Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for MX Series 5G Universal Routing Platform


These release notes accompany Junos OS Release 18.4R3 for the MX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at

New and Changed Features

This section describes the new features and enhancements to existing features in the Junos OS main release and the maintenance releases for MX Series.

New and Changed Features: 18.4R3

There are no new features or enhancements to existing features for MX Series in Junos OS Release 18.4R3.

Release 18.4R2 New and Changed Features

Network Management and Monitoring

  • Support for optimizing the SNMP walk execution time for IPsec statistics (MX Series)—In Junos OS Release 18.4R2, you can optimize the SNMP walk execution time for IPsec statistics. To achieve this optimization, increase the cache lifetime of the IPsec-related information (for example statistics and SA information) so that a single SNMP walk request is served for N number of IPsec security associations (SAs) with N number of queries made to the service PIC. IPsec statistics are now fetched by the burst mode, thereby reducing the load on the Routing Engine daemon, kmd. For different scale needs, we may have to tweak the hidden SNMP configuration parameters, for example, with Dead Peer detection (DPD) having more number of tunnels without traffic and simultaneous SNMP walks.

Subscriber Management and Services

  • Additional encapsulations added to pseudowire subscriber logical interfaces (MX Series with MPC and MIC)—Currently, the supported encapsulation type on the pseudowire subscriber interfaces include:

    • Transport logical interfaces—Circuit cross-connect (CCC) encapsulation.

    • Service logical interfaces:

      • Ethernet VPLS encapsulation

      • VLAN bridge encapsulation

      • VLAN VPLS encapsulation

      Starting in Junos OS Release 18.4R2, in addition to the existing encapsulation types, the following support is provided:

      • Transport logical interfaces—Ethernet VPLS encapsulation, and provision for terminating the interface on the l2backhaul-vpn routing-instance.

      • Service logical interfaces—Circuit cross-connect (CCC) encapsulation, and provision for terminating the interface on locally switched Layer 2 circuits.

    [See Pseudowire Subscriber Logical Interfaces Overview.]

Release 18.4R1 New and Changed Features

Authentication, Authorization and Accounting (AAA) (RADIUS)

  • Support for password change policy enhancement (MX Series)—Starting in Junos OS Release 18.4R1, the Junos OS password change policy for local user accounts is enhanced to comply with additional password policies. As part of the policy improvement, you can configure the following:

    • maximum-lifetime-value—The maximum duration of a password. The password expires after the maximum is reached.

    • minimum-lifetime-value—The minimum duration of a password. You cannot change the password until the minimum duration is reached.

    [See password.]

Class of Service (CoS)

  • Support for five-level hierarchical CoS with dynamic interface set over dynamic interface sets (MX Series) — Starting in Junos OS Release 18.4R1, five-level hierarchical CoS with the ability to configure dynamic interface sets over dynamic interface sets is supported on NG-MPC2E, NG-MPC3E, MPC5, and MPC7 line cards.

    [See stacked-interface-set (Dynamic Profiles).]

  • Support for dynamic and static logical interfaces in the same dynamic interface set (MX Series) — Starting in Junos OS Release 18.4R1, you can apply dynamic and static logical interfaces in the same dynamic interface set on all MPCs that support four-level and five-level hierarchical CoS.

    [See Understanding Hierarchical CoS for Subscriber Interfaces.]


  • Support for VMTO for ingress traffic (MX Series)—Starting in Junos OS Release 18.4R1, you can configure a leaf or spine device that is configured as a Layer 3 gateway to support virtual machine traffic optimization (VMTO) for ingress traffic. VMTO eliminates the unnecessary ingress routing to default gateways when a virtual machine is moved from one data center to another.

    To enable VMTO, configure remote-ip-host routes at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. You can also filter out the unwanted routes by configuring an import policy under the remote-ip-host routes option.

    [See Ingress Virtual Machine Traffic Optimization.]

  • Support for multihomed proxy advertisement (MX Series)—Starting in Junos OS Release 18.4R1, Junos OS now provides enhanced support to proxy advertise the MAC address and IP route entry from all leaf devices that are multihomed to a CE device. This can prevent traffic loss when one of the connections to the leaf device fail. To support the multihomed proxy advertisement, all multihomed PE devices should have the same multihomed proxy advertisement bit value. The multihomed proxy advertisement feature is enabled by default, and Junos OS uses the default multihomed proxy advertisement bit value of 0x20.

    [See EVPN Multihoming Overview.]

  • Automatically generated and assigned Ethernet segment identifiers in EVPN-VXLAN and EVPN-MPLS Networks (MX240, MX480, QFX5100, and QFX5110)—Starting in Junos OS Release 18.4R1, you can configure aggregated Ethernet interfaces and aggregated Ethernet logical interfaces on which LACP is enabled to automatically generate and assign Ethernet segment identifiers (ESIs) to themselves. We support this feature in the following environments:

    • On MX240 or MX480 routers that are multihomed in active-standby or active-active mode in an EVPN-MPLS network.

    • On QFX5100 or QFX5110 switches that are multihomed in active-active mode in an EVPN-VXLAN network.

  • MLD snooping support for EVPN-MPLS (MX Series and vMX)—Starting with Junos OS Release 18.4R1, you can configure Multicast Listener Discovery (MLD) protocol snooping on MX Series routers with MPCs and vMX routers in an EVPN over an MPLS network. Enabling MLD snooping helps to constrain IPv6 multicast traffic to interested receivers in a broadcast domain. Multicast sources and receivers in the EVPN instance (EVI) can each be single-homed to one provider edge (PE) device or multihomed in all-active mode to multiple PE devices.

    MLD snooping support in this environment includes:

    • Either MLDv1 and MLDv2 with any-source multicast (*,G) or MLDv2 with source-specific multicast (S,G) (configurable)

    • MLD state synchronization among multihoming PE devices using BGP EVPN Type 7 (Join Sync Route) and Type 8 (Leave Sync Route) network layer reachability information (NLRI)

    • Inclusive multicast forwarding from the ingress PE device into the EVPN core to reach all other PE devices

    • Forwarding across bridge domains (VLANs) using IRB interfaces and PIM operating in passive and distributed designated router (PIM-DDR) modes

    [See Overview of Multicast Forwarding with IGMP or MLD Snooping in an EVPN-MPLS Environment.]

  • Support for graceful restart on EVPN-VXLAN (MX Series)—Starting in Junos OS Release 18.4R1, Junos OS supports graceful restart on EVPN-VXLAN on EX9200 and QFX Series switches and MX Series Routers. Graceful restart allows the device to recover from a routing process restart or Routing Engine switchover without nonstop active routing (NSR) enabled.

    [See NSR and Unified ISSU Support for EVPN Overview.]

Forwarding and Sampling

  • Support for activating or deactivating static routes on the basis of RPM test results (MX Series)—Starting in Junos OS 18.4R1, you can use RPM probes to detect link status, and change the preferred-route state on the basis of the probe results. Tracked routes can be IPv4 or IPv6, and support a single IPv4 or IPv6 next hop. For example, RPM probes can be sent to an IP address to determine if the link is up, and if so, take the action of installing a static route in the route table . RPM-tracked routes are installed with preference 1 and thus are preferred over any existing static routes for the same prefix.

    [See Configuring RPM Probes , rpm-tracking, and show route rpm-tracking.]

General Routing

  • Avoid jlock hogs by configuring jlock hold time (MX Series)—Starting with Junos OS Release 18.4R1, users can configure a jlock hold time threshold value via sysctl. This helps avoid jlock hogs (tight loops) in ifd_walk by dropping the jlock after the threshold time is reached. The default hold time is 50ms.

    [See sysctl() Function]


  • Smart SFP and smart SFP+ support (MX Series)—Starting in Junos OS Release 18.4R1, the smart SFP transceivers and smart SFP+ transceiver in Table 1 and Table 2 are supported on the listed MX Series routers.

    Table 1: SFP Transceiver Support on the MX Series

    SFP Model

    Supported MPCs, MICs, and Platforms






    Supported MPCs:

    • MX-MPC1E-3D (with MIC)

    • MX-MPC1E-3D-Q (with MIC)

    • MX-MPC2E-3D (with MIC)

    • MX-MPC2E-3D-Q (with MIC)

    • MX-MPC2E-3D-NG (with MIC)

    • MX-MPC3E-3D-NG (with MIC)

    Supported MICs:

    • MIC-3D-20GE-SFP

    • MIC-3D-20GE-SFP-E


    Supported platforms:

    • MX80 (with MIC)

    • MX104 (fixed interfaces as well as MIC)

    • MX240, MX480, and MX960 (with MPC+ MIC)

    Table 2: SFP+ Transceiver Support on the MX Series

    SFP+ Model

    Supported MPCs, MICs, and Platforms


    Supported MPCs:

    • MX-MPC1E-3D (with MIC)

    • MX-MPC1E-3D-Q (with MIC)

    • MX-MPC2E-3D (with MIC)

    • MX-MPC2E-3D-Q (with MIC)

    • MX-MPC2E-3D-NG (with MIC)

    • MX-MPC3E-3D-NG (with MIC)

    Supported MICs:


    Supported platforms:

    • MX80 (with MIC)

    • MX104 (fixed interfaces as well as MIC)

    • MX240, MX480, and MX960 (with MPC+ MIC)

    See the [Hardware Compatibility Tool].

  • Support for 40-Gbps ports to operate at 1-Gbps or 10-Gbps speed (MX10008 )—Starting in Junos OS Release 18.4R1, you can use the Mellanox pluggable adapter (QSFP+ to SFP+ adapter or QSA; model number: MAM1Q00A-QSA) to convert quad-lane based ports to a single-lane based SFP+ port. The QSA adapter has the QSFP+ form factor with a receptacle for the SFP+ module. Use the QSA adapter to convert a 40-gigabit port to a 1-Gbps or a 10-Gbps port. You can plug-in a 10-Gbps SFP+ transceiver into the QSA adapter, which is inserted into the QSFP or QSFP+ ports of the MX10K-LC2101 line cards of the MX10008 router.

High Availability and Resiliency

  • BFD Client for segment routing (MX Series)—This feature is not supported on Junos OS Release 18.4R1. You can configure Junos OS to run Seamless Bidirectional Forwarding Detection (S-BFD) over non colored segment routing tunnels and use S-BFD as a fast mechanism to detect path failures. You can configure bfd-liveness-detection at the [edit protocols source-packet-routing segment-list] hierarchy level for enabling path-level S-BFD for a segment list.

    [See Understanding Bidirectional Forwarding Detection (BFD).]

Interfaces and Chassis

Junos Telemetry Interface

  • Export of subscriber accounting and dynamic interface and interface-set queue statistics through Junos Telemetry Interface (JTI) (MX Series Routers) —Starting in Junos OS Release 18.4R1, you can export statistics associated with dynamic subscriber interface stacking through remote procedure calls (gRPC). Accurate statistics (actual transit statistics) sensor for the subscriber interface includes IP (total) and IPv6 ingress and egress packets and bytes. Queue statistics for dynamic interface and interface sets include include counts of transmitted and dropped packets and bytes. The queue statistics sensors are maintained per contributing slot (as in the case with AE). Separate metadata sensors convey more contextual information about the dynamic interface and interface sets are available. The metadata sensors are also eligible for ON_CHANGE streaming.

    To enable subscriber and queue statistics for telemetry, include the subscriber-statistics and queue-statistics statements at the [edit dynamic-profiles profile-name telemetry] hierarchy level.

    [See dynamic-profiles and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • Expanded ON_CHANGE support for Junos Telemetry Interface (JTI) (MX960, MX2010, MX2020, PTX5000, PTX1000, and PTX10000)—Starting in Junos OS Release 18.4R1, OpenConfig support through remote procedure call (gRPC) and JTI is extended to support additional ON_CHANGE sensors.

    Periodical streaming of OpenConfig operational states and counters collects information at regular intervals. ON_CHANGE support streams operational states as events (only when there is a change), and is preferred over periodic streaming for time-sensitive missions.

    These paths, previously supporting periodical streaming only, now also support ON_CHANGE streaming:

    • /components/component

    • /components/component/name/

    • /components/component/state/type

    • /components/component/state/id

    • /components/component/state/description

    • /components/component/state/serial-no

    • /components/component/state/part-no

    ON_CHANGE notification will be supported on all the hardware components displayed in the Junos OS CLI operational mode command show chassis hardware.

    To provision a sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. To enable ON_CHANGE support, configure the sample frequency in the subscription as zero.

    [See Guidelines for gRPC Sensors (Junos Telemetry Interface) and show chassis hardware.]

  • Support for NTF agent (MX240, MX480, MX960, MX2010, MX2020, PTX1000, PTX5000, PTX10000, and VMX)—Junos OS exposes telemetry data over gRPC and UDP as part of the Junos Telemetry Interface (JTI). One way to stream JTI data into your existing telemetry and analytics infrastructure requires managing an external entity to convert the data into a compatible format. Starting in Junos OS Release 18.4R1, the NTF agent feature provides an on-box solution that allows you to configure and customize to which endpoint (such as IPFIX and Kafka) the JTI data is delivered and in which format (such as AVRO, JSON, and MessagePack) the data is encoded.

    [See NTF Agent Overview.]

  • Abstracted fabric interface support on Junos Telemetry Interface (JTI) (MX480, MX960, MX2008, MX2010, MX2020, and MX-ELM)—Starting in Junos OS Release 18.4R1, JTI sensor support is available for abstracted fabric interfaces. An abstracted fabric interface is a pseudointerface that represents a first class Ethernet interface behavior. This sensor is only supported for node virtualization configurations on MX routers with an abstract fabric Interface as the connecting link between guest network functions (GNFs). JTI sensors will report interface-specific load-balancing and fabric queue statistics. They also will report aggregated statistics across all abstracted fabric interfaces hosted on a source Packet Forwarding Engine of local guest network functions (GNFs) along with the fabric statistics for all traffic ingressing from and egressing to the fabric from that Packet Forwarding Engine.

    JTI sensor support is for both gRPC sensors and native (UDP) sensors. Use the following resource path to configure JTI sensors:

    • /junos/system/linecard/node-slicing/af-fab-stats/

    To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).

    For exporting statistics using UDP native sensors, configure parameters at the [edit services analytics] hierarchy level.

    [See sensor (Junos Telemetry Interface), Configuring a Junos Telemetry Interface Sensor (CLI Procedure), and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • Enhanced IS-IS sensor support for Junos Telemetry Interface (JTI) (MX960, MX2020, PTX5000, PTX1000, and PTX10000)—Starting in Junos OS Release 18.4R1, JTI supports OpenConfig Version v0.3.3 (from v0.2.1) for resource paths related to IS-IS link-state database (LSDB) streaming. The difference between the two versions results in changes, additions, deletions, or non-support for leaf devices related to the following IS-IS type length value (TLV) parameters and IS-IS areas:

    • TLV 135: extended-ipv4-reachability

    • TLV 236: ipv6-reachability

    • TLV 22: extended-is-reachability

    • TLV 242: router-capabilities

    • IS-IS interface attributes

    • IS-IS adjacency attributes

    To provision the sensor to export data through gRPC streaming, use the telemetry Subscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig and Network Agent packages, both of which are bundled into the Junos image in a default package named junos-openconfig.

    [See Configuring a Junos Telemetry Interface Sensor (CLI Procedure) and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

Layer 2 VPN

  • Group VPN on AMS interface (MX Series)—Starting in Junos OS Release 18.4R1, Junos OS supports load-balancing Group VPN services on AMS interfaces. AMS interfaces are a bundle of interfaces that function as a single interface and can be configured to load-balance traffic among the group members. To configure load balancing of Group VPN services on AMS interfaces, include the ipsec-group-vpn in the [edit services service-set service-set-name] hierarchy level to configure the service set and the load-balancing-option statements in the service-interface hierarchy of the AMS interface to enable load balancing.

    For more information on configuring AMS interfaces, see Configuring Aggregated Multiservices Interfaces.

    [See Group VPN on AMS Interfaces.]


  • Track IGP metric for install prefixes (MX Series)—Starting in Junos OS Release 18.4R1, you can let the install prefixes follow the metric of their corresponding IGP prefix so that the various RSVP protocol routes installed for the LSP can now each have their indivdual metric value. The install-prefix IGP metric tracking feature can be configured for all LSPs at the [edit protocols mpls] level or on a per-LSP basis at the [edit protocols mpls label-switched-path] hierarchy level.

    [See Install Prefix IGP Overview.]

  • Support for IP-based filtering and port mirroring of MPLS traffic (MX Series with MPC and MIC)—Starting in Junos OS Release 18.4R1, you can apply inbound and outbound filters for MPLS family based on MPLS-tagged IPv4 and IPv6 parameters using inner payload match conditions, and enable selective port mirroring of MPLS traffic unto a monitoring device.

    To enable IP-based filtering, additional match conditions, such as IPv4 and IPv6 source and destination addresses, protocol, source and destination ports, and IPv4 and IPv6 source and destination prefix list, are added under the MPLS filter term from parameter.

    To enable port mirroring, additional actions, such as port-mirror and port-mirror-instance, are added for all the match conditions under the filter term then parameter.

    [See Understanding IP-Based Filtering and Selective Port Mirroring of MPLS Traffic.]

  • Static egress LSP with IPv6 next-hop—Starting in Junos OS Release 18.4R1, you can configure static LSP on the egress router with the IPv6 as a next­hop address to forward IPv6 traffic. Static LSP supports next­hop indirection and link protection.

    [See Configuring Static Label Switched Paths for MPLS.]

Network Management and Monitoring

  • New major alarms on MX Series routers with MPC1 and MPC2—Starting in Junos OS Release 18.4R1, on MX Series routers with MPC1 and MPC2 line cards, a major chassis alarm is raised when the following transient hardware errors occur:

    • CPQ SRAM parity error

    • CPQ RLDRAM double bit ECC error

    In the Description column of show chassis alarm outputs, these errors are described as “FPC <slot number> Major Errors”; for example:

    user@host> show chassis alarms

    By default, these errors result in the Packet Forwarding Engine interfaces on the FPC being disabled. You can use the show chassis fpc errors command to view the default or user-configured action that resulted from the error.

    You can check the syslog messages to learn more about the errors. See the following examples:

    To resolve the error, restart the line card. If the error is still not resolved, open a support case using the Case Manager link at or call 1-888-314-JTAC (within the United States) or 1-408-745-9500 (from outside the United States).

Operation, Administration, and Maintenance (OAM)

  • Support for inline link fault management (MX Series)—Starting in Junos OS Release 18.4R1, Junos OS supports inline mode for OAM link fault management (LFM) on MX Series routers. Inline LFM delegates the transmission and receipt of LFM keepalive packets from the periodic packet management (ppm) process on the line card to the forwarding ASIC (that is, to the hardware). Inline LFM reduces the load on the ppm process and can support LFM in-service software upgrade (ISSU) for non-Juniper peers (for a keepalive interval of 1 second). You can enable inline LFM by including the hardware-assisted-keepalives configuration statement at the [edit protocols oam ethernet link-fault-management] hierarchy level. To disable inline LFM, delete the hardware-assisted-keepalives statement. The show oam ethernet link-fault-management detail command displays the keepalive packet statistics. Starting from Release 18.4R1, when inline LFM is enabled, the keepalive packet statistics are not updated. In earlier releases, the show oam ethernet link-fault-management detail command displayed the keepalive packet statistics.

    [See Enabling Inline Transmission of LInk Fault Management Keepalives for Maximum Scaling.]

Routing Policy and Firewall Filters

  • Support for next-filter as a firewall filter action (MX Series)—Starting in Junos OS Release 18.4R1, firewall filters can be configured to execute a sequence of firewall filter actions. The new next-filter option allows you to deploy a filter list and run a series of filters, similar to what is already available with next-term actions, and provides filter scale optimization. Up to eight filters can be chained in this way. The feature is not supported on logical systems, or on loopback and pseudo-interfaces.

    You can use a filter list to implement a mix of multifield-classification and firewall filter rules. For example, the first filter in the list can be used to perform a generic filter classification, and the subsequent filters can then do the actual filtering.

    [See input-chain and output-chain.]

  • Filter-based GRE encapsulation (MX Series)—Starting in Junos OS Release 18.4R1, you can use tunnel-end-point commands to enable line-rate, filter-based, GRE tunneling of IPv4 and IPv6 payloads across IPv4 networks.

    This GRE encapsulation is not supported for logical systems or for MPLS traffic, and the route lookup for GRE encapsulated traffic is supported on the default routing instance only.

    The following commands are introduced for this feature:

    set firewall tunnel-end-point tunnel-name gre

    set firewall tunnel-end-point tunnel-name ipv4

    set firewall tunnel-end-point tunnel-name ipv6

    [See tunnel-end-point and Filter-Based Tunneling Across IPv4 Networks.]

Routing Protocols

  • Support for BGP flowspec redirect to IP (MX Series)—Starting in Junos OS Release 18.4R1, BGP flow specification as described in BGP Flow-Spec Internet draft draft-ietf-idr-flowspec-redirect-ip-02.txt, Redirect to IP Action is supported. Redirect to IP action uses extended BGP community to provide traffic filtering options for DDoS mitigation in service provider networks. Legacy flow specification, as specified in the Internet draft draft-ietf-idr-flowspec-redirect-ip-00.txt, BGP Flow-Spec Extended Community for Traffic Redirect to IP Next Hop, redirect to IP uses the BGP nexthop attribute to support interoperability of devices. Junos OS advertises redirect to IP flow specification action using the extended community by default. Redirect to IP action allows you to divert matching flow specification traffic to a globally reachable address. This feature is required to support service chaining in virtual service control gateway (vSCG).

    To configure a static IPv4 flow specification route, include the redirect ipv4-address statement at the [edit routing-options flow route then] hierarchy level in the configuration.

    To configure a static IPv6 specification route, include the redirect ipv6-address statement at the [edit routing-options flow route then] hierarchy level in the configuration.

    To configure legacy flow specification include legacy-redirect-ip-action at the [edit group bgp-group neighbor bgp neighbor family inet flow] hierarchy level.

    To configure BGP to use VRF.inet.0 table to resolve VRF flow specification routes, include secondary-independent-resolution statement at the [edit protocols bgp neighbor family flow] hierarchy level.

    [See legacy-redirect-ip-action.]

    [See Configuring BGP Flow Specification Action Redirect to IP to Filter DDoS Traffic.]

  • Support for 64 BGP add-path routes (MX Series)—Starting in Junos OS Release 18.4R1, support is extended to 64 BGP add-path routes. Currently Junos OS supports six add-path routes and BGP can advertise up to 20 add-path routes through policy configuration. If you enable advertisement of multiple paths to a destination or if you increase the add-path prefix policy send count, BGP can now advertise up to 64 add-path routes.

    To advertise all add-paths, up to 64 add-paths or only equal-cost paths, include the path-selection-mode statement at the [edit protocols bgp group group-name family name addpath send] hierarchy level. You cannot enable both multipath and path-selection-mode at the same time.

    To advertise a second best path as a backup path in addition to the multiple ECMP paths include the include-backup-path backup_path_name statement at the [edit protocols bgp group group-name family name addpath send]] hierarchy level.

    [See path-selection-mode.]

    [See include-backup-path.]

  • Support for BGP egress peer engineering (MX Series)—Starting in Junos OS Release 18.4R1, BGP LS extensions are enhanced to export segment routing topology information to the controller. A centralized controller in a software-defined network (SDN) can program any egress peer policy at ingress border routers or at hosts within the domain in a segment routing network. The egress router advertises SID labels for all its peers, and the controller advertises these SID labels to the ingress router. The SID label can be a node segment, or an adjacency segment, or a set segment label. Thus the ingress router can select these SID labels to transfer data packets to the egress peers. The path that the controller derives can override the network derived best path. This feature can also be used in an inter domain scenario.

    To configure a peer node SID, include egress-te-node-segment-label at the [edit protocols bgp group group-name neighbor neighbor-name] hierarchy level.

    To configure a peer adjacency SID, include egress-te-adj-segment adj-segment-name at the [edit protocols bgp group group-name neighbor neighbor-name] hierarchy level.

    To create a peer set SID, include egress-te-set-segment set-segment-name label label-name at the [edit protocols bgp] hierarchy level.

    [See egress-te-node-segment.]

    [See egress-te-adj-segment.]

    [See egress-te-set-segment.]

  • Support for IPv4 VPN unicast and IPv6 VPN unicast address families in BGP (MX Series)—Starting in Junos OS Release 18.4R1, the following address families are supported to enable advertisement or reception, or both, of multiple paths to a destination to and from the same BGP peer, instead of advertising and receiving only the active path to and from the same BGP peer, under the [edit protocols bgp group group-name] hierarchy.

    • IPv4 VPN unicast (family inet-vpn)

    • IPv6 VPN unicast (family inet6-vpn)

    [See Understanding the Advertisement of Multiple Paths to a Single Destination in BGP.]

  • BGP add path support for eBGP (MX Series)—Starting in Junos OS Release 18.4R1, add path receive is now supported for eBGP under the [edit logical-systems logical-system-name protocols bgp group group-name family family].

    [See Understanding BGP.]

Services Applications

  • Support for MPLS-IPv6 inline active flow monitoring (MX Series)—Starting in Junos OS Release 18.4R1 on MX Series routers, you can perform inline flow monitoring for MPLS-IPv6 traffic. Both IPFIX and version 9 templates are supported. If you are running inline flow monitoring on a Lookup (LU) card, you must enable sideband mode to create MPLS-IPv6 flow records.

    [See Configuring Inline Active Flow Monitoring Using Routers, Switches or NFX250.]

  • MX Series Virtual Chassis NAT support on BNG (MX240, MX480, and MX960 routers with MS-MPCs and MS-MICs)—Starting in Junos OS Release 18.4R1, you can configure a two-member MX Series Virtual Chassis to use the Juniper broadband network gateway (BNG) with IPv4-to-IPv4 basic NAT, dynamic NAT, static destination NAT, dynamic NAT with port mapping, and stateful NAT64. A two-member MX Series Virtual Chassis configuration supports a maximum of four MS-MPCs and four MS-MICs per Virtual Chassis.

    [See Protocols and Applications Supported by the MS-MIC and MS-MPC.]

  • MX Series Virtual Chassis DS-Lite support (MX240, MX480, and MX960 routers with MS-MPCs and MS-MICs)—Starting in Junos OS Release 18.4R1, you can configure DS-Lite on a two-member MX Series Virtual Chassis. A two-member MX Series Virtual Chassis configuration supports a maximum of four MS-MPCs and four MS-MICs per Virtual Chassis.

    [See Protocols and Applications Supported by the MS-MIC and MS-MPC.]

Software Defined Networking (SDN)

Subscriber Management and Services


Subscriber management is not ready for deployment in Junos OS Release 18.4R1. You can use this release for testing and qualification, but we recommend you wait for a later 18.4 maintenance or service release for deployment.

  • Limit subscriber sessions per user and access profile (MX Series)—Starting in Junos OS Release 18.4R1, you can configure a limit on the number of sessions that can be active for a given username in an access profile.

    The show network-access aaa statistics session-limit-per-username command displays the number of active sessions and of blocked requests for usernames in each access profile. The clear network-access aaa statistics session-limit-per-username command enables you to clear blocked requests for debugging subscriber session limits.

    [See Understanding Session Options for Subscriber Access.]

  • New BBE statistics collection and management process (MX Series)—Starting in Junos OS Release 18.4R1, the BBE statistics collection and management process, bbe-statsd, is introduced to take advantage of high-performance Routing Engines to increase the frequency of statistics collection and improve statistics processing in highly scaled environments. The bbe-stats-service option has been added to the restart command for restarting this statistics process.

    To collect subscriber and service statistics, you now must enable the actual-transit-statistics statement. If you do not configure this statement, subscriber statistics are not collected; the show subscribers accounting-statistics command displays a value of zero for subscriber statistics; and the subscriber statistics are reported to RADIUS with values of zero.

    [See Enabling the Reporting of Accurate Subscriber Accounting Statistics to the CLI.]

  • Subscriber secure policy information not revealed in core file dumps (MX Series)—Starting in Junos OS Release 18.4R1, subscriber secure policy (SSP) information that might identify subscribers or mediation devices is automatically encrypted when the authd, bbe-smgd, or dfcd process generates core error files. Unauthorized persons examining the error files are unable to view the SSP information. The SSP information that might be present in the core error file includes the source and destination IP address for the mediation device, device ports, and intercept ID. No configuration is required or possible.

    [See Subscriber Secure Policy Overview.]

  • Increased number of IP addresses in DHCPv4 server groups (MX Series)—Starting in Junos OS Release 18.4R1, DHCPv4 server groups support up to 32 active server IP addresses. In earlier releases, only 5 servers are supported.

    [See Configuring Active Server Groups to Apply a Common DHCP Relay Agent Configuration to Named Server Groups.]

  • Address allocation method determines behavior when address pool is deleted or drained (MX Series)—Starting in Junos OS Release 18.4R1, additional checking is performed to determine the subsequent behavior when authd notifies the DHCP process that an address pool is deleted or being drained:

    • When addresses are allocated on demand, the family with the address in that pool is logged out immediately when the pool is deleted, or logged out gracefully by the draining process when a DHCP renew or rebind message is received.

    • When the addresses are preallocated, the addresses for both families are deleted immediately when the pool is deleted, or deleted gracefully by the draining process when a DHCP renew or rebind message is received.

    [See Single-Session DHCP Dual-Stack Overview and Configuring DHCP Local Address Pool Rapid Drain.]

  • Enhanced support for forwarding ACKs from trusted servers (MX Series)—Starting in Junos OS Release 18.4R1, the allow-server-change option of the active-server-group statement enables the DHCPv4 relay agent to forward ACKs to DHCP information request (DHCPINFORM) messages from any server in the active server group to the client. In earlier releases, only ACKs to DHCP request (renew or rebind) messages can be forwarded from trusted servers.

    [See Configuring Active Server Groups to Apply a Common DHCP Relay Agent Configuration to Named Server Groups.]

  • Support for DHCPv6 NotOnLink status code (MX Series)—Starting in Junos OS Release 18.4R1, the DHCPv6 server can return to the client a status code of NotOnLink in the Reply PDU IA field during reauthentication when the subscriber IP or IPv6 address changes. This code means that at least one address in the client’s request IA is not appropriate for the client’s connection link. In earlier releases, only a NoAddrsAvail or NoPrefixAvail status code can be returned when there is an issue with requested addresses.

    [See RADIUS Reauthentication As an Alternative to RADIUS CoA for DHCP Subscribers.]

  • Reassign IPv4 address to a new subscriber (MX Series)—Starting in Junos OS Release 18.4R1, you can enable a new subscriber to be reassigned an IPv4 address that is currently assigned to an existing subscriber by including the reassign-on-match option with the address-protection statement. The new subscriber request is rejected, but the existing subscriber is disconnected. The address is assigned to the new subscriber when it renegotiates the session

    [See Configuring Duplicate IPv4 Address Protection for AAA.]

  • New predefined variables and RADIUS VSAs for interface and set targeted distribution (MX Series)—Starting in Junos OS Release 18.4R1, when you target an interface or an interface set for distribution on aggregated Ethernet member links, you can use a Juniper Networks predefined variable to source the weight value from the RADIUS Access-Accept message on a per-subscriber basis, or from Diameter AVPs during NASREQ processing:

    • $junos-interface-target-weight corresponds to Juniper Networks VSA 26-214, Interface-Targeting-Weight.

    • $junos-interface-set-target-weight corresponds to Juniper Networks VSA 26-213, Interface-Set-Targeting-Weight.

    [See Junos OS Predefined Variables That Correspond to RADIUS Attributes and VSAs.]

  • Support for exporting BNG sensor data to an IPFIX collector (MX Series)—Starting in Junos OS Release 18.4R1, the input-jti-ipfix plug-in collects a limited set of sensor data from the local BNG Junos Telemetry Interface and translates it to the appropriate IPFIX records for export to an IPFIX collector.

    [See Telemetry Data Collection on the IPFIX Mediator for Export to an IPFIX Collector.]

  • Detection and autogeneration of logical interface sets representing logical access nodes (MX Series)—Starting in Junos OS Release 18.4R1, you can configure the router to parse the ANCP Access-Aggregation-Circuit-ID-ASCII attribute (TLV 0x0003). When the TLV string begins with a # character, the entire string is a backhaul line identifier. The portion of the string after the # delimiter represents a logical intermediate node (DPU-C or PON tree) in the access network to which the subscriber is attached. This portion is used to set the value of the $junos-aggregation-interface-set-name variable, and is used as the name of a CoS Level 2 interface set that groups subscribers. Enable parsing with the hierarchical-access-network-detection option of the access-line statement.

    [See Detection of Backhaul Line Identifiers and Autogeneration of Intermediate Node Interface Sets.]

  • BGP support over dynamic PPPoE interfaces (MX Series)—Starting in Junos OS Release 18.4R1, BGP is supported over dynamic PPPoE interfaces. PPPoE subscriber clients correspond to BGP neighbors, so you configure the PPPoE subscriber client IP addresses as the BGP neighbor addresses with the [edit protocols bgp group name neighbor] stanza.

    You must enable routing services in both the PPPoE subscriber dynamic profile and the dynamic profile for the underlying VLAN interface with the new routing-service statement. This statement replaces the deprecated routing-services statement.

    You can also selectively enable or disable routing services per subscriber through RADIUS by using the new $junos-routing-services predefined variable. The action is determined by the value of the new Routing-Services VSA (26-212) returned in the RADIUS Access-Accept message.

    [See Junos OS Enhanced Subscriber Management.]

  • Support for Layer 2 services provisioning on the services side of pseudowire service logical interface anchored on redundant logical tunnel interface (MX Series with MPC and MIC)—Starting in Junos OS Release 18.4R1, Layer 2 services provisioning such as bridge and VPLS, is supported on the services side of the pseudowire service logical interface anchored to redundant logical tunnel interface. With this support, the chassis-wide scaling numbers available for the physical interfaces over redundant logical tunnels is extended to pseudowire service interfaces anchored over redundant logical tunnel interfaces.

    [See Layer 2 Services on Pseudowire Service Interface Overview.]

  • Support of single-hop BFD sessions for pseudowire redundant logical interfaces (MX Series)—Junos OS supports inline distribution of single-hop Bidirectional Forwarding Detection [protocol] (BFD) sessions for pseudowire subscriber logical tunnel interfaces by default, as these interfaces are anchored on a single Flexible PIC Concentrator (FPC). With pseudowire redundant logical interfaces, the member logical tunnel interfaces can be hosted on different linecards. As a result, single-hop BFD sessions are operated in a centralized mode because the distribution address is not available for these logical interfaces.

    Starting in Junos OS Release 18.4R1, the support for inline distribution of single-hop BFD sessions is extended to pseudowire subscriber over redundant logical tunnel interfaces, thereby improving the scaling (number of sessions) and performance (detection time) of single-hop BFD sessions.

    [See Anchor Redundancy Pseudowire Subscriber Logical Interfaces Overview.]

  • ARP enhancements for subscriber management (MX Series)—Starting in Junos OS Release 18.4R1, the following ARP enhancements are supported only for framed routes on dynamic VLANs:

    • Dynamic layer 2 MAC address resolution works for network (non-host) IPv4 framed routes. The non-host framed route is coupled with the dynamic Layer 2 address associated with a host route.

    • You can enable the router to compare the source MAC address received in a gratuitous ARP request or reply packet with the value in the ARP cache. The router updates the cache with the received MAC address if it determines this address is different from the cache entry.

    • You can enable dynamic ARP to resolve the MAC address for IPv4 framed host (32-bit) routes. By default, the framed route is permanently associated with the source MAC address received in the packet that triggered creation of the dynamic VLAN.

      [See Junos OS Enhanced Subscriber Management.]

System Management

  • Secure copy (scp) support on Junos OS CLI with the ”source address” and ”routing instance” options (MX240, MX480, MX960, MX2010, MX2020, and vMX)— Starting in Junos OS Release 18.4R1, MX Series routers support the scp command from the CLI, along with two additional options: source address and routing instance. The source address option specifies the local address to use in originating the connection and routing instance option specifies the name of routing instance for the scp session. These two options are also added in the following CLI commands where the scp URL is supported: file copy, file archive, save, show|save, show|compare, load merge, load override, load patch, load replace, load set, and load update. The functionality of these commands remains the same with the source address and routing instance options added.


    The scp command is available under operational mode and configuration mode.

    [See scp , file copy, file archive, load, and save.]

Timing and Synchronization

  • Synchronous Ethernet support for enhanced Switch Control Board (MX240, MX480, and MX960)—Starting in Junos OS Release 18.4R1, MX Series routers with the enhanced Switch Control Board (SCBE3-MX) support synchronous Ethernet. Synchronous Ethernet is a physical layer technology that functions regardless of the network load and supports hop-by-hop frequency transfer. This enables you to deliver synchronization services that meet the requirements of modern-day mobile network, and future Long Term Evolution (LTE)–based infrastructures.

    [See Synchronous Ethernet Overview.]


  • Support to control traceroute over Layer 3 VPN (MX Series)—Starting in Junos OS Release 18.4R1, in a Layer 3 VPN topology with vrf-table-label configured and multiple customer edge (CE) routers configured in the same VPN routing and forwarding (VRF) routing instance, when traceroute is performed to a remote provider edge (PE) router for a CE-facing network, the ICMP time exceeded packet determines the correct IP address as the source address.

    To control the traceroute over Layer 3 VPN topology with vrf-table-label configured and multiple CE routers configured in the same VRF, you can configure allow-l3vpn-traceroute-src-select at the[edit system] hierarchy level that determines the correct IP source address by reviewing the destination routing instance and destination IP address.

    [See allow-l3vpn-traceroute-src-select.]

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS main release and the maintenance releases for the MX Series routers.

Release 18.4R3-S6 Changes in Behavior and Syntax


  • Change in support for interface-transmit-statistics statement (MX Series)—You cannot configure aggregated Ethernet interfaces to capture and report the actual transmitted load statistics by using the interface-transmit-statistics statement. Aggregated Ethernet interfaces do not support reporting of the transmitted load statistics. The interface-transmit-statistics statement is not supported in the aggregated Ethernet interfaces hierarchy. In earlier releases, the interface-transmit-statistics statement was available in the aggregated Ethernet interfaces hierarchy but not supported.

    [See interface-transmit-statistics.]

Platform and Infrastructure

  • Updates to ON-CHANGE and periodic dynamic subscriber interface metadata sensors (MX Series routers and EX9200 line of switches)—We've made the following updates to the /junos/system/subscriber-management/dynamic-interfaces/interfaces/meta-data/interface[sid='sid-value']/ sensor:

  • Notifications are sent when subscribers log in on either IP demux or VLAN demux interfaces. In earlier releases, login notifications are sent only for IP demux logins.

  • The interface-set end path has been added to the logical interface metadata. The interface-set field appears in both ON-CHANGE and periodic notifications. In earlier releases, this field is not included in the sensor metadata or notifications.

[See gRPC Sensors for Subscriber Statistics and Queue Statistics for Dynamic Interfaces and Interface-Sets (Junos Telemetry Interface).]

Release 18.4R3 Changes in Behavior and Syntax

Interfaces And Chassis

  • Enhancement to the show interfaces mc-ae extensive command—You can now view additional LACP information about the LACP partner system ID when you run the show interfaces mc-ae extensive command. The output now displays the following two additional fields:

    • Local Partner System ID—LACP partner system ID as seen by the local node.

    • Peer Partner System ID—LACP partner system ID as seen by the MC-AE peer node.

    Previously, the show interfaces mc-ae extensive command did not display these additional fields.

  • Change in error severity (MX960, MX240, MX2020, MX480, MX2008, and MX2010)—Starting in Junos OS Release 18.4R3, the severity of the CRC errors (XR2CHIP_ASIC_JGCI_FATAL_CRC_ERROR) has been reduced from Fatal to Major. Earlier, these errors caused the line card to be reset, if the interasic-linkerror-recovery-enable knob was configured. Now, these errors will only disable the Packet Forwarding Engines that are affected. With this change, the interasic-linkerror-recovery-enable knob has no effect in case of these errors because severity of these errors has been reduced to Major.


    This behavior change is applicable to the following line cards only: MPC5E, MPC6 MPC7, MPC8, and MPC9.

Junos OS XML API and Scripting

  • Root XML tag change for show rsvp pop-and-forward | display xml command (MX480)—We’ve changed the root XML tag for the show rsvp pop-and-forward | display xml command to rsvp-pop-and-fwd-information to make it consistent with the XML tag convention. In earlier releases, the command output displays rsvp-pop-and-fwd-info XML tag. Update the scripts with the rsvp-pop-and-fwd-info XML tag to reflect the new rsvp-pop-and-fwd-information XML tag.

    [See Junos XML API Explorer - Operational Tags.]

Junos Telemetry Interface

  • Automatic installation of YANG-based CLI for RIFT protocol (MX Series, QFX Series, and vMX with 64-bit and x86-based servers)—In Rift 1.2 Release, installation of the CLI for RIFT protocol occurs automatically along with the installation of the junos-rift package. In the pre-1.0 releases of the junos-rift package, the RIFT CLI had to be installed separately using request system yang command after installation of the junos-rift package.

Platform and Infrastructure

  • Change in startup notification after GRES (MX Series routers)—The master Routing Engine sends a coldStart notification when a device comes up. The master Routing Engine also sends warmStart notifications for subsequent restarts of the SNMP daemon. After graceful routing engine switchover (GRES) the new master Routing Engine sends a single warmStart notification and the backup Routing Engine does not send any notification. In earlier releases, after GRES, the new master RE would sometimes send two notifications or a single notification. Of these, the first notification was always a coldStart notification and the second was either a coldStart notification or a warmStart notification.

    [See Standard SNMP Traps Supported by Junos OS.]

Routing Protocols

  • Advertising /32 secondary loopback addresses to traffic engineering database as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, multiple secondary loopback addresses in the traffic engineering database were added to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router ID.

Services Applications

  • Change in NAT port block syslog message display(MX Series Routers)—When you configure a softwire prefix other than 128, all the JSERVICES_NAT_PORT_BLOCK logs now displays the prefixed B4 address. The following JSERVICES_NAT_PORT_BLOCK are modified:




    In earlier releases of Junos OS, when a softwire prefix was configured, some of the B4 addresses displayed in the JSERVICES_NAT_PORT_BLOCK log were /128 addresses(irrespective of the configured prefix). This change is not observed when the softwire prefix is not configured.

Subscriber Management And Services

  • Support for managing PCRF server errors (MX Series)—Starting in Junos OS Release 18.4R3, you can configure the router to reinitialize the PCRF session when triggered by certain PCRF server errors that result in a state mismatch between the server and the router. You can also configure the router to generate an extended session ID that is universally unique by appending a 32-bit session-stamp based on the current UTC time when the router creates the CCR-GX-I.

    Configure local reinitialization with the reinit-on-failure, reinit-on-rar, and reinit-timeout options with the local-decision statement at the [edit access pcrf partition partition-name] hierarchy level. Enable the session-stamp with the use-session-stamp option with the partition statement at the [edit access pcrf] hierarchy level.

  • Enhancement to commands to display reason for Routing Engine disconnect (MX Series)—Starting in Junos OS Release 18.4R3, several commands display the reason when the master and standby Routing Engines disconnect because of a memory mismatch error. On a chassis with two Routing Engines, a DRAM size mismatch error can result when both of the following are true:

    • The Routing Engines have different amounts of DRAM.

    • A 64-bit Junos OS image is loaded on the chassis.

    You can avoid this problem by doing either of the following:

    • Ensure that both Routing Engines have the same amount of DRAM.

    • Load a 32-bit image.

    The show database-replication summary and show system subscriber-management summary commands display the DRAM mismatch as the reason in the Disconnection field. The request chassis routing-engine master switch check command displays an error message if the DRAM size is different for the two Routing Engines.

  • Prevent queue-based throttling from stopping subscriber login (MX Series)—Starting in Junos OS Release 18.4R3, you can specify a value of 0 with the high-cos-queue-threshold statement. This value prevents any subscriber from being throttled by queue-based throttling.

  • XML output format change for test aaa type user commands (MX Series)—Starting in Junos OS Release 18.4R3, the XML output format changes for the test aaa authd-lite user, test aaa dhcp user, and test aaa ppp user commands. Each RADIUS server attribute name has an associated attribute value. Each of these pairs is now enclosed by the <radius-server-data> tag. The new tag makes it easier to recognize the name/value pairs, both for operators and API clients. You may have to change any scripts that use the XML output to work properly with the new format.

    [See AAA Testing and Troubleshooting.]

Release 18.4R2-S1 Changes in Behavior and Syntax

Software Defined Networking (SDN)

  • Increase in the maximum value of delegation-cleanup-timeout (MX Series)—You can now configure a maximum of 2147483647 seconds as the delegation cleanup time for a Path Computation Client (PCC). This extends the time taken by the PCC to retain the last provided path over a PCEP session from the last session down time.

    With the increase in maximum value of delegation-cleanup-timeout from 600 to 2147483647 seconds, you can benefit during a Path Computation Element (PCE) failover, or other network issues that may disrupt the PCEP session with the main active stateful PCE.

    [See delegation-cleanup-timeout.]

Release 18.4R2 Changes in Behavior and Syntax


  • Support for an VNI of zero—Starting with Release 18.4R2, Junos OS supports using a VXLAN Network Identifier (VNI)=0 when configuring a bridge domain or VLAN in an EVPN-VXLAN network.

  • Changes in encoding the ESI label field (MX Series)—Starting in 18.4R2, Junos OS switched from using lower-order bits to higher-order bits in encoding the ESI label field. This results in BUM traffic loss and duplication in traffic. If you encounter this, and you wish to use a mix of Junos OS releases, you must include the es-label-oldstyle statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy on the device that is running the Junos OS release that supports higher-order bit encoding of the ESI label.

  • Support for disabling automatic ESI generation (MX Series and QFX Series)—Starting with Junos OS Release 18.4R2, Junos OS supports disabling the automatic ESI generation for virtual gateway addresses. We recommend that you disable the automatic ESI generation for EVPN networks with edge-routed bridging to improve performance. To disable automatic ESI generation, include the no-auto-virtual-gateway-esi statement at the [edit interfaces name irb unit logical-unit-number] hierarchy level.

General Routing

  • User confirmation prompt for configuring the sub-options of request vmhost commands (MX Series and PTX series)—While configuring the following request vmhost commands, the CLI now prompts you to confirm a [yes,no] for the sub-options also.

    • request vmhost reboot

    • request vmhost poweroff

    • request vmhost halt

    In previous releases, the confirmation prompt was available for only the main options.

Interfaces and Chassis

  • Logical Interface is created along with physical Interface by default (MX Series routers)—In Junos OS Release 18.4R2 and later, logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces are created.

    For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), is displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.

  • New XML tag element <lacp-hold-up-state> added in show lacp interfaces XML display (MX Series)—In Junos OS Release 18.4R2, the show lacp interfaces | display xml command displays a new XML tag element <lacp-hold-up-state>. The <lacp-hold-up-state> displays the time interval before an interface changes state from down to up. In earlier Junos OS releases, the LACP hold-up the information for all interfaces was in a single <lacp-hold-up-information> XML tag. Now, the hold-up information for each interface is displayed in a separate <lacp-hold-up-information> XML tag.

  • Support for MAP-E de-encapsulation and decapsulation on inline service interfaces (MX2010)—In Junos OS Releases 18.2R3, 18.3R2, and 18.4R2, MX2010 routers support encapsulation and de-encapsulation of the following ICMP message types for inline service (si) interfaces:

    • Time exceeded (type 11)

    • Destination unreachable (type 3)

    • Source quench (type 4)

    • Parameter problem (type 12)

    • Address mask request and address mask reply (type 17 and type 18)

    • Redirect (type 5)

  • IRB not supported on pseudowire subscriber (PS) logical interface in bridge-domain (MX Series)—In Junos OS Releases 17.4R3, 18.1R4, 18.2R3, 18.3R2, and 18.4R2, Integrated routing and bridging (IRB) is not supported on Pseudowire Subscriber (PS) Logical Interface. Thus you cannot add an IRB to bridge domain with a pseudowire subscriber interface–that is, you cannot configure IRB and the pseudowire subscriber interface in the same bridge domain.

    Note that adding IRB to a bridge domain having a pseudowire subscriber logical interface causes kernel crash and continuous reboot of the router until the configuration is rolled back.


    IRB is not supported on pseudowire subscriber interfaces only in bridge domain.

    [See bridge-domain.]

  • In MX204 routers, error messages are logged when vlan-tagging for a trunk interface that is not configured. These error messages were previously logged with the severity level “critical” even though they were not critical enough to require immediate action. The maximum transmission unit (MTU) of interface with or without VLAN-tagging is now logged in as an informational error message (instead of an critical error message).


  • New debug statistics counter (MX Series)—The show system statistics mpls command has a new output field, called Packets dropped, over p2mp composite nexthop, to record the packet drops over composite point-to-multipoint next hops.

Operation, Administration, and Maintenance (OAM)

  • Performance monitoring history data is lost when a change in number of supported history records is detected (ACX Series and MX Series)—In Junos OS Release 18.4R2, when Ethernet connectivity fault management starts, it detects the number of history records supported by the existing performance monitoring history database if there is any change from the number of history records supported (that is, 12) in Release 18.4R2, then the existing performance monitoring history database is cleared and all performance monitoring sessions are restarted with mi-index 1.

Services Applications

  • New syslog message displayed during NAT port allocation error (MX Series Routers with MS MPC)—With address pooling paired (APP) enabled, an internal host is mapped to a particular NAT pool address. If all the ports under a NAT pool address are exhausted, further port allocation requests from the internal host results in a port allocation failure. The following new syslog message is displayed during such conditions:


    This syslog message is generated only once per NAT pool address.

  • Support for host-generated traffic on a GRE-over-GRE tunnel (MX Series)—In Junos  OS Release 18.4R2, you can send host-generated traffic on a GRE-over-GRE tunnel. However, when the path maximum transmission unit (path MTU) is updated for the outer GRE tunnel, MTU for the inner GRE tunnel is not corrected.

  • Deprecated IPsec manual security association option (MX Series)—In Junos Release 18.4R2 and later releases, the option hmac-sha2-256 under the services ipsec-vpn rule rule-name term term-name then manual direction (bidirectional | inbound | outbound) authentication algorithm statement is deprecated. Use the hmac-sha-256-128 option instead.

  • Change in error message displayed while fragmenting or de-fragmenting IPv6 GRE tunnel interface (MX Series routers)—In Junos OS Release 18.4R2, on an IPv6 GRE tunnel interface, when you enable fragmentation using the allow-fragmentation command or disable fragmentation using the do-not-fragment command, the following error message is displayed:

    Fragmentation for V6 tunnels is not supported

    In releases before Junos OS 18.4R2 release, the following message is displayed:

    dcd_config_ifl_tunnel: Fragmentation for V6 tunnels is not supported

Subscriber Management and Services

  • Out-of-address SNMP trap requires thresholds to be configured (MX Series)—Starting in Junos  OS Release 18.4R2, the behavior has changed for generating an out-of-address SNMP trap for an address pool configured at the [edit access address-assignment] or [edit routing-instance name address-assignment] hierarchy level. You must now configure both the high-utilization and abated-utilization thresholds. When the number of assigned addresses surpasses the high-utilization threshold, a high-utilization trap is generated. If all the addresses are assigned from the pool, an out-of-address trap is generated and an out-of-address syslog message is sent.

    In earlier releases, an out-of-address trap is generated when the address pool is exhausted, regardless of whether the thresholds are configured.

    If the number of assigned addresses subsequently drops below the abated-utilization threshold, an abate-high-utilization trap is generated; this behavior is unchanged.

  • Subscribers allowed to log in with bad framed route (MX Series)—Starting in Junos OS Release 18.4R2, users are allowed to log in if the framed route received from RADIUS is bad–for example, if the format is incorrect. In earlier releases, the subscriber is not allowed to log in. For customers that use multiple framed routes, the new behavior enables the subscriber to have partial access to the network using the routes that are accepted instead of not being allowed any access.

  • Changing attributes of physical interface with active subscribers (MX Series)—Starting in Junos OS Release 18.4R2, the commit check fails when you change any attribute of the physical interface, such as the MTU, when subscribers are active. This affects only aggregated Ethernet physical interfaces with targeted distribution configured. In earlier releases, the commit check does not fail and the attribute change brings down the physical interface and all subscribers using that interface.

  • ICMP error message rate limit increased (MX Series)—Starting in Junos OS Release 18.4R2, the maximum rate limit for generating ICMP messages for IPv4 and IPv6 packet errors is increased from 50 pps to 1000 pps. The rate limit applies only to non-TTL-expired packets.

Release 18.4R1 Changes in Behavior and Syntax

General Routing

  • Zero MAC address (00:00:00:00:00:00) treated as "my mac" (MX-Series)—When an Ethernet packet arrives in ingress, pre-classifier engine will perform a lookup of MAC address. If the MAC address matches an entry in the pre-classifier Ternary Content Addressable Memory (TCAM) and the entry has “my mac” attribute, pre-classifier engine will set the “my mac” bit in the cookie prepended to the incoming packet. In current implementation, MAC address “00:00:00:00:00:00” (zero MAC) is programmed as default value for “my mac” TCAM entries when the pre-allocated entries are not used or configured. Hence the packets with zero MAC are marked as “my mac” in the packet cookie. Forwarding engine will check “my mac” bit in the packet cookie. If “my mac” bit is 0, the packet will be dropped. If “my mac” bit is 1, further L2, L3, MPLS lookup will be performed. The “my mac” behavior is applicable since the day one release.

Interfaces and Chassis

  • New option to configure IP address to be used when the Routing Engine is the current master—Starting in Junos OS Release 18.4R1, a new option, master-only, is supported on routers with RE-MX-X6, RE-MX-X8, and RE-PTX-X8 Routing Engines at the following hierarchies:

    • [edit vmhost interfaces management-if interface (0|1) family inet address IPv4 address]

    • [edit vmhost interfaces management-if interface (0|1) family inet6 address IPv6 address]

    In routing platforms with dual Routing Engines and VM host support, the master-only option allows you to configure the IP address to be used for the VM host when the Routing Engine is the current master. The master Routing Engine and the backup Routing Engine can have independent host IP addresses configured. In earlier releases, same IP address would be applied on master and backup Routing Engines resulting in configuration issues.

  • TLV status for Layer 2 protocols (MX480)—Starting in Junos OS Release 18.4R1, the output fields Next-hop and vpls-status are displayed in the show interfaces interface name detail command, only for Layer 2 protocols on MX480 routers.

  • Enhanced AC PEM in high-line power configuration supplies 2400 W power (MX240)—Starting in Junos OS Release 18.4R1, on MX240 routers, the enhanced AC PEM in high-line power configuration provides a power output of 2400 W. On Junos OS versions prior to 18.4R1, the PEM provided only 2050 W of power output.

    [See show chassis power.]

  • Support for creating layer 2 logical interface independently (ACX Series, EX Series, MX Series, PTX Series, and QFX Series)—In Junos OS Releases 18.4R1, 18.4R2, and later, MX Series routers support creating Layer 2 logical interfaces independent of the Layer 2 routing-instance type. That is, you can configure and commit the Layer 2 logical interfaces separately and add the interfaces to the bridge domain or Ethernet VPN (EVPN) routing instance separately. Note that the Layer 2 logical interfaces work fine only when they are added to the bridge domain or EVPN routing instance.

    In earlier Junos OS releases, when you use a Layer 2 logical interface configuration (units with encapsulation vlan-bridge configuration), then you must add the logical interface as part of a bridge domain or EVPN routing instance for the commit to succeed.

  • Error message displayed due to configuration changes in live system—Starting in Junos OS Release 18.4R1, on MX Series routers with the RE-S-X6-64G and RE-MX2K-X8-64G Routing Engines, when you change the router configuration on a live system, or when you delete an interface that has active traffic, the message select: protocol failure in circuit setup is randomly displayed. However, there is no known functional impact.


  • Previously, when you configured zero (0) as the bandwidth of an RSVP interface, the bandwidth value was overwritten with the default interface bandwidth (raw hardware bandwidth), leading to unexpected behavior in the LSP setup. Starting with Junos OS Release 18.4R1, when you configure zero as the bandwidth, 0 is applied as the RSVP bandwidth.

    [See bandwidth (Protocols RSVP).]

  • Starting in Junos OS Release 18.4R1, the remote procedure call (RPC) protocol XML tag for mpls-label-value is renamed as mpls-history-label-value, mpls-usage-label-value, and mpls-label-id-value depending on the context of command usage.

  • Change in command syntax—Starting in Junos OS Release 18.4R1, the show ldp database label-requests command name is changed to show ldp database-label-requests with no change to command functionality.

  • Loss of traffic over bypass MPLS LSPs—If RSVP link or node protection is enabled along with global RSVP authentication, there is loss of traffic over bypass MPLS LSPs at the time of local repair, when the point of local repair (PLR) and the merge point devices have different versions of the Junos OS software installed on them. That is, one device is running a release prior to Junos OS Release 16.1, and the other device is running a release starting with Junos OS Release 16.1R4-S12.

Network Management and Monitoring

  • SSHD process authentication logs timestamp (MX Series)—Starting in Junos OS Release 18.4R1, the SSHD process authentication logs use only the time zone defined in the system time zone. In the earlier releases, the SSHD process authentication logs sometimes used the system time zone and the UTC time zone.

    [See Overview of Junos OS System Log Messages.]

  • SNMP customization configuration introduced (MX Series)—As of Junos OS Release 18.4R1, the CLI configuration command set snmp customization ether-stats-ifd-only is introduced. When ether-stats-ifd-only is configured, the show snmp mib walk etherstatsTable command displays data only for physical interfaces (IFDs).

    [See customization (SNMP).]

  • The NETCONF server omits warnings in RPC replies when the rfc-compliant statement is configured and the operation returns <ok/> (MX Series)—Starting in Junos OS Release 18.4R1, when you configure the rfc-compliant statement at the [edit system services netconf] hierarchy level to enforce certain behaviors by the NETCONF server, the server must not return an RPC reply that encloses both an <rpc-error> element and an <ok/> element. If the operation is successful, but the server reply would enclose one or more <rpc-error> elements of severity warning in addition to the <ok/> element, then the warnings are omitted. In earlier releases, or when the rfc-compliant statement is not configured, the NETCONF server might issue an RPC reply that encloses both an <rpc-error> element of severity warning and an <ok/> element.

  • Change in severity level of XQSS errors (MX Series)—Starting in Junos OS Release 18.4R1, on MX series routers with the MPC7E-10G, MPC7E-MRATE, MPC8E, and MPC9E line cards, the severity level of the following errors have been changed from Fatal to Major.



    With this change, the above errors no longer cause the entire FPC to go offline by default. Instead, these errors cause the affected Packet Forwarding Engine (PFE) to be disabled, because disable-pfe is the default action associated with Major errors on MX Series routers.

    Additionally, the severity level of the correctable error XQSS_CMERROR_CORRECTABLE_MEM_ERR has been changed from Fatal to Minor.

    You can use the commands show chassis errors active detail fpc-slot slot and show chassis fpc errors slot to view more details of, and the default actions associated with, these errors.

    [See show chassis fpc errors.]

Routing Protocols

  • BGP PIC determines MPLS fast reroute (FRR) using BPG multipath—Starting in Junos OS Release 18.4R1, when you configure BGP Prefix-Independent Convergence (PIC) with the protect-core statement, a forwarding route with an MPLS fast reroute (FRR) next hop is created using BGP multipath.

    In earlier releases, when the BGP PIC feature is configured, a backup path is determined using protocol-independent load balancing multipath and installed in the forwarding table as an active path, which might cause routing loops.

    We recommend that you update scripts that count active routes because BGP multipath contributors are also counted and the active route count goes up. We have also modified the output of the show route command to reflect this behavior change.

    [See Configuring BGP Prefix Independent Convergence for Inet.]


  • Syslog updated when configuring XPN cipher suite on a non-xpn supported interface (MX Series)—In Junos OS Release 18.4R1, on MX Series Routers, if you attempt to configure XPN cipher suite (gcm-aes-xpn-128 or gcm-aes-xpn-256) for a connectivity association and attach the connectivity association to an interface on the PIC that does not support XPN cipher suite, then during runtime, a syslog is logged as below (and default non-xpn cipher suite is used):

    macsec_ciphersuite_is_supported MACSec: ifd ifd_id (ifd_name), Cipher suite cipher id (cipher name) NOT SUPPORTED.

Software Defined Networking (SDN)

  • Installation or upgrade using remotely located installation package (MX480, MX960, MX2010, MX2020, MX2008)—While performing Junos installation or upgrade on the base system (BSYS) or guest network function, if you provide a URL to the remotely located installation package (for example, an ftp file) in the command request system software add package-file-path, the router locally copies the package, performs checks such as multi-version compatibility checks on the package, and then installs the package. The installation process is aborted if any errors are found during the checks. Previously, if you tried to perform installation or upgrade using a remotely located file, the router would skip multi-version checks and display an error message, but would not abort the installation process.

    [See Junos Node Slicing Upgrade]

Software Installation and Upgrade

  • ZTP is supported on MX PPC platforms (MX Series)—As of Junos OS Release 18.4R1, zero touch provisioning (ZTP) is supported on MX PPC platforms (which are MX5, MX10, MX40, MX80, and MX104 routers). Before the fix, the ZTP process did not start to load image and configuration for MX PPC routers.

    [See Junos OS Installation Package Names.]

Subscriber Management and Services

  • Flat-file service accounting support ends (MX Series)—Starting in Junos OS Release 18.4R1, flat-file service accounting to a local file is no longer supported. If included in a configuration, it is ignored.

    [See Flat-File Accounting Overview.]

Known Behavior

This section contains the known behavior, system maximums, and limitations in hardware and software in Junos OS Release 18.4R3 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • CFM is not supported for an L2-over-GRE tunnel. CCM can pass through as transit traffic through GRE interfaces transparently using the data path. Link trace functionality uses MAC-learning and re-injecting LTM on the GRE interfaces in case the bridge is configured with CFM. PR1275833

  • An underflow error is seen during FPC cold boot and initial traffic start cases. But these errors are limited and should not appear after traffic is stabilized. PR1306280

  • Support for enterprise profile is provided only for 10-Gigabit Ethernet interfaces. Use of 40-Gigabit Ethernet and 100-Gigabit Ethernet interfaces might result in a phase alignment issue. PR1310048

  • Inline JFlow vMX: InputInt field of MPLS-V4 data records report SNMP index value of LSI interface instead of ingress physical interface. PR1312047

  • When cmerror disables the Packet Forwarding Engine, it does not power off the EA and HCM chips. Temperature monitoring continues on the HMC and other devices, and the system can take proper actions, such as increasing the fan speed or shutting down the systems. PR1324070

  • The Routing Engine boots from the secondary disk when you:

    • Press the reset button on the RCB front panel while the Routing Engine is booting up but before Junos OS is up.

    • Upgrade software by booting from the network using the request vmhost reboot network command, and the system fails to boot from the network.

    • Upgrade BIOS and the upgrade fails.

    • Reboot, and the system hangs before Junos OS is up. PR1344342

  • The first packet pertaining to the J-Flow Packet Forwarding Engine sensor in UDP mode is missing after a line-card reboot. PR1344755

  • If MTU is configured to a value higher than 9500, which is the maximum permissible value, configuration succeeds. However, the actual value will be set back to 1518 without any error. DCD log can be checked to verify the occurrence. PR1372690

  • The MIC-MACSEC-20G MIC supports 10-Gbps speed through the set chassis fpc x pic y pic-mode 10-Gigabit configuration applied to both the PICs in that MIC. Other PIC mode configuration should be removed before you apply the 10G PIC mode configuration. PR1374680

  • IDS aggregate configuration statement is not considered for the installation of the IDS dynamic filter. PR1395316

  • Junos OS does not perform the VLAN ID check at the egress; the VLAN ID check is performed only at ingress. PR1403730

  • In Junos PTP deployment with the configured child logical interface in the PTP configuration and aggregated Ethernet in the interface configuration during Packet Forwarding Engine initialization, the Packet Forwarding Engine microcode is not able to find the correct output identifier of the outgoing interface to send the packet to and takes the host route path leading to congestion and bringing down the interfaces administratively. PR1412093

  • In a large-scale setup such as a large number of routing instances or interfaces, if there are frequent changes in configuration and interface flaps when the rpd is restarted because of logical-system deactivation or activation or through restart routing, the rpd might crash. PR1438049

  • Layer 2 TPv3 is not supported for flow caching and load balancing in RIOT code. RIOT I/O does not fully understand the header so only one worker thread is used. PR1468647

Forwarding and Sampling

  • LTS subscriber statistics are reported to RADIUS. PR1383354

  • In Junos OS Release 18.4R1 and Release 18.3R2, if an IPv4 prefix is added to a prefix list referred to by an IPv6 firewall filter, the following log message is not seen: Prefix-List [Block-Host] in Filter [Protect_V6] not having any relevant prefixes , Match [from prefix-list Block-Host] might be optimized . PR1395923

Interfaces and Chassis

  • During JDM installation, each JDM instance generates pseudorandom MAC addresses to be used for JDM's own management interface and for the associated GNFs' management interfaces. At the time of creation of GNFs, each GNF instance generates pseudorandom MAC addresses to be used as the chassis MAC address pool for the forwarding interfaces of that GNF. Once generated, JDM and GNF MAC addresses are persistent, and are deleted only when the JDM or GNF instance itself is deleted.

    At a GNF, the Junos OS CLI command show chassis mac-addresses can be used to examine its chassis MAC address pool, and the Junos OS CLI command show interfaces fxp0 can be used to examine the MAC address of its management interface.

    At JDM, the CLI command show interfaces jmgmt0 can be used to examine the MAC address of its management interface.

    In case of MAC address duplication across JDM or GNF instances, you must delete and then reinstall the respective JDM or GNF instance and check again for duplication.

  • In large-scale subscriber environment, changing an aggregated Ethernet member link configuration might cause two Routing Engines to generate core files. PR1375638

  • The two SFP+ ports on the Routing Control Board (RCB) of an MX2008 router have two port LEDs each—one Link Status LED and one Link Activity LED per port. On an MX2008 router, which is connected to an external x86 server in a Junos node slicing setup, behavior of these LEDs with regard to Junos Node Slicing configuration is as follows:

    • The Link Status LEDs and Link Activity LEDs on both the ports are unlit when Junos node slicing is disabled or not configured.

    • When you have configured network-slices on the router (also called base system or BSYS) but have not configured guest network functions (GNFs) on the server, the Link Status LED on each port turns green (steady glow). In this case, the Link Activity LED on each port is unlit.

    • When you have configured Junos node slicing (including GNFs), the Link Activity LED on each port is amber (blinking), while the Link Status LED on each port remains green (steady glow).

    • Error thrown when router configuration is updated on live system—In Junos OS Release 18.4R1, on MX Series routers with the RE-S-X6-64G and RE-MX2K-X8-64G Routing Engines, when you change the router configuration on a live system, or when you delete an interface that has active traffic, the message select: protocol failure in circuit setup is randomly displayed. However, there is no known functional impact.

Platform And Infrastructure

  • On all devices running Junos OS, execution of Python scripts through enhanced automation does not work on veriexec images. PR1334425

  • A few transient FI Cell underflow errors are normal during unified ISSU, but they should not persist. PR1353904

  • On QFX10000 and MX480 switches configured as type-5 route peers, when only peer 1 advertises routes, that peer might not install the de-encapsulated next-hop route. As a result, type-5 encapsulated traffic sent by peer 2 is dropped until peer 2 advertises any type-5 route. As a workaround, configure a static route pointing to discard on peer 2 and advertise that route as a type-5 route to peer 1. PR1386423

  • In some cases, pseudowire interfaces over a redundant logical tunnel (RLT) might be shown as up but they might not pass traffic. Log messages reporting ASIC errors and a chassis alarm reporting hard FPC errors may also be seen. PR1400269

Routing Protocols

  • When multiple adjacencies are coming up or flapping, some routes may not have remote LFA backup next hops. They will appear only after the next SPF trigger, either manually or as a result of a network event. PR1389392

Services Applications

  • The MS-DPC and MS-MPC service cards drop TCP-based DNS traffic when you use the junos-dns-tcp ALG. The junos-dns-alg is not not supported on the MS-DPC or MS-MPC service. PR1361021

Subscriber Management And Services

  • Before you make any changes to the underlying interface for a demux0 interface, you must ensure that no subscribers are currently present on that underlying interface. If any subscribers are present, you must remove them before you make changes.

  • For dual-stacked clients over the same PPP over L2TP LNS session, enhanced subscriber management does not support configurations where both of the following are true:

    • The CPE sends separate DHCPv6 solicit messages for the IA_NA and the IA_PD.

    • The solicit messages specify a type 2 or type 3 DUID (link-layer address).

    As a workaround, you must configure the CPE to send a single solicit message for both IA_NA and IA_PD when the other configuration elements are present.

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 18.4R3 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • Configuration of the hidden rate-limit-burst statement in the [edit class-of-service] hierarchy might lead to FPC core on the MX Series routers with TRIO chipset and channelized interfaces (DS3, E3, DS1, E1, and DS0). The internal interface attributes for the channelized interfaces are freed at an earlier point but packet forwarding engine accesses the memory that causes core dump. To avoid this issue, fix was added to de-reference only if the pointer is not null. PR1425667


  • The issue is applicable to MAC-in-MAC PNN-EVPN and does not affect any other scenario. When the provider backbone bridging (PBB) EVPN configuration is reloaded on MX Series routers, error logs are seen while deleting interfaces related to the backbone bridge component. These errors do not result in any functional issues. PR1323275

  • In an Ethernet Virtual Private Network-Virtual Extensible LAN core isolation scenario, the server is multi-homed to the leaf devices through LACP interfaces. If GR is enabled, upon system reboot or restart routing on the leaf device, the core isolation does not work. In the system reboot case, the issue results in the leaf device discarding silently the traffic sent from the server during the time window between LACP and BGP that are coming up. In the restart routing case, there might be no traffic drop because of the GR. PR1461795

  • In an Ethernet Virtual Private Network-Virtual Extensible LAN scenario with scaled bridge domains configured (for example, 4000 bridge domains), if the core-facing link on the VXLAN tunnel endpoint (VTEP) comes up (Down >> Up), the traffic received from the customer edge (CE) might be dropped by the VTEP for a period of time before it becomes normal. PR1408840

Forwarding and Sampling

  • The skip-service configuration does not work with IPv6 NDP negotiation or ping. PR1074853

  • Heap memory leaks occur on the DPC when the flow specification route is changed. PR1305977

  • On a Junos fusion, ingress policing on an SD is broken. For ingress policing on AD and SD, the set interfaces layer2-policer input-policer policer-name command is not supported in this release. PR1395217

  • For Junos OS Releases 18.4R1 and 18.3R2, if an IPv4 prefix is added to a prefix-list referenced by an IPv6 firewall filter, the following log message does not appear in this release: Prefix-List [Block-Host] in Filter [Protect_V6] not having any relevant prefixes , Match [from prefix-list Block-Host] might be optimized. PR1395923

  • Error of traffic does not get policied as expected after locally switched for VLAN 100 and 101, while verifying the selective local-switching functionality with 4000 VLANs. PR1436343

  • After routing is restarted, the remote mask (indicating from which remote PE devices MAC-IP entries are learned), which the routing daemon sends, might be different from the existing remote mask that the Layer 2 learning daemon had prior to restart. This causes a mismatch between the Layer 2 learning and the routing daemon’s interpretation as to where the MAC-IP entries are learnt, which can be local or remote, leading to the mac-ip table being out of synchronization. PR1452990

General Routing

  • The nexthop attribute in a framed route is not applicable anymore. Because the subscriber’s IP address is used as the next hop in all cases, there is no need to have an additional nexthop attribute for framed routes. PR1186046

  • On all Junos OS platforms, when DHCP relay is configured with forward only and DHCP client is terminated on logical tunnel interface that multiple logical interfaces under this lt- interface have same VLAN. The DHCP relay might fail to send OFFER messages. PR1471161

  • New AE member interface is installed in FIB when micro BFD session down for static LAG. PR1474300

  • Core files are generated in clksyncd_validate_gcfg () at ../../../../../src/junos/usr.sbin/clksyncd/clksyncd_gencfg.c:1418. PR1472643

  • When dynamic list next hop is referenced by more than 1 route, it could result in an early delete of the next hop from kernel, thereby observing nhindex as 0 ("Next hop type: Dynamic List, Next hop index: 0" in the show route command). This would not result in crash, but an early delete from kernel. As a workaround restart the routing. This would solve the issue and NH index would be reassigned properly. PR1477140

  • Commit script does not apply changes in private mode unless a commit full is performed. PR1465171

  • IPv6 accounting stop attributes are not correct for the MLPPP subscribers. PR1455175

  • You cannot collect shmlog entries and statistics on MX5, MX10, or MX40 platforms. The code changes also include improvements that should prevent the generation of shmlogctl process core files due to a timing issue. PR1297818

  • If a Layer 3 interface is receiving a GRE-encapsulated packet and the interface has two filters attached at ingress as follows: any with action as mirror. inet with action as decapsulate gre, then the expected behavior is that the mirrored copy must have the GRE headers as well. However, that is not working as expected (and is a bug) due to the presence of the family inet filter. If you are interested in mirroring the entire packet that came on the interface, which includes the GRE header as well, then as a workaround you can deactivate or disable the decapsulate gre action of the filter. PR1090854

  • ALG-SIP64: SIP session fails when the IPv4 SIP client in public network initiates a SIP call with the IPv6 SIP client in the private network. PR1139008

  • On Junos OS Release 16.2R1 and later, if commit statement is executed after commit check statement, the daemon (for example, dhcpd and sampled) might not be started even the related configuration is successfully committed. PR1468119

  • On the MX104 device, core file is generated in clksyncd_validate_gcfg () at ../../../../../src/junos/usr.sbin/clksyncd/clksyncd_gencfg.c:1418. PR1471466

  • The following core file is generated VMCORE-/../src/junos/bsd/sys/netjsr/jsr_prl.c:2128. PR1472519

  • During a Routing Engine switchover (without NSR), the l2cpd process might report a slip (delay) of 1–10 seconds in its scheduled run, and the following log message might be displayed: Aug 1 10:41:21 mx9601 l2cpd[32770]: JTASK_SCHED_SLIP: 8 sec scheduler slip, user: 0 sec 2180 usec, system: 0 sec, 2188 usec. This delayed run has no functionality nor operational effect on any of the Layer 2 protocols controlled by l2cpd because the STP task delegates transmit/receive BPDUs to a separate dedicated ppmd process, and the LLDP task's transmit/receive PDUs are dealt with the daemon itself but the advertisement interval is 30 seconds, with the hold timer for the neighbors' LLDP PDU being 120 seconds. Thus, the time to recover the few seconds of delay is plenty and enough to absorb the delay. PR1203977

  • In a BGP or an MPLS scenario, if the next-hop type of the label route is indirect, then the following changing events related to the family mpls configuration of the next-hop interface might cause the route to be in dead state, and the route remains dead even when the family mpls configuration is again activated.

    • Deactivating and activating the family mpls configuration.

    • Deleting and adding back the interface's family mpls configuration.

    • Changing the maximum-labels setting for the next-hop interface.

    • When a labeled route is resolved over an interface, that interface must have family mpls configured for the route to be successfully resolved. Otherwise the route does not get resolved. PR1242589

  • The following cosmetic error is observed as the output: mspmand[190]: msvcs_session_send: Plugin id 3 not present in the svc chain for session. Please open a JTAC case to confirm. PR1258970

  • If a VM host snapshot is taken on the alternate disk and there is no further VM host software image upgrade, the expectation is that if the current VM host image gets corrupted, the system will boot from the alternate disk so that the user can recover the primary disk to restore the state. However, if the host root file system is corrupted, the node boots with the previous VM host software instead of booting from the alternate disk. PR1281554

  • The following error message is observed while testing with the Junos OS Release 17.4R1-S3.3 image: Jun 16 08:17:17 banaswadi rpd[51849]: Error creating dynamic logical interface from sub-unit 1051592: Device busy Jun 16 08:17:17 banaswadi rpd[51849]: Error creating dynamic logical interface from sub-unit 1051593: Device busy error message: rpd[51849]: Error creating dynamic logical interface from sub-unit 1051680: Device busy. PR1286042

  • In some MX Series deployments running Junos OS, the following random syslog messages are observed for FPCs: fpcx ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM - xxx left. These messages might not have a service impact. These messages are addressed as INFO level messages. On a Packet Forwarding Engine, there are dedicated UMEM and shared GUMEM memory blocks. This informational message indicates some evicting events between UMEN and GUMEN and can be safely ignored. PR1298161

  • The show dynamic-tunnels database summary command does not show accurate tunnels summary during the time the anchor Packet Forwarding Engine line card is not in up state. Use the following commands as a workaround: show dynamic-tunnels database and show dynamic-tunnels database terse. PR1314763

  • As a vendor does not use chained CNH, using the feature does not bring in a lot of gain because TCNH is based on an ingress rewrite premise. Without this feature, things work just fine. PR1318984

  • In JDM that is running on the secondary server, the jdmd daemon might generate core files if adding an image for the GNF is aborted by pressing CTRL-C. PR1321803

  • With regard to FPC restarts or Virtual Chassis splits, the design of MX Series Virtual Chassis infra relies on the integrity of the TCP connections, and the reactions to failure situations might not be handled in a graceful way. TCP connection timeout because of jlock hog crossing the boundary value (5 seconds) causes bad consequences in the MX Series Virtual Chassis. Currently, there are no other easy solutions that can reduce this jlock hog other than enabling the marker infra in the MX Series Virtual Chassis setup. Unfortunately, there is no immediate plan on enabling marker as it was causing a lot of issues in the MX Series Virtual Chassis when we tried to enable it. PR1332765

  • The first packet pertaining to the J-Flow Packet Forwarding Engine sensor in UDP mode is missing after a line-card reboot. PR1344755

  • With graceful Routing Engine switchover (GRES) enabled in a subscriber environment, if subscribers are logging in and logging out very quickly, the service sessions in the session database of the backup Routing Engine sessions might be leaked. If the problem is not detected for long enough, the backup Routing Engine might not be able to synchronize with the master Routing Engine and thus will not be ready for GRES. PR1346300

  • Backup Routing Engine might crash after ten consecutive GRES occurrences. PR1348806

  • During a unified ISSU that warrants host upgrade, if the router is configured with 8 million IPv4 or IPv6 routes or more, upgrade might fail, resulting in FPC restart. PR1348825

  • In some cases, online insertion and removal (OIR) of a MIC on an FPC can lead to silent discarding of traffic that was destined to the MPC. The only way to recover from this situation is to restart the MPC. The issue is not seen if you use the corresponding CLI commands to take the MIC offline and then bring it back online. PR1350103

  • The EX9253 and MX10003 switch does not support interface ranges for channelized interfaces. You need to configure the interfaces individually. PR1350635

  • During stress conditions, error log messages regarding addition, modification, or deletion of routes might be incorrect. PR1350713

  • If an aggregated Ethernet interface is configured with link-protection backup-state down, the AE operational state of the interface is still up even though the member interfaces configured under the aggregated interface are down. This issue is specific to the link-protection backup-state down configuration for the aggregated Ethernet interface. PR1354686

  • The configurations of bridging routing instances that has aggregated Ethernet logical interfaces (6400 logical interfaces) and IRB instances, all from a single FPC, the CPU utilization of the FPC stays at 100 percent for 4 minutes. PR1359286

  • In rare circumstances, a faulty SFP transceiver installed in an MX104 might cause the FEB associated with MX104 devices to be offline. The backup Routing Engine and the fan tray generate alarms. PR1360426

  • Syslog is updated when the user tries to configure an XPN cipher over a non-XPN supported line card such as MIC-MACSEC-20G even though the commit is successful. PR1367722

  • When an FPC is booting up (either during unified ISSU or router reboot or FPC restart), I2C timeout errors for the SFP transceiver is noticed. These errors occur because the I2C action is not completed as the device was busy. After the line card is up and all the I2C transactions to the device are all right, no periodic failure is observed. There is no functional impact and these errors can be ignored. PR1369382

  • I/O session used for communicating between threads is freed due to FSM state transition. After freeing the memory, the fields of the I/O session are used for tracing, which leads to the generation of rpd core files. PR1374759

  • Continuous display of log messages on the MPC console indicates the presence of a faulty SFP or SFP+ transceiver, which is causing an I2C transaction from the main board CPU. There is no software recovery available for this situation. The following logs also indicate potential I2C transaction failure with any of the 10 ports available with Gigabit Ethernet MIC with 256b-AES MACsec in PIC 0 resulting in unexpected behaviors such as link not coming up or the MIC itself not booting up on restart: I2C Failed device: group 0xa0 address 0x70Failed to enable PCA9548(0x70):grp(0xa0)->channel(0)mic_sfp_select_link:MIC(0/0) - Failed to enable PCA9548 channel, PCA9548 unit:0, channel ID: 0, SFP link: 0mic_sfp_id_read: Failed to select link 0 Only way to recover from these failures is to detect & replace faulty SFP/SFP+ plugged into the GMIC2 ports. PR1375674

  • On MX Series, few 10-Gigabit Ethernet (xe-) interfaces go down with the following error message: if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840

  • Commit should not be allowed if we try to delete the physical-cores configuration statement. However, there is no functional impact. PR1384014

  • In low-end 32-bit systems, rpd has a lower level of available memory. We need a log message to alert the user when the average memory usage or transient memory usage exceeds thresholds. PR1387465

  • On an MX Series device enabled with enhanced subscriber management, if the filter service is enabled for each subscriber, and there is a large scale of Broadband Edge (BBE) subscribers (for example, 10,000) logging in and out repeatedly, the FPC might crash due to this rare issue. PR1388120

  • The FPC might restart if the commit with fpc max-queues are changed before the FPC is fully online or offline. PR1388487

  • The virtio throughput remains the same for multiqueue and single-queue deployments. PR1389338

  • If the persist-groups-inheritance statement is configured when you try to add additional sites to an existing group and routing-instance configuration, errors might be observed leading to failure to commit after issuing commit check. PR1391668

  • On MX2008 routers with MPC9E, in a line-rate traffic with a redundant SFB2 scenario, if you take one redundant SFB2 offline, there might be tail drops or sometimes WRED drops in the MPC9E, resulting in partial traffic loss. Under normal circumstances, the SFBs should automatically fail over if one of the SFBs fails, and there should be only a few packets dropped momentarily. PR1395591

  • The interface link stays down when we deactivate and then activate the channelized xe- (10-Gigabit Ethernet) interface configured with speed 1-Gbps speed (when using QSA adaptor) on MX10008 (JNP10K-LC2101 MPC) with line-rate traffic flowing. As a workaround, we need to take the MIC offline and then bring it online to recover the link; this is a known issue. PR1397202

  • The CLI command show system firmware might provide an unexpected output on some MX Series platforms such as the MX104. The current version might be displayed as ?? instead of the correct version number. PR1398022

  • Router is advertising the ESMC QL of PRC even though the current clock status is holdover. PR1398129

  • The $junos-framed-route-ipv6-address-prefix variable for programming IPv6 routes is permitted only under the routing-options rib access configuration. PR 1384523 changed the code to avoid the incorrect mixing of IPv4 and IPv6 framed routes in the same configuration and force the v6 framed routes to be parsed only if they were in their correct routing-options rib access stanza. Additionally, runtime warnings for invalid configuration IPv6 framed routes configuration were added in PR 1388737.PR1401144

  • 1-Gigabit configuration mode is not a unified ISSU-supported configuration on the MX10003 router. If that configuration is present on the MX10003 box, then the user has to remove that configuration before attempting unified ISSU. Otherwise the 1-Gigabit Ethernet configurations does not behave as expected after unified ISSU and traffic loss can be expected. Currently, there is no warning or error message alerting the customer about the issue. This is applicable on MX10003 platform only. PR1405527

  • On MX150, the log severity level changes. PR1411846

  • A small number of tunneled subscribers might be terminated during unified ISSU because of momentary loss of IP connectivity between the LAC and LNS devices. PR1414928

  • After powering on the MPC JNP10K-LC2101 chassis, 1345 mV through 1348mV voltage for about 20 seconds are read and this gets stabilized to 1493mV. During this period, the FPC x Voltage Tolerance Exceeded major alarm is reported. PR1415671

  • In some scenarios with PTP hybrid mode and MPC5E, the log message Resetting the Playback Engine is continuously issued. The Playback Engine resides inside MPC5E FPGA and it is responsible for maintaining the corresponding PTP states. PR1420335

  • After changing the power feeds to either turn off or turn on, the show chassis power output does not match the real condition, and incorrect syslog information is recorded. PR1420571

  • If HTTP Header Enrichment function is used, the traffic throughput decreases when traffic passes through Header Enrichment. PR1420894

  • On all platforms running Junos OS, when the file system gets into full state and there is not enough spare disk space, a problematic system condition might arise in some corner case while doing configuration commit. After that, if consecutive commits are still done in such a problematic status, commit-check failure logs might be seen eventually. Due to this issue, some processes might not run even if those are configured. PR1423500

  • On MX480, multiple interfaces on a specific FPC go down after baseline profile configuration verification. PR1437221

  • On the MPC7E, MPC8E, and MPC9E cards, egress stream flush failure and silent dropping of traffic might occur in a rare occasion for a repeatedly flapping link. PR1441816

  • Establishing a BGP session over the GRE tunnel fails when the router receives the BGP packets encapsulated as GRE and uses the firewall filter action to de-capsulate the GRE header. PR1443238

  • Subscriber access facing FPC's CPU utilization remains 100% for 5–6 minutes after making changes to the service firewall filter configuration. PR1447003

  • On the Junos fusion environment, intermediate traffic drop is seen between Aggregation device and Satellite device when sFlow is enabled on the ingress interface. This is not seen always. When sFlow is enabled, the original packet is getting corrupted for those packets that hit the sFlow filter. This is because few packets transmitted from the egress of AD1 are short of FCS (4 bytes) + 2 bytes of datas, due to which the drops occur. It is seen that the normal data packets are of size 128 bytes (4 bytes FCS + 14 bytes Ethernet header + 20 bytes IP header + 90 bytes data), while the corrupted packet is 122 byte (14 bytes Ethernet header + 20 byte IP header + 88 bytes data). PR1450373

  • When you use the replace pattern command to replace the name in the apply-group, the mgd crashes. PR1452136

  • Changing VLAN manipulation configuration on vMX running with SR-IOV and vlan-offload enabled leads to complete traffic loss on that physical interface. PR1453950

  • When you edit a command and run the command from CLI command history, the timestamp might not appear. PR1454387

High Availability and Resiliency

  • If you perform GRES with the interface em0 (or fxp0) disabled on the master Routing Engine, when you enable the interface on the new backup Routing Engine, you might not be able to access the network. PR1372087


  • When there is a high route churn or a high rate of route updates being pushed to the kernel, the display of the show interface command output might be delayed or the output might not show all. PR1250328

  • On the MX devices, the following messages are seen during FTP: ftpd[14105]: bl_init: connect failed for `/var/run/blacklistd.sock' (No such file or directory). PR1315605

  • When Junos OS is running as a VM on Linux and QEMU hypervisor, the Junos OS might become nonresponsive trying to acquire the SMP IPI lock while rebooting. PR1359339

  • When the 32-bit Routing Engine memory exhausts, it causes the kernel to crash. PR1378313

Interfaces and Chassis

  • Out-of-sequence packets are seen with LSQ interfaces. PR1258258

  • Upgrading Junos OS Release 14.2R5 and later maintenance releases and Junos OS Release 16.1 and later mainline releases with CFM configuration might cause the cfmd process to crash after the upgrade. This is because of the old version of /var/db/cfm.db. PR1281073

  • Commit error is not thrown when member link is added to multiple aggregation group with different interface specific options. When member interface added to bundle with both ether and gig-ether interface specific options, gig-ether option takes precedence over ether options. PR1475634

  • On EVPN active or active software design, disabling the ESI logical interface might affect the designated forwarder election of EVPN when this IFD physical logical interface has ESI configured. In such configuration, disabling the ESI logical interface, type-1 routes (AD/EVI and AD/ES) are not generated from this PE. With ESI configured at IFD level, as one of the logical interface in the IFD is down, DF election cannot occur for the ESI. Also, AD/EVI and AD/ESI routes are deleted. The following warning message upon commit appears, where this configuration might cause DF ellection issues and undesired unicast/BUM traffic drop: DCD_PARSE_CFG_WARNING: aex.y : Disabling the IFL may affect the Designated Forwarder election of EVPN when IFD is having ESI configured. PR1467855

  • In MX Series Virtual chassis, flooding of the following error message can be seen with LACP-enabled aggregated Ethernet interfaces on MPC7, MPC8, and MPC9: CHASSISD_CONFIG_ACCESS_ERROR: pic_parse_ifname: Check fpc rnage failed. The errors have an impact only for DWDM PICs, which does not affect these MPCs. Hence, this syslog message can be safely suppressed. PR1349277

  • The following error message is observed in some cases: ppman_cfm_start_inline_adj: Failed to add Inline adj for CFM, pkt-len=0. However, there is no functional impact. Sessions or adjacency would get programmed inline subsequently. PR1358236

  • With ppp-service traceoptions configured as user@router> show configuration protocols ppp-service traceoptions file jtac-jpppd.log size 1g files 10; level all; flag all; filter {user {"";} }, it is expected to see only PPP negotiation events belonging to the subscriber defined in the filter section. However, in releases affected by this issue, several stings of logs related to other (noninterested) subscribers might be seen. PR1370994

  • LFM sessions toward scaled peers might flap during the switchover phase of a unified ISSU. PR1377761

  • If an aggregated Ethernet (ae-) interface has VRRP configuration, in the following use cases, member logical interfaces are not created after the member physical interface comes up and the ae- interface is in down state:

    1. FPC restart (request chassis fpc restart slot <>).

    2. Chassis-control restart (restart chassis-control).

    3. Reboot both Routing Engine (request system reboot both-routing-engines).

    So, before performing these operations, it is advisable to remove the VRRP configuration from the aggregated Ethernet interface. PR1429045

Layer 2 Ethernet Services

  • On MX Series devices, if a static demux interface is configured over an underlying interface, after subscriber logout, the accounting statistics are not cleared. PR1383265

  • PPPoE dual-stack having stale DHCPv6 PD addresses in the SDB causing DHCPv6 binding fails because of the presence or duplicate addresess. PR1466125


  • With nonstop active routing (NSR), when the rpd restarts on the master Routing Engine, the rpd on the backup Routing Engine might also restart. PR1282369

  • In the following topology, the ingress MX10k3 MPLS generates core files DUT MX104 RI with vt interface p2mp lsp branch. After re-configuring (delete/add) on DUT and subsequent switch overs (NSR/GRES) and LSP flaps due to the LSP being stuck into the incorrect state while flipping VT- to LSI- configuration. PR1454987

  • While setting LSP BW constraint and signalling LSP, the remaining BW can be less than expected like in the following example does not allow further reservation through this link: user@router> show rsvp interface RSVP interface: 2 active Active Subscr- Static Available Reserved Highwater Interface State resv iption BW BW BW mark et-0/1/0.0 Up 1 90% 100Gbps 4.99999Gbps 85Gbps 90Gbps <<<<<<. So, if you try to signal a new LSP with BW 5G through this link it fails. PR1458527

  • In case of CSPF-disabled LSPs, if the primary path of the Explicit Route Object is changed to an unreachable strict hop, sometimes the primary path stays up with the old Explicit Route Object. The LSP does not switch to standby secondary. PR1284138

  • For an SR-TE path with "0" explicit NULL as the innermost label, the SR-TE path does not get installed with the label "0". PR1287354

  • Root XML tag in the output has been changed from rsvp-pop-and-fwd-info to rsvp-pop-and-fwd-information to be consistent with the XML tag convention. PR1365940

  • On devices running Junos OS, with transit chaining mode enabled, if RSVP link/node protection is enabled and sensor-based-stats is used, a single-hop bypass label-switched path (LSP) next hop might not be installed in the forwarding information base (FIB) even it is in the routing information base (RIB). Hence the single-hop bypass LSP might fail to forward traffic when needed. PR1401152

  • With NSR enabled, when the master rpd is restarted, occasionally, out-of-order add and delete messages can arrive on the backup Routing Engine, causing label assignment that can result in rpd crash on the backup Routing Engine. PR1401813

  • On MX Series platforms, in MPLS Layer 2 circuit or Layer 2 VPN with FAT (Flow-Aware Transport of Pseudowires) Flow Labels scenario, the flow label is not pushed when the chained-composite-next-hop ingress l2ckt/l2vpn configuration is enabled. The issue results in load-balancing problems for the Layer 2 circuit or Layer 2 VPN service. PR1439453

  • After configuring the credibility, the new credibility preference value is stored internally and is not considered by the CSPF module. If the previous traffic-engineering credibility-protocol-preference configuration was deleted or if you configure traffic-engineering credibility-protocol-preference under another protocol---for example, IS-IS. PR1460283

Network Management and Monitoring

  • The SNMP cold start trap might be observed after the Routing Engine switchover. PR1461839

Platform and Infrastructure

  • In configurations with IRB interfaces, during times of interface deletion (for example, FPC reboot), the Packet Forwarding Engine might log errors stating nh_ucast_change:291Referenced l2ifl not found. This condition should be transient, with the system re-converging on the expected state. PR1054798

  • In NTP with the boot-server scenario, when the router or switch boots, the NTP daemon will send a ntpdate request to poll the configured NTP boot-server to determine the local date and time. If the ntpdate is not be activated correctly while the device booting, the ntpdate might not work successfully. Then the system time might not get updated with the configured NTP boot-server. PR1463622

  • An accuracy issue occurs with three-color policers of both types single-rate and two-rate, in which the policer rate and burst-size combination of the policer accuracy vary. This issue is present starting in Junos OS Release 11.4 on all platforms that use MX Series ASIC. PR1307882

  • With Junos OS Release 17.3R3 on MX Series, on moving from the baseline configuration to an EVPN scaled (4000 VLANs) configuration with multihoming, the newly elected designated forwarder might take up to 90 seconds to resume forwarding BUM traffic. The time required for convergence is proportional to the scale used, so a lower scale incurs a smaller dark window. Workaround for faster convergence with high scale: Distributing the configuration across several FPCs can potentially bring down the BUM traffic drop from 90 seconds to a significantly lower value. PR1362934

  • There are multiple failures when events such as node reboots, ICL flaps, and ICCP flaps occur. Even with enhanced convergence configured, there is no guarantee that subsecond convergence will be achieved. PR1371493

  • In some cases, pseudowire interfaces over redundant logical tunnels (RLT) might be shown as up but they might not pass traffic. Log messages reporting an ASIC error and a chassis alarm reporting hard FPC errors may also be seen. PR1400269

  • In some cases, the status bit of the RPF next hop appears as disabled when it should have been enabled. The trigger for the issue is not known yet. PR1404240

  • On MX Series routers with MS-MPCs, when the MPC restarts or the routing-instance type is changed (for example, virtual-router to vrf), or RD is changed, the traffic from a group VPN tunnel to an MPLS-over-UDP tunnel might fail to get decrypted on the MS-MPC, causing complete service loss. PR1422242

  • On all platforms running Junos OS, with NSR enabled, the BGP session with a hold time of 6 seconds or smaller flaps if the backup Routing Engine is powered off ungracefully. PR1428518

  • The heap memory usage increases during the subscribers flap test and new subscribers fails to login after multiple iterations of the subscribers flap test. PR1442770

  • A dual Routing Engine Junos node slicing GNF with no GRES configured and with system internet-options no-tcp-reset drop-all-tcp configured could enter dual backup Routing Engine state upon manual GNF Routing Engine mastership switchover attempt with the request chassis routing-engine master [acquire|release|switch] command from either of the two GNF configurations. PR1456565

Routing Protocols

  • In rare cases, the rpd might generate a core file with the error rt_notbest_sanity: Path selection failure on .... The core file is soft, which means there should be no impact to traffic or routing protocols. PR946415

  • Cosmetic and expected logs are observed. These logs are not harmful and have no functional impact, it simply shows the state of PIM register messages. PR1371431

  • When interoperating with other vendors in a draft-rosen multicast VPN, by default Junos OS attaches a route target to multicast distribution tree (MDT) subsequent address family identifier (SAFI) network layer reachability information (NLRI) route advertisements. But some vendors do not support attaching route targets to the MDT-SAFI route advertisements. In this case, the MDT-SAFI route advertisement without route-target extended communities will be excluded from propagating if the BGP route target filtering is enabled on a device running Junos OS. Note that draft-rosen-idr-rtc-no-rt has been created in IETF to document this issue and carry the proposed fix through standards. PR993870

  • In both GR helper and GR restarter scenarios, BFD down packets are not immediately sent. It might cause an issue where BGP session down is notified before the BFD is down. PR1432440

  • Junos OS shows an obsolete session description in the output of show route multicast extensive for several multicast registry addresses. PR1022288

  • JTASK_SCHED_SLIP for rpd might be seen when you perform restart routing or ospf protocol disable with scaled BGP routes on an MX104 router. PR1203979

  • Certain BGP traceoption flags (for example, open, update, and keepalive) might result in (trace) logging of debugging messages that do not fall within the specified traceoption category, which results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294

  • LDP OSPF are in the in-sync state and the reason observed for this is IGP interface down with LDP synchronization enabled for OSPF. user@host> show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt P2P, Address:, Mask:, MTU: 9100, Cost: 1050Adj count: 1Hello: 10, Dead: 40, ReXmit: 2, Not StubAuth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTCProtection type: NoneTopology default (ID 0) -> Cost: 1050LDP sync state: in sync, for: 00:04:03, reason: IGP interface downconfig holdtime: infinity. According to the current analysis, IGP interface down is observed as the reason because although LDP notified OSPF that LDP synchronization was achieved, OSPF was not able to take note of the LDP synchronization notification because the OSPF neighbor was not up yet. PR1256434

  • In rare cases, RIP replication might fail as a result of performing NSR Routing Engine switchovers when the system is not NSR ready. PR1310149

  • The rpd might crash and generate core files if distributed IGMP (Internet Group Management Protocol) is configured. PR1314679

  • BGP I/O threading was added in Junos OS Release 16.1R1 whereby BGP writes were batched to improve efficiency. This might sometimes lead to some latency in sending BGP updates while reacting to certain network events. PR1332301

  • When 32,000 SR-TE policies are configured at once, scheduler slips might occur during the configuration. PR1339829

  • There are scenarios where an application allocates and caches next-hop templates. This causes the next-hop template cache to grow continuously. But when the application clears its local cache, memory is freed to the next-hop template cache. But the next-hop template cache does not have the code to shrink the cache and free memory back. So the next-hop template memory is trapped in the cache and cannot be used for other purposes. But if the same BGP routes and next-hops come up again, they will reuse the templates from the cache and not consume additional memory. PR1346984

  • SCP command with routing option (-JU) is not supported. PR1364825

  • It is possible for a GNF with rosen6 multicast to display stuck KRT queue entries after recovery from a dual Routing Engine reboot at the BSYS. PR1367849

  • At scale, a GNF with PS over RLT and multiple MPCs might show BFD flap at recovery. PR1386574

  • On all devices running Junos OS, with GRES and nonstop routing (NSR) enabled, if Routing Engine switchover is executed, the Border Gateway Protocol (BGP) peers in the new master Routing Engine might flap due to hold-timer expiry after GRES. PR1390113

  • It is possible that under certain scenarios when the legacy-redirect-ip-action configuration of the existing BGP routes advertised might not be refreshed. Because of this, the routes might still contain communities not aligned with the configured legacy-redirect-ip-action option. Clear routes as described in workaround. PR1396787

  • Users that replace simple VLAN interfaces with PS over RTL might notice an increase in FPC CPU usage. This is in keeping with the increased processing and resources needed to support these types of interfaces, which are similar in this regard to that of an aggregated Ethernet interface. PR1396925

  • When the multicast-only fast reroute (MoFRR) feature is used in a scaled environment (in terms of number of routes and next hops), the actual convergence of multicast traffic might reach hundreds of milliseconds because of suboptimal handling of MoFRR forwarding states at the Packet Forwarding Engine level. PR1399457

  • Change in route selection process: when you want to select the better route between a non-BGP and BGP route, if you are at Step 7 of the route selection process ( general/routing-protocols-address-representation.html), then the BGP route is always the better one. PR1415468

  • An aggregate route with BGP contributing routes may flap in some scenarios as expected The reasons is, by default, the aggregate route carries some BGP attributes such as, AS-PATH, originator, and cluster. The aggregate route inherits those attributes from active contributing routes. If one or a few contributing routes are added, deleted, or changed, while other contributing routes are still stable, the aggregate route might refresh because its attributes were changed. If this aggregate route is exported into BGP, a BGP update will be sent to a downstream router with updated attributes, causing a service impact. See: Understanding Route AggregationPR1457955

Services Applications

  • MX L2TP LTS fails to forward the agentCircuitId and agentRemoteId AVP received from the LAC toward the LNS.

Subscriber Access Management

  • The authd reuses address too quickly before jdhcpd can completely clean up the old subscriber that is flooding with the following error log: :jdhcpd: %USER-3-DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add as it is already used by 1815. PR1402653

User Interface and Configuration

  • Test configuration /config/rescue.conf.gz fails commit check for a dynamic profile when a subscriber is active. PR1376689

  • Even though the applied nested apply-groups is deleted, the logical interface under the nested groups is not removed. PR1427962


  • Core is observed due to a double free of a label. The issue occurs in BGP-based VPLS setup where BGP has a RR configuration due to which, the BGP-VPLS label routes are exported into the bgp.l2vpn table. PR1379621

Resolved Issues

Learn which issues were resolved in Junos OS main and maintenance releases for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 18.4R3

Application Layer Gateways (ALGs)

  • SIP messages that need to be fragmented might be dropped by SIP ALG. PR1475031

Class of Service (CoS)

  • CoS is incorrectly applied on the Packet Forwarding Engine, leading to egress traffic drop. PR1329141

  • Unexpected traffic loss might be seen in certain conditions under Fusion environment scenario. PR1472083

  • MX10008 and MX100016 might generate cosd core files after executing the commit or commit check statement if the policy-map configuration is set. PR1475508

  • The host-inbound packets might be dropped when you configure the host-outbound FC. PR1428144

  • The dfwd crash is observed with forwarding-class configuration in policers. PR1436894


  • Unexpected next-hop operation error from kernel to l2ald in a Layer 2 gateway during the MAC movement operation is observed. PR1430764

  • Incorrect MAC count with show evpn/bridge statistics output is observed. PR1432293

  • Asynchronous between ARP table and Ethernet switching table occurs if EVPN ESI link flaps multiple times. PR1435306

  • EVPN/MPLS IRB logical interface might not come up when the local Layer 2 interface is down. PR1436207

  • Configuring ESI on a single-homed 25-Gigabit Ethernet port might not work. PR1438227

  • On EVPN/VXLAN setup, the specific source ports of UDP packets are dropped. PR1441047

  • Restarting Layer 2 learning might cause some remote MAC addresses to move into forwarding dead state. PR1441565

  • Traffic drop might be observed in an EVPN Layer 3 gateway scenario. PR1442319

  • On MX Series platform, the core-isolation feature does not work after setting and then deleting the no-core-isolation statement. This feature can be enabled after restarting rpd. PR1442973

  • The EVPN Type-2 routes might not be advertised properly in logical systems. PR1443798

  • The localhost address is not present in the EVPN database and the mac-ip-table table. PR1443933

  • The bridge mac-table age timer does not expire for rbeb interfaces. PR1453203

  • Instance type is changed from VPLS to EVPN, which results in loss of packet. PR1455973

  • ARP request or NS might be sent back to the local segment by the DF router. PR1459830

  • Traffic received from VTEP gets dropped if the VNI value used for Type-5 routes is greater than 65,535. PR1461860

  • rpd might crash with EVPN-related configuration changes in a static VXLAN to MPLS stitching scenario. PR1467309

Forwarding and Sampling

  • More information to the firewall flexible match syntax are needed. PR1389103

  • On Junos OS platforms, the l2ald process might observe memory leak.PR1455034

  • The SRRD might crash when memory corruption occurs. PR1414568

  • EVPN enhancement for MAC flush mechanism in Junos OS. PR1421018

  • DT_BNG: rt-delay-threshold can be set below one second. However, rt-marker-interval is limited to one second. PR1425544

  • Type 1 ESI/AD route might not be generated locally on EVPN PE in the all-active mode. PR1464778

  • Enable interface with input or output VLAN maps to be added to a routing instance configured with a VLAN ID or VLAN tags with the virtual-switch instance type and VPLS protocol. PR1433542

  • High CPU utilization of l2ald is observed after replacing the EVPN configuration. PR1446568

  • On MX204, input/output counters of an aggregated Ethernet bundle or member links configured on nondefault logical systems are not updated. PR1446762

  • JDI-RCT:M/MX: ARP packets are dropped by the Packet Forwarding Engine after chassis-control restarts in the MX Series chassis. PR1450928

  • On the PTX Series or TVP platforms, the pfed might crash and might not be able to come up. PR1452363

  • Commit error and dfwd core files might be observed when you apply a firewall filter with the then traffic-class or then dscp action. PR1452435

  • With the MX Series devices, the following logs are seen: L2ALD_MAC_IP_LIMIT_REACHED_IF: Limit on learned MAC+IP bindings reached for .local.1048605; current count is 1024 PR1462642

  • An output bandwidth-percent policer with logical-bandwidth-policer applied to an aggregated Ethernet bundle along with an output-traffic-control-profile has an incorrect effective policing rate. PR1466698

General Routing

  • Load balancing is uneven across aggregate Ethernet member links when the aggregated Ethernet bundle is part of an equal cost multipath (ECMP) path. The member links needs to span Virtual Chassis members. PR1255542

  • DHCP-server: RADIUS given mask is being reversed. PR1474097

  • A hierarchical-scheduler must not be configured on a ps interface. PR1470049

  • UID might not be released properly in some scenario after service session deactivation. PR1188434

  • Need to change the default parameters for resource-monitor rtt-parameters. PR1407021

  • The physical interface of aggregated Ethernet might take time to come up after disabling or enabling it. PR1465302

  • The interfaces on MPC-3D-16XGE-SFPP card does not get created after upgrading the system to Junos OS Release 18.1 and later. PR1471429

  • Service accounting statistics does not get updated after making change to the firewall filters. PR1472334

  • SDB goes down very frequently if the reauthenticate lease-renewal statement is enabled for DHCP. PR1473063

  • QSA adapter lane 0 port might be also brought down when disabling one of the other lanes. PR1474231

  • clksyncd core file is generated after performing GRES. PR1474987

  • The RADIUS accounting updates of service session have incorrect statistics of data. PR1475729

  • On NATT scenario the IKE version 2, IPsec tunnel might flap if the tunnel initiator is not behind NAT. PR1477483

  • On MPC2E-NG, MPC3E-NG, MPC5, MPC6, MPC7, MPC8, and MPC9, the Packet Forwarding Engine might be disabled due to major error. PR1478028

  • MX2000 CB 19.44MHz clock failure is fatal and must trigger a CB switchover. PR1463169

  • The show system subscriber-management summary command to include failure reason for standby disconnect when primary and back Routing Engine memories do not match. PR1422976

  • The show subscriber extensive command incorrectly displays the DNS (Domain Name Server) address provided to DHCP clients. PR1457949

  • The filter service might fail to get installed for the subscriber in a scaled BBE scenario. PR1374248

  • Interface with Tri Rate Copper SFP (P/N:740-013111) in MIC 3D 20x 1GE(LAN)-E,SFP stops forwarding traffic after the ISSU. PR1379398

  • The high-cos-queue-threshold range is changed to [uint 0 .. 90;]. PR1390424

  • FPC might reboot on vMX in subscriber scenario. PR1393660

  • Layer 3 gateway does not update the ARP entries if IP or MAC quickly move from one router to another router in an EVPN-VXLAN environment. PR1395685

  • The PPPoE subscribers are unable to reconnect after FPC reboots. PR1397628

  • The traffic might be always taking the backup path even though the primary path is available in a BGP-PIC scenario. PR1401322

  • The rpd might crash or duplicated routes might be seen when you change the configuration with BGP multipath and flapping routes. PR1406070

  • When inline J-Flow is used, FPC crashes and slows convergence upon HMC fatal error condition. PR1407506

  • The configuration database might not be unlocked automatically if the related user session is disconnected when the commit operation is in progress. PR1410322

  • Slow SNMP response time on entityMIB might be seen in the fully loaded setup with many SFPs. PR1411062

  • Parity error might cause FPC alarm. PR1411610

  • J-Flow: Need to reduce maximum flow table size when you use flex-flow-sizing. PR1413513

  • The DHCP or DHCPv6 subscribers might fail to establish sessions on PowerPC-based MX Series platforms. PR1414333

  • The PTX1000, PTX10002, or QFX10002 might stop forwarding packets after the chassis-control process restarts. PR1414434

  • The JSU package installation might fail. PR1417345

  • The rpd process might crash when you restart the device or deactivate the logical system. PR1418192

  • SPC3 storage and hard disc error log messages are observed. PR1420800

  • Certain JNP10008-SF and JNP10016-SF manufactured between July 2018 and March 2019 might have incorrect core voltage settings. The issue can be corrected by reprogramming the core voltage and updating the setting in NVRAM memory. PR1420864

  • MX Series LNS might fail to forward the traffic on the subscriber access route. PR1421314

  • After the control plane event, a few IPsec tunnels fail to send traffic through the tunnel. PR1421843

  • RPT_REG_SERVICES: RPM syslogs are not get generated after deactivating the aggregate interface. PR1421934

  • The size of the RSI on VM host platforms is bloated by log files. PR1422354

  • On MX Series platforms, issuing the show forwarding-options load-balance .. command might cause a Packet Forwarding Edge wedge after a certain number of attempts (fewer than 200 in test), if the destination-address statement of the command matches the default route with the discard action. This is because a defect code causing internal flow errors is involved in that scenario. PR1422464

  • The XML output might be not hierarchically structured when you run the show security group-vpn member ipsec statistics command. PR1422496

  • Ports might get incorrectly channelized if they are channelized to 10-Gbps and they are again channelized to 10 Gbps. PR1423496

  • The PTP asymmetry change needs PTP bouncing. PR1423860

  • The system does not reboot or halt as configured when disk error is encountered. PR1424187

  • The rpd keeps crashing after the configuration is changed. PR1424819

  • Interface with FEC disabled might flap after Routing Engine mastership switchover. PR1425211

  • The mspmand process might crash and restart with a mspmand core file that is created after committing a change to deactivate and activate the service set. PR1425405

  • On MX204 or MX10003, MPC reboot or Routing Engine mastership switchover might occur. PR1426120

  • Some CFM and BFD sessions might flap while collecting the MPLS statistics. PR1426727

  • The decoding of telemetry data at collector might not be proper if you configure the sensors. PR1426871

  • ENTITY MIB has incorrect containedIn values for some fixed MPCs with built-in PICs. PR1427305

  • Rebooting or halting VC member might cause the RTG link to go down for 30 seconds. PR1427500

  • When broadband edge PPPoE and DHCP subscribers coming up over Junos fusion satellite ports are active, the commit full and commit synchornization full commands fail. PR1427647

  • On MX Series platforms, the PPP sessions does not work properly. PR1428212

  • global-mac-limit and global-mac-ip-limit might allow more entries than the configured values. PR1428572

  • On an MX10003 platform, fabric drops might be seen when two FPCs come online together. PR1428854

  • Incorrect IGMP interface is countered for dynamic PPP interfaces. PR1429018

  • The emitted XML is INVALID message is thrown for show virtual-network-functions. PR1429090

  • The aggregated Ethernet interface does not come up after rebooting the FPC or device even though the physical member link is up. PR1429917

  • Protect core configured router might send IPFIX sampling packets with the wrong next-hop information. PR1430244

  • On MX10008 and MX100016, performance degradation is observed for about 20 seconds after fabric board is taken offline. PR1430739

  • On MX204, MX10003, or EX9251, disabling the DAC QSFP port might not work. PR1430921

  • Traceoptions file exceeds the configured file size limit as the file keeps on growing. PR1431033

  • Inline LSQ might not work when it is configured on the same FPC where MIC-3D-16CHE1-T1 is slotted. PR1431069

  • Error might be observed when using a script to load the configuration. PR1431198

  • The l2cpd process might crash and generate a core file when interfaces flap. PR1431355

  • The SIB Link Error error detected on a specific Packet Forwarding Engine might cause a complete service impact. PR1431592

  • Dual Stack Subscriber Accounting Statistics are not baselined when one stack logs out. PR1432163

  • Traffic might be sent on the standby link of an aggregated Ethernet bundle and might drop when LACP fast-failover is enabled. PR1432449

  • Changing to in-use parameterized filter prefix list might result in bbe-smgd core on backup Routing Engine. PR1432655

  • Output traffic statistics might be incorrect with Routing Engine generated traffic. PR1432724

  • Traffic is dropped if sa-multicast is in the configuration. PR1433306

  • jvision-firewall: Collected service statistic are all 0 after ISSU for MPC2. PR1433589

  • Lawful intercept for subscriber might not get activated by RADIUS access-accept. PR1433911

  • MX URLF: Need to support URL case sensitivity. PR1434004

  • On MX10003-LC2103, the syslog message Wrong PLUGGABLE ID 17 is observed. PR1434183

  • When the policy is removed, the rpd generates core files during route flash. PR1434243

  • Packet Forwarding Engine memory leak might be seen if MLPPP links are flapped. PR1434980

  • Micro-BFD session might flap upon inserting a QSFP transceiver in another. PR1435221

  • DHCPv6 advertisement to client might use an incorrect destination MAC address. PR1435694

  • Total number of packets mirrored after adding the DTCP trigger and DTCP enable is not in the expected range while verifying traffic on the mirror port after DTCP drop policy is enabled. PR1435736

  • The MPC7, MPC8, MPC9, MX10003 MPC, EX9200-12QS, and EX9200-40XS line cards might crash in a scaling setup. PR1435744

  • The mc-ae interface might get stuck in the waiting state in a dual mc-ae scenario. PR1435874

  • The local route in the secondary routing table gets stuck in the KRT. PR1436080

  • The ifHCInOctets counter on an aggregated Ethernet interface becomes zero when snmp mib walk is executed. PR1436201

  • It is observed that FRU insertion SNMP trap is sent. PR1436212

  • The static PPP/PPPoE subscribers are stuck in the init state permanently and the following error message might be displayed: Failed to create client session, err=SDB data corrupted. PR1436350

  • Subscriber interim statistic might reset to zero and idle-timeout does not work in the MX Series Virtual Chassis setup. PR1436419

  • MX10003 is not reachable after downgrading from a higher Junos OS version. PR1436832

  • The CPU utilization on a daemon might be around 100% or the backup Routing Engine might crash in rare conditions. PR1437762

  • LNS router might send the router-advertisement packet with NULL source link-layer option field. PR1437847

  • The chassisd might crash after enabling hash-key. PR1437855

  • The rpd might generate core files during router boot up due to a file pointer issue as there are two code paths that can close the file. PR1438597

  • Subscriber flows might not be synchronized between aggregated Ethernet members on MX Series Virtual Chassis. PR1438621

  • The FPC might crash when the Packet Forwarding Engine memory is exhausted. PR1439012

  • The are incorrect values in JUNIPER-TIMING-NOTFNS-MIB. PR1439025

  • FPC on Virtual Chassis backup router might reboot in a an MX Series Virtual Chassis scenario. PR1439170

  • The vlan all interface all configuration does not work as expected under VSTP. PR1439583

  • When a group is applied at a non-root level, updating statements inside the group does not update the hierarchies. PR1439805

  • The bbe-smgd core files are observed after every restart. PR1439905

  • CoS-related errors are observed and subscribers are not able to get the service. PR1440381

  • CPU or interface might not get responsive on a particular 100-Gigabit Ethernet port. PR1440526

  • DHCP offers packet toward IRB over LT interface that gets dropped in the DHCP relay environment. PR1440696

  • The Layer 2 dynamic VLAN might be missed when an interface is added or removed for an aggregated Ethernet interface. PR1440872

  • The ports of the EX Series device might stay in the up state even if the EX46XX or QFX51XX series device reboots. PR1441035

  • For a route that is received through EBGP, the AIGP value might not be considered as expected. PR1441438

  • The rpd might crash or consume full utilization of CPU after flapping routes. PR1441550

  • The newly added OID calculates the buffer utilization where inactive memory is not considered as free memory. PR1441680

  • On a PTX Series or QFX Series device, the aggregated Ethernet outgoing traffic might be dropped after making changes to the aggregated Ethernet interface configuration. PR1441772

  • The SNMP trap for removal is observed twice if the FRU is removed. PR1441857

  • The packets originating from the IRB interface might get dropped in a VPLS scenario. PR1442121

  • The chassisd is unable to power off a faulty FPC after a Routing Engine switchover leading to a chassisd restart loop. PR1442138

  • The operational status of the interface in hardware and software might be out of synchronization in an EVPN setup with the proxy ARP feature enabled. PR1442310

  • In the enhanced-ip or enhanced-ethernet mode with DCU (destination-class-usage) accounting enabled, MS-DPC might drop all the traffic that should exit the aggregated Ethernet interface. PR1442527

  • EVENT UpDown interface logs are partially collected in the syslog messages. PR1442542

  • Different formats of the B4 addresses might be observed in the SERVICES_PORT_BLOCK_ALLOC/RELEASE/ACTIVE log messages. PR1442552

  • Few Path Computation Element Protocol (PCEP) logs are marked as error even though they are not an error. The severity of those logs are corrected as INFO. PR1442598

  • The interface might go into admin down state after the FPC restarts with PTP configuration enabled. PR1442665

  • DHCPv6 client might fail to get an IP address. PR1442867

  • The kmd process might crash and restart with a kmd core file generated if there is a change in the IP address of the NAT mapping for the IPsec-VPN remote peer. PR1444183

  • On MX204 platforms, GRE packets that are larger than the MTU gets dropped when sampling is enabled on the egress interface. PR1444186

  • High CPU utilization might be observed for eventd along with error logs. PR1444462

  • Inline-keepalive might stop working for LNS subscribers if the routing-services statement is enabled. PR1444696

  • Routing Engine-generated jumbo frames might get dropped. PR1444963

  • Access route might be stuck in bbe-smgd and the rpd does not get cleared. PR1445155

  • The cpcdd process might crash continuously if the captive-portal-content-delivery service is activated for a dual-stack PPPoE/DHCPv6 subscriber. PR1445382

  • Detached LACP member link makes the LACP state as enabled in the Packet Forwarding Engine when switchover occurs due to device reboot. PR1445428

  • The 1-Gigabit Ethernet interface on MX204 might stay down after the device reboots. PR1445508

  • The l2ald might crash when the FPC restarts. PR1445720

  • The mspmand process might crash if URL filtering is configured and one blacklisted domain name is a substring of another blacklisted domain name in URL filter database file. PR1445751

  • The jdhcpd process might crash after issuing the show access-security router-advertisement-guard command. PR1446034

  • The MX Series device rewrites the HTTPS request with the destination port as 80 when converged CPCD is used. PR1446085

  • The static route for NAT might never come up if service interface switchover occurs when the interface has NAT and graceful restart configured. PR1446267

  • The rpd process might crash when it is terminated immediately after it has started. PR1446320

  • Accurate statistics might not include packets forwarded during the last two seconds before subscriber termination. PR1446546

  • NAT service set in certain scale might fail to get programmed. PR1446931

  • All MPCs-based on Trinity chipset might crash and restart during ISSU with large-scale logical interfaces. PR1446993

  • The J-Flow version 5 stops working after changing the input rate value. PR1446996

  • The rpd process might crash if BGP is activated or deactivated multiple times. PR1448325

  • The vehostd application fails to set minor alarm. PR1448413

  • Interface attributes might cause high CPU usage of dcd. PR1448858

  • FPC reboots is being taken offline when PIC-0. PR1449067

  • The DHCP relay feature might not work as expected when helpers bootp is configured. PR1449201

  • Increase in the maximum value of delegation-cleanup-timeout is observed. PR1449468

  • Changing the hostname triggers LSP on-change notification and not an adjacency on-change notification. Additionally, IS-IS sends the hostname instead of the system ID in the OC paths. PR1449837

  • The No localhost ifl for rtt 65535 message is seen on an MX Series device running Junos OS enhanced subscriber management feature. PR1450057

  • Interfaces might flap forever after deleting the interface disable configuration. PR1450263

  • VLAN configuration changes with l2ald restart might cause kernel synchronization issues and might impact forwarding. PR1450832

  • JNP10K-LC2101: FPC generates the Voltage Tolerance Exceeded major alarm for EA_chip_2V5 sensors. PR1451011

  • Configuring a new burst size under traffic-control-profile does not have any effect. PR1451033

  • Main chassisd thread at a JNS GNF might experience stalls upon GNF SNMP polling for hardware-related OIDs. PR1451215

  • IPsec SNMP: SNMP query for IPsec decrypted or enrypted packets does not fetch right values and the following error message is observed: KMD_SNMP_FATAL_ERROR PR1451324

  • FPC core files might be seen after changing the configuration of PTP or Synchronous Ethernet. PR1451950

  • Error dropped packets are observed on MQ/XM-based MPC cards even though there is no traffic flowing through the system. PR1451958

  • PLL errors might be seen after FPC reboots or restarts. PR1452604

  • Framing errors and packet loss might be seen when high-throughput traffic passes through a MACsec-enabled device. PR1452851

  • Incorrect output in how snmp mib walk jnxTimingNotfnsMIB.3 is observed. PR1453436

  • PTP is out of synchronization when HWDB is not accessible during initialization. PR1453531

  • On MX10003 platform, alarms are not sent to syslog. PR1453533

  • Delay in freeing processed defragments buffers leads to prolonged flow control and could lead to crash. PR1453811

  • The ANCP interface-set QoS adjusts might not be processed. PR1453826

  • ANCP subscriber information gets lost after the daemon restarts. PR1453837

  • The FPC might crash when the severity of error is modified. PR1453871

  • On the MX204, RADIUS interim accounting statistics are not populated. PR1454541

  • The 100-Gigabit Ethernet interfaces might not come up again after going down on MPC3E-NG. PR1454595

  • The access request for a Layer 2 BSA port might not be retransmitted if the RADIUS server is unreachable. PR1454975

  • JNS/GNF: CRAFTD logs fatal errors along with junk characters in syslog upon its startup and exits after four startup attempts. PR1454985

  • SmiHelperd process is not initialized in Junos OS PPC releases. PR1455667

  • Device chooses incorrect source address for locally originated IPv6 packets in a routing instance when destination address is reachable through a static route with the next-table statement. PR1455893

  • There is high temperature from the show chassis environment output after MPC4E is inserted in slot 5. PR1456457

  • The invoke-on and display xml rpc options in a command result in unexpected multiple RPC commands. PR1456578

  • The bbe-statsd process continuously crashes if any parameter is set to zero in the mx_large.xml file. PR1457257

  • The default value of 2^32 replay-window size results in framing errors at an average of one in 2^32 frames received. PR1457555

  • The chassisd process and all FPCs might restart after Routing Engine switchovers. PR1457657

  • The subscriber routes are not cleared from the backup Routing Engine when the session aborts. PR1458369

  • Subscribers are unable to log in after activating more than two million multicast subscribers. PR1458419

  • The correct VoIP VLAN information in LLDP-MED packets might not be sent after committing if dynamic VoIP VLAN assignment is used. PR1458559

  • The FPC X major errors alarm might be raised after committing the PTP configuration change. PR1458581

  • The traffic might get stuck on MS-MPC or MS-MIC with sessions receiving a huge number of affinity packets. PR1459306

  • The following error message might be seen after restarting the chassisd: create_pseudos: unable to create interface device for pip0 (File exists) PR1459373

  • Telemetry streaming of mandatory TLV 'ttl' learned from LLDP neighbor is not available. PR1459441

  • The traffic might be silently discarded during link recovery in an open Ethernet access ring with configured ERPS. PR1459446

  • In an MC-LAG scenario, traffic destined to VRRP virtual MAC gets dropped. PR1459692

  • Silent dropping of traffic upon interface flaps after DRD auto-recovery. PR1459698

  • The PPTP does not work with destination NAT. PR1460027

  • If VLAN offload is configured on the vMX platform, input-vlan-map might not work. PR1460544

  • IPv6 prefix might be hidden when received over an IPv4 BGP session. PR1460786

  • The ppman thread starvation with PTP or Synchronous Ethernet is not configured properly. PR1461031

  • bbe-smgd core files might be seen when all RADIUS servers are unreachable. PR1461340

  • Traffic might be impacted because the fabric hardening is stuck. PR1461356

  • In an EVPN scenario, memory leak might be observed when proxy-macip-advertisement is configured. PR1461677

  • The repd core files are generated during system boot up. PR1461796

  • Memory leak causes bbe-statsd and bbe-smgd to crash. PR1461821

  • CHASSISD_SNMP_TRAP6: SNMP trap generates the following error message when both DIP switches and the power switch are turned off: Power Supply failed PR1462065

  • On MX204, RADIUS interim accounting statistics are not populated. PR1462325

  • On certain MX Series platform, an interface might get stuck in the down state. PR1463015

  • The subscribers might not pass traffic after making some changes to the dynamic-profiles filter. PR1463420

  • The MPC2E-NG and MPC3E-NG line cards with specific MICs might crash after a high rate of interface flaps. PR1463859

  • On MX Series platforms with MS-MIC or MS-MPC, the mspmand might crash when a stateful firewall and RPC ALG are used. PR1464020

  • The IPoE subscriber route installation might fail. PR1464344

  • Observed following error bbe-smgd-core (0x000000000088488c in bbe_autoconf_delete_vlan_session_only (session_id=918) at ../../../../../../src/junos/usr.sbin/bbe-svcs/smd/plugins/autoconf/bbe_autoconf_plugin.c:3115). PR1464371

  • The PPP IPv6CP might fail if the routing-services statement is enabled. PR1464415

  • The CPU utilization on the mgd process might be stuck at 100% after the NETCONF session is interrupted by flapping the interface. PR1464439

  • The HSL2 error occurs when the MS-MIC is taken offline and brought back online multiple times. PR1464477

  • The PPPoE session gets in the terminated state and the accounting stops for the session, which is delayed. PR1464804

  • MPC5E or MPC6E might crash due to internal thread hogging the CPU. PR1464820

  • On MPC7, MPC8, and MPC9, WO packet error and FPC major alarm are observed when reassembling the small fragments. PR1465490

  • NGRE: Internal ixlv1 interface are not up after the PXE/network is installed. PR1465547

  • MS-MPC/MIC might generate core files due to the mspmand race conditions and DNS sinkhole. PR1466567

  • The PPPoE subscribers become nonresponsive due to the PPPoE inline keepalives. PR1467125

  • Layer 2 wholesale are not forwarding all the client requests with stacked VLAN. PR1467468

  • The rpd might crash after making several changes to the flow-spec routes. PR1467838

  • DNS sinkhole: Crypto code might cause high CPU utilization. PR1467874

  • Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435

  • Memory leak on l2cpd process might lead to l2cpd crash. PR1469635

  • SNMP interface MIB stops working for PPPoE clients. PR1470664


  • The duplex status of the management interface might not be updated in the output of the show command. PR1427233

  • The operations on the console might not work if the system ports console log-out-on-disconnect statement is configured. PR1433224

  • The scheduled tasks might not be executed if the cron daemon goes down without restart automatically. PR1463802

Interfaces and Chassis

  • Unrelated aggregated Ethernet interfaces might go down if committing configuration changes. PR1409535

  • MX Series Virtual Chassis ISSU is not supported when redundant logical tunnel (RLT) is configured. PR1411729

  • Executing commit might become unresponsive due to the stuck dcd process. PR1470622

  • The demux interfaces might be brought down after changing the MTU of the underlying et-interface. PR1424770

  • Upgrade from pre Junos OS Release 17.4R1 release results in cfmd core files. PR1425804

  • The NCP session might be brought down after IPCP Configure-Reject is sent. PR1431038

  • VRRP mastership might flap when the tracked route is deleted or the tracked interface goes down. PR1432361

  • In an MX Series platform where PPPoE is used, the router might not send LCP Termination-Request or LCP Terminate-Ack. PR1433489

  • Mixed link-speed aggregated Ethernet bundle is not able to add a new subinterface successfully. PR1437929

  • Targeted distribution for static demux interface over an aggregate Ethernet interface does not take the correct LACP link status into consideration when choosing primary and backup links. PR1439257

  • The number of mgd processes increases as the mgd processes are not closed properly. PR1439440

  • The cfmd process might crash after a restart in Junos OS Release 17.1R1 and later. PR1443353

  • Need to enhance adding or deleting of a single VLAN in vlan-id-list under family bridge interface. PR1443536

  • When the logical interface is associated to a routing instance inside an LR is removed from the routing instance, the logical interface is not added to the default routing instance. PR1444131

  • The OAM CCM messages are sent with single-tagged VLAN even when configuring with two VLANs. PR1445926

  • Continuous VRRP state transition, that is, VRRP master or backup flapping, is observed when one device drops the VRRP packets. PR1446390

  • In the MX-VC on MX10003 senario, the MX Series Virtual Chassis is not able to connect to the newly installed Routing Engine from other Routing Engines. PR1446418

  • Initiating a Routing-Engine switchover on a VRRP backup router through a CLI command might cause the VRRP state for aggregated Ethernet bundle interface transitions to the Master state even configured with protocols vrrp delegate-processing ae-irb statement, then very shortly afterward to backup again. PR1447028

  • The l2ald might fail to update composite NH. PR1447693

  • The ifinfo daemon might crash on the execution of the show interface extensive command. PR1448090

  • Interface descriptions might be missing under logical systems CLI. PR1449673

  • Dual VRRP mastership might be seen after an ungraceful Routing Engine switchover. PR1450652

  • LACP daemon crashes continuously. PR1450978

  • The severity level log might be flooded when QSFP-100GE-DWDM2 is inserted. PR1453919

  • The CFM UP MEP session might get stuck in the failed state in the scenario of CFM UP MEP over Layer 2 VPN or Layer 2 circuit service. PR1454187

  • The VRRP traffic loss is longer than one second for some backup groups after performing GRES. PR1454895

  • Mismatched MTU value causes the RLT interface to flap. PR1457460

  • Need two knobs for EOAM CFM interoperability between MX10003 and Ciena CPE. PR1465608

  • The MIC Error code: 0x1b0002 alarm might not be cleared for a MIC on MPC5E when the voltage returns to normal. PR1467712


  • Some error messages might be seen when you use J-Web. PR1446081

Junos Fusion Provider Edge

  • In Junos fusion environment, incorrect power values for extended optical ports are observed. PR1412781

  • The sdpd process might continuously crash if there are more than 12 cascade ports configured to a satellite device. PR1437387

  • The aggregated Ethernet interface might flap whenever a new logical interface is added to it. PR1441869

Layer 2 Features

  • LSI interface might not be created that causes remote MACs not being learned with the following error log: RPD_KRT_Q_RETRIES: ifl iff add: Device busy PR1295664

  • VPLS neighbors might stay in the down state after changing the configuration in vlan-id. PR1428862

  • After disabling and enabling the aggregate interface, the next-hop of CE-facing aggregate interface might be in a wrong state. PR1436714

  • In a Virtual Chassis scenario, traffic drop might be seen when one Virtual Chassis member reboots and rejoins the Virtual Chassis. PR1453430

Layer 2 Ethernet Services

  • JDI-RCT:BBE:DHCP subscribers on a nondefault routing instance goes down after ISSU. PR1420982

  • The DHCP DECLINE packets are not forwarded to the DHCP server when forward-only is set within dhcp-reply. PR1429456

  • DHCP request might get dropped in a DHCP relay scenario. PR1435039

  • The jdhcpd process might go into an infinite loop and cause full utilization of CPU. PR1442222

  • On MX10008 and MX10016 platforms, the dhcp-relay statement might not work. PR1447323

  • Some additional information can be provided in DHCPv6 option 17. This option can be in SOLICIT or REQUEST messages. BNG should relay the information from this option to RADIUS servers in the ACCESS REQUEST message in the attribute 26-207. PR1448100

  • PPPoE holding DHCPv6 prefix causes DHCPv6 binding failure due to a duplicate prefix. PR1453464

  • DHCP subscriber might not come online after rebooting the router. PR1458150

  • DHCP packet might not be processed correctly if DHCP option 82 is configured. PR1459925

  • The ISSU might fail during subscriber inflight login. PR1465964


  • Stale LSPs might exist if the primary LSP goes down immediately after bypass LSP. PR1242558

  • The FPC might get stuck in the ready state after changing the configuration that removes RSVP and triggers FPC restart. PR1359087

  • The rpd crash might be seen after committing operations that could affect the RSVP ingress routes. PR1471281

  • A device might use the local-computed path for the PCE-controlled LSPs after the link o node fails. PR1465902

  • The rpd might restart after an MPLS LSP flap if no-cspf and fast-reroute are configured in an LSR ingress router. PR1368177

  • The traffic might be discarded silently after the LACP time outs. PR1452866

  • RSVP LSP might get stuck in the down state in an OSPF Multiarea topology. PR1417931

  • On the MX2010, continuous rpd core file are generated at l2ckt_alloc_label, l2ckt_standby_assign_label, and l2ckt_intf_change_process in the new backup during GRES. PR1427539

  • The LDP might withdraw a label for an FEC once the IGP route is inactive in inet.0. PR1428843

  • SRLG entry shows uknown after removing it from the configuration in the show mpls lsp extensive or show mpls srlg output. PR1433287

  • The P2MP LSP branch traffic might be dropped for a while when the sender PE switch overs. PR1435014

  • Traffic loss might be seen after the LDP session flaps rapidly. PR1436119

  • The rpd might crash after executing the ping mpls ldp command. PR1436373

  • The LDP route and LDP output label are not shown in the inet.3 table and LDP database, respectively, if you enable the OSPF rib-group. PR1442135

  • LINX:lsi intf/Layer 2 Virtual Chassis goes down on one router in a VPLS domain althrough the MPLS path is still available in inet.3. Reason shows as MPLS label out of range. PR1442495

  • The backup LSP path messages are rejected if the bypass tunnel path is an inter-area LSP. PR1442789

  • RSVP Path message with long refresh interval is dropped between Junos pre-16.1 and 16.1+ nodes. PR1443811

  • P2MP LSP might get stuck in the down state after link flaps. PR1444111

  • The rpd memory leak might be seen when the interdomain RSVP LSP is in the down state. PR1445024

  • Silent discarding of traffic might occur if two consecutive PLRs along the LSP perform local repair simultaneously under certain misconfigured conditions. PR1445994

  • On an MX Series device, the transit packets might be dropped if an LSP is added or changed. PR1447170

  • Traffic drop might be seen after traceoption configuration is committed in an RSVP P2MP scenario. PR1447480

  • The LDP route timer resets when committing unrelated configuration changes. PR1451157

  • High CPU usage and rpd core files might be observed if ldp track-igp-metric is configured and an IGP metric is changed. PR1460292

Network Address Translation (NAT)

  • The nsd process might crash when SNMP queries deterministic NAT pool information. PR1436775

Network Management and Monitoring

  • On MX10000, jail socket errors are reported. PR1442176

  • Incorrect error messages might be observed for the hrProcessorFrwID object. PR1446675

Platform and Infrastructure

  • A nested filter used by multiple filters in the same filter list causes FPCs to crash continuously. PR1357531

  • Modifying the REST configuration might cause the system to become unresponsive PR1461021

  • On all MX Series platforms, LACP DDOS policer is incorrectly triggered by other protocol’s traffic. PR1409626

  • FPC crash might be observed with scaled subscribers login attempts. PR1409879

  • Error logs might be observed after performing ISSU. PR1412463

  • Packet drops, replication failure, or ksyncd crashes might be observed on the logical system of a device running Junos OS after a Routing Engine switchover. PR1427842

  • With CNH for 6PE, MPLS EXP rewrite rule for non-VPN IPv4 over MPLS traffic might not work. PR1430878

  • The FPC might crash when the firewalls filter manager deals with the firewall filters. PR1433034

  • Traffic from the same physical interface cannot be forwarded. PR1434933

  • The device might not be accessible after the upgrade. PR1435173

  • The IPv4 packet larger than mtu-v6 might be dropped by the MAP-E BR device. PR1435362

  • MAP-E encapsulation or de-encapsulation with specific parameters might work incorrectly. PR1435697

  • The RPM http-get probe always returns the HTTP 400 error. PR1436338

  • The /var/db/scripts directory might be deleted after executing the request system zeroize command. PR1436773

  • The BGP session might flap after Routing Engine switchovers simultaneously on both boxes of BGP peer in a scaled BGP session setup. PR1437257

  • The next-hop MAC address in the output of the show route forwarding-table command might be incorrect. PR1437302

  • The multicast traffic is dropped while multicast ingress replication is configured with local-latency-fairness. PR1438180

  • A certain combination of allow-commands/deny-commands does not work properly after Junos OS Release 18.4R1. PR1438269

  • The inner IPv4 packet might get fragmented using the same size as mtu-v6 setting that is used for the MAP-E softwire tunnel in an MAP-E configuration. PR1440286

  • The RPM udp-ping probe does not work in a multiple routing instance scenario. PR1442157

  • When host-bound packets are received in MAP-E BR router, service interface statistics counter shows incorrect number of bytes. PR1443204

  • Packets are dropped due to missing destination MAC address in the Packet Forwarding Engine. PR1445191

  • Python op scripts executed as user nobody if started from NETCONF session and not as a logged-in user. This results in failure of the PyEZ connection to the device. PR1445917

  • On certain MPC line cards, cm errors must be reclassified. PR1449427

  • Some hosts behind unnumbered interfaces are unreachable after the router or FPC restarts. PR1449615

  • FPC might reboot with VM core files due to memory leak. PR1449664

  • The DF flag BGP packets are dropped over MPLS LSP path. PR1449929

  • The REST API process become nonresponsive when a number of requests arrive with a high rate. PR1449987

  • In an EVPN-VXLAN scenario, sometimes host-generated packets are getting dropped as hitting reject route in the Packet Forwarding Engine. PR1451559

  • The Routing Engine-originated IPv6 packets might be dropped when an interface-group rule is configured under an IPv6 filter. PR1453649

  • The MPC might drop packets after enabling the firewall fast lookup filter. PR1454257

  • The ddos-protection does not stop logging when remote tracing is nabled. PR1459605

  • The NTP time synchronization does not happen with NTP Boot Server configuration. PR1463622

  • MX80 EVPN-VXLAN RT5 does not work properly and the ip-prefix-routes routes are not reachable. PR1466602

  • Layer 2 traffic sent from one member to another member is corrupted on MX Series Virtual Chassis. PR1467764

Routing Policy and Firewall Filters

  • The route-filter-list with noncontinuous match might not work as expected after being updated. PR1419731

  • The rpd might crash after Routing Engine switch overs when prefix-list is configured. PR1451025

  • Policy matching RD changes the next hop of the routes that do not carry RD. PR1433615

  • The rib-group might not process the exported route correctly. PR1450123

  • Routes resolution might be inconsistent if any route is resolving over the multipath route. PR1453439

Routing Protocols

  • The rpd crashes in Junos OS Release 16.1 or later during BGP convergence. PR1351639

  • The rpd process might crash with the BGP multipath and damping configured. PR1472671

  • The rpd might crash after configuring the independent-domain configuration under the master routing-instance. PR1469317

  • Routing Engine-based micro-BFD packets does not go with configured source IP when the interface is in logical-system. PR1370463

  • BGP peers might flap if the parameter of hold-time sets is small. PR1466709

  • Must install all possible next hops for OSPF network LSAs. PR1463535

  • The rpd might crash under a rare condition if GR helper mode is triggered. PR1382892

  • Processing a large scale as-path regex causes the flapping of the route protocols. PR1396344

  • BFD link-failure detection of the broken path is delayed when IGP link-state update is received from the same peer through an alternate path. PR1410021

  • BGP might get stuck in the idle state when the peer triggers a GR restart event. PR1412538

  • The Layer 3 VPN link protection does not work after flapping the CE-facing interface. PR1412667

  • TI-LFA cannot find backup path when IS-IS overload bit is set on the computing node. PR1412923

  • BFD crashes after GRES is complete. @ __assert (func=0x831a40e "bfdd_link_session", file=0x831a24a "../../../../../../src/junos/usr.sbin/bfdd/bfdd_session.c" PR1420694

  • Route churn might be seen after changing the maximum-prefixes configuration from value A to value B. PR1423647

  • The rpd might crash while handling the withdrawal of an imported VRF route. PR1427147

  • MVPN traffic might get lost for around 30 seconds during Routing Engine switchover. PR1427720

  • The next hop of an IPv6 route remains empty when a new IS-IS link comes up. PR1430581

  • The BGP multipath multiple-as statement does not work in a specific scenario. PR1430899

  • IPv6 aggregate routes are hidden. PR1431227

  • Unsupported configuration---that is, EPE with dynamic-next-hop GRE tunnels---continuously causes the rpd to generate to core files. PR1431536

  • The show isis adjacency extensive output misses state transition details. PR1432398

  • Per-prefix LFA might not work as expected where the last hop needs to be protected on the penultimate node. PR1432615

  • PIM-SM join message might be delayed with MSDP enabled. PR1433625

  • With SR enabled, 6PE next hop is not installed. PR1435298

  • The rpd might crash during the best path changes in BGP-L3VPN when multipath and no-vrf-propagate-ttl are enabled. PR1436465

  • Wrong next hop might be observed when BGP PIC Edge is enabled. PR1437108

  • The rpd process crash might be observed if leaking multipath BGP routes from a routing instance to another routing table. PR1437837

  • Removing SSH Protocol version 1 from configuration. PR1440476

  • RIP routes might be discarded by the Juniper device over a 31-subnet interface. PR1441452

  • The rpd process might crash in an inter-AS option B Layer 3 VPN scenario if CNHs are used. PR1442291

  • The rpd might crash with a change in the SRTE configuration. PR1442952

  • IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507

  • The rpd crash might be seen after configuring OSPF NSSA area-range and summaries. PR1444728

  • The rpd might crash in an OSPF scenario due to invalid memory access. PR1445078

  • The BGP route prefixes are not being advertised to the peer. PR1446383

  • The as-external route might not work in an OSPF overload scenario for a VRF instance. PR1446437

  • The rpd utilization reaches 100 percent due to an incorrect path selection. PR1446861

  • The multicast traffic might be dropped in a PIM with BGP PIC setup. PR1447187

  • The rpd crashes and commit fails when trying to commit configuration changes. PR1447595

  • On MX2000 platforms, Layer 3 VPN PE-CE link protection exhibits an unexpected behavior. PR1447601

  • Junos OS BFD sessions with authentication flap after a certain time. PR1448649

  • The connection between ppmd(RE) and ppman(FPC) might get lost due to session timeout. PR1448670

  • The BGP routes might fail to be installed in the routing instance if the from next-hop policy match condition is used in the VRF import policy. PR1449458

  • SSH login might fail if a user account exists in both local database and RADIUS/TACACS+. PR1454177

  • The rpd scheduler slip for BGP GR might be up to 120 seconds after the peer goes down. PR1454198

  • The rpd memory might leak in a certain MSDP scenario. PR1454244

  • The rpd might crash when multipath is used. PR1454951

  • The rpd might crash continuously due to memory corruption in the IS-IS setup. PR1455432

  • Prefix SID conflict might be observed in IS-IS. PR1455994

  • The rpd might crash when the OSPF router ID gets changed for NSSA with area-range configured. PR1459080

  • The rpd memory leak might be observed on backup Routing Engine due to BGP flap. PR1459384

  • The rpd scheduler slips might be observed on RPKI route validation-enabled BGP peering router in a scaled setup. PR1461602

  • The IS-IS IPv6 routes might flap when there is an unrelated commit under protocol stanza. PR1463650

  • The BFD client session might flap when removing BFD configuration from the peer end, which is from another vendor, of the BFD session. PR1470603

Services Applications

  • The kmd process might crash when DPD timeout for some IKEv2 SAs happens. PR1434521

  • The show subscriber user-name output on LTS shows only one session instead of two. PR1446572

  • The kmd might crash due to the incorrect IKE SA establishment after changing the remote peer NAT mapping address. PR1477181

  • The jl2tpd process might crash during the restart procedure. PR1461335

Subscriber Access Management

  • In the PCRF/Gx-Plus scenario, RAR message are not able to change the subscriber service profile. PR1417987

  • Subscriber filtering for general authentication services traceoptions reports debug messages for other users. PR1431614

  • Incorrect Acct-Session-Time-Acct-Session-Time is not zero even though the Start event did not occur. PR1433251

  • Subscriber deactivation might get stuck in the terminated state. PR1437042

  • Test tput enhancement for test aaa ppp. PR1444438

  • On the MX Series platforms, a false error might be received for SAE policy activation or deactivation failure. PR1447632

  • Subscriber login fails when the PCRF server is unreachable. PR1449064

  • DHCPv6 subscribers might be stuck in a state after the authd process crashes. PR1460578

  • The subscriber address allocated might fail after deleting the pool link in the middle of the chain. PR1465253

  • No volume of attribute in accounting stops for the service session when activated services session is configured. PR1470434

  • Some address relevant fields are missing when the test aaa ppp command is executed. PR1474180

User Interface and Configuration

  • The show chassis hardware satellite command is not available in Junos OS Release 17.3. PR1388252


  • The Layer 2 circuit or the CE-facing interface might flap repeatedly and cause the packets to drop, if the asynchronous-notification configuration is configured on the PE. PR1282875

  • The Layer 2 circuit connections might be stuck in the OL state after changing the Layer 2 circuit community and flapping the primary LSP path. PR1464194

  • An rpd crash might be observed if Layer 2 circuit or local-switching connections flap continuously. PR1418870

  • MPLS LSP ping over Layer 2 circuit might not work when flow-label is enabled. PR1421609

  • MVPN using PIM dense mode does not prune the OIF when PIM prune is received. PR1425876

  • The rpd might crash when the link-protection is added or deleted from LSP for MVPN ingress replication selective provider tunnel. PR1469028

  • P1 configuration delete message is not sent on loading the baseline configuration if there has been a prior change in the VPN configuration. PR1432434

  • The resumed multicast traffic for certain groups might be stopped in an overlapping MVPN scenario. PR1441099

  • Memory might leak if PIM messages are received over an MDT (mt- interface) in a Draft-Rosen MVPN scenario. PR1442054

  • The rpd process might crash due to memory leak in the MVPN RPF Src PE block. PR1460625

Resolved Issues: 18.4R2

Application Layer Gateways (ALGs)

  • DNS requests with EDNS options might be dropped by the DNS ALG. PR1379433

Authentication and Access Control

  • Push-to-JIMS now supports push auth entry to all online JIMS servers. PR1407371

Class of Service (CoS)

  • The cosd process might crash while committing configuration through NETCONF. PR1403147

  • Traffic drop occurs when deleting MPLS family or disabling an interface that has nondefault EXP rewrite rules. PR1408817


  • The EVPN implementation does not follow RFC-7432. PR1367766

  • The rpd process crashes if the Autonomous-System (AS) is a deactivated in an EVPN scenario. PR1381940

  • The RA packets might be sent out without using the configured virtual gateway address. PR1384574

  • EVPN-VXLAN VTEP tunnel does not get deleted when the EVPN peer goes down. PR1390965

  • The rpd process might crash with EVPN type-3 route churn. PR1394803

  • The BUM traffic might not be flooded in an EVPN-MPLS scenario. PR1397325

  • IPv6 link-local address for the virtual-gateway address is marked as duplicate in EVPN. PR1397925

  • When committing a configuration for adding a VLAN adding to an EVPN instance and an aggregated Ethernet interface, respectively, the newly added VLAN interface count might be zero (0) in that bridge domain. PR1399371

  • EVPN type 2 MAC+IP route is stuck when the route advertisement has two MPLS labels and route withdrawal has 1 label. PR1399726

  • ARP refresh functionality might fail in an EVPN scenario. PR1399873

  • RPD core files upon Routing Engine switchover with scaled EVPN configuration. PR1401669

  • The rpd crash because of the memory corruption in EVPN. PR1404351

  • EVPN database and bridge MAC table are out of sync due to flapping of the interface. PR1404857

  • The rpd might crash on a leaf node when handling the withdrawal of remote or local MAC addresses in an EVPN-VXLAN scenario. PR1405681

  • The next hop is not cleaned up properly when one of the multihomed CE-PE links goes down. PR1412051

  • Local l2ald proxy MAC+IP advertisements accidentally delete MAC+IP EVPN database state from remotely learned type 2 routes. PR1415277

  • EVPN-MPLS single active :[EVPN/7] /32 host route always appears on non-DF PE if CNH is ON, remote-ip-host-routes has no effect. PR1419466

  • rpd crash on backup Routing Engine after enable nonstop-routing with EVPN. PR1425687

  • The device might proxy the ARP probe packets in an EVPN environment. PR1427109

  • IP address is missing in mac-ip-table of the EVPN database but is present in the EVPN database when the CE interface has two primary IP addresses. PR1428581

  • Extra incorrect MAC move might be seen when the host moves continuously between the different ESIs. PR1429821

  • Configuration is prevented from being applied on MX in subscriber scenario. PR1430360

  • Incorrect MAC count with show evpn/bridge statistics.PR1432293

  • Stale MAC addresses are present in the bridge MAC table in an EVPN-MPLS scenario. PR1432702

  • Configuring ESI on a single-homed 25G port might not work. PR1438227

Forwarding and Sampling

  • In an EVPN A-A scenario with an MX Series router or an EX Series switch acting as a PE device, flood next hops to handle BUM traffic might not get created or miss certain branches when the configuration is performed in a particular sequence. PR1377749

  • The LSI binding for the IPv6 neighbor is missing. PR1388454

  • Junos OS: Firewall filter terms named internal-1 and internal-2 being ignored (CVE-2019-0036). PR1394922

  • In Junos OS Release 13.3R9.13, the firewall filter action "decapsulate gre", de-encapsulates GRE, IP-over-IP, and IPv6-over-IP, but in Junos OS Release 17.3R3.9, it only de-encapsulates GRE. PR1398888

General Routing

  • Error drops in XM/MQSS fabric streams (q-node stats) are not accounted for in class-of-service fabric statistics. PR1338647

  • Large-scale users' login and logout might cause mgd memory leak. PR1352504

  • Traffic loss might be seen on the new master after the interface flaps followed by Routing Engine switchover in a VRRP scenario. PR1353583

  • Packets might be dropped when they go through MX104 built-in interface. PR1356657

  • MPC5E, MPC2E-NG, or 3E-NG might crash and restart during unified ISSU. PR1369635

  • The dot1xd might crash when it receives an incorrect reply length from the authd. PR1372421

  • Core files are seen in ifinfo at pif_af_fe_info pif_af_ifd when displaying af interface information. PR1373436

  • MS-MPC might have performance degradation under scaled fragmented packets. PR1376060

  • NFX3/ACX5448:LIBCOS_COS_TVP_FC_INFO_NOT_FOUND: Forwarding-class information not specified is displayed during commit on configuration prompt. PR1376665

  • MQSS errors might cause FPC restart. PR1380183

  • The routes learned over an interface will be marked as "dead" next hop after changing the prefix length of an IPv6 address on that interface. PR1380600

  • Traffic silently dropped because of an offline FPC in an MC-LAG scenario. PR1381446

  • The unicast traffic from IRB interface toward LSI might be dropped due to Packet Forwarding Engine mismatching at egress processing. PR1381580

  • PDT: MSE high CPU utilization for chassisd on BSYS, 20% st steady state. PR1383335

  • The Virtual Chassis could not come up after upgrading to QFX5E platforms (TVP-based platforms for QFX5100 or QFX5200 switches). PR1383876

  • Disable reporting of correctable single-bit error on Hybrid Memory Cube (HMC) and prevent Major Alarm. PR1384435

  • Subscriber connection setup is 30% lower than expected. PR1384722

  • The rpd might crash when switchover is performed along with configuration changes being committed. PR1385005

  • The device with more than five IP addresses configured in the DHCP server-group goes into Amnesiac mode after reboot. PR1385902

  • The rpd end up with stuck krt queue might be seen in a VRF scenario. PR1386475

  • Behavior of the CLI set interfaces ams0 service-options session-limit rate <integer value> command has changed. PR1386956

  • Migrate from syslog API to Errmsg API - VM host messages on Junos OS. PR1387099

  • On MX2000 platforms, backup CB's chassis environment status keeps 'Testing' after backup CB becomes online by removal/insert operation. PR1387130

  • Chassisd process might have random memory corruption and will result in chassisd restart. PR1387338

  • Some SFBs might go down when one of the PSMs in the chassis generates a bad output voltage that is out-of-range. PR1387737

  • IPsec IKE keys are not cleared when delete/clear notification is received. PR1388290

  • BBE SMGD generates core files if MTU is changed while subscribers are logged in on the physical interface. PR1389611

  • The jnxFruState might show incorrect PIC state after replacing an MPC is replaced with another MPC with fewer PICs. PR1390016

  • Traffic destined to VRRP VIP gets dropped as filter is not updated to the related logical interface. PR1390367

  • Delete chassis redundancy will not give commit warning. PR1390575

  • The BNG might not respond with PADO and create any demux interface when PPPoE PADI packet is received. PR1390989

  • The Packet Forwarding Engine might not respond with ICMP time exceeded error when a packet arrives from subscriber. PR1391932

  • Third-generation FPC reboot loop because of having internal interface issues. PR1393643

  • Junos OS enhancement configuration statement to modify mcontrol watchdog timeout. PR1393716

  • IPv6 next-hop programming issue might be observed on QFX10000, PTX1000, and PTX10000 devices. PR1393937

  • The FPCs might not come up during unified ISSU on MX10003. PR1393940

  • CI-PR:Expected entries UI_COMMIT_PROGRESS are not getting populated while checking with Junoscript session for obtaining syslog output. PR1394780

  • The l2ald process might crash during commit check for some specific configurations. PR1395368

  • The minor alarm of "Bottom Fan Tray Pred Fail" might be incorrectly raised when the fan is at high speed on MX960. PR1395539

  • Layer 3 gateway did not update ARP entries if IP or MAC quickly move from one router to another router in EVPN-VXLAN environment. PR1395685

  • MPC7, MPC8, and MPC9 might not boot in MX Series Virtual Chassis. PR1396268

  • The subscriber bindings might not be successful on QFX Series or EX Series platforms. PR1396470

  • Adding IRB to bridge-domain with PS interface causes kernel crash. PR1396772

  • The MS-MPC might generates core files when mspmand receives a non-syn packet of TCP. PR1396785

  • Subscriber flapping may cause SMID resident memory leak. PR1396886

  • Seeing VMHost RE 0 Secure BIOS Version Mismatch and VMHost RE 1 Secure Boot Disabled alarms. PR1397030

  • mspmand core file is seen when committing configuration NAT pool changes to active NAT pool. PR1397294

  • smid process memory leak and not coming down from 100%. PR1397643

  • PFT MX10008: Inline-services Enabling the Flex-Flow-Sizing takes more than 12 minutes to move to steady state. PR1397767

  • [jinsight] [generic_jinsight] show system errors active is not showing the error for MPC3E NG HQoS. PR1398084

  • MPLSoUDP/MPLSoGRE tunnel might not come up on interface route. PR1398362

  • High jsd or na-grpcd CPU usage might be seen even JET or JTI is not used. PR1398398

  • IPsec tunnel cannot be established because the tunnel SA and rule are not installed in the PIC. PR1398849

  • Incorrect timestamp is displayed in the jvision collector log file. PR1399829

  • JET/PRPD incompatibility for the rib_service.proto field RouteGateway.weight from Junos OS Release 18.4R1 to 18.4R2 onward. PR1400563

  • The mgd-api crashes due to memory leak. PR1400597

  • Only one Packet Forwarding Engine could be disabled on an FPC with multiple Packet Forwarding Engines in error/wedge condition. PR1400716

  • Config option forwarding-options enhanced-hash-key family mpls ether-pseudowire zero-control-word Does Not Take Affect in Junos Node Slicing. PR1400881

  • The framed route beyond the first might not be installed in a DHCP subscriber management environment. PR1401148

  • The authd might crash while restarting when you issue show network-access requests pending. PR1401249

  • The command show | compare output on global group changes loses the difference context after a rollback or load update is performed. PR1401505

  • The subscriber route installation failed because of improper installation of some interfaces states. PR1401506

  • The TCP connection between ppmd and ppman might be dropped due to a kernel issue. PR1401507

  • FPC core files are seen due to a corner case scenario (race condition between RPF, IP flow). PR1401808

  • The na-grpcd log file is not rotated and keeps growing until Routing Engine is out of disk space. PR1401817

  • JET authentication does not work for usernames and passwords of certain lengths. PR1401854

  • Traffic loss is seen in IGMP subscribers after GRES. PR1402342

  • The MPC might crash due to CPU overuse by dfw thread. PR1402345

  • The device is in Amnesiac mode after ISSU with "mgd: error: configuration check-out failed" generate. PR1432664

  • Some error logs might be seen on FPC when reading attempt from uninitialized memory location. PR1402484

  • FPC might crash after MIC-3D-16CHE1-T1-CE-H is taken offline and brought back online. PR1402563

  • DHCP subscriber cannot reconnect over dynamic VLAN demux interfaces due to RPF check failure. PR1402674

  • Host outbound traffic might be dropped on MPC7, MPC8, and MPC9. PR1402834

  • uncolored SRTE stats : MX: Observed rpd core files when a few colored LSPs were changed to uncolored LSPs. The core files are at <<< #0 tag_cmp_tag (tag1=0x0, tag_label1=0x0, tag2=0x98b6628, tag_label2=0x98b6644) at ../../../../../../../../../../src/junos/usr.sbin/rpd/lib/mpls/label_mgr/core/mpls_label.c:473 473 if (tag1->tagt_mtu != tag2->tagt_mtu) >>>PR1403208

  • Reported log variance might be incorrect if the PTP profile is changed from G.8275.2 to SMPTE or other multicast IP profile. PR1403219

  • The smg service could become unresponsive when doing some GRE-related CLI operations. PR1403480

  • The time synchronization through PTPoE might not work when Enhanced Subscriber Management is enabled on MX Series routers.PR1404002

  • Continuous kernel crashes might be observed in backup Routing Engines or VC-bm. PR1404038

  • With MS-MPC and MS-MIC service cards syslog messages for port block interim may show as the private IP address and PBA release messages may show the NAT'd IP as the private IP. PR1404089

  • The FPC might crash in a CoS scenario. PR1404325

  • the repd continues to generate core files on Virtual Chassis-Bm when there are too many IPv6 addresses on one session (hit PR1384889). PR1404358

  • Incorrect output of the assigned prefixes to the subscriber in the output of show interface < dynamic demux interface>PR1404369

  • Configuring load override or load replace resets ANCP neighbors. PR1405318

  • Voltage read failed for rail LTC3887-EA1-VDD0V9R2-CH0. PR1405787

  • When using aggregated Ethernet bundle with active subscribers, FPC might crash if existing leg is replayed (after FPC restart). PR1405876

  • NAT64 translation issues of ICMPv6 Packet Too Big message with MS-MPC/MS-PIC. PR1405882

  • The FPC crash might be observed in an MS-MPC HA environment. PR1405917

  • Fabric performance drop on MPC7/8/9E and SFB2-based MX2000 platforms. PR1406030

  • The rpd might crash due to a race condition with the combination of community actions done at both BGP import policy and a forwarding-table policy. PR1406357

  • Traffic impact might be seen if auto-bandwidth is configured for RSVP LSPs. PR1406822

  • MX10003 cosmetic message: ALARMD_CONNECTION_FAILURE: after 60 attempts craftd connect returned error: Connection refused. PR1406952

  • FPC might crash during the subscriber-related stresstests. PR1407285

  • L2 VPN might flap repeatedly after the link between the PE and CE devices starts coming up. PR1407345

  • The rpd might crash when a commit check is executed on LDP trace options. PR1407367

  • Ephemeral DB might get stuck during commit. PR1407924

  • Traffic forwarding failed when crossing VCF members. PR1408058

  • openconfig-network-instance: network-instances support for IS-IS must be hidden unless supported. PR1408151

  • The ToS/DSCP and TTL fields might not be copied into the outer IP header in a Group VPN scenario. PR1408168

  • Alarm Mismatch in total memory detected after request reboot vmhost routing-engine both . PR1408480

  • The MPCs might crash when performing unified ISSU to Junos OS Release 19.1R1 or later. PR1408558

  • Python script might stop working due to Too many open files error. PR1408936

  • MX-Service templates are not cleaned up. PR1409398

  • MX-MPC2-3D-EQ and MPC-3D-16XGE-SFPP will now show "Exhaust A" temperature, rather than Intake temperature. PR1409406

  • Telemetry: interface-set metadata needs to include the CoS TCP names in order to aid collector reconciliation with queue-stats data. PR1409625

  • The CPU might be overused by jsd process in JET scenario. PR1409639

  • The nonexistent subscribers might appear in the show system resource-monitor subscribers-limit chassis extensive output. PR1409767

  • FPC might crash during next-hop change when using MPLS inline J-flow. PR1409807

  • When using SFP+, the Interface optic output might be non-zero even after the interface has been disabled. PR1410465

  • Traffic loss may be seen on MPC8E/MPC9E after you request one of the SFB2s that has gone offline to be brought back online. PR1410813

  • Kernel replication failure might be seen if an IPv6 route next hop points to an ether-over-atm-llc ATM interface. PR1411376

  • Packet Forwarding Engines heap memory leak might happen by frequent flapping of thousands of PPPoE subscribers. PR1411389

  • Virtual route reflector may report DAEMON-3-JTASK_SCHED_SLIP_KEVENT error on some hypervisor or host machine because of NTP synchronization. Routing protocol may be impacted. PR1411679

  • file copy /var/tmp/ ftp://anonymous@< ip>/pub/ could not work properly after upgrade. PR1412033

  • MX10003: The rpd crashes when the switchover-on-routing-crash does not trigger Routing Engine switchover and the rpd on the master Routing Engine goes into STOP state. PR1412322

  • Junos PCC may reject PCUpdate/PCCreate message if there is a metric type other than type 2. PR1412659

  • PPPoE subscribers might not be able to log in after unified ISSU. PR1413004

  • The rpd memory leak might be seen due to an incorrect processing of a transient event. PR1413224

  • During unified ISSU from Junos OS Release 16.1R4-S11.1 to Release 18.2R2-S1.2, CoS GENCFG write failures observed [ COS(cos_rewrite_do_pre_bind_add_action:676): Binding of table 44226 to ifl 1073744636 failed, table already bound to ifl ] PR1413297

  • The support of inet6 filter attribute for ATM interfaces is broken in the Junos OS Release 17.2R1 onward. PR1413663

  • The services load balance might not be effective for AMS if the hash key under the forwarding-options hierarchy is configured. PR1414109

  • FPC crash might be observed if it reaches heap utilization limit. PR1414145

  • NPC might not apply configured resource-monitor thresholds after NPC restart. PR1414650

  • Firewall filters are not getting programmed into Packet Forwarding Engine. PR1414706

  • The user might not enter configure mode as mgd is in lockf status. PR1415042

  • ICMP MTU exceeded error generated from Packet Forwarding Engine does not reach the expected source. PR1415130

  • The bbe-smgd process might have memory leak when you run show system subscriber-management route route-type <> routing-instance <>. PR1415922

  • Some IPsec tunnels might fail to pass traffic after GRES on an MX Series platform. PR1417170

  • The ECMP fast reroute protection feature might not work on MX5, MX10, MX40, MX80, and MX104. PR1417186

  • An IPv4 packet with a zero checksum might not be translated to an IPv6 packet properly under NAT64 scenario. PR1417215

  • Some subscribers might be offline when doing GRES or daemon restart. PR1417574

  • Observed zero tunnel stats on the soft-gre tunnel. PR1417666

  • The BGP session might flap after Routing Engine switchover. PR1417966

  • CGNAT with MS-MPC card does not account for AP-P out of port errors or generate a syslog message when this condition is met. PR1418128

  • There is no SNMP Trap message generated for jnxHardDiskMissing/jnxHardDiskFailed MX.PR1418461

  • sp-cleanup-timer is not being honored when lsp-cleanup-timer is configured to be greater than 2147483647. PR1418937

  • The reserved PPPoE ssession ID 65535 might also be assigned, which is in conflict with RFC 2516. PR1418960

  • RX alarms are not set as according to the threshold value configured for the DCO Tunable optics. PR1419204

  • A PPP session under negotiation might be terminated if another PPPoE client bears the same session ID. PR1419500

  • CPU usage on Service PIC may spike while forming an IPsec tunnel in a DEP/NAT-T scenario. PR1419541

  • A new tunnel could not be established after changing the NAT mapping IP address until the IPEC SA Clear command is run. PR1419542

  • rtsock_peer_unconsumed_obj_free_int: unable to remove node from list logged extensively. PR1419647

  • bbe-mibd memory leak causing daemon crash when having live subscribers and SNMP OIDs query. PR1419756

  • In the scenario where the MX Series devices and the peer device both try to bring an IPsec tunnel up, so both sides are acting as an initiator, if the peer side does not answer the MX ISAKMP requests, the MX Series device can bring the peer-initiated tunnel down. PR1420293

  • MX: PTP phase aligned but TE/cTE not good. PR1420809

  • Failed to reload keyadmin database for /var/etc/keyadmin.conf. PR1421539

  • bbemg_smgd_lock_cli_instance_db should not be logged as error messages. PR1421589

  • MX Series Virtual Chassis: VCP port reports MTU value 9152 in the ICMP MTU exceeded message while the VCP port MTU is set to 9148. PR1421629

  • The ps access interface is not marked ccc down on standby/non-designated PE. PR1421648

  • RPT_REG_SERVICES: RPM syslogs are not getting generated after deactivating the aggregate interface. PR1421934

  • Remote gateway address change is not effective on MX150 platform when it is an initiator. PR1421977

  • The CoS IEEE 802.1 classifier might not get applied when it is configured with service activation on the underlying interface. PR1422542

  • While committing a huge configuration, the user might see the error error: mustd trace init failed. PR1423229

  • set forwarding-options enhanced-hash-key symmetric is not effective on MX10003. PR1423288

  • IP packet drop might be seen under Layer2 circuit scenario. PR1423628

  • Traffic is dropped after FPC reboot with aggregated Ethernet member links deactivated by remote device. PR1423707

  • On MX204 optics "SFP-1GE-FE-E-T" I2C read errors are seen when an SFP-T is inserted into a disabled state port. PR1423858

  • The bbe-smgd process might crash after the command "show system subscriber-management route prefix is executed. PR1424054

  • The port configured for 1-Gbps speed flaps after Routing Engine switchover. PR1424120

  • The interface configured with 1-Gbps speed on JNP10K-LC2101 cannot come up. PR1424125

  • [vMX]Continous disk error logs on VCP Console (Requesting switchover due to disk failure on ada1). PR1424771

  • Interface with FEC disabled is flapping after Routing Engine mastership switchover. PR1425211

  • In WAG scenario, soft-gre tunnel route lost after reboot/GRES or upgrade. PR1425237

  • RPT_BBE_Regressions : Getting Unisphere-UpStream-Calc-Rate as 0 while verifying L2BSA RADIUS accounting stop packets after performing GRES. PR1425512

  • All interfaces creation failed after NSSU. PR1425716

  • IFL Targeting: 18000 phantom distributed interfaces are displayed for aggregated Ethernet interface with the targeted distribution enabled on it, when there are no active subscribers. PR1426157

  • Interfaces might come to down after device reboots. PR1426349

  • PEMs lose DC output power load sharing after PEM power-off and power-on operation on MX Series. PR1426350

  • Traffic loss might be seen when multiple IPsec tunnels are established with the remote peer. PR1426975

  • Traffic might not flow through MACsec interface even after an unsupported cipher-suite is removed. PR1427294

  • When broadband edge PPPoE and DHCP subscribers coming up over Junos fusion satellite ports are active, commit full and commit synchornization full commands fail. PR1427647

  • When installing YANG package without the proxy-xml configuration, the CLI environment did not work well. PR1427726

  • The subscriber IP route may get suck in bbe-smgd if the subscriber IP address is the same as the local IP address. PR1428428

  • PTSP subscriber stuck in configured state. Auto-clear-timer did not work as well. PR1428688

  • Incorrect IGMP statistics for dynamic PPP interfaces. PR1428822

  • L2TP subscriber and MPLS Pseudowire Subscriber volume accounting stats value remains unchanged after ISSU. PR1429692

  • Destination unreachable counter was counting up without receiving traffic. PR1431384

  • During the stresstests, bbe-smgd process might crash on backup Routing Engine when performing GRES. PR1431455

  • The bbe-smgd might crash if subscribers are trying to log in or log out and a configuration commit activity happens at the same time. PR1431459

  • Allow installation of three identical framed-routes in the same routing-instance. PR1431891

  • MX10003 - PEM not present alarm raised when minimum required PEM exist in the system. PR1431926

  • RSI & RSI brief should not include show route forwarding-table when Tomcat enabled. PR1433440

  • On MPC2 Junos telemetry interfaces services, statistics might not be available after the unified ISSU.PR1433589

  • Lawful intercept for subscriber traffic is not programmed in Packet Forwarding Engine if it is activated by Access-Accept. PR1433911

  • Total number of packets mirrored , after DTCP trigger add and DTCP enable is not in expected range while verifying traffic on mirror port after DTCP drop policy enable. PR1435736

  • MPC7, MPC8, MPC9, MX10003 MPC, EX9200-12QS, EX9200-40XS line card might crash in a scaling setup. PR1435744


  • SNMP OID IFOutDiscards are not updated when drops increase. PR1411303

  • The traffic to the NLB server might not be forwarded if the NLB cluster works on multicast mode. PR1411549

Interfaces and Chassis

  • Constant dcpfe process crash might be seen if you are using an unsupported GRE interface configuration. PR1369757

  • The pfe_disable action does not disable the logical tunnel interfaces belonging to the affected Packet Forwarding Engine. PR1380784

  • Changing the value of mac-table-size to default may lead all FPCs to reboot. PR1386768

  • DCD core files are seen after FPC restart if channelized interfaces are configured. PR1387962

  • All DPCs might crash while adding or deleting a logical interface from the aggregated Ethernet bundle. PR1389206

  • Decoupling of L2 logical interface configuration from bridge domain or EVPN configuration. PR1390823

  • The dcd memory leak might be seen when committing configuration change on static route tag. PR1391323

  • Error message might be seen if GR interface is configured. PR1393676

  • The dcd crash might be seen after deleting the sub-interface from VPLS routing-instance and mesh-group. PR1395620

  • MIC Error code: 0x1b0002 alarm might not be cleared for MIC on MPC6 when the voltage has returned to normal. PR1398301

  • The backup Routing Engine might get stuck in Amnesiac mode after reboot. PR1398445

  • All dcd operations might be blocked if profile-db is corrupt. PR1399184

  • Certain OTN options cause interface flapping during commit. PR1402122

  • Missing mandatory ICCP configuration statement redundancy-group-id-list produces misleading error message. PR1402606

  • The targeted-broadcast statement does not work on an IRB interface. PR1404442

  • The subscriber may not access the device due to the conflicting assigned address. PR1405055

  • The cfmd might fail to start after it is restarted. PR1406165

  • The aaa-options configuration statement for PPPoE subscribers does not work on the MX80 and MX104 platforms. PR1410079

  • OAM CFM MEP flaps might occur when hardware-assisted keepalives are enabled. PR1417707

  • Monitor ethernet loss-measurement command returns an invalid ETH-LM request for unsupported outgoing logical interface. PR1420514

  • Invalid speed value on an interface might cause other interface configuration loss. PR1421857

  • The syslog message /kernel: %KERN-3: pointchange for flag 04000000 not supported on IFD aex upon LFM related config commit on aggregated Ethernet interfaces. PR1423586

  • The cfmd might crash on DPCE. PR1424912

  • The logical interfaces in EVPN routing instances might flap after committing configurations. PR1425339

  • flexible-queuing-mode is not working on MPC5E of VC member1. PR1425414

  • Upgrade from releases before Junos OS Release 17.4R1 to releases having PR-1425804 fix results in cleanup of existing ECFM PM-history and PM-sessions restarts freshly with MI index as 1. PR1425804

  • CFM message flooding. PR1427868

  • The vrrpd process might crash after deleting VRRP sessions for several times. PR1429906

Layer 2 Features

  • The rpd crashes after an iw0 interface is configured under a VPLS instance. PR1406472

  • In a Layer 2 domain, there might be unexpected flooding of unicast traffic at every 32-40s interval toward all local CE-facing interfaces. PR1406807

  • Broadcast traffics might be discarded in a VPLS local-switching scenario. PR1416228

  • Commit error is seen but the commit is processed if adding more than o. PR1420082

Layer 2 Ethernet Services

  • The SNMP query on LACP interface might lead to lacpd crash. PR1391545

  • On EVPN setups, incorrect destination MAC addresses starting with 45 might show up when the show arp hostname command is used. PR1392575

  • Log messages dot1xd[]: task_connect: task ESP CLIENT:...: Connection refused might be reported in Junos OS Release 17.4 or later. PR1407775

  • Packets might be dropped if the traffic is forwarded on an LT interface. PR1410970

  • The IRB interface might flap after configuration change is committed on any interface. PR1415284

  • The IPv6 neighbor might become unreachable after the primary link goes down in a VPLS scenario. PR1417209

  • jdhcpd becomes aware about some of the existing configurations only after 'commit full' or jdhcpd restart. PR1419437

  • Change the nd6 next hops to reject next hop once L2 interfaces gets disassociated with IPv6 entries. PR1419809

  • The jdhcpd process might consistently run at 100% CPU and not provide service if the delay-offer is configured for the DHCP local server. PR1419816

  • jdhcpd daemon might crash during continuous stress test. PR1421569


  • DSCP bit marking of LSP self-ping is not compliant with rfc7746. PR1371486

  • The rpd might crash on backup Routing Engine after switchover. PR1382249

  • A RSVP-signaled LSP might stay in down state after a link in the path flaps. PR1384929

  • The rpd process might keep crashing repeatedly if the LSP destination address is set to be PR1397018

  • The rpd might crash when an LDP route with an indirect next hop is deleted. PR1398876

  • The Layer 2 circuit information is not advertised over the LDP session if ldp dual-transport inet-lsr-id is different from the router ID. PR1405359

  • Resources might be reserved for stale RSVP LSP when RSVP is disabled on the interface. PR1410972

  • The rpd might crash in BGP-LU with egress protection while committing configuration changes. PR1412829

  • The rpd might crash if longest-match is configured for LDP. PR1413231

  • LDP route is not present in inet6.3 if IPv6 interface address is not configured. PR1414965

  • Rpd memory might leak when RSVP LSP is cleared/re-signaled. PR1415774

  • LDP routes might flap if committing any configuration changes. PR1416032

  • Traffic might be silently discarded due to a long LSP switchover duration in an RSVP-signaled LSP scenario. PR1416487

  • Bad length for Sub-TLV 34 (RFC 8287) in MPLS Echo Request. PR1422093

  • Bypass dynamic RSVP LSP tears down too soon when being used for protecting LDP LSP with the dynamic-rsvp-lsp. PR1425824

  • mpls ping sweep stops working and the CLI stops responding. PR1426016

  • MPLS LSP auto-bandwidth statistics miscalculations may lead to high bandwidth reservation. PR1427414

  • When MBB for P2MP LSP fails, it is stuck in the old path. PR1429114

  • MPLS ingress LSPs for LDP link protection are not coming up after of MPLS is disabled/enabled. PR1432138

Network Management and Monitoring

  • The sub-agent such as mib2d might crash and restart after the AGENTX session timeout between master(snmpd) and sub-agent. PR1396967

  • Child link missed from mib id dot3adAggPortAttachedAggID (OID - 1.2.840.10006.300. PR1410439

  • The snmp query might not get data in scaled L2circuits environment.PR1413352

  • Syslog match filtering does not work if a single line of /etc/syslog.conf is more than 2048 bytes. PR1418705

Platform and Infrastructure

  • The kernel and ksyncd generate core files after dual CB flap at rt_nhfind_params: rt_nhfind() found an nh different from that onmaster 30326. PR1372875

  • Jlock hog might be reported at restart routing. PR1389809

  • Individual command authorization might cause mgd crash. PR1389944

  • Traffic is dropped when passing through MS-DPC to MPC. PR1390541

  • MX: RFC2544 is not functioning as expected due to platform validation getting skipped for the MX Series device (chassis based boxes). PR1396751

  • RVT interface might flap. PR1399102

  • In a scaled scenario (500 TWAMP control sessions and 500 TWAMP test sessions), a few TWAMP connections might fail to establish. PR1399547

  • Syslog error messages: [LOG: Err] COS_HALP(cos_halp_get_fabric_stats_per_pfe:3211): pfe_id 0 cchip 0[LOG: Err] COS_HALP(cos_halp_get_fabric_stats_per_pfe:3272): No PFE found for pfe_id_start 0 . PR1402377

  • MAP-E some ICMP Types cannot be encapsulated or de-encapsulated on SI interface. PR1404239

  • Some files are missing during log archiving. PR1405903

  • Abnormal Queue-depth counters in show interface queue output on interfaces that are associated to XM2 and 3. PR1406848

  • IPv6 traffic might be dropped between VXLAN bridgedomain and IP/MPLS network. PR1407200

  • Class-of-service configuration changes might lead to traffic drop on cascade port in Junos fusion setup. PR1408159

  • Traffic is getting dropped when there is a combination of DPC/MX-FPC card and MPC card on egress PE router in L3VPN. PR1409523

  • Junos OS: Insufficient validation of environment variables in telnet client might lead to stack-based buffer overflow (CVE-2019-0053). PR1409847

  • The VLAN tag is incorrectly inserted on the access interface if the packet is sent from an IRB interface. PR1411456

  • The MPC might crash when a MIC is pulled out when this MIC is booting up. PR1414816

  • op url command cannot run a script with libs from /config/scripts. PR1420976

  • ARP request is not replied to although proxy-arp is configured. PR1422148

  • show jnh trap-info with incorrect LU instance caused a crash and generated core files on FPC. PR1423508

  • The native VLAN ID of packets might fail to be removed when leaving out. PR1424174

  • The policer bandwidth might be incorrect for the aggregate interface after activating the configuration statement shared-bandwidth-policer. PR1427936

  • Pre-fragmented ICMP IPv4 packets might fail to arrive at the destination. PR1432506

  • Enabling sensor /junos/system/linecard/qmon/ causes continuous ppe_error_interrupt errors. PR1434198

  • BR for MAP-E does not return ICMP Type=3/Code=4 when over MTU sized packet comes with DF bit. PR1435362

  • A certain combination of allow and deny commands does not work properly after Junos OS Release 18.4R1. PR1438269

Routing Policy and Firewall Filters

  • MX Series: CLI configuration as-path-expand last-as:commit failure. PR1388159

  • The rpd process might crash when the routing-options flow configuration is removed. PR1409672

Routing Protocols

  • BGP might not advertise routes on the existing BGP peer after a Layer 3 VPN instance is added. PR1237006

  • The VRF static route might not be exported when route-distinguisher-id is used on RR in a BGP Layer 3 VPN scenario. PR1341720

  • Qualified next hop of static route might not be withdrawn when BFD is down. PR1367424

  • The static route might persist even after its BFD session goes down. PR1385380

  • BGP sessions might keep flapping on the backup Routing Engine if proxy-macip-advertisement is configured on an IRB interface for EVPN-VXLAN. PR1387720

  • Unexpected packet loss might be seen for some multicast groups during failure recovery with both MoFRR and PIM automatic MBB join load-balancing features enabled. PR1389120

  • In rare cases rpd might crash after Routing Engine switchover when BGP multipath and Layer 3 VPN vrf-table-label are configured. PR1389337

  • BGP IPv6 routes with IPv4 next hop causes rpd crash. PR1389557

  • The ppmd on the Routing Engine might run with high CPU utilization after Routing Engine switchover. PR1392704

  • Rpd core files on the backup Routing Engine during neighborship flap when using authentication-key with size larger than 20 characters. PR1394082

  • Snoop-pseudowires enabled MCSNOOPD at an H-VPLS hub PE might drop an LSI for the spoke neighbour pseudowire off the control NH for IGMP query flooding upon this pseudowire active->standby->active transition followed by mcsnoopd restart at the hub. PR1394213

  • The best and the second-best routes might have the same weight value if BGP PIC is enabled. PR1395098

  • BGP DMZ LINK BANDWIDTH - not able to aggregate bandwidth, when applying the policy. PR1398000

  • The rpd soft core files and inappropriate route selection might be seen when Layer 2 VPN is used. PR1398685

  • The rpd process might crash in a BGP setup with NSR enabled. PR1398700

  • Junos OS: BGP packets can trigger rpd crash when BGP tracing is enabled. (CVE-2019-0019) PR1399141

  • The UHP behavior is not supported for LDP to SR stitching scenario. PR1401214

  • There might be unexpected packet drops in MoFRR scenario if the active RPF path is disabled. PR1401802

  • The rpd might crash when BGP add-path send is configured and NSR is enabled. PR1401948

  • The rpd might be stuck at 100% when auto-export and BGP add-path are configured. PR1402140

  • BGP router on the same broadcast subnet with its neighbors might cause IPv6 routing issue on the neighbor from other vendors. PR1402255

  • Sometimes when a new logical router is configured, logical router core files might be seen on the system. PR1403087

  • The rpd memory leak might be seen in IS-IS segment routing scenario. PR1404134

  • Extended traffic loss might be seen after link recovery when source packet routing is used on OSPF P2P links. PR1406440

  • IGMP join through PPPoE sub not propagated to upstream PIM. PR1407202

  • M Series, MX Series, QFX Series: mcsnoopd core files generated immediately after the commit change related to EVPN-VXLAN configuration. PR1408812

  • SID label operation might be performed incorrectly in an OSPF SPRING environment. PR1413292

  • The unexpected AS prepending action for AS path might be seen after the no-attrset statement is configured or deleted with the vrf-import/vrf-export configuration. PR1413686

  • Dynamic routing protocol flapping with VM host Routing Engine switchover on NG-RE. PR1415077

  • The IS-IS-SR route sent by the mapping server might be broken for ECMP. PR1415599

  • Route information might be inconsistent between the RIB and OSPF databases when using the OSPF LFA feature. PR1416720

  • Junos OS: OpenSSL Security Advisory [26 Feb 2019]. PR1419533

  • A memory leak in rpd might be seen if source packet routing is enabled for the IS-IS protocol. PR1419800

  • IPv6 IS-IS routes might be deleted and not be reinstalled when the MTU is changed at the logical interface level for family inet6. PR1420776

  • The rpd might crash in a PIM scenario with auto-rp enabled. PR1426711

  • The rpd might crash while handling the withdrawal of an imported VRF route. PR1427147

  • The rpd might generate core files due to improper handling of graceful restart stale routes. PR1427987

  • RPD might crash with OSPF overload configuration. PR1429765

Services Applications

  • ms- used for IPSEC PIC is listed in show services ha detail as standby, cosmetic issue. PR1383898

  • The spd might crash when any-ip is configured in the from clause of the NAT rule with the static translation type. PR1391928

  • SPD_CONN_OPEN_FAILURE: spd_svc_set_summary_query: unable to open connection to si-0/0/0 (No route to host) PR1397259

  • IP ToS bits are not copied to the outer IPsec header. PR1398242

  • Invalid Layer 4 checksum might be observed in IPv4 packets generated by NAT64 with MS-DPC after translating fragmented IPv6 UDP/TCP packets. PR1398542

  • The ICMPv6 packet with embedded IPv6 fragment might not be translated correctly to IPv4 ICMP packet in a NAT64 with MS-DPC deployment. PR1402450

  • Inconsistent content might be observed to the access line information between ICRQ and PPPoE messages. PR1404259

  • The stale si- logical interface might be seen when L2TP subscribers with duplicated prefixes or framed-route log in. PR1406179

  • The kmd process might crash on MX Series and ACX Series platforms when IKEv2 is used. PR1408974

  • [technology/subscriber_services/jl2tpd] [all] RPT BBE Regressions : ERA value does not match configured values while verify new ERA settings are reflected in messages log. PR1410783

  • jpppd core files on LNS. PR1414092

  • L2TP LAC might fail to tunnel static pp0 subscriber to the desired LNS. PR1416016

  • IPsec SA might not come up when the local gateway address is a VIP for a VRRP configured interface. PR1422171

  • In a subscriber with L2TP scenario, subscribers are stuck in INIT state forever. PR1425919

  • Some problems might be seen if the client negotiates LCP with no PPP-options to LAC. PR1426164

  • Traffic gets dropped when the end behind NAT is the responder. PR1435182

Software Installation and Upgrade

  • JSU might be deactivated from FPC in case of power cycle. PR1429392

Subscriber Access Management

  • The DHCPv6-PD client connection might be terminated after commit when RADIUS-assigned address is not defined within the range of a local pool. PR1401839

  • Adding a firewall filter service using the test aaa command causes a crash in dfwd. PR1402051

  • JSRC used RADIUS Service accounting protocol instead of JSRC for SRC installed service. PR1403835

  • Continuous log message authd[18454]: %DAEMON-3-LI: liPollTimerExpired returned 0. PR1407923

  • Authd telemetry: Linked pool head attribute is incorrect for single pools. PR1413293

  • CoA-NACK is not sent when peforming negative COA Request tests by sending incorrect session ID. PR1418144

  • Subscribers might not be able to re-login in Gx-plus provisioning scenario. PR1418579

  • PPPoE session might be disconnected when LI attributes are received in access-accept with invalid data. PR1418601

  • Address allocation issue with linked pools when using linked-pool-aggregation. PR1426244

  • RADIUS authentication server might always be marked as DEAD. PR1429528

User Interface and Configuration

  • The show configuration and rollback compare commands cause high CPU usage. PR1407848


  • The receivers belonging to a routing instance might not receive multicast traffic in an Extranet next-generation MVPN scenario. PR1372613

  • High rpd CPU utilization on the backup Routing Engine might be observed in an MVPN+NSR scenario. PR1392792

  • Downstream interface is not removed from multicast route after getting PIM prune. PR1398458

  • Routes with multiple communities being rejected in inter-AS NG-MVPN scenario. PR1405182

  • The multicast traffic drop might be seen when static-umh is configured in NGMVPN scenario. PR1414418

  • The rpd might crash in rosen MVPN scenario when the same provider tunnel source address is being used for both IPv4 and IPv6. PR1416243

  • The deletion of (S,G) entry might be skipped after the PIM join timeout. PR1417344

  • The rpd process might crash in rare conditions when Extranet NG-MVPN is configured. PR1419891

Resolved Issues: 18.4R1

Application Layer Gateways (ALGs)

  • DNS requests with EDNS options might be dropped by DNS ALG. PR1379433

Authentication and Access Control

  • MAC move might occur in DHCP security scenario. PR1369785

  • IPv4 or IPv6 DHCP-security client entries will be recorded on trusted ports as well. PR1390676

Class of Service (CoS)

  • The 802.1P rewrite might not work on inner VLAN. PR1375189

  • FPC card might reboot when changing CoS mode from hierarchical-scheduler to per-unit-scheduler. PR1387987


  • EVPN/VXLAN: MAC entry is incorrectly programmed in the Packet Forwarding Engine, leading to some traffic being silently dropped or discarded. PR1231402

  • MPLS label leak leads to label exhaustion and rpd process crash. PR1333944

  • EVPN type-5 route might be lost if chained-composite-next-hop command is configured. PR1362222

  • The l2ald memory might cross the threshold in an EVPN scenario. PR1368492

  • Proxy ARP might not work as expected in an EVPN environment. PR1368911

  • The rpd might crash in EVPN scenarios when configuring EVPN. PR1369705

  • EVPN active or active multi homed PE device occasionally prefers to route to a directly connected prefix using LSPs toward the multi homed peer instead of going directly out the IRB interface (which is up). PR1376784

  • The RA packets might be sent out without using the configured virtual gateway address. PR1384574

Flow-based and Packet-based Processing

  • PIM register message might be dropped on SRX Series devices. PR1378295

Forwarding and Sampling

  • Junos OS allows firewall filters with the same name under [edit firewall] and [edit firewall family inet] hierarchy levels. PR1344506

  • L2ald crashes when trying to adjust mac-table-size configuration. PR1383665

  • The filter counter is not written to the accounting file when accounting is enabled on the bridge firewall filter. PR1392550

General Routing

  • TACACS access does not work after upgrade. PR1220671

  • Routing Engine and Packet Forwarding Engine out-of-sync errors are seen in syslog. PR1232178

  • The mspmand process might generate a core file in rare conditions due to a high rate of TCP traffic. PR1253862

  • The wrong TBB Packet Forwarding Engine component's temperature might be reported on MX80. PR1259379

  • On MX Series routers, the show chassis led command should not be displayed in possible completions of the show chassis command. PR1268848

  • Flexible PIC concentrator (FPC) crash/reboot is observed when bringing up about 12,000 Layer 2 Bit Stream Access (L2BSA) subscribers simultaneously. PR1273353

  • Error messages might be seen if flapping the aggregated Ethernet interface hosted on MPC-3D-16XGE card. PR1279607

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/mobiled. PR1284625

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/mspmand. PR1284643

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/mspsmd. PR1284654

  • PPPoE canot dial in due to all PADI dropped as "unknown iif" when the aggregated Ethernet configuration is deactivated or activated. PR1291515

  • Wrong packet statistics are reported in ifHCInUcastPkts OID. PR1306656

  • In a few cases it was seen that RS are all up but virtual service is down. This was seen mainly in configuration load overriride conditions. PR1313009

  • Migrate from syslog API to Errmsg API - /src/junos/usr.sbin/subinfo. PR1327262

  • Migrate from syslog API to Errmsg API - /src/junos/usr.sbin/aaad. PR1327266

  • Migrate from syslog API to Errmsg API - /src/junos/usr.sbin/smihelperd. PR1327271

  • Tc_count counters in filter with the scale-optimized command are not incrementing. PR1334580

  • With certificate hierarchy, where intermediate CA profiles are not present on the device, in some corner cases, the PKI daemon can become busy and stop responding. PR1336733

  • AI-script does not get automatically upgraded unless it is manually done after a Junos OS upgrade. PR1337028

  • Routing Engine does not have MAC map for MAC type 7. PR1345637

  • Additional show commands are called when the request support information command is issued. PR1346129

  • The rpd might crash when the dynamic-tunnels next-hop resolving migrates to a more specific IGP route. PR1348027

  • Routing Engine mastership keepalive timer is not updated after the GRES configuration is removed. PR1349049

  • The MPC might crash when the MIC is removed. PR1350098

  • Migrate from syslog API to Errmsg API - /bbe-svcs/smd/plugins/cos/. PR1353179

  • Some of the inline service interfaces cannot send out packets with the default bandwidth value (100 Gbps). PR1355168

  • Chassis alarm is not reflecting the correct state when INP0 and INP1 have AC voltage out-of-range. PR1355803

  • The mpls-ipv4 template does not have correct src AS and dst AS as 4294967295 src Mask and DstMask as 0 after adding the mpls-flow table size on the fly. PR1356118

  • Link stays up unexpectedly on MX204 with copper cable removed. PR1356507

  • MPC/FPC might be unable to reply request messages to the Routing Engine in a high subscriber scale scenario. PR1358405

  • show chassis ethernet-switch on PTX10000. PR1358853

  • The show chassis fpc command output might show "Bad Voltage" for FPC powered off by configuration or CLI command after the command show chassis environment fpc is executed. PR1358874

  • Bbe-smgd restarts unexpectedly while performing graceful Routing Engine switchover (GRES). PR1359290

  • PluginExit() function is never called. PR1359610

  • FPC core file might be observed after GRES switchover. PR1361015

  • IP over VPLS traffic is affected by EXP rewrite rule on the core-facing MPLS interface. PR1361429

  • The MX Series router functioning as a BNG does not generate ESMC/SSM Quality Level failed snmp trap. PR1361430

  • Rpd struck at 100 percent after clear bgp neighbor operation. PR1361550

  • Migrate from syslog API to Errmsg API;usp/usr.sbin/nsd/common/nsd_tpm.c. PR1361986

  • Spontaneous bbe-smgd core file might be seen on the backup Routing Engine. PR1362188

  • The MS-MPC might reset continuously on MX Series platforms. PR1362271

  • M/Mx: Traffic loss of 1 percent is seen during GRES phase of unified ISSU from 17.3-20180527.0 to17.3-20180527.0. PR1362324

  • Executing show route prefix proto ip detail during route churm in a route scale scenario might lead to FPC crash. PR1362578

  • The inline-J-Flow sampling configuration might cause FPC crash on MX Series platforms. PR1362887

  • MX-VC: Request to record VCCP heartbeat state change in syslog by default. PR1363565

  • xmlproxyd for internal interfaces is reporting uint32 instead of uint64. PR1363766

  • The multicast route update might get stuck in KRT queue and the rpd might crash if rpd and kernel go out of sync. PR1363803

  • FPM board is missing in SNMP MIB walk. PR1364246

  • A traffic loop might occur even though that port is blocked by RSTP in a ring topology. PR1364406

  • The kernel might crash after repeatedly deactivating/activating interfaces/filter/class-of-services configurations due to accessing stale memory entry. PR1364477

  • Configuration commit might be delayed by 30 seconds. PR1364621

  • AF's operational state moves to down state in a node virtualized environment where GNFs are connected through AF interface. PR1364921

  • The traffic is still forwarded through the member link of an aggregated Ethernet bundle interface even with "Link-Layer-Down" flag set. PR1365263

  • Default adapter type changed from E1000 to VMXNET3. PR1365337

  • Traffic drops seen if training failure is seen on a line card for three of more planes. PR1365668

  • MPC7E: ukern crash and FPC reboot with vty command show agent sensors verbose. PR1366249

  • MS-MPC/MS-PIC might crash in NAT scenario. PR1366259

  • MX150: Upgrade to Junos OS Release 18.1R1.9 fails. Installing package nfx-2-routing-data-plane-1.0-0.x86_64 needs 76 MB on the file system. PR1366324

  • Migrate from syslog API to Errmsg API - junos/lib/liboiu-ffp/. PR1366546

  • The next hop of MPLS path might be stuck in hold state, which could cause traffic loss. PR1366562

  • Snmp MIB walk for UDP flood gives different output statistics than CLI. PR1366768

  • Syslog errors seen LOG : Err] Failed to allocate 2 jnh-dwords for encap-ptr(ether-da)!,LOG: Err] gen_encap_common: jnh-alloc failed! 8. PR1366811

  • Offline of the fabric links of Packet Forwarding Engine 4 and Packet Forwarding Engine 5 is not supported. PR1367412

  • The bbe-smgd process might crash during the authentication phase for L2BSA subscriber. PR1367472

  • The show system resource-monitor fpc output might show a non existing Packet Forwarding Engine. PR1367534

  • RTG interface status might be shown as incorrect status with show interface. PR1368006

  • Multiple provisioning and deprovisioning cycles cause rdmd memory leak. PR1368275

  • JSA10893: 2018-10 Security Bulletin: MX Series: In BBE configurations, receipt of a crafted IPv6 exception packet causes a denial of service (CVE-2018-0058). PR1368599

  • RPD API rt_nexthops_extract_gateway_convert_unnumbered_gf_dli() rectification. PR1368855

  • The commit or commit check might fail due to the error of not having lsp-cleanup-timer without lsp-provisioning. PR1368992

  • SNMP MIB walk causes KMD errors. PR1369938

  • L2TP subscriber firewall filter might not be removed from the Packet Forwarding Engine when routing services are enabled in the dynamic profile. PR1369968

  • Kernel crash might be seen after committing demux-related configuration. PR1370015

  • The rpd might crash after Routing Engine switchover is performed or the rpd is restarted if interface-based dynamic GRE tunnel is configured. PR1370174

  • Packet that exceed 8000 bytes might be dropped by MS-MPC in ALG scenario. PR1370582

  • GMIC2 : SFP-1FE-FX optics does not come up on GMIC. PR1370962

  • All the MX150 devices running VRRP on a LAN are stuck in master state. PR1371838

  • BBE SMGD generates a core file on FPC restart. PR1371926

  • FPC high CPU utilization or crashes occur during hot-banking condition. PR1372193

  • SMGD generates a core file after essmd restart with reference to mmf_ensure_mapped (mmf=0xe8f0200, offset=4294967295, len=108) at ../src/junos/lib/libmmf/mmf.c:1972. PR1372223

  • Need a way to verify the session IDs above the 32-bit limit to check if this is working. PR1385237

  • With very high scale l3vpn, traffic is dropped when egressing on an AF interface. PR1372310

  • Image installation on SD fails with error Unable to read reply from software add command to re1; error 1. PR1372877

  • The Routing Engine might crash after non-GRES switchover. PR1373079

  • Core in ifinfo at pif_af_fe_info pif_af_ifd when displaying af interface information. PR1373436

  • AOC Type Optics fail to initialize on MACsec TIC startup. PR1373572

  • EDVT-GI-MIC2 : Interfaces do not come up for bidirection module SFP-100BASE-BX10-U and SFP-100BASE-BX10-D. PR1373795

  • BOOTP packets might be dropped if BOOTP-support is not enabled at the global level. PR1373807

  • LDP convergence delay might be seen after IGP metric change with bgp-igp-both-ribs command configured. PR1373855

  • There is a vMX QoS performance issue in the Junos OS Release 18.3. PR1373999

  • Cosmetic log warning: [---] is protected, 'protocols ---' cannot be deleted is seen after commit using configure private in a configuration with "protect" flag present. PR1374244

  • FPC might be unable to work properly if one child interface is removed from an aggregated Ethernet bundle in a dynamic VLAN subscriber scenario. PR1374478

  • Bbe-smgd generates a core file continously while deleting multicast group node from the tree. PR1374530

  • PCE-initiated LSPs remain Control status became local after removing PCE configuration. PR1374596

  • A few L2BSA subscriber logical interfaces are left behind in SMD infrastructure and kernel after logout. PR1375070

  • SFB and PDM/PSU related information is missing in jnxBoxAnatomy MIB on high-end MX Series routers (MX2010/2020). PR1375242

  • The bbe-smgd core file might be seen after doing GRES. PR1376045

  • Interface optic output power is not zero when the port has been disabled. PR1376574

  • CI: Not generating Power Supply failed trap. PR1376612

  • Disabling OAM might cause the Broadband Edge daemon to crash. PR1377090

  • Packets might be dropped on data plane in the inline J-Flow scenario. PR1377500

  • MQTT keepalive timeout messages seen in case of slow JTI collectors. PR1378587

  • After NAT64 router (with MS-MPC) translates an IPv6 fragment to IPv4 fragment, router is not inserting the right value in identification field of IPv4 header. PR1378818

  • The ICMPv6 packets larger than 1024 might be dropped if icmp-large-packet-check is configured on IDS service. PR1378852

  • Traffic might get silently dropped or discarded when CoS configuration is changed on a PS interface. PR1379530

  • Protocol adjacency might flap and FPC might reboot if jlock hog happens. PR1379657

  • Remove the chassisd alarms for FPCs exceeding 90 percent of power budget and exceeding 100 percent of power budget. PR1380056

  • The software detects SDB STS lock deadlock and breaks the deadlock itself, and system resumes normally processing on its own. PR1380231

  • CE_Customer: DT_BNG: ESSM model: rpd generates a core file during the fifth GRES, with reference to task_kevent_udata_task (ev= <optimized out>) at ../../../../../../src/junos/lib/libjtask/base/platform/bsd/task_io_bsd.c:127. PR1380298

  • Encryption and decryption do not occur, because the Packet Forwarding Engine discards while testing that the group VPN member was established by using the authentication-method preshared key ASCII text. PR1381316

  • Memory leak observed in MS-MPC card. PR1381469

  • Subscribers not able to log in after double GRES, after reboot, or after configuration. PR1382050

  • On MX3ru for Junos OS Release 18.3R1 release ISSU fails if QSA is plugged in. PR1382126

  • The MPC6E might crash while fetching PMC device states. PR1382182

  • Flows are getting exported before the active timeout. PR1382531

  • PFT MX10008 expected inline-ipv4-export-packet-failures is not listed in show services accounting error. PR1382873

  • MAC addresses might disappear, if the interface MTU of EVPN PE device is changed. PR1382966

  • The kmd crashes with a core file after bringing up IPsec connection. PR1384205

  • CoS attachment might be mistakenly removed for DHCPv4 stack when DHCPv6 stack fails to be brought up for single-session dual-stack subscriber. PR1384289

  • MBFD flaps because clksync congest the scheduler for 100ms. PR1384473

  • CE_Customer: DT_BNG: Bbe-smgd generates multiple core files with reference to bbe_mcast_vbf_dist_policy_service_encoder (params= <opyimized out>) at ../src/junos/usr.sbin/bbe-svcs/smd/plugins/mcast/bbe_mcast_policy_config.c:159. PR1384491

  • RPT_REG_SERVICES: The MPLS packets with more than eight labels will not be processed by J-Flow. PR1385790

  • IPsec VPN traffic might fail when passing through MS-MPC of MX Series routers with CGNAT enabled. PR1386011

  • Representation of memory units is changed from gigabytes (GB) to gibibytes (GiB) in the help string under the resource template hierarchy. PR1386516

  • RBU_REGRESSIONS_SERVICES ::IPv4 and IPv6 VIP Routes are not withdrawn after aggregated Ethernet and VLAN with IRB flap. PR1386713

  • RBU_Services_Regressions: SFLOW : Agent ID in show sflow command is displaying lo interface IP instead of fxp0 IP. PR1386890

  • In case a LSP is locally configured without an explicit path ERO, the object remains empty in the PCRpt generated by PCC. PR1386935

  • Uninitialized EDMEM[0x400094] Read (0x6db6db6d6db6db6d) logs are seen with sampling applied to a subscriber with routing-service applied. PR1386948

  • When tracing is enabled, having a lot of trace-flags set could result in an rpd core file due to buffer overflow. PR1387050

  • The pccd might crash when changing delegation-priority. PR1387419

  • The bbe-smgd daemon crashes and generates a core file when two DHCP subscribers with the same framed-route prefix and preference values try to log in. PR1387690

  • Output of the show class-of-service interface command incorrectly shows adjusting application as PPPoE IA tags for DHCP subscribers. PR1387712

  • FPC core file might be seen at sensor_export_time_exceed_limit agent_health_monitor_data_reap when Jinsight is configured. PR1388112

  • Bbe-smgd does not respond to NS from SLAAC client on dynamic VLAN. PR1388595

  • Incorrect values for flow packets/octets fields might be seen in inline J-Flow scenario. PR1389145

  • The bbe-smgd process generates repeated core files and stops running as a result of long-term session database shared memory corruption. PR1388867

  • IGMP group threshold exceed log message prints a wrong demux logical interface. PR1389457

  • BFD flaps are seen on MX Series platforms with inline BFD. PR1389569

  • MX204 - Excluding speed CLI option under the interface level. PR1389918

  • Class of service adjustment-control-profile configuration for application DHCP tags does not get applied. PR1390101

  • Delay in CLI output with second or more show subscriber <> extensive queries occur when the first session is sitting at -(more)- prompt displaying show subscribers extensive. PR1390762

  • Trailing characters appear in the GNMI get API reply. PR1390967

  • DT_BNG: DFW plug in NACKs DHCPv6/PPPoE requires ESSM subscriber re-login after ISSU. PR1391409

  • The routing-engine-power-off-button-disable command does not work on MX204. PR1391548

  • The bbe-smgd process might crash after committing configuration changes. PR1391562

  • On MX Series routers serving as a DHCP server for dual-stack subscribers, BBE-SMGD process generates a core file. PR1391845

  • On MX2000, fans start spinning at high speed upon inserting previously offlined FPC. PR1393256

  • If FPGA on the new master CB has a specific hardware failure, the chassid might keep crashing after GRES switchover. PR1393884

  • PFT MX10008: Inline-services enabling the Flex-Flow-Sizing takes more than 12 minutes to move to steady state. PR1397767

  • The show system errors active is not showing the error for MPC3E NG HQoS. PR1398084

  • Kernel core file occurs on vMX due to jlock assert. PR1398320

  • High jsd or na-grpcd CPU usage might be seen even JET or JTI is not used. PR1398398

  • The bbe-smgd process might generate a core file when executing show pppoe lockout. PR1398873

  • FPC might crash after offline/online MIC-3D-16CHE1-T1-CE-H. PR1402563

High Availability (HA) and Resiliency

  • Backup Routing Engine might go to db prompt after performing configuration remove and restore. PR1269383

  • Observed error: not enough space in /var on re1. while doing unified ISSU upgrade from Junos OS Release 17.4-20180328.0 to Release 18.2-20180416.0. PR1354069

  • VC-Bm cannot sync with VC-Mm when the Virtual Chassis splits the reforms. PR1361617

Interfaces and Chassis

  • Aggregated Ethernet speed calculation changes according to 10 Gigabit Ethernet after post GRES. PR1326316

  • Momentary dip in traffic occurs when a GRES is performed. PR1336455

  • Native-vlan-id support on ps-interface. PR1352933

  • The sonet interface will go down after enabling "keep-address-and-control" in L2VPN scenario. PR1354713

  • The aggregated Ethernet interface might flap when the link speed of the aggregated Ethernet bundle is configured to oc192. PR1355270

  • Approximately 50 percent of PPPoE subscribers (PTA and L2TP) and all ESSM subscribers are lost after ISSU during DT CST stress test. PR1360870

  • Error messages like ifname [ds-5/0/2:4:1] is chan ci candidate are seen during a commit operation. PR1363536

  • In case of MPLS , DMR packets are sent with different mpls exp bits if MX Series router receives CFM DMM packets with varying exp values on MPLS header. PR1365709

  • In rare case, there might be L2TP subscribers stuck in terminated state. PR1368650

  • The EOAM LTM messages might not get forwarded after system reboot in CFM scenario configured with CCC interface. PR1369085

  • ISSU could be aborted at Timed out Waiting for protocol backup chassis master switch to complete with MX Series Virtual Chassis configuration. PR1371297

  • The error parse_remove_ifl_from_routing_inst() ERROR : No route inst on et-0/0/16.16386 is seen after restarting l2cpd daemon. PR1373927

  • The dcd process might go down when vlan-id none is configured for the interface. PR1374933

  • FTI logical interface VNI limits changed from (0..16777215) to (0..16777214). PR1376011

  • Duplicate IP cannot be configured on both SONET (so-) interface and other interfaces. PR1377690

  • Some error logs (Tx unknown LCP packet) might be reported by the bbe-smgd daemon on MX Series platforms. PR1378912

  • Higher level OAM CFM between CE might not work in VPLS scenario. PR1380799

  • The dcd restarted unexpectedly after committing a configuration with static demux interface stacking over ps interface. PR1382857

  • The jpppd process might crash if the EPD value contains a format specifier. PR1384137

  • DCD core can be seen after FPC restart if channelized interfaces are configured. PR1387962

  • Interface-control thrashes and dcd does not restart after adding invalid demux interface to the configuration. PR1389461

  • Decoupling of Layer 2 logical interface configuration from bridge-domain or EVPN configuration PR1390823

Layer 2 Ethernet Services

  • STP status gets wrong after changing outer VLAN-tags. PR1121564

  • The MAC address might not be learned due to spanning-tree state "discarding" in kernel table after Routing Engine switchover. PR1205373

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/lacpd. PR1284592

  • ZTP infra scripts are not included for MX Series PPC routers. PR1349249

  • Migrate from syslog API to Errmsg API:PPMD client LACP. PR1358599

  • The DHCP leasequery message is replied to with an incorrect source address. PR1367485

  • JSA10889 2018-10 Security Bulletin: Junos OS: The jdhcpd process crashes during processing of specially crafted DHCPv6 message (CVE-2018-0055). PR1368377

  • The kernel core might happen by commit operation in rare condition. PR1369459

  • The subscriber's authentication might fail when the link-layer address encoded in the DHCPv6 DUID is different from the actual link-layer hardware address. PR1390422

Layer 2 Features

  • The traffic might not be transmitted correctly in a large-scale VPLS scenario. PR1371994


  • When minimum-bandwidth and bandwidth commands are present in the configuration, the bandwidth selection of the LSP is inconsistent. PR1142443

  • JDI-RCT: Rpd core file is seen on master Routing Engine after performing restart chassisd. PR1352227

  • Layer 2 Circuit might flap after an interface goes down even if the LDP session stays up when l2-smart-policy is configured. PR1360255

  • The rpd might crash in BGP LU and LDP scenario. PR1366920

  • RSVP authentication might fail between some Junos OS releases and causes traffic loss during local repair. PR1370182

  • The next hop of static LSP for MPLS might get stuck in dead state after changing the network mask of the outgoing interface. PR1372630

  • The traceroute MPLS might fail when traceroute is executed from a Juniper Networks device to another device not supporting RFC 6424. PR1372924

  • Rpd process eventually might crash after Routing Engine switchover with GRES/NSR enabled. PR1373313

  • The traffic might not be load-balanced equally across LSPs with ldp-tunneling configured. PR1373575

  • The rpd process might crash continuously if nsr-synchronization or all flag is used in RSVP traceoptions. PR1376354

  • JSA10883: Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel crash (CVE-2018-0049). PR1380862

  • Ingress LSPs go down due to CSPF failure. PR1385204

  • Configured bandwidth 0 does not get applied on RSVP interface. PR1387277

  • Bypass LSP is taking same SRLG colored path. PR1387497

Platform and Infrastructure

  • MAC addresses are not learned on bridge-domains after XE/GE interface flap tests. PR1275544

  • MQCHIP CPQ block should report major alarm. PR1276132

  • Distributed multicast might not be forwarded to a subscriber interface. PR1277744

  • show igmp statistics not including any statistics under interface aggregate for distributed multicast interfaces. PR1289415

  • When chassis control restart is done with aggregated Ethernet and COS rewrite configuration, Platform failed to bind rewrite messages could be seen in syslog. PR1315437

  • RLT subinterfaces are not reporting statistics. PR1346403

  • lt- interface gets deleted with tunnel-services configuration still present. PR1350733

  • Some linecards might crash in subscriber scenario enabled with distributed IGMP. PR1355334

  • When forwarding-class-accounting command is enabled on an interface, inside of a routing-instance of instance-type vrf, aggregate input forwarding-class statistics do not increment (egress statistics work fine). PR1357965

  • JSA10899 2018-10 Security Bulletin: Junos OS: Nexthop index allocation failed: private index space was exhausted through incoming ARP requests to management interface (CVE-2018-0063). PR1360039

  • Select CLI functions are not triggering properly (set security ssh-known-hosts load-key-file, set system master-password). PR1363475

  • Qmon sensors are not working with hypermode enabled. PR1365990

  • Subscribers over aggregated Ethernet interface might have tail drops, which will affect the fragmented packets due to QXCHIP buffer getting filled up. PR1368414

  • Forwarding is broken after adding protocol evpn extended-vlan-id. PR1368802

  • The host outbound traffic might get dropped when the class-of-service host-outbound-traffic ieee-802.1 rewrite-rules command is configured. PR1371304

  • Traffic might drop on new added interfaces on MX Series routers after unified ISSU. PR1371373

  • The logical tunnel interface might be unable to send out control packets generated by Routing Engine. PR1372738

  • JNH memory leaks in multicast scenario with MoFRR enabled. PR1373631

  • Traffic traversing an IRB is not tagged with a VLAN if the packets go through an additional routing-instance. PR1377526

  • FPC crash might be seen after FPC restarts. PR1380527

  • lsi binding is missing upon nd6 entry refresh after l2ifl flap. PR1380590

  • Packet drops on interface if the command gigether-options loopback is configured. PR1380746

  • In certain Junos scenarios, DFWD memory corruption is seen due to large logical interface fstate messages. This can lead to log messages on dfwd traceoptions and occasionally DFWD core file. PR1380798

  • Packet drops might be seen if the packet header is over 252 bytes. PR1385585

  • RADIUS not working using management instance for IPv6 family. PR1391160

  • The configuration through NETCONF session might fail. PR1383567

  • L3VPN/ROSEN over PS over RLT: In Junos OS Release 18.4DCB after ifconfig goes down for PS logical interface, and its Link and Admin status are not going down as expected. PR1396335

Routing Policy and Firewall Filters

  • Set metric multiplier offset might overflow/underflow. PR1349462

  • The rpd process might crash if then next-hop is configured for LDP export policy. PR1388156

Routing Protocols

  • Migrate from syslog API to Errmsg API;/src/junos/usr.sbin/ppmd. PR1284621

  • Multihop eBGP peering session exchanging EVPN routes can result in rpd core file when BGP updates are sent. PR1304639

  • The BGP session might be stuck with high BGP OutQ value after GRES on both sides. PR1323306

  • The rpd might crash when BGP neighbor is flapping. PR1337304

  • The bfd process memory leak might be observed if enabling multi-hop BFD session for a static route with multiple qualified-next-hop. PR1345041

  • Rpd crash might be seen after executing Routing Engine switchover. PR1349167

  • FPC might continuously crash on vMX platforms. PR1364624

  • sBFD session flaps incrementally with 300 StaticSR clients configured with 100 ms as minimum-interval. PR1366124

  • Static route gets unexpectedly refreshed on commit when configured with resolve configuration statement. PR1366940

  • About 10 minutes of traffic loss is caused by BGP flap during MX Series unified ISSU. PR1368805

  • TCP sessions might be taken down during Routing Engine switchover. PR1371045

  • Route entry might be missing when IS-IS shortcut is enabled and MPLS link flaps. PR1372937

  • SSH is not working if [edit system services ssh hostkey-algorithms] is set or in FIPS mode. PR1382485

  • The rpd might crash after issuing operational command show route detail for RIP route. PR1386873

  • Penultimate-hop router does not install BGP LU label, causing traffic to be silently dropped or discarded. PR1387746

  • Next hop is not deleted by ukernel. However, the delete command is seen in rtsockmon. PR1389379

  • The rpd process might crash when rp-register-policy is configured with more than 511 terms. PR1394259

Services Applications

  • Selectively start ZLB Delay timer at the Packet Forwarding Engine for LAC tunnels. PR1338450

  • L2TP Access Concentrator (LAC) tunnel connection request packets might be discarded on LNS device. PR1362542

  • The L2TP subscribers might not be able to log in successfully due to the jl2tpd memory leak. PR1364774

  • Accounting stop message is not sent to RADIUS server after bringing down the L2TP subscriber. PR1368840

  • IPsec-VPN IKE security-associations might get stuck in "Not Matured" state. PR1369340

  • Actual-Data-Rate-Downstream might not be included in the L2TP ICRQ message. PR1370699

  • NAT64 does not translate ICMPv6 Type 2 packet (packet is too big) correctly when MS-DPC is used for NAT64. PR1374255

  • FTP ALG is not supported with twice-nat. PR1383964

  • L2TP subscribers might be stuck in init state in a corner case. PR1391847

Subscriber Access Management

  • The authd process might not be started after executing Routing Engine switchover on the backup Routing Engine without GRES enabled. PR1368067

  • RADIUS VSAs, Actual-Data-Rate-Downstream, and Actual-Data-Rate-Upstream values are not compliant with RFC 4679. PR1379129

  • CoA updates subscriber with original dynamic-profile if RADIUS has returned a different dynamic-profile name. PR1381230

  • Some subscribers fail to get SRL service as provided in the RADIUS accept message even though the RADIUS messages can be sent and received. PR1381383

  • The value of predefined-variable-defaults routing-instances overrides the RADIUS-supplied VSA (26-1 Virtual-Router). PR1382074

  • Log Message: authd: gx-plus: logout: wrong state for request session-id <xyz>. PR1384599

  • Multiple IPv6 IANA addresses are assigned for one session in IPv6 PD binding failure scenarios. PR1384889

  • Usage-Monitoring-Information AVP as part of PCRF gx-plus provisioning is causing service accounting activation. PR1391411


  • The rpd process might crash after configuration change in an L2VPN scenario. PR1351386

  • EOAM group-down status does not work as expected. PR1361437

  • In dual-homed next-generation MVPN, the receipt of type 5 withdrawal removes downstream join states for some routes. PR1368788

  • In MVPN source site, a redundant environment primary site can generate type 5 routes for the sources from different sites without having real traffic, potentially causing an outage if the receiver PE devices accept those routes as preferable. PR1375716

  • The rpd process crashes when LSP template for a provider tunnel is changed. PR1395353

Documentation Updates

This section lists the errata and changes in Junos OS Release 18.4R3 documentation for MX Series.

Subscriber Management Provisioning Guide

  • The new topic, Subscriber Management RADIUS Dictionary Files, provides a link to the Juniper Networks RADIUS dictionary that is used by default with subscriber management for each supported release. The dictionary is updated only when software features that affect the file are added or changed. The dictionary is not updated for every Junos OS release.

  • Starting in Junos OS Release 15.1, the Broadband Subscriber Sessions User Guide and the CLI Explorer incorrectly included information about the show extensible-subscriber-services accounting command. This command is not present in the CLI. Instead, you can use accounting profiles to collect statistics from the Packet Forwarding Engine for Extensible Subscriber Services Manager (ESSM) subscribers. See Flat-File Accounting Overview for information about accounting for ESSM subscribers.

Subscriber Management VLANs Interfaces Guide

  • The Broadband Subscriber VLANs and Interfaces User Guide did not clearly indicate that only demux0 is supported for demux interfaces. If you configure a different demux interface, such as demux1, the configuration commit fails.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

Starting in Junos OS 18.3R1 release, FreeBSD 11.x is the underlying OS for all Junos OS platforms which were previously running on FreeBSD 10.x based Junos OS. FreeBSD 11.x does not introduce any new Junos OS related modifications or features but is the latest version of FreeBSD.

The following table shows detailed information about which Junos OS can be used on which products:


FreeBSD 6.x-based Junos OS

FreeBSD 11.x-based Junos OS

MX5,MX10, MX40,MX80, MX104



MX240, MX480, MX960,

MX2010, MX2020



Basic Procedure for Upgrading to Release 18.4


Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files) might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Junos OS Administration Library.

For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.

Procedure to Upgrade to FreeBSD 11.x based Junos OS

Products impacted: MX240, MX480, MX960, MX2010, and MX2020.

To download and install FreeBSD 11.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-18.4R3.9-signed.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-18.4R3.9-signed.tgz

    Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos package):

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-18.4R3.x-limited.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-18.4R3.9-limited.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 11.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 11.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.


You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.


After you install a Junos OS Release 18.4 jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.x) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.


Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.

Procedure to Upgrade to FreeBSD 6.x based Junos OS

Products impacted: MX5, MX10, MX40, MX80, MX104.

To download and install FreeBSD 6.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    • All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

      user@host> request system software add validate reboot source/jinstall-ppc-18.4R3.9-signed.tgz
    • Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos OS package):

      user@host> request system software add validate reboot source/jinstall-ppc-18.4R3.9-limited-signed.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.


After you install a Junos OS Release 18.4 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see

Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:

  1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.

  2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

  3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

  4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Downgrading from Release 18.4

To downgrade from Release 18.4 to another supported release, follow the procedure for upgrading, but replace the 18.4 jinstall package with one that corresponds to the appropriate release.


You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.

Release History Table
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the Junos Telemetry Interface (JTI).