Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for MX Series 5G Universal Routing Platform


These release notes accompany Junos OS Release 19.1R3 for the MX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at

What's New

Learn about new features introduced in the Junos OS main and maintenance releases for MX Series.

What's New in Release 19.1R3-S2

High Availability (HA) and Resiliency

  • LACP inline support during ISSU for multivendor networks (MX104, MX240, MX480, MX960, MX10003)—Starting with Junos OS Release 19.1R3-S2, ISSU supports LACP interoperability with other vendor devices for fast periodic interval sessions. LACP sessions in full scale scenarios with interoperability will no longer experience timeouts during ISSU.

    Use the set protocols lacp ppm inline command to enable LACP inline support.

    [See Getting Started with Unified In-Service Software Upgrade]

What's New in Release 19.1R3

There are no new features or enhancements to existing features for MX Series in Junos OS Release 19.1R3.

What's New in Release 19.1R2

Routing Protocols

  • MPC10 Inline BFD support (MX Series)—Starting in Junos OS Release 19.1R2, MPC10 MPCs support inline BFD features, excluding micro BFD and BFD sessions with authentication.

    [See Understanding BFD for Static Routes.]

Subscriber Management and Services

  • CoA messages support Session-Timeout attribute (MX Series)—Starting in Junos OS Release 19.1R2, you can apply a session timeout for subscriber sessions with a RADIUS CoA message that includes the Session-Timeout attribute (27). This capability is useful, for example, when subscribers purchase Internet access for a specific period of time and must log out when the session expires. In earlier releases, the router does not recognize the attribute if it is included in a CoA message.

    [See Understanding Session Options for Subscriber Access.]

What's New in Release 19.1R1-S1

Interfaces and Chassis

  • MPC10 Distributed LACP Support in PPM AFT (MX Series)—Starting in Junos OS Release 19.1R1–S1 and 19.1R2, MPC10E-15C-MRATE and MPC10E-10C-MRATE MPCs support distributed LACP in Periodic Packet Manager (ppman) Advanced Forwarding Toolkit (AFT).

What's New in Release 19.1R1

Authentication, Authorization, and Accounting (AAA) (RADIUS)

  • Support for SFTP global disablement (MX Series)—Starting in Junos OS Release 19.1R1, we have globally disabled incoming SSH File Transfer Protocol (SFTP) connections by default. You can enable incoming SFTP connections globally by configuring the statement sftp-server at the [edit system services ssh] hierarchy level. Prior to Junos OS Release 19.1R1, the incoming SFTP connections were globally enabled by default.

    [See Configuring sftp-server.]

Class of Service (CoS)

  • Support for CoS features (classifiers, rewrites, port queuing, L3 interfaces only) (MX Series)—Starting with Junos OS Release 19.1R1, you can configure the standard CoS forwarding (classifiers, rewrites, port queuing, L3 interfaces only) on MPC10E-15C-MRATE line cards.

    [See Understanding Class of Service.]

  • Support for Real-time Transport Protocol (RTP) payload types 96 through 127 on inline video monitoring (MX Series)—Starting with Junos OS 19.1R1, you can configure MX Series Routers for inline video monitoring of uncompressed HD or 4K stream video (Payload Type 96 through 127). MDI functionality has been extended to video flows such as ST 2000-5 (RTP PT 98) and ST 2000-6 (RTP PT 99). These are non-MPEG video flows over IP/UDP/RTP and are constant bit rate flows. The operator would specify proper IP addresses and UDP ports so that nonvideo flows over RTP will not go through MDI processing.

    [See Understanding Inline Video Monitoring on MX Series Routers.]


  • Support for auto-derived route target on EVPN-MPLS (MX Series)—Starting in Junos OS Release 19.1R1, Junos OS supports the automatic derivation of a route target on EVPN-MPLS. With this feature, the route target is automatically derived from the VLAN ID for EVPN type 2 and EVPN type 3 routes. The auto-derived route targets have higher precedence over manually configured RT in vrf-target, vrf-export policies, and vrf-import policies.

    To enable auto-derived route target, include the auto statement at the [edit routing-instances routing-instance-name protocols evpn vrf-target] hierarchy level.

    [See Auto-derived Route Targets.]

  • Support for proxy MAC addresses in an ARP request (MX Series)—Starting in Junos OS Release 19.1R1, provider edge (PE) devices in an EVPN network that support ARP proxy can use a proxy MAC address in the ARP replies message to a host. When a PE device receives an ARP request or NDP request, it searches its MAC-IP address binding database for the requested IP address. If the device finds the MAC-IP address entry in its database, it responds to the request with the proxy MAC address. The proxy MAC address is derived from the IRB interface in an EVPN network with edge-routed bridging overlay and from the manually configured MAC address in a centrally routed bridging overlay. If the device does not find an entry, the PE device replaces the MAC and IP address from the CE device in the ARP request with the proxy MAC and IP address of the IRB interface. This allows for enhanced security (for example, L3 filtering) deployments on L3 gateway for both inter-VLAN and intra-VLAN traffic will be routed.

    To enable this feature, configure the proxy-mac [irb | proxy-mac-address] statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy or at the [edit routing-instances routing-instance-name bridge-domains domain_name] hierarchy.

    [See ARP and NDP Request with a proxy MAC address.]

  • Support for asynchronous notification on EVPN-VPWS (MX Series)—Starting in Junos OS Release 19.1R1, asynchronous-notification is supported on interfaces on EVPN-VPWS. You can enable the asynchronous notification command to send a loss of signal (LOS) alarm to the CE device when the circuit cross-connect link between a customer edge and provider edge device goes down. Asynchronous notification supports ethernet-ccc, ethernet-vpls, or vlan-ccc encapsulation.

    To enable this feature, include the asynchronous-notification statement at the [edit interfaces interface-name] hierarchy level.

    [See Configuring Gigabit Ethernet Notification of Link Down Alarm.]

Forwarding and Sampling

  • Support for tracking static RPM routes across multiple next hops (MX Series)—Starting in Junos OS Release 19.1R1, you can use rpm-tracking to track up to 16 next hops for RPM-controlled static routes. This features supports both IPv4 and IPv6 static rpm-tracked routes, and extends the single hop rpm-tracking introduced in Junos OS Release 18.4.

    [See show route rpm-tracking.]

  • Support for using IP addresses in an SR-TE LSP segment list (MX Series)—Starting in Junos OS Release 19.1R1, you can use IP addresses (IPv4 or IPv6) for next hops in a segment routing traffic engineering (SR-TE) list of label-switched paths (LSPs). This work extends the support for traffic steering based on a segment routing policy that was introduced in Junos OS Release 17.4R1, wherein the controller can specify a segment routing policy consisting of multiple paths to steer labeled or IP traffic.

    [See auto-translate in segment-list and retry-timer in source-packet-routing.]


  • New fixed-configuration Modular Port Concentrator (MX240, MX480, and MX960)—Starting in Junos OS Release 19.1R1, the MPC10E-15C-MRATE is a new Modular Port Concentrator (MPC) that is supported on MX240, MX480, and MX960 routers.

    The MPC10E-15C-MRATE features the following:

    • Line-rate throughput of up to 1.5 Tbps.

    • Twelve QSFP28 ports—Port numbers 0/0 through 0/3, 1/0 through 1/3, and 2/0 through 2/3. The ports can be configured as 10-Gbps, 40-Gbps, or 100-Gbps Ethernet ports.

    • Three QSFP56-DD ports—Port numbers 0/4, 1/4, and 2/4. The ports can be configured as 10-Gps, 40-Gps, 100-Gbps Ethernet ports.

    [See MX Series 5G Universal Routing Platform Interface Module Reference.]

Interfaces and Chassis

  • Support for MPC10E-15C-MRATE line card (MX240, MX480, and MX960)—Starting with Junos OS Release 19.1R1, the MX240, MX480, and MX960 routers support the MPC10E-15C-MRATE line card. This fixed-port line card is capable of delivering a bandwidth of up to 1.5 Tbps per MPC slot. It supports three MICs (one per Packet Forwarding Engine), each of which can deliver a throughput of up to 500 Gbps. Each MIC comprises five ports that support 100 Gbps (the default), 40 Gbps, and 10 Gbps speeds through the use of QSFP28+ and QSFP+ optics. You enable 10 Gbps speed (four 10 Gbps channels) by using breakout cables.

    • The MPC10E-15C-MRATE is powered on only if the MX Series router has an enhanced Switch Control Board (MX-SCBE3) installed.

    • The MPC10E-15C-MRATE is supported only with the high-capacity AC and DC power entry modules (PEMs) and the high-capacity fan trays used in MX Series routers.

    • The MPC10E-15C-MRATE is powered on only if the router operates in enhanced-ip or enhanced-ethernet mode.

    • The MPC10E-15C-MRATE is not supported on the MX2000 and MX10000 lines of routers.

    [See MPC10E-15C-MRATE, Understanding Interface Naming Conventions for MPC10E-15C-MRATE MPC, MPC10E-15C-MRATE Rate-Selectability Overview, Supported Active Physical Ports for Rate Selectability to Prevent Oversubscription on MPC10E-15C-MRATE, and Configuring Rate Selectability on MPC10E-15C-MRATE to Enable Different Port Speeds.]

  • Chassis and power management for MPC10E-15C-MRATE (MX240, MX480, and MX960)—Starting in Junos OS Release 19.1R1, the MX240, MX480, and MX960 routers with the MPC10E-15C-MRATE line card support chassis management features, including field-replaceable unit (FRU) management, power budgeting and management, and environmental monitoring. The MPC10E-15C-MRATE line card supports configuration of ambient temperature (25°C, 40°C, and 55°C) and dynamic power management. The default ambient temperature value supported is 40°C. The MPC10E-15C-MRATE line card supports both hyper mode (the default mode) and normal mode.

    • The MPC10E-15C-MRATE is powered on only if the MX Series router has an enhanced Switch Control Board (MX-SCBE3) installed.

    • The MPC10E-15C-MRATE is powered on only if the router operates in enhanced-ip or enhanced-ethernet mode.

    • The MPC10E-15C-MRATE will be powered on only when the MX Series router is installed with enhanced Fan Trays.

    • The MPC10E-15C-MRATE will be supported only when the MX Series router is installed with Enhanced PEMs.

    • On MX960 routers with enhanced Midplane on the slot 1, the MPC10E-15C-MRATE will not be powered on.

    [See Understanding How Configuring Ambient Temperature Helps Optimize Power Utilization and Understanding How Dynamic Power Management Enables Better Utilization of Power.]

  • Packet Forwarding Engine power on and power off support for MPC10E-15C-MRATE (MX240, MX480, and MX960)—Starting Junos OS Release 19.1R1, on MX240, MX480, and MX960 devices with MPC10E-15C support, you can power on or power off a Packet Forwarding Engine using the command set chassis fpc slot-number pfe slot-number power (on | off).

    The show chassis fpc FPC Slot detail displays the Packet Forwarding Engine power ON/OFF status and bandwidth for the individual PFEs in an MPC10E-15C-MRATE.

    [See show chassis fpc.]

  • Support for ETH-ED (MX Series)—Starting with Junos OS Release 19.1R1, when a unified in-service software upgrade (ISSU) is about to start, the peer maintenance association end point (MEP) is notified to suppress the remote defect indication (RDI) and loss of adjacency alarms for a specified duration. To ensure that the notification is sent before the upgrade starts, you must configure the Ethernet expected defect (ETH-ED) function by including the expected-defect statement at the [edit protocols oam ethernet connectivity-fault-management expected-defect] hierarchy level.

    [See connectivity-fault-management.]

  • Improved performance of small packets (MX Series) —Starting in Junos OS Release 19.1R1, the MPC7E-MRATE, MPC7E-10G, MPC8E, MPC9E, MX10003 MPC, MX204, and JNP10K-LC2101 line cards provide improved performance of small packets (with a minimum packet size of 64 bytes) in transmit direction. To enable this feature, reduce the number of active ports (at the PIC level) to the following maximum numbers:

    • Sixteen 10-Gbps ports

    • Four 40-Gbps ports

    • Two 100-Gbps ports (when the line card is in 240-Gbps mode)

    • Three 100-Gbps ports (when the line card is in 400-Gbps mode)

    To configure the number of active ports, use the existing command set chassis fpc slot pic slot number-of-ports number-of-active-ports.

    • The command does not change packet performance at the Packet Forwarding Engine level; it improves packet performance in transmit direction at the port level only.

    • For an MX10003 MPC, in 40-Gbps and 10-Gbps PIC modes, if both the PICs are used, the number of ports cannot exceed six on either PIC. If only PIC 1 is used, you can set the number of ports to 12. For an MX204 MPC, in 10-Gbps PIC mode, if both the PICs are used, the sum of the interfaces created on the PICs cannot exceed 16. If only PIC 0 is used, you can set the number of ports to 4 (4 interfaces per port). If only PIC 1 is used, you can set the number of ports to 8 (1 interface per port).

    [See Understanding Rate Selectability.]

  • Support for inline LACP PDU transmission processing (MX Series routers with MPCs)—Starting in Junos OS Release 19.1R1, MX Series routers with MPCs support inline LACP PDU transmission processing for periodic packet management (on the Packet Forwarding Engine). To enable the inline processing method instead of using the default LACP PDU transmission processing, issue the set protocols lacp ppm inline command.

    [See inline.]


  • Distinguished name support in IPsec (MX Series)—Starting with Junos OS Release 19.1R1, distinguished name (DN) support is added to the IKE identification (IKE ID) that is used for validation of VPN peer devices during IKE negotiation. The IKE ID received by an MX Series router from a remote peer can be an IPv4 or an IPv6 address, a hostname, a fully qualified domain name (FQDN), or a DN. The IKE ID sent by the remote peer needs to match what is expected by the MX Series router. Otherwise, IKE ID validation fails and the VPN is not established.

    A distinguished name (DN) is a name used with digital certificates to uniquely identify a user. You can use a container keyword to specify the order of the fields in a distinguished name and their values must exactly match the configured distinguished name, or use a wildcard keyword to specify that the values of fields must match but the order of the fields does not matter.

    [See Understanding Junos VPN Site Secure.]

  • Support for IPsec and Group VPN services (MX2010 and MX2020)—Starting in Junos OS Release 19.1R1, Junos OS supports IPsec and Group VPN services on MX2010 and MX2020 routers. Group VPNs eliminate the need for point-to-point VPN tunnels in a mesh architecture. They provide a set of features that are necessary to secure unicast traffic over a private WAN that originates on or flows through a router.

    [See Group VPNv2 Overview.]

Junos Telemetry Interface

  • RSVP interface OpenConfig model support and self-ping logs on Junos telemetry interface (JTI) (MX960 and PTX10003)—Starting in Junos OS Release 19.1R1, JTI sensor support is enhanced for RSVP interfaces to include delivery of more statistics. The level of support is equivalent to the output delivered when using the show rsvp interface detail operational mode command.

    To configure the sensor for statistics to be issued to an outside collector, include the following path for gRPC streaming:

    • /network-instances/network-instance/mpls/signaling-protocols/rsvp-te/interface-attributes/interfaces/interface/*

    To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.

    [See gRPC Services for Junos Telemetry Interface and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • Delegated RPM statistics sensor support for Junos telemetry interface (JTI) (MX Series)—Starting with Junos OS Release 19.1R1, for MX Series routers operating with MS-MIC and MS-MPC, a new sensor allows customers to monitor delegated RPM service statistics on the router and export them to outside collectors at configurable intervals encoded in Google Protocol Buffer (GPB) format.

    Delegated RPM is a mode where RPM probe generation and measurement calculation are done by MS-MIC and MS-MPC cards. This hardware assistance allows a very high scale of concurrent RPM probes. JTI sensor support for other RPM modes was added in Junos OS Release 18.3R1.

    You can use the resulting data from this sensor to improve network design and optimize traffic engineering. Data can also be used to detect problems in individual devices as well as in the overall network and the traffic carried by it.

    Monitor delegated RPM service statistics by configuring the /junos/services/spu/delegated-rpm/ sensor for the sensor configuration statement.

    For exporting statistics, configure parameters at the [edit services analytics] hierarchy level.

    [See sensor (Junos Telemetry Interface) and Configuring a Junos Telemetry Interface Sensor (CLI Procedure) and Junos OS Release Notes for MX Series 5G Universal Routing Platform, 18.3R1.]

  • Export of data associated with the Junos kernel through Junos telemetry interface (JTI) (EX9200, EX9251, EX9253, MX Series, and PTX Series)—Starting in Junos OS Release 19.1R1, you can export data associated with the Junos kernel through remote procedure calls (gRPC) and JTI. Kernel telemetry data includes information on Veriexec state, graceful Routing Engine switchover (GRES), in-service software upgrade (ISSU), and Routing Engine ifstate. Junos kernel sensors can be used by device monitoring and network analytics applications to provide insight into the health status of the Junos kernel.

    Junos kernel sensors introduced in Junos OS Release 19.1R1 support both periodical and ON_CHANGE streaming. The following Junos kernal resource paths support periodical streaming only:

    • /junos/kernel-ifstate/dead-ifstates-cnt

    • /junos/kernel-ifstate/alive-ifstates-cnt

    • /junos/kernel-ifstate/delayed-unrefs-cnt

    • /junos/kernel-ifstate/delayed-unrefs-max

    [See Understanding OpenConfig and gRPC on Junos Telemetry Interface and Guidelines for gRPC Sensors (Junos Telemetry Interface).]

  • SR-TE telemetry statistics and BINDING-SID routes support for uncolored SR-TE policies (MX Series)—Starting in Release 19.1R1, Junos OS supports SR-TE telemetry statistics and BINDING-SID routes for uncolored SR-TE policies. Uncolored SR-TE LSP is characterized by the absence of color statement in its configuration.

    Junos OS now allows collection of traffic statistics for both ingress IP traffic and transit MPLS traffic that take uncolored SR-TE paths. Also, you can install BINDING-SID labels even if the first hop of the segment list is a label. Prior to Junos OS 19.1R1 Release, the installation of BSID routes was not supported if the first hop of the segment list was a label, and a commit check was done.

    The show spring-traffic-engineering lsp command is enhanced to provide the source by which the SRTE policy was provisioned. For example, Static, Path Computation Element Protocol. Also, the show spring-traffic-engineering lsp detail command is enhanced to provide information on the source of the tunnel configuration and statistics.

    By default, traffic sensors and statistic collection are disabled for static SR-TE routes. To enable provisioning of Junos telemetry interface traffic sensors in Junos OS data plane to stream out traffic statistics on segment routing policies and their Binding-SID routes, use the existing statistics statement at the [edit source-packet-routing telemetry] hierarchy level.

Layer 3

  • Support for Layer 3 features on the MPC10E-15C-MRATE (MX Series)—Starting in Junos OS Release 19.1R1, Junos OS supports the following Layer 3 features on the MPC10E-15C-MRATE.

    • BGP (multipath/IPv4 and IPv6 labelled unicast)

    • IPv4 (forwarding and options)

    • IPv6 (forwarding and route accounting)

    • Load balancing (ECMP and FRR)

      Options supported: enhanced -hash-key family inet/inet6/mpls

    • L2VPN, CCC, and Layer 2 circuit

    • MPLS (push/pop/swap, LDP, RSVP-Aggregate, RSVP-TE Admin Groups, RSVP-TE, OAM - LSP/VPN ping, trace route, auto bandwidth, and MPLS-FRR link node protection.

      Options supported: No Decrement Ttl, No Propagate Ttl, MTU-signaling Splitting-merging, Primary/Secondary, ICMP Tunneling, IPv6 Tunneling, LDP Tunneling, Optimize Timer, Explicit-Null, UHP and PHP support.

    • OSPF (node-link-protection and node-link-degradation)

    • Protocols (IS-IS, OSPF, OSPF V3 for V6, BGP + BGP-v6, BGP LU, BGP-LS, BGP optimal-route-reflection (ORR), BFD (Centralized), Micro BFD(centralized), ICMP and ICMPv6 error handling, and LLDP).

    • Routing instance logical system VRF

    • Tunnel (generic routing encapsulation (GRE), logical tunnel (LT), and virtual tunnel (VT))

      [See Tunnel Services Overview.]


  • Tracing support for individual JET application files (MX Series)—Previously you could configure trace options for all applications. Starting in Junos OS Release 19.1R1, you can also configure trace options for an individual application file. If you configure trace options both globally (all applications) and locally (by application file), the local configuration has the higher priority. You must commit global trace options and the daemonized application configurations at the same time for the global trace options for the daemonized application to take effect.

    [See application.]


  • Flexible MPLS label stack depth (MX Series with MPC and MIC)—Currently, Junos OS supports push of up to a maximum of five labels per component of the next-hop chain, even though the underlying device capability can be higher. Starting in Junos OS Release 19.1R1, the device capability of pushing more than 5 labels can be leveraged for features, such as, segment routing traffic-engineering (TE) LSPs and RSVP-TE pop-and-forward LSPs.

    The number of labels that can be pushed for an MPLS next hop is the number of labels the device is capable of pushing, or the maximum-labels configured under family mpls of the outgoing interface, whichever is smaller.

    [See Configuring the Maximum Number of MPLS Labels, maximum-labels.]

  • Support for MPLS ping and traceroute for segment routing (MX Series)—Starting in Junos OS Release 19.1R1, MPLS ping and traceroute are supported for segment routing (SR) for protocols IS-IS and OSPF over IPv4. This feature also supports ECMP traceroute for protocols IS-IS and OSPF.

    On MX Series routers, MPLS ping and traceroute for segment routing is supported with enhanced-ip mode only. Segment routing with IS-IS tunnels are stitched to LDP tunnels. Ping and traceroute for segment routing over RSVP is supported.

    In Junos OS Release 19.1R1, MPLS ping and traceroute for segment routing supports IPv4 IGP-Prefix segment FEC validation. FEC validation for IGP-Adjacency Segment ID is not supported.

    [See ping mpls segment routing isis, ping mpls segment routing ospf, traceroute mpls segment-routing ospf, traceroute mpls segment-routing isis.]

  • Support for MPC10E-15C-MRATE (MX Series)—Starting in Junos OS Release 19.1R1, a new MPC10E-15C-MRATE is introduced.

    The following MPLS features are supported on MPC10E-15C-MRATE in 19.1R1:

    • Static, RSVP and LDP LSPs

    • LSP statistics

    • LSP ping and traceroute

    • LSP TTL commands: no-propagate-ttl, no-decrement-ttl

    • L2Circuit and L2VPN with or without control word

    • L3VPN with chain-composite-nexthop

    • L3VPN with vrf-table-label

    • MPLS link protection, node protection and FRR

    • 6VPE

    The following MPLS features are not supported on the MPC10E-15C-MRATE: in 19.1R1:

    • VCCV BFD

    • L2CKT/L2VPN interworking (iw interface)

    • Translational cross-connect (TCC)

    • Flow-aware transport label

    • Entropy label

  • Enhancements to MPLS for LSP path selection (MX Series)—Starting in Junos OS Release 19.1R1, the following enhancements to MPLS have been added for LSP path selection and optimization:

    • Earlier, when LSP active paths were modified, the LSP path got cleared and gets resignaled immediately. From Junos OS Release 19.1R1 onward, if a secondary path is available, and then Junos OS selects the secondary path as active, clears and resignals the primary path after the expiry of the optimize-hold-dead-delay timer. When the primary LSP path is established, the revert-timer gets started. After the revert-timer expires, the primary LSP path becomes active.

      If the primary LSP path is not active with revert-timer on and when there is a change to the primary LSP path, then the LSP path gets cleared and resignaled immediately. When the primary LSP path is established, the revert-timer gets restarted.

    • Earlier if there was any Constrained Shortest Path First (CSPF) failure then the current LSP path becomes invalid because it did not match with the configured constraints. In this case, the current LSP path gets cleared immediately. From Junos OS Release 19.1R1 onwards, if a secondary LSP path is available, then Junos OS selects the secondary LSP path as active and clears the primary path after the expiry of the optimize-hold-dead-delay timer.

    • The CLI command no-bypass-statistics-polling added under the [edit protocols mpls statistics] hierarchy now provides information on bypass LSP statistics.

    • A new CLI command delay has been introduced under the [edit protocols mpls optimize-adaptive-teardown] hierarchy and the value for delay is in the range of (3..65535 seconds). When the adaptive-teardown configuration is triggered, the delay CLI command further delays the tearing down of old optimized LSP paths based on the configured value.

    [See statistics (Protocols MPLS), optimize-adaptive-teardown.]

  • Control transport address used for targeted-LDP session (MX Series)—Currently, only the router-ID or interface address is used as the LDP transport address. Starting in Junos OS Release 19.1R1, you can configure any other IP address as the transport address of targeted LDP sessions, session-groups, and interfaces. This new configuration is applicable only for configured LDP neighbors that have Layer 2 circuit, MPLS, and VPLS adjacencies.

    This feature is beneficial when you have multiple loopback interface addresses, and different IGPs associated with LDP interfaces, and you can control the session established between targeted LDP neighbors with the configured transport address.

    [See Control Transport Address Used for Targeted-LDP Session.]

  • MPLS egress traffic statistics for label IS-IS routes at ingress device (MX Series with MPC and MIC)—Currently, sensors are available for collecting segment routing statistics for MPLS transit traffic, which is MPLS-to-MPLS in nature. Starting in Junos OS Release 19.1R1, additional sensors are introduced to collect segment routing statistics for MPLS egress traffic at the ingress provider edge (PE) device, which is IP-to-MPLS in nature.

    With this feature, you can enable sensors for label IS-IS segment routing egress traffic only, and stream the statistics to a gRPC client.

    [See Understanding Source Packet Routing in Networking (SPRING).]

  • Policy-based multipath routes (MX Series)—In segment routing networks with multiple protocols in the core, you can combine segment routing traffic-engineered (SR-TE) LDP routes and SR-TE IP routes to create a multipath route that is installed in the routing information base (also known as routing table). You can resolve BGP service routes over the mutlipath route through policy configuration and steer traffic differently for different prefixes.

    [See Policy-Based Multipath Routes Overview.]

  • Support of Layer2 and Layer3 VPN services over non-colored Segment Routing for Traffic Engineering (SR TE) (MX Series)— Starting from Junos OS Release 19.1R1, you can use BGP-based Layer2 and Layer3 VPN services over non-colored Segment Routing for Traffic Engineering (SR TE). You can also use other features such as un-balanced ECMP (wecmp), and multi-level weighted ECMP (h-wecmp).

    To use hierarchical multi-level weighted ECMP (h-wecmp), configure the following route resolution import-policy:

    set policy-options policy-statement mpath then multipath-resolve

    set routing-options resolution rib bgp.l3vpn.0 inet-import mpath

    set routing-options resolution rib bgp.l2vpn.0 inet-import mpath

    set routing-options resolution rib mpls.0 inet-import mpath

    [See Static Segment Routing Label Switched Path]

  • Routing Engine-based S-BFD for segment-routing traffic engineering (MX Series)—Starting in Junos OS Release 19.1R1, you can run Routing Engine-based seamless BFD (S-BFD) over non-colored and colored label-switched paths (LSPs) with first-hop label resolution and use S-BFD as a fast mechanism to detect path failures.

    [See Routing Engine-based S-BFD for Segment-Routing Traffic Engineering with First-Hop Label Resolution.]

  • Use of SID labels as first hop for resolving non-colored static segment routing LSPs (MX Series)—Currently, for a static non-colored segment routing traffic-engineered LSP to be usable, the first hop of the segment list must be an IP address. Only the second to nth hop could be segment identifier (SID) labels. Starting in Junos OS Release 19.1R1, this requirement does not apply. You can now configure SID labels as the first hop in the segment list.

    With this configuration, static non-colored segment routing LSPs are resolved using MPLS fast reroute (FRR) and weighted equal-cost multipath. Without this configuration, by default, the LSPs are resolved using IP address.

    [See Static Segment Routing Label Switched Path.]

  • Support of install statement for segment routing LSPs (MX Series)—The install destination-prefix statement which is currently supported at the [edit protocols mpls label-switched-path lsp-name] and [edit protocols mpls static-label-switched-path lsp-name ingress] hierarchy levels is now also supported at the [edit protocols source-packet-routing source-routing-path lsp-name] hierarchy level for both colored and non-colored static segment routing label-switched paths (LSPs).

    You can associate one or more prefixes with a segment routing LSP using the install statement. When the LSP is up, all the prefixes are installed as entries into the inet.3 or inet6.3 routing table.

    [See install (Protocols MPLS).]


  • Support for BGP-MVPN Inter-AS option B (MX Series and T Series)—Starting in Junos OS Release 19.1R1, for improved security and scalability, Juniper supports Inter-AS option B for BGP multicast virtual private networks (MVPNs) and segmented provider tunnels. Only specific configurations are supported, so for example, static tunnels are not supported, nor are PIM any-source multicast (ASM) and PIM source-specific multicast (SSM) tunnels.

    In the supported configuration, BGP-MVPN sites can span multiple autonomous system (AS) boundaries (that is, domains). Each AS can implement its own p-tunnel (they don't have to be the same). Per-VPN subinterfaces are not shared between ASBRs. Likewise, provider edge (PE) routers from one AS cannot be reached from another AS, and the AS topology of one site is not exposed to any others.

    [See inter-as (Routing Instances) and BGP-MVPN Inter-AS Option B Overview.]

  • Support for multicast forwarding on MPC10E-MRATE line cards (MX Series)—Starting in Junos OS Release 19.1R1, multicast forwarding is fully supported on MPC10E-MRATE line cards for MX Series routers.

Network Management and Monitoring

  • Error handling and resiliency support for MPC10E (MX240, MX480, and MX960)—Starting in Junos OS Release 19.1R1, the MX240, MX480, and MX960 routers with MPC10E (MPC10E-15C-MRATE) line cards support error handling and software resiliency. The MPC10E supports detecting errors, reporting them through alarms, and triggering resultant actions. Use the existing commands show chassis errors active, show chassis errors active details, and show chassis fpc errors to view more details of the errors. MPC10E-15C-MRATE also supports powering on or off Packet Forwarding Engine (pfe2), by using the command set chassis fpc slot pfe slot power (on|off), in case of errors such as hardware components issues in Packet Forwarding Engine (pfe2).

    [See show chassis fpc errors and clear chassis fpc errors.]

  • sFlow performance improvements (MX Series)—Starting in Junos OS Release 19.1R1, the following improvements have been added to the sFlow technology feature:

    • For MX Series, the maximum number of samples per second per line card is raised from 950 pps to 9500 pps. Junos OS also introduces an adaptive sampling fallback feature, which decreases the sampling load when the traffic load decreases after adaptive sampling has taken place.

    • For MX Series, PTX Series, and QFX Series, you can configure forwarding class and DSCP values per collector.

    • For MX Series, dual vlans are supported.

    • For MX Series, true output interface (OIF) is supported.

    • Enhancements are made to the following CLI commands: show sflow collector, show sflow collector address ip-address, and show sflow interface.

    [See Understanding How to Use sFlow Technology for Network Monitoring, collector, agent-id, source-ip, show flow collector, and show flow interface.]

Port Security

  • Media Access Control Security (MACsec) support (MX Series)—Starting with Junos OS Release 19.1R1, MACsec is supported on all QSFP interfaces on the MPC10E-15C and MPC10E-10C line cards when installed in an MX Series router. MACsec is an industry-standard security technology that provides secure communication for all traffic on point-to-point Ethernet links. MACsec is capable of identifying and preventing most security threats, and can be used in combination with other security protocols to provide end-to-end network security.

    [See Understanding Media Access Control Security (MACsec).]

Routing Policy and Firewall Filters

  • Support for firewall forwarding on MPC10E-MRATE line cards (MX Series)—Starting in Junos OS Release 19.1R1, firewall forwarding is fully supported on MPC10E-MRATE line cards for MX Series routers.

Routing Protocols

  • Support for BGP graceful shutdown (MX Series)— Starting in Junos OS Release 19.1R1, graceful traffic migration from one BGP next hop to another is supported, without traffic interruption. Also, BGP administrative shutdown communication can be sent to the BGP peer.

    You can configure both graceful-shutdown and shutdown statements at the [edit protocols bgp], [edit protocols bgp group group-name], and [edit protocols bgp group group-name neighbor address] hierarchy levels.


    Graceful shutdown is disabled by default.

    [See: graceful-shutdown (Protocols BGP), shutdown (Protocols BGP).]

  • Support for anycast and prefix segments in SPRING for OSPF protocols (MX Series)—Starting in Junos OS Release 19.1R1, anycast and prefix segments are supported in SPRING. An anycast segment enforces forwarding based on the equal-cost multipath-aware shortest-path toward the closest node of the anycast set. Within an anycast group, all the routers advertise the same prefix with the same SID value, which facilitates load balancing. You can designate prefix segment indexes to prefix SIDs, both anycast and node SIDs, that are advertised in OSPF through policy configuration. Remote routers use this index to consolidate prefixes into respective SRGBs and to derive the segment identifier and forward the traffic destined for a specific prefix.

    You can also configure explicit-NULL flag on all prefix SID advertisements and configure shortcut statement for SPRING routes using family inet (for IPv4 OSPF routes) or family inet-mpls (for IPv4 L-OSPF routes).

    [See: Understanding Adjacency Segments, Anycast Segments, and Configurable SRGB in SPRING.]

  • Support for configurable SRGB used by SPRING in OSPF protocols (MX Series)— Starting in Junos OS Release 19.1R1, you can configure the segment routing global block (SRGB) range label used by segment routing. Labels from this range are used for segment routing functionality in OSPF domain.

    The SRGB is a range of the label values used in the segment routing. Prior to Junos OS Release 19.1R1, you could not configure the range for the SRGB block.

    Locally you can configure srgb start-label <label-range> index-range <index-range> command under [edit protocols ospf source-packet-routing] hierarchy or globally under [edit protocols mpls label-range] hierarchy.

    Following are the SRGB precedences for OSPF protocol:

    • SRGB under OSPF

    • SRGB under MPLS

    • Node-segment implementation of 256 label block

    [See: source-packet-routing (Protocols IS-IS and OSPF).]

  • Support for static adjacency segment identifier in OSPF protocols (MX Series)—Starting in Junos OS Release 19.1R1, static adjacency segment identifiers (SIDs) are supported for OSPFv2 protocols.

    For static adjacency SIDs, the labels are picked from either a static reserved label pool or from an OSPF segment routing global block (SRGB). You can reserve a label range to be used for static allocation of labels using the following configuration: set protocols mpls label-range static-label-range start-value end-value

    The static pool can be used by any protocol to allocate a label in this range. You need to ensure that no two protocols use the same static label. OSPF adjacency SIDs can be allocated from this label block through the configuration using the keyword label.

    [See: Static Adjacency Segment Identifier for OSPF.]

  • Support for export of BGP Adjacency-RIB-Out through BGP Monitoring Protocol (BMP) (MX Series and vMX)— Starting in Junos OS Release 19.1R1, BMP is enhanced to support route monitoring of pre and post rib-out policy.

    You can configure post-policy and pre-policy under rib-out statement at [edit protocols bgp bmp], [edit protocols bgp group group-name bmp], and [edit protocols bgp group group-name neighbor address bmp] hierarchies.


    The default monitoring mode of rib-out is pre-policy.

    [See: Understanding the BGP Monitoring Protocol.]

  • Support for TCP authentication to BGP peers (MX Series)— Starting in Release 19.1R1, Junos OS extends support for TCP authentication to BGP peers that are discovered through allowed prefix subnets configured in a BGP group.

    In releases before Junos OS Release 19.1, BGP supports TCP authentication at the [edit protocols bgp group group-name neighbor address] and [edit protocols bgp group group-name] hierarchy levels. Starting in Junos OS Release 19.1, you can configure TCP authentication under allow statements at the [edit protocols bgp group group-name dynamic-neighbor dyn-name] hierarchy level.

    [See: Understanding Router Authentication for BGP.]

  • Support for stitching of OSPF LDP and segment routing (MX Series)—Starting in Junos OS Release 19.1R1, segment routing-LDP border router can stitch segment routing traffic to LDP next hop and vice versa.

    In an LDP network with deployment of segment routing, there can be islands of devices that support either only LDP, or only segment routing. For the devices to interwork, the LDP mapping server feature is required to be configured on any device in the segment routing network.

    [See: LDP Mapping Server for Interoperability of Segment Routing with LDP Overview.]

  • Support for BGP link-state distribution with SPRING extensions (MX Series)—Starting in Junos OS Release 19.1R1, BGP link-state extensions export segment routing topology information to software-defined networking controllers. Controllers can get the topology information by either being a part of an interior gateway protocol (IGP) domain or through BGP link-state distribution.

    BGP link-state distribution is supported on inter-domain networks and provides a scalable mechanism to export the topology information. This feature benefits networks that are moving to source packet routing in networking (SPRING) but also have RSVP deployed, and continue to use both SPRING and RSVP in their networks.

    In this release, OSPF link-state protocol is supported which pushes SPRING information to the BGP link-state address family.

    [See Link-State Distribution Using BGP Overview.]

  • MPLS transit route installation as primary MPLS fast reroute (FRR) for BGP labeled unicast prefixes (MX Series)—Starting in Junos OS Release 19.1R1, when a peer autonomous system (AS) boundary router or a link fails, traffic traversing through an inter-AS link can be rerouted provided a loop-free path is available. In networks with node protection enabled, MPLS transit routes are installed as primary backup path for BGP labeled unicast prefixes learned from external BGP multi-hop sessions. This feature facilitates quicker route resolution and BGP convergence for BGP labeled unicast prefixes.

    To enable node protection in an inter-AS environment for BGP labeled unicast prefixes, include the existing configuration statement protection at the [edit protocols bgp group family inet labeled-unicast] hierarchy level in enhanced-ip network-services mode.

  • Support for creating IS-IS topology-independent LFA for prefix-SIDs learned from LDP mapping server (MX Series)—Starting in Junos OS Release 19.1R1, you can configure a point of local repair to create a topology-independent loop-free alternate backup path for prefix-SIDs derived from LDP mapping server advertisements in an IS-IS network. In a network configured with segment routing, IS-IS uses the LDP mapping server advertisements to derive prefix-SIDs. LDP Mapping server advertisements for IPv6 are currently not supported.

    To attach flags to LDP mapping server advertisements, include the attached statement at the [edit routing-options source-packet-routing mapping-server-entry mapping-server-name] hierarchy level.

    [See prefix-segment-range.]

Services Applications

  • Support for tunnel interfaces on the MPC10E line card (MX Series)—Starting in Junos OS Release 19.1R1, Junos OS supports three tunnel interfaces: generic routing encapsulation (GRE) tunnel, logical tunnel (LT), and virtual tunnel (VT) on the MPC10E line card.

    • The GRE tunnel interface supports the tunnel statement with these options: destination, key, source, traffic-class and ttl. The copy-tos-to-outer-ip-header statement is also supported.

    • The LT interface supports family inet, family inet6, and family iso options. The encapsulation statement supports the Ethernet and VLAN physical interface options only.

    • The VT interface supports the family inet option only.

    [See Tunnel Services Overview]

  • Support for Port Mirroring on the MPC10E line card (MX Series)—Starting in Junos OS Release 19.1R1, Junos OS supports port mirroring on the MPC10E line card. The MPC10E supports IPv4 (inet) and IPv6 (inet6) address families only.

    [See Configuring Port Mirroring]

  • Support for inline flow monitoring on the MPE10E line card (MX Series)—Starting in Junos OS Release 19.1R1, Junos OS supports inline active flow monitoring. Inline active flow monitoring supports version 9 and IPFIX flow collection templates. Version 9 template is supported for IPv4, IPv6, MPLS, and MPLS-IPv4. IPFIX template is supported for IPv4, IPv6, MPLS, MPLS-IPv4, and VPLS flows. Both IPFIX and version 9 templates use UDP as the transport protocol.

    [See Understanding Inline Active Flow Monitoring]

  • Support for automatic restart of Two-Way Active Measurement Protocol (TWAMP) Client—Starting in Junos OS Release 19.1R1, the TWAMP client restarts automatically after a network failure, a configuration change, or an IP connectivity issue. However, for the client to reconnect to the TWAMP server automatically, you must use 0 as the test-count value in the set rpm twamp client control-connection test-count command. Also, at the TWAMP server side, the default value of max-connection-duration in the set rpm twamp server max-connection-duration must also be 0. You can display the test results after the network recovers, or after the server is reachable, by using the set services rpm twamp client control-connection c1 persistent-results command.

    [See Understanding TWAMP Auto-Restart].

  • Support for Layer 2 services over GRE tunnel interfaces with IPv6 transport (MX Series routers with MPCs)—Starting in Release 19.1R1, Junos OS supports Layer 2 Ethernet services over GRE interfaces with IPv6 traffic. After GRE encapsulates the packets, it redirects them to an intermediate host, where they are de-encapsulated and routed to their final destination. Support for bridging over GRE enables you to configure bridge domain families on gr- interfaces and also enable integrated routing and bridging (IRB) on gr- interfaces. To configure the bridge domain family on gr- interfaces, include the family bridge statement at the [edit interfaces gr-fpc/pic/port unit logical-unit-number] hierarchy level.

    [See Layer 2 Services over GRE Tunnel Interfaces on MX Series with MPCs].

Software Defined Networking (SDN)

  • Support for in-chassis Junos Node Slicing (MX480, MX960, MX2010, and MX2020)—Starting in Junos OS Release 19.1R1, Junos Node Slicing supports an in-chassis model, which allows all Junos Node Slicing components, such as Juniper Device Manager (JDM), base system (BSYS), as well as guest network functions (GNFs), to run within the Routing Engine of the MX Series router. To configure in-chassis Junos Node Slicing, ensure that the MX Series router has one of the following Routing Engines installed:

    • RE-S-2X00x6-128 (used in MX480 and MX960 routers)

    • RE-MX200X8-128G (used in MX2010 and MX2020 routers)

    [See Junos Node Slicing Overview and Configuring MX Series Router to Operate in In-Chassis Mode.]

  • Support for VXLAN on GNFs (MX480, MX960, MX2010, MX2020, and MX2008)—Starting in Junos OS Release 19.1R1, guest network functions (GNFs) support EVPN with VXLAN encapsulation. This support enables you to configure GNFs to function as VXLAN Layer 2 or Layer 3 gateways. This support is also available on MX Series routers in LAN mode.

    [See Understanding EVPN with VXLAN Data Plane Encapsulation and Components of Junos Node Slicing.]

  • Abstracted fabric interface support for MS-MPC, 16X10GE MPC, MPC2E, MPC3E, MPC4E (MX480, MX960, MX2010, MX2020, and MX2008)—Starting in Junos OS Release 19.1R1, Abstracted fabric (af) interfaces interoperate with the following line cards:

    • Multiservices MPC (MS-MPC)

    • 16x10GE MPC

    • MPC2E

    • MPC3E

    • 32x10GE MPC4E

    • 2x100GE + 8x10GE MPC4E

    An abstracted fabric interface is a pseudointerface that facilitates routing control and management traffic between guest network functions (GNFs) through the switch fabric.

    [See Abstracted Fabric (AF) Interface.]

  • MS-MIC and MS-MPC support for in-chassis Junos Node Slicing (MX480, MX960, MX2008, MX2010, and MX2020)—Starting in Junos OS Release 19.1R1, in-chassis Junos Node Slicing supports assignment of MS-MICs and MS-MPCs to guest network functions (GNFs). MS-MICs and MS-MPCs provide improved scaling and high performance, and possess enhanced memory and processing capabilities. The MS-MIC supports the Layer 3 services such as stateful firewall, NAT, IPsec, active flow monitoring, RPM, and graceful Routing Engine switchover (GRES). In-chassis Junos Node Slicing also support inline Layer 2 and Layer 3 services.

    [See Multiservices MIC and Multiservices MPC (MS-MIC and MS-MPC) Overview.]

  • Software resiliency support for in-chassis Junos Node Slicing (MX480, MX960, MX2010, and MX2020)—Starting in Junos OS Release 19.1R1, software resiliency is enabled for guest network functions (GNFs) in the in-chassis Junos Node Slicing model. Resiliency enables the software to recover from certain types of failures. The in-chassis model allows all Junos Node Slicing components, such as Juniper Device Manager (JDM), base system (BSYS), as well as guest network functions (GNFs), to run within the Routing Engine of the MX Series router.

    [See Junos Node Slicing Overview.]

  • Multiversion software support for in-chassis Junos Node Slicing (MX480, MX960, MX2010, and MX2020)—Starting in Junos OS Release 19.1R1, in-chassis Junos Node Slicing supports multi-version software interoperability, enabling the BSYS to interoperate with a guest network function (GNF), which runs a Junos OS version that is later than the software version on the base system (BSYS). This feature supports a difference of up to two versions between the GNF and the BSYS. That is, the GNF software can be up to two versions later than the BSYS software.


    The multiversion software compatibility support is limited to major releases only.

    [See Understanding Multi-Version Software Compatibility.]

  • Programmable flexible VXLAN tunnels (MX80, MX104, MX204, MX10003, and vMX)—Starting in Junos OS Release 19.1R1, we support flexible VXLAN tunnels in a data center environment that includes one or more controllers. In this environment, one or more of the supported MX Series routers can function as data center edge gateways that exchange Layer 2 traffic with hosts in a data center. Through the use of static routes and tunnel encapsulation and de-encapsulation profiles, the Layer 2 traffic is dynamically tunneled over an intervening IPv4 or IPv6 network.

    The controllers in the data center environment enable you to program a large volume of static routes and tunnel profiles on the gateway devices through the Juniper Extension Toolkit (JET) APIs.

    [See Understanding Programmable Flexible VXLAN Tunnels and the JET API Guide]

Subscriber Management and Services

  • Control plane resiliency enhancements (MX Series)—Starting in Junos OS Release 19.1R1, the following enhancements are available:

    • The master and standby Routing Engines exchange detailed information about session database replication. This exchange enables the Routing Engines to better determine whether the replication is correct.

    • You can configure the router to detect shared memory corruption and to automatically recover by rebooting the master or standby Routing Engine, or both. In earlier releases, a manual reboot is required to clear the corrupted shared memory; otherwise, it remains corrupted, causing processes that share the memory to generate core errors.

    • You can monitor Routing Engine resiliency with the new show system subscriber-management resiliency command. The summary version indicates whether the system is functioning normally or an unexpected condition exists. The detail and extensive versions provide detailed information about the shared memory per Routing Engine.

    [See Junos OS Enhanced Subscriber Management and show system subscriber-management resiliency.]

  • Subscriber management support for in-chassis Junos Node Slicing (MX480, MX960, MX2010, and MX2020)—Starting in Junos OS Release 19.1R1, in-chassis Junos Node Slicing supports all subscriber management features and services. Subscriber management provides capabilities such as subscriber access, authentication, and service creation, activation, and deactivation. The subscriber management services include DHCP, PPP, L2TP, VLAN, and pseudowire.

    [See Subscriber Management Overview.]

  • DHCP active leasequery for live updates of binding information (MX Series)—Starting in Junos OS Release 19.1R1, you can configure active leasequery so that DHCP servers can provide an update to DHCP relay agents whenever the DHCP binding information changes. Individual and bulk leasequery provide updates only in a response to a query; subsequent changes are not reported to the relay agent until another query is made. Active leasequery also enables redundancy between relay agents to restore subscriber information if one of the peer relay agents reboots.

    [See DHCP Leasequery Methods.]

  • Display RPF check statistics for dynamic logical interfaces (MX Series)—Starting in Junos OS Release 19.1R1, the show interfaces statistics logical-interface-name detail command can display byte and packet statistics for unicast RPF failures. These statistics are only displayed for dynamic IPv4 or IPv6 logical interfaces where RPF check is configured with the rpf-check or rpf-check mode loose statement. The clear interfaces statistics logical-interface-name command clears RPF statistics.

    [See Unicast RPF in Dynamic Profiles for Subscriber Interfaces.]

  • Additional encapsulations added to pseudowire subscriber logical interfaces (MX Series with MPC and MIC)—Currently, the only supported encapsulation type on the pseudowire subscriber interfaces include:

    • Transport logical interfaces—Circuit cross-connect (CCC) encapsulation.

    • Service logical interfaces:

      • Ethernet VPLS encapsulation

      • VLAN bridge encapsulation

      • VLAN VPLS encapsulation

      Starting in Junos OS Release 19.1R1, in addition to the existing encapsulation types, the following support is provided:

      • Transport logical interfaces—Ethernet VPLS encapsulation, and provision for terminating the interface on the l2backhaul-vpn routing-instance.

      • Service logical interfaces—Circuit cross-connect (CCC) encapsulation, and provision for terminating the interface on locally switched Layer 2 circuits.

    [See Pseudowire Subscriber Logical Interfaces Overview.]

  • Insert identifier tags in HTTP GET headers (MX Series)—Starting in Junos OS Release 19.1R1, you can configure HTTP redirect service filters to insert tags into the headers of HTTP GET messages. You can specify one or more destination addresses in the service rule to identify traffic for tagging. The tagged message is forwarded to the HTTP server where the server can accept or reject access based on the tag values.

    [See Inserting GET Header Tags That the HTTP Server Can Use to Control Content Access.]

System Logging

  • Support for TCP/TLS transport for syslog (MX240, MX480, and MX960)—Starting with Junos OS Release 19.1R1, you can configure multiple TLS syslog servers for a service on the MS-MPC or MS-MIC services cards. You can configure a maximum of four syslog servers for each set of services, and send encrypted data to the servers. The source address for the logs sent to remote hosts uses the configured source address of TCP/TLS host. See TCP/TLS Transport Protocol for Syslog Messages Configuration Overview.

System Management

  • Support for SFTP global disablement (MX Series)—Starting in Junos OS Release 19.1R1, we have globally disabled incoming SSH File Transfer Protocol (SFTP) connections from the CLI by default. You can enable incoming SFTP connections globally by configuring the statement sftp-server at the [edit system services ssh] hierarchy level. Prior to Junos OS Release 19.1R1, the incoming SFTP connections were globally enabled by default.

    See Configuring sftp-server

What's Changed

Learn about what changed in the Junos OS main and maintenance releases for MX Series.

What's Changed in Release 19.1R3

General Routing

  • Change in startup notification after GRES (MX Series routers)—The master Routing Engine sends a coldStart notification when a device comes up. The master Routing Engine also sends a warmStart notifications for subsequent restarts of the SNMP daemon. After GRES, the new master Routing Engine sends a single warmStart notification and the backup Routing Engine does not send any notification. In earlier releases, after GRES, the new master Routing Engine would sometimes send two notifications or a single notification. Of these, the first notification was always a coldStart notification and the second was either a coldStart notification or a warmStart notification.

    [See Standard SNMP Traps Supported by Junos OS.]

  • Automatic installation of YANG-based CLI for RIFT protocol (MX Series, QFX Series, and vMX with 64-bit and x86-based servers)—In Rift 1.2 Release, installation of the CLI for RIFT protocol occurs automatically along with the installation of the junos-rift package. In the pre-1.0 releases of the junos-rift package, the RIFT CLI had to be installed separately using request system yang command after installation of the junos-rift package.

  • Advertising 32 secondary loopback addresses to traffic engineering database as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, multiple secondary loopback addresses in the traffic engineering database were added to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router ID.

  • Logical Interface is created along with physical Interface by default (EX Series switches, QFX Series switches, MX Series routers)—The logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces were created. For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), was displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.

  • Precision Time Protocol (PTP) interface configuration (MX2020, MX2010, MX480, MX960, and MX240)— Remove the aggregated Ethernet interface association and upgrade the device when configuring PTP interface.

Interfaces and Chassis

  • Change in error severity (MX960, MX240, MX2020, MX480, MX2008, and MX2010)—Starting in Junos OS Release 19.1R3, we have reduced the severity of the CRC error ’XR2CHIP_ASIC_JGCI_FATAL_CRC_ERROR’ from Fatal to Major. Earlier, these errors caused the line card to be reset, if the interasic-linkerror-recovery-enable statement was configured. Now, these errors only disable the Packet Forwarding Engines that are affected. With this change, the interasic-linkerror-recovery-enable statement has no effect when this error occurs because we have reduced its severity to Major.


    This behavior change is applicable to the following line cards only: MPC5E, MPC6 MPC7, MPC8, and MPC9.

Services Applications

  • Update to CLI option for configuring the version number to distinguish between currently supported version of the Internet draft draft-ietf-softwire-map-03—In Junos OS Release 19.1R3, the version-3 option under the [edit services softwire softwire-concentrator map-e] hierarchy for configuring the version number to distinguish between currently supported version of the Internet draft draft-ietf-softwire-map-03 is optional. In the earlier Junos OS releases, if you did not configure the version-3 option, the configuration resulted in an error.

    [See map-e.]

What's Changed in Release 19.1R2


  • Support for disabling automatic ESI generation (MX Series and QFX Series)—Starting with Junos OS Release 19.1R2, Junos OS supports disabling the automatic ESI generation for virtual gateway addresses. We recommend that you disable the automatic ESI generation for EVPN networks with edge-routed bridging to improve performance. To disable automatic ESI generation, include the no-auto-virtual-gateway-esi statement at the [edit interfaces name irb unit logical-unit-number] hierarchy level.

General Routing

  • User confirmation prompt for configuring the sub-options of request vmhost commands (MX Series and PTX series)—While configuring the following request vmhost commands, the CLI now prompts you to confirm a [yes,no] for the sub-options also.

    • request vmhost reboot

    • request vmhost poweroff

    • request vmhost halt

    In previous releases, the confirmation prompt was available for only the main options.

Interfaces and Chassis

  • Enhancement to the show interfaces mc-ae extensive command—You can now view additional LACP information about the LACP partner system ID when you run the show interfaces mc-ae extensive command. The output now displays the following two additional fields:

    • Local Partner System ID—LACP partner system ID as seen by the local node.

    • Peer Partner System ID—LACP partner system ID as seen by the MC-AE peer node.

    Previously, the show interfaces mc-ae extensive command did not display these additional fields.

  • Logical Interface is created along with physical Interface by default (MX Series routers)—In Junos OS Release 19.1R2 and later, by default logical interfaces are created on ge-, et-, and xe- interfaces along with the physical interface. In earlier Junos OS Releases, by default, only physical interfaces are created.

    For example, for ge- interfaces, when you view the show interfaces command in earlier releases, by default, only the physical interface (for example, ge-0/0/0), is displayed. Now, the logical interface (for example, ge-0/0/0.16386) is also displayed.

Network Management and Monitoring

  • The show system schema command and <get-yang-schema> RPC require specifying an output directory (MX Series)—Starting in Junos OS Release 19.1R2, when you issue the show system schema operational mode command in the CLI or execute the <get-yang-schema> RPC in a remote session to retrieve schema files, you must specify the directory in which to generate the output files by including the output-directory command option in the CLI or the <output-directory> element in the RPC. In earlier releases, you can omit the output-directory argument when requesting a single module to display the module in standard output.

Routing Protocols

  • Change in the default behavior of advertise-from-main-vpn-tables configuration statement—BGP now advertises EVPN routes from the main bgp.evpn .0 table. You can no longer configure BGP to advertise the EVPN routes from the routing instance table. In earlier Junos OS Releases, BGP advertised EVPN routes from the routing instance table by default.

    [See advertise-from-main-vpn-tables.]


  • On MX960 routers, the decapsulate GRE action now de-encapsulates GRE, IP-in-IP and IPv6-in-IP tunneling packets. You configure this action at the [edit firewall family inet filter filter-name term term-name] hierarchy level.

Services Applications

  • Change in NAT port block syslog message display (MX Series Routers)—When you configure a softwire prefix other than 128, all the JSERVICES_NAT_PORT_BLOCK logs now displays the prefixed B4 address. The following JSERVICES_NAT_PORT_BLOCK are modified:




    In earlier releases of Junos OS, when a softwire prefix was configured, some of the B4 addresses displayed in the JSERVICES_NAT_PORT_BLOCK log were /128 addresses(irrespective of the configured prefix). This change is not observed when the softwire prefix is not configured.

  • New syslog message displayed during NAT port allocation error (MX Series Routers with MS MPC)—With address pooling paired (APP) enabled, an internal host is mapped to a particular NAT pool address. In case, all the ports under a NAT pool address are exhausted, further port allocation requests from the internal host results in a port allocation failure. The following new syslog message is displayed during such conditions:


    This syslog message is generated only once per NAT pool address.

Software Defined Networking (SDN)

  • Increase in the maximum value of delegation-cleanup-timeout (MX Series)—You can now configure a maximum of 2147483647 seconds as the delegation cleanup time for a Path Computation Client (PCC). This extends the time taken by the PCC to retain the last provided path over a PCEP session from the last session down time.

    With the increase in maximum value of delegation-cleanup-timeout from 600 to 2147483647 seconds, you can benefit during a Path Computation Element (PCE) failover, or other network issues that may disrupt the PCEP session with the main active stateful PCE.

    [See delegation-cleanup-timeout.]

Subscriber Management and Services

  • Enhancement to commands to display reason for Routing Engine disconnect (MX Series)—Starting in Junos OS Release 19.1R2, several commands display the reason when the master and standby Routing Engines disconnect because of a memory mismatch error. On a chassis with two Routing Engines, a DRAM size mismatch error can result when both of the following are true:

    • The Routing Engines have different amounts of DRAM.

    • A 64-bit Junos OS image is loaded on the chassis.

    You can avoid this problem by doing either of the following:

    • Ensure that both Routing Engines have the same amount of DRAM.

    • Load a 32-bit image.

    The show database-replication summary and show system subscriber-management summary commands display the DRAM mismatch as the reason in the Disconnection field. The request chassis routing-engine master switch check command displays an error message if the DRAM size is different for the two Routing Engines.

  • XML output format change for test aaa type user commands (MX Series)—Starting in Junos OS Release 19.1R2, the XML output format changes for the test aaa authd-lite user, test aaa dhcp user, and test aaa ppp user commands. Each RADIUS server attribute name has an associated attribute value. Each of these pairs is now enclosed by the <radius-server-data> tag. The new tag makes it easier to recognize the name/value pairs, both for operators and API clients. You may have to change any scripts that use the XML output to work properly with the new format.

    [See AAA Testing and Troubleshooting.]

  • Support for Pseudowire Physical Interface for ANCP Autoconfiguration (MX Series)—Starting in Junos OS Release 19.1R2, you can associate an ANCP neighbor with a subscriber-facing interface pseudowire physical interface for ANCP autoconfiguration of VLANs. When configured, ANCP Port Up and Port Down messages received on the interface trigger notifications to the auto-configuration daemon (autoconfd) to initiate VLAN creation (Port Up) or removal (Port Down). In earlier releases, ANCP supports only the following physical interface types for this feature: aggregated Ethernet (ae), Gigabit Ethernet (ge), 10-Gigabit Ethernet (xe), 100-Gigabit Ethernet (et), and demux.

  • Out-of-address SNMP trap requires thresholds to be configured (MX Series)—Starting in Junos OS Release 19.1R2, the behavior has changed for generating an out-of-address SNMP trap for an address pool configured at the [edit access address-assignment] or [edit routing-instance name address-assignment] hierarchy levels. You must now configure both the high-utilization and abated-utilization thresholds. When the number of assigned addresses surpasses the high-utilization threshold, a high-utilization trap is generated. If all the addresses are assigned from the pool, an out-of-address trap is generated and an out-of-address syslog message is sent.

    In earlier releases, an out-of-address trap is generated when the address pool is exhausted, regardless of whether the thresholds are configured.

    If the number of assigned addresses subsequently drops below the abated-utilization threshold, an abate-high-utilization trap is generated; this behavior is unchanged.

  • Prevent queue-based throttling from stopping subscriber login (MX Series)—Starting in Junos OS Release 19.1R2, you can specify a value of 0 with the high-cos-queue-threshold statement. This value prevents any subscriber from being throttled by queue-based throttling.

  • Changing attributes of physical interface with active subscribers (MX Series)—Starting in Junos OS Release 19.1R2, the commit check fails when you change any attribute of the physical interface, such as the MTU, when subscribers are active. This affects only aggregated Ethernet physical interfaces with targeted distribution configured. In earlier releases, the commit check does not fail and the attribute change brings down the physical interface and all subscribers using that interface.

What's Changed in Release 19.1R1


  • Changes in encoding the ESI label field (MX Series)—Starting in 19.1R1, Junos OS switched from using lower-order bits to higher-order bits in encoding the ESI label field. This results in BUM traffic loss and duplication in traffic. If you encounter this, and you wish to use a mix of Junos OS releases, you must include the es-label-oldstyle statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy on the device that is running the Junos OS release that supports higher-order bit encoding of the ESI label.

General Routing

  • Root XML tag change for show rsvp pop-and-forward | display xml command (MX480)—We’ve changed the root XML tag for the show rsvp pop-and-forward | display xml command to rsvp-pop-and-fwd-information to make it consistent with the XML tag convention. In earlier releases, the command output displays rsvp-pop-and-fwd-info XML tag. Update the scripts with the rsvp-pop-and-fwd-info XML tag to reflect the new rsvp-pop-and-fwd-information XML tag.

    [See Junos XML API Explorer - Operational Tags.]

Interfaces and Chassis

  • In MX204 routers, the error messages are logged when vlan-tagging for a trunk interface that is not configured. These error messages were previously logged with severity level “critical” even though they were not critical enough to require immediate action. The maximum transmission unit (MTU) of interface with or without VLAN-tagging is now logged in as the informational error message (instead of critical error message).

  • IRB not supported on pseudowire subscriber (PS) logical Interface in bridge-domain (MX Series)—In Junos OS Release 19.1R1, integrated routing and bridging (IRB) is not supported on pseudowire subscriber (PS) logical Interface. Hence, you cannot add IRB to a bridge domain with PS interface, that is, you cannot configure IRB and PS interface in the same bridge domain.

    Note that adding IRB to a bridge domain having pseudowire subscriber (PS) logical interface causes kernel crash and continuous reboot of the router until the configuration is rolled back.


    IRB is not supported on PS only in bridge-domain.

    [See bridge-domain.]

  • Support for MAP-E encapsulation and de-encapsulation on inline service interfaces (MX2010)—Starting in Junos OS Release 19.1R1, the MX2010 routers support encapsulation and de-encapsulation of the following ICMP message types for inline service (si) interfaces:

    • Time exceeded (type 11)

    • Destination unreachable (type 3)

    • Source quench (type 4)

    • Parameter problem (type 12)

    • Address mask request and Address mask reply (type 17 and type 18)

    • Redirect (type 5)

  • New XML tag element <lacp-hold-up-state> added in show lacp interfaces XML display (MX Series)—Starting in Junos OS Release 19.1R1, the show lacp interfaces | display xml command displays a new XML tag element <lacp-hold-up-state>. The <lacp-hold-up-state> displays the time interval an interface holds before it changes from state, down to up. In earlier Junos OS releases, the LACP hold up the information for all interfaces was in a single <lacp-hold-up-information> XML tag. Now, for each interface it is displayed in a separate <lacp-hold-up-information> XML tag.

  • Support for creating Layer 2 logical interfaces independently (ACX Series, EX Series, MX Series, PTX Series, and QFX Series)—In Junos OS Releases 18.4R1, 18.4R2, 19.1R1, 19.1R2, and later, MX Series routers support creating Layer 2 logical interfaces independent of the Layer 2 routing-instance type. That is, you can configure and commit the Layer 2 logical interfaces separately and add the interfaces to the bridge domain or Ethernet VPN (EVPN) routing instance separately. Note that the Layer 2 logical interfaces work fine only when they are added to the bridge domain or EVPN routing instance.

    In earlier Junos OS releases, when you use a Layer 2 logical interface configuration (units with encapsulation vlan-bridge configuration), then you must add the logical interface as part of a bridge domain or EVPN routing instance for the commit to succeed.

  • Support to get Optics loopback status for QSFP-100GE-DWDM2 transceivers (MX Series)—Starting in Junos OS Releases 19.1R1, 19.1R2, and later on MX Series routers, you can get the optics loopback status of QSFP-100GE-DWDM2 transceivers along with the regular Ethernet loopback status by issuing the show interfaces interface-name or show interfaces interface-name brief command. The new output field Optics Loopback is added under Link-level type when the show interfaces interface-name CLI command is executed.


  • Starting in Junos OS Release 18.4R1 and 19.1R1, the remote procedure call (RPC) protocol XML tag for mpls-label-value is renamed as mpls-history-label-value, mpls-usage-label-value, and mpls-label-id-value depending on the context of command usage.

  • New debug statistics counter (MX Series)—The show system statistics mpls command has a new output field, called Packets dropped, over p2mp composite nexthop, to record the packet drops over composite point-to-multipoint next hops.

  • Starting in Junos OS Release 19.1R1, the bfd-liveness-detection statement is not supported at the [edit protocols source-packet-routing segment-list] hierarchy level.

Network Management and Monitoring

  • NETCONF <kill-session> operation returns different values in <rpc-error> when the session identifier is equal to the current session ID (MX Series)—Starting in Junos OS Release 19.1R1, when you execute the <kill-session> NETCONF operation and the session identifier is equal to the current session ID, the values of the <error-type> and <error-tag> elements in the resulting <rpc-error> are application and invalid-value, respectively. In earlier releases, the <error-type> and <error-tag> values are protocol and operation-failed.

    [See <kill-session>.]

  • sysName.0 MIB object displays the fully qualified domain name (MX Series)—Starting in Junos OS Release 19.1R1, the sysName.0 MIB object displays the fully qualified domain name. That is, if the hostname and domain name are configured on the system, both will show up for the sysName.0 MIB object: host-name.domain-name. Previously, only the host name showed up.

    [see show snmp mib.]

Network Operations and Troubleshooting Automation

  • Starting in Junos OS Release 19.1, the RPC XML tag for mpls-label-value is renamed as mpls-history-label-value, mpls-usage-label-value, and mpls-label-id-value depending on the context of command usage.

Operation, Administration, and Maintenance (OAM)

  • Performance monitoring history data is lost when a change in number of supported history records is detected (ACX Series and MX Series)—In Junos OS Release 19.1R1, when Ethernet connectivity fault management starts, it detects the number of history records supported by the existing performance monitoring history database and if there is any change from the number of history records supported (that is, 12) in Release 19.1R1, then the existing performance monitoring history database is cleared and all performance monitoring sessions are restarted with mi-index 1.

Routing Protocols

  • Support for BGP LU link protection for a multihop EBGP peer (MX-Series)—Starting in Junos OS Release 19.1R1, you can enable BGP Labeled unicast protection for an indirect next hop for logical-interface-based FRR. In earlier Junos Releases, Junos OS did not compute a backup path for the active indirect next hop failure and caused link failure for EBGP multihop cases where EBGP is chosen as a primary route for BGP LU protection on affected routes.

    To configure BGP link protection for a multihop EBGP peer, enable protection at the [edit protocols bgp group group-name family inet labeled-unicast] hierarchy level.

Services Applications

  • Change in error message displayed while fragmenting or defragmenting IPv6 GRE tunnel interface (MX Series routers)—In Junos OS Release 19.1R1, on an IPv6 GRE tunnel interface, when you enable fragmentation using the allow-fragmentation command or disable fragmentation using the do-not-fragment command, the following error message is displayed:

    Fragmentation for V6 tunnels is not supported

    In earlier Junos OS releases, the following message was displayed:

    dcd_config_ifl_tunnel:Fragmentation for V6 tunnels is notsupported

  • Support for host generated traffic on a GRE over GRE tunnel (MX Series)—In Junos OS Release 19.1R1, you can send host generated traffic on a GRE over GRE tunnel. However, when path maximum transmission unit (PMTU) is updated for the outer GRE tunnel, MTU for inner GRE tunnel is not corrected.

  • Deprecated IPsec manual security association option (MX Series)—In Junos Release 19.1R1 and later releases, the option hmac-sha2-256 under the services ipsec-vpn rule rule-name term term-name then manual direction (bidirectional | inbound | outbound) authentication algorithm statement is deprecated. Use the hmac-sha-256-128 option instead.

Software-Defined Networking (SDN)

  • Starting in Junos OS Release 18.2X75-D30 and 19.1R1, the maximum value for service identifier (SID) depth for PCEP segment routing (SR) LSP has been increased to more than 5 labels. The supported range of max-sid-depth is 1 through 16 with a default value of 5 labels.

    [See pce.]

Subscriber Management and Services

  • ICMP error message rate limit increased (MX Series)—Starting in Junos OS Release 19.1R1, the maximum rate limit for generating ICMP messages for IPv4 and IPv6 packet errors is increased from 50 pps to 1000 pps. The rate limit applies only to non-ttl-expired packets.

    [See Configuring the Rate Limit for ICMPv4 Error Messages and Configuring the Rate Limit for ICMPv6 Error Messages,]

  • Subscribers allowed to log in with bad framed route (MX Series)—Starting in Junos OS Release 19.1R1, users are allowed to log in if the framed route received from RADIUS is bad; for example, if the format is incorrect. In earlier releases, the subscriber is not allowed to log in. For customers that use multiple framed routes, the new behavior enables the subscriber to have partial access to the network using the routes that are accepted instead of not being allowed any access.

User Interface and Configuration

  • Options for monitor traffic interfaces statement added (MX Series)—Starting in Junos OS Release 19.1R1, the options write-fileand read-file under the monitor traffic command are included in the visible CLI.

    [See monitor traffic.]

Known Limitations

Learn about known limitations in this release for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Fault Management

  • The Cmerror Op Set log message is missed for the bringup jspec command-based error simulation. PR1430300

General Routing

  • CFM is not supported for a Layer2-over-GRE tunnel. CCM can pass through as transit traffic through GRE interfaces transparently using the data path. Link trace functionality uses MAC learning and re-injecting LTM on the GRE interface in case the bridge is configured with CFM. This is not a supported feature. PR1275833

  • The system watchdog might not work with secured BIOS. PR1343131

  • The Routing Engine boots from the secondary disk when you:

    • Press the reset button on the RCB front panel, while the Routing Engine boots up before Junos OS reboots.

    • Upgrade the software by booting from the network using the request vmhost reboot network command and the system fails to boot from the network.

    • Upgrade the BIOS and it fails.

    • Reboot the system and it hangs before Junos OS reboots. PR1344342

  • If MTU is configured to a value higher than 9500, which is the maximum permissible value, configuration succeeds. However, the actual value sets back to 1518B without any error. The DCD log can be checked to verify the occurrence. PR1372690

  • The MIC-MACSEC-20G supports 10 Gbps speed through the set chassis fpc x pic y pic-mode 10G configuration applied to both the PICs in that MIC. You must remove any other PIC mode configuration and then apply the 10 Gbps PIC mode configuration. PR1374680

  • The memory usage of processes increases significantly between Junos OS Release 14.1X53-Dxx to Junos OS Release 17.x. PR1390226

  • The OSPF adjacencies flap after GRES, with LACP fast timer configuration. PR1392316

  • On an MX2008 platform with MPC9E, in a line-rate traffic with a redundant SFB2 scenario, if there is one offline redundant SFB2, there might be tail drops or sometimes WRED drops in MPC9E. This results in partial traffic loss. Under normal circumstances, the SFBs should automatically fail over if one of them fails and there should be only a few packets dropped momentarily. PR1395591

  • Configuration database can remain locked after the SSH session is halted. PR1410322

  • When SRTE policies have segment lists that have a single label or three or more labels, the IS-IS interface statistics are not incremented even when SRTE routes take these IS-IS next hops. The kstat-based states are enabled in IS-IS by the set protocols isis source-packet-routing traffic-statistics command. PR1410682

  • Line cards get rebooted when BSYS performs Junos OS-only reboot.

    • Ensure that before performing BSYS Junos OS-only reboot in in-chassis node-slicing mode, switch the mastership to the other Routing Engine.

    • Ensure that before performing BSYS Junos OS image upgrade and reboot in in-chassis node-slicing mode, switch the mastership to the other Routing Engine.

    • Note that BSYS Junos OS-only unified ISSU is not supported in in-chassis node-slicing mode; you need to use the request vmhost software in-service-upgrade option for this. PR1413810

  • The MX Series Packet Forwarding Engine does not account for the labels pushed onto the packet on the egress Packet Forwarding Engine, while PTX Series Packet Forwarding Engine does. This results in slight difference in the byte count for the same traffic stream across these two platforms. The packet-count is still the same across the platforms. Currently, this issue is noticed for uncolored SRTE policies. PR1416738

  • The repd generates core files during the third GRES on RE1 with reference to BbeStatsSessionDb::repdConvert (this=0x886b018, rep_msg=0x89a3814) at ../../../../../../src/junos/lib/libbbe-stats/ PR1417732

  • In a large-scale setup (such as, large number of routing-instances or interfaces), if there are frequent changes in configuration and interface flapping when the rpd is restarted (through deactivate/activate logical system or restart routing), the rpd might crash. PR1438049

  • The FPC x Voltage Tolerance Exceeded alarm is raised and cleared upon bootup of JNP10K-LC2101. PR1415671


  • On Juniper Networks Routing Engines with Hagiwara CompactFlash card installed, after the upgrade to Junos OS Release 15.1 and later, the following error message is observed: smartd[xxxx]: Device: /dev/ada1, failed to read SMART Attribute Data might appear on message logs. PR1333855

Interfaces and Chassis

  • In a large-scale subscriber environment, changing aggregated Ethernet member link configuration might cause two Routing Engines to generate core files. PR1375638


  • With NSR enabled, when the master rpd is restarted, occasionally, out-of-order add and delete messages can arrive on the backup Routing Engine. As a result, label assignment collisions occur, which cause the backup rpd to crash. PR1401813

  • The rpd process might crash. PR1461468

Platform and Infrastructure

  • On all Junos OS platforms, execution of Python scripts through enhanced automation does not work on veriexec images. PR1334425

  • When only peer 1 advertises routes, that peer might not install the de-encapsulated next-hop (NH) route. As a result, type-5 encapsulated traffic sent by peer 2 is dropped until peer 2 advertises any type-5 route. As a workaround, configure a static route pointing to discard on peer 2 and advertise that route as a type-5 route to peer 1. PR1386423

Routing Protocols

  • When 32,000 SRTE policies are configured at once, during configuration time there might be scheduler slips. PR1339829

  • When you replace the simple VLAN interfaces with PS over RLT, you might an increase in FPC CPU usage. This is in keeping with the increased processing and resources needed to support these types of interfaces, which are similar in this regard to the requirements for an aggregated Ethernet interface. PR1396925

  • The rpd process might crash during convergence or route update due to incorrect path selection algorithm. PR1352697

Software-Defined Networking (SDN)

  • The MX Series platform type of the guest network function (GNF) configured on an MX Series chassis does not automatically change if the Routing Engine is installed on a different MX Series chassis type. To fix this issue, you need to delete the GNF and configure it from the start on the new chassis in which Routing Engine is installed.

  • When guest network functions (GNFs) are rebooted for different reasons, the show chassis routing-engine command may incorrectly display the reboot reason as Router rebooted after a normal shutdown. To find the actual reboot reasons, see the log messages of GNFs.

  • External Ethernet port LEDs on Control Board of MX2020 and MX2010 routers do not turn off when the network-slices configuration is deleted or deactivated.

  • If you try to install Juniper Device Manager (JDM) after performing request vmhost zeroize, the installation is unsuccessful. As a workaround, you can delete JDM and install it again.

  • The PS interface maximum transmission unit (MTU) size at times has an incorrect default value. As a workaround, you can delete the PS interface and configure it again.

  • Junos OS Release 19.1R1 does not interoperate with earlier releases of Junos OS that support Junos node slicing. To run the 19.1R1 version of Junos node slicing on any GNF, the BSYS and all other GNFs must also run Junos OS Release 19.1R1.

Subscriber Management and Services

  • For dual-stacked clients over the same PPP-over-L2TP LNS session, enhanced subscriber management does not support configurations where both of the following are true:

    • The CPE sends separate DHCPv6 solicit messages for the IA_NA and the IA_PD.

    • The solicit messages specify a type 2 or type 3 DUID (link-layer address).

    As a workaround, you must configure the CPE to send a single solicit message for both IA_NA and IA_PD when the other configuration elements are present. PR1441801

Open Issues

Learn about open issues in this release for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • This issue is related to the configuration of the hidden statement rate-limit-burst in the class-of-service hierarchy. The commit needs to push an update for CoS code handling on all the Packet Forwarding Engines and during this time, an interface setting (internal attributes for an interface) was found to be NULL. Interface settings are usually stored in a memory location and the pointer to it became NULL because cosd did not check for the NULL values and resulted in segmentation fault. The channelized interface setting was found to be NULL for channelized interfaces, but the CoS code handling the configuration rate-limit-burst in Packet Forwarding Engine de-referenced the setting without doing a NULL check, resulting in core files. PR1425667


  • There might be a few duplicate packets seen in an A/A EVPN scenario when the remote PE device sends packets with IM label due to MAC not being learned on remote PE device but being learned on the A/A local PE device. The non-DF sends the IM-labeled encapsulated packet to the PE-CE interface after MAC lookups instead of dropping the packet, which causes duplicate packets on the CE side. PR1245316

  • Due to timing condition, the dead next hops in the flood group of EVPN-MPLS are seen after remote PE devices bounce. PR1484296

  • On the MX, QFX10002, QFX10008, and QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel. PR1485377

  • When you try to execute VXLAN ping overlay through the RPC command, an RPC error is observed. PR1373025

  • On the MX104 platform, the chained-composite-next-hop ingress evpn statement is missing in the junos-defaults group. This statement must be configured to make EVPN work prior to Junos OS Release 18.3R1-S1/18.3R2, otherwise EVPN does not work as expected. PR1415466

  • The rpd process might generate a core file when the Routing Engine switches over after disabling the BGP protocol globally. PR1490953

  • The VXLAN bridge domain might lose VTEP logical interface after restarting chassisd. PR1495098

  • EVPN core isolation might not work if the BGP GR is (Graceful Restart) enabled. PR1496229

Forwarding and Sampling

  • The skip-service configuration does not work with IPv6 NDP negotiation or ping. PR1074853

  • In a BGP scenario with sampling enabled, incorrect ASN might be returned for the traffic originated from an internal prefix. This is because some AS paths and routes do not hold the latest information in the message buffers that the sampling route-record daemon uses to send to the clients. PR1439630

  • Additional information for the set firewall flexible-match source-ipv6-match ... command must be provided to avoid confusion. PR1389103

  • On a Junos fusion, ingress policing on the SD is broken (MX Series and QFX Series; ingress on AD and SD) and the set interfaces layer2-policer input-policer command is not supported in this release. PR1395217

  • For Junos OS Releases 18.4R1 and 18.3R2, if an IPv4 prefix is added on a prefix list referred by an IPv6 firewall filter, the following log message is not seen in this particular release: Prefix-List [Block-Host] in Filter [Protect_V6] not having any relevant prefixes , Match [from prefix-list Block-Host] might be optimized. PR1395923

  • For Junos OS Release 19.1R1, for physical interface policer for ip-option traffic, the traffic rate is more than 10 percent. PR1398728

  • The show firewall filter global-edge-filter command does not return any values. PR1422407

  • When you verify the selective local-switching functionality with 4000 VLANs, error messages related to traffic not being policied as expected after locally switching it to VLAN 100 and 101 are observed. PR1436343

  • After routing is restarted, the remote mask (indicating from which remote PE devices MAC-IP entries are learned) that the routing daemon sends can be different from the existing remote mask that the Layer 2 learning daemon had prior to restart. This causes a mismatch between the Layer 2 learning and routing daemons' interpretation as to where the MAC-IP entries are learned (local or remote). This leads to the mac-ip table being out of synchronization. PR1452990

  • Packet length for ICMPv6 is displayed as 0 in the output of the show firewall log detail command. PR1184624

  • The following syslog error message might be observed due to SSD hardware failure: Failed connecting to DFWD, error checking reply - Operation timed out. PR1397171

General Routing

  • If a Layer 3 interface is receiving a GRE-encapsulated packet and the interface has two filters attached at ingress as follows:

    • (a) family any with action as mirror.

    • (b) family inet with action as decapsulate gre, then the expected behavior is that the mirrored copy must have the GRE headers as well. However, that is not working as expected because of the presence of filter (b). If you are interested in mirroring the entire packet that came on the interface (that includes GRE header as well), then the workaround is to deactivate or disable the decapsulate gre action of filter (b). PR1090854

  • In a BGP or MPLS scenario, if the next hop type of label route is indirect, then the following changing events about the next hop interface MPLS family might cause the route to be in the Dead state, and the route remains in that state even when the family MPLS is again activated:

    • Deactivating and activating the interface family mpls.

    • Deleting and adding back the interface family mpls.

    • Changing maximum labels for the interface.

    When a labelled route is resolved over an interface, that interface must have family mpls configured for the route to be successfully resolved. Otherwise, the route does not get resolved. PR1242589

  • In an EVPN-MPLS scenario, if the core-facing interface (mpls interface) and the CE-facing interface are on different PEs, and the traffic from core is not continuous and DMAC (Dynamic MAC) ages out, due to an incorrect flood next-hop programming across different PFEs, packet loss might be observed after device rebooted or l2ald restarted. PR1484468

  • The ptp-clock-global-freq-tracable leaf value becomes false and does not changes to true) when the internal lock is in the Acquiring state. PR1493743

  • ERP might not come up properly when MSTP and ERP are enabled on the same interface. PR1473610

  • The input errors on the MX150 router devices might be zero under the show interfaces extensive output when there are CRC or Align errors on the interface. PR1485706

  • In some scenarios with PTP hybrid mode and MPC5E, continuos resetting of the Playback Engine log message occurs. Playback engine resides inside the MPC5E FPGA and it is responsible for maintaining the PTP states corresponding. PR1420335

  • On the MX Series platforms, if the clock frequency slowly changes on CB0 (slow drift), the clock source for MPC-3D-16XGE-SFPP might not be changed to CB1, which cause interfaces on it to go down and remain in the Down state. PR1433948

  • On the MPC7E, MPC8E, and MPC9E line cards, hardware sensor information is logged on the syslog and /var/log/messages every 30 minutes. PR1478816

  • The following syslog message appears: fpcX user.notice logrotate: ALERT exited abnormally with [1]. PR1471006

  • Changing the framing modes on a CHE1T1 MIC between E1 and T1 on a MPC3E NG HQoS line card causes the PIC to go offline. PR1474449

  • MPC10E line card might crash due to inconsistencies during firewall filter add or delete operations that results in traffic being silently discarded. PR1465153

  • IPv6 accounting stop attributes are not correct for MLPPP subscribers. PR1455175

  • The following error message is observed that has no functional impact: MIB2D_RTSLIB_READ_FAILURE: check_rtsock_rc: failed in reading mac_db(xe-5/0/1:0): 0 (Invalid argument) PR1461289

  • SIP session fails when the IPv4 SIP client in a public network initiates a SIP call with the IPv6 SIP client in the private network. PR1139008

  • When performing a Routing Engine switchover without the support of nonstop routing (NSR), occasionally the Layer 2 Control Protocol daemon reports a slips of a few seconds (1 to 10) in its scheduled run and a similar log message as the following is displayed: l2cpd[32770]: JTASK_SCHED_SLIP: 8 sec scheduler slip, user: 0 sec 2180 usec, system: 0 sec, 2188 usec. This delayed run has no functionality or operational effect on any of the Layer 2 protocols controlled by Layer 2 Control Protocol daemon. This is because the STP task delegates transmit or receive BPDUs to a separate dedicated PPMD daemon and the LLDP task transmit or receive PDUs are dealt from the daemon itself. However, the advertisement interval is 30 seconds, with the hold timer value for neighbors' LLDP PDUs being 120 seconds, so the time to recover the few seconds of slips is plenty and enough to absorb it. PR1203977

  • The following cosmetic error is observed as the output: mspmand[190]: msvcs_session_send: Plugin id 3 not present in the svc chain for session. Please open a JTAC case to confirm. PR1258970

  • On the vMX platform, performance of the Intel X710 NIC is lower compared to the performance of Intel 82599 NIC. This issue occurs because 10-Gbps rate can be achieved at 512 byte packet size for X710 NICs, whereas the same can be achieved at 256 bytes for 82599 NICs. PR1281366

  • If a vmhost snapshot is taken on the alternate disk and there is no further vmhost software image upgrade, the expectation is that on the current vmhost image that gets corrupted, the system boots with the alternate disk so you can recover the primary disk to restore the state. However, under the condition where corruption is with host root file system, the node boots with the previous vmhost software instead of the alternate disk. PR1281554

  • On MX204 and MX10003, the Routing Engine might get stuck and boot from the other SSD after vmhost reboot. This is a race condition during BIOS handoff to Junos OS. You must boot the Routing Engine from the primary SSD. PR1295219

  • The user-configured packet hashing options for inet family under enhanced-hash-key might not take effect for the TRIO based FPCs. FPC keeps using the default behavior for hash calculation for IPv4 packets. PR1302637

  • The show dynamic-tunnels database summary command does not show an accurate tunnels summary when the anchor Packet Forwarding Engine line card is not in the up state. As a workaround, use the show dynamic-tunnels database and show dynamic-tunnels database terse commands. PR1314763

  • The customer does not use the chain-composite statement. The chain-composite statement does not bring in a lot of gain, because the TCNH is based on the ingress rewrite premise. Without this statement, things work just fine. PR1318984

  • In JDM (running on secondary server), the jdmd daemon might generate core files if GNF add-image is aborted by pressing Ctrl+C. PR1321803

  • With regard to FPC restarts or Virtual Chassis splits, the design of MX Series Virtual Chassis infra relies on the integrity of the TCP connections. The reactions to failed situations might not be handled in a graceful way---for example, the TCP connection might time out because of jlock hog crossing the boundary value (5 seconds), which might cause bad consequences for the MX Series Virtual Chassis. Currently, there aren't any easy solutions to reduce this jlock hog besides enabling marker infra in the MX Series Virtual Chassis setup. PR1332765

  • The first packet pertaining to J-Flow Packet Forwarding Engine sensor in UDP mode is missing after line-card reboot. PR1344755

  • With Graceful Routing Engine switchover (GRES) enabled in a subscriber environment, if subscribers are logging in or out very quickly, the service sessions in the session database of the backup Routing Engine might be leaked. If the problem is not detected for a long time, the backup Routing Engine might not be able to come back into synchronization with the master Routing Engine and might not be ready for GRES. PR1346300

  • The backup Routing Engine might crash after GRES occurs continuously for more than 10 times. PR1348806

  • During unified ISSU that warrants host upgrade, if the router is configured with 8 million IPv4 or IPv6 routes or more, the unified ISSU might fail, resulting in FPC restart. PR1348825

  • In some cases, online insertion and removal (OIR) of a MIC installed in an MPC might lead to the silent dropping of traffic destined to the MPC. The only way to recover from this is to restart the MPC. The issue is not be seen if you use the corresponding CLI commands to take the MIC offline and then bring it back online. PR1350103

  • The following error messages are observed with Junos OS Release 17.3 throttle image: localttp_offload_tx_errcheck: failed to send packet 4 times in last one second. PR1359149

  • For configurations of bridging routing instances with aggregated Ethernet logical interfaces (6400 logical interfaces) and IRB instances, all from a single FPC, the CPU utilization of the FPC stays at 100 percent for 4 minutes. The behavior from PFEMAN of the FPC has the processing time spiked on IF IPCs and this seems to be the case of MPC7E from Junos OS Release 16.1R1 (or even earlier). After 4 minutes, the CPU utilization comes down and the FPC is normal. Therefore, this scaled configuration on MPC7E takes settling time of more than 4 minutes. PR1359286

  • For the INH -> FWD NH{List NH} -> {Chain NH} scenario, when rpd reads next hops from the kernel on restart, rpd must not create an old-style list next hop for the forwarding next hop. PR1360354

  • In rare circumstances, a faulty SFP transceiver installed in an MX104 might cause the AFEB to go offline. The backup Routing Engine and fan tray also shows alarm. PR1360426

  • When an FPC is booting up (during unified ISSU, router reboot, or FPC restart), the Layer 2 circuit timeout error messages for the SFP transceiver are observed. These errors are seen when the Layer 2 circuit action is not completed because the device was busy. When the FPC is up, all the Layer 2 circuit transactions to the device were all right, so no periodic failure is observed. There is no functional impact and these errors can be ignored. PR1369382

  • If any log messages continue to appear in the MPC console, they indicate the presence of a faulty SFP/SFP+ transceiver. There is no software recovery available to recover from this situation. These logs also indicate potential Layer 2 circuit transaction failure with any of the 10 ports available with 2x10GE SFPP/20x10GE SFP MACSEC in PIC 0 that results in unexpected behavior:

    I2C Failed device: group 0xa0 address 0x70Failed to enable PCA9548(0x70):grp(0xa0)->channel(0)mic_sfp_select_link:MIC(0/0) - Failed to enable PCA9548 channel, PCA9548 unit:0, channel ID: 0, SFP link: 0mic_sfp_id_read: Failed to select link 0

    For example, the link does not come up or the MIC itself is not booting up on restart.

    The only way to recover from these failures is to detect and replace the faulty SFP/SFP+ transceiver plugged into the 2x10GE SFPP/20x10GE SFP MACSEC ports. PR1375674

  • A few xe- interfaces go down with the following error message: error if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840

  • In low-end 32-bit systems, rpd has a lower level of available memory. We need to display a log message to alert customers when the average memory usage or transient memory usage exceeds thresholds. PR1387465

  • Control Plane Switch Management (CPSM) daemon memory leak occurs in vmhost. It might also cause the log rotate to stop working and cause large CPSM log size. PR1387903

  • On an MX Series platform enabled with enhanced subscriber management, if the filter service is enabled for each subscriber and if there is a large scale of broadband edge (bbe) subscribers (for example, 10,000) logging in and out repeatedly, the FPC might crash due to this rare issue. PR1388120

  • The virtio throughput remains same for the multiqueue and single-queue deployments. PR1389338

  • If the persist-groups-inheritance statement is configured when you try to add additional sites to an existing group and routing instance configuration, you might observe an error that can cause the commit to fail after issuing commit check. PR1391668

  • On MX Series platforms, if the channelized OC MIC (such as, 1xCOC12/4xCOC3 CH-CE) is used, the MPC/AFEB/TFEB (Forwarding Engine Board) might crash, generating core files. This is not easily reproducible. The traffic through the MIC might be impacted. PR1396538

  • The Junos OS rpd daemon has facilities to attempt to trap certain classes of nonfatal bugs by continuing to run, but leaves a soft generated core file. Leaving a soft generated core file is intended to be nondisruptive to routing and forwarding. You must have a mechanism by which you can disable the soft generated core files. PR1396935

  • Router advertises the ESMC QL of PRC even though the current clock status is holdover. PR1398129

  • In a BGP-PIC case, if route R1 resolves on top of multipath-route R2, where R2 has primary and backup indirect next hops, it is better if the backup leg is not used for the resolution of R1. There is no impact on any existing CLI commands. The backup path must not be used when the primary path is available. PR1401322

  • Generated core file and rpd reboot is observed when the condition-manager policy is configured for the routing table and the same table is repeatedly deleted and read. PR1401396

  • For ON_CHANGE subscriptions of /interfaces/ sensors, the sync_response is sent to the collector before the complete data is sent to the collector. However, there is no behavioral impact because the collector still receives complete data and the synchronization response received earlier impacts the ONCE mode of subscriptions. PR1403672

  • On vMX-based platforms including MX150, when you run the clear pim join instance instance-name all command, it might result in stopping of the riot process on the system. PR1409527

  • For MPC10 and MPC11 line cards, firmware upgrade for INphi modules should use updated version of scripts that support these line cards. The old script fails to perform the firmware upgrade. PR1410133

  • The configuration database can remain locked after the SSH session is halted. PR1410322

  • After ISSU, some of L2TP and PPPoE subscribers do not come up. PR1412818

  • A small number of tunneled subscribers might be terminated during unified ISSU to Junos OS Release 19.1R1 software due to momentary loss of IP connectivity between the LAC and LNS devices. PR1414928

  • When the Routing Engine software is not able to access the fabric chip, the corresponding plane goes into fault state. The following log message is observed: CHASSISD_FASIC_PIO_READ_ERROR: Fchip (CB 1, ID 1): read error in sfchip_init() for link#100 at address 0 in register FCHIP_FTOP_CONFIG. PR1416814

  • On the NG-MPC's KATS, tests does not run post system reboot and the chassisd restarts with 2x 10GE SFPP / 20x 1GE SFP MACsec MIC. PR1418538

  • Certain JNP10008-SF and JNP10016-SF manufactured between July 2018 and March 2019 might have an incorrect core voltage setting. As a workaround, reprogram the core voltage and update the setting in the NVRAM memory. PR1420864

  • With HTTP header enrichment function enabled, the processing of the window scaling option significantly reduces the performance of HTTP sessions from 65 MB/s to less than 40 MB/s, which results in decrease of traffic throughput. The download rate drop is also observed. PR1420894

  • On all platforms running Junos OS, when the file system gets into the Full state and there is not enough spare disk space, it might get into a problematic system condition while committing the configuration. After that, if the consecutive commits are still done in such a problematic condition, commit-check failure logs might be seen eventually. Due to this issue, some processes might not run even if the configuration is present. PR1423500

  • The fast-lookup-filter does not work for the MPC10E-15C-MRATE line card. During installation, the fast-lookup-filter is converted internally to the Dmem filter. PR1431451

  • The my-mac-check-failed exception counter display is missing from the CLI output, but the functionality is working as expected. PR1438761

  • If a route is programmed with Rib.RouteAdd/Update() with a VXLAN flexible tunnel profile having a destination MAC set to all zeros, reading the route back through Rib.RouteGet() results in the destination MAC not being set in the RouteGetReply. PR1439940

  • On the MPC7E, MPC8E, and MPC9E cards, egress stream flush failure and silent dropping of traffic might occur in a rare occasion for a repeatedly flapping link. PR1441816

  • The BGP session that establishes over the GRE tunnel fails when the router receives the BGP packets encapsulated as GRE and uses the firewall filter action to de-encapsulate the GRE header. PR1443238

  • For the EVPN instance with integrated and routing (IRB) interface, the proxy ARP and ARP suppression is enabled by default. With EVPN proxy ARP and ARP suppression enabled and in Junos OS Release 17.2Rx or 17.3Rx (x >= 3, the correlated service release is also affected), the kernel processing on the master Routing Engine might crash due to a software defect on the packet handling. This is a rare issue. PR1443903

  • After fixing PR 1338647, error dropped packets are seen on MQ/XM-based MPC cards, though there is no traffic flowing through the system. PR1451958

  • When using the replace pattern command to replace the name in the apply-group, the mgd crashes. PR1452136

  • Timestamp is missed when the show command is edited and run from the CLI command history. PR1454387

  • On a device with MPC10E installed, the firewall filter might be incorrectly updated in the Packet Forwarding Engine when the change (for example, add/delete, deactivate/activate) of firewall filter terms occurs in some scenarios, such as large-scale terms change or changes that occur during the MPC reboot. The incorrect firewall filter might cause the traffic to be silently discarded and leads to an MPC crash. It is a timing issue. PR1458499

  • Commit script does not apply changes in private mode unless you perform a full commit. PR1465171

  • From Junos OS Release 16.2R1 and onwards, if the commit command is executed after commit check, the daemon (for example, dhcpd and sampled) might not get started even though the related configuration is successfully committed. PR1468119

  • Unable to see generated core files in the show system coredumps output when you use the hostname with "." in between. PR1474118

  • A new aggregated Ethernet member interface for a static LAG bundle is installed in the FIB even though the micro- BFD session is down. PR1474300

  • When you reboot the external server, the SNMP values configured within the /etc/snmp/snmpd.conf file at the server gets overwritten with the content from the JDM snmp configuration section. The trap configuration changes get completely removed. Restarting or stopping and starting JDM does not change the host /etc/snmp/snmpd.conf file. Only system reboot of the server occurs. PR1474349

  • There is a behavior change from Junos OS Release 18.4 where the DHCPv6/PD subscribers come over the PPPoE subscriber. The DHCP accounting statistic is not displayed for DHCPv6/PD when brought over PPPoE. The behavior of PPPoE remains the same. PR1461104

  • The max-drop-flows statement is not available. PR1375466

  • Revert of RLT to primary can silently discard traffic for around 10 minutes after the primary FPC is online with primary RLT up. PR1394026

  • FPC might crash after performing GRES in a subscriber scenario. PR1421541

  • Random packet drops are observed with flow cache disabled when NIC is mapped to NUMA node 1. PR1458742

  • The MPC2E-NG or MPC3E-NG line card with specific MIC might crash after a high rate of interface flap. PR1463859

  • The GRE tunnel might go down in the scenario with IPv4 and IPv6 IPsec service configured. PR1470667

  • When you reboot the external server, the SNMP values configured within the /etc/snmp/snmpd.conf file at the server get overwritten with the content from the JDM SNMP configuration section. The trap configuration changes get completely removed. Restarting or stopping and starting JDM does not change the host /etc/snmp/snmpd.conf file. Only system reboot of the server occurs. PR1474797

  • xqchip_drop_get_q_length severity of parity error moved from major to minor. PR1481558

  • The SNMP index in the Packet Forwarding Engine reports as 0, causing sFlow to report either IIF or OIF (not both) as 0 in the sFlow record data at the collector. PR1484322

  • In node slicing setup after GRES, the RADIUS interim updates might not carry the actual statistics. PR1494637

  • Taking packet-via-dmem capture might cause FPC to crash or wedge. PR1498422

High Availability (HA) and Resiliency

  • On the MX204 and MX10003 Virtual chassis, ISSU might fail with an error message. PR1480561


  • The following message is seen during FTP: ftpd[14105]: bl_init: connect failed for /var/run/blacklistd.sock(No such file or directory). PR1315605

  • If the serial number of the PEM starts with 1F1, the following alarm might be generated: Minor FPC PEM Temp Sensor Failed PR1398128

  • The following error message is observed continuously in AD with base configurations: IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) failed. PR1485038

Interfaces and Chassis

  • Out-of-sequence packets are seen with the LSQ interface. PR1258258

  • Upgrading Junos OS Release 14.2R5 and later maintenance releases and Junos OS Release 16.1 and later mainline releases with a CFM configuration might cause the cfmd process to crash after the upgrade. This is because of the presence of an old version of /var/db/cfm.db. PR1281073

  • In MX Series Virtual Chassis, flooding of the following error message can be seen with LACP-enabled aggregated Ethernet interfaces on MPC7, MPC8, and MPC9 cards: CHASSISD_CONFIG_ACCESS_ERROR: pic_parse_ifname: Check fpc rnage failed. The error message impacts only DWDM PICs, which does not effect the MPC7, MPC8, and MPC9 cards. Hence, this syslog message can be safely ignored. PR1349277

  • LFM sessions toward scaled peers might flap during the unified ISSU switchover phase. PR1377761

  • Static demux0 logical interfaces do not come up after configuration changes if the underlying interface is an et- (100-Gigabit Ethernet) interface. After the configuration change, the et- interface gets flushed in order to reparse the configuration. During this time, dcd does not create the dependency between demux0 logical interfaces and the underlying et- interface, which results in flushing off the demux0 logical interfaces. This issue is seen only if the underlying interface is an et- interface. As a workaround, restart dcd, reboot the entire Routing Engine, or use the commit full command instead of the commit command while committing the new configuration. PR1401026

  • If an aggregated Ethernet interface has the VRRP configuration, in the following use cases, member logical interfaces cannot be created after the member physical interface comes up, and the aggregated Ethernet interface will be in the Down state: fpc restart (request chassis fpc restart slot <>) chassis-control restart (restart chassis-control) reboot both Routing Engine (request system reboot both-routing-engines)

    Therefore, before performing these operations, remove the VRRP configuration from the aggregated Ethernet interface. PR1429045

  • When the QSFP-100GE-DWDM2 transceiver is installed on the device, the harmless severity level log might be flooded periodically by this transceiver. PR1453919

  • The following message might be seen while committing configuration on MXVC: registration is being denied. PR1431377

  • SFBs goes to the Check state and the Packet Forwarding Engine raises major CM_CMERROR_FABRIC_SELFPING errors in the MX2000 routers, if the SFB is offline while it is in online process. PR1433522

  • Traffic might be dropped because of the next-hop points to ICL even though the local MC-LAG is up. PR1486919

Junos fusion Enterprise

  • The SDPD generates core files at vfpc_all_eports_deletion_complete vfpc_dampen_fpc_timer_expiry. PR1454335

Junos fusion Provider Edge

  • V44 or Junos Fusion Environment system , intermediate traffic drop is seen between AD and SD when sflow is enabled on ingress interface. This is not seen always. PR1450373

Layer 2 Ethernet Services

  • On an MX Series platform, if a static demux interface is configured over an underlying interface after the subscriber logs out, then the accounting statistics are not cleared. PR1383265

  • The jdhcpd process might leak memory in the subscriber scenario. PR1491349


  • With nonstop active routing (NSR), when the rpd restarts on the master Routing Engine, the rpd on the backup Routing Engine might restart. PR1282369

  • If there are two directly connected BGP peers established over MPLS LSP and the MTU od the IP layer is smaller than the MTU of the MPLS layer, and also if the BGP packets from the host have the DF bit set, the BGP session might keep flapping because of the usage of the wrong TCP-MSS. PR1493431

  • For an SR-TE path with 0 explicit NULL as the innermost label, the SR-TE path does not get installed with label 0. PR1287354

  • The root XML tag in the output has been changed from rsvp-pop-and-fwd-info to rsvp-pop-and-fwd-information to be consistent with the XML tag convention. PR1365940

  • The following multicast (MVPN) traffic drop can be observed on switchover when vt- is in use: show routing-instances MVPN-1 instance-type vrf; interface vt-0/0/0.1202 { <<<<< multicast; } //snip

    This issue occurs due to the presence of incorrect forwarding states on the backup Routing Engine before the switchover. PR1434522

  • On MX Series platforms, in an MPLS Layer 2 circuit or Layer 2 VPN with FAT (Flow-Aware Transport of Pseudowires) flow labels scenario, the flow label is not pushed when chained-composite-next-hop ingress l2ckt/l2vpn is enabled. The issue results in a load-balance problem for the Layer 2 circuit or Layer 2 VPN service. PR1439453

  • When an interface in an MVPN routing instance is changed from a virtual tunnel (VT) interface to a label-switched interface (LSI), the P2MP LSP might get stuck in an incorrect state because no tear down message is created from the LSP egress side. In the end, the MVPN traffic is lost. PR1454987

  • In a large scale P2MP deployment, LSPs might go down randomly across the network due to repeated make-before-break event occurring in the P2MP sub-lsps. PR1415384

  • The rpd process might crash in PCEP for the RSVP-TE scenario. PR1467278

  • The backup Routing Engine might crash if an indirect next-hop is sent by the primary Routing Engine without the associated sgid. PR1493053

Network Management and Monitoring

  • Junos OS sends a cold trap from the new master Routing Engine just after the first GRES. This is because the cold_start timestamp file was not present or updated after the reboot. So, for the first GRES, Junos OS sends a cold start trap. PR1461839

Platform and Infrastructure

  • In configurations with IRB interfaces, during times of interface deletion (for example, FPC reboot), the Packet Forwarding Engine might log the following error message: nh_ucast_change:291Referenced l2ifl not found. This condition should be transient with the system reconverging on the expected state. PR1054798

  • On an MX-VC setup, if the traffic goes through a VCP port and forwards to an egress port to the destination, while the traffic is handled entirely by the same Packet Forwarding Engine, MAC malformation might occur. PR1491091

  • In the MX104 chassis, the show system buffer command display all zero. PR1484689

  • An accuracy issue occurs with three-color policers of both types, single rate, and two rate in which the policer rate and burst-size combination of the policer accuracy vary. PR1307882

  • In an Ethernet frame padding with VLAN scenario, if the fragment is a must, the VLAN Ethernet padding is required to minimize the frame size when the Ethernet frame length is less than 68 bytes, and equal to or greater than 64 bytes. But if the VLAN Ethernet padding is configured on a vlan-tagging enabled Ethernet interface, the fragment might not work correctly. The MPC error might be observed and the traffic might get lost. PR1452261

  • An an MX Series router acting as an egress NG-MVPN PE router with hot-root-standby and sender-based-rpf features enabled, is supposed to switch to the backup multicast flows from the primary ones if the primary flow rate falls below configured mvpn hot-root-standby min-rate rate. The switchover time (when the traffic is silently discarded) is expected to be within 50 milliseconds irrespective of the number of the groups which are undergoing this switchover (assuming that this number is within maximum MoFRR flows supported). Before this PR fix, that switchover time could be more than 50 milliseconds (up to several seconds) if the number of the groups undergoing the switchover at the egress PE simultaneously is greater than ~250 groups. PR1478981

  • There are multiple failures when events such as node reboots, ICL flaps, and ICCP flaps occur. Even with enhanced convergence configured, there is no guarantee that subsecond convergence will be achieved. PR1371493

  • In some cases, the status bit of the RPF next hop appears as disabled when it should have been enabled. PR1404240

  • On MX Series routers with MS-MPCs, when both group virtual private network (GVPN) tunnel and MPLS-over-UDP tunnel are used, traffic from a group virtual private network (GVPN) tunnel to MPLS-over-UDP tunnel might fail to get decrypted on the MS-MPC. This causes a complete service loss. PR1422242

  • On all platforms running Junos OS, with NSR enabled, the BGP session with a hold-time of 6 seconds or smaller flaps after the backup Routing Engine is pulled out ungracefully. PR1428518

  • For the bridge domains configured under an EVPN instance, the ARP suppression is enabled by default. This enables the EVPN to proxy the ARP and reduces the flooding of ARP in the EVPN networks. Due to this, the storm-control does not take effect on the ARP packets on the ports under such bridge domain. PR1438326

  • Arrival rates are not seen at the system level when the global-disable FPC is configured. PR1438367

  • A dual Routing Engine Juniper node slicing GNF with no GRES configured and with system internet-options no-tcp-reset drop-all-tcp configured might enter a dual backup Routing Engine state upon a manual GNF Routing Engine mastership switchover attempt with the request chassis routing-engine master [acquire|release|switch] CLI command from either GNF Routing Engine CLI. PR1456565

  • After performing ISSU with a scaled configuration, high CPU utilization is observed in the MPC 3D 16x10GE card. PR1461715

  • In NTP with the boot server scenario, when the router or switch boots, the NTP daemon sends an ntpdate request to poll the configured NTP boot-server to determine the local date and time. If the ntpdate is not activated correctly while the device is booting, the ntpdate might not work successfully. Then, some cosmetic error messages of time synchronization might be seen, but there is no impact on the time update because the ntp daemon updates the time eventually. PR1463622

  • EVPN traffic loss is observed with the initial configuration before verifying with the IRB IP next-hop: type-5 with no EVPN inside data center functionality. PR1466914

  • The unicast traffic from IRB interface towards LSI interface might get dropped with the aggregated Ethernet load-balance adaptive or per-packet configured. PR1458825

  • In node slicing setup, MPLS TTL might be set to zero when the packet goes through the aggregated Ethernet interface configured with the circuit cross-connect family. PR1492639

Routing Protocols

  • While interoperating with other vendors in a draft-rosen multicast VPN, by default Junos OS attaches a route target to multicast distribution tree (MDT) subsequent address family identifier (SAFI) network layer reachability information (NLRI) route advertisements. But some vendors do not support attaching route targets to the MDT-SAFI route advertisements. In this case, the MDT-SAFI route advertisement without route-target extended communities are prevented from propagating if the BGP route-target filtering is enabled on the device running Junos OS. PR993870

  • If a manually configured rib-group or automatically generated rib-group (through family inet labeled-unicast resolve-vpn) is used to copy inet.0 (IP routing table) routes to inet.3 (MPLS routing table), the process rpd might continuously generate soft core files after protocols bgp path-selection always-compare-med is configured. PR1487893

  • On the MX2010 Series routers, the BFD session on the IS-IS step up flaps during the ISSU - FRU upgrade stage. PR1453705

  • When configuring an alternate incoming interface for a PIM RPF check using rpf-selection, you might find that the additional groups outside the configured range switches to the alternate incoming interface. PR1443056

  • JTASK_SCHED_SLIP for rpd might be seen on performing restart routing or OSPF protocol disable with scaled BGP routes in an MX104 router. PR1203979

  • Certain BGP traceoption flags (for example, open, update, and keepalive) might result in trace logging of debugging messages that do not fall within the specified traceoption category, which results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294

  • LDP and OSPF are in the Synchronization state and the reason observed for this is IGP interface down with ldp-synchronization enabled for OSPF. user@host> show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt P2P, Address:, Mask:, MTU: 9100, Cost: 1050Adj count: 1Hello: 10, Dead: 40, ReXmit: 2, Not StubAuth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTCProtection type: NoneTopology default (ID 0) -> Cost: 1050LDP sync state: in sync, for: 00:04:03, reason: IGP interface downconfig holdtime: infinity

    According to the current analysis, IGP interface down is observed because although LDP notified OSPF that LDP synchronization was achieved, OSPF was not able to take note of the LDP synchronization notification because the OSPF neighbor was not up yet. PR1256434

  • BGP I/O thread is added in Junos OS Release 16.1R1, whereby BGP writes were batched to improve efficiency. This might sometimes lead to some latency in sending BGP updates while reacting to certain network events. PR1332301

  • SCP command with routing option (-JU) is not supported. PR1364825

  • It is possible for a GNF with rosen6 multicast to display stuck KRT queue entries after recovery from a dual Routing Engines reboot at the BSYS. PR1367849

  • The following error messages are observed: pimd_rtrequest_v4(1133), IS_MASTER_RE: 1, Process: rpd, RTM_ID: 5, error: 17, errmsg: rt exists; ifindex = 340. These logs are not harmful and have no functional impact. This error message just shows the state of PIM register messages. These logs are already LOG_DEBUG for external builds. You do not need to make any change in any of the components. PR1371431

  • At scale, a GNF with PS over RLT and multiple MPCs might show BFD flap at recovery. PR1386574

  • In a BGP scenario with multipath enabled, if you apply an import or export policy of IPv6 routes with an IPv4 next hop to a BGP neighbor, the rpd might crash continuously. PR1390428

  • If an import policy is applied to a BGP neighbor and the policy has an indirect IPv4 next hop for IPv4 and IPv6 routes (IPv6 routes resolved over IPv4), when the BGP unresolved route is withdrawn, rpd crash might be seen. PR1391568

  • Policy-based label allocation is not supported for an IPv6 prefix. Commit might be successful but configuration does not take effect. There is no functional impact. PR1395040

  • When the MoFRR feature is used in a scaled environment (in terms of number of routes and next hops), the actual convergence of multicast traffic might reach hundreds of milliseconds due to suboptimal handling of MoFRR forwarding states at the Packet Forwarding Engine level. PR1399457

  • Sometimes when a new logical router is configured, logical router core files might be seen on the system if the kernel is reporting low memory (this core file is harmless). PR1403087

  • During NSR initial state replication on a scaled setup, while BGP state replication is still going on, the BGP task replication might get marked as completed. This is because BGP replication is triggered and controlled by the backup Routing Engine. You must check the output of the show BGP replication command to confirm whether replication has actually completed. This corner case scenario is valid only on a scaled setup and during initial state synchronization. PR1404470

  • The mcsnoopd core files are generated immediately after the commit change related to a VXLAN-EVPN configuration. PR1408812

  • Autotranslations fail when the static adjacency SID is configured with OSPF as IGP. PR1414612

  • Variability of convergence improvement with the send-addpath-optimization statement enabled is observed. PR1395684

  • Packet drop and CPU spike on Routing Engine might be seen in certain conditions if the labeled-unicast protection is enabled for a CsC-VRF peer. PR1456260

  • RPKI validation is broken. PR1464931

  • The bbe-smgd process generates core files on the backup Routing Engine. PR1466118

  • RPD crashes due to the flapping of the BGP session. PR1490079

Subscriber Access Management

  • Authd reuses addresses too quickly before jdhcpd can completely clean up the old subscriber, which floods the error log; for example: jdhcpd: %USER-3-DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add as it is already used by 1815. PR1402653

  • While verifying the deleting services through CoA, when the specified family-type has been deactivated since incorrect number of service sessions are active. Hence, some services remains active even though the family is deleted. PR1479486

  • Subscriber accounting messages retransmissions exist even after configuring accounting retry 0. PR1405855

User Interface and Configuration

  • The test configuration /config/file configuration fails to check for a dynamic profile when the subscriber is active. PR1376689

  • Changing nested apply groups does not take effect. PR1427962

  • Previous configuration might still take effect after performing rollback rescue. PR1489575


  • The multicast VPN MIB is not properly compiled into the Juniper MIB package bundle. This might cause mib-jnx-mvpn.txt to be included as part of the Juniper Enterprise MIB set. PR1394946

  • MVPN traffic loss observed while verifying MULTICAST ROUTE with VT for VPNA. PR1460480

  • In an MVPN environment with SPT-only option, if the source or receiver is connected directly to c-rp PE and the MVPN data packets arrive at the c-rp PE before its transition to SPT, the MVPN data packets might be dropped. PR1223434

Resolved Issues

Learn which issues were resolved in the Junos OS main and maintenance releases for MX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 19.1R3

Application Layer Gateways

  • SIP messages that need to be fragmented might be dropped by SIP ALG. PR1475031

Class of Service (CoS)

  • MX Series device-generated OAM/CFM LTR message are sent with a different priority than the incoming OAM/CFM LTM message. PR1466473

  • Unexpected traffic loss might be observed in certain conditions. PR1472083

  • The MX10008 and MX10016 devices might generate cosd core files after executing the commit or commit check command if the policy-map configuration is set. PR1475508


  • Delay factor might send back ARP request/NS to the local segment under EVPN-ETREE leaf role conditions. PR1459830

  • Traffic received from the VTEP gets dropped if the VNI value used for type-5 routes is greater than 65,535. PR1461860

  • The rpd might crash after the EVPN-related configuration is changed. PR1467309

  • The rpd process might crash after committing changes in the EVPN environment. PR1439537

  • MAC address present in the EVPN database are not get installed in the EVPN MAC-table (ethernet-switching table) when the remote MAC is learned from the multihomed PE devices. PR1463722

Forwarding and Sampling

  • The pfed might crash and not be able to come up. PR1452363

  • In some rare scenarios upon FPC or PIC reboot, the Packet Forwarding Engine daemon database might not get updated with the correct location_id for some physical interfaces, then a problem with statistics on some interfaces of a router might be observed. PR1458143

  • The l2ald process might experience memory leak on platforms running Junos OS. PR1455034

  • In a scenario when the VGA on IRB is deactivated, activated, or comit the configuration at the same time on both the PEs of a site, the type 1 ESI or AD route might not be generated locally. PR1464778

  • The following syslog error message is observed: pfed: rtslib: ERROR received async message with no handler: 28 PR1458008

  • The following logs are observed: L2ALD_MAC_IP_LIMIT_REACHED_IF: Limit on learned MAC+IP bindings reached for .local.1048605; current count is 1024 PR1462642

  • On MX10008 and MX10016 routers, the bandwidth-limit policer cannot be set higher than 100 gigabits. PR1465093

  • An output bandwidth-percent policer with logical-bandwidth policer applied to an aggregated Ethernet bundle along with an output-traffic-control-profile has incorrect effective policing rate. PR1466698

  • Traffic might not be forwarded into the right queue but might be forwarded into the default queue when VPLS traffic has three or more VLAN tags with VLAN priority 5. PR1473093

  • The filter might not be installed if the policy-map xx option is present in the filter. PR1478964

General Routing

  • The following error message is reduced from fatal to major: XR2CHIP_ASIC_JGCI_FATAL_CRC_ERROR. PR1390333

  • Mandatory TLV ttl learnt from LLDP neighbors is not streamed along with other learnt parameters from the neighbors. PR1459441

  • On the MX150 device, there is a log severity level change. PR1411846

  • Original PFEBM task, which is system-critical for internal network performance or resilience runs as a medium priority. PR1429797

  • FIPS:GMIC2-KATS does not run on specific MPC3E-3D-NG senario and the following error message is observed: gi2mic_vsc8490_port_init: FIPS mode not set PR1418538

  • Certain JNP10008-SF and JNP10016-SF that are manufactured between July 2018 and March 2019, might have incorrect core voltage setting. The issue can be corrected by reprogramming the core voltage and updating the setting in the NVRAM memory. PR1420864

  • During host ping with gr- tunnel endpoint, lt- interface termination, gr- interface input, and lt- interface, the output counters comes as host path with addition to the transit counter. PR1461593

  • The rpd might generate core files when being terminated either during a user-initiated restart or when deactivating a logical system. This crash is seen only when rpd is being shut down, so overall impact on the network is minimal. PR1418192

  • jnxFruState shows the value as 10 for Routing Engine instead of 6 in response to . PR1420906

  • On all the devices running Junos OS, with channelizing configured on FPCs, if a 40-Gbps port that is channelized to 10-Gbps ports already (for example, xe-2/0/16:0) is being channelized to 10-Gbps again, the port might get incorrectly channelized. PR1423496

  • On the MX Series platform, the PPP sessions do not work properly. PR1428212

  • The Protect core configured router might send IPFIX sampling packets with the wrong next-hop information. PR1430244

  • The l2cpd process might crash and generate a core file when the interfaces flaps. PR1431355

  • Micro-BFD 3x100 ms flap upon inserting a QSFP transceiver in another port. PR1435221

  • When you reboot or power off the backup Routing Engine, trap message reported is seen. This is a generic design for the TVP platform. PR1436212

  • Unified ISSU is failing from Junos OS Release 19.1R1 legacy images. (Seen only on legacy image) PR1438144

  • The rpd might generate core files during router bootup due to a file pointer issue as there are two code paths that can close the file. PR1438597

  • Incorrect values appears in JUNIPER-TIMING-NOTFNS-MIB. PR1439025

  • The rpd creates route pointing to chain composite instead of indirect next hop for a PE-PE directly connected case. PR1439317

  • On Junos OS, if a group is applied at the nonroot level and later a statement from the group is deleted, change bits are not set for the hierarchy where the group is applied. As a result, the respective daemon is not notified for the changes that causes mgd to generate core files. PR1439805

  • New OID is added that calculates the buffer utilization where inactive memory is not considered as free memory. PR1441680

  • The MX Series device might rewrite the HTTPS request with destination port 80. PR1446085

  • The static route for NAT might never come up if you switch over the service interface that has NAT and GR configuration. PR1446267

  • The rpd process might crash when it is terminated immediately after it has been started. PR1446320

  • The bbe-smgd generates core file on the backup Routing Engine in bbe_ifd_add_vlan (ifd=0x8c3e835, ifl=0xcaf59f18) at ../../../../../../src/junos/usr.sbin/bbe-svcs/smd/infra/bbe_ifd.c:6374. PR1447493

  • FPC generates the Voltage Tolerance Exceeded major alarm for each IP 2V5 sensors. PR1451011

  • Main chassisd thread at a JNS GNF might experience stalls upon GNF SNMP polling for hardware-related OIDs. PR1451215

  • RMPC-generated core files are found after configuration changes are done on the network for PTP/Synchronous Ethernet. PR1451950

  • Incorrect output is observed in the show snmp mib walk jnxTimingNotfnsMIB.3 statement. PR1453436

  • On the MX10003 platform, alarm is not sent to syslog. PR1453533

  • On MPC3E-NG cards with 100-Gigabit Ethernet interface in use, if the interface detects Loss of Lock (LOL) on the link without Loss of Signal (LOS), the interface goes down and might not come up again after the link is recovered. PR1454595

  • After a software upgrade, SNMP MIB Walk does not roll or fetch any information. PR1455667

  • The CLI command with invoke-on and display xml rpc results in unexpected multiple RPC commands. PR1456578

  • Continuous crashing of the bbe-statsd process might be seen if any parameter is set to 0 in the mx_large.xml file. PR1457257

  • The chassisd process and all FPCs might restart after a Routing Engine switchover. PR1457657

  • If the dynamic assignment of VoIP VLAN is used, the switch might not send correct VoIP VLAN information in the LLDP MED packets after any configuration change and commit. PR1458559

  • The FPC X major errors alarm might be raised after committing the PTP configuration change. PR1458581

  • The following error messages might be seen after restarting the chassisd: create_pseudos: unable to create interface device for pip0 (File exists). PR1459373

  • Incomplete output is observed when you run the show ancp subscriber access-aggregation-circuit-id < access aggregation circuit ID> statement. PR1459386

  • In an MC-LAG scenario, traffic destined to VRRP virtual MAC gets dropped. PR1459692

  • Traffic is discarded silently upon interface flap after DRD autorecovery. PR1459698

  • AUTO-CORE-PR :cpcdd generates core files at ServicesMgr::ServicesManager::cpcddSmdInterface::processServiceNotifyMsg ,SmdInterface::cbStateSyncServiceNotifyMsgHandler ,statesync_consumer_poll_new_state_cb. PR1459904

  • In a subscriber management environment, subscriber statistics reported by CLI commands and RADIUS can be broken if in-service software upgrade (ISSU) is performed from any Junos OS release earlier than Junos OS Release 18.4 to 18.4 or a later build. PR1459961

  • The PPTP does not work with destination NAT. PR1460027

  • If VLAN-offload is configured on the vMX platform, input-vlan-map might not work. PR1460544

  • IPv6 prefix might be hidden when received over an IPv4 BGP session. PR1460786

  • The PTP function might consume kernel CPU for a long time. PR1461031

  • The bbe-smgd might generate core files when all RADIUS servers are unreachable. PR1461340

  • In an EVPN scenario, memory leak might be observed when proxy-macip-advertisement is configured. PR1461677

  • The repd core file is seen during system bootup. PR1461796

  • There is a memory issue with the BBE statistics collection and management process, bbe-statsd, on the backup Routing Engine. PR1461821

  • When both DIP switches and power switch are turned off, the following error message appears: CHASSISD_SNMP_TRAP6: SNMP trap generated: Power Supply failed. PR1462065

  • On the MX204 platform, radius-acct-interim statistics are not populated for subscribers. Statistics are properly populated in the radius-acct-stop packets. PR1462325

  • An interface might get stuck in the Down state on certain MX Series platforms. PR1463015

  • On an MX Series platform with enhanced subscriber enabled, if you make some changes to a dynamic-profiles filter, the subscribers built on the filter might no longer forward traffic. PR1463420

  • RPC ALG causing mspmand to generate core files when an MX Series device is used as a stateful firewall with the MS-MIC or MS-MPC service cards. PR1464020

  • The IPoE subscriber route installation might fail. PR1464344

  • The bbe-smgd-core (0x000000000088488c in bbe_autoconf_delete_vlan_session_only (session_id=918) file is observed at ../../../../../../src/junos/usr.sbin/bbe-svcs/smd/plugins/autoconf/bbe_autoconf_plugin.c:3115). PR1464371

  • The PPP IPv6CP might fail if the routing-services command is enabled. PR1464415

  • The CPU utilization on the mgd daemon might get stuck at 100 percent after the netconf session gets interrupted by the flapping interface. PR1464439

  • The MS-MIC might not work when it is used on a specific MPC. PR1464477

  • The PPPoE session gets in the Terminated state and the accounting stop for the session is delayed. PR1464804

  • MPC5E or MPC6E line cards might crash due to internal thread overusing the CPU. PR1464820

  • In the MAC-MOVE scenario, the jdhcpd might consume high CPU and no further subscribers can be brought up if there are more than 4000 DHCP relay clients. PR1465277

  • The physical interface of an aggregated Ethernet interface bundle might take time to come up after you enable or disable it. PR1465302

  • ICMP error messages are still not received after you enable the enable-asymmetric-traffic-processing command. PR1466135

  • The PPPoE subscribers get stuck due to the PPPoE inline keepalives that do not work properly. PR1467125

  • Layer 2 wholesale is not forwarding all client requests with stacked VLAN. PR1467468

  • The rpd process might stop after several changes to the flow-spec routes. PR1467838

  • Crypto library shim memory utilization performance improvement by using data shim instead of control shim. PR1467874

  • SNMP interface-mib stops working for PPPoE clients. PR1470664

  • Sudden FPC shutdown due to hardware failure or ungraceful removal of line card causes major alarms on unrelated remote FPCs. PR1471372

  • When PTP is configured in the hybrid mode, the Synchronous Ethernet frequency drifts. PR1471502

  • On the MX10008 and MX10016 line cards, the ARP suppression that is enabled by default in EVPN does not work. PR1471679

  • Service accounting statistics do not get updated after changes are made to the firewall filters. PR1472334

  • The kernel might crash and vmcore might be observed after committing the configuration change. PR1472519

  • Performing back-to-back rpd restarts might cause rpd to crash. PR1472643

  • SDB goes down very frequently if the reauthenticate lease-renewal statement is enabled for DHCP. PR1473063

  • Ingress multicast replication does not work with GRES configuration. PR1474094

  • clksyncd generates core file after GRES. PR1474987

  • The RADIUS accounting updates of service session have wrong data statistics. PR1475729

  • The bbe-mibd process crashes as a result of aborting /../src/junos/lib/libjuniper++/ PR1476596

  • In a NAT-T scenario, the IKE version 2 IPsec tunnel might flap if the tunnel initiator is not behind NAT. PR1477483

  • On MPC2E-NG, MPC3E-NG, MPC5, MPC6, MPC7, MPC8, and MPC9, the PFE might be disabled due to a major error. PR1478028

  • FPC memory leak might occur after executing the show pfe route command. PR1478279

  • The rpd walks through irrelevant routing tables when you run the show route protocol l2-learned-host-routing or show route protocol rift command and this causes rpd to crash while processing a bgp.rtarget.0 route. PR1481953

  • UID might not be released properly in some scenario after the service session deactivates. PR1188434

  • The show subscriber extensive command incorrectly displays DNS addresses that are provided to DHCP clients. PR1457949

  • DHCP relay with forward-only might fail to send OFFER messages when the DHCP client is terminated on the logical tunnel interface. PR1471161

  • The dynamic profile for a VPLS-PW pseudowire incorrectly reports the Dynamic Static Subscriber Base Feature license alarm. PR1473412

  • The statistics of the traffic generated by the Routing Engine on the MX platform is incorrect. PR1432724

  • In the Junos OS PTP deployment, when configuring the aggregated Ethernet child interface in the protocol PTP and after performing the FPC restart, all of the interfaces on that FPC might be brought to the Administrator down state. PR1442665

  • The IS-IS setup sends the system host-name instead of system-id in the OC paths in the lsdb or Adjacency xpaths in a periodic streaming and on-change notification. PR1449837

  • On subscribing to /interfaces/interface/state/, it might get subscribed to /junos/system/linecard/interface/traffic/ internally instead of /junos/system/linecard/interface/queue/ that might impact traffic. PR1456275

  • The traffic might get stuck on the MS-MPC or MS-MIC with sessions receiving huge number of affinity packets. PR1459306

  • FDB does not flush that causes the traffic to be dropped silently in the Ethernet ring scenario. PR1459446

  • Fabric hardening (FH) is the process of controlling bandwidth degradation to prevent traffic to be silently discarded. When the FH process is processing and if SFB or SCB fails, the FH process gets stuck that causes traffic lost. PR1461356

    On the specific Junos OS platforms, the Routing Engine switchover might not be triggered when the master CB clock failure is detected. The master CB with the faulty clock can not operate normally and this issue might cause fabric plane failure. PR1463169

  • Need to add the Backport jemalloc profiling CLI support to all Junos OS Releases where jemalloc is present. PR1463368

  • When the tunnel-services are configured on a PIC, the optics measurements that subscribed through gRPC might not be streamed. PR1468435

  • The pccd might generate core files and PCEP session might flaps in the PCE initiated or PCE delegated LSP scenario. PR1472051

  • The tcp-log connections fail to reconnect and gets stuck in the Reconnect-In-Progress state. PR1469575

  • On all the Junos platforms with l2cpd daemon, committing configuration changes that are processed by l2cpd (for example, flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, and family ethernet-switching might cause marginally memory leak. PR1469635

  • A hierarchical-scheduler should not be configured on a ps- interface. The corresponding anchor lt- interface must be used for that purpose instead. PR1470049

  • The following chassis alarm is reported on BSYS: RE0 to one or many FPCs is via em1: Backup RE. PR1472313

  • The subnet information might be corrupted if it is passed by a RADIUS server. PR1474097

  • The QSA adapter Lane 0 port might be also brought down when you disable one of the other lanes. PR1474231

  • In the MX2000 chassis with multiple line cards (XM and EA based) and SFB2 fabric, a longer traffic drops in the order of 30 seconds depending on the number of line-cards in the chassis might be observed. PR1476505

  • Traffic loss might occur due to the LNS subscribers in case the routing-service statement is enabled under the dynamic-profile. PR1476786

  • Teh TCP-log sessions might be in the Established state but the logs are not sent out to the syslog server. PR1478972

  • The rpd process might crash when the prefix list address is changed from IPv4 to IPv6. PR1421076

  • On the MX104 Series router with any 2 port license installed on 10-Gigabits interface and phy-timestamping enabled in PTP, PTP might not work. PR1421811

  • The default configuration does not create any logical interfaces and LLDP cannot discover the neighbor for those interfaces, which the logical interface is not configured explicitly in the Junos OS configuration. PR1436327

  • When flapping the existed flood next hop type routes, it might cause rpd crash or consume 100 percent of CPU. This issue might cause the routing protocols sessions or neighbors flap or traffic loss. PR1441550

  • The MVPN traffic might be dropped after performing switchover. PR1463302

  • On the MX104 Series routers, the clksyncd crash might be observed when PTP over an aggregated Ethernet is configured. PR1471466

  • The protocol MTU might not be changed to lt- interface from the default value. PR1478822

  • The MX204 router might restart if the system is configured for the subscriber management for PPPoE over aggregated Ethernet with the routing-service is enabled in the dynamic-profile. PR1482431

  • After kmd restarts, the IPsec SA comes up but the traffic fails for some time. PR1480692

  • On the MPC10 line cards, the logical tunnel interface might not work. PR1484751

  • The following general routing syslog error messages might be generated by the Packet Forwarding Engine: PFEIFD: Could not decode media address with length 0. PR1341610

  • The default credentials is supplied in the configuration. PR1344858

  • High CPU utilization of the FXPC process might be observed with the class-of-service changes on interfaces. PR1407098

  • Need to disable PTP and display warning when hyper mode is configured. PR1429527

  • IRB over VTEP unicast traffic might get dropped. PR1436924

  • The chassisd process might crash. PR1460657

  • The chassisd process might crash during GRES on the device with SCBE3 or SCB4. PR1464375

  • On the MPC7, MPC8, and MPC9 line cards, WO packet error and FPC major alarm are observed when reassembling the small fragments. PR1465490

  • Services card might restart due to a race condition when DNS filtering is enabled. PR1466567

  • Few of the DHCP INFORM packets specific to particular VLAN might take the incorrect resolve queue. PR1467182

  • On the MX10003 and MX204 routers, the temperature sensor name for PEMs under the show chassis environment pem command is incorrect. PR1468642

  • Receipt of specific packets causes service cards to restart when the DNS filtering is configured. PR1469188

  • Need to fix multiple FreeBSD vulnerabilities. PR1470693

  • The pkid process crashes at bn_i2c (pval=0x1d, cont=0x0, putype=0xffffcce8, it=0xc8c848b8 < BIGNUM_it>) at ../../../../../../../src/crypto/openssl/crypto/asn1/x_bignum.c:127. PR1471878

  • If static VLAN demux unit is configured the inner-range statement, only the first VLAN from the range is used to send PADI. PR1472444

  • Manually configured ERO on NS controller are lost when PCEP session is bounced. PR1472825

  • Services card might restart when DNS filtering is enabled. PR1474056

  • The Packet Forwarding Engine crashes on MPC7, MPC8, and MPC9 line cards upon receipt of large packets requiring fragmentation. PR1474154

  • On the MX104 devices, the chassid process generates core file when cmerror is triggered. PR1475396

  • The Power Supply failed and Power Supply OK SNMP traps are not generated. PR1479133

  • The SCBE3 fabric plane goes to the Check state in MX Series Virtual Chassis. PR1479363

  • 100G interface might randomly fail to come up after the maintenance operations. PR1481054

  • Traffic impact might be observed when policy-multipath is configured without LDP on the SPRING-TE scenario. PR1483585

  • Kernel crashes (vmcore) upon receipt of a malformed IPv6 packet. PR1486948

  • Incorrect frame length of 132 bytes might be captured in the packet header. PR1487876


  • FPC might reboot if jlock hog occurs on all Junos VM-based platforms. PR1439906

  • The duplex status of management interface might not be updated in the output of the show command. PR1427233

  • The scheduled tasks might not be executed if the cron daemon goes down without restart automatically. PR1463802

  • The l2ald and eventd processes hogs hundred percent after issuing the clear ethernet-switching table command. PR1452738

  • Memory leak leads to kernel crash (vmcore) due to SNMP polling. PR1482379

Interfaces and Chassis

  • When the logical interface is associated to a routing instance inside, an LR is removed from the routing instance and the logical interface is not added to the default routing instance. PR1444131

  • After performing an interface flap, Cordoba related interface goes down. PR1475777

  • Commit error is not thrown when member link was added to the multiple aggregation group with different interface specific options. PR1475634

  • Continuous VRRP state transition (VRRP master/backup flaps) are seen when one device drops VRRP packets. PR1446390

  • The voltage high alarm might not be cleared when the voltage level comes back to normal for MIC on MPC5. PR1467712

  • When you configure ESI on a physical interface, the traffic drops if you disabe the logical interface under the physical interface. PR1467855

  • Interface descriptions might be missing under the logical-systems configuration. PR1449673

  • Mismatched MTU value causes the RLT interface to flap. PR1457460

  • Executing commit might become nonresponsive as the dcd process becomes nonresponsive. PR1470622

  • MC-AE interface shown as unknown status when you add the subinterface as a part of the VLAN on the peer MC-AE node. PR1479012

  • VRRP failover delay timer starts with configured interval instead of the default interval. PR1452748

  • The MC-LAG configuration-consistency ICL-configuration might fail after committing some changes. PR1459201

  • The EOAM CFM primary-vid functionality does not work if the enhanced-cfm-mode is enabled. PR1465608

  • The Virtual Chassis de-couples and couples during the authd daemon restart. PR1467298

Junos fusion enterprise

  • Loop detection might not work on the extended ports. PR1460209


  • The httpd process might run with a high CPU utilization when J-Web is enabled. PR1483607

Layer 2 Ethernet Services

  • The jdhcpd process might go into an infinite loop and utilize full CPU. PR1442222

  • The DHCP subscriber might not come online after rebooting the router. PR1458150

  • The metric does not change when configured under the DHCP. PR1461571

  • The ISSU might fail when a subscriber inflight login is happening. PR1465964

  • Telemetry data for relay/bindings/binding-state-v4relay-binding and relay/bindings/binding-state-v4relay-bound is not correct. PR1475248

  • When a DHCPv6 Relay-Agent is configured upon receipt of a specific DHCPv6 client message, remote code execution might occur. PR1461448


  • The FPC might get stuck in the Ready state after applying a configuration change that removes the RSVP and triggers an FPC restart. PR1359087

  • Kernel crash and device restart might occur. PR1478806

  • The rpd process might crash during shutdown. PR1471191

  • On all the Junos OS platforms with BGP PIC configured, if committing some operations where RSVP ingress routes are affected, the rpd process might. PR1471281

  • When changing the protocol LDP preference, all the LDP adjacencies would be bounced, that results in all the LDP targeted sessions to flap. PR1459301

  • Pervious configured credibility preference is not considered by CSPF, even though the configuration is deleted or changed to prefer another protocol in TED. PR1460283

  • The device might use the local-computed path for the PCE-controlled LSPs after the link or node fails. PR1465902

  • RSVP LSPs might not come up in a scaled network with very high number of LSPs if NSR is used on a transit router. PR1476773

  • RPD utilizes full CPU load and generates core files on the backup Routing Engine. PR1479249

  • The traffic might be silently discarded after the LACP timeouts. PR1452866

  • High CPU utilization for the rpd process might be seen if RSVP is implemented. PR1490163

Platform and Infrastructure

  • With CNH enabled, the MPLS CoS rewrite does not work for 6PE traffic. PR1436872

  • JNH memory leak might be seen when the CFM session over the VPLS LSI interface or VT interface flaps. PR1468663

  • Cm errors alarms on certain MPC line cards are classified as major, which should be minor or nonfatal. If these errors are generated, it might lead to a bad hardware condition and then the Packet Forwarding Engine disable action might be triggered. PR1449427

  • When the REST service configuration is modified, (for example, the REST service is configured and then deleted for multiple times) the system might become unresponsive, even to the SSH and console. This issue has service impact. PR1461021

  • FPC might reboot with vmcore due to memory leak. PR1449664

  • In an EVPN-VXLAN scenario, sometimes host-generated packets are dropped as they hit reject route in the Packet Forwarding Engine. PR1451559

  • The MPC might drop packets after you enable the firewall fast lookup filter. PR1454257

  • The DDoS protection does not stop logging when remote tracing is enabled. PR1459605

  • Need to make the version-03 CLI configuration flag optional. PR1462186

  • On the MX204 device, GRE with sampling causes the following Packet Forwarding Engine error: MQSS(0): MALLOC: Underflow error during reference count read - Overflow 1, Underflow 1, HMCIF 0, Address 0x8d62e0 PR1463718

  • EVPN-VXLAN tpye-5 tunnel might not work properly on the MX Series routers. PR1466602

  • On the MX Series Virtual Chassis setup, the Layer 2 traffic over aggregated Ethernet interfaces sent from one member to another is corrupted. PR1467764

  • The switch might not be able to learn MAC address with dot1x and interface-mac-limit configured. PR1470424

  • Kernel crash (vmcore) or FPC crash is observed due to mbuf leak. PR1468183

  • Memory leaks in the Packet Forwarding Engine due to the flapping of the 802.1X authenticator port interface. PR1480706

Routing Policy and Firewall Filters

  • The rib-group might not process the exported route correctly. PR1450123

  • Routes resolution might be inconsistent if any route resolving over the multipath route. PR1453439

Routing Protocols

  • Route churn might be seen after changing the maximum-prefixes configuration from value A to value B. PR1423647

  • If the same neighbor is configured under different RIP groups, the commit check fails to capture this invalid configuration and commit can be done successfully. However, the rpd process crashes. PR1485009

  • High CPU utilization might be observed when the outgoing BGP updates are sent slowly. PR1487691

  • The rpd might crash after configuring independent-domain under the master routing-instance. PR1469317

  • The rpd process might crash with the BGP multipath and route withdrawing occasionally. PR1481589

  • The rpd process crash might be observed if the multipath BGP routes leak from one routing instance to another routing table. PR1437837

  • The CPU utilization on rpd spins at 100 percent after the same external BGP route is learned in different VRF tables. PR1442902

  • The rpd might crash with SRTE configuration change. PR1442952

  • The rpd might crash after configuring the OSPF NSSA area-range and summaries. PR1444728

  • The BGP routes might fail to be installed in the routing instance if the from next-hop policy match condition is used in the VRF import policy. PR1449458

  • TI-LFA backup paths for adjacency SIDs is broken in OSPF. PR1452118

  • SSH login might fail if a user account exists in both local database and RADIUS or TACACS+. PR1454177

  • The rpd scheduler slip for BGP GR might be up to 120 seconds after the peer goes down. PR1454198

  • MoFRR with MLDP inband signal does not work. PR1454199

  • The rpd memory might leak in a certain MSDP scenario. PR1454244

  • The rpd process might crash when multipath is in use. PR1454951

  • Prefix SID conflict might be observed in an IS-IS setup. PR1455994

  • The rpd might crash when the OSPF router ID gets changed for NSSA with area-range configured. PR1459080

  • The rpd memory leak might be observed on the backup Routing Engine due to BGP flap. PR1459384

  • The rpd scheduler slips might be seen on an RPKI route validation-enabled BGP peering router in a scaled setup. PR1461602

  • Install all possible next hops for OSPF network LSAs. PR1463535

  • The IS-IS IPv6 routes might flap when there is an unrelated commit under the protocol configuration. PR1463650

  • BGP peers might flap if the parameter of hold-time sets is small. PR1466709

  • The BFD client session might flap when you remove the BFD configuration from the peer end (from other vendor) of the BFD session. PR1470603

  • The rpd might crash when both the instance-import and instance-export policies contain the as-path-prepend action. PR1471968

  • The rpd process might crash with BGP multipath and damping configured. PR1472671

  • Removing a cluster from a BGP group might cause prolonged convergence time. PR1473351

  • With IS-IS configured and in a very rare case, memory corruption might occur that might cause the rpd process to crash continuously. PR1455432

  • The rpd leaks RPD memory in RT_NEXTHOPS_TEMPLATE. PR1463112

  • The rpd process crashes due to specific BGP update packets. PR1481641

  • The rpd process might be crashed after the BGP peer flaps. PR1482551

Services Applications

  • The jl2tpd process might crash during the restart procedure. PR1461335

  • MX Series L2TP fails to forward the agentCircuitId and agentRemoteId AVP toward the LNS. PR1472775

  • The kmd might crash due to an incorrect IKE SA establishment after the remote peer's NAT mapping address is changed. PR1477181

Subscriber Access Management

  • DHCPv6 subscribers might get stuck in a state after the authd process crashes. PR1460578

  • The subscriber address allocation might fail after deleting the pool link in the middle of the chain. PR1465253

  • No volume attribute is in the Accounting Stop for Service session when the Activated Services session is configured. PR1470434

  • The subinterfaces might be missing in the NAS port ID. PR1472045

  • The authd might crash after ISSU from releases before Junos OS Release 18.3 to releases after Junos OS Release 18.4. PR1473159

  • Some address-relevant fields are missing when you execute the test aaa ppp command. PR1474180

  • The CoA request might not be processed if it includes the proxy-state attribute. PR1479697

  • The mac-address CLI option are not hidden under the access profile radius options calling-station-id-format statement. PR1480119

  • NAS-Port-ID includes sub-interface in the Radius messages for the aggregated Ethernet interface. PR1484351


  • The P1 configuration delete message is not sent on loading the baseline configuration if there has been a prior change in the VPN configuration. PR1432434

  • The Layer 2 circuit connections might get stuck in the OL state after changing the Layer 2 circuit community and flapping the primary LSP path. PR1464194

  • The rpd process might crash due to memory leak in the MVPN RPF Src PE block. PR1460625

  • The rpd process generates core file at rtbit_reset and rte_tgtexport_rth. PR1379621

  • In an MVPN scenario with ingress replication selective provider tunnel used, if the link-protection command is added or deleted from the LSP for MVPN, the rpd process might crash. PR1469028

Resolved Issues: 19.1R2

Class of Service (CoS)

  • Traffic drop occurs when deleting MPLS family or disabling interface that has non-default EXP rewrite-rules. PR1408817

  • The host-inbound packets might be dropped if configuring host-outbound FC. PR1428144

  • The dfwd crash can be seen with forwarding-class configuration in policers. PR1436894


  • The RA packets may be sent out without using the configured virtual gateway address. PR1384574

  • [EVPN/VXLAN] VTEP tunnel doesn't get deleted when EVPN peer goes down. PR1390965

  • The process rpd crash might be observed with EVPN type-3 route. churn PR1394803

  • Traffic drop might be seen when the core-facing link comes up in EVPN-VXLAN scenario. PR1408840

  • The next hop is not cleaned up properly when one of the multihomed CE-PE links goes down. PR1412051

  • EVPN-MPLS Single Active: [EVPN/7] /32 host route always appears on non-default PE device if CNH is ON, remote-ip-host-routes has no effect PR1419466

  • Rpd crash occurs on backup Routing-Engine after you enable nonstop-routing with EVPN. PR1425687

  • The device might proxy the ARP Probe packets in an EVPN environment PR1427109

  • The CE interface IP address is missed in mac-ip-table of the EVPN database PR1428581

  • Incorrect MAC count is seen with show evpn/bridge statistics. PR1432293

  • Stale MAC addresses are present in the bridge mac-table in EVPN/MPLS scenario. PR1432702

  • Asynchronous state between ARP table and Ethernet switching table happens if EVPN ESI link flaps multiple times PR1435306

  • IRB logical interface is not up when local L2 member is down and IM NH is present. PR1436207

  • Configuring ESI on a single-homed 25G port might not work PR1438227

  • The specific source-ports of UDP packet are dropped on EVPN/VXLAN setup PR1441047

  • Restarting l2-learning might cause some remote MAC addresses to move into forwarding dead state. PR1441565

  • Traffic drop might be seen in EVPN Layer 3 gateway scenario. PR1442319

  • The core-isolation feature does not work after you set or delete the no-core-isolation command on MX Series Devices. PR1442973

  • The EVPN type 2 routes might not be advertised properly in logical systems. PR1443798

  • The localhost address is missing from the EVPN database and mac-ip-table PR1443933

  • The bridge mac-table age timer does not expire for rbeb interfaces. PR1453203

  • Instance type is changed from VPLS to EVPN and this results in packet loss PR1455973

  • Delay factor might send back ARP request/NS to local segment under EVPN-ETREE leaf role conditions. PR1459830

  • In EVPN scenario memory Leak might be observed when proxy-macip-advertisement is configured. PR1461677

  • Traffic received from vtep gets dropped if the VNI value used for type-5 routes is greater than 65535. PR1461860

Forwarding and Sampling

  • In some later releases firewall filter action decapsulate gre cannot decapsulate IP-over-IP and IPv6-over-IP traffic. PR1398888

  • The SRRD might crash when memory corruption occurs. PR1414568

  • EVPN enhancement for MAC flush mechanism is needed in Junos OS. PR1421018

  • Junos 19.1: Firewall filter and policers not working correctly. PR1424183

  • rt-delay-threshold can be set below 1 second - but rt-marker-interval is limited to 1 second. PR1425544

  • The device is in amnesiac mode after ISSU with mgd: error: configuration check-out failed error generated. PR1432664

  • Enable interface with input/output vlan-maps to be added to a routing instance configured with a vlan-id/vlan-tags (instance type virtual-switch/vpls) PR1433542

  • The high CPU utilization of l2ald is seen after replacing EVPN configuration. PR1446568

  • [MX204] input/output counters of AE bundle/member links configured on non-default logical systems are not updated. PR1446762

  • ARP packets are getting dropped by Packet Forwarding Engine after you restart chassis-control in MX Series devices. PR1450928

  • Commit error and dfwd core files might be observed when applying a firewall filter with action then traffic-class or then dscp. PR1452435

General Routing

  • MX Series Virtual Chassis: suboptimal aggregate Ethernet load balancing occurs when an Aggregate Ethernet bundle is part of an ECMP path. PR1255542

  • BGP IPv4 PIC: Packet Forwarding Engine selector gets stuck in rerouted state on unilist next hop after primary AE link is activated or deactivated. PR1354786

  • Traffic might be blocked on MX Series device with MS-MPC/MS-MIC. PR1358019

  • Interface with Tri Rate Copper SFP(P/N:740-01311) in "MIC 3D 20x 1GE(LAN)-E,SFP" will stop forwarding traffic after ISSU upgrade. PR1379398

  • FPC errors might be seen in subscriber scenario. PR1380566

  • The unicast traffic from IRB interface toward LSI might be dropped due to Packet Forwarding Engine mismatching at egress processing. PR1381580

  • Interface filter statistics are not showing the input packet count/rejects, and show pfe statistics traffic does not report any normal discard. PR1383579

  • Subscriber connection setup is 30 percent lower than expected. PR1384722

  • The rpd process might end up with a stuck krt queue in VRF scenario. PR1386475

  • Migrate from syslog API to Errmsg API - VMhost messages seen in Junos OS. PR1387099

  • BBE SMGD generates core files if MTU is changed while subscribers are logged in on the physical interface. PR1389611

  • The high-cos-queue-threshold range is changed [uint 0 .. 90;]. PR1390424

  • The BNG might not respond with PADO and create any demux interface when PPPoE PADI packet is received. PR1390989

  • FPC might reboot on VMX in subscriber scenario. PR1393660

  • The FPC cards might not come up while performing ISSU on MX10003. PR1393940

  • IDS aggregate configuration command should not be considered for the installation of the IDS dynamic filter. PR1395316

  • Layer 3 gateway did not update ARP entries if IP or MAC addresses quickly move from one router to another router in EVPN-VXLAN environment PR1395685

  • VMHost RE 0 Secure BIOS Version Mismatch and VMHost RE 1 Secure Boot Disabled alarms are seen. PR1397030

  • The service PIC might crash while changing CGNAT mode. PR1397294

  • The PPPoE subscribers are unable to reconnect after FPC reboot. PR1397628

  • Confirmation message is missing when issuing request vmhost reboot re. PR1397912

  • The CLI command show system firmware gets hidden on MX Series platforms. PR1398022

  • The DHCPv6 relay-reply packet might be dropped by the DHCP relay. PR1399683

  • The na-grpcd log file is not rotated and keeps growing until Routing Engine is out of disk space. PR1401817

  • Continuous kernel crashes might be observed in backup Routing Engine or Virtual Chassis backup router. PR1404038

  • With MS-MPC and MS-MIC service cards SYSLOG messages for port block interim might show for the private IP addresses and PBA release messages might show IP that has undergone NAT as the private IP. PR1404089

  • Incorrect display of assigned prefixes to a subscriber in the output of show interface < dynamic demux interface>. PR1404369

  • Voltage read failed for rail LTC3887-EA1-VDD0V9R2-CH0. PR1405787

  • FPC crash might be seen when adding a leg to an AE bundle or FPC restarts in subscriber scenario. PR1405876

  • The FPC crash might be observed in MS-MPC high availability environment. PR1405917

  • The rpd might crash due to a race condition with the combination of community actions done at both a BGP import policy and a forwarding-table policy PR1406357

  • Change the default parameters for resource-monitor rtt-parameters. PR1407021

  • FPC might crash during the subscriber-related stress tests. PR1407285

  • The rpd might crash when a commit check is executed on LDP trace options filtering. PR1407367

  • FPC crash and slow convergence upon HMC Fatal error condition when inline J-Flow is used. PR1407506

  • Openconfig-network-instance:network-instances support for IS-IS must be hidden unless supported. PR1408151

  • The ToS/DSCP and TTL fields might not be copied into the outer IP header in Group VPN scenario. PR1408168

  • The misconfiguration of dynamic profile might cause the login issues of the subsequent subscribers. PR1409398

  • MX-MPC2-3D-EQ and MPC-3D-16XGE-SFPP will now show "Exhaust A" temperature, rather than Intake temperature. PR1409406

  • The CPU might be hogged by jsd process in JET scenario PR1409639

  • Nonexistent subscribers might appear in show system resource-monitor subscribers-limit chassis extensive output. PR1409767

  • Packets might be dropped if the traffic is forwarded through an LT interface. PR1410970

  • Slow SNMP on entityMIB during subscribers load test. PR1411062

  • A steady increase of the Packet Forwarding Engine heap memory utilization might happen when PPPoE subscribers are flapping. PR1411389

  • Parity error might cause FPC alarm. PR1411610

  • The file copy command might not work if the routing-instance option is not specified. PR1412033

  • The spfe on satellite device in Junos fusion setup might crash and it could cause the satellite device to get offline. PR1412279

  • Junos OS PCC might reject PCUpdate/PCCreate message if there is a metric type other than type 2. PR1412659

  • PPPoE subscribers might not be able to log in after unified ISSU. PR1413004

  • The rpd memory leak might be seen due to the incorrect processing of a transient event. PR1413224

  • Need to reduce max flow table size when using flex-flow-sizing. PR1413513

  • DHCP subscribers over HAG can result in core file generation. PR1413862

  • The services load balance might not be effective for AMS if the hash key under the forwarding-options hierarchy is configured. PR1414109

  • FPC crash might be observed if it reaches heap utilization limit. PR1414145

  • DHCP/DHCPv6 subscribers might fail to establish sessions on PowerPC based MX Series platforms. PR1414333

  • Anomaly in LED behavior occurs after rebooting the directly connected device. PR1414532

  • NPC might not apply configured resource-monitor thresholds after NPC. restart PR1414650

  • Firewall filters are not getting programmed into Packet Forwarding Engine.PR1414706

  • The user might not enter configure mode because of mgd is in lockf status. PR1415042

  • ICMP MTU exceeded error generated from Packet Forwarding Engine does not reach the expected source. PR1415130

  • Port speed change and scaled AE configuration can lead to MQSS errors and subsequent card crash. PR1415183

  • MTU issue might cause PS interface to flap during dcd restart or GRES switchover PR1415207

  • PCE-initiated LSPs get deleted because of incorrect timer timeout. PR1415224

  • The IRB interface might flap after committing a configuration change on any interface PR1415284

  • Jdhcpd core files is observed after the active lease-query configurations are deleted. PR1415990

  • BMP type 1 message with extra 24 bytes occurs at end of the message. PR1416301

  • Some IPsec tunnels might fail to pass traffic after GRES on MX Series platform. PR1417170

  • The ECMP fast reroute protection feature might not work on MX5, MX10, MX40, MX80, and MX104. PR1417186

  • The IPv6 neighbor might become unreachable after the primary link goes down in VPLS multihoming scenario PR1417209

  • An IPv4 packet with a zero checksum might not be translated to IPv6 packet properly in a NAT64 scenario. PR1417215

  • An invalid XML reply containing a duplicate tag might be seen when requesting get-arp-table-information through NETCONF. PR1417269

  • The JSU package installation might fail. PR1417345

  • Some subscribers might be offline when doing GRES or daemon restart PR1417574

  • Zero tunnel statistics are shown for the soft-gre tunnel. PR1417666

  • The BGP session might flap after Routing Engine switchover. PR1417966

  • CGNAT with MS-MPC card doesn't account for AP-P out of port errors or generate a syslog message when this condition is met PR1418128

  • There is no SNMP trap message generated for jnxHardDiskMissing/jnxHardDiskFailed on Summit MX PR1418461

  • Adding two or more ps interfaces might cause traffic drop in l2circuit scenario PR1418610

  • The lsp-cleanup-timer is not being honored when it is configured to be greater than 2,147,483,647. PR1418937

  • The PPPoE negotiation of subscriber connection might fail when 65535 is assigned as session-id PR1418960

  • RX alarms are not set as according to the threshold value configured for the DCO Tunable Optics. PR1419204

  • A PPP session under negotiation might be terminated if another PPPoE client bears the same session ID. PR1419500

  • CPU usage on service PIC might spike while forming an IPsec tunnel in a DEP/NAT-T scenario. PR1419541

  • A new tunnel could not be established after changing the NAT mapping IP address until the IPsec SA clear command is run. PR1419542

  • The message rtsock_peer_unconsumed_obj_free_int: unable to remove node from list is logged extensively. PR1419647

  • bbe-mibd memory leak causes the daemon to crash during live subscribers and SNMP OIDs query. PR1419756

  • The IPsec tunnel might get down when the platforms running Junos OS and the peer both act as the initiator and try to bring an IPsec tunnel up at the same time. PR1420293

  • The show chassis power output status doesn't seem right and there are also similar error messages in the syslog after you turn power off or on. PR1420571

  • SPC3 Storage and hard disc error log messages. PR1420800

  • PTP phase is aligned but TE and cTE are not good. PR1420809

  • The FPC CPU might be hogged if channelized interfaces are configured. PR1420983

  • MX LNS might fail to forward the traffic on the subscriber access route. PR1421314

  • Failed to reload keyadmin database for /var/etc/keyadmin.conf. PR1421539

  • Bbemg_smgd_lock_cli_instance_db should not be logged as error messages. PR1421589

  • VCP port reports MTU value 9152 in the ICMP MTU exceeded message while the VCP port MTU is set to 9148. PR1421629

  • The ps access interface is not marked as ccc down on standby/nondesignated PE devices.PR1421648

  • After a control plane event, a few ipsec tunnels failed to send traffic through the tunnel. PR1421843

  • RPM syslogs are not getting generated after deactivating aggregate interface. PR1421934

  • The changed value of remote-gateway does not take effect when the router acts as an initiator of IPsec-VPN tunnel. PR1421977

  • RSI bloat occurs due to vmhost-based log collection. PR1422354

  • Packet Forwarding Engine wedge might be observed after performing the command show forwarding-options load-balance .... PR1422464

  • The XML output might be not hierarchically structured if you issue the show security group-vpn member ipsec statistics command. PR1422496

  • The CoS iEEE-802.1 classifier might not get applied when it is configured with service activation on underlying-interface PR1422542

  • Incorrect burst-size is seen when the traffic-control-profile is applied to a ps (or pseudowire) interface. This causes unexpected behavior and the queues are not able to process the expected traffic. PR1422549

  • The allocation of MAC address might fall out of the MAC address pool on MX204 platform PR1422679

  • SFP-T/SX/LX is not working with QSA adapter in on MX10003. PR1422808

  • The show system subscriber-management summary command should include a failure reason for standby disconnect when primary and backup Routing Engine memories mismatch. PR1422976

  • A stuck lock in shared memory might prevent subscribers from logging in again after deamon crash. PR1424607

  • Incorrect PIC mode on MX204 MX1RU when PIC mode is changed to default mode. PR1423215

  • While committing a huge configuration customer is seeing the error error: mustd trace init failed. PR1423229

  • The set forwarding-options enhanced-hash-key symmetric is not effective on MX10003. PR1423288

  • IP packet drop might be seen in Layer 2 circuit scenario. PR1423628

  • Traffic is dropped after FPC reboot with AE member links deactivated by remote device. PR1423707

  • MPC10E-15C-MRATE: crash seen at Ktree alloc ( jnh_dfw_instance_add (filter_index=< optimized out>) at ../../../../../src/pfe/common/applications/dfw/dfw_iff.c:1030 with inline and scale prefix filter. PR1423709

  • On MX204 Optics ’SFP-1GE-FE-E-T’ I2C read errors are seen when an SFP-T is inserted into a disabled state port. PR1423858

  • A PTP asymmetry change needs PTP bouncing. PR1423860

  • The bbe-smgd process might crash after executing the command show system subscriber-management route prefix <>. PR1424054

  • The port configured for 1-Gbps speed flaps after Routing Engine switchover. PR1424120

  • The interface configured with 1G speed on JNP10K-LC2101 cannot come up PR1424125

  • The system does not reboot , even though disk-failure-action reboot or disk-failure-action halt is configured. PR1424187

  • Continuous disk error logs appear on VCP virtual console (requesting switchover due to disk failure on ada1). PR1424771

  • The rpd keeps crashing after changing configuration PR1424819

  • The jdhcpd might consume 100 percent CPU and crash if dhcp-security is configured. PR1425206

  • Interface with FEC disabled might flap after Routing Engine mastership switchover. PR1425211

  • The rpd will crash continuously if MD5 authentication on any protocols is used along with master-password PR1425231

  • Soft GRE tunnel route is lost after reboot/GRES or upgrade in WAG scenario PR1425237

  • The mspmand process might crash and restart with a mspmand core file created after doing a commit change to deactivate and activate service-set PR1425405

  • The following log message is seen continuously on MX204 router: fru_is_present: out of range slot 0 for. PR1425411

  • Getting Unisphere-UpStream-Calc-Rate as 0 while verifying L2BSA RADIUS accounting stop packets after performing GRES. PR1425512

  • All interfaces creation failed after NSSU. PR1425716

  • MPC reboot or Routing Engine mastership switchover might occur on MX204/MX10003. PR1426120

  • Logical Interfaces Targeting: 18,000 phantom distributed interfaces are displayed for AE interface with the targeted distribution enabled on it, when there are no active subscribers. PR1426157

  • Interfaces might go come to down after device reboots. PR1426349

  • PEMs lose DC output power load sharing after PEM switch off and on operation on MX Series platforms. PR1426350

  • Some CFM and BFD sessions might flap while collecting MPLS statistics PR1426727

  • The show lldp neighbors interface command does not display all interface information. PR1426793

  • The decoding of telemetry data at collector might not be correct if you configure. PR1426871

  • Traffic loss might be seen when multiple IPsec tunnels are established with the remote peer. PR1426975

  • Traffic might not flow through MACsec interface even after an unsupported cipher-suite is removed. PR1427294

  • ENTITY MIB has incorrect containedIn values for some fixed MPCs with built-in PICs. PR1427305

  • Rebooting or halting Virtual Chassis member might cause 30 seconds of down time on RTG link. PR1427500

  • When broadband edge PPPoE and DHCP subscribers coming up over Junos fusion satellite ports are active, commit full and commit synchornization full commands fail. PR1427647

  • When installing YANG package without proxy-xml command, the CLI environment might not work well. PR1427726

  • The subscriber IP route might got stuck in bbe-smgd if the subscriber IP address is the same as the local IP address. PR1428428

  • In correct display of MAC/MAC+IP and count values occurs, after setting global-mac-limit and global-mac-ip-limit. PR1428572

  • The PTSP subscribers are stuck in the configured state after being rejected by the RADIUS server. PR1428688

  • Incorrect IGMP statistics are seen for dynamic PPP interfaces. PR1428822

  • Fabric drops might be seen on MX10003 platform when two FPCs come online together. PR1428854

  • Incorrect IGMP interface counter for dynamic PPP interfaces. PR1429018

  • The emitted XML is INVALID error is thrown for show virtual-network-functions. PR1429090

  • L2TP subscriber and MPLS pseudowire subscriber volume accounting statistics value remains unchanged post unified ISSU. PR1429692

  • Extra incorrect MAC move might be seen when the host moves continuously between the different ESIs. PR1429821

  • The AE interface does not come up after rebooting the FPC/device even though the physical member link is up. PR1429917

  • Configuration is prevented from being applied on MX Series device in subscriber scenario. PR1430360

  • Performance degradation for about 20 seconds occurs after the fabric board on MX10008/100016 is taken offline. PR1430739

  • Disabling DAC QSFP port might not work on MX204/10003 or EX9251. PR1430921

  • Inline LSQ might not work when it is configured on the same FPC where MIC-3D-16CHE1-T1 is slotted. PR1431069

  • Error might be observed when using a script to load configuration. PR1431198

  • The destination unreachable counter was counting up without receiving traffic. PR1431384

  • During the stress tests, bbe-smgd process might crash on backup Routing Engine when performing GRES. PR1431455

  • The bbe-smgd might crash if subscribers are trying to log in or out while a configuration commit is occurring at the same time. PR1431459

  • Subscribers coming from new physical interfaces might not log in in due to 512 entries limit in the subscriber-limit table PR1431566

  • SIB Link Error detected on a specific Packet Forwarding Engine might cause complete service impact. PR1431592

  • Allow installation of three identical framed routes in the same routing-instance. PR1431891

  • MX10003 - A PEM not present alarm is raised when the minimum required PEM exists in the system. PR1431926

  • Dual stack subscriber accounting statistics are not baselined when one stack logs out. PR1432163

  • Traffic might be sent on the standby link of AE bundle and get lost with LACP fast-failover enabled PR1432449

  • Change to in-use parameterized filter prefix-list could result in bbe-smgd core file on the backup Routing Engine. PR1432655

  • Traffic will be dropped if sa-multicast is in the configuration. PR1433306

  • RSI and RSI brief should not include show route forwarding-table when Tomcat enabled. PR1433440

  • Collected service statistics are all zero after ISSU for MPC2. PR1433589

  • Lawful intercept for subscriber traffic is not programmed in Packet Forwarding Engine if it's activated by Access-Accept. PR1433911

  • URL case-sensitivity support is needed. PR1434004

  • Incorrect PLUGGABLE ID 17 on MX10003-LC2103. PR1434183

  • RPD generates a core file during the route flash when the policy is removed. PR1434243

  • The repd process might crash after booting first time with a newly installed Junos release. PR1434363

  • Packet Forwarding Engine memory leak might be seen if MLPPP links are flapped. PR1434980

  • MicroBFD 3x100ms flap upon inserting a QSFP to other port. PR1435221

  • DHCPv6 advertise to client might use incorrect destination MAC address. PR1435694

  • Total number of packets mirrored, after DTCP trigger add and DTCP enable, is not in the expected range while verifying traffic on mirror port after DTCP drop policy enable. PR1435736

  • MPC7/8/9/MX10003 MPC/EX9200-12QS/EX9200-40XS line card might crash in a scaling setup. PR1435744

  • The mc-ae interface might get stuck in waiting state in dual mc-ae scenario. PR1435874

  • The local route in the secondary routing table that gets stuck in the KRT. PR1436080

  • ifHCInOctets counter on AE interface going to zero value when SNMP MIB walk is executed. PR1436201

  • A few static PPP subscribers get stuck in initialization state permanently and the following error message is seen Failed to create client session, err=SDB data corrupted. PR1436350

  • Subscriber interim statistics might be reset to zero in MX Series Virtual Chassis setup after GRES. PR1436419

  • Router is not reachable after downgrade from Junos OS Release 18.2-20190513.0 to 18.2R2.6. PR1436832

  • MPC10E-15C-MRATE: Micro BFD sessions do not come up in centralized mode. PR1436937

  • Schema XSDs are missing objects/commands in Junos OS Release 19.1R1. PR1437469

  • The CPU utilization on a daemon might remain around 100 percent or the backup Routing Engine might crash in race conditions. PR1437762

  • LNS router might send the router-advertisement packet with NULL source link-layer option field. PR1437847

  • The chassisd might crash after enabling hash-key. PR1437855

  • (seen only on legacy image) Unified ISSU is failing from Junos OS Release 19.1R1 legacy images. PR1438144

  • Subscriber flows might not be synchronized between AE members on MX Series Virtual Chassis platforms. PR1438621

  • CGNAT logs are not received by the syslog server over TCP-based-syslog when data traffic is sent at 10000 sessions/second. PR1438928

  • Command show jdaf service cmd statistics / clients is not available on Evolved. PR1439118

  • FPC on Virtual Chassis backup router might reboot in MX Series Virtual Chassis scenario. PR1439170

  • The vlan all interface all combination is not working as expected under VSTP. PR1439583

  • The bbe-smgd core files are generated after restart. PR1439905

  • CoS related errors are seen and subscribers could not get service. PR1440381

  • CPU might hang or interface might be stuck down on particular 100G port on MX, EX, and PTX. PR1440526

  • FPC may stuck in 100% CPU utilization due to continuous work of bulk manager thread. PR1440676

  • DHCP offer packets towards IRB over LT interface getting dropped in DHCP relay environment. PR1440696

  • The Layer 2 dynamic VLAN might be missed when an interface is added or removed for an ae interface. PR1440872

  • For a route received through EBGP the AIGP value might not be considered as expected. PR1441438

  • LINX: SNMP trap comes twice for FRU removal in MX10000- one trap with FRU nameas FPC: JNP10K-LC2101 and second with FRU name as FPC @ 1/*/*.PR1441857

  • The packets originating from the IRB interface might be dropped in VPLS scenario. PR1442121

  • The chassisd is unable to power off a faulty FPC after Routing Engine switchover which leading to chassisd restart loop. PR1442138

  • The operational status of the interface in hardware and software might be out of synchronization in EVPN setup with arp-proxy feature enabled. PR1442310

  • In "enhanced-ip" or "enhanced-ethernet" mode with DCU (destination-class-usage) accounting enabled, MS-DPC might drop all traffic that should egress through ae interface. PR1442527

  • EVENT UpDown interface logs are partially collected in syslog messages. PR1442542

  • Different formats of the B4 addresses might be observed in the SERVICES_PORT_BLOCK_ALLOC/RELEASE/ACTIVE log messages. PR1442552

  • A few Path Computation Element Protocol (PCEP) logs are marked as ERROR even though they are not. Now severity of those logs are corrected as INFO. PR1442598

  • DHCPv6 Client might fail to get an IP address. PR1442867

  • The bbe-smgd might crash on MX Series platforms. PR1443109

  • The kmd process might crash and restart with a kmd core file created if IP of NAT mapping address for IPsec-VPN remote peer is changed. PR1444183

  • MX204: Larger than MTU packets of GRE data get dropped when sampling is enabled on the egress interface. PR1444186

  • High CPU utilization might be observed for eventd along with error logs. PR1444462

  • Inline-keepalive might stop working for LNS subscribers if the routing-services command is enabled. PR1444696

  • Access route might stuck in bbe-smgd and RPD not cleared. PR1445155

  • The CPCDD process continuously generates core files and the process stops, in ServicesMgr::ServicesManager::cpcddSmdInterface::processInputMsg. PR1445382

  • ECMP-FRR might not work for BGP multipath ECMP routes. PR1445391

  • Detached LACP member link gets LACP State as enabled in Packet Forwarding Engine when switchover because of device reboot. PR1445428

  • The 1G interface on MX204 might stay down after the device is rebooted. PR1445508

  • The l2ald might crash when FPC is restarted. PR1445720

  • The mspmand process might crash if URL filtering is configured and one blacklisted domain name is a sub-string of another blacklisted domain name in URL filter database file. PR1445751

  • The process jdhcpd might crash after issuing the show access-security router-advertisement-guard command. PR1446034

  • The static route for NAT might never come up if switchover the service interface which has NAT and GR configuration. PR1446267

  • Accurate statistics might not include packets forwarded during the last two seconds before subscriber termination. PR1446546

  • NAT service-set in certain scale might fail to get programmed. PR1446931

  • CST: ISSU:core-RMPC3.gz.core.0 is seen and ISSU-failure seen for MPC5. PR1446993

  • The jflow version 5 stops working after changing "input rate" value. PR1446996

  • The no-control-word creates a traffic black hole when used with Redundant LT (or rlt interface) for PWHT (or ps0 interface). PR1447917

  • The rpd process might crash if BGP is activated/deactivated multiple times. PR1448325

  • DCD CPU spike is seen after a Junos upgrade from Junos OS Release 14.2 to 16.1. PR1448858

  • PR-1444575-fix-test: FPC rebooted during off-lining PIC-0. PR1449067

  • The DHCP relay feature might not work as expected with helpers bootp configured. PR1449201

  • Increase in the maximum value of delegation-cleanup-timeout. PR1449468

  • Need to provide more meaningful error message, while doing commit on JDM without exchanging the SSH keys. PR1449871

  • No localhost ifl for rtt 65535 can be seen on MX Series running junos enhanced subscriber management feature. PR1450057

  • Interfaces might flap forever after deleting the interface disable configuration. PR1450263

  • VLAN configuration change with l2ald restart might cause Kernel sync issues and impact forwarding. PR1450832

  • Configuring a new burst-size under traffic-control-profile is not taking effect. PR1451033

  • IPSec[SNMP]: Snmp query for IPSec Decrypted/Encrypted packets does not fetch right values; observing KMD_SNMP_FATAL_ERROR. PR1451324

  • RMPC core files are found found after configuration changes done on the network for PTP/Clock Synchronization. PR1451950

  • MX10003: MACsec framing errors are seen when ever sequence number exceed 2 power 32 with XPN (Extended Packet Numbering). PR1452851

  • PTP might go out of sync due to l2ald hwdb access failure. PR1453531

  • Alarm was not sent to syslog on MX10003 platform. PR1453533

  • ANCP subscriber information is lost after daemon restart. PR1453837

  • The FPC might crash when the severity of error is modified. PR1453871

  • Radius Interim accounting statistics are not populated on the MX204. PR1454541

  • The access request for L2BSA port up may not be retransmitted if the radius server used to be unreachable. PR1454975

  • JNS/GNF: CRAFTD syslogs fatal errors along with junk characters upon its startup and exits after four startup attempts. PR1454985

  • Device chooses incorrect source address for locally originated IPv6 packets in routing-instance when destination address is reachable through static route with next-table command. PR1455893

  • There is high temperature from show chassis environment output after MPC4E insert to slot 5. PR1456457

  • The CLI command with invoke-on" and display xml rpc results in unexpected multiple RPC commands. PR1456578

  • Default value of 2^32 replay-window size results in framing errors at an average of one in 2^32 frames received. PR1457555

  • The chassisd process and all FPCs might restart after Routing Engine switchover. PR1457657

  • The subscriber routes are not cleared from backup Routing Engine when session is aborted. PR1458369

  • Subscribers unable to login due to NACK from MCAST after 2million + mcast subscribers log in. PR1458419

  • The error messages with create_pseudos: unable to create interface device for pip0 (File exists) might be seen after restarting chassisd. PR1459373

  • Incomplete output of show ancp subscriber access-aggregation-circuit-id < access aggregation circuit ID>. PR1459386

  • Telemetry streaming of mandatory TLV 'ttl' learnt from LLDP neighbor is missing. PR1459441

  • FDB is not flushing cause silent drop in traffic in ethernet ring scenario. PR1459446

  • In MC-LAG scenario traffic destined to VRRP virtual MAC gets dropped. PR1459692

  • AUTO-CORE-PR :CPCDD core found @ ServicesMgr::ServicesManager::cpcddSmdInterface::processServiceNotifyMsg ,SmdInterface::cbStateSyncServiceNotifyMsgHandler ,statesync_consumer_poll_new_state_cb. PR1459904

  • The PPTP does not work with destination NAT. PR1460027

  • repd core file is seen during system boot up. PR1461796

  • The BBE statistics collection and management process, bbe-statsd memory issue on backup Routing Engine. PR1461821

  • The CHASSISD_SNMP_TRAP6: SNMP trap generated: Power Supply failed when both DIP switches and power switch are turned off. PR1462065

  • The MPC2E-NG/MPC3E-NG card with specific MIC might crash after a high rate of interface flaps. PR1463859

  • The PPPoE session gets in the Terminated state and the accounting stop for the session which is delayed. PR1464804

  • MPC5E or MPC6E line cards might crash due to internal thread overusing the CPU. PR1464820


  • SNMP OID IFOutDiscards are not updated when drops increasing. PR1411303

  • The traffic to the NLB server might not be forwarded if the NLB cluster works on multicast mode. PR1411549

  • Junos OS: MX Series: An MPC10 Denial of Service (DoS) due to OSPF states transitioning to Down, causes traffic to stop forwarding through the device. PR1418955

  • Increase in Junos OS image size for Junos OS Release 19.1R1. PR1423139

  • The duplex status of management interface might not be updated in the output of show command. PR1427233

  • The operations on console might not work if the statement system ports console log-out-on-disconnect is configured. PR1433224

Interfaces and Chassis

  • Changing the value of mac-table-size to default might lead all FPC to reboot. PR1386768

  • NPC crash @rt_nh_install (rnh=0x618123d8, rnh_src=0x0, rt=< optimized out>, p_rtt=0x74f886c0) at ../../../../src/pfe/common/pfe-arch/trinity/applications/route/rt_nh.c:631. PR1396540

  • Missing mandatory ICCP configuration statement redundancy-group-id-list produces misleading error message. PR1402606

  • Unrelated ae interfaces might go down if committing configuration changes. PR1409535

  • MX Virtual Chassis unified ISSU is not supported when Redundant LT (RLT) is configured. PR1411729

  • Family inet of the unnumbered interface might be getting deleted when deleting one of the IPs of the binding interface. PR1412534

  • Inline Periodic packet management (PPM) adjacency (rx) session might be programmed with the incorrect packet template. PR1417707

  • Monitor ethernet loss-measurement command returns Invalid ETH-LM request for unsupported outgoing IFL. PR1420514

  • Invalid speed value on an interface might cause other interface configuration loss. PR1421857

  • Syslog message : /kernel: %KERN-3: pointchange for flag 04000000 not supported on IFD aex upon LFM related configuration commit on ae interfaces. PR1423586

  • The demux interfaces will be down after changing the MTU of the underlying et interface. PR1424770

  • The cfmd might crash on DPCE. PR1424912

  • The IFLs in EVPN routing instances might flap after committing configurations. PR1425339

  • The statement flexible-queuing-mode is not working on FPCs of Virtual Chassis member 1. PR1425414

  • Upgrade from pre Junos OS Release 17.4R1 release results in cfmd core files. PR1425804

  • CFM message is flooding. PR1427868

  • The vrrpd process might crash after deleting VRRP sessions for several times. PR1429906

  • The NCP session might be brought down after IPCP Configure-Reject is sent. PR1431038

  • VRRP mastership might flap when the tracked route is deleted or the tracked interface goes down. PR1432361

  • jppd No termination Ack for a LACP Termination request RFC 1661. PR1433489

  • Discrepancy of bytes and packets count in Routing Engine CLI for traffic and transit stats for ZT. PR1435416

  • Mixed link-speed ae bundle could not add new sub-interface successfully. PR1437929

  • Targeted-distribution for static demux interface over aggregate ether interface does not take correct lacp link status into consideration when choosing primary and backup links. PR1439257

  • The cfmd process might crash after a restart on Junos OS Release 17.1R1 and above. PR1443353

  • Enhancement of add or delete a single VLAN in vlan-id-list under interface family bridge. PR1443536

  • The OAM CCM messages are sent with a single tagged VLAN even when configuring with two VLANs. PR1445926

  • MX Series Virtual Chassis on MX10003: Unable to connect to newly installed Routing Engine from other Routing Engine's in MX Series Virtual Chassis. PR1446418

  • Initiating a Routing Engine switchover on VRRP backup router through a CLI command might cause VRRP state for ae bundle interfaces transitions to 'Master' state even configured with protocols vrrp delegate-processing ae-irb statement, then very shortly afterward to backup again. PR1447028

  • L2ALD failed to update composite NH. PR1447693

  • The ifinfo daemon might crash on the execution of show interface extensive command. PR1448090

  • While master Routing Engine failure and system switches to backup Routing Engine, some VRRP sessions ppm transmissions state might be stuck in Distributed: AWAITING.PR1450652

  • LACP daemon crashed continuously. PR1450978

  • [PDT][CFM] CUC-1751: Some CFM UP MEP sessions do not come up in scaled scenarios over Layer2VPN circuits on Lag interfaces. PR1454187

  • The VRRP traffic loss is longer than one second for some backup groups after performing GRES. PR1454895

  • Mismatched MTU value causes the RLT interface to flap. PR1457460


  • Some error messages might be seen when using J-Web. PR1446081

Junos fusion for provider edge

  • Incorrect power values for extended optical ports. PR1412781

  • The sdpd process might continuously crash if there are more than 12 cascade-ports configured to a satellite device. PR1437387

  • The aggregated Ethernet interface might flap whenever a new logical interface is added to it. PR1441869

Layer 2 Features

  • VPLS : LSI interface are not created and remote MACs are not learned with RPD_KRT_Q_RETRIES: ifl iff add: Device busy. PR1295664

  • QinQ might be malfunctioning if vlan-id-lists are configured. PR1395312

  • The rpd crashes after iw0 interface is configured under a VPLS instance. PR1406472

  • Traffic loss might be seen over LDP-VPLS scenario. PR1415522

  • Broadcast traffics might be discarded in a VPLS local-switching scenario. PR1416228

  • Commit error will be seen but the commit is processed if adding more than o. PR1420082

  • VPLS neighbors might stay in down state after configuration changes in vlan-id. PR1428862

  • After disabling and enabling the aggregate interface, the next-hop of CE facing aggregate interface might be in an incorrect state. PR1436714

Layer 2 Ethernet Services

  • LACP PDU might be looped towards peer MC-LAG nodes. PR1379022

  • On EVPN setups, incorrect destination MAC addresses starting with 45 might show up when using the show arp hostname command. PR1392575

  • Junos OS: MX Series: jdhcpd crash when receiving a specific crafted DHCP response message (CVE-2019-0063). PR1415242

  • jdhcpd becomes aware about some of the existing configuration only after commit full or jdhcpd restart. PR1419437

  • Change the nd6 nexthops to reject NH once l2 interfaces gets disassociated with ipv6 entries. PR1419809

  • The jdhcpd process might consistently run at 100% CPU and not provide service if the delay-offer is configured for DHCP local server. PR1419816

  • BBE: DHCP subscribers on non-default routing instance went down after unified ISSU. PR1420982

  • jdhcpd daemon might crash during continuous stress test. PR1421569

  • MX: LACP: The error message fpc3 user.err aftd-trio: [bt] #1 JnhHandle:: been logged. PR1424106

  • The DHCP DECLINE packets are not forwarded to DHCP server when forward-only is set within dhcp-reply. PR1429456

  • DHCP request might get dropped in DHCP relay scenario. PR1435039

  • The jdhcpd process might go into infinite loop and cause 100% CPU usage. PR1442222

  • The dhcp-relay statement might not work on MX10008 platforms. PR1447323

  • Some additional information can be provided in DHCPv6 option 17. This option can be in SOLICIT or REQUEST messages. BNG should relay the information from this option to RADIUS servers in ACCESS REQUEST message in the attribute 26-207. Before the fix from the PR the information was not relayed. PR1448100

  • PPPoE holding DHCPv6 prefix causes DHCPv6 binding failure due to duplicate prefix. PR1453464

  • DHCP packet might not be processed correctly if DHCP option 82 is configured. PR1459925


  • Stale LSPs might exist if primary LSP goes down immediately after bypass LSP. PR1242558

  • RPD might restart after a MPLS LSP flap if no-cspf and fast-reroute are configured in an LSR ingress router. PR1368177

  • DSCP bit Marking of LSP self-ping is not compliant with rfc7746. PR1371486

  • The rpd process might crash when executing traceroute mpls bgp. PR1399484

  • LDP tunneling configuration triggers huge scheduler slips, causing IGP flapping. PR1410827

  • The rpd might crash in BGP-LU with egress-protection while committing configuration changes. PR1412829

  • The rpd might crash after spring-te is deactivated. PR1414323

  • Rpd memory might leak when RSVP LSP is cleared or re-signaled. PR1415774

  • Services dependent on LDP might be impacted if committing any configuration changes. PR1416032

  • Traffic blackhole might be seen due to a long LSP switchover duration in RSVP-signaled LSP scenario. PR1416487

  • LDP route might be missing in inet.3 when enabling sr-mapping-client on LDP-SR stitching node. PR1416516

  • RSVP LSP might get stuck in down state in OSPF Multiarea topology. PR1417931

  • Traffic might be dropped due to LDP label corruption after Routing Engine switchover. PR1420103

  • Incorrect length for Sub-TLV 34 (RFC 8287) in MPLS Echo Request. PR1422093

  • LDP might not update the LDP ingress route metric when inet.3 route flash happens before inet.0. PR1422645

  • The dynamic bypass RSVP LSP tears down when being used to protect LDP LSP. PR1425824

  • mpls ping sweep stops working and CLI gets unresponsive. PR1426016

  • MPLS LSP auto-bandwidth statistics miscalculations might lead to a high bandwidth reservation. PR1427414

  • M/MX: continuous rpd core @ l2ckt_alloc_label , l2ckt_standby_assign_label , l2ckt_intf_change_process in the new backup during GRES in MX2010 box. PR1427539

  • Traffic loss might be observed after changing configuration under protocols mpls in ldp-tunneling scenario. PR1428081

  • The LDP might withdraw a label for an FEC once the IGP route is inactive in inet.0. PR1428843

  • When MBB for P2MP LSP fails, it is stuck in the old path. PR1429114

  • MPLS ingress LSPs for LDP link protection are not coming up after the disabling/enabling of MPLS. PR1432138

  • SRLG entry shows Unknown after removing it from configuration in show mpls lsp extensive output or show mpls srlg. Shows Unknown-0xXX (XX will vary). PR1433287

  • The P2MP LSP branch traffic might be dropped for a while when the Sender Provider Edge is performing switchover. PR1435014

  • Traffic loss might be seen after LDP session flaps rapidly. PR1436119

  • The rpd might crash after executing ping mpls ldp. PR1436373

  • The LDP route and LDP output label are not showing in the inet.3 table and LDP database respectively if enable OSPF rib-group. PR1442135

  • LINX:lsi intf/Layer2 Virtual Chassis goes down on one router in VPLS domain through the mpls path is still available in inet.3. The reason shows as mpls label out of range. PR1442495

  • The backup LSP path messages are rejected if the bypass tunnel path is an inter-area LSP. PR1442789

  • RSVP Path message with long refresh interval is dropped between Junos pre-16.1 and 16.1+ nodes. PR1443811

  • P2MP LSP might get stuck in the down state after link flaps. PR1444111

  • The rpd memory leak might be seen when the inter-domain RSVP LSP is in down state. PR1445024

  • Traffic might silently drop if two consecutive PLRs along the LSP perform local repair simultaneously under certain mis-configured conditions. PR1445994

  • The transit packets might be dropped if an LSP is added or changed on MX/PTX device. PR1447170

  • Traffic drop might be seen after traceoption configuration committed in RSVP P2MP scenario. PR1447480

  • The LDP route timer is reset when committing unrelated configuration changes. PR1451157

  • Pervious configured credibility preference it is not considered by CSPF despite the configuration is deleted or changed to prefer another protocol in TED. PR1460283

  • RPD core files and high CPU usage is seen on MX104. PR1460292

Network Address Translation (NAT)

  • The nsd process might crash when SNMP query deterministic NAT pool information. PR1436775

Network Management and Monitoring

  • The snmp query might not get data in scaled l2circuits environment. PR1413352

  • Syslog match filtering does not work if single line of /etc/syslog.conf is over 2048 bytes. PR1418705

  • MX10000 reports jail socket errors. PR1442176

  • hrProcessorFrwID will be set to 0.0 of type "OBJECT IDENTIFIER" to fix the NMS warnings as it is using Integer value not OCTET STRING. PR1446675

Platform and Infrastructure

  • All FPC cards might restart after Layer 3 VPN routes churn. PR1398502

  • Class-of-service configuration changes might lead to traffic drop on cascade port in Junos fusion setup. PR1408159

  • Traffic is getting dropped when there is a combination of DPC/MX-FPC card and MPC card on egress PE router in Layer 3 VPN. PR1409523

  • DDoS violation for lldp, mvrp, provider mvrp and dot1x is incorrectly reported as LACP DDoS violation. PR1409626

  • The VLAN tag is incorrectly inserted on the access interface if the packet is sent from an IRB interface. PR1411456

  • Error logs might be observed after performing unified ISSU. PR1412463

  • The MPC might crash when one MIC is pulled out during this MIC is booting up. PR1414816

  • Distributed multicast forwarding to the subscriber interface might not work. PR1416415

  • Some applications might not be installed during upgrade from an earlier version that does not support FreeBSD 10 to FreeBSD 10 (based system). PR1417321

  • op URL command can't run a script with libs from /config/scripts. PR1420976

  • The ARP request might not be replied although proxy-arp is configured. PR1422148

  • The slax scripts triggered by event options might be stuck forever. PR1422939

  • show jnh trap-info with incorrect LU instance caused a crash and core file on FPC. PR1423508

  • The native VLAN ID of packets might fail to be removed when leaving out. PR1424174

  • The policer bandwidth might be wrong for the aggregate interface after activating the shared-bandwidth-policer. PR1427936

  • With CNH for 6PE, MPLS EXP rewrite rule for non-VPN IPv4 over MPLS traffic might not work. PR1430878

  • Pre-fragmented ICMP IPv4 packets might fail to arrive at the destination. PR1432506

  • The FPC might crash when the firewalls filter manager deals with the firewall filters. PR1433034

  • Enable sensor /junos/system/linecard/qmon/ causing continuous ppe_error_interrupt errors. PR1434198

  • Traffic from the same physical interface cannot be forwarded. PR1434933

  • The device might not be accessible after the upgrade. PR1435173

  • The IPv4 packet larger than mtu-v6 might be dropped by the MAP-E BR device. PR1435362

  • MAP-E encapsulation or decapsulation with specific parameter might work incorrectly. PR1435697

  • The /var/db/scripts directory might be deleted after executing request system zeroize. PR1436773

  • The BGP session might flap after Routing Engine switchover done simultaneously on both boxes of BGP peer in scaled BGP session setup. PR1437257

  • The next-hop mac address in the output from show route forwarding-table command might be incorrect. PR1437302

  • The multicast traffic is dropped while multicast ingress replication is configured with local-latency-fairness. PR1438180

  • A certain combination of allow-commands and deny-commands do not work properly after Junos OS Release 18.4R1. PR1438269

  • The inner IPv4 packet might get fragmented using the same size as mtu-v6 setting which is used for the MAP-E softwire tunnel in MAP-E configuration. PR1440286

  • When host bound packet received in MAP-E BR router, service interface statistics counter shows incorrect number of bytes. PR1443204

  • Packets drop due to missing destination MAC in the Packet Forwarding Engine. PR1445191

  • Python op scripts executed as user nobody if started from NETCONF session, not as a logged in user, resulting in failing PyEZ connection to the device. PR1445917

  • Some hosts behind unnumbered interface are unreachable after the router/FPC restarts. PR1449615

  • FPC might reboot with vmcore due to memory leak. PR1449664

  • REST API process will get non-responsive when a number of request is coming with a high rate. PR1449987

  • The Routing Engine originated IPv6 packets might be dropped when interface-group rule is configured under IPv6 filter. PR1453649

Routing Policy and Firewall Filters

  • Configuration commit operation after policy change causes rpd crash. PR1357802

  • MX Series: CLI knob as-path-expand last-as commit failure. PR1388159

  • The route-filter-list with non-continuous match might not work as expected after being updated. PR1419731

  • Policy matching RD changes next-hop of the routes which do not carry RD. PR1433615

  • Routes resolution might be inconsistent if any route resolving over the multipath route. PR1453439

Routing Protocols

  • Junos BGP Established state is not shown in show bgp summary if only master routing instance is present. PR600308

  • RPD crashes due to assert in bgp_io_write_user_handler_int(). PR1351639

  • Qualified next hop of static route might not be withdrawn when BFD is down. PR1367424

  • Routing Engine-based micro BFD packets do not go out with configured source IP when the interface is in logical-system. PR1370463

  • The rpd might crash under a rare condition if GR helper mode is triggered. PR1382892

  • BGP sessions might keep flapping on backup Routing Engine if proxy-macip-advertisement is configured on IRB interface for EVPN-VXLAN. PR1387720

  • In rare cases rpd might crash after Routing Engine switchover when BGP multipath and L3VPN vrf-table-label are configured. PR1389337

  • Processing a large scale as-path regex will cause the flap of the route protocols. PR1396344

  • There might be unexpected packets drop in MoFRR scenario if active RPF path is disabled. PR1401802

  • IGMP join through PPPOE sub not propagated to upstream PIM. PR1407202

  • BFD link-failure detection of the broken path will be delayed when IGP link-state update is received from the same peer through an alternative path. PR1410021

  • BGP might get stuck in an Idle state when the peer triggers a GR restart event. PR1412538

  • The Layer 3 VPN link protection doesn't work after flapping the CE facing interface. PR1412667

  • TI-LFA cannot find backup path when ISIS OverLoad bit is set on computing node. PR1412923

  • SID label operation might be performed incorrectly in OSPF SPRING environment. PR1413292

  • The unexpected AS prepending action for AS path might be seen after the no-attrset statement is configured or deleted with vrf-import/vrf-export configuration. PR1413686

  • Dynamic routing protocol flapping with vmhost Routing Engine switchover on NG-RE. PR1415077

  • The IS-IS-SR route sent by the mapping server might be broken for ECMP. PR1415599

  • Route info might be inconsistent between RIB and OSPF database when using OSPF LFA feature. PR1416720

  • Junos OS: OpenSSL Security Advisory [26 Feb 2019]. PR1419533

  • A memory leak in rpd might be seen if source packet routing is enabled for IS-IS protocol. PR1419800

  • BFD crash after GRES was done @ __assert (func=0x831a40e "bfdd_link_session", file=0x831a24a "../../../../../../src/junos/usr.sbin/bfdd/bfdd_session.c" PR1420694

  • IPv6 IS-IS routes might be deleted and not be reinstalled when MTU is changed under the IFL level for family inet6. PR1420776

  • Route churn might be seen after changing maximum-prefixes configuration from value A to value B. PR1423647

  • The rpd might crash if no-propagate-ttl is configured in BGP multipath scenario. PR1425173

  • The multicast traffic might be dropped when proxy mode is used for igmp-snooping. PR1425621

  • The rpd might crash in PIM scenario with auto-rp enabled. PR1426711

  • The rpd might crash while removing multicast routes that do not have an associated (S,G) state or activating the accept-remote-source statement on PIM upstream interface. PR1426921

  • The rpd might crash while handling the withdrawal of an imported VRF route. PR1427147

  • MVPN traffic might be lost for around 30 seconds during Routing Engine switchover. PR1427720

  • The rpd would generate core files due to improper handling of Graceful Restart stale routes. PR1427987

  • RPD might crash with ospf overload configuration. PR1429765

  • The next-hop of IPv6 route remains empty when a new IS-IS link comes up. PR1430581

  • BGP knob multipath multiple-as does not work in specific scenario. PR1430899

  • IPv6 aggregate routes are hidden. PR1431227

  • Unsupported configuration (EPE with dynamic-next-hop GRE tunnels) continuously causing RPD to generate core files.PR1431536

  • The show isis adjacency extensive output is missing state transition details. PR1432398

  • In BFD and GR enabled scenario, BFD DOWN packets are not being sent immediately after BFD failure. PR1432440

  • Per-Prefix LFA might not work as expected where the last hop needs to be protected on the penultimate node. PR1432615

  • PIM-SM join message might be delayed with MSDP enabled. PR1433625

  • With SR enabled 6PE next-hop is not installed. PR1435298

  • The rpd might crash during the best path changes in BGP-L3VPN with multipath and no-vrf-propagate-ttl enabled. PR1436465

  • BGP route next-hop can be incorrect in some scenarios with PIC edge configuration. PR1437108

  • Removing SSH Protocol version 1 from configuration. PR1440476

  • RIP routes are discarded by Juniper devices when the next-hop field in the RIPv2 response packet contains a subnet Broadcast address. PR1441452

  • The rpd process might crash in inter-AS option B Layer 3 VPN scenario if CNHs is used. PR1442291

  • IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507

  • The rpd might crash in OSPF scenario due to invalid memory access. PR1445078

  • The BGP route prefixes are not being advertised to the peer. PR1446383

  • The as-external route might not work in ospf overload scenario for VRF instance. PR1446437

  • The rpd might crash when the policy applied to the MoFRR is deleted. PR1446472

  • The rpd CPU utilization gets 100% due to incorrect path-selection. PR1446861

  • The multicast traffic might be dropped in PIM with BGP PIC setup. PR1447187

  • The rpd crashes and commit fails when trying to commit configuration changes. PR1447595

  • Layer 3 VPN PE-CE link protection exhibits unexpected behavior on MX2000 platforms. PR1447601

  • Junos BFD sessions with authentication flaps after a certain time. PR1448649

  • Intra-router PPMD[RE] to PPMAN[FPC] connection could be closed if the session timeout is greater than 3 seconds in either direction. PR1448670

  • The BGP routes might fail to be installed in routing instance if the from next-hop policy match condition is used in the VRF import policy. PR1449458

  • The rpd memory might leak in a certain MSDP scenario. PR1454244

  • The rpd might crash continuously due to memory corruption in IS-IS setup. PR1455432

  • Prefix SID conflict might be observed in ISIS. PR1455994

  • Routing-process is crashing when OSPF router-id get changed for NSSA area. PR1459080

  • The rpd memory leak might be observed on backup routing engine due to BGP flap. PR1459384

  • RPD scheduler slips might be seen on RPKI route validation enabled BGP peering router in a scaled setup. PR1461602

Services Applications

  • ms- used for IPSEC PIC is listed in show services ha detail as standby. This is a cosmetic issue. PR1383898

  • SPD_CONN_OPEN_FAILURE: spd_svc_set_summary_query: unable to open connection to si-0/0/0 (No route to host). PR1397259

  • [technology/subscriber_services/jl2tpd] [all] RPT BBE Regressions : ERA Value does not match with configured values while verifying new ERA settings and they are reflected in message logs. PR1410783

  • jpppd generates core files on LNS. PR1414092

  • L2TP LAC might fail to tunnel static pp0 subscriber to the desired LNS. PR1416016

  • IPsec SA might not come up when the Local gateway address is a VIP for a VRRP configured interface. PR1422171

  • In subscriber with L2TP scenario, subscribers are stuck in INIT state forever. PR1425919

  • Some problems might be seen if client negotiates LCP with no ppp-options to LAC. PR1426164

  • The kmd process might crash when DPD timeout for some IKEv2 SAs happens. PR1434521

  • Traffic might be dropped in IPsec VPN scenario when the VPN peer is behind a NAT device. PR1435182

  • The output of show subscriber user-name on LTS shows only one session instead of two. PR1446572

  • The jl2tpd process might crash during the restart procedure. PR1461335

Software Installation and Upgrade

  • JSU might be deactivated from FPC in case of power cycle. PR1429392

Subscriber Access Management

  • Authd telemetry: Linked pool head attribute is incorrect for single pools. PR1413293

  • The subscriber service profile might be unable to be changed by RAR message in PCRF/Gx-Plus scenario. PR1417987

  • CoA-NACK is not sent when performing negative COA Request tests by sending incorrect session-id. PR1418144

  • Subscribers might not be able to re-login in Gx-plus provisioning scenario. PR1418579

  • PPPoE session might be disconnected when LI attributes are received in access-accept with invalid data. PR1418601

  • Address allocation issue with linked pools when using linked-pool-aggregation. PR1426244

  • RADIUS authentication server might always be marked with DEAD. PR1429528

  • Subscriber filtering for General Authentication Services traceoptions will report debug messages for other users. PR1431614

  • Incorrect Acct-Session-Time : Acct-Session-Time is not zero, though no Start event occurred. PR1433251

  • The output of test aaa ppp is missing <radius-server-data> tag. PR1444438

  • On MX platforms a false error might be received for SAE policy activation or deactivation failure. PR1447632

  • Subscribers Login fails when PCRF Server is unreachable. PR1449064

  • DHCPv6 subscribers might be stuck in a state after the authd process crash. PR1460578

  • Problem with linked-pool-aggregation after attempting to delete a pool in middle of the chain. PR1465253

User Interface and Configuration

  • Junos fusion: show chassis hardware satellite command is not available on Junos OS 17.3 versions. PR1388252

  • Junos OS: Insecure management daemon (MGD) configuration might allow local privilege escalation (CVE-2019-0061). PR1406219


  • In a specific CE device environment in which asynchronous-notification is used, after the link between the PE and CE devices goes up, the Layer 2 circuit flaps repeatedly. PR1282875

  • The multicast traffic drop might be seen when static-umh is configured in NGMVPN scenario. PR1414418

  • The rpd might crash in rosen MVPN scenario when a same provider tunnel source address is being used for both IPv4 and IPv6. PR1416243

  • The deletion of (S,G) entry might be skipped after the PIM join timeout. PR1417344

  • The rpd crash might be seen if layer 2 circuit or local-switching connections flap continuously. PR1418870

  • The rpd process might crash in rare conditions when Extranet NG-MVPN is configured. PR1419891

  • Permanent traffic loss is seen on NGMVPN selective tunnels after Routing Engine switchover (one-time). PR1420006

  • MPLS LSP ping over l2circuit might not work when flow-label is enabled. PR1421609

  • The rpd process might crash and generates core files during mpls ping command on l2circuit. PR1425828

  • MVPN using PIM Dense mode does not prune the OIF when PIM prune is received. PR1425876

  • The resumed multicast traffic for certain groups might be stopped in overlapping MVPN scenario. PR1441099

  • Memory leak might happen if PIM messages received over an MDT (mt- interface) in Draft-Rosen MVPN scenario. PR1442054

  • The rpd process might crash due to memory leak in "MVPN RPF Src PE" block. PR1460625

Resolved Issues: 19.1R1

Application Layer Gateways (ALGs)

  • DNS requests with EDNS options might be dropped by DNS ALG. PR1379433

  • On MX Series routers with FTP ALG enabled, if there are more than one FTPS connection between a pair of FTP client and server, the closure of one connection might affect the other connections between the pair of FTP client and server. There might be traffic impact. It is a rare timing issue. PR1483834

Authentication and Access Control

  • MAC move might occur in a DHCP security scenario. PR1369785

  • The dot1xd might crash when dot1xd receives incorrect reply length from the authd. PR1372421

  • IPv4/IPv6 DHCP security client entries will be recorded on TRUSTED ports as well. PR1390676

  • Push-to-JIMS now supports pushing the authenticated entry to all online JIMS servers. PR1407371

Class of Service (CoS)

  • The cosd process might crash during committing configuration change through netconf. PR1403147

Flow-Based and Packet-Based Processing

  • Issues occur with fragmentation and ALG support for Power Mode IPsec. PR1397742


  • EVPN type-5 route might be lost if chained-composite-next-hop statement is configured. PR1362222

  • Packet drop is seen in EVPN stitching with IRB configured. PR1363935

  • The EVPN implementation does not follow RFC-7432. PR1367766

  • EVPN A/A multihomed PE device occasionally prefers to route to a directly connected prefix using LSPs toward the multihomed peer instead of going directly out of the IRB interface (which is up). PR1376784

  • The RA packets might be sent out without using the configured virtual gateway address. PR1384574

  • EVPN-VXLAN: Flood is not programmed for VTEP interfaces for more than 5 minutes after BGP bounce. PR1396597

  • IPv6 link-local address for virtual-gateway address is marked as duplicate in EVPN. PR1397925

  • When committing a configuration for a VLAN adding to an EVPN instance and an aggregated Ethernet interface, respectively, the newly added VLAN interface count might be zero (0) in that bridge domain. PR1399371

  • EVPN type 2 MAC+IP route is stuck when the route advertisement has two MPLS labels and withdrawal has one label. PR1399726

  • The rpd core file is generated upon Routing Engine switchover with scaled EVPN configuration. PR1401669

  • The rpd crashes due to memory corruption in EVPN. PR1404351

  • EVPN database and bridge mac-table are out of sync after core link flap. PR1404857

  • The rpd might crash on a leaf node when handling withdrawal of the remote or local MAC address in an EVPN-VXLAN scenario. PR1405681

  • The rpd might crash after NSR switchover in a EVPN scenario. PR1408749

Forwarding and Sampling

  • In EVPN A/A scenario with MX or EX acting as PE device, flood next-hops to handle BUM traffic might not get created or miss certain branches when the configuration is performed in a particular sequence. PR1377749

  • LTS subscriber statistics are reported to RADIUS. PR1383354

  • Adjusting mac-table-size configuration might cause an l2ald crash. PR1383665

  • The LSI binding for the IPv6 neighbor is missing. PR1388454

  • The filter counter is not written to the accounting file when accounting is enabled on the bridge firewall filter. PR1392550

  • The l2ald process might crash when doing commit check for some specific configurations. PR1395368

General Routing

  • We advise migrating from syslog API to Errmsg API:/src/junos/usr.sbin/mspsmd. PR1284654

  • MX150: Cannot copy files from the USB flash to Junos OS Virtual Machine. PR1333201

  • Large-scale users logging in and logging out might cause a mgd memory leak. PR1352504

  • Traffic loss might be seen on the new master after interface flap is followed by Routing Engine switchover in a VRRP scenario. PR1353583

  • The packets might be dropped when they go through the MX104 built-in interface. PR1356657

  • The show chassis ethernet-switch command output is different on MX10008 routers. PR1358853

  • MX Series BNG does not generate the ESMC/SSM quality level failed SNMP trap alarm. PR1361430

  • The inline J-Flow sampling configuration might cause an FPC crash on MX Series routers. PR1362887

  • MX Series Virtual Chassis: The request to record the VCCP heartbeat state changes in syslog by default. PR1363565

  • FPM board status is missing in the SNMP MIB walk result. PR1364246

  • The netproxy service client component fails to restart after issuing the request vmhost reboot command. PR1365664

  • The following errors are seen in the syslog: LOG : Err] Failed to allocate 2 jnh-dwords for encap-ptr(ether-da)!,LOG: Err] gen_encap_common: jnh-alloc failed! 8 PR1366811

  • When you configure vrrp delegate-processing with tomcat enabled, the Packet Forwarding Engine dropped vrrp packets and count sw error. PR1369503

  • MPC5E restarted at trinity_pio_io_func, pio_read_u32, xqchip_read_u32, xqchip_issu_disable_q_stats, qchip_issu_disable_q_stats, issu_asic_prepare (pfe_idx=0 '\000') at ../../../../src/pfe/common/applications/issu/jam/issu_jam_npc_pfe.c:65 PR1369635

  • Image installation on SD fails with the following error: Unable to read reply from software add command to re1; error 1. PR1372877

  • Core file is generated in ifinfo at pif_af_fe_info pif_af_ifd when displaying the af interface information. PR1373436

  • LDP convergence delay might be seen after a IGP metric change with the bgp-igp-both-ribs statement configured. PR1373855

  • The filter service might fail to get installed for the subscriber in a scaled BBE scenario. PR1374248

  • A few L2BSA subscribers might be stuck in init, terminating, or terminated state after the previous logout. PR1375070

  • SFB and PDM/PSU-related information is missing in jnxBoxAnatomy MIB on high-end MX Series routers. (MX2010/2020). PR1375242

  • The bbe-smgd core file might be seen after doing GRES. PR1376045

  • MS-MPC might have performance degradation under scaled fragmented packets. PR1376060

  • Interface optic output power is not zero when the port has been disabled. PR1376574

  • CI: Not generating Power Supply failed trap. PR1376612

  • After NAT64 router (with MS-MPC) translates an IPv6 fragment to an IPv4 fragment, router is not inserting the correct value in the identification field of the IPv4 header. PR1378818

  • The bbe-smgd process generates repeated core files and stops running as a result of long-term session database shared memory corruption. PR1388867

  • Traffic might be discarded without notification when CoS configuration is changed on a PS interface. PR1379530

  • Protocol adjacency might flap and FPC might reboot if jlock hog happens. PR1379657

  • MSQQ error logs and potential MPC traffic impact are seen when the physical interface link goes down. PR1380183

  • The pfe_disable action should also disable the logical interfaces belonging to the affected Packet Forwarding Engine. PR1380784

  • Encryption and decryption is not happening, because the Packet Forwarding Engine discards it while testing that group-vpn member was established using the authentication-method preshared key ascii-text. PR1381316

  • Traffic might be discarded without notification that is caused by FPC offline in MC-LAG scenario. PR1381446

  • In MX3ru for Junos OS Release 18.3R1, unified ISSU will fail if QSA is plugged in. PR1382126

  • The MPC6E might crash while fetching PMC device states. PR1382182

  • High CPU utilization is seen for chassisd on bsys, ~20 percent st steady state. PR1383335

  • The configuration configured through the NETCONF session might fail. PR1383567

  • MBFD flaps because clksync congests the scheduler for 100 ms. PR1384473

  • The rpd generates a core file at krt_table_rtbit_q_handler , krt_q_flush (startp=0xcca2c500, endp=0xcca2e9d0, isflash=0, todo=0x7fffffffe204),rtbit_free (rtbh=0x4145540). PR1385005

  • The MPLS packets with more than eight labels will not be processed by J-Flow. PR1385790

  • The vFPC CPU is running very high on vMX. PR1385853

  • The device with more than five IP addresses configured in the DHCP server-group goes into amnesiac mode after reboot. PR1385902

  • In subscriber management environment DHCP Subscriber might get stuck in terminated state. PR1386662

  • In case an LSP is locally configured without an explicit path, the ERO object remains empty in the PCRpt generated by PCC. PR1386935

  • Uninitialized EDMEM[0x400094] Read (0x6db6db6d6db6db6d) logs are seen with sampling applied to a subscriber with routing-service applied. PR1386948

  • The rpd might crash when traceoptions are enabled. PR1387050

  • On MX2000 routers, the backup CB's chassis environment status shows up as “Testing” even after the backup CB becomes online by removal or insert operation. PR1387130

  • The bbe-smgd process might crash when two subscribers log in with the same framed-route prefix and preference values. PR1387690

  • Some SFBs might go down when one of the PSMs in the chassis generates a bad output voltage that is out-of-range. PR1387737

  • FPC core file is seen at sensor_export_time_exceed_limit agent_health_monitor_data_reap when Jinsight is configured. PR1388112

  • Psec IKE keys are not cleared when delete or clear notification is received from peer on GRES-enabled DUT. PR1388290

  • Fabric drops might be seen if using a newer generation of MPC with SFB2. PR1388780

  • Incorrect value for flow packets or octets fields might be seen in an inline J-Flow scenario, PR1389145

  • IGMP group threshold exceed log message prints an incorrect demux logical interface. PR1389457

  • MX204: Excluding the speed CLI option under the interface level. PR1389918

  • The jnxFruState might show incorrect PIC state after replacing an MPC with another MPC with less numver of PICs. PR1390016

  • Traffic destined to VRRP VIP gets dropped because the filter is not updated to the related logical interface. PR1390367

  • The delete chassis redundancy command with routing-options nonstop-routing is not giving a commit warning. PR1390575

  • Delay in CLI output with second or more show subscriber <> extensive queries when the first session is sitting at -(more)- prompt displaying show subscribers extensive command output. PR1390762

  • Trailing chars are seen in GNMI get API reply. PR1390967

  • All the BBE and ESSM subscriber sessions might be lost after GRES or unified ISSU. PR1391409

  • The routing-engine-power-off-button-disable statement does not work on MX204 and MX10003 routers. PR1391548

  • The bbe-smgd process might crash after committing configuration changes. PR1391562

  • The bbe-smgd process might crash in a corner case if family inet6 is used in the dynamic profile. PR1391845

  • On MX2000, fans start spinning at high speed upon inserting previously offlined FPC. PR1393256

  • Third-generation FPC reboot loop is caused because of having internal intf issues. PR1393643

  • Junos OS enhancement configuration statement added to modify mcontrol watchdog timeout. PR1393716

  • If FPGA on the new master CB has a specific hardware failure, the chassid might keep crashing after GRES switchover. PR1393884

  • Expected entries like "UI_COMMIT_PROGRESS" are not getting populated while checking with Junos OS script session for obtaining the syslog output. PR1394780

  • MPC7, MPC8, and MPC9 might not boot in the MX Series Virtual Chassis. PR1396268

  • Adding IRB to bridge-domain with PS interface causes a kernel crash. PR1396772

  • The MS-MPC might generate a core file when mspmand receives a non-synchronized packet of TCP. PR1396785

  • A smid process memory leak occurs, and it does not come down from 100 percent. PR1397643

  • PFT MX10008: Inline-services enabling the Flex-Flow-Sizing take more than 12 minutes to move to steady state. PR1397767

  • The show system errors active command is not showing the error for MPC3E next-generation HQoS. PR1398084

  • Kernel core file is generated on vMX. PR1398320

  • MPLSoUDP tunnels do not come up on interface route - dyn_tunnel_fwd_route_eligible - because next-hop type is configured as interface. PR1398362

  • High jsd or na-grpcd CPU usage might be seen even if JET or JTI is not used. PR1398398

  • IPsec tunnel cannot be established, because the tunnel SA and rule are not installed in the PIC. PR1398849

  • The bbe-smgd process might crash when executing the show pppoe lockout command. PR1398873

  • Wrong timestamp is displayed in the jvision collector log file. PR1399829

  • ARP refresh functionality might fail in an EVPN scenario. PR1399873

  • JET/PRPD incompatibility for the rib_service.proto field RouteGateway.weight occurs from Junos OS Release 18.4R1 to Release 18.4R2 and onward. PR1400563

  • The mgd-api crashes due to memory leak. PR1400597

  • Only one Packet Forwarding Engine could be disabled on FPC with multiple Packet Forwarding Engines in error/wedge condition. PR1400716

  • The authd might crash when issuing the show network-access requests pending command during the authd restarting. PR1401249

  • The show | compare output on global group changes loses the diff context after a rollback or “load update” is performed. PR1401505

  • The subscriber route installation fails because some interface states are not properly installed. PR1401506

  • FPC core files are generated due to a corner case scenario (race condition between RPF, IP flow). PR1401808

  • JET authentication does not work for usernames and passwords of certain lengths. PR1401854

  • Traffic loss is seen for IGMP subscribers after GRES. PR1402342

  • The MPC might crash due to the CPU hogging by dfw thread. PR1402345

  • Some error logs might be seen on FPC when reading attempt from uninitialized memory location. PR1402484

  • FPC might crash after you offline or online MIC-3D-16CHE1-T1-CE-H. PR1402563

  • DHCP subscriber cannot reconnect over dynamic VLAN demux interfaces because of RPF check failure. PR1402674

  • Host outbound traffic might be dropped on MPC7, MPC8, and MPC9 PR1402834

  • Observed rpd core files when a few colored LSPs are changed to uncolored LSPs. The cores are at <<< #0 tag_cmp_tag (tag1=0x0, tag_label1=0x0, tag2=0x98b6628, tag_label2=0x98b6644) at ../../../../../../../../../../src/junos/usr.sbin/rpd/lib/mpls/label_mgr/core/mpls_label.c:473 473 if (tag1->tagt_mtu != tag2->tagt_mtu) >>> PR1403208

  • Reported Log Variance might be incorrect if the PTP profile is changed from G.8275.2 to SMPTE or another multicast IP profile. PR1403219

  • Smg-service might become unresponsive. PR1403480

  • The time synchronization through PTPoE might not work when Enhanced Subscriber Management is enabled on MX Series routers. PR1404002

  • The FPC might crash in a CoS scenario. PR1404325

  • The repd continues to generate core files on VC-Bm when there are too many IPv6 addresses on one session. PR1404358

  • The targeted-broadcast statement does not work on the IRB interface. PR1404442

  • Configuration load override or load replace resets ANCP neighbors. PR1405318

  • NAT64 translation issues of ICMPv6 packet-too-big message occur with MS-MPC/MS-PIC. PR1405882

  • Fabric performance drop is seen on MPC7, MPC8, MPC9E, and SFB2-based MX2000 routers. PR1406030

  • Traffic impact might be seen if auto-bandwidth is configured for RSVP LSPs. PR1406822

  • New CLI option is introduced to display DF and MLR in split format. PR1406884

  • Layer 2 VPN will flap repeatedly after link up between PE and CE devices under "asynchronous-notification" and "some types of MICs" conditions. PR1407345

  • NPC core files are generated after daemon restart in #0 jnh_get_oif_nh (ifd=0x51a51a80, ifl=0x6aeb52e0, family_mtu=0, max_mpls_labels=0 '\000', pad_ge_frame_check=< optimized out>, ret_jnh=0x483a54a8) at ../../../../src/pfe/common/pfe-arch/trinity/toolkits/jnh/jnh_if.c:15248. PR1407765

  • Ephemeral database might get stuck during commit. PR1407924

  • Traffic forwarding fails when crossing VCF members. PR1408058

  • Alarm mismatch in total memory is detected after running the reboot vmhost both command. PR1408480

  • TFTP of MPC line cards images fails when performing unified ISSU. PR1408558

  • Python script might stop working due to Too many open files error. PR1408936

  • interface-set meta-data needs to include the CoS TCP names in order to aid collector reconciliation with queue-stats data. PR1409625

  • FPC might generate core files during next-hop change due to FPC reboot or interface flap when using MPLS inline J-Flow. PR1409807

  • When using SFP+, the interface optic output might be non-zero even when the interface has been disabled. PR1410465

  • Traffic loss might be seen on MPC8E and MPC9E after requesting one of the SFB2s to go offline/online. PR1410813

  • Kernel replication failure and vmcore are seen because add IPv6 route prefix operation is not supported with the next-hop to be ATM interface. PR1411376

  • MX10003: The rpd crash with switchover-on-routing-crash does not trigger a Routing Engine switchover and the rpd on the master Routing Engine goes into STOP state. PR1412322

  • During unified ISSU from Junos OS Release 16.1R4-S11.1 to Junos OS Release 18.2R2-S1.2, CoS GENCFG write failures are observed: [ COS(cos_rewrite_do_pre_bind_add_action:676): Binding of table 44226 to ifl 1073744636 failed, table already bound to ifl ]. PR1413297

  • MPC10E line card will not power up in old MidPlane MX chassis when using Junos OS Release 19.1R1. PR1413373

  • Broken support of [family inet6 filter] on the ATM interface. PR1413663

  • The bbe-smgd process might have memory leak while running the show system subscriber-management route route-type <> routing-instance <> command. PR1415922

  • In the scenario where the MX and the peer both try to bring an IPsec tunnel up but the peer side does not answer the MX requests, we can bring the peer initiated tunnel down. PR1420293

  • The bbe-smgd process might crash and might not recover in a rare scenario. PR1420376


  • The error of jlaunchd: disk-monitoring is thrashing, not restarted might be seen. PR1380032

Interfaces and Chassis

  • In case of MPLS, DMR packets are sent with different MPLS expiration bits if the MX Series router receives CFM DMM packets with varying expiration values on the MPLS header. PR1365709

  • Constant dcpfe process crash might be seen if using an unsupported GRE interface configuration. PR1369757

  • The jpppd process might crash if the EPD value contains a format specifier. PR1384137

  • DCD core file can be seen after FPC restart if channelized interfaces are configured. PR1387962

  • All DPCs might crash while adding or deleting a logical interface from the aggregated Ethernet bundle. PR1389206

  • The interface-control process thrashes and dcd does not restart after adding an invalid demux interface to the configuration. PR1389461

  • Decoupling of Layer 2 logical interface configuration from bridge-domain or EVPN configuration. PR1390823

  • Interim accounting updates might not be sent for subscribers after Junos OS selective update. PR1391011

  • A dcd memory leak might be seen when committing configuration change on static route tag. PR1391323

  • Error message might be seen if GR interface is configured. PR1393676

  • DCD crashes on deleting the sub interface from VPLS routing-instance when the same sub interface is also part of mesh-group. PR1395620

  • The MIC Error code: 0x1b0002 alarm might not be cleared for MIC on MPC6 when the voltage has returned to normal. PR1398301

  • The backup Routing Engine might get stuck in amnesiac mode after reboot. PR1398445

  • All dcd operations might be blocked if profile-db is corrupt. PR1399184

  • Certain otn-options cause interface flapping during commit. PR1402122

  • Subscriber might not be able to access the device due to the conflicted assigned address. PR1405055

  • The cfmd might fail to start after it is restarted. PR1406165

  • The aaa-options configuration statement for PPPoE subscribers does not work on the MX80 and MX104 routers. PR1410079


  • Junos OS: Persistent XSS vulnerability in J-Web (CVE-2019-0047). PR1410400

  • Junos OS: Session fixation vulnerability in J-Web (CVE-2019-0062). PR1410401

Layer 2 Features

  • The unicast traffic from IRB interface toward LSI might be dropped due to Packet Forwarding Engine mismatch at egress processing. PR1381580

  • Flow label is still used by ingress PE though the egress PE is not configured/supporting for Flow label in a VPLS multihomed Scenario. PR1393447

  • In a Layer 2 domain (for example, bridge-domain, VPLS), there is unexpected flooding of unicast traffic at approximately every 40 seconds toward all local CE-facing interfaces. PR1406807

Layer 2 Ethernet Services

  • The subscriber's authentication might fail when the link-layer address that is encoded in the DHCPv6 DUID is different from the actual link-layer hardware address. PR1390422

  • The SNMP query on LACP interface might lead to lacpd crash. PR1391545

  • Log messages dot1xd[]: task_connect: task ESP CLIENT:...: Connection refused might be reported in Junos OS Release 17.4 or later. PR1407775


  • The rpd might crash on the backup Routing Engine after switchover. PR1382249

  • MPLS LSP will remain in the down state due to routing loop detection after flapping link between PE router and egress PE router. PR1384929

  • Configured bandwidth 0 does not get applied on the RSVP interface. PR1387277

  • The bypass LSP might pass through an unexpected path that includes the same SRLG as the protected TE link that is down. PR1387497

  • The rpd process might keep crashing repeatedly if the LSP destination address is set to be PR1397018

  • The rpd might crash when the LDP route with indirect next-hop is deleted. PR1398876

  • A single-hop bypass LSP might not be used for traffic when both transit chaining mode and sensor-based statistics are used. PR1401152

  • Resources might be reserved for stale RSVP LSP when RSVP is disabled on the interface. PR1410972

  • LDP crash is caused by an ldp_label_bind_route assert condition. PR1413231

  • LDP native IPv6 loopback remains in inet6.3 after removing the IPv6 address from the core interface. PR1414965

Platform and Infrastructure

  • MQCHIP CPQ block should report major alarm. PR1276132

  • Some line cards might crash in a subscriber scenario enabled with distributed IGMP. PR1355334

  • The FPC might crash continuously when the filters in the same filter list refer to a same nested filter PR1357531

  • The kernel and ksyncd core files are generated after dual cb flap at rt_nhfind_params: rt_nhfind() found a next-hop different from that on the master 30326. PR1372875

  • The traffic traversing an IRB interface might not be tagged with a VLAN if the packets go through an additional routing instance. PR1377526

  • IPv6 ping might fail for spine node in a EVPN scenario. PR1380590

  • Packet drops on interface occur if the gigether-options loopback statement is configured. PR1380746

  • The jcrypto syslog help package and events are not packaged even when the following error message is compiled: Below KMD help syslogs are missing help syslog | match KMD KMD_IKEV2_CONFIG_PAYLOAD_FAILED IKE Phase-1 Config Payload failed KMD_INSTALL_JUNOS_IKE Inform user to install junos-ike package KMD_PEER_CERT_VERIFY_FAILED IKE Phase-1 peer certificate verification failed KMD_VPN_DFBIT_STATUS_MSG VPN DF bit status set KMD_VPN_DOWN_ALARM_USER VPN monitor detected IPSec SA is down KMD_VPN_PV_LIFETIME_CHANGED Config key liftetime test changed KMD_VPN_PV_PHASE1 ike-phase1 failures over configured auditable threshold KMD_VPN_PV_PHASE2 ike-phase2 failures over configured auditable threshold KMD_VPN_PV_PSK_CHANGED Pre-shared Key changed KMD_VPN_PV_REAUTH_FREQUENCY_CHANGED Config key reauth frequency changed KMD_VPN_PV_XAUTHC_AUTH_FAIL ike-xauth-client authentication failure KMD_VPN_TS_MISMATCH IPSec traffic-selector mismatch KMD_VPN_UP_ALARM_USER VPN monitor detected that an IPsec SA is up. KMD_XAUTH_AUTHENTICATE_FAILED IKE Phase-1 XAUTH authentication failed PR1290089

  • The dfwd might crash with DFWD_TRASHED_RED_ZONE log messages. PR1380798

  • Traffic loss is seen in Layer 2 VPN with GRE tunnel. PR1381740

  • MAC learning might get stuck on MX Series routers with DPC and MPC. PR1383233

  • jlock hog is reported at restart routing. PR1389809

  • Individual command authorization might cause mgd crash. PR1389944

  • Traffic is being dropped when passing through MS-DPC to MPC. PR1390541

  • The RADIUS authentication does not work through management-instance for IPv6 family. PR1391160

  • The lockout-period might not work for the user being locked out. PR1393839

  • RVT interface might start flapping. PR1399102

  • In a scaled scenario (500 TWAMP control sessions and 500 TWAMP test sessions), a few TWAMP connections might fail to establish. PR1399547

  • Syslog error messages: [LOG: Err] COS_HALP(cos_halp_get_fabric_stats_per_pfe:3211): pfe_id 0 cchip 0[LOG: Err] COS_HALP(cos_halp_get_fabric_stats_per_pfe:3272): No PFE found for pfe_id_start 0. PR1402377

  • MAP-E some ICMP types cannot be encapsulated/decapsulated on SI interface. PR1404239

  • When a non-root user tries to archive the var/log, some files are missing if a cscript.log file exists. PR1405903

  • Abnormal queue-depth counters appear in show interface queue command output on interfaces associated to XM2 and 3. PR1406848

  • Ipv6 drops due to output trunk vlan lookup failed. PR1407200

Routing Policy and Firewall Filters

  • The set metric multiplier offset might overflow or underflow. PR1349462

  • The rpd process might crash if then next-hop is configured for the LDP export policy. PR1388156

  • The rpd process might crash when routing-options flow configuration is removed. PR1409672

Routing Protocols

  • BGP might not advertise routes on the existing BGP peer after adding a Layer 3 VPN instance. PR1237006

  • Migrate from syslog API to Errmsg API: /src/junos/usr.sbin/ppmd. PR1284621

  • The BGP session might be stuck with high BGP OutQ value after GRES on both sides. PR1323306

  • The VRF static route might not be exported when route-distinguisher-id is used on RR in a BGP Layer 3 VPN scenario. PR1341720

  • The dynamic next-hop template cache does not shrink when the application frees the next-hop template and there are surplus templates in cache. PR1346984

  • vFPC might continuously crash on vMX platform. PR1364624

  • Ukern memory leak and core crash are seen in BGP environment. PR1366823

  • The static route might persist even after its BFD session goes down. PR1385380

  • The rpd might crash after issuing the show route detail operational command for RIP route. PR1386873

  • Penultimate-hop router does not install BGP LU label, causing traffic to be discarded without notification. PR1387746

  • IGMPv3/MLD membership requests might not work normally. PR1389119

  • Unexpected packet loss might be seen for some multicast groups during failure recovery with both MoFRR and PIM automatic MBB join load-balancing features enabled. PR1389120

  • FPC might crash when BGP multipath is configured with protection. PR1389379

  • BGP IPv6 routes with IPv4 next-hop causes the rpd to crash. PR1389557

  • All the BGP sessions will flap after switchover. PR1391084

  • The ppmd on the Routing Engine might run with high CPU utilization after a Routing Engine switchover. PR1392704

  • The rpd core files are generated on the backup Routing Engine during neighborship flap when using an authentication-key with more than 20 characters. PR1394082

  • The rpd process might crash when rp-register-policy is configured with more than 511 terms. PR1394259

  • The best and the second-best routes might have the same weight value if BGP PIC is enabled. PR1395098

  • DMZ LINK BANDWIDTH - not able to aggregate bandwidth, when applying the policy. PR1398000

  • The rpd soft core might be seen when Layer 2 VPN is used. PR1398685

  • The rpd might crash in BGP setup with NSR enabled. PR1398700

  • The rpd might crash when BGP add-path send is configured and NSR is enabled. PR1401948

  • BGP router on the same broadcast subnet with its neighbors might cause IPv6 routing issue on the neighbor from other vendors. PR1402255

  • EVPN multihoming MAC might not be installed by the remote PE device. PR1403881

  • Memory leaks when labeled-isis transit routes are created as chain composite next-hop. PR1404134

  • Extended traffic loss might be seen after link recovery when source-packet-routing is used on OSPF P2P links. PR1406440

  • SBFD failure occurs with a special IP address like under interface lo0. PR1406631

  • The rpd crashes with BGP functions bgp_peer_tcpwriteerror_gracefully. PR1410553

Services Applications

  • L2TP subscribers might be stuck in init state in a corner case. PR1391847

  • The spd might crash when any-ip is configured in the 'from' clause of the NAT rule with the static translation type. PR1391928

  • IP ToS bits are not copied to the outer IPsec header. PR1398242

  • Invalid Layer 4 checksum might be observed on IPv4 packets generated by NAT64 with MS-DPC after translating fragmented IPv6 UDP/TCP packets. PR1398542

  • The ICMPv6 packet with embedded IPv6 fragment might not be translated correctly to an IPv4 ICMP packet in a NAT64 with MS-DPC deployment. PR1402450

  • Inconsistent content might be observed to the access line information between ICRQ and PPPoE message. PR1404259

  • The stale si- logical interface might be seen when L2TP subscribers with duplicated prefixes or framed-route log in. PR1406179

  • The kmd process might crash on MX/ACX platforms when IKEv2 is used. PR1408974

Subscriber Access Management

  • The subscribers might be stuck in terminating state if RADIUS redirect is used. PR1376265

  • Multiple IPv6 IANA addresses are assigned for one session in a IPv6 PD binding failure scenarios. PR1384889

  • Dual-stacked DHCPv6-PD client connection terminated after commit when RADIUS address assignment is not defined within the range of a local pool. PR1401839

  • The authd crash might be seen due to a memory corruption issue. PR1402012

  • Adding a firewall filter service through the test aaa command causes a crash in dfwd. PR1402051

  • JSRC used RADIUS service accounting protocol instead of JSRC for SRC installed service. PR1403835

  • Continuous log message authd[18454]: %DAEMON-3-LI: liPollTimerExpired returned 0 is seen. PR1407923

User Interface and Configuration

  • The show configuration and rollback compare commands are causing high CPU usage. PR1407848


  • The receivers belonging to a routing instance mIGHT not receive multicast traffic in an Extranet next-generation MVPN scenario. PR1372613

  • The accept-remote-source statement configured on the core interface might cause traffic outage. PR1375716

  • High rpd CPU utilization on the backup Routing Engine might be observed in an MVPN with NSR scenario. PR1392792

  • The rpd process crashes when the LSP template for a provider tunnel is changed. PR1395353

  • Downstream interface is not removed from multicast route after getting PIM prune. PR1398458

  • Routes with multiple communities might be rejected in an inter-AS next-generation MVPN scenario. PR1405182

  • With rosen MVPN configuration with data-mdt, the show pim mdt data-mdt-limit instance <interface name> with family option causes high CPU usage of the rpd. PR1405887

Documentation Updates

This section lists the errata and changes in Junos OS Release 19.1R3 documentation for MX Series.

Spanning Tree Protocol User Guide

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

Starting in Junos OS 18.3R1 release, FreeBSD 11.x is the underlying OS for all Junos OS platforms which were previously running on FreeBSD 10.x based Junos OS. FreeBSD 11.x does not introduce any new Junos OS related modifications or features but is the latest version of FreeBSD.

The following table shows detailed information about which Junos OS can be used on which products:


FreeBSD 6.x-based Junos OS

FreeBSD 11.x-based Junos OS

MX5,MX10, MX40,MX80, MX104



MX240, MX480, MX960,

MX2010, MX2020



Basic Procedure for Upgrading to Release 19.1


Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Installation and Upgrade Guide.

For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.

Procedure to Upgrade to FreeBSD 11.x based Junos OS

Products impacted: MX240, MX480, MX960, MX2010, and MX2020.

To download and install FreeBSD 11.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the release drop-down list to the right of the Download Software page.
  4. Select the software tab.
  5. In the Instal Package section of the software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-19.1R3.9-signed.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-19.1R3.9-signed.tgz

    Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos package):

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-19.1R3.x-limited.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-19.1R3.9-limited.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 11.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 11.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.


You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.


After you install a Junos OS Release 19.1 jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.x) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.


Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.

Procedure to Upgrade to FreeBSD 6.x based Junos OS

Products impacted: MX5, MX10, MX40, MX80, MX104.

To download and install FreeBSD 6.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the release drop-down list to the right of the Download Software page.
  4. Select the software tab.
  5. In the install package section of the software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    • All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

      user@host> request system software add validate reboot source/jinstall-ppc-19.1R3.9-signed.tgz
    • Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos OS package):

      user@host> request system software add validate reboot source/jinstall-ppc-19.1R3.9-limited-signed.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.


After you install a Junos OS Release 19.1 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see

Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:

  1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.

  2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

  3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

  4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Downgrading from Release 19.1

To downgrade from Release 19.1 to another supported release, follow the procedure for upgrading, but replace the 19.1 jinstall package with one that corresponds to the appropriate release.


You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.

Release History Table
Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.