Junos OS Release Notes for MX Series 5G Universal Routing Platform
These release notes accompany Junos OS Release 19.1R3 for the MX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
What's New
Learn about new features introduced in the Junos OS main and maintenance releases for MX Series.
What's New in Release 19.1R3-S2
High Availability (HA) and Resiliency
LACP inline support during ISSU for multivendor networks (MX104, MX240, MX480, MX960, MX10003)—Starting with Junos OS Release 19.1R3-S2, ISSU supports LACP interoperability with other vendor devices for fast periodic interval sessions. LACP sessions in full scale scenarios with interoperability will no longer experience timeouts during ISSU.
Use the set protocols lacp ppm inline command to enable LACP inline support.
[See Getting Started with Unified In-Service Software Upgrade]
What's New in Release 19.1R3
There are no new features or enhancements to existing features for MX Series in Junos OS Release 19.1R3.
What's New in Release 19.1R2
Routing Protocols
MPC10 Inline BFD support (MX Series)—Starting in Junos OS Release 19.1R2, MPC10 MPCs support inline BFD features, excluding micro BFD and BFD sessions with authentication.
Subscriber Management and Services
CoA messages support Session-Timeout attribute (MX Series)—Starting in Junos OS Release 19.1R2, you can apply a session timeout for subscriber sessions with a RADIUS CoA message that includes the Session-Timeout attribute (27). This capability is useful, for example, when subscribers purchase Internet access for a specific period of time and must log out when the session expires. In earlier releases, the router does not recognize the attribute if it is included in a CoA message.
What's New in Release 19.1R1-S1
Interfaces and Chassis
MPC10 Distributed LACP Support in PPM AFT (MX Series)—Starting in Junos OS Release 19.1R1–S1 and 19.1R2, MPC10E-15C-MRATE and MPC10E-10C-MRATE MPCs support distributed LACP in Periodic Packet Manager (ppman) Advanced Forwarding Toolkit (AFT).
What's New in Release 19.1R1
Authentication, Authorization, and Accounting (AAA) (RADIUS)
Support for SFTP global disablement (MX Series)—Starting in Junos OS Release 19.1R1, we have globally disabled incoming SSH File Transfer Protocol (SFTP) connections by default. You can enable incoming SFTP connections globally by configuring the statement sftp-server at the [edit system services ssh] hierarchy level. Prior to Junos OS Release 19.1R1, the incoming SFTP connections were globally enabled by default.
[See Configuring sftp-server.]
Class of Service (CoS)
Support for CoS features (classifiers, rewrites, port queuing, L3 interfaces only) (MX Series)—Starting with Junos OS Release 19.1R1, you can configure the standard CoS forwarding (classifiers, rewrites, port queuing, L3 interfaces only) on MPC10E-15C-MRATE line cards.
Support for Real-time Transport Protocol (RTP) payload types 96 through 127 on inline video monitoring (MX Series)—Starting with Junos OS 19.1R1, you can configure MX Series Routers for inline video monitoring of uncompressed HD or 4K stream video (Payload Type 96 through 127). MDI functionality has been extended to video flows such as ST 2000-5 (RTP PT 98) and ST 2000-6 (RTP PT 99). These are non-MPEG video flows over IP/UDP/RTP and are constant bit rate flows. The operator would specify proper IP addresses and UDP ports so that nonvideo flows over RTP will not go through MDI processing.
[See Understanding Inline Video Monitoring on MX Series Routers.]
EVPN
Support for auto-derived route target on EVPN-MPLS (MX Series)—Starting in Junos OS Release 19.1R1, Junos OS supports the automatic derivation of a route target on EVPN-MPLS. With this feature, the route target is automatically derived from the VLAN ID for EVPN type 2 and EVPN type 3 routes. The auto-derived route targets have higher precedence over manually configured RT in vrf-target, vrf-export policies, and vrf-import policies.
To enable auto-derived route target, include the auto statement at the [edit routing-instances routing-instance-name protocols evpn vrf-target] hierarchy level.
[See Auto-derived Route Targets.]
Support for proxy MAC addresses in an ARP request (MX Series)—Starting in Junos OS Release 19.1R1, provider edge (PE) devices in an EVPN network that support ARP proxy can use a proxy MAC address in the ARP replies message to a host. When a PE device receives an ARP request or NDP request, it searches its MAC-IP address binding database for the requested IP address. If the device finds the MAC-IP address entry in its database, it responds to the request with the proxy MAC address. The proxy MAC address is derived from the IRB interface in an EVPN network with edge-routed bridging overlay and from the manually configured MAC address in a centrally routed bridging overlay. If the device does not find an entry, the PE device replaces the MAC and IP address from the CE device in the ARP request with the proxy MAC and IP address of the IRB interface. This allows for enhanced security (for example, L3 filtering) deployments on L3 gateway for both inter-VLAN and intra-VLAN traffic will be routed.
To enable this feature, configure the proxy-mac [irb | proxy-mac-address] statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy or at the [edit routing-instances routing-instance-name bridge-domains domain_name] hierarchy.
Support for asynchronous notification on EVPN-VPWS (MX Series)—Starting in Junos OS Release 19.1R1, asynchronous-notification is supported on interfaces on EVPN-VPWS. You can enable the asynchronous notification command to send a loss of signal (LOS) alarm to the CE device when the circuit cross-connect link between a customer edge and provider edge device goes down. Asynchronous notification supports ethernet-ccc, ethernet-vpls, or vlan-ccc encapsulation.
To enable this feature, include the asynchronous-notification statement at the [edit interfaces interface-name] hierarchy level.
[See Configuring Gigabit Ethernet Notification of Link Down Alarm.]
Forwarding and Sampling
Support for tracking static RPM routes across multiple next hops (MX Series)—Starting in Junos OS Release 19.1R1, you can use rpm-tracking to track up to 16 next hops for RPM-controlled static routes. This features supports both IPv4 and IPv6 static rpm-tracked routes, and extends the single hop rpm-tracking introduced in Junos OS Release 18.4.
[See show route rpm-tracking.]
Support for using IP addresses in an SR-TE LSP segment list (MX Series)—Starting in Junos OS Release 19.1R1, you can use IP addresses (IPv4 or IPv6) for next hops in a segment routing traffic engineering (SR-TE) list of label-switched paths (LSPs). This work extends the support for traffic steering based on a segment routing policy that was introduced in Junos OS Release 17.4R1, wherein the controller can specify a segment routing policy consisting of multiple paths to steer labeled or IP traffic.
[See auto-translate in segment-list and retry-timer in source-packet-routing.]
Hardware
New fixed-configuration Modular Port Concentrator (MX240, MX480, and MX960)—Starting in Junos OS Release 19.1R1, the MPC10E-15C-MRATE is a new Modular Port Concentrator (MPC) that is supported on MX240, MX480, and MX960 routers.
The MPC10E-15C-MRATE features the following:
Line-rate throughput of up to 1.5 Tbps.
Twelve QSFP28 ports—Port numbers 0/0 through 0/3, 1/0 through 1/3, and 2/0 through 2/3. The ports can be configured as 10-Gbps, 40-Gbps, or 100-Gbps Ethernet ports.
Three QSFP56-DD ports—Port numbers 0/4, 1/4, and 2/4. The ports can be configured as 10-Gps, 40-Gps, 100-Gbps Ethernet ports.
[See MX Series 5G Universal Routing Platform Interface Module Reference.]
Interfaces and Chassis
Support for MPC10E-15C-MRATE line card (MX240, MX480, and MX960)—Starting with Junos OS Release 19.1R1, the MX240, MX480, and MX960 routers support the MPC10E-15C-MRATE line card. This fixed-port line card is capable of delivering a bandwidth of up to 1.5 Tbps per MPC slot. It supports three MICs (one per Packet Forwarding Engine), each of which can deliver a throughput of up to 500 Gbps. Each MIC comprises five ports that support 100 Gbps (the default), 40 Gbps, and 10 Gbps speeds through the use of QSFP28+ and QSFP+ optics. You enable 10 Gbps speed (four 10 Gbps channels) by using breakout cables.
Note The MPC10E-15C-MRATE is powered on only if the MX Series router has an enhanced Switch Control Board (MX-SCBE3) installed.
The MPC10E-15C-MRATE is supported only with the high-capacity AC and DC power entry modules (PEMs) and the high-capacity fan trays used in MX Series routers.
The MPC10E-15C-MRATE is powered on only if the router operates in enhanced-ip or enhanced-ethernet mode.
The MPC10E-15C-MRATE is not supported on the MX2000 and MX10000 lines of routers.
[See MPC10E-15C-MRATE, Understanding Interface Naming Conventions for MPC10E-15C-MRATE MPC, MPC10E-15C-MRATE Rate-Selectability Overview, Supported Active Physical Ports for Rate Selectability to Prevent Oversubscription on MPC10E-15C-MRATE, and Configuring Rate Selectability on MPC10E-15C-MRATE to Enable Different Port Speeds.]
Chassis and power management for MPC10E-15C-MRATE (MX240, MX480, and MX960)—Starting in Junos OS Release 19.1R1, the MX240, MX480, and MX960 routers with the MPC10E-15C-MRATE line card support chassis management features, including field-replaceable unit (FRU) management, power budgeting and management, and environmental monitoring. The MPC10E-15C-MRATE line card supports configuration of ambient temperature (25°C, 40°C, and 55°C) and dynamic power management. The default ambient temperature value supported is 40°C. The MPC10E-15C-MRATE line card supports both hyper mode (the default mode) and normal mode.
Note The MPC10E-15C-MRATE is powered on only if the MX Series router has an enhanced Switch Control Board (MX-SCBE3) installed.
The MPC10E-15C-MRATE is powered on only if the router operates in enhanced-ip or enhanced-ethernet mode.
The MPC10E-15C-MRATE will be powered on only when the MX Series router is installed with enhanced Fan Trays.
The MPC10E-15C-MRATE will be supported only when the MX Series router is installed with Enhanced PEMs.
On MX960 routers with enhanced Midplane on the slot 1, the MPC10E-15C-MRATE will not be powered on.
[See Understanding How Configuring Ambient Temperature Helps Optimize Power Utilization and Understanding How Dynamic Power Management Enables Better Utilization of Power.]
Packet Forwarding Engine power on and power off support for MPC10E-15C-MRATE (MX240, MX480, and MX960)—Starting Junos OS Release 19.1R1, on MX240, MX480, and MX960 devices with MPC10E-15C support, you can power on or power off a Packet Forwarding Engine using the command set chassis fpc slot-number pfe slot-number power (on | off).
The show chassis fpc FPC Slot detail displays the Packet Forwarding Engine power ON/OFF status and bandwidth for the individual PFEs in an MPC10E-15C-MRATE.
[See show chassis fpc.]
Support for ETH-ED (MX Series)—Starting with Junos OS Release 19.1R1, when a unified in-service software upgrade (ISSU) is about to start, the peer maintenance association end point (MEP) is notified to suppress the remote defect indication (RDI) and loss of adjacency alarms for a specified duration. To ensure that the notification is sent before the upgrade starts, you must configure the Ethernet expected defect (ETH-ED) function by including the expected-defect statement at the [edit protocols oam ethernet connectivity-fault-management expected-defect] hierarchy level.
Improved performance of small packets (MX Series) —Starting in Junos OS Release 19.1R1, the MPC7E-MRATE, MPC7E-10G, MPC8E, MPC9E, MX10003 MPC, MX204, and JNP10K-LC2101 line cards provide improved performance of small packets (with a minimum packet size of 64 bytes) in transmit direction. To enable this feature, reduce the number of active ports (at the PIC level) to the following maximum numbers:
Sixteen 10-Gbps ports
Four 40-Gbps ports
Two 100-Gbps ports (when the line card is in 240-Gbps mode)
Three 100-Gbps ports (when the line card is in 400-Gbps mode)
To configure the number of active ports, use the existing command set chassis fpc slot pic slot number-of-ports number-of-active-ports.
Note The command does not change packet performance at the Packet Forwarding Engine level; it improves packet performance in transmit direction at the port level only.
For an MX10003 MPC, in 40-Gbps and 10-Gbps PIC modes, if both the PICs are used, the number of ports cannot exceed six on either PIC. If only PIC 1 is used, you can set the number of ports to 12. For an MX204 MPC, in 10-Gbps PIC mode, if both the PICs are used, the sum of the interfaces created on the PICs cannot exceed 16. If only PIC 0 is used, you can set the number of ports to 4 (4 interfaces per port). If only PIC 1 is used, you can set the number of ports to 8 (1 interface per port).
Support for inline LACP PDU transmission processing (MX Series routers with MPCs)—Starting in Junos OS Release 19.1R1, MX Series routers with MPCs support inline LACP PDU transmission processing for periodic packet management (on the Packet Forwarding Engine). To enable the inline processing method instead of using the default LACP PDU transmission processing, issue the set protocols lacp ppm inline command.
[See inline.]
IPsec
Distinguished name support in IPsec (MX Series)—Starting with Junos OS Release 19.1R1, distinguished name (DN) support is added to the IKE identification (IKE ID) that is used for validation of VPN peer devices during IKE negotiation. The IKE ID received by an MX Series router from a remote peer can be an IPv4 or an IPv6 address, a hostname, a fully qualified domain name (FQDN), or a DN. The IKE ID sent by the remote peer needs to match what is expected by the MX Series router. Otherwise, IKE ID validation fails and the VPN is not established.
A distinguished name (DN) is a name used with digital certificates to uniquely identify a user. You can use a container keyword to specify the order of the fields in a distinguished name and their values must exactly match the configured distinguished name, or use a wildcard keyword to specify that the values of fields must match but the order of the fields does not matter.
Support for IPsec and Group VPN services (MX2010 and MX2020)—Starting in Junos OS Release 19.1R1, Junos OS supports IPsec and Group VPN services on MX2010 and MX2020 routers. Group VPNs eliminate the need for point-to-point VPN tunnels in a mesh architecture. They provide a set of features that are necessary to secure unicast traffic over a private WAN that originates on or flows through a router.
[See Group VPNv2 Overview.]
Junos Telemetry Interface
RSVP interface OpenConfig model support and self-ping logs on Junos telemetry interface (JTI) (MX960 and PTX10003)—Starting in Junos OS Release 19.1R1, JTI sensor support is enhanced for RSVP interfaces to include delivery of more statistics. The level of support is equivalent to the output delivered when using the show rsvp interface detail operational mode command.
To configure the sensor for statistics to be issued to an outside collector, include the following path for gRPC streaming:
/network-instances/network-instance/mpls/signaling-protocols/rsvp-te/interface-attributes/interfaces/interface/*
To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.
[See gRPC Services for Junos Telemetry Interface and Guidelines for gRPC Sensors (Junos Telemetry Interface).]
Delegated RPM statistics sensor support for Junos telemetry interface (JTI) (MX Series)—Starting with Junos OS Release 19.1R1, for MX Series routers operating with MS-MIC and MS-MPC, a new sensor allows customers to monitor delegated RPM service statistics on the router and export them to outside collectors at configurable intervals encoded in Google Protocol Buffer (GPB) format.
Delegated RPM is a mode where RPM probe generation and measurement calculation are done by MS-MIC and MS-MPC cards. This hardware assistance allows a very high scale of concurrent RPM probes. JTI sensor support for other RPM modes was added in Junos OS Release 18.3R1.
You can use the resulting data from this sensor to improve network design and optimize traffic engineering. Data can also be used to detect problems in individual devices as well as in the overall network and the traffic carried by it.
Monitor delegated RPM service statistics by configuring the
/junos/services/spu/delegated-rpm/sensor for the sensor configuration statement.For exporting statistics, configure parameters at the [edit services analytics] hierarchy level.
[See sensor (Junos Telemetry Interface) and Configuring a Junos Telemetry Interface Sensor (CLI Procedure) and Junos OS Release Notes for MX Series 5G Universal Routing Platform, 18.3R1.]
Export of data associated with the Junos kernel through Junos telemetry interface (JTI) (EX9200, EX9251, EX9253, MX Series, and PTX Series)—Starting in Junos OS Release 19.1R1, you can export data associated with the Junos kernel through remote procedure calls (gRPC) and JTI. Kernel telemetry data includes information on Veriexec state, graceful Routing Engine switchover (GRES), in-service software upgrade (ISSU), and Routing Engine ifstate. Junos kernel sensors can be used by device monitoring and network analytics applications to provide insight into the health status of the Junos kernel.
Junos kernel sensors introduced in Junos OS Release 19.1R1 support both periodical and ON_CHANGE streaming. The following Junos kernal resource paths support periodical streaming only:
/junos/kernel-ifstate/dead-ifstates-cnt
/junos/kernel-ifstate/alive-ifstates-cnt
/junos/kernel-ifstate/delayed-unrefs-cnt
/junos/kernel-ifstate/delayed-unrefs-max
[See Understanding OpenConfig and gRPC on Junos Telemetry Interface and Guidelines for gRPC Sensors (Junos Telemetry Interface).]
SR-TE telemetry statistics and BINDING-SID routes support for uncolored SR-TE policies (MX Series)—Starting in Release 19.1R1, Junos OS supports SR-TE telemetry statistics and BINDING-SID routes for uncolored SR-TE policies. Uncolored SR-TE LSP is characterized by the absence of color statement in its configuration.
Junos OS now allows collection of traffic statistics for both ingress IP traffic and transit MPLS traffic that take uncolored SR-TE paths. Also, you can install BINDING-SID labels even if the first hop of the segment list is a label. Prior to Junos OS 19.1R1 Release, the installation of BSID routes was not supported if the first hop of the segment list was a label, and a commit check was done.
The show spring-traffic-engineering lsp command is enhanced to provide the source by which the SRTE policy was provisioned. For example, Static, Path Computation Element Protocol. Also, the show spring-traffic-engineering lsp detail command is enhanced to provide information on the source of the tunnel configuration and statistics.
By default, traffic sensors and statistic collection are disabled for static SR-TE routes. To enable provisioning of Junos telemetry interface traffic sensors in Junos OS data plane to stream out traffic statistics on segment routing policies and their Binding-SID routes, use the existing statistics statement at the [edit source-packet-routing telemetry] hierarchy level.
Layer 3
Support for Layer 3 features on the MPC10E-15C-MRATE (MX Series)—Starting in Junos OS Release 19.1R1, Junos OS supports the following Layer 3 features on the MPC10E-15C-MRATE.
BGP (multipath/IPv4 and IPv6 labelled unicast)
IPv4 (forwarding and options)
IPv6 (forwarding and route accounting)
Load balancing (ECMP and FRR)
Options supported: enhanced -hash-key family inet/inet6/mpls
L2VPN, CCC, and Layer 2 circuit
MPLS (push/pop/swap, LDP, RSVP-Aggregate, RSVP-TE Admin Groups, RSVP-TE, OAM - LSP/VPN ping, trace route, auto bandwidth, and MPLS-FRR link node protection.
Options supported: No Decrement Ttl, No Propagate Ttl, MTU-signaling Splitting-merging, Primary/Secondary, ICMP Tunneling, IPv6 Tunneling, LDP Tunneling, Optimize Timer, Explicit-Null, UHP and PHP support.
OSPF (node-link-protection and node-link-degradation)
Protocols (IS-IS, OSPF, OSPF V3 for V6, BGP + BGP-v6, BGP LU, BGP-LS, BGP optimal-route-reflection (ORR), BFD (Centralized), Micro BFD(centralized), ICMP and ICMPv6 error handling, and LLDP).
Routing instance logical system VRF
Tunnel (generic routing encapsulation (GRE), logical tunnel (LT), and virtual tunnel (VT))
[See Tunnel Services Overview.]
Management
Tracing support for individual JET application files (MX Series)—Previously you could configure trace options for all applications. Starting in Junos OS Release 19.1R1, you can also configure trace options for an individual application file. If you configure trace options both globally (all applications) and locally (by application file), the local configuration has the higher priority. You must commit global trace options and the daemonized application configurations at the same time for the global trace options for the daemonized application to take effect.
[See application.]
MPLS
Flexible MPLS label stack depth (MX Series with MPC and MIC)—Currently, Junos OS supports push of up to a maximum of five labels per component of the next-hop chain, even though the underlying device capability can be higher. Starting in Junos OS Release 19.1R1, the device capability of pushing more than 5 labels can be leveraged for features, such as, segment routing traffic-engineering (TE) LSPs and RSVP-TE pop-and-forward LSPs.
The number of labels that can be pushed for an MPLS next hop is the number of labels the device is capable of pushing, or the maximum-labels configured under family mpls of the outgoing interface, whichever is smaller.
[See Configuring the Maximum Number of MPLS Labels, maximum-labels.]
Support for MPLS ping and traceroute for segment routing (MX Series)—Starting in Junos OS Release 19.1R1, MPLS ping and traceroute are supported for segment routing (SR) for protocols IS-IS and OSPF over IPv4. This feature also supports ECMP traceroute for protocols IS-IS and OSPF.
On MX Series routers, MPLS ping and traceroute for segment routing is supported with enhanced-ip mode only. Segment routing with IS-IS tunnels are stitched to LDP tunnels. Ping and traceroute for segment routing over RSVP is supported.
In Junos OS Release 19.1R1, MPLS ping and traceroute for segment routing supports IPv4 IGP-Prefix segment FEC validation. FEC validation for IGP-Adjacency Segment ID is not supported.
[See ping mpls segment routing isis, ping mpls segment routing ospf, traceroute mpls segment-routing ospf, traceroute mpls segment-routing isis.]
Support for MPC10E-15C-MRATE (MX Series)—Starting in Junos OS Release 19.1R1, a new MPC10E-15C-MRATE is introduced.
The following MPLS features are supported on MPC10E-15C-MRATE in 19.1R1:
Static, RSVP and LDP LSPs
LSP statistics
LSP ping and traceroute
LSP TTL commands: no-propagate-ttl, no-decrement-ttl
L2Circuit and L2VPN with or without control word
L3VPN with chain-composite-nexthop
L3VPN with vrf-table-label
MPLS link protection, node protection and FRR
6VPE
The following MPLS features are not supported on the MPC10E-15C-MRATE: in 19.1R1:
VCCV BFD
L2CKT/L2VPN interworking (iw interface)
Translational cross-connect (TCC)
Flow-aware transport label
Entropy label
Enhancements to MPLS for LSP path selection (MX Series)—Starting in Junos OS Release 19.1R1, the following enhancements to MPLS have been added for LSP path selection and optimization:
Earlier, when LSP active paths were modified, the LSP path got cleared and gets resignaled immediately. From Junos OS Release 19.1R1 onward, if a secondary path is available, and then Junos OS selects the secondary path as active, clears and resignals the primary path after the expiry of the optimize-hold-dead-delay timer. When the primary LSP path is established, the revert-timer gets started. After the revert-timer expires, the primary LSP path becomes active.
If the primary LSP path is not active with revert-timer on and when there is a change to the primary LSP path, then the LSP path gets cleared and resignaled immediately. When the primary LSP path is established, the revert-timer gets restarted.
Earlier if there was any Constrained Shortest Path First (CSPF) failure then the current LSP path becomes invalid because it did not match with the configured constraints. In this case, the current LSP path gets cleared immediately. From Junos OS Release 19.1R1 onwards, if a secondary LSP path is available, then Junos OS selects the secondary LSP path as active and clears the primary path after the expiry of the optimize-hold-dead-delay timer.
The CLI command no-bypass-statistics-polling added under the [edit protocols mpls statistics] hierarchy now provides information on bypass LSP statistics.
A new CLI command delay has been introduced under the [edit protocols mpls optimize-adaptive-teardown] hierarchy and the value for delay is in the range of (3..65535 seconds). When the adaptive-teardown configuration is triggered, the delay CLI command further delays the tearing down of old optimized LSP paths based on the configured value.
[See statistics (Protocols MPLS), optimize-adaptive-teardown.]
Control transport address used for targeted-LDP session (MX Series)—Currently, only the router-ID or interface address is used as the LDP transport address. Starting in Junos OS Release 19.1R1, you can configure any other IP address as the transport address of targeted LDP sessions, session-groups, and interfaces. This new configuration is applicable only for configured LDP neighbors that have Layer 2 circuit, MPLS, and VPLS adjacencies.
This feature is beneficial when you have multiple loopback interface addresses, and different IGPs associated with LDP interfaces, and you can control the session established between targeted LDP neighbors with the configured transport address.
[See Control Transport Address Used for Targeted-LDP Session.]
MPLS egress traffic statistics for label IS-IS routes at ingress device (MX Series with MPC and MIC)—Currently, sensors are available for collecting segment routing statistics for MPLS transit traffic, which is MPLS-to-MPLS in nature. Starting in Junos OS Release 19.1R1, additional sensors are introduced to collect segment routing statistics for MPLS egress traffic at the ingress provider edge (PE) device, which is IP-to-MPLS in nature.
With this feature, you can enable sensors for label IS-IS segment routing egress traffic only, and stream the statistics to a gRPC client.
[See Understanding Source Packet Routing in Networking (SPRING).]
Policy-based multipath routes (MX Series)—In segment routing networks with multiple protocols in the core, you can combine segment routing traffic-engineered (SR-TE) LDP routes and SR-TE IP routes to create a multipath route that is installed in the routing information base (also known as routing table). You can resolve BGP service routes over the mutlipath route through policy configuration and steer traffic differently for different prefixes.
Support of Layer2 and Layer3 VPN services over non-colored Segment Routing for Traffic Engineering (SR TE) (MX Series)— Starting from Junos OS Release 19.1R1, you can use BGP-based Layer2 and Layer3 VPN services over non-colored Segment Routing for Traffic Engineering (SR TE). You can also use other features such as un-balanced ECMP (wecmp), and multi-level weighted ECMP (h-wecmp).
To use hierarchical multi-level weighted ECMP (h-wecmp), configure the following route resolution import-policy:
set policy-options policy-statement mpath then multipath-resolve
set routing-options resolution rib bgp.l3vpn.0 inet-import mpath
set routing-options resolution rib bgp.l2vpn.0 inet-import mpath
set routing-options resolution rib mpls.0 inet-import mpath
Routing Engine-based S-BFD for segment-routing traffic engineering (MX Series)—Starting in Junos OS Release 19.1R1, you can run Routing Engine-based seamless BFD (S-BFD) over non-colored and colored label-switched paths (LSPs) with first-hop label resolution and use S-BFD as a fast mechanism to detect path failures.
[See Routing Engine-based S-BFD for Segment-Routing Traffic Engineering with First-Hop Label Resolution.]
Use of SID labels as first hop for resolving non-colored static segment routing LSPs (MX Series)—Currently, for a static non-colored segment routing traffic-engineered LSP to be usable, the first hop of the segment list must be an IP address. Only the second to nth hop could be segment identifier (SID) labels. Starting in Junos OS Release 19.1R1, this requirement does not apply. You can now configure SID labels as the first hop in the segment list.
With this configuration, static non-colored segment routing LSPs are resolved using MPLS fast reroute (FRR) and weighted equal-cost multipath. Without this configuration, by default, the LSPs are resolved using IP address.
Support of install statement for segment routing LSPs (MX Series)—The install destination-prefix statement which is currently supported at the [edit protocols mpls label-switched-path lsp-name] and [edit protocols mpls static-label-switched-path lsp-name ingress] hierarchy levels is now also supported at the [edit protocols source-packet-routing source-routing-path lsp-name] hierarchy level for both colored and non-colored static segment routing label-switched paths (LSPs).
You can associate one or more prefixes with a segment routing LSP using the install statement. When the LSP is up, all the prefixes are installed as entries into the inet.3 or inet6.3 routing table.
[See install (Protocols MPLS).]
Multicast
Support for BGP-MVPN Inter-AS option B (MX Series and T Series)—Starting in Junos OS Release 19.1R1, for improved security and scalability, Juniper supports Inter-AS option B for BGP multicast virtual private networks (MVPNs) and segmented provider tunnels. Only specific configurations are supported, so for example, static tunnels are not supported, nor are PIM any-source multicast (ASM) and PIM source-specific multicast (SSM) tunnels.
In the supported configuration, BGP-MVPN sites can span multiple autonomous system (AS) boundaries (that is, domains). Each AS can implement its own p-tunnel (they don't have to be the same). Per-VPN subinterfaces are not shared between ASBRs. Likewise, provider edge (PE) routers from one AS cannot be reached from another AS, and the AS topology of one site is not exposed to any others.
[See inter-as (Routing Instances) and BGP-MVPN Inter-AS Option B Overview.]
Support for multicast forwarding on MPC10E-MRATE line cards (MX Series)—Starting in Junos OS Release 19.1R1, multicast forwarding is fully supported on MPC10E-MRATE line cards for MX Series routers.
Network Management and Monitoring
Error handling and resiliency support for MPC10E (MX240, MX480, and MX960)—Starting in Junos OS Release 19.1R1, the MX240, MX480, and MX960 routers with MPC10E (MPC10E-15C-MRATE) line cards support error handling and software resiliency. The MPC10E supports detecting errors, reporting them through alarms, and triggering resultant actions. Use the existing commands show chassis errors active, show chassis errors active details, and show chassis fpc errors to view more details of the errors. MPC10E-15C-MRATE also supports powering on or off Packet Forwarding Engine (pfe2), by using the command set chassis fpc slot pfe slot power (on|off), in case of errors such as hardware components issues in Packet Forwarding Engine (pfe2).
[See show chassis fpc errors and clear chassis fpc errors.]
sFlow performance improvements (MX Series)—Starting in Junos OS Release 19.1R1, the following improvements have been added to the sFlow technology feature:
For MX Series, the maximum number of samples per second per line card is raised from 950 pps to 9500 pps. Junos OS also introduces an adaptive sampling fallback feature, which decreases the sampling load when the traffic load decreases after adaptive sampling has taken place.
For MX Series, PTX Series, and QFX Series, you can configure forwarding class and DSCP values per collector.
For MX Series, dual vlans are supported.
For MX Series, true output interface (OIF) is supported.
Enhancements are made to the following CLI commands: show sflow collector, show sflow collector address ip-address, and show sflow interface.
[See Understanding How to Use sFlow Technology for Network Monitoring, collector, agent-id, source-ip, show flow collector, and show flow interface.]
Port Security
Media Access Control Security (MACsec) support (MX Series)—Starting with Junos OS Release 19.1R1, MACsec is supported on all QSFP interfaces on the MPC10E-15C and MPC10E-10C line cards when installed in an MX Series router. MACsec is an industry-standard security technology that provides secure communication for all traffic on point-to-point Ethernet links. MACsec is capable of identifying and preventing most security threats, and can be used in combination with other security protocols to provide end-to-end network security.
Routing Policy and Firewall Filters
Support for firewall forwarding on MPC10E-MRATE line cards (MX Series)—Starting in Junos OS Release 19.1R1, firewall forwarding is fully supported on MPC10E-MRATE line cards for MX Series routers.
Routing Protocols
Support for BGP graceful shutdown (MX Series)— Starting in Junos OS Release 19.1R1, graceful traffic migration from one BGP next hop to another is supported, without traffic interruption. Also, BGP administrative shutdown communication can be sent to the BGP peer.
You can configure both graceful-shutdown and shutdown statements at the [edit protocols bgp], [edit protocols bgp group group-name], and [edit protocols bgp group group-name neighbor address] hierarchy levels.
Note Graceful shutdown is disabled by default.
[See: graceful-shutdown (Protocols BGP), shutdown (Protocols BGP).]
Support for anycast and prefix segments in SPRING for OSPF protocols (MX Series)—Starting in Junos OS Release 19.1R1, anycast and prefix segments are supported in SPRING. An anycast segment enforces forwarding based on the equal-cost multipath-aware shortest-path toward the closest node of the anycast set. Within an anycast group, all the routers advertise the same prefix with the same SID value, which facilitates load balancing. You can designate prefix segment indexes to prefix SIDs, both anycast and node SIDs, that are advertised in OSPF through policy configuration. Remote routers use this index to consolidate prefixes into respective SRGBs and to derive the segment identifier and forward the traffic destined for a specific prefix.
You can also configure explicit-NULL flag on all prefix SID advertisements and configure shortcut statement for SPRING routes using family inet (for IPv4 OSPF routes) or family inet-mpls (for IPv4 L-OSPF routes).
[See: Understanding Adjacency Segments, Anycast Segments, and Configurable SRGB in SPRING.]
Support for configurable SRGB used by SPRING in OSPF protocols (MX Series)— Starting in Junos OS Release 19.1R1, you can configure the segment routing global block (SRGB) range label used by segment routing. Labels from this range are used for segment routing functionality in OSPF domain.
The SRGB is a range of the label values used in the segment routing. Prior to Junos OS Release 19.1R1, you could not configure the range for the SRGB block.
Locally you can configure srgb start-label <label-range> index-range <index-range> command under [edit protocols ospf source-packet-routing] hierarchy or globally under [edit protocols mpls label-range] hierarchy.
Following are the SRGB precedences for OSPF protocol:
SRGB under OSPF
SRGB under MPLS
Node-segment implementation of 256 label block
Support for static adjacency segment identifier in OSPF protocols (MX Series)—Starting in Junos OS Release 19.1R1, static adjacency segment identifiers (SIDs) are supported for OSPFv2 protocols.
For static adjacency SIDs, the labels are picked from either a static reserved label pool or from an OSPF segment routing global block (SRGB). You can reserve a label range to be used for static allocation of labels using the following configuration: set protocols mpls label-range static-label-range start-value end-value
The static pool can be used by any protocol to allocate a label in this range. You need to ensure that no two protocols use the same static label. OSPF adjacency SIDs can be allocated from this label block through the configuration using the keyword label.
Support for export of BGP Adjacency-RIB-Out through BGP Monitoring Protocol (BMP) (MX Series and vMX)— Starting in Junos OS Release 19.1R1, BMP is enhanced to support route monitoring of pre and post rib-out policy.
You can configure post-policy and pre-policy under rib-out statement at [edit protocols bgp bmp], [edit protocols bgp group group-name bmp], and [edit protocols bgp group group-name neighbor address bmp] hierarchies.
Note The default monitoring mode of rib-out is pre-policy.
Support for TCP authentication to BGP peers (MX Series)— Starting in Release 19.1R1, Junos OS extends support for TCP authentication to BGP peers that are discovered through allowed prefix subnets configured in a BGP group.
In releases before Junos OS Release 19.1, BGP supports TCP authentication at the [edit protocols bgp group group-name neighbor address] and [edit protocols bgp group group-name] hierarchy levels. Starting in Junos OS Release 19.1, you can configure TCP authentication under allow statements at the [edit protocols bgp group group-name dynamic-neighbor dyn-name] hierarchy level.
Support for stitching of OSPF LDP and segment routing (MX Series)—Starting in Junos OS Release 19.1R1, segment routing-LDP border router can stitch segment routing traffic to LDP next hop and vice versa.
In an LDP network with deployment of segment routing, there can be islands of devices that support either only LDP, or only segment routing. For the devices to interwork, the LDP mapping server feature is required to be configured on any device in the segment routing network.
[See: LDP Mapping Server for Interoperability of Segment Routing with LDP Overview.]
Support for BGP link-state distribution with SPRING extensions (MX Series)—Starting in Junos OS Release 19.1R1, BGP link-state extensions export segment routing topology information to software-defined networking controllers. Controllers can get the topology information by either being a part of an interior gateway protocol (IGP) domain or through BGP link-state distribution.
BGP link-state distribution is supported on inter-domain networks and provides a scalable mechanism to export the topology information. This feature benefits networks that are moving to source packet routing in networking (SPRING) but also have RSVP deployed, and continue to use both SPRING and RSVP in their networks.
In this release, OSPF link-state protocol is supported which pushes SPRING information to the BGP link-state address family.
MPLS transit route installation as primary MPLS fast reroute (FRR) for BGP labeled unicast prefixes (MX Series)—Starting in Junos OS Release 19.1R1, when a peer autonomous system (AS) boundary router or a link fails, traffic traversing through an inter-AS link can be rerouted provided a loop-free path is available. In networks with node protection enabled, MPLS transit routes are installed as primary backup path for BGP labeled unicast prefixes learned from external BGP multi-hop sessions. This feature facilitates quicker route resolution and BGP convergence for BGP labeled unicast prefixes.
To enable node protection in an inter-AS environment for BGP labeled unicast prefixes, include the existing configuration statement protection at the [edit protocols bgp group family inet labeled-unicast] hierarchy level in enhanced-ip network-services mode.
Support for creating IS-IS topology-independent LFA for prefix-SIDs learned from LDP mapping server (MX Series)—Starting in Junos OS Release 19.1R1, you can configure a point of local repair to create a topology-independent loop-free alternate backup path for prefix-SIDs derived from LDP mapping server advertisements in an IS-IS network. In a network configured with segment routing, IS-IS uses the LDP mapping server advertisements to derive prefix-SIDs. LDP Mapping server advertisements for IPv6 are currently not supported.
To attach flags to LDP mapping server advertisements, include the attached statement at the [edit routing-options source-packet-routing mapping-server-entry mapping-server-name] hierarchy level.
[See prefix-segment-range.]
Services Applications
Support for tunnel interfaces on the MPC10E line card (MX Series)—Starting in Junos OS Release 19.1R1, Junos OS supports three tunnel interfaces: generic routing encapsulation (GRE) tunnel, logical tunnel (LT), and virtual tunnel (VT) on the MPC10E line card.
The GRE tunnel interface supports the tunnel statement with these options: destination, key, source, traffic-class and ttl. The copy-tos-to-outer-ip-header statement is also supported.
The LT interface supports family inet, family inet6, and family iso options. The encapsulation statement supports the Ethernet and VLAN physical interface options only.
The VT interface supports the family inet option only.
[See Tunnel Services Overview]
Support for Port Mirroring on the MPC10E line card (MX Series)—Starting in Junos OS Release 19.1R1, Junos OS supports port mirroring on the MPC10E line card. The MPC10E supports IPv4 (inet) and IPv6 (inet6) address families only.
Support for inline flow monitoring on the MPE10E line card (MX Series)—Starting in Junos OS Release 19.1R1, Junos OS supports inline active flow monitoring. Inline active flow monitoring supports version 9 and IPFIX flow collection templates. Version 9 template is supported for IPv4, IPv6, MPLS, and MPLS-IPv4. IPFIX template is supported for IPv4, IPv6, MPLS, MPLS-IPv4, and VPLS flows. Both IPFIX and version 9 templates use UDP as the transport protocol.
Support for automatic restart of Two-Way Active Measurement Protocol (TWAMP) Client—Starting in Junos OS Release 19.1R1, the TWAMP client restarts automatically after a network failure, a configuration change, or an IP connectivity issue. However, for the client to reconnect to the TWAMP server automatically, you must use 0 as the test-count value in the set rpm twamp client control-connection test-count command. Also, at the TWAMP server side, the default value of max-connection-duration in the set rpm twamp server max-connection-duration must also be 0. You can display the test results after the network recovers, or after the server is reachable, by using the set services rpm twamp client control-connection c1 persistent-results command.
Support for Layer 2 services over GRE tunnel interfaces with IPv6 transport (MX Series routers with MPCs)—Starting in Release 19.1R1, Junos OS supports Layer 2 Ethernet services over GRE interfaces with IPv6 traffic. After GRE encapsulates the packets, it redirects them to an intermediate host, where they are de-encapsulated and routed to their final destination. Support for bridging over GRE enables you to configure bridge domain families on gr- interfaces and also enable integrated routing and bridging (IRB) on gr- interfaces. To configure the bridge domain family on gr- interfaces, include the family bridge statement at the [edit interfaces gr-fpc/pic/port unit logical-unit-number] hierarchy level.
[See Layer 2 Services over GRE Tunnel Interfaces on MX Series with MPCs].
Software Defined Networking (SDN)
Support for in-chassis Junos Node Slicing (MX480, MX960, MX2010, and MX2020)—Starting in Junos OS Release 19.1R1, Junos Node Slicing supports an in-chassis model, which allows all Junos Node Slicing components, such as Juniper Device Manager (JDM), base system (BSYS), as well as guest network functions (GNFs), to run within the Routing Engine of the MX Series router. To configure in-chassis Junos Node Slicing, ensure that the MX Series router has one of the following Routing Engines installed:
RE-S-2X00x6-128 (used in MX480 and MX960 routers)
RE-MX200X8-128G (used in MX2010 and MX2020 routers)
[See Junos Node Slicing Overview and Configuring MX Series Router to Operate in In-Chassis Mode.]
Support for VXLAN on GNFs (MX480, MX960, MX2010, MX2020, and MX2008)—Starting in Junos OS Release 19.1R1, guest network functions (GNFs) support EVPN with VXLAN encapsulation. This support enables you to configure GNFs to function as VXLAN Layer 2 or Layer 3 gateways. This support is also available on MX Series routers in LAN mode.
[See Understanding EVPN with VXLAN Data Plane Encapsulation and Components of Junos Node Slicing.]
Abstracted fabric interface support for MS-MPC, 16X10GE MPC, MPC2E, MPC3E, MPC4E (MX480, MX960, MX2010, MX2020, and MX2008)—Starting in Junos OS Release 19.1R1, Abstracted fabric (af) interfaces interoperate with the following line cards:
Multiservices MPC (MS-MPC)
16x10GE MPC
MPC2E
MPC3E
32x10GE MPC4E
2x100GE + 8x10GE MPC4E
An abstracted fabric interface is a pseudointerface that facilitates routing control and management traffic between guest network functions (GNFs) through the switch fabric.
MS-MIC and MS-MPC support for in-chassis Junos Node Slicing (MX480, MX960, MX2008, MX2010, and MX2020)—Starting in Junos OS Release 19.1R1, in-chassis Junos Node Slicing supports assignment of MS-MICs and MS-MPCs to guest network functions (GNFs). MS-MICs and MS-MPCs provide improved scaling and high performance, and possess enhanced memory and processing capabilities. The MS-MIC supports the Layer 3 services such as stateful firewall, NAT, IPsec, active flow monitoring, RPM, and graceful Routing Engine switchover (GRES). In-chassis Junos Node Slicing also support inline Layer 2 and Layer 3 services.
[See Multiservices MIC and Multiservices MPC (MS-MIC and MS-MPC) Overview.]
Software resiliency support for in-chassis Junos Node Slicing (MX480, MX960, MX2010, and MX2020)—Starting in Junos OS Release 19.1R1, software resiliency is enabled for guest network functions (GNFs) in the in-chassis Junos Node Slicing model. Resiliency enables the software to recover from certain types of failures. The in-chassis model allows all Junos Node Slicing components, such as Juniper Device Manager (JDM), base system (BSYS), as well as guest network functions (GNFs), to run within the Routing Engine of the MX Series router.
[See Junos Node Slicing Overview.]
Multiversion software support for in-chassis Junos Node Slicing (MX480, MX960, MX2010, and MX2020)—Starting in Junos OS Release 19.1R1, in-chassis Junos Node Slicing supports multi-version software interoperability, enabling the BSYS to interoperate with a guest network function (GNF), which runs a Junos OS version that is later than the software version on the base system (BSYS). This feature supports a difference of up to two versions between the GNF and the BSYS. That is, the GNF software can be up to two versions later than the BSYS software.
Note The multiversion software compatibility support is limited to major releases only.
Programmable flexible VXLAN tunnels (MX80, MX104, MX204, MX10003, and vMX)—Starting in Junos OS Release 19.1R1, we support flexible VXLAN tunnels in a data center environment that includes one or more controllers. In this environment, one or more of the supported MX Series routers can function as data center edge gateways that exchange Layer 2 traffic with hosts in a data center. Through the use of static routes and tunnel encapsulation and de-encapsulation profiles, the Layer 2 traffic is dynamically tunneled over an intervening IPv4 or IPv6 network.
The controllers in the data center environment enable you to program a large volume of static routes and tunnel profiles on the gateway devices through the Juniper Extension Toolkit (JET) APIs.
[See Understanding Programmable Flexible VXLAN Tunnels and the JET API Guide]
Subscriber Management and Services
Control plane resiliency enhancements (MX Series)—Starting in Junos OS Release 19.1R1, the following enhancements are available:
The master and standby Routing Engines exchange detailed information about session database replication. This exchange enables the Routing Engines to better determine whether the replication is correct.
You can configure the router to detect shared memory corruption and to automatically recover by rebooting the master or standby Routing Engine, or both. In earlier releases, a manual reboot is required to clear the corrupted shared memory; otherwise, it remains corrupted, causing processes that share the memory to generate core errors.
You can monitor Routing Engine resiliency with the new show system subscriber-management resiliency command. The summary version indicates whether the system is functioning normally or an unexpected condition exists. The detail and extensive versions provide detailed information about the shared memory per Routing Engine.
[See Junos OS Enhanced Subscriber Management and show system subscriber-management resiliency.]
Subscriber management support for in-chassis Junos Node Slicing (MX480, MX960, MX2010, and MX2020)—Starting in Junos OS Release 19.1R1, in-chassis Junos Node Slicing supports all subscriber management features and services. Subscriber management provides capabilities such as subscriber access, authentication, and service creation, activation, and deactivation. The subscriber management services include DHCP, PPP, L2TP, VLAN, and pseudowire.
DHCP active leasequery for live updates of binding information (MX Series)—Starting in Junos OS Release 19.1R1, you can configure active leasequery so that DHCP servers can provide an update to DHCP relay agents whenever the DHCP binding information changes. Individual and bulk leasequery provide updates only in a response to a query; subsequent changes are not reported to the relay agent until another query is made. Active leasequery also enables redundancy between relay agents to restore subscriber information if one of the peer relay agents reboots.
[See DHCP Leasequery Methods.]
Display RPF check statistics for dynamic logical interfaces (MX Series)—Starting in Junos OS Release 19.1R1, the show interfaces statistics logical-interface-name detail command can display byte and packet statistics for unicast RPF failures. These statistics are only displayed for dynamic IPv4 or IPv6 logical interfaces where RPF check is configured with the rpf-check or rpf-check mode loose statement. The clear interfaces statistics logical-interface-name command clears RPF statistics.
[See Unicast RPF in Dynamic Profiles for Subscriber Interfaces.]
Additional encapsulations added to pseudowire subscriber logical interfaces (MX Series with MPC and MIC)—Currently, the only supported encapsulation type on the pseudowire subscriber interfaces include:
Transport logical interfaces—Circuit cross-connect (CCC) encapsulation.
Service logical interfaces:
Ethernet VPLS encapsulation
VLAN bridge encapsulation
VLAN VPLS encapsulation
Starting in Junos OS Release 19.1R1, in addition to the existing encapsulation types, the following support is provided:
Transport logical interfaces—Ethernet VPLS encapsulation, and provision for terminating the interface on the l2backhaul-vpn routing-instance.
Service logical interfaces—Circuit cross-connect (CCC) encapsulation, and provision for terminating the interface on locally switched Layer 2 circuits.
Insert identifier tags in HTTP GET headers (MX Series)—Starting in Junos OS Release 19.1R1, you can configure HTTP redirect service filters to insert tags into the headers of HTTP GET messages. You can specify one or more destination addresses in the service rule to identify traffic for tagging. The tagged message is forwarded to the HTTP server where the server can accept or reject access based on the tag values.
[See Inserting GET Header Tags That the HTTP Server Can Use to Control Content Access.]
System Logging
Support for TCP/TLS transport for syslog (MX240, MX480, and MX960)—Starting with Junos OS Release 19.1R1, you can configure multiple TLS syslog servers for a service on the MS-MPC or MS-MIC services cards. You can configure a maximum of four syslog servers for each set of services, and send encrypted data to the servers. The source address for the logs sent to remote hosts uses the configured source address of TCP/TLS host. See TCP/TLS Transport Protocol for Syslog Messages Configuration Overview.
System Management
Support for SFTP global disablement (MX Series)—Starting in Junos OS Release 19.1R1, we have globally disabled incoming SSH File Transfer Protocol (SFTP) connections from the CLI by default. You can enable incoming SFTP connections globally by configuring the statement sftp-server at the [edit system services ssh] hierarchy level. Prior to Junos OS Release 19.1R1, the incoming SFTP connections were globally enabled by default.
What's Changed
Learn about what changed in the Junos OS main and maintenance releases for MX Series.
What's Changed in Release 19.1R3
General Routing
Change in startup notification after GRES (MX Series routers)—The master Routing Engine sends a coldStart notification when a device comes up. The master Routing Engine also sends a warmStart notifications for subsequent restarts of the SNMP daemon. After GRES, the new master Routing Engine sends a single warmStart notification and the backup Routing Engine does not send any notification. In earlier releases, after GRES, the new master Routing Engine would sometimes send two notifications or a single notification. Of these, the first notification was always a coldStart notification and the second was either a coldStart notification or a warmStart notification.
Automatic installation of YANG-based CLI for RIFT protocol (MX Series, QFX Series, and vMX with 64-bit and x86-based servers)—In Rift 1.2 Release, installation of the CLI for RIFT protocol occurs automatically along with the installation of the junos-rift package. In the pre-1.0 releases of the junos-rift package, the RIFT CLI had to be installed separately using request system yang command after installation of the junos-rift package.
Advertising 32 secondary loopback addresses to traffic engineering database as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, multiple secondary loopback addresses in the traffic engineering database were added to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router ID.
Logical Interface is created along with physical Interface by default (EX Series switches, QFX Series switches, MX Series routers)—The logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces were created. For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), was displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.
Precision Time Protocol (PTP) interface configuration (MX2020, MX2010, MX480, MX960, and MX240)— Remove the aggregated Ethernet interface association and upgrade the device when configuring PTP interface.
Interfaces and Chassis
Change in error severity (MX960, MX240, MX2020, MX480, MX2008, and MX2010)—Starting in Junos OS Release 19.1R3, we have reduced the severity of the CRC error ’XR2CHIP_ASIC_JGCI_FATAL_CRC_ERROR’ from Fatal to Major. Earlier, these errors caused the line card to be reset, if the interasic-linkerror-recovery-enable statement was configured. Now, these errors only disable the Packet Forwarding Engines that are affected. With this change, the interasic-linkerror-recovery-enable statement has no effect when this error occurs because we have reduced its severity to Major.
Note This behavior change is applicable to the following line cards only: MPC5E, MPC6 MPC7, MPC8, and MPC9.
Services Applications
Update to CLI option for configuring the version number to distinguish between currently supported version of the Internet draft draft-ietf-softwire-map-03—In Junos OS Release 19.1R3, the version-3 option under the [edit services softwire softwire-concentrator map-e] hierarchy for configuring the version number to distinguish between currently supported version of the Internet draft draft-ietf-softwire-map-03 is optional. In the earlier Junos OS releases, if you did not configure the version-3 option, the configuration resulted in an error.
[See map-e.]
What's Changed in Release 19.1R2
EVPN
Support for disabling automatic ESI generation (MX Series and QFX Series)—Starting with Junos OS Release 19.1R2, Junos OS supports disabling the automatic ESI generation for virtual gateway addresses. We recommend that you disable the automatic ESI generation for EVPN networks with edge-routed bridging to improve performance. To disable automatic ESI generation, include the no-auto-virtual-gateway-esi statement at the [edit interfaces name irb unit logical-unit-number] hierarchy level.
General Routing
User confirmation prompt for configuring the sub-options of request vmhost commands (MX Series and PTX series)—While configuring the following request vmhost commands, the CLI now prompts you to confirm a [yes,no] for the sub-options also.
request vmhost reboot
request vmhost poweroff
request vmhost halt
In previous releases, the confirmation prompt was available for only the main options.
Interfaces and Chassis
Enhancement to the show interfaces mc-ae extensive command—You can now view additional LACP information about the LACP partner system ID when you run the show interfaces mc-ae extensive command. The output now displays the following two additional fields:
Local Partner System ID—LACP partner system ID as seen by the local node.
Peer Partner System ID—LACP partner system ID as seen by the MC-AE peer node.
Previously, the show interfaces mc-ae extensive command did not display these additional fields.
Logical Interface is created along with physical Interface by default (MX Series routers)—In Junos OS Release 19.1R2 and later, by default logical interfaces are created on ge-, et-, and xe- interfaces along with the physical interface. In earlier Junos OS Releases, by default, only physical interfaces are created.
For example, for ge- interfaces, when you view the show interfaces command in earlier releases, by default, only the physical interface (for example, ge-0/0/0), is displayed. Now, the logical interface (for example, ge-0/0/0.16386) is also displayed.
Network Management and Monitoring
The show system schema command and
<get-yang-schema>RPC require specifying an output directory (MX Series)—Starting in Junos OS Release 19.1R2, when you issue the show system schema operational mode command in the CLI or execute the<get-yang-schema>RPC in a remote session to retrieve schema files, you must specify the directory in which to generate the output files by including the output-directory command option in the CLI or the<output-directory>element in the RPC. In earlier releases, you can omit the output-directory argument when requesting a single module to display the module in standard output.
Routing Protocols
Change in the default behavior of advertise-from-main-vpn-tables configuration statement—BGP now advertises EVPN routes from the main bgp.evpn .0 table. You can no longer configure BGP to advertise the EVPN routes from the routing instance table. In earlier Junos OS Releases, BGP advertised EVPN routes from the routing instance table by default.
Security
On MX960 routers, the decapsulate GRE action now de-encapsulates GRE, IP-in-IP and IPv6-in-IP tunneling packets. You configure this action at the [edit firewall family inet filter filter-name term term-name] hierarchy level.
Services Applications
Change in NAT port block syslog message display (MX Series Routers)—When you configure a softwire prefix other than 128, all the JSERVICES_NAT_PORT_BLOCK logs now displays the prefixed B4 address. The following JSERVICES_NAT_PORT_BLOCK are modified:
JSERVICES_NAT_PORT_BLOCK_ALLOC
JSERVICES_NAT_PORT_BLOCK_RELEASE
JSERVICES_NAT_PORT_BLOCK_ACTIVE
In earlier releases of Junos OS, when a softwire prefix was configured, some of the B4 addresses displayed in the JSERVICES_NAT_PORT_BLOCK log were /128 addresses(irrespective of the configured prefix). This change is not observed when the softwire prefix is not configured.
New syslog message displayed during NAT port allocation error (MX Series Routers with MS MPC)—With address pooling paired (APP) enabled, an internal host is mapped to a particular NAT pool address. In case, all the ports under a NAT pool address are exhausted, further port allocation requests from the internal host results in a port allocation failure. The following new syslog message is displayed during such conditions:
JSERVICES_NAT_OUTOF_PORTS_APP
This syslog message is generated only once per NAT pool address.
Software Defined Networking (SDN)
Increase in the maximum value of delegation-cleanup-timeout (MX Series)—You can now configure a maximum of 2147483647 seconds as the delegation cleanup time for a Path Computation Client (PCC). This extends the time taken by the PCC to retain the last provided path over a PCEP session from the last session down time.
With the increase in maximum value of delegation-cleanup-timeout from 600 to 2147483647 seconds, you can benefit during a Path Computation Element (PCE) failover, or other network issues that may disrupt the PCEP session with the main active stateful PCE.
[See delegation-cleanup-timeout.]
Subscriber Management and Services
Enhancement to commands to display reason for Routing Engine disconnect (MX Series)—Starting in Junos OS Release 19.1R2, several commands display the reason when the master and standby Routing Engines disconnect because of a memory mismatch error. On a chassis with two Routing Engines, a DRAM size mismatch error can result when both of the following are true:
The Routing Engines have different amounts of DRAM.
A 64-bit Junos OS image is loaded on the chassis.
You can avoid this problem by doing either of the following:
Ensure that both Routing Engines have the same amount of DRAM.
Load a 32-bit image.
The show database-replication summary and show system subscriber-management summary commands display the DRAM mismatch as the reason in the Disconnection field. The request chassis routing-engine master switch check command displays an error message if the DRAM size is different for the two Routing Engines.
XML output format change for test aaa type user commands (MX Series)—Starting in Junos OS Release 19.1R2, the XML output format changes for the test aaa authd-lite user, test aaa dhcp user, and test aaa ppp user commands. Each RADIUS server attribute name has an associated attribute value. Each of these pairs is now enclosed by the <radius-server-data> tag. The new tag makes it easier to recognize the name/value pairs, both for operators and API clients. You may have to change any scripts that use the XML output to work properly with the new format.
Support for Pseudowire Physical Interface for ANCP Autoconfiguration (MX Series)—Starting in Junos OS Release 19.1R2, you can associate an ANCP neighbor with a subscriber-facing interface pseudowire physical interface for ANCP autoconfiguration of VLANs. When configured, ANCP Port Up and Port Down messages received on the interface trigger notifications to the auto-configuration daemon (autoconfd) to initiate VLAN creation (Port Up) or removal (Port Down). In earlier releases, ANCP supports only the following physical interface types for this feature: aggregated Ethernet (ae), Gigabit Ethernet (ge), 10-Gigabit Ethernet (xe), 100-Gigabit Ethernet (et), and demux.
Out-of-address SNMP trap requires thresholds to be configured (MX Series)—Starting in Junos OS Release 19.1R2, the behavior has changed for generating an out-of-address SNMP trap for an address pool configured at the [edit access address-assignment] or [edit routing-instance name address-assignment] hierarchy levels. You must now configure both the high-utilization and abated-utilization thresholds. When the number of assigned addresses surpasses the high-utilization threshold, a high-utilization trap is generated. If all the addresses are assigned from the pool, an out-of-address trap is generated and an out-of-address syslog message is sent.
In earlier releases, an out-of-address trap is generated when the address pool is exhausted, regardless of whether the thresholds are configured.
If the number of assigned addresses subsequently drops below the abated-utilization threshold, an abate-high-utilization trap is generated; this behavior is unchanged.
Prevent queue-based throttling from stopping subscriber login (MX Series)—Starting in Junos OS Release 19.1R2, you can specify a value of 0 with the high-cos-queue-threshold statement. This value prevents any subscriber from being throttled by queue-based throttling.
Changing attributes of physical interface with active subscribers (MX Series)—Starting in Junos OS Release 19.1R2, the commit check fails when you change any attribute of the physical interface, such as the MTU, when subscribers are active. This affects only aggregated Ethernet physical interfaces with targeted distribution configured. In earlier releases, the commit check does not fail and the attribute change brings down the physical interface and all subscribers using that interface.
What's Changed in Release 19.1R1
EVPN
Changes in encoding the ESI label field (MX Series)—Starting in 19.1R1, Junos OS switched from using lower-order bits to higher-order bits in encoding the ESI label field. This results in BUM traffic loss and duplication in traffic. If you encounter this, and you wish to use a mix of Junos OS releases, you must include the es-label-oldstyle statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy on the device that is running the Junos OS release that supports higher-order bit encoding of the ESI label.
General Routing
Root XML tag change for show rsvp pop-and-forward | display xml command (MX480)—We’ve changed the root XML tag for the show rsvp pop-and-forward | display xml command to rsvp-pop-and-fwd-information to make it consistent with the XML tag convention. In earlier releases, the command output displays rsvp-pop-and-fwd-info XML tag. Update the scripts with the rsvp-pop-and-fwd-info XML tag to reflect the new rsvp-pop-and-fwd-information XML tag.
Interfaces and Chassis
In MX204 routers, the error messages are logged when vlan-tagging for a trunk interface that is not configured. These error messages were previously logged with severity level “critical” even though they were not critical enough to require immediate action. The maximum transmission unit (MTU) of interface with or without VLAN-tagging is now logged in as the informational error message (instead of critical error message).
IRB not supported on pseudowire subscriber (PS) logical Interface in bridge-domain (MX Series)—In Junos OS Release 19.1R1, integrated routing and bridging (IRB) is not supported on pseudowire subscriber (PS) logical Interface. Hence, you cannot add IRB to a bridge domain with PS interface, that is, you cannot configure IRB and PS interface in the same bridge domain.
Note that adding IRB to a bridge domain having pseudowire subscriber (PS) logical interface causes kernel crash and continuous reboot of the router until the configuration is rolled back.
Note IRB is not supported on PS only in bridge-domain.
[See bridge-domain.]
Support for MAP-E encapsulation and de-encapsulation on inline service interfaces (MX2010)—Starting in Junos OS Release 19.1R1, the MX2010 routers support encapsulation and de-encapsulation of the following ICMP message types for inline service (si) interfaces:
Time exceeded (type 11)
Destination unreachable (type 3)
Source quench (type 4)
Parameter problem (type 12)
Address mask request and Address mask reply (type 17 and type 18)
Redirect (type 5)
New XML tag element
<lacp-hold-up-state>added in show lacp interfaces XML display (MX Series)—Starting in Junos OS Release 19.1R1, the show lacp interfaces | display xml command displays a new XML tag element<lacp-hold-up-state>. The<lacp-hold-up-state>displays the time interval an interface holds before it changes from state, down to up. In earlier Junos OS releases, the LACP hold up the information for all interfaces was in a single<lacp-hold-up-information>XML tag. Now, for each interface it is displayed in a separate<lacp-hold-up-information>XML tag.Support for creating Layer 2 logical interfaces independently (ACX Series, EX Series, MX Series, PTX Series, and QFX Series)—In Junos OS Releases 18.4R1, 18.4R2, 19.1R1, 19.1R2, and later, MX Series routers support creating Layer 2 logical interfaces independent of the Layer 2 routing-instance type. That is, you can configure and commit the Layer 2 logical interfaces separately and add the interfaces to the bridge domain or Ethernet VPN (EVPN) routing instance separately. Note that the Layer 2 logical interfaces work fine only when they are added to the bridge domain or EVPN routing instance.
In earlier Junos OS releases, when you use a Layer 2 logical interface configuration (units with encapsulation vlan-bridge configuration), then you must add the logical interface as part of a bridge domain or EVPN routing instance for the commit to succeed.
Support to get Optics loopback status for QSFP-100GE-DWDM2 transceivers (MX Series)—Starting in Junos OS Releases 19.1R1, 19.1R2, and later on MX Series routers, you can get the optics loopback status of QSFP-100GE-DWDM2 transceivers along with the regular Ethernet loopback status by issuing the show interfaces interface-name or show interfaces interface-name brief command. The new output field Optics Loopback is added under Link-level type when the show interfaces interface-name CLI command is executed.
MPLS
Starting in Junos OS Release 18.4R1 and 19.1R1, the remote procedure call (RPC) protocol XML tag for mpls-label-value is renamed as mpls-history-label-value, mpls-usage-label-value, and mpls-label-id-value depending on the context of command usage.
New debug statistics counter (MX Series)—The show system statistics mpls command has a new output field, called Packets dropped, over p2mp composite nexthop, to record the packet drops over composite point-to-multipoint next hops.
Starting in Junos OS Release 19.1R1, the bfd-liveness-detection statement is not supported at the [edit protocols source-packet-routing segment-list] hierarchy level.
Network Management and Monitoring
NETCONF
<kill-session>operation returns different values in<rpc-error>when the session identifier is equal to the current session ID (MX Series)—Starting in Junos OS Release 19.1R1, when you execute the<kill-session>NETCONF operation and the session identifier is equal to the current session ID, the values of the<error-type>and<error-tag>elements in the resulting<rpc-error>areapplicationandinvalid-value, respectively. In earlier releases, the<error-type>and<error-tag>values areprotocolandoperation-failed.[See <kill-session>.]
sysName.0 MIB object displays the fully qualified domain name (MX Series)—Starting in Junos OS Release 19.1R1, the sysName.0 MIB object displays the fully qualified domain name. That is, if the hostname and domain name are configured on the system, both will show up for the sysName.0 MIB object: host-name.domain-name. Previously, only the host name showed up.
[see show snmp mib.]
Network Operations and Troubleshooting Automation
Starting in Junos OS Release 19.1, the RPC XML tag for mpls-label-value is renamed as mpls-history-label-value, mpls-usage-label-value, and mpls-label-id-value depending on the context of command usage.
Operation, Administration, and Maintenance (OAM)
Performance monitoring history data is lost when a change in number of supported history records is detected (ACX Series and MX Series)—In Junos OS Release 19.1R1, when Ethernet connectivity fault management starts, it detects the number of history records supported by the existing performance monitoring history database and if there is any change from the number of history records supported (that is, 12) in Release 19.1R1, then the existing performance monitoring history database is cleared and all performance monitoring sessions are restarted with mi-index 1.
Routing Protocols
Support for BGP LU link protection for a multihop EBGP peer (MX-Series)—Starting in Junos OS Release 19.1R1, you can enable BGP Labeled unicast protection for an indirect next hop for logical-interface-based FRR. In earlier Junos Releases, Junos OS did not compute a backup path for the active indirect next hop failure and caused link failure for EBGP multihop cases where EBGP is chosen as a primary route for BGP LU protection on affected routes.
To configure BGP link protection for a multihop EBGP peer, enable protection at the [edit protocols bgp group group-name family inet labeled-unicast] hierarchy level.
Services Applications
Change in error message displayed while fragmenting or defragmenting IPv6 GRE tunnel interface (MX Series routers)—In Junos OS Release 19.1R1, on an IPv6 GRE tunnel interface, when you enable fragmentation using the allow-fragmentation command or disable fragmentation using the do-not-fragment command, the following error message is displayed:
Fragmentation for V6 tunnels is not supported
In earlier Junos OS releases, the following message was displayed:
dcd_config_ifl_tunnel:Fragmentation for V6 tunnels is notsupported
Support for host generated traffic on a GRE over GRE tunnel (MX Series)—In Junos OS Release 19.1R1, you can send host generated traffic on a GRE over GRE tunnel. However, when path maximum transmission unit (PMTU) is updated for the outer GRE tunnel, MTU for inner GRE tunnel is not corrected.
Deprecated IPsec manual security association option (MX Series)—In Junos Release 19.1R1 and later releases, the option hmac-sha2-256 under the services ipsec-vpn rule rule-name term term-name then manual direction (bidirectional | inbound | outbound) authentication algorithm statement is deprecated. Use the hmac-sha-256-128 option instead.
Software-Defined Networking (SDN)
Starting in Junos OS Release 18.2X75-D30 and 19.1R1, the maximum value for service identifier (SID) depth for PCEP segment routing (SR) LSP has been increased to more than 5 labels. The supported range of max-sid-depth is 1 through 16 with a default value of 5 labels.
[See pce.]
Subscriber Management and Services
ICMP error message rate limit increased (MX Series)—Starting in Junos OS Release 19.1R1, the maximum rate limit for generating ICMP messages for IPv4 and IPv6 packet errors is increased from 50 pps to 1000 pps. The rate limit applies only to non-ttl-expired packets.
[See Configuring the Rate Limit for ICMPv4 Error Messages and Configuring the Rate Limit for ICMPv6 Error Messages,]
Subscribers allowed to log in with bad framed route (MX Series)—Starting in Junos OS Release 19.1R1, users are allowed to log in if the framed route received from RADIUS is bad; for example, if the format is incorrect. In earlier releases, the subscriber is not allowed to log in. For customers that use multiple framed routes, the new behavior enables the subscriber to have partial access to the network using the routes that are accepted instead of not being allowed any access.
User Interface and Configuration
Options for monitor traffic interfaces statement added (MX Series)—Starting in Junos OS Release 19.1R1, the options write-fileand read-file under the monitor traffic command are included in the visible CLI.
[See monitor traffic.]
Known Limitations
Learn about known limitations in this release for MX Series routers.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Fault Management
The Cmerror Op Set log message is missed for the bringup jspec command-based error simulation. PR1430300
General Routing
CFM is not supported for a Layer2-over-GRE tunnel. CCM can pass through as transit traffic through GRE interfaces transparently using the data path. Link trace functionality uses MAC learning and re-injecting LTM on the GRE interface in case the bridge is configured with CFM. This is not a supported feature. PR1275833
The system watchdog might not work with secured BIOS. PR1343131
The Routing Engine boots from the secondary disk when you:
Press the reset button on the RCB front panel, while the Routing Engine boots up before Junos OS reboots.
Upgrade the software by booting from the network using the request vmhost reboot network command and the system fails to boot from the network.
Upgrade the BIOS and it fails.
Reboot the system and it hangs before Junos OS reboots. PR1344342
If MTU is configured to a value higher than 9500, which is the maximum permissible value, configuration succeeds. However, the actual value sets back to 1518B without any error. The DCD log can be checked to verify the occurrence. PR1372690
The MIC-MACSEC-20G supports 10 Gbps speed through the set chassis fpc x pic y pic-mode 10G configuration applied to both the PICs in that MIC. You must remove any other PIC mode configuration and then apply the 10 Gbps PIC mode configuration. PR1374680
The memory usage of processes increases significantly between Junos OS Release 14.1X53-Dxx to Junos OS Release 17.x. PR1390226
The OSPF adjacencies flap after GRES, with LACP fast timer configuration. PR1392316
On an MX2008 platform with MPC9E, in a line-rate traffic with a redundant SFB2 scenario, if there is one offline redundant SFB2, there might be tail drops or sometimes WRED drops in MPC9E. This results in partial traffic loss. Under normal circumstances, the SFBs should automatically fail over if one of them fails and there should be only a few packets dropped momentarily. PR1395591
Configuration database can remain locked after the SSH session is halted. PR1410322
When SRTE policies have segment lists that have a single label or three or more labels, the IS-IS interface statistics are not incremented even when SRTE routes take these IS-IS next hops. The kstat-based states are enabled in IS-IS by the set protocols isis source-packet-routing traffic-statistics command. PR1410682
Line cards get rebooted when BSYS performs Junos OS-only reboot.
Ensure that before performing BSYS Junos OS-only reboot in in-chassis node-slicing mode, switch the mastership to the other Routing Engine.
Ensure that before performing BSYS Junos OS image upgrade and reboot in in-chassis node-slicing mode, switch the mastership to the other Routing Engine.
Note that BSYS Junos OS-only unified ISSU is not supported in in-chassis node-slicing mode; you need to use the request vmhost software in-service-upgrade option for this. PR1413810
The MX Series Packet Forwarding Engine does not account for the labels pushed onto the packet on the egress Packet Forwarding Engine, while PTX Series Packet Forwarding Engine does. This results in slight difference in the byte count for the same traffic stream across these two platforms. The packet-count is still the same across the platforms. Currently, this issue is noticed for uncolored SRTE policies. PR1416738
The repd generates core files during the third GRES on RE1 with reference to
BbeStatsSessionDb::repdConvert (this=0x886b018, rep_msg=0x89a3814) at ../../../../../../src/junos/lib/libbbe-stats/bbeStatsSession.cc:395.PR1417732In a large-scale setup (such as, large number of routing-instances or interfaces), if there are frequent changes in configuration and interface flapping when the rpd is restarted (through deactivate/activate logical system or restart routing), the rpd might crash. PR1438049
The FPC x Voltage Tolerance Exceeded alarm is raised and cleared upon bootup of JNP10K-LC2101. PR1415671
Infrastructure
On Juniper Networks Routing Engines with Hagiwara CompactFlash card installed, after the upgrade to Junos OS Release 15.1 and later, the following error message is observed: smartd[xxxx]: Device: /dev/ada1, failed to read SMART Attribute Data might appear on message logs. PR1333855
Interfaces and Chassis
In a large-scale subscriber environment, changing aggregated Ethernet member link configuration might cause two Routing Engines to generate core files. PR1375638
MPLS
With NSR enabled, when the master rpd is restarted, occasionally, out-of-order add and delete messages can arrive on the backup Routing Engine. As a result, label assignment collisions occur, which cause the backup rpd to crash. PR1401813
The rpd process might crash. PR1461468
Platform and Infrastructure
On all Junos OS platforms, execution of Python scripts through enhanced automation does not work on veriexec images. PR1334425
When only peer 1 advertises routes, that peer might not install the de-encapsulated next-hop (NH) route. As a result, type-5 encapsulated traffic sent by peer 2 is dropped until peer 2 advertises any type-5 route. As a workaround, configure a static route pointing to discard on peer 2 and advertise that route as a type-5 route to peer 1. PR1386423
Routing Protocols
When 32,000 SRTE policies are configured at once, during configuration time there might be scheduler slips. PR1339829
When you replace the simple VLAN interfaces with PS over RLT, you might an increase in FPC CPU usage. This is in keeping with the increased processing and resources needed to support these types of interfaces, which are similar in this regard to the requirements for an aggregated Ethernet interface. PR1396925
The rpd process might crash during convergence or route update due to incorrect path selection algorithm. PR1352697
Software-Defined Networking (SDN)
The MX Series platform type of the guest network function (GNF) configured on an MX Series chassis does not automatically change if the Routing Engine is installed on a different MX Series chassis type. To fix this issue, you need to delete the GNF and configure it from the start on the new chassis in which Routing Engine is installed.
When guest network functions (GNFs) are rebooted for different reasons, the show chassis routing-engine command may incorrectly display the reboot reason as Router rebooted after a normal shutdown. To find the actual reboot reasons, see the log messages of GNFs.
External Ethernet port LEDs on Control Board of MX2020 and MX2010 routers do not turn off when the network-slices configuration is deleted or deactivated.
If you try to install Juniper Device Manager (JDM) after performing request vmhost zeroize, the installation is unsuccessful. As a workaround, you can delete JDM and install it again.
The PS interface maximum transmission unit (MTU) size at times has an incorrect default value. As a workaround, you can delete the PS interface and configure it again.
Junos OS Release 19.1R1 does not interoperate with earlier releases of Junos OS that support Junos node slicing. To run the 19.1R1 version of Junos node slicing on any GNF, the BSYS and all other GNFs must also run Junos OS Release 19.1R1.
Subscriber Management and Services
For dual-stacked clients over the same PPP-over-L2TP LNS session, enhanced subscriber management does not support configurations where both of the following are true:
The CPE sends separate DHCPv6 solicit messages for the IA_NA and the IA_PD.
The solicit messages specify a type 2 or type 3 DUID (link-layer address).
As a workaround, you must configure the CPE to send a single solicit message for both IA_NA and IA_PD when the other configuration elements are present. PR1441801
Open Issues
Learn about open issues in this release for MX Series routers.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Class of Service (CoS)
This issue is related to the configuration of the hidden statement rate-limit-burst in the class-of-service hierarchy. The commit needs to push an update for CoS code handling on all the Packet Forwarding Engines and during this time, an interface setting (internal attributes for an interface) was found to be NULL. Interface settings are usually stored in a memory location and the pointer to it became NULL because cosd did not check for the NULL values and resulted in segmentation fault. The channelized interface setting was found to be NULL for channelized interfaces, but the CoS code handling the configuration rate-limit-burst in Packet Forwarding Engine de-referenced the setting without doing a NULL check, resulting in core files. PR1425667
EVPN
There might be a few duplicate packets seen in an A/A EVPN scenario when the remote PE device sends packets with IM label due to MAC not being learned on remote PE device but being learned on the A/A local PE device. The non-DF sends the IM-labeled encapsulated packet to the PE-CE interface after MAC lookups instead of dropping the packet, which causes duplicate packets on the CE side. PR1245316
Due to timing condition, the dead next hops in the flood group of EVPN-MPLS are seen after remote PE devices bounce. PR1484296
On the MX, QFX10002, QFX10008, and QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel. PR1485377
When you try to execute VXLAN ping overlay through the RPC command, an RPC error is observed. PR1373025
On the MX104 platform, the chained-composite-next-hop ingress evpn statement is missing in the junos-defaults group. This statement must be configured to make EVPN work prior to Junos OS Release 18.3R1-S1/18.3R2, otherwise EVPN does not work as expected. PR1415466
The rpd process might generate a core file when the Routing Engine switches over after disabling the BGP protocol globally. PR1490953
The VXLAN bridge domain might lose VTEP logical interface after restarting chassisd. PR1495098
EVPN core isolation might not work if the BGP GR is (Graceful Restart) enabled. PR1496229
Forwarding and Sampling
The skip-service configuration does not work with IPv6 NDP negotiation or ping. PR1074853
In a BGP scenario with sampling enabled, incorrect ASN might be returned for the traffic originated from an internal prefix. This is because some AS paths and routes do not hold the latest information in the message buffers that the sampling route-record daemon uses to send to the clients. PR1439630
Additional information for the set firewall flexible-match source-ipv6-match ... command must be provided to avoid confusion. PR1389103
On a Junos fusion, ingress policing on the SD is broken (MX Series and QFX Series; ingress on AD and SD) and the set interfaces layer2-policer input-policer command is not supported in this release. PR1395217
For Junos OS Releases 18.4R1 and 18.3R2, if an IPv4 prefix is added on a prefix list referred by an IPv6 firewall filter, the following log message is not seen in this particular release: Prefix-List [Block-Host] in Filter [Protect_V6] not having any relevant prefixes , Match [from prefix-list Block-Host] might be optimized. PR1395923
For Junos OS Release 19.1R1, for physical interface policer for ip-option traffic, the traffic rate is more than 10 percent. PR1398728
The show firewall filter global-edge-filter command does not return any values. PR1422407
When you verify the selective local-switching functionality with 4000 VLANs, error messages related to traffic not being policied as expected after locally switching it to VLAN 100 and 101 are observed. PR1436343
After routing is restarted, the remote mask (indicating from which remote PE devices MAC-IP entries are learned) that the routing daemon sends can be different from the existing remote mask that the Layer 2 learning daemon had prior to restart. This causes a mismatch between the Layer 2 learning and routing daemons' interpretation as to where the MAC-IP entries are learned (local or remote). This leads to the mac-ip table being out of synchronization. PR1452990
Packet length for ICMPv6 is displayed as 0 in the output of the show firewall log detail command. PR1184624
The following syslog error message might be observed due to SSD hardware failure: Failed connecting to DFWD, error checking reply - Operation timed out. PR1397171
General Routing
If a Layer 3 interface is receiving a GRE-encapsulated packet and the interface has two filters attached at ingress as follows:
(a) family any with action as mirror.
(b) family inet with action as decapsulate gre, then the expected behavior is that the mirrored copy must have the GRE headers as well. However, that is not working as expected because of the presence of filter (b). If you are interested in mirroring the entire packet that came on the interface (that includes GRE header as well), then the workaround is to deactivate or disable the decapsulate gre action of filter (b). PR1090854
In a BGP or MPLS scenario, if the next hop type of label route is indirect, then the following changing events about the next hop interface MPLS family might cause the route to be in the Dead state, and the route remains in that state even when the family MPLS is again activated:
Deactivating and activating the interface family mpls.
Deleting and adding back the interface family mpls.
Changing maximum labels for the interface.
When a labelled route is resolved over an interface, that interface must have family mpls configured for the route to be successfully resolved. Otherwise, the route does not get resolved. PR1242589
In an EVPN-MPLS scenario, if the core-facing interface (mpls interface) and the CE-facing interface are on different PEs, and the traffic from core is not continuous and DMAC (Dynamic MAC) ages out, due to an incorrect flood next-hop programming across different PFEs, packet loss might be observed after device rebooted or l2ald restarted. PR1484468
The ptp-clock-global-freq-tracable leaf value becomes false and does not changes to true) when the internal lock is in the Acquiring state. PR1493743
ERP might not come up properly when MSTP and ERP are enabled on the same interface. PR1473610
The input errors on the MX150 router devices might be zero under the show interfaces extensive output when there are CRC or Align errors on the interface. PR1485706
In some scenarios with PTP hybrid mode and MPC5E, continuos resetting of the Playback Engine log message occurs. Playback engine resides inside the MPC5E FPGA and it is responsible for maintaining the PTP states corresponding. PR1420335
On the MX Series platforms, if the clock frequency slowly changes on CB0 (slow drift), the clock source for MPC-3D-16XGE-SFPP might not be changed to CB1, which cause interfaces on it to go down and remain in the Down state. PR1433948
On the MPC7E, MPC8E, and MPC9E line cards, hardware sensor information is logged on the syslog and
/var/log/messagesevery 30 minutes. PR1478816The following syslog message appears: fpcX user.notice logrotate: ALERT exited abnormally with [1]. PR1471006
Changing the framing modes on a CHE1T1 MIC between E1 and T1 on a MPC3E NG HQoS line card causes the PIC to go offline. PR1474449
MPC10E line card might crash due to inconsistencies during firewall filter add or delete operations that results in traffic being silently discarded. PR1465153
IPv6 accounting stop attributes are not correct for MLPPP subscribers. PR1455175
The following error message is observed that has no functional impact: MIB2D_RTSLIB_READ_FAILURE: check_rtsock_rc: failed in reading mac_db(xe-5/0/1:0): 0 (Invalid argument) PR1461289
SIP session fails when the IPv4 SIP client in a public network initiates a SIP call with the IPv6 SIP client in the private network. PR1139008
When performing a Routing Engine switchover without the support of nonstop routing (NSR), occasionally the Layer 2 Control Protocol daemon reports a slips of a few seconds (1 to 10) in its scheduled run and a similar log message as the following is displayed: l2cpd[32770]: JTASK_SCHED_SLIP: 8 sec scheduler slip, user: 0 sec 2180 usec, system: 0 sec, 2188 usec. This delayed run has no functionality or operational effect on any of the Layer 2 protocols controlled by Layer 2 Control Protocol daemon. This is because the STP task delegates transmit or receive BPDUs to a separate dedicated PPMD daemon and the LLDP task transmit or receive PDUs are dealt from the daemon itself. However, the advertisement interval is 30 seconds, with the hold timer value for neighbors' LLDP PDUs being 120 seconds, so the time to recover the few seconds of slips is plenty and enough to absorb it. PR1203977
The following cosmetic error is observed as the output: mspmand[190]: msvcs_session_send: Plugin id 3 not present in the svc chain for session. Please open a JTAC case to confirm. PR1258970
On the vMX platform, performance of the Intel X710 NIC is lower compared to the performance of Intel 82599 NIC. This issue occurs because 10-Gbps rate can be achieved at 512 byte packet size for X710 NICs, whereas the same can be achieved at 256 bytes for 82599 NICs. PR1281366
If a vmhost snapshot is taken on the alternate disk and there is no further vmhost software image upgrade, the expectation is that on the current vmhost image that gets corrupted, the system boots with the alternate disk so you can recover the primary disk to restore the state. However, under the condition where corruption is with host root file system, the node boots with the previous vmhost software instead of the alternate disk. PR1281554
On MX204 and MX10003, the Routing Engine might get stuck and boot from the other SSD after vmhost reboot. This is a race condition during BIOS handoff to Junos OS. You must boot the Routing Engine from the primary SSD. PR1295219
The user-configured packet hashing options for inet family under enhanced-hash-key might not take effect for the TRIO based FPCs. FPC keeps using the default behavior for hash calculation for IPv4 packets. PR1302637
The show dynamic-tunnels database summary command does not show an accurate tunnels summary when the anchor Packet Forwarding Engine line card is not in the up state. As a workaround, use the show dynamic-tunnels database and show dynamic-tunnels database terse commands. PR1314763
The customer does not use the chain-composite statement. The chain-composite statement does not bring in a lot of gain, because the TCNH is based on the ingress rewrite premise. Without this statement, things work just fine. PR1318984
In JDM (running on secondary server), the jdmd daemon might generate core files if GNF add-image is aborted by pressing Ctrl+C. PR1321803
With regard to FPC restarts or Virtual Chassis splits, the design of MX Series Virtual Chassis infra relies on the integrity of the TCP connections. The reactions to failed situations might not be handled in a graceful way---for example, the TCP connection might time out because of jlock hog crossing the boundary value (5 seconds), which might cause bad consequences for the MX Series Virtual Chassis. Currently, there aren't any easy solutions to reduce this jlock hog besides enabling marker infra in the MX Series Virtual Chassis setup. PR1332765
The first packet pertaining to J-Flow Packet Forwarding Engine sensor in UDP mode is missing after line-card reboot. PR1344755
With Graceful Routing Engine switchover (GRES) enabled in a subscriber environment, if subscribers are logging in or out very quickly, the service sessions in the session database of the backup Routing Engine might be leaked. If the problem is not detected for a long time, the backup Routing Engine might not be able to come back into synchronization with the master Routing Engine and might not be ready for GRES. PR1346300
The backup Routing Engine might crash after GRES occurs continuously for more than 10 times. PR1348806
During unified ISSU that warrants host upgrade, if the router is configured with 8 million IPv4 or IPv6 routes or more, the unified ISSU might fail, resulting in FPC restart. PR1348825
In some cases, online insertion and removal (OIR) of a MIC installed in an MPC might lead to the silent dropping of traffic destined to the MPC. The only way to recover from this is to restart the MPC. The issue is not be seen if you use the corresponding CLI commands to take the MIC offline and then bring it back online. PR1350103
The following error messages are observed with Junos OS Release 17.3 throttle image: localttp_offload_tx_errcheck: failed to send packet 4 times in last one second. PR1359149
For configurations of bridging routing instances with aggregated Ethernet logical interfaces (6400 logical interfaces) and IRB instances, all from a single FPC, the CPU utilization of the FPC stays at 100 percent for 4 minutes. The behavior from PFEMAN of the FPC has the processing time spiked on IF IPCs and this seems to be the case of MPC7E from Junos OS Release 16.1R1 (or even earlier). After 4 minutes, the CPU utilization comes down and the FPC is normal. Therefore, this scaled configuration on MPC7E takes settling time of more than 4 minutes. PR1359286
For the INH -> FWD NH{List NH} -> {Chain NH} scenario, when rpd reads next hops from the kernel on restart, rpd must not create an old-style list next hop for the forwarding next hop. PR1360354
In rare circumstances, a faulty SFP transceiver installed in an MX104 might cause the AFEB to go offline. The backup Routing Engine and fan tray also shows alarm. PR1360426
When an FPC is booting up (during unified ISSU, router reboot, or FPC restart), the Layer 2 circuit timeout error messages for the SFP transceiver are observed. These errors are seen when the Layer 2 circuit action is not completed because the device was busy. When the FPC is up, all the Layer 2 circuit transactions to the device were all right, so no periodic failure is observed. There is no functional impact and these errors can be ignored. PR1369382
If any log messages continue to appear in the MPC console, they indicate the presence of a faulty SFP/SFP+ transceiver. There is no software recovery available to recover from this situation. These logs also indicate potential Layer 2 circuit transaction failure with any of the 10 ports available with 2x10GE SFPP/20x10GE SFP MACSEC in PIC 0 that results in unexpected behavior:
I2C Failed device: group 0xa0 address 0x70Failed to enable PCA9548(0x70):grp(0xa0)->channel(0)mic_sfp_select_link:MIC(0/0) - Failed to enable PCA9548 channel, PCA9548 unit:0, channel ID: 0, SFP link: 0mic_sfp_id_read: Failed to select link 0
For example, the link does not come up or the MIC itself is not booting up on restart.
The only way to recover from these failures is to detect and replace the faulty SFP/SFP+ transceiver plugged into the 2x10GE SFPP/20x10GE SFP MACSEC ports. PR1375674
A few xe- interfaces go down with the following error message: error if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840
In low-end 32-bit systems, rpd has a lower level of available memory. We need to display a log message to alert customers when the average memory usage or transient memory usage exceeds thresholds. PR1387465
Control Plane Switch Management (CPSM) daemon memory leak occurs in vmhost. It might also cause the log rotate to stop working and cause large CPSM log size. PR1387903
On an MX Series platform enabled with enhanced subscriber management, if the filter service is enabled for each subscriber and if there is a large scale of broadband edge (bbe) subscribers (for example, 10,000) logging in and out repeatedly, the FPC might crash due to this rare issue. PR1388120
The virtio throughput remains same for the multiqueue and single-queue deployments. PR1389338
If the persist-groups-inheritance statement is configured when you try to add additional sites to an existing group and routing instance configuration, you might observe an error that can cause the commit to fail after issuing commit check. PR1391668
On MX Series platforms, if the channelized OC MIC (such as, 1xCOC12/4xCOC3 CH-CE) is used, the MPC/AFEB/TFEB (Forwarding Engine Board) might crash, generating core files. This is not easily reproducible. The traffic through the MIC might be impacted. PR1396538
The Junos OS rpd daemon has facilities to attempt to trap certain classes of nonfatal bugs by continuing to run, but leaves a soft generated core file. Leaving a soft generated core file is intended to be nondisruptive to routing and forwarding. You must have a mechanism by which you can disable the soft generated core files. PR1396935
Router advertises the ESMC QL of PRC even though the current clock status is holdover. PR1398129
In a BGP-PIC case, if route R1 resolves on top of multipath-route R2, where R2 has primary and backup indirect next hops, it is better if the backup leg is not used for the resolution of R1. There is no impact on any existing CLI commands. The backup path must not be used when the primary path is available. PR1401322
Generated core file and rpd reboot is observed when the condition-manager policy is configured for the routing table and the same table is repeatedly deleted and read. PR1401396
For ON_CHANGE subscriptions of /interfaces/ sensors, the sync_response is sent to the collector before the complete data is sent to the collector. However, there is no behavioral impact because the collector still receives complete data and the synchronization response received earlier impacts the ONCE mode of subscriptions. PR1403672
On vMX-based platforms including MX150, when you run the clear pim join instance instance-name all command, it might result in stopping of the riot process on the system. PR1409527
For MPC10 and MPC11 line cards, firmware upgrade for INphi modules should use updated version of scripts that support these line cards. The old script fails to perform the firmware upgrade. PR1410133
The configuration database can remain locked after the SSH session is halted. PR1410322
After ISSU, some of L2TP and PPPoE subscribers do not come up. PR1412818
A small number of tunneled subscribers might be terminated during unified ISSU to Junos OS Release 19.1R1 software due to momentary loss of IP connectivity between the LAC and LNS devices. PR1414928
When the Routing Engine software is not able to access the fabric chip, the corresponding plane goes into fault state. The following log message is observed: CHASSISD_FASIC_PIO_READ_ERROR: Fchip (CB 1, ID 1): read error in sfchip_init() for link#100 at address 0 in register FCHIP_FTOP_CONFIG. PR1416814
On the NG-MPC's KATS, tests does not run post system reboot and the chassisd restarts with 2x 10GE SFPP / 20x 1GE SFP MACsec MIC. PR1418538
Certain JNP10008-SF and JNP10016-SF manufactured between July 2018 and March 2019 might have an incorrect core voltage setting. As a workaround, reprogram the core voltage and update the setting in the NVRAM memory. PR1420864
With HTTP header enrichment function enabled, the processing of the window scaling option significantly reduces the performance of HTTP sessions from 65 MB/s to less than 40 MB/s, which results in decrease of traffic throughput. The download rate drop is also observed. PR1420894
On all platforms running Junos OS, when the file system gets into the Full state and there is not enough spare disk space, it might get into a problematic system condition while committing the configuration. After that, if the consecutive commits are still done in such a problematic condition, commit-check failure logs might be seen eventually. Due to this issue, some processes might not run even if the configuration is present. PR1423500
The fast-lookup-filter does not work for the MPC10E-15C-MRATE line card. During installation, the fast-lookup-filter is converted internally to the Dmem filter. PR1431451
The my-mac-check-failed exception counter display is missing from the CLI output, but the functionality is working as expected. PR1438761
If a route is programmed with Rib.RouteAdd/Update() with a VXLAN flexible tunnel profile having a destination MAC set to all zeros, reading the route back through Rib.RouteGet() results in the destination MAC not being set in the RouteGetReply. PR1439940
On the MPC7E, MPC8E, and MPC9E cards, egress stream flush failure and silent dropping of traffic might occur in a rare occasion for a repeatedly flapping link. PR1441816
The BGP session that establishes over the GRE tunnel fails when the router receives the BGP packets encapsulated as GRE and uses the firewall filter action to de-encapsulate the GRE header. PR1443238
For the EVPN instance with integrated and routing (IRB) interface, the proxy ARP and ARP suppression is enabled by default. With EVPN proxy ARP and ARP suppression enabled and in Junos OS Release 17.2Rx or 17.3Rx (x >= 3, the correlated service release is also affected), the kernel processing on the master Routing Engine might crash due to a software defect on the packet handling. This is a rare issue. PR1443903
After fixing PR 1338647, error dropped packets are seen on MQ/XM-based MPC cards, though there is no traffic flowing through the system. PR1451958
When using the replace pattern command to replace the name in the apply-group, the mgd crashes. PR1452136
Timestamp is missed when the show command is edited and run from the CLI command history. PR1454387
On a device with MPC10E installed, the firewall filter might be incorrectly updated in the Packet Forwarding Engine when the change (for example, add/delete, deactivate/activate) of firewall filter terms occurs in some scenarios, such as large-scale terms change or changes that occur during the MPC reboot. The incorrect firewall filter might cause the traffic to be silently discarded and leads to an MPC crash. It is a timing issue. PR1458499
Commit script does not apply changes in private mode unless you perform a full commit. PR1465171
From Junos OS Release 16.2R1 and onwards, if the commit command is executed after commit check, the daemon (for example, dhcpd and sampled) might not get started even though the related configuration is successfully committed. PR1468119
Unable to see generated core files in the show system coredumps output when you use the hostname with "." in between. PR1474118
A new aggregated Ethernet member interface for a static LAG bundle is installed in the FIB even though the micro- BFD session is down. PR1474300
When you reboot the external server, the SNMP values configured within the /etc/snmp/snmpd.conf file at the server gets overwritten with the content from the JDM snmp configuration section. The trap configuration changes get completely removed. Restarting or stopping and starting JDM does not change the host /etc/snmp/snmpd.conf file. Only system reboot of the server occurs. PR1474349
There is a behavior change from Junos OS Release 18.4 where the DHCPv6/PD subscribers come over the PPPoE subscriber. The DHCP accounting statistic is not displayed for DHCPv6/PD when brought over PPPoE. The behavior of PPPoE remains the same. PR1461104
The max-drop-flows statement is not available. PR1375466
Revert of RLT to primary can silently discard traffic for around 10 minutes after the primary FPC is online with primary RLT up. PR1394026
FPC might crash after performing GRES in a subscriber scenario. PR1421541
Random packet drops are observed with flow cache disabled when NIC is mapped to NUMA node 1. PR1458742
The MPC2E-NG or MPC3E-NG line card with specific MIC might crash after a high rate of interface flap. PR1463859
The GRE tunnel might go down in the scenario with IPv4 and IPv6 IPsec service configured. PR1470667
When you reboot the external server, the SNMP values configured within the
/etc/snmp/snmpd.conffile at the server get overwritten with the content from the JDM SNMP configuration section. The trap configuration changes get completely removed. Restarting or stopping and starting JDM does not change the host/etc/snmp/snmpd.conffile. Only system reboot of the server occurs. PR1474797xqchip_drop_get_q_length severity of parity error moved from major to minor. PR1481558
The SNMP index in the Packet Forwarding Engine reports as 0, causing sFlow to report either IIF or OIF (not both) as 0 in the sFlow record data at the collector. PR1484322
In node slicing setup after GRES, the RADIUS interim updates might not carry the actual statistics. PR1494637
Taking packet-via-dmem capture might cause FPC to crash or wedge. PR1498422
High Availability (HA) and Resiliency
On the MX204 and MX10003 Virtual chassis, ISSU might fail with an error message. PR1480561
Infrastructure
The following message is seen during FTP: ftpd[14105]: bl_init: connect failed for /var/run/blacklistd.sock(No such file or directory). PR1315605
If the serial number of the PEM starts with 1F1, the following alarm might be generated: Minor FPC PEM Temp Sensor Failed PR1398128
The following error message is observed continuously in AD with base configurations: IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) failed. PR1485038
Interfaces and Chassis
Out-of-sequence packets are seen with the LSQ interface. PR1258258
Upgrading Junos OS Release 14.2R5 and later maintenance releases and Junos OS Release 16.1 and later mainline releases with a CFM configuration might cause the cfmd process to crash after the upgrade. This is because of the presence of an old version of /var/db/cfm.db. PR1281073
In MX Series Virtual Chassis, flooding of the following error message can be seen with LACP-enabled aggregated Ethernet interfaces on MPC7, MPC8, and MPC9 cards: CHASSISD_CONFIG_ACCESS_ERROR: pic_parse_ifname: Check fpc rnage failed. The error message impacts only DWDM PICs, which does not effect the MPC7, MPC8, and MPC9 cards. Hence, this syslog message can be safely ignored. PR1349277
LFM sessions toward scaled peers might flap during the unified ISSU switchover phase. PR1377761
Static demux0 logical interfaces do not come up after configuration changes if the underlying interface is an et- (100-Gigabit Ethernet) interface. After the configuration change, the et- interface gets flushed in order to reparse the configuration. During this time, dcd does not create the dependency between demux0 logical interfaces and the underlying et- interface, which results in flushing off the demux0 logical interfaces. This issue is seen only if the underlying interface is an et- interface. As a workaround, restart dcd, reboot the entire Routing Engine, or use the commit full command instead of the commit command while committing the new configuration. PR1401026
If an aggregated Ethernet interface has the VRRP configuration, in the following use cases, member logical interfaces cannot be created after the member physical interface comes up, and the aggregated Ethernet interface will be in the Down state: fpc restart (request chassis fpc restart slot <>) chassis-control restart (restart chassis-control) reboot both Routing Engine (request system reboot both-routing-engines)
Therefore, before performing these operations, remove the VRRP configuration from the aggregated Ethernet interface. PR1429045
When the QSFP-100GE-DWDM2 transceiver is installed on the device, the harmless severity level log might be flooded periodically by this transceiver. PR1453919
The following message might be seen while committing configuration on MXVC: registration is being denied. PR1431377
SFBs goes to the Check state and the Packet Forwarding Engine raises major CM_CMERROR_FABRIC_SELFPING errors in the MX2000 routers, if the SFB is offline while it is in online process. PR1433522
Traffic might be dropped because of the next-hop points to ICL even though the local MC-LAG is up. PR1486919
Junos fusion Enterprise
The SDPD generates core files at
vfpc_all_eports_deletion_complete vfpc_dampen_fpc_timer_expiry. PR1454335
Junos fusion Provider Edge
V44 or Junos Fusion Environment system , intermediate traffic drop is seen between AD and SD when sflow is enabled on ingress interface. This is not seen always. PR1450373
Layer 2 Ethernet Services
On an MX Series platform, if a static demux interface is configured over an underlying interface after the subscriber logs out, then the accounting statistics are not cleared. PR1383265
The jdhcpd process might leak memory in the subscriber scenario. PR1491349
MPLS
With nonstop active routing (NSR), when the rpd restarts on the master Routing Engine, the rpd on the backup Routing Engine might restart. PR1282369
If there are two directly connected BGP peers established over MPLS LSP and the MTU od the IP layer is smaller than the MTU of the MPLS layer, and also if the BGP packets from the host have the DF bit set, the BGP session might keep flapping because of the usage of the wrong TCP-MSS. PR1493431
For an SR-TE path with 0 explicit NULL as the innermost label, the SR-TE path does not get installed with label 0. PR1287354
The root XML tag in the output has been changed from rsvp-pop-and-fwd-info to rsvp-pop-and-fwd-information to be consistent with the XML tag convention. PR1365940
The following multicast (MVPN) traffic drop can be observed on switchover when vt- is in use: show routing-instances MVPN-1 instance-type vrf; interface vt-0/0/0.1202 { <<<<< multicast; } //snip
This issue occurs due to the presence of incorrect forwarding states on the backup Routing Engine before the switchover. PR1434522
On MX Series platforms, in an MPLS Layer 2 circuit or Layer 2 VPN with FAT (Flow-Aware Transport of Pseudowires) flow labels scenario, the flow label is not pushed when chained-composite-next-hop ingress l2ckt/l2vpn is enabled. The issue results in a load-balance problem for the Layer 2 circuit or Layer 2 VPN service. PR1439453
When an interface in an MVPN routing instance is changed from a virtual tunnel (VT) interface to a label-switched interface (LSI), the P2MP LSP might get stuck in an incorrect state because no tear down message is created from the LSP egress side. In the end, the MVPN traffic is lost. PR1454987
In a large scale P2MP deployment, LSPs might go down randomly across the network due to repeated make-before-break event occurring in the P2MP sub-lsps. PR1415384
The rpd process might crash in PCEP for the RSVP-TE scenario. PR1467278
The backup Routing Engine might crash if an indirect next-hop is sent by the primary Routing Engine without the associated sgid. PR1493053
Network Management and Monitoring
Junos OS sends a cold trap from the new master Routing Engine just after the first GRES. This is because the cold_start timestamp file was not present or updated after the reboot. So, for the first GRES, Junos OS sends a cold start trap. PR1461839
Platform and Infrastructure
In configurations with IRB interfaces, during times of interface deletion (for example, FPC reboot), the Packet Forwarding Engine might log the following error message: nh_ucast_change:291Referenced l2ifl not found. This condition should be transient with the system reconverging on the expected state. PR1054798
On an MX-VC setup, if the traffic goes through a VCP port and forwards to an egress port to the destination, while the traffic is handled entirely by the same Packet Forwarding Engine, MAC malformation might occur. PR1491091
In the MX104 chassis, the show system buffer command display all zero. PR1484689
An accuracy issue occurs with three-color policers of both types, single rate, and two rate in which the policer rate and burst-size combination of the policer accuracy vary. PR1307882
In an Ethernet frame padding with VLAN scenario, if the fragment is a must, the VLAN Ethernet padding is required to minimize the frame size when the Ethernet frame length is less than 68 bytes, and equal to or greater than 64 bytes. But if the VLAN Ethernet padding is configured on a vlan-tagging enabled Ethernet interface, the fragment might not work correctly. The MPC error might be observed and the traffic might get lost. PR1452261
An an MX Series router acting as an egress NG-MVPN PE router with hot-root-standby and sender-based-rpf features enabled, is supposed to switch to the backup multicast flows from the primary ones if the primary flow rate falls below configured mvpn hot-root-standby min-rate rate. The switchover time (when the traffic is silently discarded) is expected to be within 50 milliseconds irrespective of the number of the groups which are undergoing this switchover (assuming that this number is within maximum MoFRR flows supported). Before this PR fix, that switchover time could be more than 50 milliseconds (up to several seconds) if the number of the groups undergoing the switchover at the egress PE simultaneously is greater than ~250 groups. PR1478981
There are multiple failures when events such as node reboots, ICL flaps, and ICCP flaps occur. Even with enhanced convergence configured, there is no guarantee that subsecond convergence will be achieved. PR1371493
In some cases, the status bit of the RPF next hop appears as disabled when it should have been enabled. PR1404240
On MX Series routers with MS-MPCs, when both group virtual private network (GVPN) tunnel and MPLS-over-UDP tunnel are used, traffic from a group virtual private network (GVPN) tunnel to MPLS-over-UDP tunnel might fail to get decrypted on the MS-MPC. This causes a complete service loss. PR1422242
On all platforms running Junos OS, with NSR enabled, the BGP session with a hold-time of 6 seconds or smaller flaps after the backup Routing Engine is pulled out ungracefully. PR1428518
For the bridge domains configured under an EVPN instance, the ARP suppression is enabled by default. This enables the EVPN to proxy the ARP and reduces the flooding of ARP in the EVPN networks. Due to this, the storm-control does not take effect on the ARP packets on the ports under such bridge domain. PR1438326
Arrival rates are not seen at the system level when the global-disable FPC is configured. PR1438367
A dual Routing Engine Juniper node slicing GNF with no GRES configured and with system internet-options no-tcp-reset drop-all-tcp configured might enter a dual backup Routing Engine state upon a manual GNF Routing Engine mastership switchover attempt with the request chassis routing-engine master [acquire|release|switch] CLI command from either GNF Routing Engine CLI. PR1456565
After performing ISSU with a scaled configuration, high CPU utilization is observed in the MPC 3D 16x10GE card. PR1461715
In NTP with the boot server scenario, when the router or switch boots, the NTP daemon sends an ntpdate request to poll the configured NTP boot-server to determine the local date and time. If the ntpdate is not activated correctly while the device is booting, the ntpdate might not work successfully. Then, some cosmetic error messages of time synchronization might be seen, but there is no impact on the time update because the ntp daemon updates the time eventually. PR1463622
EVPN traffic loss is observed with the initial configuration before verifying with the IRB IP next-hop: type-5 with no EVPN inside data center functionality. PR1466914
The unicast traffic from IRB interface towards LSI interface might get dropped with the aggregated Ethernet load-balance adaptive or per-packet configured. PR1458825
In node slicing setup, MPLS TTL might be set to zero when the packet goes through the aggregated Ethernet interface configured with the circuit cross-connect family. PR1492639
Routing Protocols
While interoperating with other vendors in a draft-rosen multicast VPN, by default Junos OS attaches a route target to multicast distribution tree (MDT) subsequent address family identifier (SAFI) network layer reachability information (NLRI) route advertisements. But some vendors do not support attaching route targets to the MDT-SAFI route advertisements. In this case, the MDT-SAFI route advertisement without route-target extended communities are prevented from propagating if the BGP route-target filtering is enabled on the device running Junos OS. PR993870
If a manually configured rib-group or automatically generated rib-group (through family inet labeled-unicast resolve-vpn) is used to copy inet.0 (IP routing table) routes to inet.3 (MPLS routing table), the process rpd might continuously generate soft core files after protocols bgp path-selection always-compare-med is configured. PR1487893
On the MX2010 Series routers, the BFD session on the IS-IS step up flaps during the ISSU - FRU upgrade stage. PR1453705
When configuring an alternate incoming interface for a PIM RPF check using rpf-selection, you might find that the additional groups outside the configured range switches to the alternate incoming interface. PR1443056
JTASK_SCHED_SLIP for rpd might be seen on performing restart routing or OSPF protocol disable with scaled BGP routes in an MX104 router. PR1203979
Certain BGP traceoption flags (for example, open, update, and keepalive) might result in trace logging of debugging messages that do not fall within the specified traceoption category, which results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294
LDP and OSPF are in the Synchronization state and the reason observed for this is IGP interface down with ldp-synchronization enabled for OSPF. user@host> show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt 0.0.0.0 0.0.0.0 0.0.0.01Type: P2P, Address: 10.0.60.93, Mask: 255.255.255.252, MTU: 9100, Cost: 1050Adj count: 1Hello: 10, Dead: 40, ReXmit: 2, Not StubAuth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTCProtection type: NoneTopology default (ID 0) -> Cost: 1050LDP sync state: in sync, for: 00:04:03, reason: IGP interface downconfig holdtime: infinity
According to the current analysis, IGP interface down is observed because although LDP notified OSPF that LDP synchronization was achieved, OSPF was not able to take note of the LDP synchronization notification because the OSPF neighbor was not up yet. PR1256434
BGP I/O thread is added in Junos OS Release 16.1R1, whereby BGP writes were batched to improve efficiency. This might sometimes lead to some latency in sending BGP updates while reacting to certain network events. PR1332301
SCP command with routing option (-JU) is not supported. PR1364825
It is possible for a GNF with rosen6 multicast to display stuck KRT queue entries after recovery from a dual Routing Engines reboot at the BSYS. PR1367849
The following error messages are observed: pimd_rtrequest_v4(1133), IS_MASTER_RE: 1, Process: rpd, RTM_ID: 5, error: 17, errmsg: rt exists; ifindex = 340. These logs are not harmful and have no functional impact. This error message just shows the state of PIM register messages. These logs are already LOG_DEBUG for external builds. You do not need to make any change in any of the components. PR1371431
At scale, a GNF with PS over RLT and multiple MPCs might show BFD flap at recovery. PR1386574
In a BGP scenario with multipath enabled, if you apply an import or export policy of IPv6 routes with an IPv4 next hop to a BGP neighbor, the rpd might crash continuously. PR1390428
If an import policy is applied to a BGP neighbor and the policy has an indirect IPv4 next hop for IPv4 and IPv6 routes (IPv6 routes resolved over IPv4), when the BGP unresolved route is withdrawn, rpd crash might be seen. PR1391568
Policy-based label allocation is not supported for an IPv6 prefix. Commit might be successful but configuration does not take effect. There is no functional impact. PR1395040
When the MoFRR feature is used in a scaled environment (in terms of number of routes and next hops), the actual convergence of multicast traffic might reach hundreds of milliseconds due to suboptimal handling of MoFRR forwarding states at the Packet Forwarding Engine level. PR1399457
Sometimes when a new logical router is configured, logical router core files might be seen on the system if the kernel is reporting low memory (this core file is harmless). PR1403087
During NSR initial state replication on a scaled setup, while BGP state replication is still going on, the BGP task replication might get marked as completed. This is because BGP replication is triggered and controlled by the backup Routing Engine. You must check the output of the show BGP replication command to confirm whether replication has actually completed. This corner case scenario is valid only on a scaled setup and during initial state synchronization. PR1404470
The mcsnoopd core files are generated immediately after the commit change related to a VXLAN-EVPN configuration. PR1408812
Autotranslations fail when the static adjacency SID is configured with OSPF as IGP. PR1414612
Variability of convergence improvement with the send-addpath-optimization statement enabled is observed. PR1395684
Packet drop and CPU spike on Routing Engine might be seen in certain conditions if the labeled-unicast protection is enabled for a CsC-VRF peer. PR1456260
RPKI validation is broken. PR1464931
The bbe-smgd process generates core files on the backup Routing Engine. PR1466118
RPD crashes due to the flapping of the BGP session. PR1490079
Subscriber Access Management
Authd reuses addresses too quickly before jdhcpd can completely clean up the old subscriber, which floods the error log; for example: jdhcpd: %USER-3-DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add 10.1.128.3 as it is already used by 1815. PR1402653
While verifying the deleting services through CoA, when the specified family-type has been deactivated since incorrect number of service sessions are active. Hence, some services remains active even though the family is deleted. PR1479486
Subscriber accounting messages retransmissions exist even after configuring accounting retry 0. PR1405855
User Interface and Configuration
The test configuration /config/file configuration fails to check for a dynamic profile when the subscriber is active. PR1376689
Changing nested apply groups does not take effect. PR1427962
Previous configuration might still take effect after performing rollback rescue. PR1489575
VPNs
The multicast VPN MIB is not properly compiled into the Juniper MIB package bundle. This might cause mib-jnx-mvpn.txt to be included as part of the Juniper Enterprise MIB set. PR1394946
MVPN traffic loss observed while verifying MULTICAST ROUTE with VT for VPNA. PR1460480
In an MVPN environment with SPT-only option, if the source or receiver is connected directly to c-rp PE and the MVPN data packets arrive at the c-rp PE before its transition to SPT, the MVPN data packets might be dropped. PR1223434
Resolved Issues
Learn which issues were resolved in the Junos OS main and maintenance releases for MX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Resolved Issues: 19.1R3
Application Layer Gateways
SIP messages that need to be fragmented might be dropped by SIP ALG. PR1475031
Class of Service (CoS)
MX Series device-generated OAM/CFM LTR message are sent with a different priority than the incoming OAM/CFM LTM message. PR1466473
Unexpected traffic loss might be observed in certain conditions. PR1472083
The MX10008 and MX10016 devices might generate cosd core files after executing the commit or commit check command if the policy-map configuration is set. PR1475508
EVPN
Delay factor might send back ARP request/NS to the local segment under EVPN-ETREE leaf role conditions. PR1459830
Traffic received from the VTEP gets dropped if the VNI value used for type-5 routes is greater than 65,535. PR1461860
The rpd might crash after the EVPN-related configuration is changed. PR1467309
The rpd process might crash after committing changes in the EVPN environment. PR1439537
MAC address present in the EVPN database are not get installed in the EVPN MAC-table (ethernet-switching table) when the remote MAC is learned from the multihomed PE devices. PR1463722
Forwarding and Sampling
The pfed might crash and not be able to come up. PR1452363
In some rare scenarios upon FPC or PIC reboot, the Packet Forwarding Engine daemon database might not get updated with the correct location_id for some physical interfaces, then a problem with statistics on some interfaces of a router might be observed. PR1458143
The l2ald process might experience memory leak on platforms running Junos OS. PR1455034
In a scenario when the VGA on IRB is deactivated, activated, or comit the configuration at the same time on both the PEs of a site, the type 1 ESI or AD route might not be generated locally. PR1464778
The following syslog error message is observed: pfed: rtslib: ERROR received async message with no handler: 28 PR1458008
The following logs are observed: L2ALD_MAC_IP_LIMIT_REACHED_IF: Limit on learned MAC+IP bindings reached for .local.1048605; current count is 1024 PR1462642
On MX10008 and MX10016 routers, the bandwidth-limit policer cannot be set higher than 100 gigabits. PR1465093
An output bandwidth-percent policer with logical-bandwidth policer applied to an aggregated Ethernet bundle along with an output-traffic-control-profile has incorrect effective policing rate. PR1466698
Traffic might not be forwarded into the right queue but might be forwarded into the default queue when VPLS traffic has three or more VLAN tags with VLAN priority 5. PR1473093
The filter might not be installed if the policy-map xx option is present in the filter. PR1478964
General Routing
The following error message is reduced from fatal to major: XR2CHIP_ASIC_JGCI_FATAL_CRC_ERROR. PR1390333
Mandatory TLV ttl learnt from LLDP neighbors is not streamed along with other learnt parameters from the neighbors. PR1459441
On the MX150 device, there is a log severity level change. PR1411846
Original PFEBM task, which is system-critical for internal network performance or resilience runs as a medium priority. PR1429797
FIPS:GMIC2-KATS does not run on specific MPC3E-3D-NG senario and the following error message is observed: gi2mic_vsc8490_port_init: FIPS mode not set PR1418538
Certain JNP10008-SF and JNP10016-SF that are manufactured between July 2018 and March 2019, might have incorrect core voltage setting. The issue can be corrected by reprogramming the core voltage and updating the setting in the NVRAM memory. PR1420864
During host ping with gr- tunnel endpoint, lt- interface termination, gr- interface input, and lt- interface, the output counters comes as host path with addition to the transit counter. PR1461593
The rpd might generate core files when being terminated either during a user-initiated restart or when deactivating a logical system. This crash is seen only when rpd is being shut down, so overall impact on the network is minimal. PR1418192
jnxFruState shows the value as 10 for Routing Engine instead of 6 in response to .1.3.6.1.4.1.2636.3.1.15.1.8.9.1.0.0. PR1420906
On all the devices running Junos OS, with channelizing configured on FPCs, if a 40-Gbps port that is channelized to 10-Gbps ports already (for example, xe-2/0/16:0) is being channelized to 10-Gbps again, the port might get incorrectly channelized. PR1423496
On the MX Series platform, the PPP sessions do not work properly. PR1428212
The Protect core configured router might send IPFIX sampling packets with the wrong next-hop information. PR1430244
The l2cpd process might crash and generate a core file when the interfaces flaps. PR1431355
Micro-BFD 3x100 ms flap upon inserting a QSFP transceiver in another port. PR1435221
When you reboot or power off the backup Routing Engine, trap message reported is seen. This is a generic design for the TVP platform. PR1436212
Unified ISSU is failing from Junos OS Release 19.1R1 legacy images. (Seen only on legacy image) PR1438144
The rpd might generate core files during router bootup due to a file pointer issue as there are two code paths that can close the file. PR1438597
Incorrect values appears in JUNIPER-TIMING-NOTFNS-MIB. PR1439025
The rpd creates route pointing to chain composite instead of indirect next hop for a PE-PE directly connected case. PR1439317
On Junos OS, if a group is applied at the nonroot level and later a statement from the group is deleted, change bits are not set for the hierarchy where the group is applied. As a result, the respective daemon is not notified for the changes that causes mgd to generate core files. PR1439805
New OID is added that calculates the buffer utilization where inactive memory is not considered as free memory. PR1441680
The MX Series device might rewrite the HTTPS request with destination port 80. PR1446085
The static route for NAT might never come up if you switch over the service interface that has NAT and GR configuration. PR1446267
The rpd process might crash when it is terminated immediately after it has been started. PR1446320
The bbe-smgd generates core file on the backup Routing Engine in
bbe_ifd_add_vlan(ifd=0x8c3e835, ifl=0xcaf59f18) at../../../../../../src/junos/usr.sbin/bbe-svcs/smd/infra/bbe_ifd.c:6374.PR1447493FPC generates the Voltage Tolerance Exceeded major alarm for each IP 2V5 sensors. PR1451011
Main chassisd thread at a JNS GNF might experience stalls upon GNF SNMP polling for hardware-related OIDs. PR1451215
RMPC-generated core files are found after configuration changes are done on the network for PTP/Synchronous Ethernet. PR1451950
Incorrect output is observed in the show snmp mib walk jnxTimingNotfnsMIB.3 statement. PR1453436
On the MX10003 platform, alarm is not sent to syslog. PR1453533
On MPC3E-NG cards with 100-Gigabit Ethernet interface in use, if the interface detects Loss of Lock (LOL) on the link without Loss of Signal (LOS), the interface goes down and might not come up again after the link is recovered. PR1454595
After a software upgrade, SNMP MIB Walk does not roll or fetch any information. PR1455667
The CLI command with invoke-on and display xml rpc results in unexpected multiple RPC commands. PR1456578
Continuous crashing of the bbe-statsd process might be seen if any parameter is set to 0 in the mx_large.xml file. PR1457257
The chassisd process and all FPCs might restart after a Routing Engine switchover. PR1457657
If the dynamic assignment of VoIP VLAN is used, the switch might not send correct VoIP VLAN information in the LLDP MED packets after any configuration change and commit. PR1458559
The FPC X major errors alarm might be raised after committing the PTP configuration change. PR1458581
The following error messages might be seen after restarting the chassisd: create_pseudos: unable to create interface device for pip0 (File exists). PR1459373
Incomplete output is observed when you run the show ancp subscriber access-aggregation-circuit-id < access aggregation circuit ID> statement. PR1459386
In an MC-LAG scenario, traffic destined to VRRP virtual MAC gets dropped. PR1459692
Traffic is discarded silently upon interface flap after DRD autorecovery. PR1459698
AUTO-CORE-PR :cpcdd generates core files at
ServicesMgr::ServicesManager::cpcddSmdInterface::processServiceNotifyMsg ,SmdInterface::cbStateSyncServiceNotifyMsgHandler ,statesync_consumer_poll_new_state_cb. PR1459904In a subscriber management environment, subscriber statistics reported by CLI commands and RADIUS can be broken if in-service software upgrade (ISSU) is performed from any Junos OS release earlier than Junos OS Release 18.4 to 18.4 or a later build. PR1459961
The PPTP does not work with destination NAT. PR1460027
If VLAN-offload is configured on the vMX platform, input-vlan-map might not work. PR1460544
IPv6 prefix might be hidden when received over an IPv4 BGP session. PR1460786
The PTP function might consume kernel CPU for a long time. PR1461031
The bbe-smgd might generate core files when all RADIUS servers are unreachable. PR1461340
In an EVPN scenario, memory leak might be observed when proxy-macip-advertisement is configured. PR1461677
The repd core file is seen during system bootup. PR1461796
There is a memory issue with the BBE statistics collection and management process, bbe-statsd, on the backup Routing Engine. PR1461821
When both DIP switches and power switch are turned off, the following error message appears: CHASSISD_SNMP_TRAP6: SNMP trap generated: Power Supply failed. PR1462065
On the MX204 platform, radius-acct-interim statistics are not populated for subscribers. Statistics are properly populated in the radius-acct-stop packets. PR1462325
An interface might get stuck in the Down state on certain MX Series platforms. PR1463015
On an MX Series platform with enhanced subscriber enabled, if you make some changes to a dynamic-profiles filter, the subscribers built on the filter might no longer forward traffic. PR1463420
RPC ALG causing mspmand to generate core files when an MX Series device is used as a stateful firewall with the MS-MIC or MS-MPC service cards. PR1464020
The IPoE subscriber route installation might fail. PR1464344
The
bbe-smgd-core (0x000000000088488cinbbe_autoconf_delete_vlan_session_only (session_id=918)file is observed at../../../../../../src/junos/usr.sbin/bbe-svcs/smd/plugins/autoconf/bbe_autoconf_plugin.c:3115). PR1464371The PPP IPv6CP might fail if the routing-services command is enabled. PR1464415
The CPU utilization on the mgd daemon might get stuck at 100 percent after the netconf session gets interrupted by the flapping interface. PR1464439
The MS-MIC might not work when it is used on a specific MPC. PR1464477
The PPPoE session gets in the Terminated state and the accounting stop for the session is delayed. PR1464804
MPC5E or MPC6E line cards might crash due to internal thread overusing the CPU. PR1464820
In the MAC-MOVE scenario, the jdhcpd might consume high CPU and no further subscribers can be brought up if there are more than 4000 DHCP relay clients. PR1465277
The physical interface of an aggregated Ethernet interface bundle might take time to come up after you enable or disable it. PR1465302
ICMP error messages are still not received after you enable the enable-asymmetric-traffic-processing command. PR1466135
The PPPoE subscribers get stuck due to the PPPoE inline keepalives that do not work properly. PR1467125
Layer 2 wholesale is not forwarding all client requests with stacked VLAN. PR1467468
The rpd process might stop after several changes to the flow-spec routes. PR1467838
Crypto library shim memory utilization performance improvement by using data shim instead of control shim. PR1467874
SNMP interface-mib stops working for PPPoE clients. PR1470664
Sudden FPC shutdown due to hardware failure or ungraceful removal of line card causes major alarms on unrelated remote FPCs. PR1471372
When PTP is configured in the hybrid mode, the Synchronous Ethernet frequency drifts. PR1471502
On the MX10008 and MX10016 line cards, the ARP suppression that is enabled by default in EVPN does not work. PR1471679
Service accounting statistics do not get updated after changes are made to the firewall filters. PR1472334
The kernel might crash and vmcore might be observed after committing the configuration change. PR1472519
Performing back-to-back rpd restarts might cause rpd to crash. PR1472643
SDB goes down very frequently if the reauthenticate lease-renewal statement is enabled for DHCP. PR1473063
Ingress multicast replication does not work with GRES configuration. PR1474094
clksyncd generates core file after GRES. PR1474987
The RADIUS accounting updates of service session have wrong data statistics. PR1475729
The bbe-mibd process crashes as a result of aborting /../src/junos/lib/libjuniper++/memHeap.cc:226. PR1476596
In a NAT-T scenario, the IKE version 2 IPsec tunnel might flap if the tunnel initiator is not behind NAT. PR1477483
On MPC2E-NG, MPC3E-NG, MPC5, MPC6, MPC7, MPC8, and MPC9, the PFE might be disabled due to a major error. PR1478028
FPC memory leak might occur after executing the show pfe route command. PR1478279
The rpd walks through irrelevant routing tables when you run the show route protocol l2-learned-host-routing or show route protocol rift command and this causes rpd to crash while processing a bgp.rtarget.0 route. PR1481953
UID might not be released properly in some scenario after the service session deactivates. PR1188434
The show subscriber extensive command incorrectly displays DNS addresses that are provided to DHCP clients. PR1457949
DHCP relay with forward-only might fail to send OFFER messages when the DHCP client is terminated on the logical tunnel interface. PR1471161
The dynamic profile for a VPLS-PW pseudowire incorrectly reports the Dynamic Static Subscriber Base Feature license alarm. PR1473412
The statistics of the traffic generated by the Routing Engine on the MX platform is incorrect. PR1432724
In the Junos OS PTP deployment, when configuring the aggregated Ethernet child interface in the protocol PTP and after performing the FPC restart, all of the interfaces on that FPC might be brought to the Administrator down state. PR1442665
The IS-IS setup sends the system host-name instead of system-id in the OC paths in the lsdb or Adjacency xpaths in a periodic streaming and on-change notification. PR1449837
On subscribing to /interfaces/interface/state/, it might get subscribed to /junos/system/linecard/interface/traffic/ internally instead of /junos/system/linecard/interface/queue/ that might impact traffic. PR1456275
The traffic might get stuck on the MS-MPC or MS-MIC with sessions receiving huge number of affinity packets. PR1459306
FDB does not flush that causes the traffic to be dropped silently in the Ethernet ring scenario. PR1459446
Fabric hardening (FH) is the process of controlling bandwidth degradation to prevent traffic to be silently discarded. When the FH process is processing and if SFB or SCB fails, the FH process gets stuck that causes traffic lost. PR1461356
On the specific Junos OS platforms, the Routing Engine switchover might not be triggered when the master CB clock failure is detected. The master CB with the faulty clock can not operate normally and this issue might cause fabric plane failure. PR1463169
Need to add the Backport jemalloc profiling CLI support to all Junos OS Releases where jemalloc is present. PR1463368
When the tunnel-services are configured on a PIC, the optics measurements that subscribed through gRPC might not be streamed. PR1468435
The pccd might generate core files and PCEP session might flaps in the PCE initiated or PCE delegated LSP scenario. PR1472051
The tcp-log connections fail to reconnect and gets stuck in the Reconnect-In-Progress state. PR1469575
On all the Junos platforms with l2cpd daemon, committing configuration changes that are processed by l2cpd (for example, flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, and family ethernet-switching might cause marginally memory leak. PR1469635
A hierarchical-scheduler should not be configured on a ps- interface. The corresponding anchor lt- interface must be used for that purpose instead. PR1470049
The following chassis alarm is reported on BSYS: RE0 to one or many FPCs is via em1: Backup RE. PR1472313
The subnet information might be corrupted if it is passed by a RADIUS server. PR1474097
The QSA adapter Lane 0 port might be also brought down when you disable one of the other lanes. PR1474231
In the MX2000 chassis with multiple line cards (XM and EA based) and SFB2 fabric, a longer traffic drops in the order of 30 seconds depending on the number of line-cards in the chassis might be observed. PR1476505
Traffic loss might occur due to the LNS subscribers in case the routing-service statement is enabled under the dynamic-profile. PR1476786
Teh TCP-log sessions might be in the Established state but the logs are not sent out to the syslog server. PR1478972
The rpd process might crash when the prefix list address is changed from IPv4 to IPv6. PR1421076
On the MX104 Series router with any 2 port license installed on 10-Gigabits interface and phy-timestamping enabled in PTP, PTP might not work. PR1421811
The default configuration does not create any logical interfaces and LLDP cannot discover the neighbor for those interfaces, which the logical interface is not configured explicitly in the Junos OS configuration. PR1436327
When flapping the existed flood next hop type routes, it might cause rpd crash or consume 100 percent of CPU. This issue might cause the routing protocols sessions or neighbors flap or traffic loss. PR1441550
The MVPN traffic might be dropped after performing switchover. PR1463302
On the MX104 Series routers, the clksyncd crash might be observed when PTP over an aggregated Ethernet is configured. PR1471466
The protocol MTU might not be changed to lt- interface from the default value. PR1478822
The MX204 router might restart if the system is configured for the subscriber management for PPPoE over aggregated Ethernet with the routing-service is enabled in the dynamic-profile. PR1482431
After kmd restarts, the IPsec SA comes up but the traffic fails for some time. PR1480692
On the MPC10 line cards, the logical tunnel interface might not work. PR1484751
The following general routing syslog error messages might be generated by the Packet Forwarding Engine: PFEIFD: Could not decode media address with length 0. PR1341610
The default credentials is supplied in the configuration. PR1344858
High CPU utilization of the FXPC process might be observed with the class-of-service changes on interfaces. PR1407098
Need to disable PTP and display warning when hyper mode is configured. PR1429527
IRB over VTEP unicast traffic might get dropped. PR1436924
The chassisd process might crash. PR1460657
The chassisd process might crash during GRES on the device with SCBE3 or SCB4. PR1464375
On the MPC7, MPC8, and MPC9 line cards, WO packet error and FPC major alarm are observed when reassembling the small fragments. PR1465490
Services card might restart due to a race condition when DNS filtering is enabled. PR1466567
Few of the DHCP INFORM packets specific to particular VLAN might take the incorrect resolve queue. PR1467182
On the MX10003 and MX204 routers, the temperature sensor name for PEMs under the show chassis environment pem command is incorrect. PR1468642
Receipt of specific packets causes service cards to restart when the DNS filtering is configured. PR1469188
Need to fix multiple FreeBSD vulnerabilities. PR1470693
The pkid process crashes at bn_i2c (pval=0x1d, cont=0x0, putype=0xffffcce8, it=0xc8c848b8 < BIGNUM_it>) at
../../../../../../../src/crypto/openssl/crypto/asn1/x_bignum.c:127. PR1471878If static VLAN demux unit is configured the inner-range statement, only the first VLAN from the range is used to send PADI. PR1472444
Manually configured ERO on NS controller are lost when PCEP session is bounced. PR1472825
Services card might restart when DNS filtering is enabled. PR1474056
The Packet Forwarding Engine crashes on MPC7, MPC8, and MPC9 line cards upon receipt of large packets requiring fragmentation. PR1474154
On the MX104 devices, the chassid process generates core file when cmerror is triggered. PR1475396
The Power Supply failed and Power Supply OK SNMP traps are not generated. PR1479133
The SCBE3 fabric plane goes to the Check state in MX Series Virtual Chassis. PR1479363
100G interface might randomly fail to come up after the maintenance operations. PR1481054
Traffic impact might be observed when policy-multipath is configured without LDP on the SPRING-TE scenario. PR1483585
Kernel crashes (vmcore) upon receipt of a malformed IPv6 packet. PR1486948
Incorrect frame length of 132 bytes might be captured in the packet header. PR1487876
Infrastructure
FPC might reboot if jlock hog occurs on all Junos VM-based platforms. PR1439906
The duplex status of management interface might not be updated in the output of the show command. PR1427233
The scheduled tasks might not be executed if the cron daemon goes down without restart automatically. PR1463802
The l2ald and eventd processes hogs hundred percent after issuing the clear ethernet-switching table command. PR1452738
Memory leak leads to kernel crash (vmcore) due to SNMP polling. PR1482379
Interfaces and Chassis
When the logical interface is associated to a routing instance inside, an LR is removed from the routing instance and the logical interface is not added to the default routing instance. PR1444131
After performing an interface flap, Cordoba related interface goes down. PR1475777
Commit error is not thrown when member link was added to the multiple aggregation group with different interface specific options. PR1475634
Continuous VRRP state transition (VRRP master/backup flaps) are seen when one device drops VRRP packets. PR1446390
The voltage high alarm might not be cleared when the voltage level comes back to normal for MIC on MPC5. PR1467712
When you configure ESI on a physical interface, the traffic drops if you disabe the logical interface under the physical interface. PR1467855
Interface descriptions might be missing under the logical-systems configuration. PR1449673
Mismatched MTU value causes the RLT interface to flap. PR1457460
Executing commit might become nonresponsive as the dcd process becomes nonresponsive. PR1470622
MC-AE interface shown as unknown status when you add the subinterface as a part of the VLAN on the peer MC-AE node. PR1479012
VRRP failover delay timer starts with configured interval instead of the default interval. PR1452748
The MC-LAG configuration-consistency ICL-configuration might fail after committing some changes. PR1459201
The EOAM CFM primary-vid functionality does not work if the enhanced-cfm-mode is enabled. PR1465608
The Virtual Chassis de-couples and couples during the authd daemon restart. PR1467298
Junos fusion enterprise
Loop detection might not work on the extended ports. PR1460209
J-Web
The httpd process might run with a high CPU utilization when J-Web is enabled. PR1483607
Layer 2 Ethernet Services
The jdhcpd process might go into an infinite loop and utilize full CPU. PR1442222
The DHCP subscriber might not come online after rebooting the router. PR1458150
The metric does not change when configured under the DHCP. PR1461571
The ISSU might fail when a subscriber inflight login is happening. PR1465964
Telemetry data for relay/bindings/binding-state-v4relay-binding and relay/bindings/binding-state-v4relay-bound is not correct. PR1475248
When a DHCPv6 Relay-Agent is configured upon receipt of a specific DHCPv6 client message, remote code execution might occur. PR1461448
MPLS
The FPC might get stuck in the Ready state after applying a configuration change that removes the RSVP and triggers an FPC restart. PR1359087
Kernel crash and device restart might occur. PR1478806
The rpd process might crash during shutdown. PR1471191
On all the Junos OS platforms with BGP PIC configured, if committing some operations where RSVP ingress routes are affected, the rpd process might. PR1471281
When changing the protocol LDP preference, all the LDP adjacencies would be bounced, that results in all the LDP targeted sessions to flap. PR1459301
Pervious configured credibility preference is not considered by CSPF, even though the configuration is deleted or changed to prefer another protocol in TED. PR1460283
The device might use the local-computed path for the PCE-controlled LSPs after the link or node fails. PR1465902
RSVP LSPs might not come up in a scaled network with very high number of LSPs if NSR is used on a transit router. PR1476773
RPD utilizes full CPU load and generates core files on the backup Routing Engine. PR1479249
The traffic might be silently discarded after the LACP timeouts. PR1452866
High CPU utilization for the rpd process might be seen if RSVP is implemented. PR1490163
Platform and Infrastructure
With CNH enabled, the MPLS CoS rewrite does not work for 6PE traffic. PR1436872
JNH memory leak might be seen when the CFM session over the VPLS LSI interface or VT interface flaps. PR1468663
Cm errors alarms on certain MPC line cards are classified as major, which should be minor or nonfatal. If these errors are generated, it might lead to a bad hardware condition and then the Packet Forwarding Engine disable action might be triggered. PR1449427
When the REST service configuration is modified, (for example, the REST service is configured and then deleted for multiple times) the system might become unresponsive, even to the SSH and console. This issue has service impact. PR1461021
FPC might reboot with vmcore due to memory leak. PR1449664
In an EVPN-VXLAN scenario, sometimes host-generated packets are dropped as they hit reject route in the Packet Forwarding Engine. PR1451559
The MPC might drop packets after you enable the firewall fast lookup filter. PR1454257
The DDoS protection does not stop logging when remote tracing is enabled. PR1459605
Need to make the version-03 CLI configuration flag optional. PR1462186
On the MX204 device, GRE with sampling causes the following Packet Forwarding Engine error: MQSS(0): MALLOC: Underflow error during reference count read - Overflow 1, Underflow 1, HMCIF 0, Address 0x8d62e0 PR1463718
EVPN-VXLAN tpye-5 tunnel might not work properly on the MX Series routers. PR1466602
On the MX Series Virtual Chassis setup, the Layer 2 traffic over aggregated Ethernet interfaces sent from one member to another is corrupted. PR1467764
The switch might not be able to learn MAC address with dot1x and interface-mac-limit configured. PR1470424
Kernel crash (vmcore) or FPC crash is observed due to mbuf leak. PR1468183
Memory leaks in the Packet Forwarding Engine due to the flapping of the 802.1X authenticator port interface. PR1480706
Routing Policy and Firewall Filters
The rib-group might not process the exported route correctly. PR1450123
Routes resolution might be inconsistent if any route resolving over the multipath route. PR1453439
Routing Protocols
Route churn might be seen after changing the maximum-prefixes configuration from value A to value B. PR1423647
If the same neighbor is configured under different RIP groups, the commit check fails to capture this invalid configuration and commit can be done successfully. However, the rpd process crashes. PR1485009
High CPU utilization might be observed when the outgoing BGP updates are sent slowly. PR1487691
The rpd might crash after configuring independent-domain under the master routing-instance. PR1469317
The rpd process might crash with the BGP multipath and route withdrawing occasionally. PR1481589
The rpd process crash might be observed if the multipath BGP routes leak from one routing instance to another routing table. PR1437837
The CPU utilization on rpd spins at 100 percent after the same external BGP route is learned in different VRF tables. PR1442902
The rpd might crash with SRTE configuration change. PR1442952
The rpd might crash after configuring the OSPF NSSA area-range and summaries. PR1444728
The BGP routes might fail to be installed in the routing instance if the from next-hop policy match condition is used in the VRF import policy. PR1449458
TI-LFA backup paths for adjacency SIDs is broken in OSPF. PR1452118
SSH login might fail if a user account exists in both local database and RADIUS or TACACS+. PR1454177
The rpd scheduler slip for BGP GR might be up to 120 seconds after the peer goes down. PR1454198
MoFRR with MLDP inband signal does not work. PR1454199
The rpd memory might leak in a certain MSDP scenario. PR1454244
The rpd process might crash when multipath is in use. PR1454951
Prefix SID conflict might be observed in an IS-IS setup. PR1455994
The rpd might crash when the OSPF router ID gets changed for NSSA with area-range configured. PR1459080
The rpd memory leak might be observed on the backup Routing Engine due to BGP flap. PR1459384
The rpd scheduler slips might be seen on an RPKI route validation-enabled BGP peering router in a scaled setup. PR1461602
Install all possible next hops for OSPF network LSAs. PR1463535
The IS-IS IPv6 routes might flap when there is an unrelated commit under the protocol configuration. PR1463650
BGP peers might flap if the parameter of hold-time sets is small. PR1466709
The BFD client session might flap when you remove the BFD configuration from the peer end (from other vendor) of the BFD session. PR1470603
The rpd might crash when both the instance-import and instance-export policies contain the as-path-prepend action. PR1471968
The rpd process might crash with BGP multipath and damping configured. PR1472671
Removing a cluster from a BGP group might cause prolonged convergence time. PR1473351
With IS-IS configured and in a very rare case, memory corruption might occur that might cause the rpd process to crash continuously. PR1455432
The rpd leaks RPD memory in RT_NEXTHOPS_TEMPLATE. PR1463112
The rpd process crashes due to specific BGP update packets. PR1481641
The rpd process might be crashed after the BGP peer flaps. PR1482551
Services Applications
The jl2tpd process might crash during the restart procedure. PR1461335
MX Series L2TP fails to forward the agentCircuitId and agentRemoteId AVP toward the LNS. PR1472775
The kmd might crash due to an incorrect IKE SA establishment after the remote peer's NAT mapping address is changed. PR1477181
Subscriber Access Management
DHCPv6 subscribers might get stuck in a state after the authd process crashes. PR1460578
The subscriber address allocation might fail after deleting the pool link in the middle of the chain. PR1465253
No volume attribute is in the Accounting Stop for Service session when the Activated Services session is configured. PR1470434
The subinterfaces might be missing in the NAS port ID. PR1472045
The authd might crash after ISSU from releases before Junos OS Release 18.3 to releases after Junos OS Release 18.4. PR1473159
Some address-relevant fields are missing when you execute the test aaa ppp command. PR1474180
The CoA request might not be processed if it includes the proxy-state attribute. PR1479697
The mac-address CLI option are not hidden under the access profile radius options calling-station-id-format statement. PR1480119
NAS-Port-ID includes sub-interface in the Radius messages for the aggregated Ethernet interface. PR1484351
VPNs
The P1 configuration delete message is not sent on loading the baseline configuration if there has been a prior change in the VPN configuration. PR1432434
The Layer 2 circuit connections might get stuck in the OL state after changing the Layer 2 circuit community and flapping the primary LSP path. PR1464194
The rpd process might crash due to memory leak in the MVPN RPF Src PE block. PR1460625
The rpd process generates core file at
rtbit_resetandrte_tgtexport_rth. PR1379621In an MVPN scenario with ingress replication selective provider tunnel used, if the link-protection command is added or deleted from the LSP for MVPN, the rpd process might crash. PR1469028
Resolved Issues: 19.1R2
Class of Service (CoS)
Traffic drop occurs when deleting MPLS family or disabling interface that has non-default EXP rewrite-rules. PR1408817
The host-inbound packets might be dropped if configuring host-outbound FC. PR1428144
The dfwd crash can be seen with forwarding-class configuration in policers. PR1436894
EVPN
The RA packets may be sent out without using the configured virtual gateway address. PR1384574
[EVPN/VXLAN] VTEP tunnel doesn't get deleted when EVPN peer goes down. PR1390965
The process rpd crash might be observed with EVPN type-3 route. churn PR1394803
Traffic drop might be seen when the core-facing link comes up in EVPN-VXLAN scenario. PR1408840
The next hop is not cleaned up properly when one of the multihomed CE-PE links goes down. PR1412051
EVPN-MPLS Single Active: [EVPN/7] /32 host route always appears on non-default PE device if CNH is ON, remote-ip-host-routes has no effect PR1419466
Rpd crash occurs on backup Routing-Engine after you enable nonstop-routing with EVPN. PR1425687
The device might proxy the ARP Probe packets in an EVPN environment PR1427109
The CE interface IP address is missed in mac-ip-table of the EVPN database PR1428581
Incorrect MAC count is seen with show evpn/bridge statistics. PR1432293
Stale MAC addresses are present in the bridge mac-table in EVPN/MPLS scenario. PR1432702
Asynchronous state between ARP table and Ethernet switching table happens if EVPN ESI link flaps multiple times PR1435306
IRB logical interface is not up when local L2 member is down and IM NH is present. PR1436207
Configuring ESI on a single-homed 25G port might not work PR1438227
The specific source-ports of UDP packet are dropped on EVPN/VXLAN setup PR1441047
Restarting l2-learning might cause some remote MAC addresses to move into forwarding dead state. PR1441565
Traffic drop might be seen in EVPN Layer 3 gateway scenario. PR1442319
The core-isolation feature does not work after you set or delete the no-core-isolation command on MX Series Devices. PR1442973
The EVPN type 2 routes might not be advertised properly in logical systems. PR1443798
The localhost address is missing from the EVPN database and mac-ip-table PR1443933
The bridge mac-table age timer does not expire for rbeb interfaces. PR1453203
Instance type is changed from VPLS to EVPN and this results in packet loss PR1455973
Delay factor might send back ARP request/NS to local segment under EVPN-ETREE leaf role conditions. PR1459830
In EVPN scenario memory Leak might be observed when proxy-macip-advertisement is configured. PR1461677
Traffic received from vtep gets dropped if the VNI value used for type-5 routes is greater than 65535. PR1461860
Forwarding and Sampling
In some later releases firewall filter action decapsulate gre cannot decapsulate IP-over-IP and IPv6-over-IP traffic. PR1398888
The SRRD might crash when memory corruption occurs. PR1414568
EVPN enhancement for MAC flush mechanism is needed in Junos OS. PR1421018
Junos 19.1: Firewall filter and policers not working correctly. PR1424183
rt-delay-threshold can be set below 1 second - but rt-marker-interval is limited to 1 second. PR1425544
The device is in amnesiac mode after ISSU with mgd: error: configuration check-out failed error generated. PR1432664
Enable interface with input/output vlan-maps to be added to a routing instance configured with a vlan-id/vlan-tags (instance type virtual-switch/vpls) PR1433542
The high CPU utilization of l2ald is seen after replacing EVPN configuration. PR1446568
[MX204] input/output counters of AE bundle/member links configured on non-default logical systems are not updated. PR1446762
ARP packets are getting dropped by Packet Forwarding Engine after you restart chassis-control in MX Series devices. PR1450928
Commit error and dfwd core files might be observed when applying a firewall filter with action then traffic-class or then dscp. PR1452435
General Routing
MX Series Virtual Chassis: suboptimal aggregate Ethernet load balancing occurs when an Aggregate Ethernet bundle is part of an ECMP path. PR1255542
BGP IPv4 PIC: Packet Forwarding Engine selector gets stuck in rerouted state on unilist next hop after primary AE link is activated or deactivated. PR1354786
Traffic might be blocked on MX Series device with MS-MPC/MS-MIC. PR1358019
Interface with Tri Rate Copper SFP(P/N:740-01311) in "MIC 3D 20x 1GE(LAN)-E,SFP" will stop forwarding traffic after ISSU upgrade. PR1379398
FPC errors might be seen in subscriber scenario. PR1380566
The unicast traffic from IRB interface toward LSI might be dropped due to Packet Forwarding Engine mismatching at egress processing. PR1381580
Interface filter statistics are not showing the input packet count/rejects, and show pfe statistics traffic does not report any normal discard. PR1383579
Subscriber connection setup is 30 percent lower than expected. PR1384722
The rpd process might end up with a stuck krt queue in VRF scenario. PR1386475
Migrate from syslog API to Errmsg API - VMhost messages seen in Junos OS. PR1387099
BBE SMGD generates core files if MTU is changed while subscribers are logged in on the physical interface. PR1389611
The high-cos-queue-threshold range is changed [uint 0 .. 90;]. PR1390424
The BNG might not respond with PADO and create any demux interface when PPPoE PADI packet is received. PR1390989
FPC might reboot on VMX in subscriber scenario. PR1393660
The FPC cards might not come up while performing ISSU on MX10003. PR1393940
IDS aggregate configuration command should not be considered for the installation of the IDS dynamic filter. PR1395316
Layer 3 gateway did not update ARP entries if IP or MAC addresses quickly move from one router to another router in EVPN-VXLAN environment PR1395685
VMHost RE 0 Secure BIOS Version Mismatch and VMHost RE 1 Secure Boot Disabled alarms are seen. PR1397030
The service PIC might crash while changing CGNAT mode. PR1397294
The PPPoE subscribers are unable to reconnect after FPC reboot. PR1397628
Confirmation message is missing when issuing request vmhost reboot re. PR1397912
The CLI command show system firmware gets hidden on MX Series platforms. PR1398022
The DHCPv6 relay-reply packet might be dropped by the DHCP relay. PR1399683
The na-grpcd log file is not rotated and keeps growing until Routing Engine is out of disk space. PR1401817
Continuous kernel crashes might be observed in backup Routing Engine or Virtual Chassis backup router. PR1404038
With MS-MPC and MS-MIC service cards SYSLOG messages for port block interim might show 0.0.0.0 for the private IP addresses and PBA release messages might show IP that has undergone NAT as the private IP. PR1404089
Incorrect display of assigned prefixes to a subscriber in the output of show interface < dynamic demux interface>. PR1404369
Voltage read failed for rail LTC3887-EA1-VDD0V9R2-CH0. PR1405787
FPC crash might be seen when adding a leg to an AE bundle or FPC restarts in subscriber scenario. PR1405876
The FPC crash might be observed in MS-MPC high availability environment. PR1405917
The rpd might crash due to a race condition with the combination of community actions done at both a BGP import policy and a forwarding-table policy PR1406357
Change the default parameters for resource-monitor rtt-parameters. PR1407021
FPC might crash during the subscriber-related stress tests. PR1407285
The rpd might crash when a commit check is executed on LDP trace options filtering. PR1407367
FPC crash and slow convergence upon HMC Fatal error condition when inline J-Flow is used. PR1407506
Openconfig-network-instance:network-instances support for IS-IS must be hidden unless supported. PR1408151
The ToS/DSCP and TTL fields might not be copied into the outer IP header in Group VPN scenario. PR1408168
The misconfiguration of dynamic profile might cause the login issues of the subsequent subscribers. PR1409398
MX-MPC2-3D-EQ and MPC-3D-16XGE-SFPP will now show "Exhaust A" temperature, rather than Intake temperature. PR1409406
The CPU might be hogged by jsd process in JET scenario PR1409639
Nonexistent subscribers might appear in show system resource-monitor subscribers-limit chassis extensive output. PR1409767
Packets might be dropped if the traffic is forwarded through an LT interface. PR1410970
Slow SNMP on entityMIB during subscribers load test. PR1411062
A steady increase of the Packet Forwarding Engine heap memory utilization might happen when PPPoE subscribers are flapping. PR1411389
Parity error might cause FPC alarm. PR1411610
The file copy command might not work if the routing-instance option is not specified. PR1412033
The spfe on satellite device in Junos fusion setup might crash and it could cause the satellite device to get offline. PR1412279
Junos OS PCC might reject PCUpdate/PCCreate message if there is a metric type other than type 2. PR1412659
PPPoE subscribers might not be able to log in after unified ISSU. PR1413004
The rpd memory leak might be seen due to the incorrect processing of a transient event. PR1413224
Need to reduce max flow table size when using flex-flow-sizing. PR1413513
DHCP subscribers over HAG can result in core file generation. PR1413862
The services load balance might not be effective for AMS if the hash key under the forwarding-options hierarchy is configured. PR1414109
FPC crash might be observed if it reaches heap utilization limit. PR1414145
DHCP/DHCPv6 subscribers might fail to establish sessions on PowerPC based MX Series platforms. PR1414333
Anomaly in LED behavior occurs after rebooting the directly connected device. PR1414532
NPC might not apply configured resource-monitor thresholds after NPC. restart PR1414650
Firewall filters are not getting programmed into Packet Forwarding Engine.PR1414706
The user might not enter configure mode because of mgd is in lockf status. PR1415042
ICMP MTU exceeded error generated from Packet Forwarding Engine does not reach the expected source. PR1415130
Port speed change and scaled AE configuration can lead to MQSS errors and subsequent card crash. PR1415183
MTU issue might cause PS interface to flap during dcd restart or GRES switchover PR1415207
PCE-initiated LSPs get deleted because of incorrect timer timeout. PR1415224
The IRB interface might flap after committing a configuration change on any interface PR1415284
Jdhcpd core files is observed after the active lease-query configurations are deleted. PR1415990
BMP type 1 message with extra 24 bytes occurs at end of the message. PR1416301
Some IPsec tunnels might fail to pass traffic after GRES on MX Series platform. PR1417170
The ECMP fast reroute protection feature might not work on MX5, MX10, MX40, MX80, and MX104. PR1417186
The IPv6 neighbor might become unreachable after the primary link goes down in VPLS multihoming scenario PR1417209
An IPv4 packet with a zero checksum might not be translated to IPv6 packet properly in a NAT64 scenario. PR1417215
An invalid XML reply containing a duplicate tag might be seen when requesting get-arp-table-information through NETCONF. PR1417269
The JSU package installation might fail. PR1417345
Some subscribers might be offline when doing GRES or daemon restart PR1417574
Zero tunnel statistics are shown for the soft-gre tunnel. PR1417666
The BGP session might flap after Routing Engine switchover. PR1417966
CGNAT with MS-MPC card doesn't account for AP-P out of port errors or generate a syslog message when this condition is met PR1418128
There is no SNMP trap message generated for jnxHardDiskMissing/jnxHardDiskFailed on Summit MX PR1418461
Adding two or more ps interfaces might cause traffic drop in l2circuit scenario PR1418610
The lsp-cleanup-timer is not being honored when it is configured to be greater than 2,147,483,647. PR1418937
The PPPoE negotiation of subscriber connection might fail when 65535 is assigned as session-id PR1418960
RX alarms are not set as according to the threshold value configured for the DCO Tunable Optics. PR1419204
A PPP session under negotiation might be terminated if another PPPoE client bears the same session ID. PR1419500
CPU usage on service PIC might spike while forming an IPsec tunnel in a DEP/NAT-T scenario. PR1419541
A new tunnel could not be established after changing the NAT mapping IP address until the IPsec SA clear command is run. PR1419542
The message rtsock_peer_unconsumed_obj_free_int: unable to remove node from list is logged extensively. PR1419647
bbe-mibd memory leak causes the daemon to crash during live subscribers and SNMP OIDs query. PR1419756
The IPsec tunnel might get down when the platforms running Junos OS and the peer both act as the initiator and try to bring an IPsec tunnel up at the same time. PR1420293
The show chassis power output status doesn't seem right and there are also similar error messages in the syslog after you turn power off or on. PR1420571
SPC3 Storage and hard disc error log messages. PR1420800
PTP phase is aligned but TE and cTE are not good. PR1420809
The FPC CPU might be hogged if channelized interfaces are configured. PR1420983
MX LNS might fail to forward the traffic on the subscriber access route. PR1421314
Failed to reload keyadmin database for
/var/etc/keyadmin.conf. PR1421539Bbemg_smgd_lock_cli_instance_db should not be logged as error messages. PR1421589
VCP port reports MTU value 9152 in the ICMP MTU exceeded message while the VCP port MTU is set to 9148. PR1421629
The ps access interface is not marked as ccc down on standby/nondesignated PE devices.PR1421648
After a control plane event, a few ipsec tunnels failed to send traffic through the tunnel. PR1421843
RPM syslogs are not getting generated after deactivating aggregate interface. PR1421934
The changed value of remote-gateway does not take effect when the router acts as an initiator of IPsec-VPN tunnel. PR1421977
RSI bloat occurs due to vmhost-based log collection. PR1422354
Packet Forwarding Engine wedge might be observed after performing the command show forwarding-options load-balance .... PR1422464
The XML output might be not hierarchically structured if you issue the show security group-vpn member ipsec statistics command. PR1422496
The CoS iEEE-802.1 classifier might not get applied when it is configured with service activation on underlying-interface PR1422542
Incorrect burst-size is seen when the traffic-control-profile is applied to a ps (or pseudowire) interface. This causes unexpected behavior and the queues are not able to process the expected traffic. PR1422549
The allocation of MAC address might fall out of the MAC address pool on MX204 platform PR1422679
SFP-T/SX/LX is not working with QSA adapter in on MX10003. PR1422808
The show system subscriber-management summary command should include a failure reason for standby disconnect when primary and backup Routing Engine memories mismatch. PR1422976
A stuck lock in shared memory might prevent subscribers from logging in again after deamon crash. PR1424607
Incorrect PIC mode on MX204 MX1RU when PIC mode is changed to default mode. PR1423215
While committing a huge configuration customer is seeing the error error: mustd trace init failed. PR1423229
The set forwarding-options enhanced-hash-key symmetric is not effective on MX10003. PR1423288
IP packet drop might be seen in Layer 2 circuit scenario. PR1423628
Traffic is dropped after FPC reboot with AE member links deactivated by remote device. PR1423707
MPC10E-15C-MRATE: crash seen at
Ktree alloc ( jnh_dfw_instance_add (filter_index=< optimized out>) at ../../../../../src/pfe/common/applications/dfw/dfw_iff.c:1030with inline and scale prefix filter. PR1423709On MX204 Optics ’SFP-1GE-FE-E-T’ I2C read errors are seen when an SFP-T is inserted into a disabled state port. PR1423858
A PTP asymmetry change needs PTP bouncing. PR1423860
The bbe-smgd process might crash after executing the command show system subscriber-management route prefix <>. PR1424054
The port configured for 1-Gbps speed flaps after Routing Engine switchover. PR1424120
The interface configured with 1G speed on JNP10K-LC2101 cannot come up PR1424125
The system does not reboot , even though disk-failure-action reboot or disk-failure-action halt is configured. PR1424187
Continuous disk error logs appear on VCP virtual console (requesting switchover due to disk failure on ada1). PR1424771
The rpd keeps crashing after changing configuration PR1424819
The jdhcpd might consume 100 percent CPU and crash if dhcp-security is configured. PR1425206
Interface with FEC disabled might flap after Routing Engine mastership switchover. PR1425211
The rpd will crash continuously if MD5 authentication on any protocols is used along with master-password PR1425231
Soft GRE tunnel route is lost after reboot/GRES or upgrade in WAG scenario PR1425237
The mspmand process might crash and restart with a mspmand core file created after doing a commit change to deactivate and activate service-set PR1425405
The following log message is seen continuously on MX204 router: fru_is_present: out of range slot 0 for. PR1425411
Getting Unisphere-UpStream-Calc-Rate as 0 while verifying L2BSA RADIUS accounting stop packets after performing GRES. PR1425512
All interfaces creation failed after NSSU. PR1425716
MPC reboot or Routing Engine mastership switchover might occur on MX204/MX10003. PR1426120
Logical Interfaces Targeting: 18,000 phantom distributed interfaces are displayed for AE interface with the targeted distribution enabled on it, when there are no active subscribers. PR1426157
Interfaces might go come to down after device reboots. PR1426349
PEMs lose DC output power load sharing after PEM switch off and on operation on MX Series platforms. PR1426350
Some CFM and BFD sessions might flap while collecting MPLS statistics PR1426727
The show lldp neighbors interface command does not display all interface information. PR1426793
The decoding of telemetry data at collector might not be correct if you configure. PR1426871
Traffic loss might be seen when multiple IPsec tunnels are established with the remote peer. PR1426975
Traffic might not flow through MACsec interface even after an unsupported cipher-suite is removed. PR1427294
ENTITY MIB has incorrect containedIn values for some fixed MPCs with built-in PICs. PR1427305
Rebooting or halting Virtual Chassis member might cause 30 seconds of down time on RTG link. PR1427500
When broadband edge PPPoE and DHCP subscribers coming up over Junos fusion satellite ports are active, commit full and commit synchornization full commands fail. PR1427647
When installing YANG package without proxy-xml command, the CLI environment might not work well. PR1427726
The subscriber IP route might got stuck in bbe-smgd if the subscriber IP address is the same as the local IP address. PR1428428
In correct display of MAC/MAC+IP and count values occurs, after setting global-mac-limit and global-mac-ip-limit. PR1428572
The PTSP subscribers are stuck in the configured state after being rejected by the RADIUS server. PR1428688
Incorrect IGMP statistics are seen for dynamic PPP interfaces. PR1428822
Fabric drops might be seen on MX10003 platform when two FPCs come online together. PR1428854
Incorrect IGMP interface counter for dynamic PPP interfaces. PR1429018
The emitted XML is INVALID error is thrown for show virtual-network-functions. PR1429090
L2TP subscriber and MPLS pseudowire subscriber volume accounting statistics value remains unchanged post unified ISSU. PR1429692
Extra incorrect MAC move might be seen when the host moves continuously between the different ESIs. PR1429821
The AE interface does not come up after rebooting the FPC/device even though the physical member link is up. PR1429917
Configuration is prevented from being applied on MX Series device in subscriber scenario. PR1430360
Performance degradation for about 20 seconds occurs after the fabric board on MX10008/100016 is taken offline. PR1430739
Disabling DAC QSFP port might not work on MX204/10003 or EX9251. PR1430921
Inline LSQ might not work when it is configured on the same FPC where MIC-3D-16CHE1-T1 is slotted. PR1431069
Error might be observed when using a script to load configuration. PR1431198
The destination unreachable counter was counting up without receiving traffic. PR1431384
During the stress tests, bbe-smgd process might crash on backup Routing Engine when performing GRES. PR1431455
The bbe-smgd might crash if subscribers are trying to log in or out while a configuration commit is occurring at the same time. PR1431459
Subscribers coming from new physical interfaces might not log in in due to 512 entries limit in the subscriber-limit table PR1431566
SIB Link Error detected on a specific Packet Forwarding Engine might cause complete service impact. PR1431592
Allow installation of three identical framed routes in the same routing-instance. PR1431891
MX10003 - A PEM not present alarm is raised when the minimum required PEM exists in the system. PR1431926
Dual stack subscriber accounting statistics are not baselined when one stack logs out. PR1432163
Traffic might be sent on the standby link of AE bundle and get lost with LACP fast-failover enabled PR1432449
Change to in-use parameterized filter prefix-list could result in bbe-smgd core file on the backup Routing Engine. PR1432655
Traffic will be dropped if sa-multicast is in the configuration. PR1433306
RSI and RSI brief should not include show route forwarding-table when Tomcat enabled. PR1433440
Collected service statistics are all zero after ISSU for MPC2. PR1433589
Lawful intercept for subscriber traffic is not programmed in Packet Forwarding Engine if it's activated by Access-Accept. PR1433911
URL case-sensitivity support is needed. PR1434004
Incorrect PLUGGABLE ID 17 on MX10003-LC2103. PR1434183
RPD generates a core file during the route flash when the policy is removed. PR1434243
The repd process might crash after booting first time with a newly installed Junos release. PR1434363
Packet Forwarding Engine memory leak might be seen if MLPPP links are flapped. PR1434980
MicroBFD 3x100ms flap upon inserting a QSFP to other port. PR1435221
DHCPv6 advertise to client might use incorrect destination MAC address. PR1435694
Total number of packets mirrored, after DTCP trigger add and DTCP enable, is not in the expected range while verifying traffic on mirror port after DTCP drop policy enable. PR1435736
MPC7/8/9/MX10003 MPC/EX9200-12QS/EX9200-40XS line card might crash in a scaling setup. PR1435744
The mc-ae interface might get stuck in waiting state in dual mc-ae scenario. PR1435874
The local route in the secondary routing table that gets stuck in the KRT. PR1436080
ifHCInOctets counter on AE interface going to zero value when SNMP MIB walk is executed. PR1436201
A few static PPP subscribers get stuck in initialization state permanently and the following error message is seen Failed to create client session, err=SDB data corrupted. PR1436350
Subscriber interim statistics might be reset to zero in MX Series Virtual Chassis setup after GRES. PR1436419
Router is not reachable after downgrade from Junos OS Release 18.2-20190513.0 to 18.2R2.6. PR1436832
MPC10E-15C-MRATE: Micro BFD sessions do not come up in centralized mode. PR1436937
Schema XSDs are missing objects/commands in Junos OS Release 19.1R1. PR1437469
The CPU utilization on a daemon might remain around 100 percent or the backup Routing Engine might crash in race conditions. PR1437762
LNS router might send the router-advertisement packet with NULL source link-layer option field. PR1437847
The chassisd might crash after enabling hash-key. PR1437855
(seen only on legacy image) Unified ISSU is failing from Junos OS Release 19.1R1 legacy images. PR1438144
Subscriber flows might not be synchronized between AE members on MX Series Virtual Chassis platforms. PR1438621
CGNAT logs are not received by the syslog server over TCP-based-syslog when data traffic is sent at 10000 sessions/second. PR1438928
Command show jdaf service cmd statistics / clients is not available on Evolved. PR1439118
FPC on Virtual Chassis backup router might reboot in MX Series Virtual Chassis scenario. PR1439170
The vlan all interface all combination is not working as expected under VSTP. PR1439583
The bbe-smgd core files are generated after restart. PR1439905
CoS related errors are seen and subscribers could not get service. PR1440381
CPU might hang or interface might be stuck down on particular 100G port on MX, EX, and PTX. PR1440526
FPC may stuck in 100% CPU utilization due to continuous work of bulk manager thread. PR1440676
DHCP offer packets towards IRB over LT interface getting dropped in DHCP relay environment. PR1440696
The Layer 2 dynamic VLAN might be missed when an interface is added or removed for an ae interface. PR1440872
For a route received through EBGP the AIGP value might not be considered as expected. PR1441438
LINX: SNMP trap comes twice for FRU removal in MX10000- one trap with FRU nameas FPC: JNP10K-LC2101 and second with FRU name as FPC @ 1/*/*.PR1441857
The packets originating from the IRB interface might be dropped in VPLS scenario. PR1442121
The chassisd is unable to power off a faulty FPC after Routing Engine switchover which leading to chassisd restart loop. PR1442138
The operational status of the interface in hardware and software might be out of synchronization in EVPN setup with arp-proxy feature enabled. PR1442310
In "enhanced-ip" or "enhanced-ethernet" mode with DCU (destination-class-usage) accounting enabled, MS-DPC might drop all traffic that should egress through ae interface. PR1442527
EVENT UpDown interface logs are partially collected in syslog messages. PR1442542
Different formats of the B4 addresses might be observed in the SERVICES_PORT_BLOCK_ALLOC/RELEASE/ACTIVE log messages. PR1442552
A few Path Computation Element Protocol (PCEP) logs are marked as ERROR even though they are not. Now severity of those logs are corrected as INFO. PR1442598
DHCPv6 Client might fail to get an IP address. PR1442867
The bbe-smgd might crash on MX Series platforms. PR1443109
The kmd process might crash and restart with a kmd core file created if IP of NAT mapping address for IPsec-VPN remote peer is changed. PR1444183
MX204: Larger than MTU packets of GRE data get dropped when sampling is enabled on the egress interface. PR1444186
High CPU utilization might be observed for eventd along with error logs. PR1444462
Inline-keepalive might stop working for LNS subscribers if the routing-services command is enabled. PR1444696
Access route might stuck in bbe-smgd and RPD not cleared. PR1445155
The CPCDD process continuously generates core files and the process stops, in ServicesMgr::ServicesManager::cpcddSmdInterface::processInputMsg. PR1445382
ECMP-FRR might not work for BGP multipath ECMP routes. PR1445391
Detached LACP member link gets LACP State as enabled in Packet Forwarding Engine when switchover because of device reboot. PR1445428
The 1G interface on MX204 might stay down after the device is rebooted. PR1445508
The l2ald might crash when FPC is restarted. PR1445720
The mspmand process might crash if URL filtering is configured and one blacklisted domain name is a sub-string of another blacklisted domain name in URL filter database file. PR1445751
The process jdhcpd might crash after issuing the show access-security router-advertisement-guard command. PR1446034
The static route for NAT might never come up if switchover the service interface which has NAT and GR configuration. PR1446267
Accurate statistics might not include packets forwarded during the last two seconds before subscriber termination. PR1446546
NAT service-set in certain scale might fail to get programmed. PR1446931
CST: ISSU:core-RMPC3.gz.core.0 is seen and ISSU-failure seen for MPC5. PR1446993
The jflow version 5 stops working after changing "input rate" value. PR1446996
The no-control-word creates a traffic black hole when used with Redundant LT (or rlt interface) for PWHT (or ps0 interface). PR1447917
The rpd process might crash if BGP is activated/deactivated multiple times. PR1448325
DCD CPU spike is seen after a Junos upgrade from Junos OS Release 14.2 to 16.1. PR1448858
PR-1444575-fix-test: FPC rebooted during off-lining PIC-0. PR1449067
The DHCP relay feature might not work as expected with helpers bootp configured. PR1449201
Increase in the maximum value of delegation-cleanup-timeout. PR1449468
Need to provide more meaningful error message, while doing commit on JDM without exchanging the SSH keys. PR1449871
No localhost ifl for rtt 65535 can be seen on MX Series running junos enhanced subscriber management feature. PR1450057
Interfaces might flap forever after deleting the interface disable configuration. PR1450263
VLAN configuration change with l2ald restart might cause Kernel sync issues and impact forwarding. PR1450832
Configuring a new burst-size under traffic-control-profile is not taking effect. PR1451033
IPSec[SNMP]: Snmp query for IPSec Decrypted/Encrypted packets does not fetch right values; observing KMD_SNMP_FATAL_ERROR. PR1451324
RMPC core files are found found after configuration changes done on the network for PTP/Clock Synchronization. PR1451950
MX10003: MACsec framing errors are seen when ever sequence number exceed 2 power 32 with XPN (Extended Packet Numbering). PR1452851
PTP might go out of sync due to l2ald hwdb access failure. PR1453531
Alarm was not sent to syslog on MX10003 platform. PR1453533
ANCP subscriber information is lost after daemon restart. PR1453837
The FPC might crash when the severity of error is modified. PR1453871
Radius Interim accounting statistics are not populated on the MX204. PR1454541
The access request for L2BSA port up may not be retransmitted if the radius server used to be unreachable. PR1454975
JNS/GNF: CRAFTD syslogs fatal errors along with junk characters upon its startup and exits after four startup attempts. PR1454985
Device chooses incorrect source address for locally originated IPv6 packets in routing-instance when destination address is reachable through static route with next-table command. PR1455893
There is high temperature from show chassis environment output after MPC4E insert to slot 5. PR1456457
The CLI command with invoke-on" and display xml rpc results in unexpected multiple RPC commands. PR1456578
Default value of 2^32 replay-window size results in framing errors at an average of one in 2^32 frames received. PR1457555
The chassisd process and all FPCs might restart after Routing Engine switchover. PR1457657
The subscriber routes are not cleared from backup Routing Engine when session is aborted. PR1458369
Subscribers unable to login due to NACK from MCAST after 2million + mcast subscribers log in. PR1458419
The error messages with create_pseudos: unable to create interface device for pip0 (File exists) might be seen after restarting chassisd. PR1459373
Incomplete output of show ancp subscriber access-aggregation-circuit-id < access aggregation circuit ID>. PR1459386
Telemetry streaming of mandatory TLV 'ttl' learnt from LLDP neighbor is missing. PR1459441
FDB is not flushing cause silent drop in traffic in ethernet ring scenario. PR1459446
In MC-LAG scenario traffic destined to VRRP virtual MAC gets dropped. PR1459692
AUTO-CORE-PR :CPCDD core found @ ServicesMgr::ServicesManager::cpcddSmdInterface::processServiceNotifyMsg ,SmdInterface::cbStateSyncServiceNotifyMsgHandler ,statesync_consumer_poll_new_state_cb. PR1459904
The PPTP does not work with destination NAT. PR1460027
repd core file is seen during system boot up. PR1461796
The BBE statistics collection and management process, bbe-statsd memory issue on backup Routing Engine. PR1461821
The CHASSISD_SNMP_TRAP6: SNMP trap generated: Power Supply failed when both DIP switches and power switch are turned off. PR1462065
The MPC2E-NG/MPC3E-NG card with specific MIC might crash after a high rate of interface flaps. PR1463859
The PPPoE session gets in the Terminated state and the accounting stop for the session which is delayed. PR1464804
MPC5E or MPC6E line cards might crash due to internal thread overusing the CPU. PR1464820
Infrastructure
SNMP OID IFOutDiscards are not updated when drops increasing. PR1411303
The traffic to the NLB server might not be forwarded if the NLB cluster works on multicast mode. PR1411549
Junos OS: MX Series: An MPC10 Denial of Service (DoS) due to OSPF states transitioning to Down, causes traffic to stop forwarding through the device. PR1418955
Increase in Junos OS image size for Junos OS Release 19.1R1. PR1423139
The duplex status of management interface might not be updated in the output of show command. PR1427233
The operations on console might not work if the statement system ports console log-out-on-disconnect is configured. PR1433224
Interfaces and Chassis
Changing the value of mac-table-size to default might lead all FPC to reboot. PR1386768
NPC crash @rt_nh_install (rnh=0x618123d8, rnh_src=0x0, rt=< optimized out>, p_rtt=0x74f886c0) at ../../../../src/pfe/common/pfe-arch/trinity/applications/route/rt_nh.c:631. PR1396540
Missing mandatory ICCP configuration statement redundancy-group-id-list produces misleading error message. PR1402606
Unrelated ae interfaces might go down if committing configuration changes. PR1409535
MX Virtual Chassis unified ISSU is not supported when Redundant LT (RLT) is configured. PR1411729
Family inet of the unnumbered interface might be getting deleted when deleting one of the IPs of the binding interface. PR1412534
Inline Periodic packet management (PPM) adjacency (rx) session might be programmed with the incorrect packet template. PR1417707
Monitor ethernet loss-measurement command returns Invalid ETH-LM request for unsupported outgoing IFL. PR1420514
Invalid speed value on an interface might cause other interface configuration loss. PR1421857
Syslog message : /kernel: %KERN-3: pointchange for flag 04000000 not supported on IFD aex upon LFM related configuration commit on ae interfaces. PR1423586
The demux interfaces will be down after changing the MTU of the underlying et interface. PR1424770
The cfmd might crash on DPCE. PR1424912
The IFLs in EVPN routing instances might flap after committing configurations. PR1425339
The statement flexible-queuing-mode is not working on FPCs of Virtual Chassis member 1. PR1425414
Upgrade from pre Junos OS Release 17.4R1 release results in cfmd core files. PR1425804
CFM message is flooding. PR1427868
The vrrpd process might crash after deleting VRRP sessions for several times. PR1429906
The NCP session might be brought down after IPCP Configure-Reject is sent. PR1431038
VRRP mastership might flap when the tracked route is deleted or the tracked interface goes down. PR1432361
jppd No termination Ack for a LACP Termination request RFC 1661. PR1433489
Discrepancy of bytes and packets count in Routing Engine CLI for traffic and transit stats for ZT. PR1435416
Mixed link-speed ae bundle could not add new sub-interface successfully. PR1437929
Targeted-distribution for static demux interface over aggregate ether interface does not take correct lacp link status into consideration when choosing primary and backup links. PR1439257
The cfmd process might crash after a restart on Junos OS Release 17.1R1 and above. PR1443353
Enhancement of add or delete a single VLAN in vlan-id-list under interface family bridge. PR1443536
The OAM CCM messages are sent with a single tagged VLAN even when configuring with two VLANs. PR1445926
MX Series Virtual Chassis on MX10003: Unable to connect to newly installed Routing Engine from other Routing Engine's in MX Series Virtual Chassis. PR1446418
Initiating a Routing Engine switchover on VRRP backup router through a CLI command might cause VRRP state for ae bundle interfaces transitions to 'Master' state even configured with protocols vrrp delegate-processing ae-irb statement, then very shortly afterward to backup again. PR1447028
L2ALD failed to update composite NH. PR1447693
The ifinfo daemon might crash on the execution of show interface extensive command. PR1448090
While master Routing Engine failure and system switches to backup Routing Engine, some VRRP sessions ppm transmissions state might be stuck in Distributed: AWAITING.PR1450652
LACP daemon crashed continuously. PR1450978
[PDT][CFM] CUC-1751: Some CFM UP MEP sessions do not come up in scaled scenarios over Layer2VPN circuits on Lag interfaces. PR1454187
The VRRP traffic loss is longer than one second for some backup groups after performing GRES. PR1454895
Mismatched MTU value causes the RLT interface to flap. PR1457460
J-Web
Some error messages might be seen when using J-Web. PR1446081
Junos fusion for provider edge
Incorrect power values for extended optical ports. PR1412781
The sdpd process might continuously crash if there are more than 12 cascade-ports configured to a satellite device. PR1437387
The aggregated Ethernet interface might flap whenever a new logical interface is added to it. PR1441869
Layer 2 Features
VPLS : LSI interface are not created and remote MACs are not learned with RPD_KRT_Q_RETRIES: ifl iff add: Device busy. PR1295664
QinQ might be malfunctioning if vlan-id-lists are configured. PR1395312
The rpd crashes after iw0 interface is configured under a VPLS instance. PR1406472
Traffic loss might be seen over LDP-VPLS scenario. PR1415522
Broadcast traffics might be discarded in a VPLS local-switching scenario. PR1416228
Commit error will be seen but the commit is processed if adding more than o. PR1420082
VPLS neighbors might stay in down state after configuration changes in vlan-id. PR1428862
After disabling and enabling the aggregate interface, the next-hop of CE facing aggregate interface might be in an incorrect state. PR1436714
Layer 2 Ethernet Services
LACP PDU might be looped towards peer MC-LAG nodes. PR1379022
On EVPN setups, incorrect destination MAC addresses starting with 45 might show up when using the show arp hostname command. PR1392575
Junos OS: MX Series: jdhcpd crash when receiving a specific crafted DHCP response message (CVE-2019-0063). PR1415242
jdhcpd becomes aware about some of the existing configuration only after commit full or jdhcpd restart. PR1419437
Change the nd6 nexthops to reject NH once l2 interfaces gets disassociated with ipv6 entries. PR1419809
The jdhcpd process might consistently run at 100% CPU and not provide service if the delay-offer is configured for DHCP local server. PR1419816
BBE: DHCP subscribers on non-default routing instance went down after unified ISSU. PR1420982
jdhcpd daemon might crash during continuous stress test. PR1421569
MX: LACP: The error message fpc3 user.err aftd-trio: [bt] #1 JnhHandle:: been logged. PR1424106
The DHCP DECLINE packets are not forwarded to DHCP server when forward-only is set within dhcp-reply. PR1429456
DHCP request might get dropped in DHCP relay scenario. PR1435039
The jdhcpd process might go into infinite loop and cause 100% CPU usage. PR1442222
The dhcp-relay statement might not work on MX10008 platforms. PR1447323
Some additional information can be provided in DHCPv6 option 17. This option can be in SOLICIT or REQUEST messages. BNG should relay the information from this option to RADIUS servers in ACCESS REQUEST message in the attribute 26-207. Before the fix from the PR the information was not relayed. PR1448100
PPPoE holding DHCPv6 prefix causes DHCPv6 binding failure due to duplicate prefix. PR1453464
DHCP packet might not be processed correctly if DHCP option 82 is configured. PR1459925
MPLS
Stale LSPs might exist if primary LSP goes down immediately after bypass LSP. PR1242558
RPD might restart after a MPLS LSP flap if no-cspf and fast-reroute are configured in an LSR ingress router. PR1368177
DSCP bit Marking of LSP self-ping is not compliant with rfc7746. PR1371486
The rpd process might crash when executing traceroute mpls bgp. PR1399484
LDP tunneling configuration triggers huge scheduler slips, causing IGP flapping. PR1410827
The rpd might crash in BGP-LU with egress-protection while committing configuration changes. PR1412829
The rpd might crash after spring-te is deactivated. PR1414323
Rpd memory might leak when RSVP LSP is cleared or re-signaled. PR1415774
Services dependent on LDP might be impacted if committing any configuration changes. PR1416032
Traffic blackhole might be seen due to a long LSP switchover duration in RSVP-signaled LSP scenario. PR1416487
LDP route might be missing in inet.3 when enabling sr-mapping-client on LDP-SR stitching node. PR1416516
RSVP LSP might get stuck in down state in OSPF Multiarea topology. PR1417931
Traffic might be dropped due to LDP label corruption after Routing Engine switchover. PR1420103
Incorrect length for Sub-TLV 34 (RFC 8287) in MPLS Echo Request. PR1422093
LDP might not update the LDP ingress route metric when inet.3 route flash happens before inet.0. PR1422645
The dynamic bypass RSVP LSP tears down when being used to protect LDP LSP. PR1425824
mpls ping sweep stops working and CLI gets unresponsive. PR1426016
MPLS LSP auto-bandwidth statistics miscalculations might lead to a high bandwidth reservation. PR1427414
M/MX: continuous rpd core @ l2ckt_alloc_label , l2ckt_standby_assign_label , l2ckt_intf_change_process in the new backup during GRES in MX2010 box. PR1427539
Traffic loss might be observed after changing configuration under protocols mpls in ldp-tunneling scenario. PR1428081
The LDP might withdraw a label for an FEC once the IGP route is inactive in inet.0. PR1428843
When MBB for P2MP LSP fails, it is stuck in the old path. PR1429114
MPLS ingress LSPs for LDP link protection are not coming up after the disabling/enabling of MPLS. PR1432138
SRLG entry shows Unknown after removing it from configuration in show mpls lsp extensive output or show mpls srlg. Shows Unknown-0xXX (XX will vary). PR1433287
The P2MP LSP branch traffic might be dropped for a while when the Sender Provider Edge is performing switchover. PR1435014
Traffic loss might be seen after LDP session flaps rapidly. PR1436119
The rpd might crash after executing ping mpls ldp. PR1436373
The LDP route and LDP output label are not showing in the inet.3 table and LDP database respectively if enable OSPF rib-group. PR1442135
LINX:lsi intf/Layer2 Virtual Chassis goes down on one router in VPLS domain through the mpls path is still available in inet.3. The reason shows as mpls label out of range. PR1442495
The backup LSP path messages are rejected if the bypass tunnel path is an inter-area LSP. PR1442789
RSVP Path message with long refresh interval is dropped between Junos pre-16.1 and 16.1+ nodes. PR1443811
P2MP LSP might get stuck in the down state after link flaps. PR1444111
The rpd memory leak might be seen when the inter-domain RSVP LSP is in down state. PR1445024
Traffic might silently drop if two consecutive PLRs along the LSP perform local repair simultaneously under certain mis-configured conditions. PR1445994
The transit packets might be dropped if an LSP is added or changed on MX/PTX device. PR1447170
Traffic drop might be seen after traceoption configuration committed in RSVP P2MP scenario. PR1447480
The LDP route timer is reset when committing unrelated configuration changes. PR1451157
Pervious configured credibility preference it is not considered by CSPF despite the configuration is deleted or changed to prefer another protocol in TED. PR1460283
RPD core files and high CPU usage is seen on MX104. PR1460292
Network Address Translation (NAT)
The nsd process might crash when SNMP query deterministic NAT pool information. PR1436775
Network Management and Monitoring
The snmp query might not get data in scaled l2circuits environment. PR1413352
Syslog match filtering does not work if single line of
/etc/syslog.confis over 2048 bytes. PR1418705MX10000 reports jail socket errors. PR1442176
hrProcessorFrwID will be set to 0.0 of type "OBJECT IDENTIFIER" to fix the NMS warnings as it is using Integer value not OCTET STRING. PR1446675
Platform and Infrastructure
All FPC cards might restart after Layer 3 VPN routes churn. PR1398502
Class-of-service configuration changes might lead to traffic drop on cascade port in Junos fusion setup. PR1408159
Traffic is getting dropped when there is a combination of DPC/MX-FPC card and MPC card on egress PE router in Layer 3 VPN. PR1409523
DDoS violation for lldp, mvrp, provider mvrp and dot1x is incorrectly reported as LACP DDoS violation. PR1409626
The VLAN tag is incorrectly inserted on the access interface if the packet is sent from an IRB interface. PR1411456
Error logs might be observed after performing unified ISSU. PR1412463
The MPC might crash when one MIC is pulled out during this MIC is booting up. PR1414816
Distributed multicast forwarding to the subscriber interface might not work. PR1416415
Some applications might not be installed during upgrade from an earlier version that does not support FreeBSD 10 to FreeBSD 10 (based system). PR1417321
op URL command can't run a script with libs from
/config/scripts. PR1420976The ARP request might not be replied although proxy-arp is configured. PR1422148
The slax scripts triggered by event options might be stuck forever. PR1422939
show jnh trap-info with incorrect LU instance caused a crash and core file on FPC. PR1423508
The native VLAN ID of packets might fail to be removed when leaving out. PR1424174
The policer bandwidth might be wrong for the aggregate interface after activating the shared-bandwidth-policer. PR1427936
With CNH for 6PE, MPLS EXP rewrite rule for non-VPN IPv4 over MPLS traffic might not work. PR1430878
Pre-fragmented ICMP IPv4 packets might fail to arrive at the destination. PR1432506
The FPC might crash when the firewalls filter manager deals with the firewall filters. PR1433034
Enable sensor
/junos/system/linecard/qmon/causing continuous ppe_error_interrupt errors. PR1434198Traffic from the same physical interface cannot be forwarded. PR1434933
The device might not be accessible after the upgrade. PR1435173
The IPv4 packet larger than mtu-v6 might be dropped by the MAP-E BR device. PR1435362
MAP-E encapsulation or decapsulation with specific parameter might work incorrectly. PR1435697
The
/var/db/scriptsdirectory might be deleted after executing request system zeroize. PR1436773The BGP session might flap after Routing Engine switchover done simultaneously on both boxes of BGP peer in scaled BGP session setup. PR1437257
The next-hop mac address in the output from show route forwarding-table command might be incorrect. PR1437302
The multicast traffic is dropped while multicast ingress replication is configured with local-latency-fairness. PR1438180
A certain combination of allow-commands and deny-commands do not work properly after Junos OS Release 18.4R1. PR1438269
The inner IPv4 packet might get fragmented using the same size as mtu-v6 setting which is used for the MAP-E softwire tunnel in MAP-E configuration. PR1440286
When host bound packet received in MAP-E BR router, service interface statistics counter shows incorrect number of bytes. PR1443204
Packets drop due to missing destination MAC in the Packet Forwarding Engine. PR1445191
Python op scripts executed as user nobody if started from NETCONF session, not as a logged in user, resulting in failing PyEZ connection to the device. PR1445917
Some hosts behind unnumbered interface are unreachable after the router/FPC restarts. PR1449615
FPC might reboot with vmcore due to memory leak. PR1449664
REST API process will get non-responsive when a number of request is coming with a high rate. PR1449987
The Routing Engine originated IPv6 packets might be dropped when interface-group rule is configured under IPv6 filter. PR1453649
Routing Policy and Firewall Filters
Configuration commit operation after policy change causes rpd crash. PR1357802
MX Series: CLI knob as-path-expand last-as commit failure. PR1388159
The route-filter-list with non-continuous match might not work as expected after being updated. PR1419731
Policy matching RD changes next-hop of the routes which do not carry RD. PR1433615
Routes resolution might be inconsistent if any route resolving over the multipath route. PR1453439
Routing Protocols
Junos BGP Established state is not shown in show bgp summary if only master routing instance is present. PR600308
RPD crashes due to assert in bgp_io_write_user_handler_int(). PR1351639
Qualified next hop of static route might not be withdrawn when BFD is down. PR1367424
Routing Engine-based micro BFD packets do not go out with configured source IP when the interface is in logical-system. PR1370463
The rpd might crash under a rare condition if GR helper mode is triggered. PR1382892
BGP sessions might keep flapping on backup Routing Engine if proxy-macip-advertisement is configured on IRB interface for EVPN-VXLAN. PR1387720
In rare cases rpd might crash after Routing Engine switchover when BGP multipath and L3VPN vrf-table-label are configured. PR1389337
Processing a large scale as-path regex will cause the flap of the route protocols. PR1396344
There might be unexpected packets drop in MoFRR scenario if active RPF path is disabled. PR1401802
IGMP join through PPPOE sub not propagated to upstream PIM. PR1407202
BFD link-failure detection of the broken path will be delayed when IGP link-state update is received from the same peer through an alternative path. PR1410021
BGP might get stuck in an Idle state when the peer triggers a GR restart event. PR1412538
The Layer 3 VPN link protection doesn't work after flapping the CE facing interface. PR1412667
TI-LFA cannot find backup path when ISIS OverLoad bit is set on computing node. PR1412923
SID label operation might be performed incorrectly in OSPF SPRING environment. PR1413292
The unexpected AS prepending action for AS path might be seen after the no-attrset statement is configured or deleted with vrf-import/vrf-export configuration. PR1413686
Dynamic routing protocol flapping with vmhost Routing Engine switchover on NG-RE. PR1415077
The IS-IS-SR route sent by the mapping server might be broken for ECMP. PR1415599
Route info might be inconsistent between RIB and OSPF database when using OSPF LFA feature. PR1416720
Junos OS: OpenSSL Security Advisory [26 Feb 2019]. PR1419533
A memory leak in rpd might be seen if source packet routing is enabled for IS-IS protocol. PR1419800
BFD crash after GRES was done @ __assert (func=0x831a40e "bfdd_link_session", file=0x831a24a "../../../../../../src/junos/usr.sbin/bfdd/bfdd_session.c" PR1420694
IPv6 IS-IS routes might be deleted and not be reinstalled when MTU is changed under the IFL level for family inet6. PR1420776
Route churn might be seen after changing maximum-prefixes configuration from value A to value B. PR1423647
The rpd might crash if no-propagate-ttl is configured in BGP multipath scenario. PR1425173
The multicast traffic might be dropped when proxy mode is used for igmp-snooping. PR1425621
The rpd might crash in PIM scenario with auto-rp enabled. PR1426711
The rpd might crash while removing multicast routes that do not have an associated (S,G) state or activating the accept-remote-source statement on PIM upstream interface. PR1426921
The rpd might crash while handling the withdrawal of an imported VRF route. PR1427147
MVPN traffic might be lost for around 30 seconds during Routing Engine switchover. PR1427720
The rpd would generate core files due to improper handling of Graceful Restart stale routes. PR1427987
RPD might crash with ospf overload configuration. PR1429765
The next-hop of IPv6 route remains empty when a new IS-IS link comes up. PR1430581
BGP knob multipath multiple-as does not work in specific scenario. PR1430899
IPv6 aggregate routes are hidden. PR1431227
Unsupported configuration (EPE with dynamic-next-hop GRE tunnels) continuously causing RPD to generate core files.PR1431536
The show isis adjacency extensive output is missing state transition details. PR1432398
In BFD and GR enabled scenario, BFD DOWN packets are not being sent immediately after BFD failure. PR1432440
Per-Prefix LFA might not work as expected where the last hop needs to be protected on the penultimate node. PR1432615
PIM-SM join message might be delayed with MSDP enabled. PR1433625
With SR enabled 6PE next-hop is not installed. PR1435298
The rpd might crash during the best path changes in BGP-L3VPN with multipath and no-vrf-propagate-ttl enabled. PR1436465
BGP route next-hop can be incorrect in some scenarios with PIC edge configuration. PR1437108
Removing SSH Protocol version 1 from configuration. PR1440476
RIP routes are discarded by Juniper devices when the next-hop field in the RIPv2 response packet contains a subnet Broadcast address. PR1441452
The rpd process might crash in inter-AS option B Layer 3 VPN scenario if CNHs is used. PR1442291
IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507
The rpd might crash in OSPF scenario due to invalid memory access. PR1445078
The BGP route prefixes are not being advertised to the peer. PR1446383
The as-external route might not work in ospf overload scenario for VRF instance. PR1446437
The rpd might crash when the policy applied to the MoFRR is deleted. PR1446472
The rpd CPU utilization gets 100% due to incorrect path-selection. PR1446861
The multicast traffic might be dropped in PIM with BGP PIC setup. PR1447187
The rpd crashes and commit fails when trying to commit configuration changes. PR1447595
Layer 3 VPN PE-CE link protection exhibits unexpected behavior on MX2000 platforms. PR1447601
Junos BFD sessions with authentication flaps after a certain time. PR1448649
Intra-router PPMD[RE] to PPMAN[FPC] connection could be closed if the session timeout is greater than 3 seconds in either direction. PR1448670
The BGP routes might fail to be installed in routing instance if the from next-hop policy match condition is used in the VRF import policy. PR1449458
The rpd memory might leak in a certain MSDP scenario. PR1454244
The rpd might crash continuously due to memory corruption in IS-IS setup. PR1455432
Prefix SID conflict might be observed in ISIS. PR1455994
Routing-process is crashing when OSPF router-id get changed for NSSA area. PR1459080
The rpd memory leak might be observed on backup routing engine due to BGP flap. PR1459384
RPD scheduler slips might be seen on RPKI route validation enabled BGP peering router in a scaled setup. PR1461602
Services Applications
ms- used for IPSEC PIC is listed in show services ha detail as standby. This is a cosmetic issue. PR1383898
SPD_CONN_OPEN_FAILURE: spd_svc_set_summary_query: unable to open connection to si-0/0/0 (No route to host). PR1397259
[technology/subscriber_services/jl2tpd] [all] RPT BBE Regressions : ERA Value does not match with configured values while verifying new ERA settings and they are reflected in message logs. PR1410783
jpppd generates core files on LNS. PR1414092
L2TP LAC might fail to tunnel static pp0 subscriber to the desired LNS. PR1416016
IPsec SA might not come up when the Local gateway address is a VIP for a VRRP configured interface. PR1422171
In subscriber with L2TP scenario, subscribers are stuck in INIT state forever. PR1425919
Some problems might be seen if client negotiates LCP with no ppp-options to LAC. PR1426164
The kmd process might crash when DPD timeout for some IKEv2 SAs happens. PR1434521
Traffic might be dropped in IPsec VPN scenario when the VPN peer is behind a NAT device. PR1435182
The output of show subscriber user-name on LTS shows only one session instead of two. PR1446572
The jl2tpd process might crash during the restart procedure. PR1461335
Software Installation and Upgrade
JSU might be deactivated from FPC in case of power cycle. PR1429392
Subscriber Access Management
Authd telemetry: Linked pool head attribute is incorrect for single pools. PR1413293
The subscriber service profile might be unable to be changed by RAR message in PCRF/Gx-Plus scenario. PR1417987
CoA-NACK is not sent when performing negative COA Request tests by sending incorrect session-id. PR1418144
Subscribers might not be able to re-login in Gx-plus provisioning scenario. PR1418579
PPPoE session might be disconnected when LI attributes are received in access-accept with invalid data. PR1418601
Address allocation issue with linked pools when using linked-pool-aggregation. PR1426244
RADIUS authentication server might always be marked with DEAD. PR1429528
Subscriber filtering for General Authentication Services traceoptions will report debug messages for other users. PR1431614
Incorrect Acct-Session-Time : Acct-Session-Time is not zero, though no Start event occurred. PR1433251
The output of test aaa ppp is missing <radius-server-data> tag. PR1444438
On MX platforms a false error might be received for SAE policy activation or deactivation failure. PR1447632
Subscribers Login fails when PCRF Server is unreachable. PR1449064
DHCPv6 subscribers might be stuck in a state after the authd process crash. PR1460578
Problem with linked-pool-aggregation after attempting to delete a pool in middle of the chain. PR1465253
User Interface and Configuration
Junos fusion: show chassis hardware satellite command is not available on Junos OS 17.3 versions. PR1388252
Junos OS: Insecure management daemon (MGD) configuration might allow local privilege escalation (CVE-2019-0061). PR1406219
VPNs
In a specific CE device environment in which asynchronous-notification is used, after the link between the PE and CE devices goes up, the Layer 2 circuit flaps repeatedly. PR1282875
The multicast traffic drop might be seen when static-umh is configured in NGMVPN scenario. PR1414418
The rpd might crash in rosen MVPN scenario when a same provider tunnel source address is being used for both IPv4 and IPv6. PR1416243
The deletion of (S,G) entry might be skipped after the PIM join timeout. PR1417344
The rpd crash might be seen if layer 2 circuit or local-switching connections flap continuously. PR1418870
The rpd process might crash in rare conditions when Extranet NG-MVPN is configured. PR1419891
Permanent traffic loss is seen on NGMVPN selective tunnels after Routing Engine switchover (one-time). PR1420006
MPLS LSP ping over l2circuit might not work when flow-label is enabled. PR1421609
The rpd process might crash and generates core files during mpls ping command on l2circuit. PR1425828
MVPN using PIM Dense mode does not prune the OIF when PIM prune is received. PR1425876
The resumed multicast traffic for certain groups might be stopped in overlapping MVPN scenario. PR1441099
Memory leak might happen if PIM messages received over an MDT (mt- interface) in Draft-Rosen MVPN scenario. PR1442054
The rpd process might crash due to memory leak in "MVPN RPF Src PE" block. PR1460625
Resolved Issues: 19.1R1
Application Layer Gateways (ALGs)
DNS requests with EDNS options might be dropped by DNS ALG. PR1379433
On MX Series routers with FTP ALG enabled, if there are more than one FTPS connection between a pair of FTP client and server, the closure of one connection might affect the other connections between the pair of FTP client and server. There might be traffic impact. It is a rare timing issue. PR1483834
Authentication and Access Control
MAC move might occur in a DHCP security scenario. PR1369785
The dot1xd might crash when dot1xd receives incorrect reply length from the authd. PR1372421
IPv4/IPv6 DHCP security client entries will be recorded on TRUSTED ports as well. PR1390676
Push-to-JIMS now supports pushing the authenticated entry to all online JIMS servers. PR1407371
Class of Service (CoS)
The cosd process might crash during committing configuration change through netconf. PR1403147
Flow-Based and Packet-Based Processing
Issues occur with fragmentation and ALG support for Power Mode IPsec. PR1397742
EVPN
EVPN type-5 route might be lost if chained-composite-next-hop statement is configured. PR1362222
Packet drop is seen in EVPN stitching with IRB configured. PR1363935
The EVPN implementation does not follow RFC-7432. PR1367766
EVPN A/A multihomed PE device occasionally prefers to route to a directly connected prefix using LSPs toward the multihomed peer instead of going directly out of the IRB interface (which is up). PR1376784
The RA packets might be sent out without using the configured virtual gateway address. PR1384574
EVPN-VXLAN: Flood is not programmed for VTEP interfaces for more than 5 minutes after BGP bounce. PR1396597
IPv6 link-local address for virtual-gateway address is marked as duplicate in EVPN. PR1397925
When committing a configuration for a VLAN adding to an EVPN instance and an aggregated Ethernet interface, respectively, the newly added VLAN interface count might be zero (0) in that bridge domain. PR1399371
EVPN type 2 MAC+IP route is stuck when the route advertisement has two MPLS labels and withdrawal has one label. PR1399726
The rpd core file is generated upon Routing Engine switchover with scaled EVPN configuration. PR1401669
The rpd crashes due to memory corruption in EVPN. PR1404351
EVPN database and bridge mac-table are out of sync after core link flap. PR1404857
The rpd might crash on a leaf node when handling withdrawal of the remote or local MAC address in an EVPN-VXLAN scenario. PR1405681
The rpd might crash after NSR switchover in a EVPN scenario. PR1408749
Forwarding and Sampling
In EVPN A/A scenario with MX or EX acting as PE device, flood next-hops to handle BUM traffic might not get created or miss certain branches when the configuration is performed in a particular sequence. PR1377749
LTS subscriber statistics are reported to RADIUS. PR1383354
Adjusting mac-table-size configuration might cause an l2ald crash. PR1383665
The LSI binding for the IPv6 neighbor is missing. PR1388454
The filter counter is not written to the accounting file when accounting is enabled on the bridge firewall filter. PR1392550
The l2ald process might crash when doing commit check for some specific configurations. PR1395368
General Routing
We advise migrating from syslog API to Errmsg API:
/src/junos/usr.sbin/mspsmd. PR1284654MX150: Cannot copy files from the USB flash to Junos OS Virtual Machine. PR1333201
Large-scale users logging in and logging out might cause a mgd memory leak. PR1352504
Traffic loss might be seen on the new master after interface flap is followed by Routing Engine switchover in a VRRP scenario. PR1353583
The packets might be dropped when they go through the MX104 built-in interface. PR1356657
The show chassis ethernet-switch command output is different on MX10008 routers. PR1358853
MX Series BNG does not generate the ESMC/SSM quality level failed SNMP trap alarm. PR1361430
The inline J-Flow sampling configuration might cause an FPC crash on MX Series routers. PR1362887
MX Series Virtual Chassis: The request to record the VCCP heartbeat state changes in syslog by default. PR1363565
FPM board status is missing in the SNMP MIB walk result. PR1364246
The netproxy service client component fails to restart after issuing the request vmhost reboot command. PR1365664
The following errors are seen in the syslog: LOG : Err] Failed to allocate 2 jnh-dwords for encap-ptr(ether-da)!,LOG: Err] gen_encap_common: jnh-alloc failed! 8 PR1366811
When you configure vrrp delegate-processing with tomcat enabled, the Packet Forwarding Engine dropped vrrp packets and count sw error. PR1369503
MPC5E restarted at
trinity_pio_io_func, pio_read_u32, xqchip_read_u32, xqchip_issu_disable_q_stats, qchip_issu_disable_q_stats, issu_asic_prepare (pfe_idx=0 '\000')at../../../../src/pfe/common/applications/issu/jam/issu_jam_npc_pfe.c:65PR1369635Image installation on SD fails with the following error: Unable to read reply from software add command to re1; error 1. PR1372877
Core file is generated in ifinfo at
pif_af_fe_info pif_af_ifdwhen displaying the af interface information. PR1373436LDP convergence delay might be seen after a IGP metric change with the bgp-igp-both-ribs statement configured. PR1373855
The filter service might fail to get installed for the subscriber in a scaled BBE scenario. PR1374248
A few L2BSA subscribers might be stuck in init, terminating, or terminated state after the previous logout. PR1375070
SFB and PDM/PSU-related information is missing in jnxBoxAnatomy MIB on high-end MX Series routers. (MX2010/2020). PR1375242
The bbe-smgd core file might be seen after doing GRES. PR1376045
MS-MPC might have performance degradation under scaled fragmented packets. PR1376060
Interface optic output power is not zero when the port has been disabled. PR1376574
CI: Not generating Power Supply failed trap. PR1376612
After NAT64 router (with MS-MPC) translates an IPv6 fragment to an IPv4 fragment, router is not inserting the correct value in the identification field of the IPv4 header. PR1378818
The bbe-smgd process generates repeated core files and stops running as a result of long-term session database shared memory corruption. PR1388867
Traffic might be discarded without notification when CoS configuration is changed on a PS interface. PR1379530
Protocol adjacency might flap and FPC might reboot if jlock hog happens. PR1379657
MSQQ error logs and potential MPC traffic impact are seen when the physical interface link goes down. PR1380183
The pfe_disable action should also disable the logical interfaces belonging to the affected Packet Forwarding Engine. PR1380784
Encryption and decryption is not happening, because the Packet Forwarding Engine discards it while testing that group-vpn member was established using the authentication-method preshared key ascii-text. PR1381316
Traffic might be discarded without notification that is caused by FPC offline in MC-LAG scenario. PR1381446
In MX3ru for Junos OS Release 18.3R1, unified ISSU will fail if QSA is plugged in. PR1382126
The MPC6E might crash while fetching PMC device states. PR1382182
High CPU utilization is seen for chassisd on bsys, ~20 percent st steady state. PR1383335
The configuration configured through the NETCONF session might fail. PR1383567
MBFD flaps because clksync congests the scheduler for 100 ms. PR1384473
The rpd generates a core file at krt_table_rtbit_q_handler , krt_q_flush (startp=0xcca2c500, endp=0xcca2e9d0, isflash=0, todo=0x7fffffffe204),rtbit_free (rtbh=0x4145540). PR1385005
The MPLS packets with more than eight labels will not be processed by J-Flow. PR1385790
The vFPC CPU is running very high on vMX. PR1385853
The device with more than five IP addresses configured in the DHCP server-group goes into amnesiac mode after reboot. PR1385902
In subscriber management environment DHCP Subscriber might get stuck in terminated state. PR1386662
In case an LSP is locally configured without an explicit path, the ERO object remains empty in the PCRpt generated by PCC. PR1386935
Uninitialized EDMEM[0x400094] Read (0x6db6db6d6db6db6d) logs are seen with sampling applied to a subscriber with routing-service applied. PR1386948
The rpd might crash when traceoptions are enabled. PR1387050
On MX2000 routers, the backup CB's chassis environment status shows up as “Testing” even after the backup CB becomes online by removal or insert operation. PR1387130
The bbe-smgd process might crash when two subscribers log in with the same framed-route prefix and preference values. PR1387690
Some SFBs might go down when one of the PSMs in the chassis generates a bad output voltage that is out-of-range. PR1387737
FPC core file is seen at sensor_export_time_exceed_limit agent_health_monitor_data_reap when Jinsight is configured. PR1388112
Psec IKE keys are not cleared when delete or clear notification is received from peer on GRES-enabled DUT. PR1388290
Fabric drops might be seen if using a newer generation of MPC with SFB2. PR1388780
Incorrect value for flow packets or octets fields might be seen in an inline J-Flow scenario, PR1389145
IGMP group threshold exceed log message prints an incorrect demux logical interface. PR1389457
MX204: Excluding the speed CLI option under the interface level. PR1389918
The jnxFruState might show incorrect PIC state after replacing an MPC with another MPC with less numver of PICs. PR1390016
Traffic destined to VRRP VIP gets dropped because the filter is not updated to the related logical interface. PR1390367
The delete chassis redundancy command with routing-options nonstop-routing is not giving a commit warning. PR1390575
Delay in CLI output with second or more show subscriber <> extensive queries when the first session is sitting at -(more)- prompt displaying show subscribers extensive command output. PR1390762
Trailing chars are seen in GNMI get API reply. PR1390967
All the BBE and ESSM subscriber sessions might be lost after GRES or unified ISSU. PR1391409
The routing-engine-power-off-button-disable statement does not work on MX204 and MX10003 routers. PR1391548
The bbe-smgd process might crash after committing configuration changes. PR1391562
The bbe-smgd process might crash in a corner case if family inet6 is used in the dynamic profile. PR1391845
On MX2000, fans start spinning at high speed upon inserting previously offlined FPC. PR1393256
Third-generation FPC reboot loop is caused because of having internal intf issues. PR1393643
Junos OS enhancement configuration statement added to modify mcontrol watchdog timeout. PR1393716
If FPGA on the new master CB has a specific hardware failure, the chassid might keep crashing after GRES switchover. PR1393884
Expected entries like "UI_COMMIT_PROGRESS" are not getting populated while checking with Junos OS script session for obtaining the syslog output. PR1394780
MPC7, MPC8, and MPC9 might not boot in the MX Series Virtual Chassis. PR1396268
Adding IRB to bridge-domain with PS interface causes a kernel crash. PR1396772
The MS-MPC might generate a core file when mspmand receives a non-synchronized packet of TCP. PR1396785
A smid process memory leak occurs, and it does not come down from 100 percent. PR1397643
PFT MX10008: Inline-services enabling the Flex-Flow-Sizing take more than 12 minutes to move to steady state. PR1397767
The show system errors active command is not showing the error for MPC3E next-generation HQoS. PR1398084
Kernel core file is generated on vMX. PR1398320
MPLSoUDP tunnels do not come up on interface route - dyn_tunnel_fwd_route_eligible - because next-hop type is configured as interface. PR1398362
High jsd or na-grpcd CPU usage might be seen even if JET or JTI is not used. PR1398398
IPsec tunnel cannot be established, because the tunnel SA and rule are not installed in the PIC. PR1398849
The bbe-smgd process might crash when executing the show pppoe lockout command. PR1398873
Wrong timestamp is displayed in the jvision collector log file. PR1399829
ARP refresh functionality might fail in an EVPN scenario. PR1399873
JET/PRPD incompatibility for the rib_service.proto field RouteGateway.weight occurs from Junos OS Release 18.4R1 to Release 18.4R2 and onward. PR1400563
The mgd-api crashes due to memory leak. PR1400597
Only one Packet Forwarding Engine could be disabled on FPC with multiple Packet Forwarding Engines in error/wedge condition. PR1400716
The authd might crash when issuing the show network-access requests pending command during the authd restarting. PR1401249
The show | compare output on global group changes loses the diff context after a rollback or “load update” is performed. PR1401505
The subscriber route installation fails because some interface states are not properly installed. PR1401506
FPC core files are generated due to a corner case scenario (race condition between RPF, IP flow). PR1401808
JET authentication does not work for usernames and passwords of certain lengths. PR1401854
Traffic loss is seen for IGMP subscribers after GRES. PR1402342
The MPC might crash due to the CPU hogging by dfw thread. PR1402345
Some error logs might be seen on FPC when reading attempt from uninitialized memory location. PR1402484
FPC might crash after you offline or online MIC-3D-16CHE1-T1-CE-H. PR1402563
DHCP subscriber cannot reconnect over dynamic VLAN demux interfaces because of RPF check failure. PR1402674
Host outbound traffic might be dropped on MPC7, MPC8, and MPC9 PR1402834
Observed rpd core files when a few colored LSPs are changed to uncolored LSPs. The cores are at
<<< #0 tag_cmp_tag (tag1=0x0, tag_label1=0x0, tag2=0x98b6628, tag_label2=0x98b6644) at ../../../../../../../../../../src/junos/usr.sbin/rpd/lib/mpls/label_mgr/core/mpls_label.c:473 473 if (tag1->tagt_mtu != tag2->tagt_mtu) >>>PR1403208Reported Log Variance might be incorrect if the PTP profile is changed from G.8275.2 to SMPTE or another multicast IP profile. PR1403219
Smg-service might become unresponsive. PR1403480
The time synchronization through PTPoE might not work when Enhanced Subscriber Management is enabled on MX Series routers. PR1404002
The FPC might crash in a CoS scenario. PR1404325
The repd continues to generate core files on VC-Bm when there are too many IPv6 addresses on one session. PR1404358
The targeted-broadcast statement does not work on the IRB interface. PR1404442
Configuration load override or load replace resets ANCP neighbors. PR1405318
NAT64 translation issues of ICMPv6 packet-too-big message occur with MS-MPC/MS-PIC. PR1405882
Fabric performance drop is seen on MPC7, MPC8, MPC9E, and SFB2-based MX2000 routers. PR1406030
Traffic impact might be seen if auto-bandwidth is configured for RSVP LSPs. PR1406822
New CLI option is introduced to display DF and MLR in split format. PR1406884
Layer 2 VPN will flap repeatedly after link up between PE and CE devices under "asynchronous-notification" and "some types of MICs" conditions. PR1407345
NPC core files are generated after daemon restart in #0 jnh_get_oif_nh (ifd=0x51a51a80, ifl=0x6aeb52e0, family_mtu=0, max_mpls_labels=0 '\000', pad_ge_frame_check=< optimized out>, ret_jnh=0x483a54a8) at
../../../../src/pfe/common/pfe-arch/trinity/toolkits/jnh/jnh_if.c:15248. PR1407765Ephemeral database might get stuck during commit. PR1407924
Traffic forwarding fails when crossing VCF members. PR1408058
Alarm mismatch in total memory is detected after running the reboot vmhost both command. PR1408480
TFTP of MPC line cards images fails when performing unified ISSU. PR1408558
Python script might stop working due to Too many open files error. PR1408936
interface-set meta-data needs to include the CoS TCP names in order to aid collector reconciliation with queue-stats data. PR1409625
FPC might generate core files during next-hop change due to FPC reboot or interface flap when using MPLS inline J-Flow. PR1409807
When using SFP+, the interface optic output might be non-zero even when the interface has been disabled. PR1410465
Traffic loss might be seen on MPC8E and MPC9E after requesting one of the SFB2s to go offline/online. PR1410813
Kernel replication failure and vmcore are seen because add IPv6 route prefix operation is not supported with the next-hop to be ATM interface. PR1411376
MX10003: The rpd crash with switchover-on-routing-crash does not trigger a Routing Engine switchover and the rpd on the master Routing Engine goes into STOP state. PR1412322
During unified ISSU from Junos OS Release 16.1R4-S11.1 to Junos OS Release 18.2R2-S1.2, CoS GENCFG write failures are observed: [ COS(cos_rewrite_do_pre_bind_add_action:676): Binding of table 44226 to ifl 1073744636 failed, table already bound to ifl ]. PR1413297
MPC10E line card will not power up in old MidPlane MX chassis when using Junos OS Release 19.1R1. PR1413373
Broken support of [family inet6 filter] on the ATM interface. PR1413663
The bbe-smgd process might have memory leak while running the show system subscriber-management route route-type <> routing-instance <> command. PR1415922
In the scenario where the MX and the peer both try to bring an IPsec tunnel up but the peer side does not answer the MX requests, we can bring the peer initiated tunnel down. PR1420293
The bbe-smgd process might crash and might not recover in a rare scenario. PR1420376
Infrastructure
The error of jlaunchd: disk-monitoring is thrashing, not restarted might be seen. PR1380032
Interfaces and Chassis
In case of MPLS, DMR packets are sent with different MPLS expiration bits if the MX Series router receives CFM DMM packets with varying expiration values on the MPLS header. PR1365709
Constant dcpfe process crash might be seen if using an unsupported GRE interface configuration. PR1369757
The jpppd process might crash if the EPD value contains a format specifier. PR1384137
DCD core file can be seen after FPC restart if channelized interfaces are configured. PR1387962
All DPCs might crash while adding or deleting a logical interface from the aggregated Ethernet bundle. PR1389206
The interface-control process thrashes and dcd does not restart after adding an invalid demux interface to the configuration. PR1389461
Decoupling of Layer 2 logical interface configuration from bridge-domain or EVPN configuration. PR1390823
Interim accounting updates might not be sent for subscribers after Junos OS selective update. PR1391011
A dcd memory leak might be seen when committing configuration change on static route tag. PR1391323
Error message might be seen if GR interface is configured. PR1393676
DCD crashes on deleting the sub interface from VPLS routing-instance when the same sub interface is also part of mesh-group. PR1395620
The MIC Error code: 0x1b0002 alarm might not be cleared for MIC on MPC6 when the voltage has returned to normal. PR1398301
The backup Routing Engine might get stuck in amnesiac mode after reboot. PR1398445
All dcd operations might be blocked if profile-db is corrupt. PR1399184
Certain otn-options cause interface flapping during commit. PR1402122
Subscriber might not be able to access the device due to the conflicted assigned address. PR1405055
The cfmd might fail to start after it is restarted. PR1406165
The aaa-options configuration statement for PPPoE subscribers does not work on the MX80 and MX104 routers. PR1410079
J-Web
Junos OS: Persistent XSS vulnerability in J-Web (CVE-2019-0047). PR1410400
Junos OS: Session fixation vulnerability in J-Web (CVE-2019-0062). PR1410401
Layer 2 Features
The unicast traffic from IRB interface toward LSI might be dropped due to Packet Forwarding Engine mismatch at egress processing. PR1381580
Flow label is still used by ingress PE though the egress PE is not configured/supporting for Flow label in a VPLS multihomed Scenario. PR1393447
In a Layer 2 domain (for example, bridge-domain, VPLS), there is unexpected flooding of unicast traffic at approximately every 40 seconds toward all local CE-facing interfaces. PR1406807
Layer 2 Ethernet Services
The subscriber's authentication might fail when the link-layer address that is encoded in the DHCPv6 DUID is different from the actual link-layer hardware address. PR1390422
The SNMP query on LACP interface might lead to lacpd crash. PR1391545
Log messages dot1xd[]: task_connect: task ESP CLIENT:...: Connection refused might be reported in Junos OS Release 17.4 or later. PR1407775
MPLS
The rpd might crash on the backup Routing Engine after switchover. PR1382249
MPLS LSP will remain in the down state due to routing loop detection after flapping link between PE router and egress PE router. PR1384929
Configured bandwidth 0 does not get applied on the RSVP interface. PR1387277
The bypass LSP might pass through an unexpected path that includes the same SRLG as the protected TE link that is down. PR1387497
The rpd process might keep crashing repeatedly if the LSP destination address is set to be 0.0.0.0. PR1397018
The rpd might crash when the LDP route with indirect next-hop is deleted. PR1398876
A single-hop bypass LSP might not be used for traffic when both transit chaining mode and sensor-based statistics are used. PR1401152
Resources might be reserved for stale RSVP LSP when RSVP is disabled on the interface. PR1410972
LDP crash is caused by an ldp_label_bind_route assert condition. PR1413231
LDP native IPv6 loopback remains in inet6.3 after removing the IPv6 address from the core interface. PR1414965
Platform and Infrastructure
MQCHIP CPQ block should report major alarm. PR1276132
Some line cards might crash in a subscriber scenario enabled with distributed IGMP. PR1355334
The FPC might crash continuously when the filters in the same filter list refer to a same nested filter PR1357531
The kernel and ksyncd core files are generated after dual cb flap at rt_nhfind_params: rt_nhfind() found a next-hop different from that on the master 30326. PR1372875
The traffic traversing an IRB interface might not be tagged with a VLAN if the packets go through an additional routing instance. PR1377526
IPv6 ping might fail for spine node in a EVPN scenario. PR1380590
Packet drops on interface occur if the gigether-options loopback statement is configured. PR1380746
The jcrypto syslog help package and events are not packaged even when the following error message is compiled: Below KMD help syslogs are missing help syslog | match KMD KMD_IKEV2_CONFIG_PAYLOAD_FAILED IKE Phase-1 Config Payload failed KMD_INSTALL_JUNOS_IKE Inform user to install junos-ike package KMD_PEER_CERT_VERIFY_FAILED IKE Phase-1 peer certificate verification failed KMD_VPN_DFBIT_STATUS_MSG VPN DF bit status set KMD_VPN_DOWN_ALARM_USER VPN monitor detected IPSec SA is down KMD_VPN_PV_LIFETIME_CHANGED Config key liftetime test changed KMD_VPN_PV_PHASE1 ike-phase1 failures over configured auditable threshold KMD_VPN_PV_PHASE2 ike-phase2 failures over configured auditable threshold KMD_VPN_PV_PSK_CHANGED Pre-shared Key changed KMD_VPN_PV_REAUTH_FREQUENCY_CHANGED Config key reauth frequency changed KMD_VPN_PV_XAUTHC_AUTH_FAIL ike-xauth-client authentication failure KMD_VPN_TS_MISMATCH IPSec traffic-selector mismatch KMD_VPN_UP_ALARM_USER VPN monitor detected that an IPsec SA is up. KMD_XAUTH_AUTHENTICATE_FAILED IKE Phase-1 XAUTH authentication failed PR1290089
The dfwd might crash with DFWD_TRASHED_RED_ZONE log messages. PR1380798
Traffic loss is seen in Layer 2 VPN with GRE tunnel. PR1381740
MAC learning might get stuck on MX Series routers with DPC and MPC. PR1383233
jlock hog is reported at restart routing. PR1389809
Individual command authorization might cause mgd crash. PR1389944
Traffic is being dropped when passing through MS-DPC to MPC. PR1390541
The RADIUS authentication does not work through management-instance for IPv6 family. PR1391160
The lockout-period might not work for the user being locked out. PR1393839
RVT interface might start flapping. PR1399102
In a scaled scenario (500 TWAMP control sessions and 500 TWAMP test sessions), a few TWAMP connections might fail to establish. PR1399547
Syslog error messages: [LOG: Err] COS_HALP(cos_halp_get_fabric_stats_per_pfe:3211): pfe_id 0 cchip 0[LOG: Err] COS_HALP(cos_halp_get_fabric_stats_per_pfe:3272): No PFE found for pfe_id_start 0. PR1402377
MAP-E some ICMP types cannot be encapsulated/decapsulated on SI interface. PR1404239
When a non-root user tries to archive the
var/log, some files are missing if a cscript.log file exists. PR1405903Abnormal queue-depth counters appear in show interface queue command output on interfaces associated to XM2 and 3. PR1406848
Ipv6 drops due to output trunk vlan lookup failed. PR1407200
Routing Policy and Firewall Filters
The set metric multiplier offset might overflow or underflow. PR1349462
The rpd process might crash if then next-hop is configured for the LDP export policy. PR1388156
The rpd process might crash when routing-options flow configuration is removed. PR1409672
Routing Protocols
BGP might not advertise routes on the existing BGP peer after adding a Layer 3 VPN instance. PR1237006
Migrate from syslog API to Errmsg API:
/src/junos/usr.sbin/ppmd. PR1284621The BGP session might be stuck with high BGP OutQ value after GRES on both sides. PR1323306
The VRF static route might not be exported when route-distinguisher-id is used on RR in a BGP Layer 3 VPN scenario. PR1341720
The dynamic next-hop template cache does not shrink when the application frees the next-hop template and there are surplus templates in cache. PR1346984
vFPC might continuously crash on vMX platform. PR1364624
Ukern memory leak and core crash are seen in BGP environment. PR1366823
The static route might persist even after its BFD session goes down. PR1385380
The rpd might crash after issuing the show route detail operational command for RIP route. PR1386873
Penultimate-hop router does not install BGP LU label, causing traffic to be discarded without notification. PR1387746
IGMPv3/MLD membership requests might not work normally. PR1389119
Unexpected packet loss might be seen for some multicast groups during failure recovery with both MoFRR and PIM automatic MBB join load-balancing features enabled. PR1389120
FPC might crash when BGP multipath is configured with protection. PR1389379
BGP IPv6 routes with IPv4 next-hop causes the rpd to crash. PR1389557
All the BGP sessions will flap after switchover. PR1391084
The ppmd on the Routing Engine might run with high CPU utilization after a Routing Engine switchover. PR1392704
The rpd core files are generated on the backup Routing Engine during neighborship flap when using an authentication-key with more than 20 characters. PR1394082
The rpd process might crash when rp-register-policy is configured with more than 511 terms. PR1394259
The best and the second-best routes might have the same weight value if BGP PIC is enabled. PR1395098
DMZ LINK BANDWIDTH - not able to aggregate bandwidth, when applying the policy. PR1398000
The rpd soft core might be seen when Layer 2 VPN is used. PR1398685
The rpd might crash in BGP setup with NSR enabled. PR1398700
The rpd might crash when BGP add-path send is configured and NSR is enabled. PR1401948
BGP router on the same broadcast subnet with its neighbors might cause IPv6 routing issue on the neighbor from other vendors. PR1402255
EVPN multihoming MAC might not be installed by the remote PE device. PR1403881
Memory leaks when labeled-isis transit routes are created as chain composite next-hop. PR1404134
Extended traffic loss might be seen after link recovery when source-packet-routing is used on OSPF P2P links. PR1406440
SBFD failure occurs with a special IP address like 127.0.0.1 under interface lo0. PR1406631
The rpd crashes with BGP functions bgp_peer_tcpwriteerror_gracefully. PR1410553
Services Applications
L2TP subscribers might be stuck in init state in a corner case. PR1391847
The spd might crash when any-ip is configured in the 'from' clause of the NAT rule with the static translation type. PR1391928
IP ToS bits are not copied to the outer IPsec header. PR1398242
Invalid Layer 4 checksum might be observed on IPv4 packets generated by NAT64 with MS-DPC after translating fragmented IPv6 UDP/TCP packets. PR1398542
The ICMPv6 packet with embedded IPv6 fragment might not be translated correctly to an IPv4 ICMP packet in a NAT64 with MS-DPC deployment. PR1402450
Inconsistent content might be observed to the access line information between ICRQ and PPPoE message. PR1404259
The stale si- logical interface might be seen when L2TP subscribers with duplicated prefixes or framed-route log in. PR1406179
The kmd process might crash on MX/ACX platforms when IKEv2 is used. PR1408974
Subscriber Access Management
The subscribers might be stuck in terminating state if RADIUS redirect is used. PR1376265
Multiple IPv6 IANA addresses are assigned for one session in a IPv6 PD binding failure scenarios. PR1384889
Dual-stacked DHCPv6-PD client connection terminated after commit when RADIUS address assignment is not defined within the range of a local pool. PR1401839
The authd crash might be seen due to a memory corruption issue. PR1402012
Adding a firewall filter service through the test aaa command causes a crash in dfwd. PR1402051
JSRC used RADIUS service accounting protocol instead of JSRC for SRC installed service. PR1403835
Continuous log message authd[18454]: %DAEMON-3-LI: liPollTimerExpired returned 0 is seen. PR1407923
User Interface and Configuration
The show configuration and rollback compare commands are causing high CPU usage. PR1407848
VPNs
The receivers belonging to a routing instance mIGHT not receive multicast traffic in an Extranet next-generation MVPN scenario. PR1372613
The accept-remote-source statement configured on the core interface might cause traffic outage. PR1375716
High rpd CPU utilization on the backup Routing Engine might be observed in an MVPN with NSR scenario. PR1392792
The rpd process crashes when the LSP template for a provider tunnel is changed. PR1395353
Downstream interface is not removed from multicast route after getting PIM prune. PR1398458
Routes with multiple communities might be rejected in an inter-AS next-generation MVPN scenario. PR1405182
With rosen MVPN configuration with data-mdt, the show pim mdt data-mdt-limit instance <interface name> with family option causes high CPU usage of the rpd. PR1405887
Documentation Updates
This section lists the errata and changes in Junos OS Release 19.1R3 documentation for MX Series.
Spanning Tree Protocol User Guide
Documentation on configuring Layer 2 Protocol Tunneling (L2PT) for spanning-tree protocols on MX Series and ACX Series routers has been removed from the Spanning-Tree Protocols User Guide and merged into Layer 2 Protocol Tunneling in the Ethernet Switching User Guide.
Migration, Upgrade, and Downgrade Instructions
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.
Starting in Junos OS 18.3R1 release, FreeBSD 11.x is the underlying OS for all Junos OS platforms which were previously running on FreeBSD 10.x based Junos OS. FreeBSD 11.x does not introduce any new Junos OS related modifications or features but is the latest version of FreeBSD.
The following table shows detailed information about which Junos OS can be used on which products:
Platform | FreeBSD 6.x-based Junos OS | FreeBSD 11.x-based Junos OS |
MX5,MX10, MX40,MX80, MX104 | YES | NO |
MX240, MX480, MX960, MX2010, MX2020 | NO | YES |
Basic Procedure for Upgrading to Release 19.1
Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:
The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Installation and Upgrade Guide.
For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.
Procedure to Upgrade to FreeBSD 11.x based Junos OS
Products impacted: MX240, MX480, MX960, MX2010, and MX2020.
To download and install FreeBSD 11.x based Junos OS:
- Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:
- Select the name of the Junos OS platform for the software that you want to download.
- Select the release number (the number of the software version that you want to download) from the release drop-down list to the right of the Download Software page.
- Select the software tab.
- In the Instal Package section of the software tab, select the software package for the release.
- Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
- Review and accept the End User License Agreement.
- Download the software to a local host.
- Copy the software to the routing platform or to your internal software distribution site.
- Install the new jinstall package on the routing platform.
Note We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.
All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:
For 32-bit Routing Engine version:
user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-19.1R3.9-signed.tgz
For 64-bit Routing Engine version:
user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-19.1R3.9-signed.tgz
Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos package):
For 32-bit Routing Engine version:
user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-19.1R3.x-limited.tgz
For 64-bit Routing Engine version:
user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-19.1R3.9-limited.tgz
Replace source with one of the following values:
/pathname—For a software package that is installed from a local directory on the router.For software packages that are downloaded and installed from a remote location:
ftp://hostname/pathnamehttp://hostname/pathnamescp://hostname/pathname
Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 11.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 11.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.
Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.
After you install a Junos OS Release 19.1 jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.x) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.
Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.
Procedure to Upgrade to FreeBSD 6.x based Junos OS
Products impacted: MX5, MX10, MX40, MX80, MX104.
To download and install FreeBSD 6.x based Junos OS:
- Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:
- Select the name of the Junos OS platform for the software that you want to download.
- Select the release number (the number of the software version that you want to download) from the release drop-down list to the right of the Download Software page.
- Select the software tab.
- In the install package section of the software tab, select the software package for the release.
- Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
- Review and accept the End User License Agreement.
- Download the software to a local host.
- Copy the software to the routing platform or to your internal software distribution site.
- Install the new jinstall package on the routing platform.
Note We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.
All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:
user@host> request system software add validate reboot source/jinstall-ppc-19.1R3.9-signed.tgz
Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos OS package):
user@host> request system software add validate reboot source/jinstall-ppc-19.1R3.9-limited-signed.tgz
Replace source with one of the following values:
/pathname—For a software package that is installed from a local directory on the router.For software packages that are downloaded and installed from a remote location:
ftp://hostname/pathnamehttp://hostname/pathnamescp://hostname/pathname
The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.
Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
After you install a Junos OS Release 19.1 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.
You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.
Upgrading a Router with Redundant Routing Engines
If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:
Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.
Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.
After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.
Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.
For the detailed procedure, see the Installation and Upgrade Guide.
Downgrading from Release 19.1
To downgrade from Release 19.1 to another supported release, follow the procedure for upgrading, but replace the 19.1 jinstall package with one that corresponds to the appropriate release.
You cannot downgrade more than three releases.
For more information, see the Installation and Upgrade Guide.