). One way to stream JTI data into your existing telemetry and analytics infrastructure requires managing an external entity to convert the data into a compatible format. Starting in Junos OS Release 18.4R1, the NTF agent feature provides an on-box solution that allows you to configure and customize to which endpoint (such as IPFIX and Kafka) the JTI data is delivered and in which format (such as AVRO, JSON, and MessagePack) the data is encoded.

    [See NTF Agent Overview.]

  • Abstracted fabric interface support on Junos Telemetry Interface (JTI) (MX480, MX960, MX2008, MX2010, MX2020, and MX-ELM)—Starting in Junos OS Release 18.4R1, JTI sensor support is available for abstracted fabric interfaces. An abstracted fabric interface is a pseudointerface that represents a first class Ethernet interface behavior. This sensor is only supported for node virtualization configurations on MX routers with an abstract fabric Interface as the connecting link between guest network functions (GNFs). JTI sensors will report interface-specific load-balancing and fabric queue statistics. They also will report aggregated statistics across all abstracted fabric interfaces hosted on a source Packet Forwarding Engine of local guest network functions (GNFs) along with the fabric statistics for all traffic ingressing from and egressing to the fabric from that Packet Forwarding Engine.

    JTI sensor support is for both gRPC sensors and native (UDP) sensors. Use the following resource path to configure JTI sensors:

    • /junos/system/linecard/node-slicing/af-fab-stats/

    To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).

    For exporting statistics using UDP native sensors, configure parameters at the [edit services analytics] hierarchy level.

    [See sensor (Junos Telemetry Interface), Configuring a Junos Telemetry Interface Sensor (CLI Procedure), and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • Enhanced IS-IS sensor support for Junos Telemetry Interface (JTI) (MX960, MX2020, PTX5000, PTX1000, and PTX10000)—Starting in Junos OS Release 18.4R1, JTI supports OpenConfig Version v0.3.3 (from v0.2.1) for resource paths related to IS-IS link-state database (LSDB) streaming. The difference between the two versions results in changes, additions, deletions, or non-support for leaf devices related to the following IS-IS type length value (TLV) parameters and IS-IS areas:

    • TLV 135: extended-ipv4-reachability

    • TLV 236: ipv6-reachability

    • TLV 22: extended-is-reachability

    • TLV 242: router-capabilities

    • IS-IS interface attributes

    • IS-IS adjacency attributes

    To provision the sensor to export data through gRPC streaming, use the telemetry Subscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig and Network Agent packages, both of which are bundled into the Junos image in a default package named junos-openconfig.

    [See Configuring a Junos Telemetry Interface Sensor (CLI Procedure) and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

Layer 2 VPN

  • Group VPN on AMS interface (MX Series)—Starting in Junos OS Release 18.4R1, Junos OS supports load-balancing Group VPN services on AMS interfaces. AMS interfaces are a bundle of interfaces that function as a single interface and can be configured to load-balance traffic among the group members. To configure load balancing of Group VPN services on AMS interfaces, include the ipsec-group-vpn in the [edit services service-set service-set-name] hierarchy level to configure the service set and the load-balancing-option statements in the service-interface hierarchy of the AMS interface to enable load balancing.

    For more information on configuring AMS interfaces, see Configuring Aggregated Multiservices Interfaces.

    [See Group VPN on AMS Interfaces.]


  • Track IGP metric for install prefixes (MX Series)—Starting in Junos OS Release 18.4R1, you can let the install prefixes follow the metric of their corresponding IGP prefix so that the various RSVP protocol routes installed for the LSP can now each have their indivdual metric value. The install-prefix IGP metric tracking feature can be configured for all LSPs at the [edit protocols mpls] level or on a per-LSP basis at the [edit protocols mpls label-switched-path] hierarchy level.

    [See Install Prefix IGP Overview.]

  • Support for IP-based filtering and port mirroring of MPLS traffic (MX Series with MPC and MIC)—Starting in Junos OS Release 18.4R1, you can apply inbound and outbound filters for MPLS family based on MPLS-tagged IPv4 and IPv6 parameters using inner payload match conditions, and enable selective port mirroring of MPLS traffic unto a monitoring device.

    To enable IP-based filtering, additional match conditions, such as IPv4 and IPv6 source and destination addresses, protocol, source and destination ports, and IPv4 and IPv6 source and destination prefix list, are added under the MPLS filter term from parameter.

    To enable port mirroring, additional actions, such as port-mirror and port-mirror-instance, are added for all the match conditions under the filter term then parameter.

    [See Understanding IP-Based Filtering and Selective Port Mirroring of MPLS Traffic.]

  • Static egress LSP with IPv6 next-hop—Starting in Junos OS Release 18.4R1, you can configure static LSP on the egress router with the IPv6 as a next­hop address to forward IPv6 traffic. Static LSP supports next­hop indirection and link protection.

    [See Configuring Static Label Switched Paths for MPLS.]

Network Management and Monitoring

  • New major alarms on MX Series routers with MPC1 and MPC2—Starting in Junos OS Release 18.4R1, on MX Series routers with MPC1 and MPC2 line cards, a major chassis alarm is raised when the following transient hardware errors occur:

    • CPQ SRAM parity error

    • CPQ RLDRAM double bit ECC error

    In the Description column of show chassis alarm outputs, these errors are described as “FPC <slot number> Major Errors”; for example:

    user@host> show chassis alarms

    By default, these errors result in the Packet Forwarding Engine interfaces on the FPC being disabled. You can use the show chassis fpc errors command to view the default or user-configured action that resulted from the error.

    You can check the syslog messages to learn more about the errors. See the following examples:

    To resolve the error, restart the line card. If the error is still not resolved, open a support case using the Case Manager link at or call 1-888-314-JTAC (within the United States) or 1-408-745-9500 (from outside the United States).

  • Support for Junos Space Service Now (MX10016)—Starting in Junos OS Release 18.4R1, MX10016 routers s support Junos Space Service Now. The Junos Space Service Now is an application that runs on the Junos Space Network Management Platform to automate fault management and accelerate issue resolution.

    [See Junos Space Service Now.]

Operation, Administration, and Maintenance (OAM)

  • Support for inline link fault management (MX Series)—Starting in Junos OS Release 18.4R1, Junos OS supports inline mode for OAM link fault management (LFM) on MX Series routers. Inline LFM delegates the transmission and receipt of LFM keepalive packets from the periodic packet management (ppm) process on the line card to the forwarding ASIC (that is, to the hardware). Inline LFM reduces the load on the ppm process and can support LFM in-service software upgrade (ISSU) for non-Juniper peers (for a keepalive interval of 1 second). You can enable inline LFM by including the hardware-assisted-keepalives configuration statement at the [edit protocols oam ethernet link-fault-management] hierarchy level. To disable inline LFM, delete the hardware-assisted-keepalives statement. The show oam ethernet link-fault-management detail command displays the keepalive packet statistics. Starting from Release 18.4R1, when inline LFM is enabled, the keepalive packet statistics are not updated. In earlier releases, the show oam ethernet link-fault-management detail command displayed the keepalive packet statistics.

    [See Enabling Inline Transmission of LInk Fault Management Keepalives for Maximum Scaling.]

Routing Policy and Firewall Filters

  • Support for next-filter as a firewall filter action (MX Series)—Starting in Junos OS Release 18.4R1, firewall filters can be configured to execute a sequence of firewall filter actions. The new next-filter option allows you to deploy a filter list and run a series of filters, similar to what is already available with next-term actions, and provides filter scale optimization. Up to eight filters can be chained in this way. The feature is not supported on logical systems, or on loopback and pseudo-interfaces.

    You can use a filter list to implement a mix of multifield-classification and firewall filter rules. For example, the first filter in the list can be used to perform a generic filter classification, and the subsequent filters can then do the actual filtering.

    [See input-chain and output-chain.]

  • Filter-based GRE encapsulation (MX Series)—Starting in Junos OS Release 18.4R1, you can use tunnel-end-point commands to enable line-rate, filter-based, GRE tunneling of IPv4 and IPv6 payloads across IPv4 networks.

    This GRE encapsulation is not supported for logical systems or for MPLS traffic, and the route lookup for GRE encapsulated traffic is supported on the default routing instance only.

    The following commands are introduced for this feature:

    set firewall tunnel-end-point tunnel-name gre

    set firewall tunnel-end-point tunnel-name ipv4

    set firewall tunnel-end-point tunnel-name ipv6

    [See tunnel-end-point and Filter-Based Tunneling Across IPv4 Networks.]

Routing Protocols

  • Support for BGP flowspec redirect to IP (MX Series)—Starting in Junos OS Release 18.4R1, BGP flow specification as described in BGP Flow-Spec Internet draft draft-ietf-idr-flowspec-redirect-ip-02.txt, Redirect to IP Action is supported. Redirect to IP action uses extended BGP community to provide traffic filtering options for DDoS mitigation in service provider networks. Legacy flow specification, as specified in the Internet draft draft-ietf-idr-flowspec-redirect-ip-00.txt, BGP Flow-Spec Extended Community for Traffic Redirect to IP Next Hop, redirect to IP uses the BGP nexthop attribute to support interoperability of devices. Junos OS advertises redirect to IP flow specification action using the extended community by default. Redirect to IP action allows you to divert matching flow specification traffic to a globally reachable address. This feature is required to support service chaining in virtual service control gateway (vSCG).

    To configure a static IPv4 flow specification route, include the redirect ipv4-address statement at the [edit routing-options flow route then] hierarchy level in the configuration.

    To configure a static IPv6 specification route, include the redirect ipv6-address statement at the [edit routing-options flow route then] hierarchy level in the configuration.

    To configure legacy flow specification include legacy-redirect-ip-action at the [edit group bgp-group neighbor bgp neighbor family inet flow] hierarchy level.

    To configure BGP to use VRF.inet.0 table to resolve VRF flow specification routes, include secondary-independent-resolution statement at the [edit protocols bgp neighbor family flow] hierarchy level.

    [See legacy-redirect-ip-action.]

    [See Configuring BGP Flow Specification Action Redirect to IP to Filter DDoS Traffic.]

  • Support for 64 BGP add-path routes (MX Series)—Starting in Junos OS Release 18.4R1, support is extended to 64 BGP add-path routes. Currently Junos OS supports six add-path routes and BGP can advertise up to 20 add-path routes through policy configuration. If you enable advertisement of multiple paths to a destination or if you increase the add-path prefix policy send count, BGP can now advertise up to 64 add-path routes.

    To advertise all add-paths, up to 64 add-paths or only equal-cost paths, include the path-selection-mode statement at the [edit protocols bgp group group-name family name addpath send] hierarchy level. You cannot enable both multipath and path-selection-mode at the same time.

    To advertise a second best path as a backup path in addition to the multiple ECMP paths include the include-backup-path backup_path_name statement at the [edit protocols bgp group group-name family name addpath send]] hierarchy level.

    [See path-selection-mode.]

    [See include-backup-path.]

  • Support for BGP egress peer engineering (MX Series)—Starting in Junos OS Release 18.4R1, BGP LS extensions are enhanced to export segment routing topology information to the controller. A centralized controller in a software-defined network (SDN) can program any egress peer policy at ingress border routers or at hosts within the domain in a segment routing network. The egress router advertises SID labels for all its peers, and the controller advertises these SID labels to the ingress router. The SID label can be a node segment, or an adjacency segment, or a set segment label. Thus the ingress router can select these SID labels to transfer data packets to the egress peers. The path that the controller derives can override the network derived best path. This feature can also be used in an inter domain scenario.

    To configure a peer node SID, include egress-te-node-segment-label at the [edit protocols bgp group group-name neighbor neighbor-name] hierarchy level.

    To configure a peer adjacency SID, include egress-te-adj-segment adj-segment-name at the [edit protocols bgp group group-name neighbor neighbor-name] hierarchy level.

    To create a peer set SID, include egress-te-set-segment set-segment-name label label-name at the [edit protocols bgp] hierarchy level.

    [See egress-te-node-segment.]

    [See egress-te-adj-segment.]

    [See egress-te-set-segment.]

  • Support for IPv4 VPN unicast and IPv6 VPN unicast address families in BGP (MX Series)—Starting in Junos OS Release 18.4R1, the following address families are supported to enable advertisement or reception, or both, of multiple paths to a destination to and from the same BGP peer, instead of advertising and receiving only the active path to and from the same BGP peer, under the [edit protocols bgp group group-name] hierarchy.

    • IPv4 VPN unicast (family inet-vpn)

    • IPv6 VPN unicast (family inet6-vpn)

    [See Understanding the Advertisement of Multiple Paths to a Single Destination in BGP.]

  • BGP add path support for eBGP (MX Series)—Starting in Junos OS Release 18.4R1, add path receive is now supported for eBGP under the [edit logical-systems logical-system-name protocols bgp group group-name family family].

    [See Understanding BGP.]

Services Applications

  • Support for MPLS-IPv6 inline active flow monitoring (MX Series)—Starting in Junos OS Release 18.4R1 on MX Series routers, you can perform inline flow monitoring for MPLS-IPv6 traffic. Both IPFIX and version 9 templates are supported. If you are running inline flow monitoring on a Lookup (LU) card, you must enable sideband mode to create MPLS-IPv6 flow records.

    [See Configuring Inline Active Flow Monitoring Using Routers, Switches or NFX250.]

  • MX Series Virtual Chassis NAT support on BNG (MX240, MX480, and MX960 routers with MS-MPCs and MS-MICs)—Starting in Junos OS Release 18.4R1, you can configure a two-member MX Series Virtual Chassis to use the Juniper broadband network gateway (BNG) with IPv4-to-IPv4 basic NAT, dynamic NAT, static destination NAT, dynamic NAT with port mapping, and stateful NAT64. A two-member MX Series Virtual Chassis configuration supports a maximum of four MS-MPCs and four MS-MICs per Virtual Chassis.

    [See Protocols and Applications Supported by the MS-MIC and MS-MPC.]

  • MX Series Virtual Chassis DS-Lite support (MX240, MX480, and MX960 routers with MS-MPCs and MS-MICs)—Starting in Junos OS Release 18.4R1, you can configure DS-Lite on a two-member MX Series Virtual Chassis. A two-member MX Series Virtual Chassis configuration supports a maximum of four MS-MPCs and four MS-MICs per Virtual Chassis.

    [See Protocols and Applications Supported by the MS-MIC and MS-MPC.]

Software Defined Networking (SDN)

Subscriber Management and Services


Subscriber management is not ready for deployment in Junos OS Release 18.4R1. You can use this release for testing and qualification, but we recommend you wait for a later 18.4 maintenance or service release for deployment.

  • Limit subscriber sessions per user and access profile (MX Series)—Starting in Junos OS Release 18.4R1, you can configure a limit on the number of sessions that can be active for a given username in an access profile.

    The show network-access aaa statistics session-limit-per-username command displays the number of active sessions and of blocked requests for usernames in each access profile. The clear network-access aaa statistics session-limit-per-username command enables you to clear blocked requests for debugging subscriber session limits.

    [See Understanding Session Options for Subscriber Access.]

  • New BBE statistics collection and management process (MX Series)—Starting in Junos OS Release 18.4R1, the BBE statistics collection and management process, bbe-statsd, is introduced to take advantage of high-performance Routing Engines to increase the frequency of statistics collection and improve statistics processing in highly scaled environments. The bbe-stats-service option has been added to the restart command for restarting this statistics process.

    To collect subscriber and service statistics, you now must enable the actual-transit-statistics statement. If you do not configure this statement, subscriber statistics are not collected; the show subscribers accounting-statistics command displays a value of zero for subscriber statistics; and the subscriber statistics are reported to RADIUS with values of zero.

    [See Enabling the Reporting of Accurate Subscriber Accounting Statistics to the CLI.]

  • Subscriber secure policy information not revealed in core file dumps (MX Series)—Starting in Junos OS Release 18.4R1, subscriber secure policy (SSP) information that might identify subscribers or mediation devices is automatically encrypted when the authd, bbe-smgd, or dfcd process generates core error files. Unauthorized persons examining the error files are unable to view the SSP information. The SSP information that might be present in the core error file includes the source and destination IP address for the mediation device, device ports, and intercept ID. No configuration is required or possible.

    [See Subscriber Secure Policy Overview.]

  • Increased number of IP addresses in DHCPv4 server groups (MX Series)—Starting in Junos OS Release 18.4R1, DHCPv4 server groups support up to 32 active server IP addresses. In earlier releases, only 5 servers are supported.

    [See Configuring Active Server Groups to Apply a Common DHCP Relay Agent Configuration to Named Server Groups.]

  • Address allocation method determines behavior when address pool is deleted or drained (MX Series)—Starting in Junos OS Release 18.4R1, additional checking is performed to determine the subsequent behavior when authd notifies the DHCP process that an address pool is deleted or being drained:

    • When addresses are allocated on demand, the family with the address in that pool is logged out immediately when the pool is deleted, or logged out gracefully by the draining process when a DHCP renew or rebind message is received.

    • When the addresses are preallocated, the addresses for both families are deleted immediately when the pool is deleted, or deleted gracefully by the draining process when a DHCP renew or rebind message is received.

    [See Single-Session DHCP Dual-Stack Overview and Configuring DHCP Local Address Pool Rapid Drain.]

  • Enhanced support for forwarding ACKs from trusted servers (MX Series)—Starting in Junos OS Release 18.4R1, the allow-server-change option of the active-server-group statement enables the DHCPv4 relay agent to forward ACKs to DHCP information request (DHCPINFORM) messages from any server in the active server group to the client. In earlier releases, only ACKs to DHCP request (renew or rebind) messages can be forwarded from trusted servers.

    [See Configuring Active Server Groups to Apply a Common DHCP Relay Agent Configuration to Named Server Groups.]

  • Support for DHCPv6 NotOnLink status code (MX Series)—Starting in Junos OS Release 18.4R1, the DHCPv6 server can return to the client a status code of NotOnLink in the Reply PDU IA field during reauthentication when the subscriber IP or IPv6 address changes. This code means that at least one address in the client’s request IA is not appropriate for the client’s connection link. In earlier releases, only a NoAddrsAvail or NoPrefixAvail status code can be returned when there is an issue with requested addresses.

    [See RADIUS Reauthentication As an Alternative to RADIUS CoA for DHCP Subscribers.]

  • Reassign IPv4 address to a new subscriber (MX Series)—Starting in Junos OS Release 18.4R1, you can enable a new subscriber to be reassigned an IPv4 address that is currently assigned to an existing subscriber by including the reassign-on-match option with the address-protection statement. The new subscriber request is rejected, but the existing subscriber is disconnected. The address is assigned to the new subscriber when it renegotiates the session

    [See Configuring Duplicate IPv4 Address Protection for AAA.]

  • New predefined variables and RADIUS VSAs for interface and set targeted distribution (MX Series)—Starting in Junos OS Release 18.4R1, when you target an interface or an interface set for distribution on aggregated Ethernet member links, you can use a Juniper Networks predefined variable to source the weight value from the RADIUS Access-Accept message on a per-subscriber basis, or from Diameter AVPs during NASREQ processing:

    • $junos-interface-target-weight corresponds to Juniper Networks VSA 26-214, Interface-Targeting-Weight.

    • $junos-interface-set-target-weight corresponds to Juniper Networks VSA 26-213, Interface-Set-Targeting-Weight.

    [See Junos OS Predefined Variables That Correspond to RADIUS Attributes and VSAs.]

  • Support for exporting BNG sensor data to an IPFIX collector (MX Series)—Starting in Junos OS Release 18.4R1, the input-jti-ipfix plug-in collects a limited set of sensor data from the local BNG Junos Telemetry Interface and translates it to the appropriate IPFIX records for export to an IPFIX collector.

    [See Telemetry Data Collection on the IPFIX Mediator for Export to an IPFIX Collector.]

  • Detection and autogeneration of logical interface sets representing logical access nodes (MX Series)—Starting in Junos OS Release 18.4R1, you can configure the router to parse the ANCP Access-Aggregation-Circuit-ID-ASCII attribute (TLV 0x0003). When the TLV string begins with a # character, the entire string is a backhaul line identifier. The portion of the string after the # delimiter represents a logical intermediate node (DPU-C or PON tree) in the access network to which the subscriber is attached. This portion is used to set the value of the $junos-aggregation-interface-set-name variable, and is used as the name of a CoS Level 2 interface set that groups subscribers. Enable parsing with the hierarchical-access-network-detection option of the access-line statement.

    [See Detection of Backhaul Line Identifiers and Autogeneration of Intermediate Node Interface Sets.]

  • BGP support over dynamic PPPoE interfaces (MX Series)—Starting in Junos OS Release 18.4R1, BGP is supported over dynamic PPPoE interfaces. PPPoE subscriber clients correspond to BGP neighbors, so you configure the PPPoE subscriber client IP addresses as the BGP neighbor addresses with the [edit protocols bgp group name neighbor] stanza.

    You must enable routing services in both the PPPoE subscriber dynamic profile and the dynamic profile for the underlying VLAN interface with the new routing-service statement. This statement replaces the deprecated routing-services statement.

    You can also selectively enable or disable routing services per subscriber through RADIUS by using the new $junos-routing-services predefined variable. The action is determined by the value of the new Routing-Services VSA (26-212) returned in the RADIUS Access-Accept message.

    [See Junos OS Enhanced Subscriber Management.]

  • Support for Layer 2 services provisioning on the services side of pseudowire service logical interface anchored on redundant logical tunnel interface (MX Series with MPC and MIC)—Starting in Junos OS Release 18.4R1, Layer 2 services provisioning such as bridge and VPLS, is supported on the services side of the pseudowire service logical interface anchored to redundant logical tunnel interface. With this support, the chassis-wide scaling numbers available for the physical interfaces over redundant logical tunnels is extended to pseudowire service interfaces anchored over redundant logical tunnel interfaces.

    [See Layer 2 Services on Pseudowire Service Interface Overview.]

  • Support of single-hop BFD sessions for pseudowire redundant logical interfaces (MX Series)——Junos OS supports inline distribution of single-hop Bidirectional Forwarding Detection [protocol] (BFD) sessions for pseudowire subscriber logical tunnel interfaces by default, as these interfaces are anchored on a single Flexible PIC Concentrator (FPC). With pseudowire redundant logical interfaces, the member logical tunnel interfaces can be hosted on different linecards. As a result, single-hop BFD sessions are operated in a centralized mode because the distribution address is not available for these logical interfaces.

    Starting in Junos OS Release 18.4R1, the support for inline distribution of single-hop BFD sessions is extended to pseudowire subscriber over redundant logical tunnel interfaces, thereby improving the scaling (number of sessions) and performance (detection time) of single-hop BFD sessions.

    [See Anchor Redundancy Pseudowire Subscriber Logical Interfaces Overview.]

  • ARP enhancements for subscriber management (MX Series)—Starting in Junos OS Release 18.4R1, the following ARP enhancements are supported only for framed routes on dynamic VLANs:

    • Dynamic layer 2 MAC address resolution works for network (non-host) IPv4 framed routes. The non-host framed route is coupled with the dynamic Layer 2 address associated with a host route.

    • You can enable the router to compare the source MAC address received in a gratuitous ARP request or reply packet with the value in the ARP cache. The router updates the cache with the received MAC address if it determines this address is different from the cache entry.

    • You can enable dynamic ARP to resolve the MAC address for IPv4 framed host (32-bit) routes. By default, the framed route is permanently associated with the source MAC address received in the packet that triggered creation of the dynamic VLAN.

      [See Junos OS Enhanced Subscriber Management.]

System Management

  • Secure copy (scp) support on Junos OS CLI with the ”source address” and ”routing instance” options (MX240, MX480, MX960, MX2010, MX2020, and vMX)— Starting in Junos OS Release 18.4R1, MX Series routers support the scp command from the CLI, along with two additional options: source address and routing instance. The source address option specifies the local address to use in originating the connection and routing instance option specifies the name of routing instance for the scp session. These two options are also added in the following CLI commands where the scp URL is supported: file copy, file archive, save, show|save, show|compare, load merge, load override, load patch, load replace, load set, and load update. The functionality of these commands remains the same with the source address and routing instance options added.


    The scp command is available under operational mode and configuration mode.

    [See scp , file copy, file archive, load, and save.]

Timing and Synchronization

  • Synchronous Ethernet support for enhanced Switch Control Board (MX240, MX480, and MX960)—Starting in Junos OS Release 18.4R1, MX Series routers with the enhanced Switch Control Board (SCBE3-MX) support synchronous Ethernet. Synchronous Ethernet is a physical layer technology that functions regardless of the network load and supports hop-by-hop frequency transfer. This enables you to deliver synchronization services that meet the requirements of modern-day mobile network, and future Long Term Evolution (LTE)–based infrastructures.

    [See Synchronous Ethernet Overview.]


  • Support to control traceroute over Layer 3 VPN (MX Series)—Starting in Junos OS Release 18.4R1, in a Layer 3 VPN topology with vrf-table-label configured and multiple customer edge (CE) routers configured in the same VPN routing and forwarding (VRF) routing instance, when traceroute is performed to a remote provider edge (PE) router for a CE-facing network, the ICMP time exceeded packet determines the correct IP address as the source address.

    To control the traceroute over Layer 3 VPN topology with vrf-table-label configured and multiple CE routers configured in the same VRF, you can configure allow-l3vpn-traceroute-src-select at the[edit system] hierarchy level that determines the correct IP source address by reviewing the destination routing instance and destination IP address.

    [See allow-l3vpn-traceroute-src-select.]

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS main release and the maintenance releases for MX Series routers.

Release 18.4R2 Changes in Behavior and Syntax


  • Support for an VNI of zero—Starting with Junos OS Release 18.4R2, Junos supports using a VXLAN Network Identifier (VNI)=0 when configuring a bridge domain or vlan in an EVPN-VXLAN network.

Interfaces and Chassis

  • New XML tag element <lacp-hold-up-state> added in show lacp interfaces XML display (MX Series)—In Junos OS Release 18.4R2, the show lacp interfaces | display xml command displays a new XML tag element <lacp-hold-up-state>. The <lacp-hold-up-state> displays the time interval an interface holds before it changes from state, down to up. In earlier Junos OS releases, the LACP hold up the information for all interfaces were in a single <lacp-hold-up-information> XML tag. Now, for each interface it is displayed in a separate <lacp-hold-up-information> XML tag.

  • Support for MAP-E encapsulation and decapsulation on Inline Service Interfaces (MX2010)—In Junos OS Releases 18.2R3, 18.3R2, and 18.4R2, the MX2010 routers support encapsulation and decapsulation of the following ICMP message types for inline service (si) interfaces:

    • Time Exceeded (type 11)

    • Destination unreachable (type 3)

    • Source quench (type 4)

    • Parameter problem (type 12)

    • Address mask request and Address mask reply (type 17 and type 18)

    • Redirect (type 5)

  • IRB not supported on Pseudowire Subscriber (PS) Logical Interface in bridge-domain (MX Series)—In Junos OS Releases 17.4R3, 18.1R4, 18.2R3, 18.3R2, and 18.4R2, Integrated routing and bridging (IRB) is not supported on Pseudowire Subscriber (PS) Logical Interface. Hence you cannot add IRB to bridge domain with PS interface, that is, you cannot configure IRB and PS interface in the same bridge domain.

    Note that adding IRB to a bridge-domain having Pseudowire Subscriber (PS) Logical Interface causes kernel crash and continuous reboot of the router until the configuration is rolled back.


    IRB is not supported on PS only in bridge-domain.

    [See bridge-domain.]

  • In MX204 routers, the error messages were logged when vlan-tagging for a trunk interface is not configured. These error messages are logged with severity level 'critical' earlier but are nothing critical to be handled. The maximum transmission unit (MTU) of interface with or without VLAN-tagging is now logged in as the informational error message (instead of critical error message).

Operation, Administration, and Maintenance (OAM)

  • Performance monitoring history data is lost when change in number of supported history records is detected (MX Series)—In Junos OS Release 18.4R2, when Ethernet Connectivity Fault Management (ECFM) starts, it detects the number of history records supported by the existing Performance Monitoring history database and if there is any change from the number of history records supported (that is, 12) in 18.4R2, then the existing Performance Monitoring history database is cleared and all performance monitoring sessions are restarted with mi-index 1.

Services Applications

  • New syslog message displayed during NAT port allocation error (MX Series Routers with MS MPC)—With address pooling paired (APP) enabled, an internal host is mapped to a particular NAT pool address. In case, all the ports under a NAT pool address are exhausted, further port allocation requests from the internal host results in a port allocation failure. The following new syslog message is displayed during such conditions:


    This syslog message is generated only once per NAT pool address.

  • Support for host generated traffic on a GRE over GRE tunnel (MX Series)—In Junos OS Release 18.4R2, you can send host generated traffic on a GRE over GRE tunnel. However, when path maximum transmission unit (PMTU) is updated for the outer GRE tunnel, MTU for inner GRE tunnel is not corrected.

  • Deprecated IPsec manual security association option (MX Series)—In Junos Release 18.4R2 and later releases, the option hmac-sha2-256 under the services ipsec-vpn rule rule-name term term-name then manual direction (bidirectional | inbound | outbound) authentication algorithm statement is deprecated. Use the hmac-sha-256-128 option instead.

  • Change in error message displayed while fragmenting or de-fragmenting IPv6 GRE tunnel interface (MX Series routers)—In Junos OS Release 18.4R2, on a IPv6 GRE tunnel interface, when you enable fragmentation using the allow-fragmentation command or disable fragmentation using the do-not-fragment command, the following error message is displayed:

    Fragmentation for V6 tunnels is not supported

    In earlier Junos OS releases, the following message was displayed:

    dcd_config_ifl_tunnel:Fragmentation for V6 tunnels is notsupported

Subscriber Management and Services

  • Out-of-address SNMP trap requires thresholds to be configured (MX Series)—Starting in Junos OS Release 18.4R2, the behavior has changed for generating an out-of-address SNMP trap for an address pool configured at the [edit access address-assignment] or [edit routing-instance name address-assignment] hierarchy levels. You must now configure both the high-utilization and abated-utilization thresholds. When the number of assigned addresses surpasses the high-utilization threshold, a high-utilization trap is generated. If all the addresses are assigned from the pool, an out-of-address trap is generated and an out-of-address syslog message is sent.

    In earlier releases, an out-of-address trap is generated when the address pool is exhausted, regardless of whether the thresholds are configured.

    If the number of assigned addresses subsequently drops below the abated-utilization threshold, an abate-high-utilization trap is generated; this behavior is unchanged.

  • Changing attributes of physical interface with active subscribers (MX Series)—Starting in Junos OS Release 18.4R2, the commit check fails when you change any attribute of the physical interface, such as the MTU, when subscribers are active. This affects only aggregated Ethernet physical interfaces with targeted distribution configured. In earlier releases, the commit check does not fail and the attribute change brings down the physical interface and all subscribers using that interface.

  • Subscribers allowed to log in with bad framed route (MX Series)—Starting in Junos OS Release 18.4R2, users are allowed to log in if the framed route received from RADIUS is bad; for example, if the format is incorrect. In earlier releases, the subscriber is not allowed to log in. For customers that use multiple framed routes, the new behavior enables the subscriber to have partial access to the network using the routes that are accepted instead of not being allowed any access.

  • ICMP error message rate limit increased (MX Series)—Starting in Junos OS Release 18.4R2, the maximum rate limit for generating ICMP messages for IPv4 and IPv6 packet errors is increased from 50 pps to 1000 pps. The rate limit applies only to non-ttl-expired packets.

Release 18.4R1 Changes in Behavior and Syntax

General Routing

  • Zero MAC address (00:00:00:00:00:00) treated as "my mac" (MX-Series)—When an Ethernet packet arrives in ingress, pre-classifier engine will perform a lookup of MAC address. If the MAC address matches an entry in the pre-classifier Ternary Content Addressable Memory (TCAM) and the entry has “my mac” attribute, pre-classifier engine will set the “my mac” bit in the cookie prepended to the incoming packet. In current implementation, MAC address “00:00:00:00:00:00” (zero MAC) is programmed as default value for “my mac” TCAM entries when the pre-allocated entries are not used or configured. Hence the packets with zero MAC are marked as “my mac” in the packet cookie. Forwarding engine will check “my mac” bit in the packet cookie. If “my mac” bit is 0, the packet will be dropped. If “my mac” bit is 1, further L2, L3, MPLS lookup will be performed. The “my mac” behavior is applicable since the day one release.

Interfaces and Chassis

  • New option to configure IP address to be used when the Routing Engine is the current master—Starting in Junos OS Release 18.4R1, a new option, master-only, is supported on routers with RE-MX-X6, RE-MX-X8, and RE-PTX-X8 Routing Engines at the following hierarchies:

    • [edit vmhost interfaces management-if interface (0|1) family inet address IPv4 address]

    • [edit vmhost interfaces management-if interface (0|1) family inet6 address IPv6 address]

    In routing platforms with dual Routing Engines and VM host support, the master-only option allows you to configure the IP address to be used for the VM host when the Routing Engine is the current master. The master Routing Engine and the backup Routing Engine can have independent host IP addresses configured. In earlier releases, same IP address would be applied on master and backup Routing Engines resulting in configuration issues.

  • TLV status for Layer 2 protocols (MX460)—Starting in Junos OS Release 18.4R1, the output fields Next-hop and vpls-status are displayed in the show interfaces interface name detail command, only for Layer 2 protocols on MX480 routers.

  • Enhanced AC PEM in high-line power configuration supplies 2400 W power (MX240)—Starting in Junos OS Release 18.4R1, on MX240 routers, the enhanced AC PEM in high-line power configuration provides a power output of 2400 W. On Junos OS versions prior to 18.4R1, the PEM provided only 2050 W of power output.

    [See show chassis power.]

  • Support for creating layer 2 logical interface independently (MX Series)—In Junos OS Releases 18.4R1, 18.4R2, and later, MX Series routers support creating layer 2 logical interface independent of layer 2 routing instance type. That is, you can configure and commit the layer 2 logical interfaces separately and add the interface to bridge-domain or Ethernet VPN (EVPN) routing instance separately. Note that the layer 2 logical interfaces works fine only when the interface is added to bridge domain or EVPN routing instance.

    In the earlier Junos OS releases, when an layer 2 logical interface configuration (units with encapsulation vlan-bridge configuration) is used, then the logical interface must be added as part of a bridge-domain or EVPN routing instance for the commit to succeed.

  • Error message displayed due to configuration changes in live system—Starting in Junos OS Release 18.4R1, on MX Series routers with the RE-S-X6-64G and RE-MX2K-X8-64G Routing Engines, when the user changes the router configuration on a live system, or when the user deletes an interface that has active traffic, the message select: protocol failure in circuit setup is randomly displayed. However, there is no known functional impact.


  • Previously, when you configured zero (0) as the bandwidth of an RSVP interface, the bandwidth value was overwritten with the default interface bandwidth (raw hardware bandwidth), leading to unexpected behavior in the LSP setup. Starting with Junos OS Release 18.4R1, when you configure zero as the bandwidth, 0 is applied as the RSVP bandwidth.

    [See bandwidth (Protocols RSVP).]

  • Starting in Junos OS Release 18.4R1, the remote procedure call (RPC) protocol XML tag for mpls-label-value is renamed as mpls-history-label-value, mpls-usage-label-value, and mpls-label-id-value depending on the context of command usage.

  • Change in command syntax—Starting in Junos OS Release 18.4R1, the show ldp database label-requests command name is changed to show ldp database-label-requests with no change to command functionality.

  • Loss of traffic over bypass MPLS LSPs—If RSVP link or node protection is enabled along with global RSVP authentication, there is loss of traffic over bypass MPLS LSPs at the time of local repair, when the point of local repair (PLR) and the merge point devices have different versions of the Junos OS software installed on them. That is, one device is running a release prior to Junos OS Release 16.1, and the other device is running a release starting with Junos OS Release 16.1R4-S12.

Network Management and Monitoring

  • SSHD process authentication logs timestamp (MX Series)—Starting in Junos OS Release 18.4R1, the SSHD process authentication logs use only the time zone defined in the system time zone. In the earlier releases, the SSHD process authentication logs sometimes used the system time zone and the UTC time zone.

    [See Overview of Junos OS System Log Messages.]

  • The NETCONF server omits warnings in RPC replies when the rfc-compliant statement is configured and the operation returns <ok/> (MX Series)—Starting in Junos OS Release 18.4R1, when you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level to enforce certain behaviors by the NETCONF server, the server must not return an RPC reply that encloses both an <rpc-error> element and an <ok/> element. If the operation is successful, but the server reply would enclose one or more <rpc-error> elements of severity warning in addition to the <ok/> element, then the warnings are omitted. In earlier releases, or when the rfc-compliant statement is not configured, the NETCONF server might issue an RPC reply that encloses both an <rpc-error> element of severity warning and an <ok/> element.

  • Change in severity level of XQSS errors (MX Series)—Starting in Junos OS Release 18.4R1, on MX series routers with the MPC7E-10G, MPC7E-MRATE, MPC8E, and MPC9E line cards, the severity level of the following errors have been changed from Fatal to Major.



    With this change, the above errors no longer cause the entire FPC to go offline by default. Instead, these errors cause the affected Packet Forwarding Engine (PFE) to be disabled, because disable-pfe is the default action associated with Major errors on MX Series routers.

    Additionally, the severity level of the correctable error XQSS_CMERROR_CORRECTABLE_MEM_ERR has been changed from Fatal to Minor.

    You can use the commands show chassis errors active detail fpc-slot slot and show chassis fpc errors slot to view more details of, and the default actions associated with, these errors.

    [See show chassis fpc errors.]

Routing Protocols

  • BGP PIC determines MPLS fast reroute (FRR) using BPG multipath—Starting in Junos OS Release 18.4R1, when you configure BGP Prefix Independent Convergence (PIC) with protect-core statement, a forwarding route with an MPLS fast reroute (FRR) next hop is created using BGP multipath.

    In older releases when BGP PIC feature was configured, a backup path was determined using protocol independent load balancing multipath and installed in the forwarding table as an active path, which might cause routing loops.

    We recommend that you update scripts that count active routes since BGP multipath contributors are also counted and the active route count goes up. The output of the show route command has been modified to reflect this behavior change.

    [See Configuring BGP Prefix Independent Convergence for Inet.]


  • Syslog updated when configuring XPN cipher suite on a non-xpn supported interface (MX Series)—In Junos OS Release 18.4R1, on MX Series Routers, if you attempt to configure XPN cipher suite (gcm-aes-xpn-128 or gcm-aes-xpn-256) for a connectivity association and attach the connectivity association to an interface on the PIC that does not support XPN cipher suite, then during runtime, a syslog is logged as below (and default non-xpn cipher suite is used):

    macsec_ciphersuite_is_supported MACSec: ifd ifd_id (ifd_name), Cipher suite cipher id (cipher name) NOT SUPPORTED.

Software Defined Networking (SDN)

  • Installation or upgrade using remotely located installation package (MX480, MX960, MX2010, MX2020, MX2008)—While performing Junos installation or upgrade on the base system (BSYS) or guest network function, if you provide a URL to the remotely located installation package (for example, an ftp file) in the command request system software add package-file-path, the router locally copies the package, performs checks such as multi-version compatibility checks on the package, and then installs the package. The installation process is aborted if any errors are found during the checks. Previously, if you tried to perform installation or upgrade using a remotely located file, the router would skip multi-version checks and display an error message, but would not abort the installation process.

    [See Junos Node Slicing Upgrade]

Software Installation and Upgrade

  • ZTP is supported on MX PPC platforms (MX Series)—As of Junos OS Release 17.2R3, zero touch provisioning (ZTP) is supported on MX PPC platforms (which are MX5, MX10, MX40, MX80, and MX104 routers). Before the fix, the ZTP process did not start to load image and configuration for MX PPC routers.

    [See Junos OS Installation Package Names.]

Subscriber Management and Services

  • Flat-file service accounting support ends (MX Series)—Starting in Junos OS Release 18.4R1, flat-file service accounting to a local file is no longer supported. If included in a configuration, it is ignored.

    [See Flat-File Accounting Overview.]

Known Behavior

This section contains the known behavior, system maximums, and limitations in hardware and software in Junos OS Release 18.4R2 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Forwarding and Sampling

  • LTS subscriber statistics are reported to RADIUS. PR1383354

  • For Junos OS Release 18.4R1 and 18.3R2, if ipv4 prefix is added on a prefix-list referred by IPV6 firewall filter then the log message Prefix-List [Block-Host] in Filter [Protect_V6] not having any relevant prefixes , Match [from prefix-list Block-Host] might be optimized will not be seen in this particular release. PR1395923

General Routing

  • The problem is, when some route/NH has been created by the application, it is assumed that it can propagate to the rest of the system. KRT asynchronously picks up this state for propagation. There is no reverse indication to the application, if there was an error in propagating the state. The system is supposed to eventually reconcile. So, if SPRING-TE produces a <route, NH> pair that looks legal from the application’s standpoint, but the KRT is not able to download it to the kernel, (because kernel rejected the NH), the <route, NH> gets stuck in RPD. In the meantime, the previous version of the route (L-IS-IS in this case) that was downloaded still lingers in the kernel and Packet Forwarding Engine. PR1253778

  • CFM is not supported for L2-over-GRE tunnel. CCM can pass through as transit traffic through GRE interfaces transparently using data path. Link trace functionality uses MAC-learning and re-injecting LTM on GRE interface in case the bridge is configured with CFM. PR1275833

  • An underflow error is seen during FPC cold boot and initial traffic start cases. But these errors are limited and should not appear once traffic is stabilized. PR1306280

  • Support for enterprise profile is only provided for 10-Gigabit Ethernet interfaces. Use of 40-Gigabit Ethernet and 100-Gigabit Ethernet interfaces might result in a phase alignment issue. PR1310048

  • When cmerror disables Packet Forwarding Engine, it does not power off the ea and hmc chips. Temperature monitoring continues on the hmc and other devices, and the system can take proper actions, such as increase the fan speed or shutdown the systems. The periodic calls hmc_eri_config_access() to get temperature readings. It is expected to get ERI timeout continuously in this case. PR1324070

  • Hardware watchdog does not work on QFX10008 and QFX10002-60C/PTX10002-60C. PR1343131

  • The Routing Engine boots from the secondary disk when you:

    Press the reset button, on the RCB front panel, while Routing Engine is booting up but before Junos is up.

    Upgrade software, by booting from the network using the request vmhost reboot network command, and the system fails to boot from the network.

    Upgrade BIOS and the upgrade fails.

    Reboot and the system hangs before Junos is up. PR1344342

  • The MIC-MACSEC-20G supports 10G speed through the set chassis fpc x pic y pic-mode 10G configuration applied to both the PICs in that MIC. Any other PIC mode configuration should be removed and then the 10G PIC mode configuration is to be applied. PR1374680

  • In Junos most daemons underwent architectural change in transition from Junos OS Release 14.1X53 to Junos OS Release 17.X (4 years) and many new features were added. These changes caused increase in memory footprint in 17.X compared to 14.1X53. Unless we see system instability or any adverse performance impact, daemon crash due to low memory, this increased memory footprint should not be an issue, functionality should work fine. The increased memory footprint is a Junos property not specific to QFX5000. PR1390226

  • IDS aggregate configuration statement will not be considered for the installation of the IDS dynamic filter. PR1395316

  • Junos do not perform vlan-id check at the egress and vlan-id check is only performed at ingress. PR1403730

Interfaces and Chassis

  • At JDM install time, each JDM instance generates pseudo-random MAC addresses to be used for JDM's own management interface and for the associated GNFs' management interfaces. At GNF creation time, each GNF instance generates pseudo-random MAC addresses to be used as the chassis MAC address pool for the forwarding interfaces of that GNF. Once generated, JDM and GNF MAC addresses are persistent, and will only be deleted when the JDM or GNF instance itself is deleted.

    At a GNF, the Junos OS CLI command show chassis mac-addresses can be used to examine its chassis MAC address pool, and the Junos OS CLI command show interfaces fxp0 can be used to examine the MAC address of its management interface.

    At JDM, the CLI command show interfaces jmgmt0 can be used to examine the MAC address of its management interface.

    In case of MAC address duplication across JDM or GNF instances, you must delete and then reinstall the respective JDM or GNF instance and check again for duplication.

  • The two SFP+ ports on the the Routing Control Board (RCB) of an MX2008 router have two port LEDs each— one Link Status LED and one Link Activity LED per port. On an MX2008 router, which is connected to an external x86 server in a Junos Node Slicing setup, behavior of these LEDs with regard to Junos Node Slicing configuration is as follows:

    • The Link Status LEDs and Link Activity LEDs on both the ports are off when Junos Node Slicing is disabled or not configured.

    • When you have configured network-slices on the router (also called base system or BSYS) but have not configured guest network functions (GNFs) on the server, the Link Status LED on each port turns green (steady glow). In this case, the Link Activity LED on each port is off.

    • When you have configured Junos Node Slicing (including GNFs), the Link Activity LED on each port is amber (blinking), while the Link Status LED on each port remains green (steady glow).

  • Error thrown when router configuration updated on live system—In Junos OS Release 18.4R1, on MX Series routers with the RE-S-X6-64G and RE-MX2K-X8-64G Routing Engines, when the user changes the router configuration on a live system, or when the user deletes an interface that has active traffic, the message select: protocol failure in circuit setup is randomly displayed. However, there is no known functional impact.

Platform and Infrastructure

  • On all Junos platforms, execution of Python scripts through enhanced automation does not work on veriexec images. PR1334425

  • It is expected to see few transient FI Cell underflow errors during unified ISSU as long as they do not persist. PR1353904

  • On QFX10000 switches configured as type-5 route peers, when only peer 1 advertises routes, that peer might not install the decapsulated next-hop (NH) route. As a result, type-5 encapsulated traffic sent by peer 2 is dropped until peer 2 advertises any type-5 route. As a workaround, configure a static route pointing to discard on peer 2 and advertise that route as a type-5 route to peer 1. PR1386423

  • In some cases PS interfaces over RLT might be shown as up but not pass traffic. Log messages reporting asic error and a chassis alarm reporting hard fpc errors may also be seen. PR1400269

Routing Protocols

  • When multiple adjacencies are coming-up or flapping, some routes may not have remote-lfa backup nexthops. They will appear only after next SPF trigger either manually or via network event. PR1389392

Subscriber Management and Services

  • Before you make any changes to the underlying interface for a demux0 interface, you must ensure that no subscribers are currently present on that underlying interface. If any subscribers are present, you must remove them before you make changes.

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 18.4R2 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • Configuration of hidden configuration statement rate-limit-burst in the class-of-service hierarchy. The commit needs to push an update for CoS code handling on all the Packet Forwarding Engines and during this time, if an interface settings ( Internal attributes for an interface) was found to be NULL. Interface settings are usually stored in a memory location and the pointer to it became NULL because CoSD did not check for the NULL values and resulted in segmentation fault. Channelized interface setting was found to be NULL for channelized interfaces, but the CoS code handling the configuration rate-limit-burst in Packet Forwarding Engin de-referenced the setting without doing NULL check, resulting in core files. PR1425667


  • The issue is applicable to mac-in-mac PNN-EVPN and does not affect any other scenario. When PBB EVPN configuration is reloaded on MX Series routers, error logs are seen while deleting interfaces related to backbone bridge component. These errors does not result in any functional issues. PR1323275

  • Type 2 EVPN routes are missing after deactivating/activating protocol EVPN. PR1362598

  • Ping overlay - RPC Error (illegal option ? X?). PR1373025

  • When EVPN is configured with class-of-service-based forwarding (CBF), traffic might be lost for the CBF services. PR1374211

  • Replace Multihome advertisement proxy bit from L2_info community to ARP/ND extended community. The default value is 0x4. PR1408055

  • In Ethernet VPN - Virtual Extensible LAN protocol (EVPN-VXLAN) scenario with scaled Bridge Domains configured (for example, 4000 Bridge Domains), if the core facing link on the VXLAN Tunnel Endpoint (VTEP) comes up (Down >> Up), the traffic received from the CE (Customer Edge) might be dropped by the VTEP for a period of time before it becomes normal. PR1408840

  • In EVPN Single Active scenario, the EVPN/7] /32 host route always appears on non-DF PE if Chained Composite Nexthop (CNH) is ON. protocols evpn remote-ip-host-routeshas no effect if CNH is ON. When CNH if OFF, remote-ip-host-routes has intended effect. PR1419466

Forwarding and Sampling

  • The skip-service configuration does not work with IPv6 ndp negotiation or ping. PR1074853

  • SRRD process acts as a server for all J-Flow clients. The J-Flow clients can be either Packet Forwarding Engines or PICs performing J-Flow. The maximum number of J-Flow clients were previously 32 and it has been increased to 64 in this release. PR1261783

  • Heap memory leaks occur on DPC when the flow specification route is changed. PR1305977

  • This PR is to fix some hints for the CLI commands to avoid confusion. With the fix, it should be as follows: {master}[edit] labroot@beltway-re1# set firewall flexible-match source-ipv6-match bit-length ?PR1389103

  • On Junos Fusion, ingress policing on SD is broken ( MX+QFX: Ingress policing on AD and SD) set interfaces layer2-policer input-policer <policer-name> is not supported in this release. PR1395217

  • For Junos OS Release 18.4R1 and Junos OS Release 18.3R2, if ipv4 prefix is added on a prefix-list referred by IPv6 firewall filter then the log message Prefix-List [Block-Host] in Filter [Protect_V6] not having any relevant prefixes , Match [from prefix-list Block-Host] might be optimized will not be seen in this particular release. PR1395923

  • If service-filter is configured, the device might be in Amnesiac mode after executing unified ISSU and error message mgd: error: configuration check-out failed might be seen. PR1432664

General Routing

  • In rare cases, a race condition might occur, in which a duplicate SNMP index might be assigned to the same interface. As a result, the mib2d daemon might crash. This issue should not cause any service impact. PR1033249

  • If a Layer 3 interface is receiving a GRE encapsulated packet and interface has two filters attached in ingress as follows

    a. Family any? with action as mirror

    b. Family inet? with action as ?decapsulate gre? then the expected behavior is that mirrored copy must have the GRE headers as well. However, that is not working as expected (and a bug) due to presence of filter (b). If the customer is interested in mirroring entire packet that came on the interface (that includes GRE header as well), then workaround is to deactivate/disable the "decapsulate gre? action of filter (b).PR1090854

  • Next hop attribute in a framed route is not applicable anymore. Since subscriber IP address is used as the next hop in all cases, there is no need to have an additional attribute for nexthop for framed routes. PR1186046

  • When performing a Routing Engine switchover, without the support of non-stop Routing (NSR), it might occasionally happen that the L2CPD daemon (L2 Control Protocol Daemon) reports a slips in its scheduled run of a few seconds (1 to 10) and a log message will be printed similar to the following: Aug 1 10:41:21 mx9601 l2cpd[32770]: JTASK_SCHED_SLIP: 8 sec scheduler slip, user: 0 sec 2180 usec, system: 0 sec, 2188 usec. This delayed run has no functionality nor operational effect to any of the Layer2 protocols controlled by L2CPD because STP task delegates transmit/receive bpdus to a separate dedicated PPMD daemon, and LLDP task's transmit/receive PDUs are dealt from daemon itself but the advertisement-interval is 30 seconds, with hold-timer for neighbors LLDPPDU being 120 seconds, so the time to recover the few seconds of slips is plenty and enough to absorb it. PR1203977

  • In a rare race condition, multiple interrupts are not handled properly on MX platform with MPC7E/MPC8E/MPC9E and PTX platform with FPC3-PTX-U2/FPC3-PTX-U3, which could lead to a core file. This condition is difficult to reproduce. As a workaround, the interrupt code is optimized to avoid the unnecessary call to prevent the issue. PR1208536

  • Packet forwarding traffic might be permanently impacted due to transient memory parity error at the Egress Port Manager (EPM) port-group. Operational impact will be verified and an alarm will be raised with the syslog message READ/WRITE pointers in free pool FIFO stalled .PR1220019

  • In a BGP or MPLS scenario, if the next-hop type of label route is indirect, then the following changing events about the next-hop interface MPLS family might cause the route to be in DEAD state, and the route will remain dead even when the family MPLS is again activated. The following events occur:

    Deactivating and activating the interface family mpls

    Deleting and adding back the interface family mpls

    Changing maximum labels for the interface

    Note: When a labelled route is resolved over an interface, that interface must have family mpls configured for the route to be successfully resolved. Otherwise the route does not get resolved. PR1242589

  • Load Balancing is uneven across aggregate Ethernet member links when the AE bundle is part of an ECMP(Equal Cost Multi-Path) path. The AE member-links needs to span Virtual Chassis members. PR1255542

  • The following cosmetic error is observed as the output: mspmand[190]: msvcs_session_send: Plugin id 3 not present in the svc chain for session. Please open a JTAC case to confirm. PR1258970

  • If vmhost snapshot is taken on alternate disk and there is no further vmhost software image upgrade, the expectation is that on current vmhost image getting corrupted, system will boot with alternate disk so as user can recover primary disk to restore the state. However, under the condition where corruption is with host root file system, the node is booting with previous vmhost software as against booting from alternate disk. PR1281554

  • PDT team noticing this issue while testing the 17.4R1-S3.3 image while testing the CUC-1422. ########################################################################### ############################ Error message: Jun 16 08:17:17 banaswadi rpd[51849]: Error creating dynamic logical interface from sub-unit 1051592: Device busy Jun 16 08:17:17 banaswadi rpd[51849]: Error creating dynamic logical interface from sub-unit 1051593: Device busy error message: rpd[51849]: Error creating dynamic logical interface from sub-unit 1051680: Device busy PR1286042

  • It is not possible to collect shmlog entries and statistics on MX5, MX10, MX40 platforms. The code changes also include improvements which should prevent shmlogctl process core files are seen due to a timing issue. PR1297818

  • Every load override and rollback operation increases the refcount by 1 and after it reaches the max value of it (65,535), the mgd process is terminated. When mgd terminated, the active lock may remain preventing any further commits. PR1313158

  • The show dynamic-tunnels database summary would not show accurate tunnels summary during the time anchor Packet Forwarding Engine linecard is not in up state. Use below commands as a work around: show dynamic-tunnels database and show dynamic-tunnels database terse. PR1314763

  • This RLI 36068 was done to target Oracle use case. Oracle does not use chain-composite. This knob does nor bring in a lot of gain since TCNH is based on ingress rewrite premise. Without this knob things work just fine. PR1318984

  • In JDM, (running on secondary server) jdmd daemon might generate core files if GNF add-image is aborted by pressing CTRL-C. PR1321803

  • With regards FPC restarts/Virtual Chassis splits, the design of MX Series Virtual Chassis infra relies on the integrity of the TCP connections and the reactions to failure situation might not handle in graceful way : tcp connection timeout because of jlock hog crossing boundary value (5 seconds) causing bad consequences in MX Series Virtual Chassis currently no other easy solutions that would be able to reduce this jlock hog besides enable marker infra in MX Series Virtual Chassis setup. Unfortunately, there is no immediate plan on enabling marker as it was causing a lot of issues in MX Series Virtual Chassis when we tried to enable it. PR1332765

  • First packet pertaining to Jflow Packet Forwarding Engine sensor in UDP mode is missing after line card reboot on PORTER-R platform. PR1344755

  • With Graceful Routing Engine Switchover (GRES) enabled in subscriber environment, if subscribers are logging in/out very quickly, the service sessions in Session Database (SDB) of backup Routing Engine (RE) might be leaked. If the problem is not detected for long enough, the backup Routing Engine might not be able to come back into sync with the master outing Engine and will not be ready for GRES. PR1346300

  • During unified ISSU that warrants host upgrade, if the router is configured with 8 million v4/v6 routes or more, the unified ISSU might fail resulting in FPC restart. PR1348825

  • On next generation Routing Engine (NG-RE), a failure of the Hardware Random Number Generator (HWRNG) will leave the system in a state where not enough entropy is available to operate. PR1349373

  • In some cases, online insertion and removal (OIR) of a MIC on an FPC can lead to black-holing of traffic destined to the FPC. The only way to recover from this is to restart the FPC. The issue will not be seen if use the corresponding CLI commands to bring MIC offline and then online. PR1350103

  • On all Junos platforms, licenses might not take effect after successfully committing a license key configuration. PR1350302

  • There is no support of interface range for channelized interfaces on EX9253, user has to configure interfaces individually. PR1350635

  • During stress conditions error log messages regarding route add/change/delete might be incorrect. PR1350713

  • If an AE (Aggregated Ethernet) interface is configured as link-protection backup-state down , AE operational state is still up even though the member interfaces configured under the AE are down. This issue is specific to AE link-protection backup-state down configuration. PR1354686

  • The issue only occurs on AE link deactivate/activate, which means that the LAG interface is deleted from the system and created again. But then, issue does not happen on de-activating/activating the link manually or by running this individual case in the script. There is no traffic loss. The traffic will continue to use the Backup Link however. The AE link up/down case is working as expected. Forwarding allocates a hardware selector for every <Primary Link/Backup Link/Primary Weight/Backup Weight>. Group for local-repair which will be shared by multiple Unilist Nexthops (A nexthop with active and backup gateways using the primary and backup IFLs). The Selector is getting stuck in rerouted state. There is no traffic loss but the traffic is flowing via the Backup Link even after the primary AE link is created again. The problem seems be with unilist->indirect->hold to unilist->indirect->unicast state transition during the deactivate/activate. As of now, we have a workaround to enable the vty command to change the unilist hold behaviour. Since the issue gets replicated very sporadically, getting to the actual fix is taking some time. PR1354786

  • The configurations of bridging routing instances having AE IFLS(6400IFLs) and IRB instances, all from a single FPC, the CPU utilisation of the FPC stays at 100% for 4 minutes. The behavior from PFEMAN of FPC has the processing time spiked on IF IPCs and this seems to be the case of MPC7E from Junos OS Release 16.1R1(or even earlier). After 4 minutes, the CPU utilisation comes down and the FPC is normal. Therefore, this scale configuration on MPC7E takes settling time of 4+ minutes. PR1359286

  • Syslog is updated when user tries to configure xpn cipher over a non-xpn supported platform such as MIC-MACSEC-20G even though commit goes through. PR1367722

  • When FPC is booting up (either during unified ISSU or router reboot or FPC restart), i2c timeout errors for SFP can be noticed. These errors are seen as i2c action is not completed as device was busy. Once card is up all the i2c transactions to the device was ok, so no periodic failure is observed. There is no functional impact and these errors can be ignored. PR1369382

  • After successfully delegating a locally configured LSP to a PCE, the router still displays 0 as the "Delegated" counter value under the output of CLI command show path-computation-client status. PR1369929

  • The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC5E. PR1370337

  • When the MIC-MACSEC-20G is in offline state after Fake-Kats initiation- the MIC has to be brought up by issuing chassisd restart. Attempting to online the MIC via CLI could cause the MIC to go hardware error state. PR1374532

  • When CBF (CoS-based forwarding) is enabled, due to the indexed nexthop installation issue in kernel, the rpd process might crash upon route flap and LSP flap. PR1374558

  • I/O session used for communicating between threads is freed due to FSM state transition. After freeing the memory, the fields of the I/O session are used for tracing causing RPD core file. PR1374759

  • If any of the log message continuous to pop in MPC console, it indicates the presence of faulty SFP/SFP+ which is causing I2C transaction from main board CPU. There is no software recovery available to recover from this situation. These logs also indicates potential I2C transaction failure with any of the 10 ports available with GMIC2 in PIC 0 resulting in unexpected behaviors such as, link not coming up or MIC itself not booting up on restart. I2C Failed device: group 0xa0 address 0x70Failed to enable PCA9548(0x70):grp(0xa0)->channel(0)mic_sfp_select_link:MIC(0/0) - Failed to enable PCA9548 channel, PCA9548 unit:0, channel ID: 0, SFP link: 0mic_sfp_id_read: Failed to select link 0 Only way to recover from these failures is to detect & replace faulty SFP/SFP+ plugged into the GMIC2 ports PR1375674

  • In subscriber scenario, if the service-accounting-deferred is configured on dynamic-profile, and there is multicast to a large number of destinations on the same physical port, the FPC Errors might be seen. PR1380566

  • In rare situations at heavy traffic loads, input frame check sequence counter might get incremented. PR1383009

  • The users can still issue command set vmhost... although permissions system-control is not configured on system class. PR1383706

  • Commit should not be allowed if we are trying to delete the physical-cores configuration statement. However, there is no functional impact. PR1384014

  • In low end 32-bit systems, rpd has a lower level of available memory. It is desired to have a log message to alert customer when the average memory usage or transient memory usage exceeds thresholds. PR1387465

  • During Zero Touch Provisioning (ZTP) process, default route is being cleaned up by code. Due to this if a static default route is configured in the initial configuration (configuration file downloaded from the file server for ZTP), the route will fail to work. This might lead to ZTP failure or device access issue after ZTP. PR1387724

  • On MX platform enabled with enhanced subscriber management, if the filter service is enabled for each subscriber, and there are large scale of Broadband Edge (BBE) subscribers (for example, 10000) logging in and out repeatedly, the Flexible PIC Concentrator (FPC) might crash due to this rare issue. PR1388120

  • In cases of PS over rlt at high scale, removing and adding back CoS configuration can cause the fpc to enter a hard error state. PR1388487

  • The virtio throughput remains same for multi-queue and single-queue deployments. PR1389338

  • In a Junos Fusion Provider Edge (MX Series) scenario, all the FPCs might restart after committing the changes to the VLAN/encapsulation on the extended port if the parameter per-interface-per-member-link ingress is configured for sourced routing statistic by using the command set protocols isis source-packet-routing sensor-based-stats per-interface-per-member-link ingress. PR1392071

  • In a highly scaled EVPN-VXLAN environment, if there are many (1000+) simultaneous VM mobility events where the VMs move to reside behind a new leaf switch and the VM MAC addresses are also changed at the same time, in rare cases the ARP/ND table on the Layer3 gateway devices may be left with stale state pointing to the original leaf which hosted a VM rather than the new location. PR1395685

  • MPC card/afeb/tfeb with Channelized OC MIC can crash with core files. PR1396538

  • The Junos RPD daemon has facilities to attempt to trap certain classes of non-fatal bugs by continuing to run, but leaving a "soft" core file. Leaving a soft core is intended to be non-disruptive to routing and forwarding. This PR implements a mechanism by which users may disable soft core files being generated. PR1396935

  • Interface link is staying down when we deactivate/activate the channelized XE interface configured with speed 1G (when using QSA adaptor) on MX10008/MX10016 (JNP10K-LC2101 MPC) with Line rate traffic flowing. As a workaround, we need to offline/online the PIC to recover the link, this is the known issue. PR1397202

  • The CLI command show system firmware might provide unexpected output on some MX platform such as MX104. The "current version" might be shown as ?? instead of the correct version number. PR1398022

  • The ether-pseudowire zero-control-word configuration option under the forwarding-options enhanced-hash-key family mpls stanza does not take affect in a Junos Node Slicing setup. Although configured as: set forwarding-options enhanced-hash-key family mpls ether-pseudowire zero-control-word The parameter is not passed to MPC9E line card. This can impact load balancing over Abstract Fabric (AF) interface when using Pseudowire Headend Termination (PWHT) in a Guest Network Function (GNF). PR1400881

  • The $junos-framed-route-ipv6-address-prefix variable for programming IPv6 routes is only permitted under the routing-options->rib->access stanza. PR 1384523 changed the code to avoid the incorrect mixing of V4 and V6 framed routes in the same stanza and force the V6 framed routes to only be parsed if they were in their correct routing-options->rib ->access stanza. Additionally, runtime warnings for invalid configuration V6 framed routes configuration were added in PR 1388737. PR1401144

  • In BGP-PIC case, If a route R1, resolves on top of multipath-route R2, where R2 has primary and backup indirect-nexthops, it will be better if backup leg is not used for resolution of R1. There is no impact on any existing CLI commands. Backup path is never used when primary path is available. PR1401322

  • In JET/Telemetry scenario, the Telemetry log file is not rotated and keep growing until Routing Engine (RE) is out of disk space, this might cause unexpected impact of RE, and eventually lead to RE crash. The fix has now been provided to set max allowable size to 50M and once the file reaches its max size, it will get rotated and compressed. PR1401817

  • The sample-frequency data-type is changed from "milliseconds" to "seconds." PR1402197

  • After upgrading Junos to Junos OS Release 17.2 or later releases, the command chained-composite-next-hop ingress l3vpn extended-space cannot be configured any longer on a Logical system. PR1402390

  • With the initiation of image installation on Base System of a setup with node slicing enabled, session gets terminated unexpectedly. PR1402643

  • 1G configuration mode is not an unified ISSU supported configuration on Summit MX 3RU router. If that configuration is present on the Summit MX 3RU box, then the customer has to remove the same before attempting ISSU. Otherwise the 1G configurations will not behave as expected post ISSU and traffic loss can be expected. Currently there is no warning/error message alerting the customer on the same. This is applicable to Summit MX 3RU platform only. PR1405527

  • On all QFX5200/5100 platforms, the router might not be able to send out control plane traffic to the peering device along with Failed to allocate 16384 DMA memory messages. All the routing protocols running over the affected interfaces will be down due to this issue, and therefore it impacts the service. PR1406242

  • The process rpd might crash after a non-forwarding route (that is, a route to an indirect next-hop association is non-forwarding indirect next-hop) which is received from multiple protocols is resolved again by using the non-forwarding path. PR1407408

  • On PTX or QFX10002/QFX10008/QFX10016, a auto correctable non-fatal hardware error on PE chip (which is ASIC on PTX1000, PTX10002, QFX10002, the third-generation FPC on PTX3000/PTX5000, and the Line card on PTX10008/PTX10016/QFX10008/QFX10016) is reported as 'FATAL' error and hence the related Packet Forwarding Engine (PFE) will get disabled. The code changes have been made to change the error category from 'FATAL' to 'INFO' to avoid the Packet Forwarding Engine to be disabled unexpectedly. PR1408012

  • Goose Island Stage 2 MIC (MIC-MACSEC-20GE) supports Extended Packet Numbering (XPN) mode on 1G/10G interfaces. PR1409457

  • If Generic Routing Encapsulation (GRE) over GRE tunnel is used for sending Routing Engine originating traffic, the traffic cannot be encapsulated properly although the GRE over GRE tunnel works for transit traffic. PR1411874

  • In the subscriber environment, if the client profile has no filters while the service profile has filters, after a subscriber login, the ifstate compression might be seen when deleting the current filters and then adding a different filter. When this occurs, the firewall filter might be corrupted. PR1414706

  • PCE initiated LSPs get deleted from PCC if PCEP session goes down and gets re-established within delegation-cleanup-timeout period. PR1415224

  • With Netconf the xmlns attribute is printed twice for rpc <get-arp-table-information> to the router. PR1417269

  • Certain JNP10008-SF and JNP10016-SF manufactured between July 2018 to March 2019 may have incorrect core voltage setting. The issue can be corrected by re-programmed the core voltage and updated the setting in nvram memory. PR1420864

  • On MX platform, with 1xCOC12 or 4XCOC3 used, if channelized interfaces are configured, FPC CPU overuse might be seen. PR1420983

  • On MX platform, performing the command show forwarding-options load-balance .. might cause Packet Forwarding Edge wedge after some number of attempts (lesser than 200 in test), if the option destination-address of the command matches the default route with "discard" action, this is because a defect code causing internal flow errors is involved in that scenario. PR1422464

  • On MX204 platform, the allocation of MAC address for 2nd PIC in the FPC might fall out of the MAC address pool, which might further cause MAC confliction in the network. PR1422679

  • Added support for SFP-T with QSA adapter in MX10003. PR1422808

  • vMX RIOT Process Panics, results in Riot Core Dump & Impact Data Forwarding. During this condition, following logs are seen in the Log Messages: May 23 18:00:07 fpc0 riot[1888]: PANIC in lu_reorder_send_packet_postproc(): May 27 05:41:21 fpc0 riot[6655]: PANIC in lu_reorder_send_packet_postproc():. PR1423575

  • On Junos routers and switches with Link Aggregation Control Protocol (LACP) enabled, deactivating a remote Aggregate Ethernet (AE) member link will make the local member link move to LACP Detached state. The Detached link will be invalidated from the PFE AE-Forwarding table as expected. However, if the device is rebooted with this state, all the member links will be enabled in Packet Forwarding Engine AE-Forwarding table irrespective of LACP states and result in traffic drop. PR1423707

  • The issue is limited to DB related to MAC-MOVE scenario. When dhcp-security is configured, if multiple IPv4 and IPv6 Client's MAC-MOVE happens, the jdhcpd might consume 100% CPU and jdhcpd will crash afterwards. PR1425206

  • On all junos platforms running 64-bit mode rpd, the rpd will crash continuously if any protocol authentication (like MD5 authentication for BGP/ISIS/OSPF) is used along with master-password. PR1425231

  • Whenever the command is issued: show snmp mib walk jnxMibs, the following logs are seen in chassisd Mar 14 15:59:33 fru_is_present: out of range slot 0 for Mar 14 15:59:33 fpm_get_sys_led: FPM display module missing Mar 14 15:59:33 snmp_get_pem_led_state 936: pem state = 5, ret_val = 2 Mar 14 15:59:33 snmp_get_pem_led_state 936: pem state = 5, ret_val = 2The above logs are triggered by SNMP polling. These logs are superficial in nature and has no impact on production with respect to the below KB: The KB has three old PRs for SRX/M10i which has fix in 12.x version. However we are noticing these log messages in 18.x version in MX204. PR1425411

  • More number of MACs/MAC-IPs can get learnt if mac/mac-ip limit is configured in a particular sequence. An example is shown below:

    1. Learn 50 remote entries

    2. Configure mac limit of 20 (remote entries remain intact, this works as expected)

    3. Learn 50 local entries At this point, no local entries must be learnt, as mac limit is 20. However, all 50 local macs get learnt causing mac count to be 100, which is incorrect. The same issue will be seen for mac-ip limit as well. PR1428572

  • Some non-Juniper 40G SFPs might utilize 100G QSFP28 marking in their EEPROM indicating CDR bypass mode, which enables the use of 100G optics at 40G speeds. On some 40G line cards, JunOS detects an incorrect pluggable qsfp28 of type 0x11 (17 decimal) inserted into a qsfp+ of type 0x0d in the cage and reports this error to syslog. PR1434183

High Availability (HA) and Resiliency

  • On QFX5100 Series Switches, ksyncd process might crash and generate a core file during graceful switchover. PR1275022


  • When there is a high route churn or when there is a high rate of route updates being pushed to the kernel. The show interface command might show delay or not show all statistics due to route updates being prioritized over statistics messages. PR1250328

  • Junos OS can hang trying to acquire the SMP IPI lock while rebooting when it is running as a VM on Linux and QEMU hypervisor. PR1359339

Interfaces and Chassis

  • Out of sequence packets are seen with LSQ interface. PR1258258

  • Upgrading Junos OS Release 14.2R5 and later maintenance releases and Junos OS Release 16.1 and later mainline releases with CFM configuration might cause the cfmd process to crash after upgrade. This is because of the old version of /var/db/cfm.db. PR1281073

  • In MX Virtual chassis, flooding of the error message CHASSISD_CONFIG_ACCESS_ERROR: pic_parse_ifname: Check fpc rnage failed can be seen with LACP enabled AE interfaces on MPC7/8/9 cards. Errors will only have impact for DWDM pics, which does not effect on the MPC7/8/9 cards. Hence this syslog message can be safely suppressed. PR1349277

  • The error message ppman_cfm_start_inline_adj: Failed to add Inline adj for CFM, pkt-len=0 will be observed in some cases. But there is no functional impact. Sessions/adjacency would get programmed inline subsequently. PR1358236

  • With ppp-service traceoptions configured as: user@router> show configuration protocols ppp-service traceoptions file jtac-jpppd.log size 1g files 10; level all; flag all; filter {user {"";} }, it is expected to see only PPP negotiation events belong to subscriber defined in filter section. However in releases affected by this issue several stings of logs related to other (non interested) subscriber may be seen. PR1370994

  • Lfm sessions toward scaled peers might flap during unified ISSU switchover phase. PR1377761

  • When pfe_disable action is triggered (for example by a major error on the Packet Forwarding Engine), all the physical interfaces for that Packet Forwarding Engine will be disabled. This PR is meant to ensure that logical tunnel interfaces (for example, lt-*) are also disable to prevent attracting traffic to the failed Packet Forwarding Engine. PR1380784

  • As part of the EOAM programming the LM counters are allocated. When an interface is deleted, the EOAM LM counters needs to be cleared. This is done as part of EOAM punt deletion. But there are scenarios where the prog punt delete processing is received, the IFL is deleted in ukern. In this case the EOAM NHs are cleared but the LM counters are not freed. This can cause memory leak in jnh. This issue is seen for a scaled configuration, repeated addition and deletion of the interface configs when EOAM configuration is present. PR1396540

  • There might be memory leak on tarnsportd when bulk SNMP polling are on large-scale IFLs and large number of traps are created due to interface flapping etc. The memory leak could cause the transported consuming high CPU for a prolonged period. PR1398967

  • Static demux0 logical interfaces do not come up after configuration change if underlying interface is et ( 100 GE ). After the configuration change et interface gets flushed in order to reparse the configuration. During this DCD miss to create the dependency between demux0 logical interfaces and underlying et interface, which results in flushing off the demux0 logical interfaces. This issue will be seen only if underlying interface is et. For all other interfaces this has been already taken care. This is day one issue. As a workaround, restart DCD (or the entire RE reboot). It clears the problem or else use commit full instead of commit while committing new configuration. PR1401026

  • On MX Series platforms, EX-SFP-1FE-LX SFP does not initialize with MIC-3D-20GE-SFP-E(EH). PR1405271

  • When an unnumbered interface is binding to an interface that has more than one IP address and one of the IPs is deleted, the family inet of the unnumbered interface might get deleted. The issue results in traffic loss for all the services that rely on the family inet of the unnumbered interface. Configure preferred-source-address on the unnumbered interface will prevent deletion of the IP, hence avoiding the deletion of the family inet of the unnumbered interface. PR1412534

  • If aggregated interface(ae) has vrrp configuration, in the following use cases, member IFLs will not be created after member IFD comes up and AE will be in down state:

    1. FPC restart (request chassis fpc restart slot <>)

    2. Chassis-control restart (restart chassis-control)

    3. Reboot both Routing Engine (request system reboot both-routing-engines)

    So before performing above operations, it is advisable to remove vrrp configuration from aggregated Interface(ae). PR1429045

Layer 2 Features

  • In LDP-VPLS setup where user-defined mesh groups are configured in a VPLS instance and the LDP-VPLS must also have at least one directly connected CE interface configured under the instance, and if all directly connected CE interfaces go down, the pseudowire for that instance will be transited to ST state and RS state. It would cause the traffic loss for one CE site to peer CE site. If connectivity-type permanent is configured, this issue will not be observed as the instance will remain in ’UP’ state. PR1415522

Layer 2 Ethernet Services

  • In MC-LAG with force-up scenario, the LACP PDU loop might be seen when both MC-LAG nodes and access device using same admin key. PR1379022

  • On MX platform, if static demux interface over underlying is configured, after subscriber logout, the accounting statistics are not cleared. PR1383265


  • If the primary link goes down immediately after bypass (for example, FPC containing both primary & bypass or, both primary and bypass FPCs go down simultaneously) such that primary link goes down even before the PLR sends out any Path message after bypass down, then the nodes downstream of the PLR along the LSP path will be left with stale LSP state until refresh timeout. This condition will not result in any traffic loss. PR1242558

  • With nonstop active routing (NSR), when the routing protocol process (rpd) restarts on the master Routing Engine, the rpd on the backup Routing Engine might restart. PR1282369

  • In case of CSPF-disabled LSPs, if the primary path ERO is changed to an unreachable strict hop, sometimes the primary path stays up with the old ERO. The LSP does not switch to standby secondary. PR1284138

  • An SR-TE path with "0" explicit NULL as inner most label, SR-TE path does not get installed with label "0". PR1287354

  • Traceroute MPLS from Juniper to Huawei routers does not work as expected due to unsupported TLV. PR1363641

  • When traceroute to a remote host for an MPLS LSP using the command traceroute mpls bgp, in very rare cases, mplsoam daemon might hold the stale BGP instance handle in the query to the rpd process to get the information for the FEC (Forwarding Equivalence Class), hence rpd crash might occur because of the invalid instance. It might cause traffic impact till rpd comes back up. PR1399484

  • On Junos platforms with transit chaining mode enabled, if Resource Reservation Protocol (RSVP) link/node protection is enabled and sensor-based-stats is used, a single-hop bypass label-switched path (LSP) nexthop might not be installed in forwarding information base (FIB) even it is in routing information base (RIB). Hence the single-hop bypass LSP will fail to forward traffic when needed. PR1401152

  • With NSR enabled, when master RPD is restarted, occasionally, out-of-order add and delete messages can arrive on the backup RE causing label assignment collisions leading backup RPD to crash. PR1401813

  • When make-before-break (MBB) new instance signaling experiences error and before retry is finished, other triggers such as auto bandwidth adjustment timer expiration have to be blocked until MBB finishes. Once the MBB finishes instance switching, blocked trigger needs to be scheduled, but should only be triggered after optimize-adaptive-teardown timer expires. In the affected releases, the blocked trigger is scheduled immediately after instance switching without taking optimize-adaptive-teardown timer into account, it causes old instance to be torn down before whole system finishes changing routes using the new instance, this leads to traffic loss. PR1402382

  • On Junos platforms with scaled MPLS labels used, when the system is already running with high load, inefficient labels allocation might cause even higher CPU utilization at 100% for hours. The issue might affect traffic. PR1405033

  • In Label Distribution Protocol (LDP) over Resource Reservation Protocol (RSVP) scenario, clearing RSVP LSP from the CLI, or making path changes, which cause RSVP LSP to be re-signaled might lead to rpd memory leak. The memory leak might result in rpd crash when the memory is exhausted. Traffic loss might be seen during the rpd crash. PR1415774

  • When the sr-mapping-client statement is configured in IS-IS segment routing, the LDP route might not be presented in inet.3 and routing-instance.inet.3, and also the invalid input/output label might be advertised in the LDP database. PR1416516

  • LDP route metric might not match IGP route metric even with ldp track-igp-metric configured. PR1422645

  • Dynamically configured RSVP LSPs for LDP link protection might not come up after disabling/enabling protocol mpls. PR1432138

Network Management and Monitoring

  • Updating the address of the Juniper Networks Inc in the SNMP MIB CONTACT-INFO entry - "{ snmpModules 1 }" PR1336291

  • Issue: Snmpd daemon leaks memory in snmpv3 query path and crashes.

    Cause: The issue is caused by a memory leak when the request PDU is dropped by snmp when the configuration snmp filter-duplicates is enabled. Each request PDU has a structure pointer for the SNMPv3 security details. This is allocated when the pdu is created/cloned. But while dropping the duplicate requests the corresponding free for this struct is not done, which causes the memory leak.PR1392616

Platform and Infrastructure

  • In configurations with IRB interfaces, during times of interface deletion (for example, FPC reboot), the Packet Forwarding Engine might log errors stating nh_ucast_change:291Referenced l2ifl not found. This condition should be transient, with the system reconverging on the expected state. PR1054798

  • An accuracy issue occurs with three-color policers of both type single rate and two rate in which the policer rate and burst-size combination of the policer accuracy vary. This issue is present starting in Junos OS Release 11.4 on all platforms that use MX Series ASIC. PR1307882

  • This is a minor enhancement to add a UI to copy files from Junos VM to Host Linux. PR1341550

  • In filter list (input-list/output-list) scenario, when the filters in the same filter list refer to a same nested filter, the FPC might crash continuously. The issue results in traffic loss during FPC crash and reboot. PR1357531

  • With Junos OS Release 17.3R3 on MX series, on moving from the baseline configuration to EVPN scaled (4000 VLANs) configuration with multihoming, the newly elected designated forwarder may take up to 90 seconds to resume forwarding BUM traffic. The time required for convergence is proportional to the scale used, so a lower scale incurs a smaller dark window. Workaround for faster convergence with high scale: Distributing the configuration across several FPCs can potentially bring down the BUM traffic drop from 90 seconds to a significantly lower value. PR1362934

  • There are multiple failures when events like node reboots, ICL flaps and ICCP flaps happens even with enhanced convergence configured there will be no guarantee that sub-second convergence will be achieved. PR1371493

  • In Layer 3 VPN network with large-scale prefixes, if the peer PE is other vendor's router configured with per-prefix label, all FPC cards might restart after Layer 3 VPN routes churn multiple times. PR1398502

  • In some cases PS interfaces over RLT might be shown as up but not pass traffic. Log messages reporting asic error and a chassis alarm reporting hard fpc errors may also be seen. PR1400269

  • In some cases, the status bit of the RPF Nexthop shows as disabled when it should have been enabled. The trigger for the issue is not known yet. PR1404240

  • Cosmetic problem: CLI display of incorrect next hop mac address in show route forwarding table command. PR1437302

Routing Policy and Firewall Filters

  • The rpd might crash during the policy configuration changes. PR1357802

  • If a policy-option with only conditions from route-distinguisher and then next-hop a.b.c.d is applied to BGP, the next-hop for routes in the inet.0 might be set to this next-hop a.b.c.d, even though these routes do not carry any route-distinguisher value (l3vpn.inet.0 is unaffected). PR1433615

Routing Protocols

  • When only default routing-instance is present, the Junos command show bgp summary does not show the BGP ESTABLISH state. If the BGP state is not an ESTABLISHED state, then it shows the states as design (that is Active, Idle, Connect). If there is a routing-instance configured (apart from master routing-instance inet.0), the BGP ESTABLISH state is showed properly. The issue happens for IPv4 BGP sessions only, on IPv6, all the BGP states are seen as default. PR600308

  • In rare cases, rpd might generate a core file with error rt_notbest_sanity: Path selection failure on ..." The core is 'soft', which means there should be no impact to traffic or routing protocols. PR946415

  • Junos OS shows an obsolete Session description in the output of show route multicast extensive for several multicast registry addresses. PR1022288

  • JTASK_SCHED_SLIP for rpd might be seen on doing restart routing or ospf protocol disable with scaled bgp routes in MX104 router. PR1203979

  • LDP OSPF are 'in sync' state and the reason observed for this is IGP interface down with ldp-synchronization enabled for OSPF. user@host> show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt P2P, Address:, Mask:, MTU: 9100, Cost: 1050Adj count: 1Hello: 10, Dead: 40, ReXmit: 2, Not StubAuth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTCProtection type: NoneTopology default (ID 0) -> Cost: 1050LDP sync state: in sync, for: 00:04:03, reason: IGP interface downconfig holdtime: infinity Per the current analysis, IGP interface down is observed as the reason because although LDP notified OSPF that LDP synchronization was achieved, OSPF was not able to take note of the LDP synchronization notification, because the OSPF neighbor was not up yet. PR1256434

  • In IS-IS and IPv6 scenario, rpd might crash when the neighbor router restarted and caused routes churn. PR1312325

  • The rpd might crash and generate core files if the distributed IGMP (Internet Group Management Protocol) is configured. PR1314679

  • On a dual Routing Engine (RE) system with Graceful Routing Engine Switchover (GRES) and graceful-restart enabled, if Bidirectional Forwarding Detection (BFD) with hold-down-interval option is enabled on an external BGP peer, this BGP peer might stay at idle state after a Routing Engine switchover. PR1324475

  • BGP I/O threading was added in Junos OS Release 16.1R1 whereby BGP writes were batched to improve efficiency. This may sometimes lead to some latency in sending BGP update while reacting to certain network events. PR1332301

  • When 32000 SRTE policies are configured at once, during configuration time there may be scheduler slips. PR1339829

  • There are scenario where application allocates and caches nexthop templates. This causes NH template cache to grow continuously. But when application clears their local cache, then memory is freed to NH template cache. But the NH template cache does not have code to shrink the cache and free memory back. So the NH template memory is trapped in the cache and cannot be used for other purposes. But if same BGP routes and nexthops come up again, they will reuse the templates from cache and not consume additional memory. PR1346984

  • With BFD configured on AE interface, if disable/enable AE interface, after that AE interface and Bidirectional Forwarding Detection (BFD) session might not come up. PR1354409

  • Its possible for a GNF with rosen6 multicast to display stuck krt queue entries after recovery from a dual RE reboot at the BSYS. PR1367849

  • When the loopback interface is configured in a logical-system and Routing Engine-based micro BFD is configured to use the loopback address as source address, BFD packets go out with source address belonging to outgoing interface rather than the loopback address. Due to this issue, the micro BFD session might not be able to come up. PR1370463

  • In Junos OS Release 18.4R1, RIB learning rate has degraded from anywhere between 10-18% on different platforms. For vale it seems to be 18%, whereas for MX it is lesser than 10%. The RC analysis is not completed and it is risky to include it in Junos OS Release 18.4R1. PR1383371

  • At scale, a gnf with ps over rlt and multiple MPCs might show bfd flap at recovery. PR1386574

  • On all Junos platform enabled with Graceful Routing Engine Switchover (GRES) and Non Stop Routing (NSR), if Routing Engine switchover is executed, the Border Gateway Protocol (BGP) peers in the new master Routing Engine might flap due to hold-timer expiry after GRES. PR1390113

  • In BGP scenario with multipath enabled, if applying import/export policy of IPv6 routes with a IPv4 next-hop to a BGP neighbor, the rpd might crash continuously. PR1390428

  • If an import policy is applied to a BGP neighbor and the policy has indirect IPv4 next-hop for IPv4 and IPv6 routes (IPv6 routes resolved over IPv4), when BGP unresolved route is withdrawn, rpd crash might be seen. PR1391568

  • The as-path-group configuration is limited in scale. With 10000 lines, scheduler slips are seen, impacting other work RPD is doing like protocol keep-alives. To avoid the scheduler slips (CPU exhaustion), change how the as-path-group is structured. The issue occurs due to two factors: the number of as-path statements under the as-path-group and the wild cards in each of these. In this PR, there is a new Junos command introduced: set policy-options asregex-optimize. The default feature is no-optimize. PR1396344

  • It is possible that under certain scenarios when the legacy-redirect-ip-action the existing BGP routes advertised might not be refreshed. Because of this the routes might still contain communities not aligned with the configured legacy-redirect-ip-action option. Clear routes as described in workaround. PR1396787

  • Customers that replace simple VLAN interfaces with PS over rlt might notice an increase in FPC CPU usage. This is in keeping with the increased processing and resources needed to support these types of interfaces which are similar in this regard to that of an AE interface. PR1396925

  • When the MoFRR feature is used in a scaled environment (in terms of number of routes and NHs), the actual convergence of multicast traffic might reach hundreds of milliseconds due to sub-optimal handling of MoFRR forwarding states on the Packet Forwarding Engine level. PR1399457

  • In multicast routing scenario using PIM, if configuring static route with qualified-next-hop for multicast source, process rpd might crash. This is because qualified-next-hop points to GF_DLI (Gateway Family Data Links) address which PIM is unable to process, resulting in the crash. PR1408443

  • In BGP with the indirect next-hop scenario, if uRPF is enabled, and then enable BGP multipath, a background job loop might be formed and the CPU utilization of rpd process might be stuck at 100%. PR1414021

  • Change in route selection process. If for selection of better route between a non-BGP and BGP route, if you are at step 7 of route selection process (Understanding BGP Path Selection), then bgp routes always win. PR1415468

  • In a BGP Graceful Restart scenario, including helper mode which is enabled by default, rdp would generate core files due to improper handling of BGP Graceful Restart stale routes during the BGP neighbor deleting. The rpd would crash and service/traffic impact would occur. PR1427987

Services Applications

  • Hide HA information when the service set does not have ha configured. PR1383898

Subscriber Access Management

  • In subscriber scenario, the authd might crash multi-times due to a memory corruption issue. PR1402012

  • authd re-use address too quickly before jdhcpd completely cleanup the old subscriber which flooding error log . The log such as :jdhcpd: %USER-3-DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add as it is already used by 1815 . PR1402653

User Interface and Configuration

  • DT_BNG: test configuration /config/rescue.conf.gz fails commit check for dynamic profile when subscriber is active. PR1376689


  • The Multicast VPN MIB was not being properly compiled into the Juniper MIB package bundle. It might cause mib-jnx-mvpn.txt to be included as part of the Juniper Enterprise MIB set. PR1394946

  • In segmented inter-AS NG-MVPN scenario, when the PE router receives a C-multicast (or leaf AD) route with more than one communities from a remote AS, the route might be rejected due to incorrect route-target community matching. PR1405182

  • When end-interface or backup-interface/protect-interface in end-interface is used as an interface for ping mpls l2circuit interface command, the rpd process might crash and generate core files. PR1425828

Resolved Issues

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 18.4R2

Application Layer Gateways (ALGs)

  • DNS requests with EDNS options might be dropped by DNS ALG. PR1379433

Authentication and Access Control

  • Push-to-JIMS now supports push auth entry to all online jims servers. PR1407371

Class of Service (CoS)

  • The cosd process might crash during committing configuration change via netconf. PR1403147

  • Traffic drop occurs when deleting MPLS family or disabling interface, which has non-default EXP rewrite-rules. PR1408817


  • The EVPN implementation does not follow RFC-7432. PR1367766

  • The rpd process would crash if deactivating the Autonomous-System (AS) in an EVPN scenario. PR1381940

  • The RA packets might be sent out without using the configured virtual gateway address. PR1384574

  • [EVPN/VXLAN] VTEP tunnel does not get deleted when EVPN peer goes down. PR1390965

  • The process rpd crash might be observed with EVPN type-3 route churn. PR1394803

  • The BUM traffic might not be flooded in EVPN-MPLS scenario. PR1397325

  • IPv6 link-local address for virtual-gateway address is marked as duplicate in EVPN. PR1397925

  • When committing a configuration for a VLAN adding to an EVPN instance and an AE interface respectively the newly added VLAN interface count might be zero (0) in that bridge domain. PR1399371

  • EVPN Type 2 MAC+IP route is stuck when the route Advertisement has 2 MPLS labels and Withdrawal has 1 label. PR1399726

  • ARP refresh functionality might fail in an EVPN scenario. PR1399873

  • RPD core files upon Routing Engine switchover with scaled EVPN configuration. PR1401669

  • The rpd crash due to memory corruption in EVPN. PR1404351

  • EVPN database and bridge mac-table are out of sync due to the interface's flap. PR1404857

  • The rpd might crash on a leaf node when handling the withdrawal of remote or local MAC address in an EVPN-VXLAN scenario. PR1405681

  • The next-hop is not cleaned up properly when one of the multi-homed CE-PE links goes down. PR1412051

  • Local L2ALD proxy MAC+IP advertisements accidentally delete MAC+IP EVPN database state from remotely learned type 2 routes. PR1415277

  • rpd crash on backup routing-engine after enable nonstop-routing with EVPN. PR1425687

  • The device might proxy the ARP Probe packets in an EVPN environment. PR1427109

  • IP missing in mac-ip-table of evpn database but present in evpn database when CE interface has two primary IP address. PR1428581

  • Extra incorrect MAC move might be seen when the host moves continuously between the different ESIs. PR1429821

  • Incorrect MAC count with show evpn/bridge statistics.PR1432293

  • Stale MAC addresses are present in the bridge mac-table in EVPN/MPLS scenario. PR1432702

Forwarding and Sampling

  • Firewall from packet-length match with more than 2 ranges will fail on PE/TL for PTX/QFX without warning. PR1221777

  • In EVPN A-A scenario with MX or EX acting as PE device, flood NHs to handle BUM traffic might not get created or miss certain branches when the configuration is performed in a particular sequence. PR1377749

  • The lsi binding for the IPv6 neighbor is missing. PR1388454

  • Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored (CVE-2019-0036). PR1394922

  • In Junos OS Release 13.3R9.13, firewall filter action, "decapsulate gre", decapsulates gre, ip-over-ip and ipv6-over-ip, but in 17.3R3.9, it only decapsulates gre. PR1398888

General Routing

  • Error drops in XM/MQSS fabric streams(q-node stats) are not accounted in class-of-service fabric stats. PR1338647

  • Large-scale users' login and logout might cause mgd memory leak. PR1352504

  • Traffic loss might be seen on new master after the interface flaps followed by Routing Engine switchover in VRRP scenario. PR1353583

  • The packets might be dropped when they go through MX104 built-in interface. PR1356657

  • The MPC5E/MPC2E-NG/3E-NG might crash and restart during unified ISSU. PR1369635

  • The dot1xd might crash when dot1xd receives incorrect reply length from the authd. PR1372421

  • Core files are seen in ifinfo at pif_af_fe_info pif_af_ifd when displaying af interface information. PR1373436

  • MS-MPC might have performance degradation under scaled fragmented packets. PR1376060

  • NFX3/ACX5448:LIBCOS_COS_TVP_FC_INFO_NOT_FOUND: Forwarding-class information not specified prints while commit on configuration prompt. PR1376665

  • MQSS errors might cause FPC restart. PR1380183

  • The routes learned over an interface will be marked as "dead" next-hop after changing the prefix-length of IPv6 address on that interface. PR1380600

  • Traffic blackhole caused by FPC offline in MC-LAG scenario. PR1381446

  • The unicast traffic from IRB interface towards LSI might be dropped due to Packet Forwarding Engine mismatching at egress processing. PR1381580

  • PDT: MSE Dvaita High CPU utilization for chassisd on bsys, ~ 20% st steady state. PR1383335

  • The Virtual Chassis could not come up after upgrading to QFX5E platforms (TVP-based platforms for QFX5100 or QFX5200 switches). PR1383876

  • Disable reporting of correctable single-bit error on Hybrid Memory Cube (HMC) and prevent Major Alarm. PR1384435

  • Subscriber connection setup is 30% lower than expected. PR1384722

  • The rpd might crash when switchover is performed along with configuration changes being committed. PR1385005

  • The device with more than 5 IP addresses configured in the dhcp server-group goes into amnesiac mode after reboot. PR1385902

  • The rpd end up with krt queue stuck might be seen in vrf scenario. PR1386475

  • Behavior of CLI set interfaces ams0 service-options session-limit rate <integer value> has changed. PR1386956

  • Migrate from syslog API to Errmsg API - VMhost messages on Junos. PR1387099

  • On MX2000 platforms, backup CB's chassis environment status keeps 'Testing' after backup CB becomes online by removal/insert operation. PR1387130

  • Chassisd process might have random memory corruption and will result in chassisd restart. PR1387338

  • Some SFBs might go down when one of the PSMs in the chassis generates a bad output voltage which is out-of-range. PR1387737

  • IPsec IKE keys are not cleared when delete/clear notification is received. PR1388290

  • BBE SMGD generates core files if MTU is changed while subscribers are logged in on the ifd. PR1389611

  • The jnxFruState might show incorrect PIC state after replacing a MPC with another MPC with less PICs. PR1390016

  • Traffic destined to VRRP VIP gets dropped as filter is not updated to related ifl. PR1390367

  • Delete chassis redundancy will not give commit warning. PR1390575

  • The BNG might not respond with PADO and create any demux interface when PPPoE PADI packet is received. PR1390989

  • The Packet Forwarding Engine might not respond with ICMP time exceeded error when packet is arrived from subscriber. PR1391932

  • On ACX-Series platforms the forwarding-option dhcp-relay forward-only knob stops working and the DHCP packets are dropped. PR1392261

  • Third-generation FPC reboot loop because of having internal intf issues. PR1393643

  • Junos enhancement configuration knob to modify mcontrol watchdog timeout. PR1393716

  • IPV6 Next-Hop programming issue might be observed on QFX10000/PTX1000/PTX10000 devices. PR1393937

  • The FPC cards might not come up while performing unified ISSU on MX10003. PR1393940

  • CI-PR:Expected entries UI_COMMIT_PROGRESS is not getting populated while checking with JUNOScript session for obtaining syslog output. PR1394780

  • The l2ald process might crash when doing commit check for some specific configurations. PR1395368

  • The minor alarm of "Bottom Fan Tray Pred Fail" might be incorrectly raised when the fan speed is at high speed on MX960. PR1395539

  • MPC 7/8/9 might not boot in MX Series Virtual Chassis box. PR1396268

  • The subscriber bindings might not be successful on QFX/EX platforms. PR1396470

  • Adding IRB to bridge-domain with PS interface causes kernel crash. PR1396772

  • The MS-MPC might core when mspmand receives a non-syn packet of TCP. PR1396785

  • Seeing VMHost RE 0 Secure BIOS Version Mismatch and VMHost RE 1 Secure Boot Disabled alarms. PR1397030

  • mspmand core file is seen when committing configuration NAT pool changes to active NAT pool. PR1397294

  • smid process memory leak and not coming down from 100%. PR1397643

  • PFT MX10008: Inline-services Enabling the Flex-Flow-Sizing takes more than 12 minutes to move to steady state. PR1397767

  • [jinsight] [generic_jinsight] show system errors active is not showing the error for MPC3E NG HQoS. PR1398084

  • On QFX5100/EX4600 platforms, PR1398128 changed not to display the 3rd temp sensor for Power Supply units in the output by show chassis environment pem but need to revert the fix. PR1398128

  • MPLSoUDP/MPLSoGRE tunnel might not come up on interface route. PR1398362

  • High jsd or na-grpcd CPU usage might be seen even JET or JTI is not used. PR1398398

  • IPSEC tunnel cannot be established because that the tunnel SA and rule are not installed in the PIC. PR1398849

  • Incorrect timestamp is displayed in the jvision collector log file. PR1399829

  • JET/PRPD incompatibility for the rib_service.proto field RouteGateway.weight from Junos OS Release 18.4R1 to 18.4R2 onward. PR1400563

  • The mgd-api crash due to memory leak. PR1400597

  • Only one Packet Forwarding Engines could be disabled on FPC with multiple PFEs in error/wedge condition. PR1400716

  • The Framed-Route beyond the first might not be installed in a DHCP subscriber management environment. PR1401148

  • The authd might crash when issuing show network-access requests pending command during the authd restarting. PR1401249

  • The command show | compare output on global group changes lose the difference context after a rollback or 'load update' is performed. PR1401505

  • The subscriber route installation failed due to some interfaces states are not properly installed. PR1401506

  • The TCP connection between ppmd and ppman might be dropped due to a kernel issue. PR1401507

  • FPC core files are seen due to a corner case scenario (race condition between RPF, IP flow). PR1401808

  • JET authentication does not work for usernames and passwords of certain lengths. PR1401854

  • Traffic loss is seen in IGMP subscribers after GRES. PR1402342

  • The MPC might crash due to the CPU overuse by dfw thread. PR1402345

  • Some error logs might be seen on FPC when reading attempt from Uninitialized memory location. PR1402484

  • FPC might crash after offline/online MIC-3D-16CHE1-T1-CE-H. PR1402563

  • DHCP subscriber cannot reconnect over dynamic VLAN demux interfaces due to RPF check failure. PR1402674

  • Host outbound traffic might be dropped on MPC7/8/9. PR1402834

  • uncolored SRTE stats : MX: Observed RPD core files when changed few colored LSPs to uncolored LSPs. The core files are at <<< #0 tag_cmp_tag (tag1=0x0, tag_label1=0x0, tag2=0x98b6628, tag_label2=0x98b6644) at ../../../../../../../../../../src/junos/usr.sbin/rpd/lib/mpls/label_mgr/core/mpls_label.c:473 473 if (tag1->tagt_mtu != tag2->tagt_mtu) >>>PR1403208

  • Reported Log Variance might be incorrect if the PTP profile is changed from G.8275.2 to SMPTE or other multicast IP profile. PR1403219

  • Smg-service could become unresponsive when doing some GRE related CLI operations. PR1403480

  • The time synchronization through PTPoE might not work when Enhanced Subscriber Management is enabled on MX Series routers.PR1404002

  • Continuous kernel crashes might be observed in backup Routing Engines or VC-BM. PR1404038

  • With MS-MPC and MS-MIC service cards SYSLOG messages for port block interim may show for the private-IP and PBA release messages may show the NAT'd IP as the private IP. PR1404089

  • The FPC might crash in a CoS scenario. PR1404325

  • repd continue to generate core files on Virtual Chassis-Bm when there are too many IPv6 address on one session (hit PR1384889). PR1404358

  • Incorrect output of the assigned prefixes to the subscriber in the output of show interface < dynamic demux interface>PR1404369

  • Configure load override or load replace resets ANCP neighbors.PR1405318

  • Voltage read failed for rail LTC3887-EA1-VDD0V9R2-CH0. PR1405787

  • When using AE bundle with active subscribers, FPC might crash if existing leg is replayed (after FPC restart). PR1405876

  • NAT64 translation issues of ICMPv6 Packet Too Big message with MS-MPC/MS-PIC. PR1405882

  • Fabric performance drop on MPC7/8/9E and SFB2-based MX2000 platform. PR1406030

  • The rpd might crash due to a race condition with the combination of community actions done at both BGP import policy and a forwarding-table policy. PR1406357

  • Traffic impact might be seen if auto-bandwidth is configured for RSVP LSPs. PR1406822

  • MX10003 cosmetic message: ALARMD_CONNECTION_FAILURE: after 60 attempts craftd connect returned error: Connection refused. PR1406952

  • L2VPN might flap repeatedly after the link up between PE and CE. PR1407345

  • The rpd might crash when a commit check is executed on LDP trace options. filtering PR1407367

  • Ephemeral DB might get stuck during commit. PR1407924

  • Traffic forwarding failed when crossing VCF members. PR1408058

  • openconfig-network-instance:network-instances support for IS-IS must be hidden unless supported. PR1408151

  • The ToS/DSCP and TTL fields might not be copied into the outer IP header in Group VPN scenario. PR1408168

  • Alarm Mismatch in total memory detected after reboot vmhost both. PR1408480

  • The MPC linecards might crash when performing unified ISSU to Junos OS Release 19.1R1 or above. PR1408558

  • Python script might stop working due to Too many open files error. PR1408936

  • MX-Service templates are not cleaned up. PR1409398

  • MX-MPC2-3D-EQ and MPC-3D-16XGE-SFPP will now show "Exhaust A" temperature, rather than Intake temperature. PR1409406

  • Telemetry: interface-set meta-data needs to include the CoS TCP Names in order to aid collector reconciliation with queue-stats data. PR1409625

  • The non-existent subscribers might appear at show system resource-monitor subscribers-limit chassis extensive output. PR1409767

  • FPC might crash during next hop change when using MPLS inline-jflow. PR1409807

  • ACX drops DNS responses which contain an underscore. PR1410062

  • When using SFP+, the Interface optic output might be non-zero even the interface has been disabled. PR1410465

  • Traffic loss may be seen on MPC8E/MPC9E after request one of the SFB2s offline/online. PR1410813

  • Kernel replication failure might be seen if an ipv6 route next-hop points to an ether-over-atm-llc ATM interface. PR1411376

  • Packet Forwarding Engines heap memory leak might happen by frequent flapping thousands of PPPoE subscribers. PR1411389

  • Virtual Route Reflector may reports DAEMON-3-JTASK_SCHED_SLIP_KEVENT error on some hypervisor or host machine because of NTP sync. Routing protocol may be impacted. PR1411679

  • file copy /var/tmp/ ftp://anonymous@< ip>/pub/ could not work properly after upgrade. PR1412033

  • MX10003: The rpd crash with switchover-on-routing-crash does not trigger Routing Engine switchover and the rpd on master Routing Egine goes into STOP state. PR1412322

  • Junos PCC may reject PCUpdate/PCCreate message if there is metric type other than type 2. PR1412659

  • PPPoE subscribers might not be able to login after unified ISSU. PR1413004

  • The rpd memory leak might be seen due to an incorrect processing of a transient event. PR1413224

  • During unified ISSU from 16.1R4-S11.1 to 18.2R2-S1.2, CoS GENCFG write failures observed[ COS(cos_rewrite_do_pre_bind_add_action:676): Binding of table 44226 to ifl 1073744636 failed, table already bound to ifl ] PR1413297

  • The support of inet6 filter attribute for ATM interface is broken in the Junos OS Release 17.2R1 and onwards. PR1413663

  • The services load balance might not be effective for AMS if the hash key under the forwarding-options hierarchy is configured. PR1414109

  • FPC crash might be observed if it reaches heap utilization limit. PR1414145

  • The user might not enter configure mode due to mgd is in lockf status. PR1415042

  • ICMP MTU exceeded error generated from Packet Forwarding Engine does not reach the expected source. PR1415130

  • The bbe-smgd process might have memory leak while running show system subscriber-management route route-type <> routing-instance <>. PR1415922

  • Some IPsec tunnels might fail to pass traffic after GRES on MX platform. PR1417170

  • The ECMP fast reroute protection feature might not work on MX5/10/40/80/104. PR1417186

  • An IPv4 packet with a zero checksum might not be translated to IPv6 packet properly under NAT64 scenario. PR1417215

  • Some subscribers might be offline when doing GRES or daemon restart PR1417574

  • Observed zero tunnel stats on the soft-gre tunnel. PR1417666

  • The BGP session might flap after Routing Engine switchover. PR1417966

  • CGNAT with MS-MPC card does not account for AP-P out of port errors or generate a syslog message when this condition is met. PR1418128

  • There is no SNMP Trap message generated for jnxHardDiskMissing/jnxHardDiskFailed on Summit MX.PR1418461

  • sp-cleanup-timer is not being honored when lsp-cleanup-timer is configured to be greater than 2147483647. PR1418937

  • The reserved PPPoE session-id 65535 might also be assigned which is conflicted with RFC 2516. PR1418960

  • A PPP session under negotiation might be terminated if another PPPoE client bearing the same session ID. PR1419500

  • CPU usage on Service PIC may spike while forming an IPSec tunnel under DEP/NAT-T scenario. PR1419541

  • A new tunnel could not be established after changing the NAT mapping IP address until the IPEC SA Clear command is run. PR1419542

  • rtsock_peer_unconsumed_obj_free_int : unable to remove node from list logged extensively. PR1419647

  • bbe-mibd memory leak causing daemon crash when having live subscribers and SNMP OIDs query. PR1419756

  • In the scenario where the MX and the peer device both try to bring an IPsec tunnel up, so both sides are acting as an initiator, if the peer side does not answer the MX ISAKMP requests the MX can bring the peer initiated tunnel down. PR1420293

  • MX: PTP phase aligned but TE/cTE not good. PR1420809

  • Failed to reload keyadmin database for /var/etc/keyadmin.conf. PR1421539

  • bbemg_smgd_lock_cli_instance_db should not log as error messages. PR1421589

  • MX Series Virtual Chassis: VCP port reports MTU value 9152 in the ICMP MTU exceeded message while the VCP port mtu is set to 9148. PR1421629

  • RPT_REG_SERVICES:RPM syslogs are not getting generated after deactivating aggregate interface. PR1421934

  • Remote gateway address change is not effective on MX150 platform when it is an initiator. PR1421977

  • The CoS ieee-802.1 classifier might not get applied when it is configured with service activation on underlying-interface. PR1422542

  • While committing huge configuration customer is seeing the error error: mustd trace init failed. PR1423229

  • set forwarding-options enhanced-hash-key symmetric is not effective on MX10003. PR1423288

  • On MX204 Optics "SFP-1GE-FE-E-T" I2C read errors are seen when an SFP-T is inserted into a disabled state port. PR1423858

  • The bbe-smgd process might crash after executing the command "show system subscriber-management route prefix . PR1424054

  • The port configured for 1G speed flaps after Routing Engine switchover. PR1424120

  • The interface configured with 1G speed on JNP10K-LC2101 cannot come up. PR1424125

  • [vMX]Continous disk error logs on vCP Console (Requesting switchover due to disk failure on ada1). PR1424771

  • In WAG scenario, soft-gre tunnel route lost after reboot/GRES or upgrade. PR1425237

  • RPT_BBE_Regressions : Getting Unisphere-UpStream-Calc-Rate as 0 while verifying L2BSA RADIUS accounting stop packets after performing GRES. PR1425512

  • All interfaces creation failed after NSSU. PR1425716

  • Interfaces might come to down after device reboots. PR1426349

  • PEMs lose DC output power load sharing after PEM switch off and on operation on MX platforms. PR1426350

  • Traffic loss might be seen when multiple IPsec tunnels are established with the remote peer. PR1426975

  • Traffic might not flow through MACSEC interface even after an unsupported cipher-suite is removed. PR1427294

  • When broadband edge PPPoE and DHCP subscribers coming up over Junos Fusion satellite ports are active, commit full and commit synchornization full commands fail. PR1427647

  • When installing YANG package without proxy-xml knob, the CLI environment could not working well. PR1427726

  • The subscriber IP route may got suck in bbe-smgd if the subscriber IP address is the same with local IP address. PR1428428

  • PTSP subscriber stuck in configured state. Auto-clear-timer dint work as well. PR1428688

  • Incorrect IGMP Statistics for dynamic PPP interfaces. PR1428822

  • L2TP subscriber and MPLS Pseudowire Subscriber volume accounting stats value remains unchanged post ISSU. PR1429692

  • Destination unreachable counter was counting up without receiving traffic. PR1431384

  • The bbe-smgd might crash if subscribers are trying to login/logout and a configuration commit activity happens at the same time. PR1431459

  • MX10003 - PEM not present alarm raised when minimum required PEM exist in the system. PR1431926

  • RSI & RSI brief should not include show route forwarding-table when tomcat enabled. PR1433440

  • jvision-firewall: Collected service stats all 0 after ISSU for MPC2. PR1433589

  • MPC7/8/9/MX10003 MPC/EX9200-12QS/EX9200-40XS line card might crash in a scaling setup. PR1435744


  • SNMP OID IFOutDiscards are not updated when drops increasing. PR1411303

Interfaces and Chassis

  • Constant dcpfe process crash might be seen if using an unsupported GRE interface configuration. PR1369757

  • Changing the value of mac-table-size to default may lead all FPC to reboot. PR1386768

  • DCD core files are seen after FPC restart if channelized interfaces are configured. PR1387962

  • All DPCs might crash while adding or deleting a logical interface from the AE bundle. PR1389206

  • Decoupling of L2 IFL configuration from bridge-domain or EVPN configuration. PR1390823

  • The dcd memory leak might be seen when committing configuration change on static route tag. PR1391323

  • Error message might be seen if GR interface is configured. PR1393676

  • The dcd crash might be seen after deleting the sub interface from VPLS routing-instance and mesh-group. PR1395620

  • MIC Error code: 0x1b0002 alarm might not be cleared for MIC on MPC6 when the voltage has returned to normal. PR1398301

  • The backup Routing Engine might get stuck in amnesiac mode after reboot. PR1398445

  • All dcd operations might be blocked if profile-db is corrupt. PR1399184

  • Certain otn-options cause interface flapping during commit. PR1402122

  • Missing mandatory ICCP configuration statement redundancy-group-id-list produces misleading error message. PR1402606

  • The knob targeted-broadcast does not work on IRB interface. PR1404442

  • The subscriber may not access the device due to the conflicted assigned address. PR1405055

  • The cfmd might fail to start after it is restarted. PR1406165

  • The aaa-options configuration knob for PPPoE subscribers does not work on the MX80 and MX104 platforms. PR1410079

  • OAM CFM MEP flaps might occur when hardware-assisted keepalives are enabled. PR1417707

  • Monitor ethernet loss-measurement command returns Invalid ETH-LM request for Unsupported outgoing IFL. PR1420514

  • Invalid speed value on an interface might cause other interface configuration loss. PR1421857

  • The IFLs in EVPN routing instances might flap after committing configurations. PR1425339

  • flexible-queuing-mode is not working on MPC5E of VC member1. PR1425414

  • Upgrade from pre Junos OS Release 17.4R1 to release having PR-1425804 fix results in cleanup of existing ECFM PM-history and PM-sessions restarts freshly with MI index as 1. PR1425804

  • CFM message flooding. PR1427868

  • The vrrpd process might crash after deleting VRRP sessions for several times. PR1429906

Layer 2 Features

  • The rpd crashes after iw0 interface is configured under a VPLS instance. PR1406472

  • In a Layer2 domain, there might be unexpected flooding of unicast traffic at every 32-40s interval towards all local CE-facing interface. PR1406807

  • Broadcast traffics may be discarded in a VPLS local-switching scenario. PR1416228

  • Commit error will be seen but the commit is processed if adding more than o. PR1420082

Layer 2 Ethernet Services

  • The SNMP query on LACP interface might lead to lacpd crash. PR1391545

  • On EVPN setups, incorrect destination MAC addresses starting with 45 might show up when using the show arp hostname command. PR1392575

  • Log messages dot1xd[]: task_connect: task ESP CLIENT:...: Connection refused might be reported in Junos OS Release 17.4 or later. PR1407775

  • Packets might be dropped if the traffic forward via an LT interface. PR1410970

  • The IRB interface might flap after committing configuration change on any interface. PR1415284

  • The IPv6 neighbor might become unreachable after the primary link goes down in VPLS scenario. PR1417209

  • jdhcpd becomes aware about some of the existing configuration only after 'commit full' or jdhcpd restart. PR1419437

  • Change the nd6 nexthops to reject NH once l2 interfaces gets disassociated with ipv6 entries. PR1419809

  • The jdhcpd process might consistently run at 100% CPU and not provide service if the 'delay-offer' is configured for DHCP local server. PR1419816

  • jdhcpd daemon might crash during continuous stress test. PR1421569


  • The rpd might crash on backup Routing Engine after switchover. PR1382249

  • A RSVP-signaled LSP might stay in down state after a link in the path flaps. PR1384929

  • The rpd process might keep crashing repeatedly if the LSP destination address is set to be PR1397018

  • The rpd might crash when LDP route with indirect next-hop is deleted. PR1398876

  • The L2circuit information is not advertised over the LDP session if ldp dual-transport inet-lsr-id is different from the router-id. PR1405359

  • Resources might be reserved for stale RSVP LSP when RSVP is disabled on the interface. PR1410972

  • The rpd might crash in BGP-LU with egress-protection while committing configuration changes. PR1412829

  • The rpd may crash if longest-match is configured for LDP. PR1413231

  • LDP route is not present in inet6.3 if IPv6 interface address is not configured. PR1414965

  • Traffic blackhole might be seen due to a long LSP switchover duration in RSVP-signaled LSP scenario. PR1416487

  • Bad length for Sub-TLV 34 (RFC 8287) in MPLS Echo Request. PR1422093

  • Bypass dynamic rsvp lsp tears down too soon when being used for protecting ldp lsp with knob dynamic-rsvp-lsp. PR1425824

  • mpls ping sweep stops working and gets CLI irresponsive. PR1426016

  • MPLS LSP auto-bandwidth stats miscalculations may lead to high bandwidth reservation. PR1427414

  • When MBB for P2MP LSP fails, it is stuck in old path. PR1429114

Network Management and Monitoring

  • Syslog match filtering does not work if single line of /etc/syslog.conf is over 2048 bytes. PR1418705

Platform and Infrastructure

  • kernel and ksyncd generate core files after dual cb flap at rt_nhfind_params: rt_nhfind() found an nh different from that onmaster 30326. PR1372875

  • Jlock hog might be reported at restart routing. PR1389809

  • Individual command authorization might cause mgd crash. PR1389944

  • Traffic is dropped when passing through MS-DPC to MPC. PR1390541

  • MX: RFC2544 is not functioning as expected due to platform validation getting skipped for MX (chassis based boxes). PR1396751

  • RVT interface might get flapping. PR1399102

  • In a scaled scenario (500 TWAMP control sessions and 500 TWAMP test sessions) a few TWAMP connections might fail to establish. PR1399547

  • Syslog error messages: [LOG: Err] COS_HALP(cos_halp_get_fabric_stats_per_pfe:3211): pfe_id 0 cchip 0[LOG: Err] COS_HALP(cos_halp_get_fabric_stats_per_pfe:3272): No PFE found for pfe_id_start 0 . PR1402377

  • MAP-E some ICMP Types cannot be encap/decap on SI interface. PR1404239

  • Some files are missing during log archiving. PR1405903

  • Abnormal Queue-depth counters in show interface queue output on interfaces which associated to XM2 and 3. PR1406848

  • IPv6 traffic might be dropped between VXLAN bridge-domain and IP/MPLS network. PR1407200

  • Class-of-service configuration changes might lead to traffic drop on cascade port in Junos Fusion setup. PR1408159

  • Traffic is getting dropped when there is a combination of DPC/MX-FPC card and MPC card on egress PE router in L3VPN. PR1409523

  • The vlan tag is incorrectly inserted on the access interface if the packet is sent from an IRB interface. PR1411456

  • The MPC might crash when one MIC is pulled out during this MIC is booting up. PR1414816

  • op url command cannot run a script with libs from /config/scripts. PR1420976

  • arp request is not replied although proxy-arp configured. PR1422148

  • The native VLAN ID of packets might fail to be removed when leaving out. PR1424174

  • The policer bandwidth might be incorrect for the aggregate interface after activating the configuration statement shared-bandwidth-policer. PR1427936

  • Pre-fragmented ICMP IPv4 packets might fail to arrive at the destination. PR1432506

  • Enable sensor /junos/system/linecard/qmon/ causing continuous ppe_error_interrupt errors. PR1434198

  • A certain combination of allow-commands/deny-commands does not work properly after Junos OS Release 18.4R1. PR1438269

Routing Policy and Firewall Filters

  • MX Series: CLI knob as-path-expand last-as:Commit Failure. PR1388159

  • The rpd process might crash when routing-options flow configuration is removed. PR1409672

Routing Protocols

  • BGP might not advertise routes on the existing BGP peer after adding Layer 3 VPN instance. PR1237006

  • The VRF static route might not be exported when route-distinguisher-id is used on RR in BGP Layer 3 VPN scenario. PR1341720

  • Qualified next hop of static route might not be withdrawn when BFD is down. PR1367424

  • The static route might persist even after its BFD session goes down. PR1385380

  • BGP sessions might keep flapping on backup Routing Engine if proxy-macip-advertisement is configured on IRB interface for EVPN+VXLAN. PR1387720

  • Unexpected packet loss might be seen for some multicast groups during failure recovery with both MoFRR and PIM automatic MBB join load-balancing features enabled. PR1389120

  • In rare cases rpd might crash after Routing Engine switchover when BGP multipath and Layer 3 VPN vrf-table-label are configured. PR1389337

  • BGP IPv6 routes with IPv4 nexthop causes rpd crash. PR1389557

  • The ppmd on Routing Engine might run with high CPU utilization after Routing Engine switchover. PR1392704

  • RPD core files on backup routing-engine during neighbor-ship flap when using authentication-key with size larger than 20 character. PR1394082

  • The best and the second-best routes might have the same weight value if BGP PIC is enabled. PR1395098

  • BGP DMZ LINK BANDWIDTH - not able to aggregate bandwidth , when applying the policy. PR1398000

  • The rpd soft core and inappropriate route selection might be seen when Layer 2 VPN is used. PR1398685

  • The process rpd might crash in BGP setup with NSR enabled. PR1398700

  • Junos OS: BGP packets can trigger rpd crash when BGP tracing is enabled. (CVE-2019-0019) PR1399141

  • The UHP behavior is not supported for LDP to SR stitching scenario. PR1401214

  • There might be unexpected packets drop in MoFRR scenario if active RPF path is disabled. PR1401802

  • The rpd might crash when BGP add-path send is configured and NSR is enabled. PR1401948

  • The rpd might be stuck at 100% when auto-export and BGP add-path are configured. PR1402140

  • BGP router on the same broadcast subnet with its neighbors might cause IPv6 routing issue on the neighbor from other vendors. PR1402255

  • Some times when new logical router is configured, logical router core files may be seen on the system. PR1403087

  • The rpd memory leak might be seen in IS-IS Segment Routing scenario. PR1404134

  • Extended traffic loss might be seen after link recovery when source-packet-routing is used on OSPF p2p links. PR1406440

  • IGMP join through PPPOE sub not propogated to upstream PIM. PR1407202

  • M/Mx/QFX:mcsnoopd core generated immediately after the commit change related to VXLAN-EVPN configuration. PR1408812

  • SID label operation might be performed incorrectly in OSPF SPRING environment. PR1413292

  • The unexpected AS prepending action for AS path might be seen after the no-attrset knob is configured or deleted with vrf-import/vrf-export configuration. PR1413686

  • Dynamic routing protocol flapping with vmhost Routing Engine switchover on NG-RE. PR1415077

  • The IS-IS-SR route sent by the mapping server might be broken for ECMP. PR1415599

  • Route info might be inconsistent between RIB and OSPF database when using OSPF LFA feature. PR1416720

  • A memory leak in rpd might be seen if source packet routing is enabled for IS-IS protocol. PR1419800

  • IPv6 IS-IS routes might be deleted and not be reinstalled when MTU is changed under the IFL level for family inet6. PR1420776

  • The rpd might crash in PIM scenario with auto-rp enabled. PR1426711

  • The rpd might crash while handling the withdrawal of an imported VRF route. PR1427147

Services Applications

  • The spd might crash when any-ip is configured in the 'from' clause of the NAT rule with the static translation type. PR1391928

  • SPD_CONN_OPEN_FAILURE: spd_svc_set_summary_query: unable to open connection to si-0/0/0 (No route to host) PR1397259

  • IP ToS bits are not copied to outer IPSec header. PR1398242

  • Invalid Layer 4 checksum might be observed on IPv4 packets generated by NAT64 with MS-DPC after translating fragmented IPv6 UDP/TCP packets. PR1398542

  • The ICMPv6 packet with embedded IPv6 fragment might not be translated correctly to IPv4 ICMP packet in a NAT64 with MS-DPC deployment. PR1402450

  • Inconsistent content might be observed to the access line information between ICRQ and PPPoE message. PR1404259

  • The stale si- IFL might be seen when L2TP subscribers with duplicated prefixes or framed-route login. PR1406179

  • The kmd process might crash on MX/ACX platforms when IKEv2 is used. PR1408974

  • [technology/subscriber_services/jl2tpd] [all] RPT BBE Regressions : ERA Value doe not match with configured values while verify new ERA settings are reflected in messages log. PR1410783

  • Jpppd core files on LNS. PR1414092

  • L2TP LAC might fail to tunnel static pp0 subscriber to the desired LNS. PR1416016

  • IPsec SA might not come up when the Local gateway address is a VIP for a VRRP configured interface. PR1422171

  • In subscriber with L2TP scenario, subscribers are stuck in INIT state forever. PR1425919

  • Some problems might be seen if client negotiates LCP with no ppp-options to LAC. PR1426164

  • Traffic gets dropped when end behind NAT is the responder. PR1435182

Software Installation and Upgrade

  • JSU might be deactivated from FPC in case of power cycle. PR1429392

Subscriber Access Management

  • The DHCPv6-PD client connection might be terminated after commit when RADIUS assigned address is not defined within the range of a local pool. PR1401839

  • Adding a firewall filter service via the test aaa command causes a crash in dfwd. PR1402051

  • JSRC used Radius Service accounting protocol instead of JSRC for SRC installed service. PR1403835

  • Continuous log message authd[18454]: %DAEMON-3-LI: liPollTimerExpired returned 0. PR1407923

  • Authd telemetry: Linked pool head attribute is incorrect for single pools. PR1413293

  • CoA-NACK is not sent when peforming negative COA Request tests by sending incorrect session-id. PR1418144

  • PPPoE session might be disconnected when LI attributes are received in access-accept with invalid data. PR1418601

  • Address allocation issue with linked pools when using linked-pool-aggregation. PR1426244

  • RADIUS authentication server might always be marked with DEAD. PR1429528

User Interface and Configuration

  • The show configuration and rollback compare commands causes high CPU usage. PR1407848


  • The receivers belonging to a routing instance might not receive multicast traffic in an Extranet next-generation MVPN scenario. PR1372613

  • High rpd CPU utilization on the backup Routing Engine might be observed in MVPN+NSR scenario.. PR1392792

  • Downstream interface is not removed from multicast route after getting PIM prune. PR1398458

  • The rpd might crash in rosen MVPN scenario when a same provider tunnel source address is being used for both IPv4 and IPv6. PR1416243

  • The deletion of (S,G) entry might be skipped after the PIM join timeout. PR1417344

  • The rpd process might crash in rare conditions when Extranet NG-MVPN is configured. PR1419891

Resolved Issues: 18.4R1

Application Layer Gateways (ALGs)

  • DNS requests with EDNS options might be dropped by DNS ALG. PR1379433

Authentication and Access Control

  • MAC move might occur in DHCP security scenario. PR1369785

  • IPv4 or IPv6 DHCP-security client entries will be recorded on trusted ports as well. PR1390676

Class of Service (CoS)

  • The 802.1P rewrite might not work on inner VLAN. PR1375189

  • FPC card might reboot when changing CoS mode from hierarchical-scheduler to per-unit-scheduler. PR1387987


  • EVPN/VXLAN: MAC entry is incorrectly programmed in the Packet Forwarding Engine, leading to some traffic being silently dropped or discarded. PR1231402

  • MPLS label leak leads to label exhaustion and rpd process crash. PR1333944

  • EVPN type-5 route might be lost if chained-composite-next-hop command is configured. PR1362222

  • The l2ald memory might cross the threshold in an EVPN scenario. PR1368492

  • Proxy ARP might not work as expected in an EVPN environment. PR1368911

  • The rpd might crash in EVPN scenarios when configuring EVPN. PR1369705

  • EVPN active or active multi homed PE device occasionally prefers to route to a directly connected prefix using LSPs toward the multi homed peer instead of going directly out the IRB interface (which is up). PR1376784

  • The RA packets might be sent out without using the configured virtual gateway address. PR1384574

Flow-based and Packet-based Processing

  • PIM register message might be dropped on SRX Series devices. PR1378295

Forwarding and Sampling

  • Junos OS allows firewall filters with the same name under [edit firewall] and [edit firewall family inet] hierarchy levels. PR1344506

  • L2ald crashes when trying to adjust mac-table-size configuration. PR1383665

  • The filter counter is not written to the accounting file when accounting is enabled on the bridge firewall filter. PR1392550

General Routing

  • TACACS access does not work after upgrade. PR1220671

  • Routing Engine and Packet Forwarding Engine out-of-sync errors are seen in syslog. PR1232178

  • The mspmand process might generate a core file in rare conditions due to a high rate of TCP traffic. PR1253862

  • The wrong TBB Packet Forwarding Engine component's temperature might be reported on MX80. PR1259379

  • On MX Series routers, the show chassis led command should not be displayed in possible completions of the show chassis command. PR1268848

  • Flexible PIC concentrator (FPC) crash/reboot is observed when bringing up about 12,000 Layer 2 Bit Stream Access (L2BSA) subscribers simultaneously. PR1273353

  • Error messages might be seen if flapping the aggregated Ethernet interface hosted on MPC-3D-16XGE card. PR1279607

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/mobiled. PR1284625

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/mspmand. PR1284643

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/mspsmd. PR1284654

  • PPPoE canot dial in due to all PADI dropped as "unknown iif" when the aggregated Ethernet configuration is deactivated or activated. PR1291515

  • Wrong packet statistics are reported in ifHCInUcastPkts OID. PR1306656

  • In a few cases it was seen that RS are all up but virtual service is down. This was seen mainly in configuration load overriride conditions. PR1313009

  • Migrate from syslog API to Errmsg API - /src/junos/usr.sbin/subinfo. PR1327262

  • Migrate from syslog API to Errmsg API - /src/junos/usr.sbin/aaad. PR1327266

  • Migrate from syslog API to Errmsg API - /src/junos/usr.sbin/smihelperd. PR1327271

  • Tc_count counters in filter with the scale-optimized command are not incrementing. PR1334580

  • With certificate hierarchy, where intermediate CA profiles are not present on the device, in some corner cases, the PKI daemon can become busy and stop responding. PR1336733

  • AI-script does not get automatically upgraded unless it is manually done after a Junos OS upgrade. PR1337028

  • Routing Engine does not have MAC map for MAC type 7. PR1345637

  • Additional show commands are called when the request support information command is issued. PR1346129

  • The rpd might crash when the dynamic-tunnels next-hop resolving migrates to a more specific IGP route. PR1348027

  • Routing Engine mastership keepalive timer is not updated after the GRES configuration is removed. PR1349049

  • The MPC might crash when the MIC is removed. PR1350098

  • Migrate from syslog API to Errmsg API - /bbe-svcs/smd/plugins/cos/. PR1353179

  • Some of the inline service interfaces cannot send out packets with the default bandwidth value (100 Gbps). PR1355168

  • Chassis alarm is not reflecting the correct state when INP0 and INP1 have AC voltage out-of-range. PR1355803

  • The mpls-ipv4 template does not have correct src AS and dst AS as 4294967295 src Mask and DstMask as 0 after adding the mpls-flow table size on the fly. PR1356118

  • Link stays up unexpectedly on MX204 with copper cable removed. PR1356507

  • MPC/FPC might be unable to reply request messages to the Routing Engine in a high subscriber scale scenario. PR1358405

  • show chassis ethernet-switch on PTX10000. PR1358853

  • The show chassis fpc command output might show "Bad Voltage" for FPC powered off by configuration or CLI command after the command show chassis environment fpc is executed. PR1358874

  • Bbe-smgd restarts unexpectedly while performing graceful Routing Engine switchover (GRES). PR1359290

  • PluginExit() function is never called. PR1359610

  • FPC core file might be observed after GRES switchover. PR1361015

  • IP over VPLS traffic is affected by EXP rewrite rule on the core-facing MPLS interface. PR1361429

  • The MX Series router functioning as a BNG does not generate ESMC/SSM Quality Level failed snmp trap. PR1361430

  • Rpd struck at 100 percent after clear bgp neighbor operation. PR1361550

  • Migrate from syslog API to Errmsg API;usp/usr.sbin/nsd/common/nsd_tpm.c. PR1361986

  • Spontaneous bbe-smgd core file might be seen on the backup Routing Engine. PR1362188

  • The MS-MPC might reset continuously on MX Series platforms. PR1362271

  • M/Mx: Traffic loss of 1 percent is seen during GRES phase of unified ISSU from 17.3-20180527.0 to17.3-20180527.0. PR1362324

  • Executing show route prefix proto ip detail during route churm in a route scale scenario might lead to FPC crash. PR1362578

  • The inline-J-Flow sampling configuration might cause FPC crash on MX Series platforms. PR1362887

  • MX-VC: Request to record VCCP heartbeat state change in syslog by default. PR1363565

  • xmlproxyd for internal interfaces is reporting uint32 instead of uint64. PR1363766

  • The multicast route update might get stuck in KRT queue and the rpd might crash if rpd and kernel go out of sync. PR1363803

  • FPM board is missing in SNMP MIB walk. PR1364246

  • A traffic loop might occur even though that port is blocked by RSTP in a ring topology. PR1364406

  • The kernel might crash after repeatedly deactivating/activating interfaces/filter/class-of-services configurations due to accessing stale memory entry. PR1364477

  • Configuration commit might be delayed by 30 seconds. PR1364621

  • AF's operational state moves to down state in a node virtualized environment where GNFs are connected through AF interface. PR1364921

  • The traffic is still forwarded through the member link of an aggregated Ethernet bundle interface even with "Link-Layer-Down" flag set. PR1365263

  • Default adapter type changed from E1000 to VMXNET3. PR1365337

  • Traffic drops seen if training failure is seen on a line card for three of more planes. PR1365668

  • MPC7E: ukern crash and FPC reboot with vty command show agent sensors verbose. PR1366249

  • MS-MPC/MS-PIC might crash in NAT scenario. PR1366259

  • MX150: Upgrade to Junos OS Release 18.1R1.9 fails. Installing package nfx-2-routing-data-plane-1.0-0.x86_64 needs 76 MB on the file system. PR1366324

  • Migrate from syslog API to Errmsg API - junos/lib/liboiu-ffp/. PR1366546

  • The next hop of MPLS path might be stuck in hold state, which could cause traffic loss. PR1366562

  • Snmp MIB walk for UDP flood gives different output statistics than CLI. PR1366768

  • Syslog errors seen LOG : Err] Failed to allocate 2 jnh-dwords for encap-ptr(ether-da)!,LOG: Err] gen_encap_common: jnh-alloc failed! 8. PR1366811

  • Offline of the fabric links of Packet Forwarding Engine 4 and Packet Forwarding Engine 5 is not supported. PR1367412

  • The bbe-smgd process might crash during the authentication phase for L2BSA subscriber. PR1367472

  • The show system resource-monitor fpc output might show a non existing Packet Forwarding Engine. PR1367534

  • RTG interface status might be shown as incorrect status with show interface. PR1368006

  • Multiple provisioning and deprovisioning cycles cause rdmd memory leak. PR1368275

  • JSA10893: 2018-10 Security Bulletin: MX Series: In BBE configurations, receipt of a crafted IPv6 exception packet causes a denial of service (CVE-2018-0058). PR1368599

  • RPD API rt_nexthops_extract_gateway_convert_unnumbered_gf_dli() rectification. PR1368855

  • The commit or commit check might fail due to the error of not having lsp-cleanup-timer without lsp-provisioning. PR1368992

  • SNMP MIB walk causes KMD errors. PR1369938

  • L2TP subscriber firewall filter might not be removed from the Packet Forwarding Engine when routing services are enabled in the dynamic profile. PR1369968

  • Kernel crash might be seen after committing demux-related configuration. PR1370015

  • The rpd might crash after Routing Engine switchover is performed or the rpd is restarted if interface-based dynamic GRE tunnel is configured. PR1370174

  • Packet that exceed 8000 bytes might be dropped by MS-MPC in ALG scenario. PR1370582

  • GMIC2 : SFP-1FE-FX optics does not come up on GMIC. PR1370962

  • All the MX150 devices running VRRP on a LAN are stuck in master state. PR1371838

  • BBE SMGD generates a core file on FPC restart. PR1371926

  • FPC high CPU utilization or crashes occur during hot-banking condition. PR1372193

  • SMGD generates a core file after essmd restart with reference to mmf_ensure_mapped (mmf=0xe8f0200, offset=4294967295, len=108) at ../src/junos/lib/libmmf/mmf.c:1972. PR1372223

  • Need a way to verify the session IDs above the 32-bit limit to check if this is working. PR1385237

  • With very high scale l3vpn, traffic is dropped when egressing on an AF interface. PR1372310

  • Image installation on SD fails with error Unable to read reply from software add command to re1; error 1. PR1372877

  • The Routing Engine might crash after non-GRES switchover. PR1373079

  • Core in ifinfo at pif_af_fe_info pif_af_ifd when displaying af interface information. PR1373436

  • AOC Type Optics fail to initialize on MACsec TIC startup. PR1373572

  • EDVT-GI-MIC2 : Interfaces do not come up for bidirection module SFP-100BASE-BX10-U and SFP-100BASE-BX10-D. PR1373795

  • BOOTP packets might be dropped if BOOTP-support is not enabled at the global level. PR1373807

  • LDP convergence delay might be seen after IGP metric change with bgp-igp-both-ribs command configured. PR1373855

  • There is a vMX QoS performance issue in the Junos OS Release 18.3. PR1373999

  • Cosmetic log warning: [---] is protected, 'protocols ---' cannot be deleted is seen after commit using configure private in a configuration with "protect" flag present. PR1374244

  • FPC might be unable to work properly if one child interface is removed from an aggregated Ethernet bundle in a dynamic VLAN subscriber scenario. PR1374478

  • Bbe-smgd generates a core file continously while deleting multicast group node from the tree. PR1374530

  • PCE-initiated LSPs remain Control status became local after removing PCE configuration. PR1374596

  • A few L2BSA subscriber logical interfaces are left behind in SMD infrastructure and kernel after logout. PR1375070

  • SFB and PDM/PSU related information is missing in jnxBoxAnatomy MIB on high-end MX Series routers (MX2010/2020). PR1375242

  • The bbe-smgd core file might be seen after doing GRES. PR1376045

  • Interface optic output power is not zero when the port has been disabled. PR1376574

  • CI: Not generating Power Supply failed trap. PR1376612

  • Disabling OAM might cause the Broadband Edge daemon to crash. PR1377090

  • Packets might be dropped on data plane in the inline J-Flow scenario. PR1377500

  • MQTT keepalive timeout messages seen in case of slow JTI collectors. PR1378587

  • After NAT64 router (with MS-MPC) translates an IPv6 fragment to IPv4 fragment, router is not inserting the right value in identification field of IPv4 header. PR1378818

  • The ICMPv6 packets larger than 1024 might be dropped if icmp-large-packet-check is configured on IDS service. PR1378852

  • Traffic might get silently dropped or discarded when CoS configuration is changed on a PS interface. PR1379530

  • Protocol adjacency might flap and FPC might reboot if jlock hog happens. PR1379657

  • Remove the chassisd alarms for FPCs exceeding 90 percent of power budget and exceeding 100 percent of power budget. PR1380056

  • The software detects SDB STS lock deadlock and breaks the deadlock itself, and system resumes normally processing on its own. PR1380231

  • CE_Customer: DT_BNG: ESSM model: rpd generates a core file during the fifth GRES, with reference to task_kevent_udata_task (ev= <optimized out>) at ../../../../../../src/junos/lib/libjtask/base/platform/bsd/task_io_bsd.c:127. PR1380298

  • Encryption and decryption do not occur, because the Packet Forwarding Engine discards while testing that the group VPN member was established by using the authentication-method preshared key ASCII text. PR1381316

  • Memory leak observed in MS-MPC card. PR1381469

  • Subscribers not able to log in after double GRES, after reboot, or after configuration. PR1382050

  • On Summit MX3ru for Junos OS Release 18.3R1 release ISSU fails if QSA is plugged in. PR1382126

  • The MPC6E might crash while fetching PMC device states. PR1382182

  • Flows are getting exported before the active timeout. PR1382531

  • PFT MX10008 expected inline-ipv4-export-packet-failures is not listed in show services accounting error. PR1382873

  • MAC addresses might disappear, if the interface MTU of EVPN PE device is changed. PR1382966

  • The kmd crashes with a core file after bringing up IPsec connection. PR1384205

  • CoS attachment might be mistakenly removed for DHCPv4 stack when DHCPv6 stack fails to be brought up for single-session dual-stack subscriber. PR1384289

  • MBFD flaps because clksync congest the scheduler for 100ms. PR1384473

  • CE_Customer: DT_BNG: Bbe-smgd generates multiple core files with reference to bbe_mcast_vbf_dist_policy_service_encoder (params= <opyimized out>) at ../src/junos/usr.sbin/bbe-svcs/smd/plugins/mcast/bbe_mcast_policy_config.c:159. PR1384491

  • RPT_REG_SERVICES: The MPLS packets with more than eight labels will not be processed by J-Flow. PR1385790

  • IPsec VPN traffic might fail when passing through MS-MPC of MX Series routers with CGNAT enabled. PR1386011

  • Representation of memory units is changed from gigabytes (GB) to gibibytes (GiB) in the help string under the resource template hierarchy. PR1386516

  • RBU_REGRESSIONS_SERVICES ::IPv4 and IPv6 VIP Routes are not withdrawn after aggregated Ethernet and VLAN with IRB flap. PR1386713

  • RBU_Services_Regressions: SFLOW : Agent ID in show sflow command is displaying lo interface IP instead of fxp0 IP. PR1386890

  • In case a LSP is locally configured without an explicit path ERO, the object remains empty in the PCRpt generated by PCC. PR1386935

  • Uninitialized EDMEM[0x400094] Read (0x6db6db6d6db6db6d) logs are seen with sampling applied to a subscriber with routing-service applied. PR1386948

  • When tracing is enabled, having a lot of trace-flags set could result in an rpd core file due to buffer overflow. PR1387050

  • The pccd might crash when changing delegation-priority. PR1387419

  • The bbe-smgd daemon crashes and generates a core file when two DHCP subscribers with the same framed-route prefix and preference values try to log in. PR1387690

  • Output of the show class-of-service interface command incorrectly shows adjusting application as PPPoE IA tags for DHCP subscribers. PR1387712

  • FPC core file might be seen at sensor_export_time_exceed_limit agent_health_monitor_data_reap when Jinsight is configured. PR1388112

  • Bbe-smgd does not respond to NS from SLAAC client on dynamic VLAN. PR1388595

  • Incorrect values for flow packets/octets fields might be seen in inline J-Flow scenario. PR1389145

  • The bbe-smgd process generates repeated core files and stops running as a result of long-term session database shared memory corruption. PR1388867

  • IGMP group threshold exceed log message prints a wrong demux logical interface. PR1389457

  • BFD flaps are seen on MX Series platforms with inline BFD. PR1389569

  • MX204 - Excluding speed CLI option under the interface level. PR1389918

  • Class of service adjustment-control-profile configuration for application DHCP tags does not get applied. PR1390101

  • Delay in CLI output with second or more show subscriber <> extensive queries occur when the first session is sitting at -(more)- prompt displaying show subscribers extensive. PR1390762

  • Trailing characters appear in the GNMI get API reply. PR1390967

  • DT_BNG: DFW plug in NACKs DHCPv6/PPPoE requires ESSM subscriber re-login after ISSU. PR1391409

  • The routing-engine-power-off-button-disable command does not work on MX204. PR1391548

  • The bbe-smgd process might crash after committing configuration changes. PR1391562

  • On MX Series routers serving as a DHCP server for dual-stack subscribers, BBE-SMGD process generates a core file. PR1391845

  • On MX2000, fans start spinning at high speed upon inserting previously offlined FPC. PR1393256

  • If FPGA on the new master CB has a specific hardware failure, the chassid might keep crashing after GRES switchover. PR1393884

  • PFT MX10008: Inline-services enabling the Flex-Flow-Sizing takes more than 12 minutes to move to steady state. PR1397767

  • The show system errors active is not showing the error for MPC3E NG HQoS. PR1398084

  • Kernel core file occurs on vMX due to jlock assert. PR1398320

  • High jsd or na-grpcd CPU usage might be seen even JET or JTI is not used. PR1398398

  • The bbe-smgd process might generate a core file when executing show pppoe lockout. PR1398873

  • FPC might crash after offline/online MIC-3D-16CHE1-T1-CE-H. PR1402563

High Availability (HA) and Resiliency

  • Backup Routing Engine might go to db prompt after performing configuration remove and restore. PR1269383

  • Observed error: not enough space in /var on re1. while doing unified ISSU upgrade from Junos OS Release 17.4-20180328.0 to Release 18.2-20180416.0. PR1354069

  • VC-Bm cannot sync with VC-Mm when the Virtual Chassis splits the reforms. PR1361617

Interfaces and Chassis

  • Aggregated Ethernet speed calculation changes according to 10 Gigabit Ethernet after post GRES. PR1326316

  • Momentary dip in traffic occurs when a GRES is performed. PR1336455

  • Native-vlan-id support on ps-interface. PR1352933

  • The sonet interface will go down after enabling "keep-address-and-control" in L2VPN scenario. PR1354713

  • The aggregated Ethernet interface might flap when the link speed of the aggregated Ethernet bundle is configured to oc192. PR1355270

  • Approximately 50 percent of PPPoE subscribers (PTA and L2TP) and all ESSM subscribers are lost after ISSU during DT CST stress test. PR1360870

  • Error messages like ifname [ds-5/0/2:4:1] is chan ci candidate are seen during a commit operation. PR1363536

  • In case of MPLS , DMR packets are sent with different mpls exp bits if MX Series router receives CFM DMM packets with varying exp values on MPLS header. PR1365709

  • In rare case, there might be L2TP subscribers stuck in terminated state. PR1368650

  • The EOAM LTM messages might not get forwarded after system reboot in CFM scenario configured with CCC interface. PR1369085

  • ISSU could be aborted at Timed out Waiting for protocol backup chassis master switch to complete with MX Series Virtual Chassis configuration. PR1371297

  • The error parse_remove_ifl_from_routing_inst() ERROR : No route inst on et-0/0/16.16386 is seen after restarting l2cpd daemon. PR1373927

  • The dcd process might go down when vlan-id none is configured for the interface. PR1374933

  • FTI logical interface VNI limits changed from (0..16777215) to (0..16777214). PR1376011

  • Duplicate IP cannot be configured on both SONET (so-) interface and other interfaces. PR1377690

  • Some error logs (Tx unknown LCP packet) might be reported by the bbe-smgd daemon on MX Series platforms. PR1378912

  • Higher level OAM CFM between CE might not work in VPLS scenario. PR1380799

  • The dcd restarted unexpectedly after committing a configuration with static demux interface stacking over ps interface. PR1382857

  • The jpppd process might crash if the EPD value contains a format specifier. PR1384137

  • DCD core can be seen after FPC restart if channelized interfaces are configured. PR1387962

  • Interface-control thrashes and dcd does not restart after adding invalid demux interface to the configuration. PR1389461

  • Decoupling of Layer 2 logical interface configuration from bridge-domain or EVPN configuration PR1390823

Layer 2 Ethernet Services

  • STP status gets wrong after changing outer VLAN-tags. PR1121564

  • The MAC address might not be learned due to spanning-tree state "discarding" in kernel table after Routing Engine switchover. PR1205373

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/lacpd. PR1284592

  • ZTP infra scripts are not included for MX Series PPC routers. PR1349249

  • Migrate from syslog API to Errmsg API:PPMD client LACP. PR1358599

  • The DHCP leasequery message is replied to with an incorrect source address. PR1367485

  • JSA10889 2018-10 Security Bulletin: Junos OS: The jdhcpd process crashes during processing of specially crafted DHCPv6 message (CVE-2018-0055). PR1368377

  • The kernel core might happen by commit operation in rare condition. PR1369459

  • The subscriber's authentication might fail when the link-layer address encoded in the DHCPv6 DUID is different from the actual link-layer hardware address. PR1390422

Layer 2 Features

  • The traffic might not be transmitted correctly in a large-scale VPLS scenario. PR1371994


  • When minimum-bandwidth and bandwidth commands are present in the configuration, the bandwidth selection of the LSP is inconsistent. PR1142443

  • JDI-RCT: Rpd core file is seen on master Routing Engine after performing restart chassisd. PR1352227

  • Layer 2 Circuit might flap after an interface goes down even if the LDP session stays up when l2-smart-policy is configured. PR1360255

  • The rpd might crash in BGP LU and LDP scenario. PR1366920

  • RSVP authentication might fail between some Junos OS releases and causes traffic loss during local repair. PR1370182

  • The next hop of static LSP for MPLS might get stuck in dead state after changing the network mask of the outgoing interface. PR1372630

  • The traceroute MPLS might fail when traceroute is executed from a Juniper Networks device to another device not supporting RFC 6424. PR1372924

  • Rpd process eventually might crash after Routing Engine switchover with GRES/NSR enabled. PR1373313

  • The traffic might not be load-balanced equally across LSPs with ldp-tunneling configured. PR1373575

  • The rpd process might crash continuously if nsr-synchronization or all flag is used in RSVP traceoptions. PR1376354

  • JSA10883: Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel crash (CVE-2018-0049). PR1380862

  • Ingress LSPs go down due to CSPF failure. PR1385204

  • Configured bandwidth 0 does not get applied on RSVP interface. PR1387277

  • Bypass LSP is taking same SRLG colored path. PR1387497

Platform and Infrastructure

  • MAC addresses are not learned on bridge-domains after XE/GE interface flap tests. PR1275544

  • MQCHIP CPQ block should report major alarm. PR1276132

  • Distributed multicast might not be forwarded to a subscriber interface. PR1277744

  • show igmp statistics not including any statistics under interface aggregate for distributed multicast interfaces. PR1289415

  • When chassis control restart is done with aggregated Ethernet and COS rewrite configuration, Platform failed to bind rewrite messages could be seen in syslog. PR1315437

  • RLT subinterfaces are not reporting statistics. PR1346403

  • lt- interface gets deleted with tunnel-services configuration still present. PR1350733

  • Some linecards might crash in subscriber scenario enabled with distributed IGMP. PR1355334

  • When forwarding-class-accounting command is enabled on an interface, inside of a routing-instance of instance-type vrf, aggregate input forwarding-class statistics do not increment (egress statistics work fine). PR1357965

  • JSA10899 2018-10 Security Bulletin: Junos OS: Nexthop index allocation failed: private index space was exhausted through incoming ARP requests to management interface (CVE-2018-0063). PR1360039

  • Select CLI functions are not triggering properly (set security ssh-known-hosts load-key-file, set system master-password). PR1363475

  • Qmon sensors are not working with hypermode enabled. PR1365990

  • Subscribers over aggregated Ethernet interface might have tail drops, which will affect the fragmented packets due to QXCHIP buffer getting filled up. PR1368414

  • Forwarding is broken after adding protocol evpn extended-vlan-id. PR1368802

  • The host outbound traffic might get dropped when the class-of-service host-outbound-traffic ieee-802.1 rewrite-rules command is configured. PR1371304

  • Traffic might drop on new added interfaces on MX Series routers after unified ISSU. PR1371373

  • The logical tunnel interface might be unable to send out control packets generated by Routing Engine. PR1372738

  • JNH memory leaks in multicast scenario with MoFRR enabled. PR1373631

  • Traffic traversing an IRB is not tagged with a VLAN if the packets go through an additional routing-instance. PR1377526

  • FPC crash might be seen after FPC restarts. PR1380527

  • lsi binding is missing upon nd6 entry refresh after l2ifl flap. PR1380590

  • Packet drops on interface if the command gigether-options loopback is configured. PR1380746

  • In certain Junos scenarios, DFWD memory corruption is seen due to large logical interface fstate messages. This can lead to log messages on dfwd traceoptions and occasionally DFWD core file. PR1380798

  • Packet drops might be seen if the packet header is over 252 bytes. PR1385585

  • RADIUS not working using management instance for IPv6 family. PR1391160

  • The configuration through NETCONF session might fail. PR1383567

  • L3VPN/ROSEN over PS over RLT: In Junos OS Release 18.4DCB after ifconfig goes down for PS logical interface, and its Link and Admin status are not going down as expected. PR1396335

Routing Policy and Firewall Filters

  • Set metric multiplier offset might overflow/underflow. PR1349462

  • The rpd process might crash if then next-hop is configured for LDP export policy. PR1388156

Routing Protocols

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/ppmd. PR1284621

  • Multihop eBGP peering session exchanging EVPN routes can result in rpd core file when BGP updates are sent. PR1304639

  • The BGP session might be stuck with high BGP OutQ value after GRES on both sides. PR1323306

  • The rpd might crash when BGP neighbor is flapping. PR1337304

  • The bfd process memory leak might be observed if enabling multi-hop BFD session for a static route with multiple qualified-next-hop. PR1345041

  • Rpd crash might be seen after executing Routing Engine switchover. PR1349167

  • FPC might continuously crash on vMX platforms. PR1364624

  • sBFD session flaps incrementally with 300 StaticSR clients configured with 100 ms as minimum-interval. PR1366124

  • Static route gets unexpectedly refreshed on commit when configured with resolve configuration statement. PR1366940

  • About 10 minutes of traffic loss is caused by BGP flap during MX Series unified ISSU. PR1368805

  • TCP sessions might be taken down during Routing Engine switchover. PR1371045

  • Route entry might be missing when IS-IS shortcut is enabled and MPLS link flaps. PR1372937

  • SSH is not working if [edit system services ssh hostkey-algorithms] is set or in FIPS mode. PR1382485

  • The rpd might crash after issuing operational command show route detail for RIP route. PR1386873

  • Penultimate-hop router does not install BGP LU label, causing traffic to be silently dropped or discarded. PR1387746

  • Next hop is not deleted by ukernel. However, the delete command is seen in rtsockmon. PR1389379

  • The rpd process might crash when rp-register-policy is configured with more than 511 terms. PR1394259

Services Applications

  • Selectively start ZLB Delay timer at the Packet Forwarding Engine for LAC tunnels. PR1338450

  • L2TP Access Concentrator (LAC) tunnel connection request packets might be discarded on LNS device. PR1362542

  • The L2TP subscribers might not be able to log in successfully due to the jl2tpd memory leak. PR1364774

  • Accounting stop message is not sent to RADIUS server after bringing down the L2TP subscriber. PR1368840

  • IPsec-VPN IKE security-associations might get stuck in "Not Matured" state. PR1369340

  • Actual-Data-Rate-Downstream might not be included in the L2TP ICRQ message. PR1370699

  • NAT64 does not translate ICMPv6 Type 2 packet (packet is too big) correctly when MS-DPC is used for NAT64. PR1374255

  • FTP ALG is not supported with twice-nat. PR1383964

  • L2TP subscribers might be stuck in init state in a corner case. PR1391847

Subscriber Access Management

  • The authd process might not be started after executing Routing Engine switchover on the backup Routing Engine without GRES enabled. PR1368067

  • RADIUS VSAs, Actual-Data-Rate-Downstream, and Actual-Data-Rate-Upstream values are not compliant with RFC 4679. PR1379129

  • CoA updates subscriber with original dynamic-profile if RADIUS has returned a different dynamic-profile name. PR1381230

  • Some subscribers fail to get SRL service as provided in the RADIUS accept message even though the RADIUS messages can be sent and received. PR1381383

  • The value of predefined-variable-defaults routing-instances overrides the RADIUS-supplied VSA (26-1 Virtual-Router). PR1382074

  • Log Message: authd: gx-plus: logout: wrong state for request session-id <xyz>. PR1384599

  • Multiple IPv6 IANA addresses are assigned for one session in IPv6 PD binding failure scenarios. PR1384889

  • Usage-Monitoring-Information AVP as part of PCRF gx-plus provisioning is causing service accounting activation. PR1391411


  • The rpd process might crash after configuration change in an L2VPN scenario. PR1351386

  • EOAM group-down status does not work as expected. PR1361437

  • In dual-homed next-generation MVPN, the receipt of type 5 withdrawal removes downstream join states for some routes. PR1368788

  • In MVPN source site, a redundant environment primary site can generate type 5 routes for the sources from different sites without having real traffic, potentially causing an outage if the receiver PE devices accept those routes as preferable. PR1375716

  • The rpd process crashes when LSP template for a provider tunnel is changed. PR1395353

Documentation Updates

This section lists the errata and changes in Junos OS Release 18.4R2 documentation for MX Series.

Subscriber Management Provisioning Guide

  • The new topic, Subscriber Management RADIUS Dictionary Files, provides a link to the Juniper Networks RADIUS dictionary that is used by default with subscriber management for each supported release. The dictionary is updated only when software features that affect the file are added or changed. The dictionary is not updated for every Junos OS release.

  • Starting in Junos OS Release 15.1, the Broadband Subscriber Sessions Feature Guide and the CLI Explorer incorrectly included information about the show extensible-subscriber-services accounting command. This command is not present in the CLI. Instead, you can use accounting profiles to collect statistics from the Packet Forwarding Engine for Extensible Subscriber Services Manager (ESSM) subscribers. See Flat-File Accounting Overview for information about accounting for ESSM subscribers.

Subscriber Management VLANs Interfaces Guide

  • The Broadband Subscriber VLANs and Interfaces Feature Guide did not clearly indicate that only demux0 is supported for demux interfaces. If you configure a different demux interface, such as demux1, the configuration commit fails.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

Starting in Junos OS 18.3R1 release, FreeBSD 11.x is the underlying OS for all Junos OS platforms which were previously running on FreeBSD 10.x based Junos OS. FreeBSD 11.x does not introduce any new Junos OS related modifications or features but is the latest version of FreeBSD.

The following table shows detailed information about which Junos OS can be used on which products:


FreeBSD 6.x-based Junos OS

FreeBSD 11.x-based Junos OS

MX5,MX10, MX40,MX80, MX104



MX240, MX480, MX960,

MX2010, MX2020



Basic Procedure for Upgrading to Release 18.4


Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files) might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Junos OS Administration Library.

For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.

Procedure to Upgrade to FreeBSD 11.x based Junos OS

Products impacted: MX240, MX480, MX960, MX2010, and MX2020.

To download and install FreeBSD 11.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-18.4R2.9-signed.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-18.4R2.9-signed.tgz

    Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos package):

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-18.4R2.x-limited.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-18.4R2.9-limited.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 11.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 11.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.


You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.


After you install a Junos OS Release 18.4 jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.x) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.


Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.

Procedure to Upgrade to FreeBSD 6.x based Junos OS

Products impacted: MX5, MX10, MX40, MX80, MX104.

To download and install FreeBSD 6.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    • All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

      user@host> request system software add validate reboot source/jinstall-ppc-18.4R2.9-signed.tgz
    • Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos OS package):

      user@host> request system software add validate reboot source/jinstall-ppc-18.4R2.9-limited-signed.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.


After you install a Junos OS Release 18.4 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see

Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:

  1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.

  2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

  3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

  4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Downgrading from Release 18.4

To downgrade from Release 18.4 to another supported release, follow the procedure for upgrading, but replace the 18.4 jinstall package with one that corresponds to the appropriate release.


You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.

Product Compatibility

Hardware Compatibility

To obtain information about the components that are supported on the devices, and special compatibility guidelines with the release, see the Hardware Guide and the Interface Module Reference for the product.

To determine the features supported on MX Series devices in this release, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at:

Hardware Compatibility Tool

For a hardware compatibility matrix for optical interfaces and transceivers supported across all platforms, see the Hardware Compatibility tool.

Release History Table
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).