Junos OS Release Notes for MX Series 5G Universal Routing Platform
These release notes accompany Junos OS Release 19.2R3 for the MX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.
You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.
What’s New
Learn about new features introduced in the Junos OS main and maintenance releases for MX Series.
What’s New in 19.2R3
There are no new features or enhancements to existing features for MX Series routers in Junos OS Release 19.2R3.
What’s New in 19.2R2
Junos OS XML, API, and Scripting
Support for 64-bit architecture added for use of management interface in a nondefault routing instance in op scripts and JET applications (MX Series)—Junos OS Release 19.2R2 supports 64-bit architecture Junos OS operating scripts (op scripts) and on-box JET applications can now use the function set_routing_instance() to program the protocol software (TCP/UDP) to use a nondefault routing instance instead of the default management routing interface.
Network Management and Monitoring
Implement new MIBs using telemetry-based model (MX Series)—Starting in Junos OS Release 19.2R2, new MIBs mplsMldpInterfaceStatsEntry and mplsMldpFecUpstreamSessTable are introduced. The Routing Engine uses a telemetry-based approach to collect statistics to provide MIB data for these MIBs. A new statement, sensor-based-stats at the [edit protocols ldp traffic-statistics] hierarchy level, enables telemetry-based collection. You must configure this statement to enable MIB data collection for mplsMldpInterfaceStatsEntry and mplsMldpFecUpstreamSessTable.
Routing Protocols
ECMP nexthop update rate throttling (MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 19.2R2, you can choose to defer multipath computation for all families during a BGP peering churn. In very large-scale network deployments during BGP peering churn there is a temporary spike in multipath computation, which takes a toll on the Packet Forwarding Engine resources. This feature allows you to pause the multipath computation and to resume after the peering churn settles down. Note that if there is no BGP peering churn, then multipath computation is not paused.
To enable the pause option for BGP multipath computation during BGP peering churn, include the pause computation statement at the [edit protocols BGP multipath] hierarchy level.
Subscriber Management and Services
CoA messages support Session-Timeout attribute (MX Series)—Starting in Junos OS Release 19.2R2, you can apply a session timeout for subscriber sessions with a RADIUS CoA message that includes the Session-Timeout attribute (27). This capability is useful, for example, when subscribers purchase Internet access for a specific period of time and must log out when the session expires. In earlier releases, the router does not recognize the attribute if it is included in a CoA message.
What’s New in 19.2R1-S4
Interfaces and Chassis
Support for 1-Gbps speed on QFX-60S line card on PTX10008 and PTX10016 Routers—Starting in Junos OS Release 19.2R1-S4, QFX10000-60S-6Q line card supports 1-Gbps speed on its ports (0 through 59). The QFX10000-60S-6Q line card contains 60 SFP+ ports that support 10-Gbps, two dual-speed QSFP28 ports that support either 40-Gbps or 100-Gbps, and four QSFP+ ports that support 40-Gbps. You can individually configure ports 0 to 59 for 10-Gbps or 1-Gbps port speed. Use the set chassis fpc fps-slot-number pic pic-number port port-number speed 1G command to change the mode of a port from 10-Gbps to 1-Gbps. The transceivers supported for 1-Gbps are QFX-SFP-1GE-LX, QFX-SFP-1GE-SX, and QFX-SFP-1GE-T.
[See QFX10000 Line Cards for details on the combination of modes supported on the ports.]
Services Applications
Support for Two-Way Active Measurement Protocol (TWAMP) and hardware timestamping of RPM probe messages (MX10000 and PTX10000 routers)—Starting in Release 19.2R1-S4, Junos OS supports TWAMP and hardware timestamping of RPM probe messages on the MX10008, MX10016, PTX10008 and PTX10016 routers. You can use TWAMP to measure IP performance between two devices in a network. By enabling hardware timestamping of RPM you can account for the latency in the communication of probe messages and also generate more accurate timers in the Packet Forwarding Engine.
[See Understanding Two-Way Active Measurement Protocol on Routers and Understanding Using Probes for Real-Time Performance Monitoring on M, T, PTX and MX Series Routers.]
What’s New in 19.2R1-S1
MPLS
Distributed CSPF for segment routing LSPs (MX Series)—Starting in Junos OS Release 19.2R1-S1, you can compute a segment routing LSP locally on the ingress device according to the constraints you have configured. With this feature, the LSPs are optimized based on the configured constraints and metric type. The LSPs are computed to utilize the available ECMP paths to the destination.
Prior to Junos OS Release 19.2R1-S1, for traffic engineering of segment routing paths, you could either explicitly configure static paths, or use computed paths from an external controller.
Color-based mapping of VPN services over SRTE (MX Series)—Starting in Junos OS Release 19.2R1-S1, you can specify a color attribute along with an IP protocol next hop to resolve transport tunnels over static colored and BGP segment routing traffic-engineered (SRTE) label-switched paths (LSPs). This is called the color-IP protocol next hop resolution, where you are required to configure a resolution-map and apply it to the VPN services. Prior to this release, the VPN services were resolved over IP protocol next hops only.
With this feature, you can enable color-based traffic steering of Layer 2 and Layer 3 VPN services.
Routing Protocols
Decouple RSVP for IGP-TE (MX Series, PTX Series, ACX Series, QFX Series, SRX Series, and EX Series)—Starting in Junos OS Release 19.2R1-S1, device can advertise selective traffic-engineering attributes such as admin-color and maximum-bandwidth, without enabling RSVP, for segment routing and interior gateway protocol (IGP) deployments.
What’s New in 19.2R1
Hardware
New fixed-configuration Modular Port Concentrator (MX240, MX480, and MX960)—Starting in Junos OS Release 19.2R1, the MPC10E-10C-MRATE is a new Modular Port Concentrator (MPC) that is supported on the MX240, MX480, and MX960 routers.
The MPC10E-10C-MRATE features the following:
Line-rate throughput of up to 1.0 Tbps when installed with an enhanced midplane and 800 Gbps when installed with a standard midplane.
Eight QSFP28 ports—Port numbers 0/0 through 0/3 and 1/0 through 1/3. The ports can be configured as 10-Gbps, 40-Gbps, or 100-Gbps Ethernet ports.
Two QSFP56-DD ports—Port numbers 0/4 and 1/4. The ports can be configured as 10-Gps, 40-Gps, 100-Gbps Ethernet ports.
[See MX Series 5G Universal Routing Platform Interface Module Reference.]
MX10016 Universal Routing Platform—The MX10016 router provides 10-Gigabit Ethernet, 40-Gigabit Ethernet, and 100-Gigabit Ethernet modular solutions that support up to 2.4 Tbps per slot. The MX10016 router provides redundancy and resiliency. All major hardware components including the power system, the cooling system, the control board and the switch fabrics are fully redundant. MX10016 enables cloud and data center operators to transition from 10-Gigabit Ethernet and 40-Gigabit Ethernet networks to 100-Gigabit Ethernet high-performance networks. The 21 rack unit (21 U) modular chassis can provide 38.4 Tbps of throughput. The MX10016 router has 16 slots for the line cards that can support a maximum of 1536 10-Gigabit Ethernet ports, 384 40-Gigabit Ethernet ports, or 384 100-Gigabit Ethernet ports.
You can deploy the MX10016 router in an IP edge network using an MX10K-LC2101 line card (ordering model number is JNP10K-LC2101).
[See MX10016 Hardware Guide.]
Advanced Cooling and Power Components (MX10008 Routers)—Starting in Junos OS Release 19.2R1, MX10008 routers offer 5.5 KW power supplies, new high performance fan tray, and compatible fan tray controller. The JNP10K-PWR-AC2 power supply supports AC, high-voltage alternating current (HVAC), DC, or high-voltage direct current (HVDC). The JNP10K-PWR-DC2 provides a 5.5 KW upgrade for DC users. The JNP10008-FAN2 offers increased air flow through the chassis. The JNP10008-FAN2 offers 1793 cubic feet per minute (CFM) per fan tray. The new fan tray controller, JNP10008-FTC2 supports the new fan tray.
[See MX10008 Hardware Guide.]
Authentication, Authorization and Accounting (AAA) (RADIUS)
Option to enable and disable SCP per user level independent of SSH (MX Series)—Starting in Junos OS 19.2R1, you can enable and disable SCP for a certain login class user independent of SSH. By defualt, SCP is not allowed for users added to the system defined classes read-only, operator and unauthorized and is only allowed to the system defined class super-user. SCP is allowed for any login class user belonging to a user defined class. You can deny SCP request for a user assigned to a user defined class by using the no-scp-server configuration statement. Prior to 19.2R1, SCP was enabled and disabled when SSH was enabled and disabled.
To disable SCP for a certain login class, use set no-scp-server at the [edit system login class <class_name>] hierarchy level.
[See no-scp-server.]
Option to enable and disable SFTP per user level (MX Series)—Starting in Junos OS 19.2R1, you can enable and disable SFTP for a certain login class user. By defualt, SFTP is not allowed for users added to the system defined classes read-only, operator and unauthorized and is only allowed to the system defined class super-user if SFTP is enabled globally. For a user assigned to a user defined class, by default SFTP requests are allowed if set system services ssh sftp-server is configured. You can now deny SFTP requests for a user assigned to a user defined class by using the no-sftp-server configuration statement.
To disable SFTP for a certain login class, use set no-sftp-server at the [edit system login class <class_name>] hierarchy level.
[See no-sftp-server.]
EVPN
Support for BFD, BGP, IS-IS, and OSPF on IRB interfaces in EVPN-MPLS networks (MX Series and vMX)—Starting with Junos OS Release 19.2R1, you can configure Bidirectional Forwarding Detection (BFD), BGP, IS-IS, and OSPF routing protocols on the IRB interface in an EVPN-MPLS network to route and forward EVPN traffic. This feature supports single-homed, single-active, and all-active multihomed networks.
EVPN support of VLAN ID ranges and lists in service provider style interface configurations (MX Series routers, and vMX virtual routers)—Starting in Junos OS Release 19.2R1, EX9200 switches, ACX5448 and MX Series routers, and vMX virtual routers support the use of VLAN ID ranges and lists in a service provider style interface configuration, which must be referenced in an EVPN routing instance. This configuration is supported with the following EVPN environments, services, and features:
Environments:
EVPN with VXLAN encapsulation
EVPN with MPLS encapsulation
VLAN bundle service:
E-LAN
E-Tree
E-Line
Feature:
EVPN multihoming:
All-active
Single-active
Singlehoming
Connectivity fault management support in EVPN-VPWS (MX Series)—Starting with Junos OS Release 19.2R1, you can configure Up maintenance association end points (MEPs) and maintenance association intermediate point (MIPs) on attachment circuits in support of connectivity fault management (CFM) in EVPN-VPWS networks. With the MEPs, you can monitor connectivity between two points on the EVPN-VPWS network. Junos OS supports the continuity check messages (CCM), loopback and link trace messages (LTMs) as defined in IEEE 802.1AG CFM, and delay measurements (DM) and synthetic loss measurements (SLMs) as defined in Y.1731 on a single-active homing network.
[See Connectivity Fault Management Support for EVPN and Layer 2 VPN Overview.]
Support for control word in EVPN-VPWS (MX Series and vMX) —Starting with Junos OS Release 19.2R1, Junos OS supports the insertion of a control word between the label stack and the MPLS payload in a network with EVPN-VPWS service. This feature prevents a transit device from delivering out-of-order packets as a result of the device’s load-balancing hashing algorithm. When you enable the control word feature on a PE device, the PE device advertises support for a control word. If all the PE devices in an EVI on the EVPN-VPWS serviced network support control word, then the PE device inserts a control word between the label stack and the L2 header in the packet thus preventing the packet from being misidentified by transit devices.
[See Control Word for EVPN-VPWS.]
Forwarding and Sampling
Support for local preference when selecting forwarding next-hops for ECMP traffic (MX Series)—Starting in Junos OS Release 19.2R1, you can have equal cost multi-path (ECMP) traffic flows prefer local forwarding next-hops over remote ones. This feature supports BGP prefixes that are directly reachable with IPv4 MPLS ECMP next-hops. Use ecmp-local-bias to direct ECMP traffic towards local links, for example, to ensure that the overall load on the fabric is reduced. [See ecmp-local-bias for usage details.]
High Availability (HA) and Resiliency
ISSU suport for MX2008 (MX Series)—Starting in Junos OS Release 19.2R1, MX2008 routers support ISSU.
Interfaces and Chassis
Support for local preference when selecting forwarding next-hops for load balancing (MX Series)—Starting in Junos OS Release 19.2R1, you can have traffic flows across aggregated Ethernet or logical-tunnel interfaces prefer local forwarding next-hops over remote ones, for example to ensure that the overall load on the fabric is reduced. [See local-bias for usage details.]
Support to collect and display PRBS statistics (MX10003 and MX204)—Starting in Junos OS Release 19.2R1, on MX10003 and MX204 routers, you can check the physical link connectivity by issuing the test interfaces ifd-name prbs-test-start pattern-type type direction (0|1) flip (0|1) that starts collecting the PRBS statistics.
The output of the show interfaces interface-name prbs-stats command displays the PRBS statistics while the test is in progress. These statistics are cleared after the test is complete or if it is stopped. You can stop collecting the statistics by issuing the test interfaces ifd-name prbs-test-stop direction (0|1) command.
Note While running PRBS statistics, the link will be down.
[See prbs-test-start, prbs-test-stop, show interfaces prbs-stats, Collecting Pseudo Random Bit Sequence (PRBS) Statistics.]
Domain Name System (DNS) is VRF aware (MX Series)—Starting in Junos OS Release 19.2R1, when the management-instance statement is configured at the [edit system] hierarchy level, you can use the non-default management routing instance mgmt_junos as the routing instance through which the DNS name server is reachable. To specify the routing instance mgmt_junos, configure our new configuration statement routing-instance mgmt_junos, at the [edit system name-server server-ip] hierarchy level.
[See Management Interface in a Nondefault Instance, Configuring a DNS Name Server for Resolving a Hostname into Addresses, name-server, and show host.]
SCBE3-MX interoperates with MPC10E-10C (MX240, MX480, and MX960)—Starting in Junos OS Release 19.2R1, the Enhanced Switch Control Board SCBE3-MX (model number: SCBE3-MX-S) supports fabric management on the MPC10E-10C line card on the MX240, MX480, and MX960 routers. The SCBE3-MX-S supports a pluggable Routing Engine and provides a control plane and data plane interconnect to each line card slot. The MPC10E-10C supports a bandwidth of up to 1 Tbps (800 Gbps with four planes and 1 Tbps with 5 or 6 planes). With MPC10E 15C line card, in a non-redundant configuration the SCBE3-MX provides fabric bandwidth of up to 1 Tbps per slot with four fabric planes and 1.5 Tbps per slot when all six fabric planes are used. Starting in this release, the MPC10E line cards support the standard midplane, which supports a bandwidth up to 800 Gbps per slot. Support for the enhanced midplane, which provides a bandwidth of 1.5 Tbps with MPC10E-15C and 1 Tbps with MPC10E-10C, is already available.
[See SCBE3-MX Description and MPC10E-15C-MRATE]
Support for QSFP-100GE-DWDM2 transceiver (MX204, MX10003, MX10008, and MX10016)—Starting in Junos OS Release 19.2R1, the MX204, MX10003, MX10008, and MX10016 routers support the QSFP-100GE-DWDM2 transceiver. The 100-Gbps bidirectional transceiver has a dual transmitter/receiver that enables it to transmit and receive data through a single optical fiber. You can perform the following actions when this transceiver is installed:
View the diagnostics data, warnings, and alarms for interfaces. [See show interfaces diagnostics optics.]
Clear the bit error rate (BER) counters. [See clear interfaces statistics.]
Obtain the transport, performance monitoring, and threshold crossing alert (TCA) information for interfaces. [See show interfaces transport pm.]
Clear the optics information from transport performance monitoring data. [See clear interfaces transport pm.]
Enable or disable TCAs. [See tca.]
Enable or disable loopback mode. [See optics-options.]
MPC10 distributed LACP support in PPM AFT (MX Series)—Starting in Junos OS Release 19.2R1, the MPC10E-15C-MRATE and MPC10E-10C-MRATE MPCs support distributed LACP in Periodic Packet Manager (ppman) Advanced Forwarding Toolkit (AFT).
Support for Routing Engine hard disk smart check (MX240, MX480, MX204, MX960, MX10008, MX2008, MX2020, MX10016, MX10000, MX2010, MX10002, and MX10003)—Starting in Junos OS Release 19.2R1, you can configure the device to perform certain health checks on the Routing Engine solid-state drive (SSD) and log a health event or raise an alarm in case a predefined health attribute threshold is breached. You can use the set chassis routing-engine disk smart-check command to instruct the system to raise an alarm when an SSD health attribute threshold is breached. You can view the alarm by using the command show chassis alarms.
[See smart-check]
Junos OS XML API and Scripting
Automation script library additions and upgrades (MX Series)—Starting in Junos OS Release 19.2R1, devices running Junos OS that support the Python extensions package include new and upgraded Python modules. Python automation scripts can leverage new on-box Python modules, including the
requests,chardet, andurllib3modules, as well as upgraded versions of theidna,ipaddress, andsixmodules. The Requests library provides additional methods for supporting initial deployments as well as for performing routine monitoring and configuration changes on devices running Junos OS.[See Overview of Python Modules Available on Devices Running Junos OS and Using the Requests Library for Python on Devices Running Junos OS.]
Junos Telemetry Interface
Inline active flow monitoring support using JTI (MPC10E-15C-MRATE line cards)—Starting in Junos OS Release 19.2R1, Junos Telemetry Interface (JTI) supports streaming inline active flow monitoring service-related statistics and errors counters for export to outside collectors at configurable intervals using remote procedure call (gRPC) services.
Use the following resource path to export statistics:
/junos/system/linecard/services/inline-jflow/To provision the sensor to export data through gRPC services, use the telemetrySubcribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.
[See Configuring Flow Aggregation on MX, M, vMX and T Series Routers and NFX250 to Use Version 9 Flow Templates, Guidelines for gRPC Sensors (Junos Telemetry Interface) and Understanding OpenCOnfig and gRPC on Junos Telemetry Interface.]
Packet Forwarding Engine support for JTI (MX2010 and MX2020 routers)—Starting in Junos OS Release 19.2R1, Junos telemetry interface (JTI) supports streaming of Packet Forwarding Engine statistics for MX2010 and MX2020 routers using Remote Procedure Calls (gRPC). gRPC is a protocol for configuration and retrieval of state information.
To provision the sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.
[See Guidelines for gRPC Sensors (Junos Telemetry Interface).]
Sensor- level statistics support on JTI (MX960, MX2008, MX2010, MX2020, PTX5000, PTX1000, and PTX10000 routers and QFX5100 and QFX5200 switches)—Starting with Junos OS Release 19.2R1, you can issue the Junos operational mode command show network-agent statistics to provide more information on a per-sensor level for statistics being streamed to an outside collector by means of remote procedure calls (gRPC) and Junos telemetry interface (JTI). Only sensors exported with gRPC are supported. The command does not support UDP-based sensors.
[See show network-agent statistics and Understanding OpenConfig and gRPC on Junos Telemetry Interface.]
ONCE mode supported using gNMI services and JTI (MX Series)—Starting in Junos OS Release 19.2R1, you can include the "ONCE" mode with the Subcribe RPC when subscribing to gRPC Network Management Interface (gNMI) services to export statistics for telemetry monitoring and management using Junos telemetry interface (JTI). ONCE mode ensures that the collector is only streamed telemetry information one time.
The Subscribe RPC and subscription parameters are defined in the gnmi.proto file.
Streaming telemetry data through gNMI also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.
[See Understanding OpenConfig and gRPC on Junos Telemetry Interface.]
Packet Forwarding Engine statistics export using gNMI and JTI (MX960, MX2008, MX2010 and MX2020 routers)—Starting in Junos OS Release 19.2R1, you can stream Packet Forwarding Engine statistics to an outside collector using gRPC Management Interface (gNMI) version 0.7.0 and Junos telemetry interface (JTI). Prior to this, these statistics were exported using OpenConfig gRPC and UDP protocol buffer (gpb) format. OpenConfig gRPC and gNMI are both protocols used to modify and retrieve configurations as well as export telemetry streams from a device in order to manage and monitor it
To provision Packet Forwarding Engine sensors to export data through gNMI, use the Subscribe RPC defined in the gnmi.proto to specify request parameters. This RPC already supports Routing Engine statistics to be exported by means of gNMI. Now, Packet Forwarding Engine sensors will also stream KV pairs in gNMI format for a majority of Packet Forwarding Engine sensors.
Streaming telemetry data through gNMI also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.
[See Guidelines for gRPC Sensors (Junos Telemetry Interface) and Understanding OpenCOnfig and gRPC on Junos Telemetry Interface.]
Broadband edge statistics support through JTI (MX Series)—Starting in Junos OS Release 19.2R1, subscriber-based telemetry streaming is enabled when an MX Series router is configured for Broadband Network Gateway (BNG) and Junos fusion where subscribers are connected through Junos fusion Satellite devices. You can use remote procedure calls (gRPC) to export broadband edge (BBE) telemetry statistics to external collectors. gRPC is a protocol for configuration and retrieval of state information.
You can stream all BBE resource paths except for the following:
/junos/system/subscriber-management/access-network/ancp/junos/system/subscriber-management/client-protocols/l2tp/junos/system/subscriber-management/infra/network/l2tp/
To stream BBE statistics, include a resource path starting with
/junos/system/subscriber-management/in your gRPC subscription.To provision the sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.
[See Guidelines for gRPC Sensors (Junos Telemetry Interface) and Understanding OpenCOnfig and gRPC on Junos Telemetry Interface.]
gRPC-based streaming telemetry support for subscriber service accounting statistics for JTI (MX Series 5G Universal Routing Platform)—Starting in Junos OS Release 19.2R1, you can enable service filter accounts statistics for subscribers using Junos telemetry interface (JTI) and remote procedure calls (gRPC). Service accounting statistics include IP protocol IPv4 family, IPv6 family, or both, as well as transmit and receive packets and bytes for subscriber service sessions.
To enable these statistics from an MX Series router, include the service-statistics statement at the [edit dynamic-profiles my-service-profile telemetry] hierarchy level.
To stream these statistics, include the resource path
/junos/system/subscriber-mamagement/dynamic-interfaces/interfaces/services/in your gRPC subscription to export the statistics to an outside collector.To provision the sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.
[See Guidelines for gRPC Sensors (Junos Telemetry Interface) service-statistics, and Enable Service Filter Accounting Statistics for Subscribers.]
FPC and optics support for JTI (MX Series)—Starting in Junos OS Release 19.2R1, Junos telemetry interface (JTI) supports streaming of Flexible PIC Concentrator (FPC) and optics statistics for the MX Series router using remote procedure calls (gRPC). gRPC is a protocol for configuration and retrieval of state information. This feature effort includes the addition of a new process (SensorD daemon) to export telemetry data for integration with AFTTelementry and LibTelemetry libraries in the OpenConfig model called AFT platform.
The following base resource paths are supported:
/junos/system/linecard/environment//junos/system/linecard/optics//junos/system/linecard/optics/optics-diag[if-name =])/junos/system/linecard/optics/optics-diag/if-name/junos/system/linecard/optics/optics-diag/snmp-if-index/junos/system/linecard/optics/lane[lane_number=]/
To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.
[See Guidelines for gRPC Sensors (Junos Telemetry Interface).]
Specify Routing Instance for JTI (ACX Series, MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 19.2R1, you can specify the routing instance to use for remote procedure call (gRPC) services. Include the routing-instance instance-name at the [edit system services extension-service request-response grpc] hierarchy level. The routing instance name specified should match the name of the existing routing instance, such as a name configured under the [routing-instances] hierarchy level or mgmt_junos if system management-instance is configured (the dedicated management routing instance).
Configuring the routing instance lets you choose the VRF for gRPC services. When the routing instance is not configured, the default behavior is that all gRPC-related services are available through the management fxp0/em0) interface.
Layer 2 VPN
Support for group key acknowledgment messages (MX Series)—Starting with Junos OS Release 19.2R1, Junos OS supports group members sending acknowledgment messages as defined in RFC 8263 in response to group key push messages sent by group controllers and key servers. The group member sends acknowledgment messages when it receives a group key push message with a standard KEK_ACK_REQUESTED value of 9 in the SA KEK payload as defined in RFC 8263 or a KEK_ACK_REQUESTED value of 129 that is used in older key servers. No additional configuration is required.
[See Group VPNv2 Overview.]
Layer 2 Features
Support for basic Layer 2 features on MPC10E-15C-MRATE line card (MX Series)—Starting in Junos OS Release 19.2R1, MPC10E-15C-MRATE line card supports the following basic Layer 2 features:
Layer 2 bridging with trunk and access modes
MAC learning and aging
Handling BUM (broadcast, unknown unicast and multicast) traffic, including split horizon
MAC move
Layer 2 forwarding and flooding statics
Mesh groups
Static MAC addresses
MAC learning and forwarding on AE interfaces
Bridging on untagged interfaces
Basic Q-n-Q tunneling (without VLAN-translation and VLAN map operations)
[See Understanding Layer 2 Bridge Domains, Understanding Layer 2 Learning and Forwarding.]
Layer 3 Features
MPC10E-10C and MPC10E-15C support layer 3 routing features (MX240, MX480, and MX960)—Starting in Junos OS Release 19.2R1, MPC10E-10C and MPC10E-15C line cards support the following features in hyper-mode:
Configuring ICMP redirects and generating ICMP redirect messages.
Padding VLAN packets to a minimum frame size of 68 bytes, by using the existing command set interfaces interface-name gigether-options pad-to-minimum-frame-size.
Collecting interface family statistics for IPv4 and IPv6, by using the existing command show interfaces statistics detail interface-name.
See Understanding the Hyper Mode Feature on Enhanced MPCs for MX Series Routers and EX9200 Switches
MPLS
Dynamic creation of segment routing LSPs using BGP protocol next hops (MX Series)—Starting in Junos OS Release 19.2R1, you can configure tunnel templates on colored and non-colored segment routing traffic-engineered (SR-TE) paths. These templates enable dynamic creation of segment routing tunnels using protocol next hops with BGP prefixes to resolve destination segment identifiers (SIDs).
With this feature, you can benefit from reduced configuration, especially when the network deployment requires connectivity from each provider edge (PE) device to every other PE device.
CSC support for MPLS-over-UDP tunnels (MX Series with MPC and MIC and VMX)—Starting in Junos Release 19.2R1, carrier supporting carrier (CSC) architecture can be deployed with MPLS-over-UDP tunnels carrying MPLS traffic over dynamic IPv4 UDP tunnels that are established between supporting carrier's provider edge (PE) devices. With this enhancement, the scaling advantage that the MPLS-over-UDP tunnels provided is further increased. This feature is not supported on IPv6 UDP tunnels.
[See Example: Configuring Next-Hop-Based MPLS-Over-UDP Dynamic Tunnels.]
Network Management and Monitoring
Support for displaying valid user input in the CLI for command options and configuration statements in custom YANG data models (MX Series)—Starting in Junos OS Release 19.2R1, the CLI displays the set of possible values for a given command option or configuration statement in a custom YANG data model when you include the
action-expandextension statement in the option or statement definition and reference a script that handles the logic. Theaction-expandstatement must include thescriptchild statement, which defines the Python action script that is invoked when a user requests context-sensitive help in the CLI for the value of that option or statement.Support for Synchronous Ethernet with ESMC on JNP10K-LC2101 (MX10008 and MX10016)—Starting in Junos OS Release 19.2R1, the JNP10K-LC2101 line card supports Synchronous Ethernet (SyncE) with ESMC. Synchronous Ethernet is a physical layer technology that is used to transfer clock signals over Ethernet interfaces. ESMC transmits Synchronization Status Message (SSM) information, which is the quality level of the transmitting synchronous Ethernet equipment clock (EEC), by using ESMC protocol data units (PDUs). This support allows you to configure BITS-0 (external-0) and BITS-1 (external-1) ports as clock sources or outputs on master Routing and Control Board (JNP10K-RE1). You can also configure a GPS (external-2) port as a clock source on master Routing and Control Board. This feature also supports SyncE over aggregated Ethernet (AE).
Note Only the GPS port and BITS ports that are configured on master RCB are active.
[Centralized Clocking Overview and Understanding ESMC Quality Level Mapping]
Support for optimizing the SNMP walk execution time for IPsec statistics (MX Series)—Starting in Junos OS Release 19.2R1, you can optimize the SNMP walk execution time for IPsec statistics. To achieve this optimization, increase the cache lifetime of the IPsec related information (for example statistics and SA information) so that a single SNMP walk request is served for N number of IPsec Security Associations (SAs) with N number of queries made to the service PIC. IPsec statistics are now fetched by the burst mode, thereby reducing the load on the Routing Engine daemon, kmd. For different scale needs, we may have to tweak the hidden SNMP knob parameters, for example, with Dead Peer detection (DPD) having more number of tunnels without traffic and simultaneous SNMP walks.
Port Security
Fallback PSK for Media Access Control Security (MACsec) (MX Series)—Starting in Junos OS Release 19.2R1, fallback PSK for MACsec is supported on MX Series routers that support MACsec. The fallback PSK provides functionality to establish a secure session in the event that the primary PSKs on each end of a MACsec-secured link do not match.
[See Configuring Media Access Control Security (MACsec) on MX Series Routers.]
Routing Policy and Firewall Filters
Support for CCC and Layer 3 firewall forwarding on MPC10E-15C-MRATE line cards (MX Series)—Starting with Junos OS Release 19.2R1, circuit cross-connect (CCC) traffic and Layer 3 firewall forwarding features are supported on MPC10E-15C-MRATE line cards.
[See CCC Overview and Protocols and Applications Supported by the MPC10E-15C-MRATE.]
Routing Protocols
MPC10 Inline BFD support (MX Series)—Starting in Junos OS Release 19.2, MPC10 MPCs support inline BFD features, excluding micro BFD and BFD sessions with authentication.
Support for IPv6 fragment reassembly for v4ov6 dynamic tunnels—Starting in Junos OS Release 19.2R1, you can configure an additional attribute, dynamic-tunnel-reassembly-enable for reassembling IPv6 fragments before the termination of v4ov6 tunnels. The fragment reassembly feature is disabled by default. IPv6 fragments are discarded when this feature is not enabled.
IPv6 reassembly for v4ov6 tunnels (MX Series)—Starting in Junos OS 19.2R1, you can enable the MX chassis to perform IPV6 fragment reassembly for forwarding Ipv4 traffic. When the dynamic-tunel-reassembly is configured, the tunnels using the attribute would be setup for reassembling the IPv6 fragments before the termination of v4ov6 tunnels. By default, this attribute is turned off and the tunnels are set up to discard the IPv6 fragments.
To enable IPv6 fragment reassembly for forwarding Ipv4 traffic, use set dynamic-tunnel-reassembly on statement at the [edit routing-options dynamic-tunnels tunnel-attributes <dynamic-tunnel-name>] hierarchy level.
[See dynamic-tunnel-reassembly.]
Map single IPv6 anycast address on multiple anchor Packet Forwarding Engines (MX240, MX480, MX960, MX2020)—Starting in Junos OS Release 19.2R1, you can assign the same IPv6 anycast address to multiple anchor Packet Forwarding Engines to manage high traffic from CPE to internet. By default, this feature is disabled. Prior to Junos OS Release 19.2R1, you can assign an anycast address only to a single Packet Forwarding Engine and the maximum v4ov6 tunnel scale per Packet Forwarding Engine in MX Series is 150k. This restricts a single anycast address to be used for 150k tunnels.
To configure the same source address over multiple tunnel-attributes, use set v4ov6 ipv6-anycast-source-duplication statement at the [edit routing-options dynamic-tunnels] hierarchy level.
If v4ov6 packets are fragmented, the fragmented packets get steered to one of the anchor Packet Forwarding Engines for IPv6 reassembly processing. To steer the traffic to the correct anchor, Packet Forwarding Engine needs information about the range of IPv4 prefixes that goes over a particular tunnel. To get the range of IPv4 prefixes that goes over a particular tunnel, use set get-route-range statement at the [edit policy-options policy-statement <policy-name> term <term-name> from route-filter <route-filter-value> <range>] hierarchy level.
[See v4ov6 and get-route-range.]
Support for export of BGP Local RIB through BGP Monitoring Protocol (BMP) (MX Series)—Starting in Junos OS Release 19.2R1, BMP is enhanced to support monitoring of local RIB (loc-rib) policy. The loc-rib policy is added to RIB types under the bmp route-monitoring statement.
Support for BGP routes with N-Multipath primary and 1-Protection backup gateway (MX Series)—Starting in Junos OS 19.2R1, the following enhancements are made to the Junos OS:
Support N+1 formation for BGP labelled unicast protection (LU).
Support N+1 formation for BGP PIC (IPv4, IPv6, LU).
Support for hetero-nexthops (ListNH) in such N+1 formations.
Support for KRT to defer fib-update if BGP-multipath is in progress.
Removed restriction to use delay-route-advertisement statement for IPv4 labeled-unicast.
Four new options import, install-address <address>, no-install, and rib (inet.0 | inet6.0) are added under the egress-te statement.
A new configuration statement allow-protection is introduced to allow protection for multipath legs. To allow protection for multipath legs, use set allow-protection statement at the [edit protocols bgp multipath] hierarchy level.
A new option always-wait-for-krt-drain is introduced under delay-route-advertisement statement to make more-specific BGP-routes re-advertisement to wait for KRT-queue to drain. To configure this, use set always-wait-for-krt-drain at the [edit protocols bgp family inet unicast delay-route-advertisements] hierarchy level.
[See allow-protection (Multipath), delay-route-advertisements and egress-te.]
Security
Juniper Malware Removal Tool—Starting in Junos OS Release 19.2R1, the Juniper Malware Removal Tool (JMRT) can be used to scan and remove malware running on Junos OS devices. To run JMRT, use the operational commands under the request system malware-scan hierarchy. There are 2 types of scans you can perform with JMRT:
Quick—Scan each running program file.Veriexec check—Check if verified execution is enabled.[See request system malware-scan.]
Services Applications
Support for IPv6 BGP next-hop address in IPv6 and MPLS-IPv6 inline flow record templates(MX Series)—Starting in Junos OS Release 19.2R1, a new element, IPv6 BGP NextHop Address, is available in the the IPv6 inline flow record template and the MPLS-IPv6 inline flow record template to add support for IPv6 BGP NextHop information element. The new element is supported on both version 9 and version 10 (IPFIX) export formats. The element ID is 63 and the element size is 16 bytes.
IPv4 and IPv6 version 9 templates for inline active flow monitoring (MPC10E-15C-MRATE on MX Series)—Starting in Junos OS Release 19.2R1, while configuring inline active flow monitoring, you can apply version 9 flow templates to define a flow record template suitable for IPv4 or IPv6 traffic.
Support for Two-Way Active Measurement Protocol (TWAMP) on MPC10E-15C-MRATE line card—Starting in Junos OS Release 19.2R1, TWAMP is supported on MPC10E line card on the MX240, MX480, and MX960 routers. TWAMP defines a standard for measuring IPv4 performance between two devices in a network. You can use the TWAMP-Control protocol to set up performance measurement sessions between a TWAMP client and a TWAMP server, and use the TWAMP-Test protocol to send and receive performance measurement probes.
Configuring the TWAMP client instance to use si-x/y/z as the destination interface (which enables inline services) is not supported if the router has an MPC10E-15C-MRATE installed in the chassis. You can configure only the none authentication mode on the line card.
[See Understanding Two-Way Active Measurement Protocol on Routers]
DS-Lite support on MX Virtual Chassis and MX BNG—Starting in Junos OS Release 19.2R1, the MX Series Virtual Chassis and MX Series broadband network gateway (BNG) support dual-stack lite (DS-Lite). DS-Lite uses IPv4-over-IPv6 tunnels to traverse an IPv6 access network to reach a carrier-grade IPv4-IPv4 NAT. DS-Lite enables the phased introduction of IPv6 on the Internet by providing backward compatibility with IPv4.
DS-Lite on the MX Series Virtual Chassis and MX Series BNG does not support the following:
Application Layer Gateways (ALGs)
Limits per subnet
Clearing NAT mappings and flows for a specific subscriber, for a basic bridging broadband device (B4), or for a specific service set
Port Control Protocol
[See Tunneling Services for IPv4-to-IPv6 Transition Overview.]
Hardware timestamping of RPM probe messages—Starting in Junos OS Releases 19.2R1, you can enable timestamps on RPM probes messages in the Packet Forwarding Engine host processor for the following line cards:.
MPC10E-15C-MRATE line card on MX240, MX480, and MX960 routers
MPC11E line card on MX2008, MX2010, and MX2020 routers
You can use the following configuration statements at the [edit services rpm probe owner test test-name] hierarchy level:
hardware-timestamp—Enables timestamping of RPM probe messages in the Packet Forwarding Engine host Processor.
one-way-hardware-timestamp—Enables timestamping of RPM probe messages for one-way delay and jitter measurements.
These configuration statements are supported only with icmp-ping, icmp-ping-timestamp, udp-ping, and udp-ping-timestamp probe types.
See [hardware-timestamp]
Understanding Using Probes for Real-Time Performance Monitoring on M, T, PTX and MX Series Routers
Increased number of AMS members supported on single chassis (MX2020)—Starting in Junos OS Release 19.2R1, you can configure up to 60 MS-PICs as part of aggregated multiservices (AMS) bundles on a single chassis. The configuration supports backup and load-balancing mode (N:1) and all active mode (N:0) with both next-hop style services and interface style services of configurations.
IPFIX flow-cache support (MX150) —Starting in Junos OS Release 19.2R1, the flow cache infrastructure support is extended to IPFIX to provide improved throughput with IPFIX service enabled. In earlier releases, without flow cache support for IPFIX, all data traffic would take the microcode path which is much slower than flow cache. With this feature, the unsampled traffic gets forwarded using flow cache which results in better throughput.
Software Defined Networking
PCE-initiated bypass LSPs (MX Series)—Starting in Junos OS Release 19.2R1, the Path Computation Element Protocol (PCEP) functionality is extended to allow a stateful Path Computation Element (PCE) to initiate, provision, and manage bypass label-switched paths (LSPs) for a protected interface. Multiple bypass LSPs with bandwidth reservation can be initiated by the PCE to protect a resource.
With this feature, you can benefit from the LSP state synchronization of manual, dynamic, and PCE-initiated bypass LSPs from a PCE, and leverage on the PCE’s global view of the network, resulting in better control over traffic at the time of a failure, and deterministic path computation of protection paths.
[See Support of the Path Computation Element Protocol for RSVP-TE Overview.]
Support for unified ISSU on abstracted fabric interfaces (MX480, MX960, MX2010, MX2020, MX2008)—Starting in Junos OS Release 19.2R1, abstracted fabric (af) interfaces, configured for Junos Node Slicing, support unified in-service software upgrade (ISSU). Unified ISSU enables an upgrade between two Junos OS releases with no disruption on the control plane and with minimal disruption of traffic.
Note Since the af interface traffic is load balanced across all available Packet Forwarding Engines, the traffic loss on an AF interface during ISSU might be higher, compared to the traffic loss on a regular interface.
An af interface is a pseudo interface that represents a first class Ethernet interface behavior. An AF interface facilitates routing control and management traffic between guest network functions (GNFs) through the switch fabric.
Centralized assignment of unique MAC addresses to GNFs (MX960, MX2008, MX2010, and MX2020)—Starting in Junos OS Release 19.2R1, Junos node slicing supports the assignment of a globally unique MAC address range (supplied by Juniper Networks) for GNFs. To receive the globally unique MAC address range for the GNFs, contact your Juniper Networks representative and provide your GNF license SSRN (Software Support Reference Number), which will have been shipped to you electronically upon your purchase of the GNF license. For each GNF license, you will then be provided an ‘augmented SSRN’, which includes the globally unique MAC address range assigned by Juniper Networks for that GNF license. You must then configure this augmented SSRN at the JDM CLI as follows:
set system vnf-license-supplement vnf-id gnf-id license-supplement-string augmented-ssrn-string.
Support for IPSec, stateful firewal, and CGNAT services on MS-MPCs over abstracted fabric interfaces (MX480, MX960, MX2010, and MX2020)—Starting in Junos OS Release 19.2R1, guest network functions (GNF) support Layer 3 services such as Carrier-Grade Network Address Translation (CGNAT), stateful firewall, and IP Security (IPsec) on Multiservices MPCs (MS-MPCs) over abstracted fabric (af) interfaces.
MX2008 routers support in-chassis Junos node slicing (MX Series)—Starting in Junos OS Release 19.2R1, MX2008 routers support the in-chassis model of Junos node slicing deployment. In the in-chassis model, the base system (BSYS), Juniper Device Manager (JDM), and all guest network functions (GNFs) run within the Routing Engine of the MX Series router. To support in-chassis Junos node slicing, the MX2008 must have the outing ngine REMX2008-X8-128G installed.
[See Configuring MX Series Router to Operate in In-Chassis Mode]
Software Installation and Upgrade
The curl binary is packaged and made available on all Junos OS variants (MX Series)—The curl binary is a command-line utility, used from the shell, that you can use to perform operations over several transport protocols, including the following: dict, file, ftp, gopher, http, imap, pop3, rtsp, smtp, telnet, tftp. The features enabled on Junos OS are curl version 7.59, libcurl version 7.59.
Subscriber Management and Services
Support for M:N subscriber redundancy on BNGs (MX Series)—Starting in Junos OS Release 19.2R1, you can configure broadband network gateways (BNGs) to provide interface-level redundancy for DHCP subscribers that are on the same static VLAN and use the same access interface. Failover from master to backup BNG is transparent to the clients because the subscriber sessions remain up. You must configure DHCP active leasequery with topology discovery on peer DHCP relay agents on the master and backup BNGs to support the redundancy.
[See M:N Subscriber Redundancy.]
Support for Interface-Level Redundancy with DHCP Topology Discovery (MX Series)—Starting in Junos OS Release 19.2R1, you can configure DHCP active leasequery with topology discovery to provide interface-level subscriber redundancy between peer relay agents. Topology discovery enables master and backup peer relay agents to determine the access interfaces on peers that correspond to their own local access interfaces for servicing subscriber redundancy groups. During synchronization, DHCP translates the subscriber binding information to use the local interface on the backup instead of the interface on the master. You must use topology discovery when you configure M:N subscriber redundancy.
[See DHCP Active Leasequery.]
Support for fixed wireless access subscribers on BNGs (MX Series)—Starting in Junos OS Release 19.2R1, you can configure the broadband network gateway (BNG) to support subscribers that use a fixed wireless network. Providers use a wireless network for subscriber access over the air instead of than running fiber to the home. The wireless infrastructure saves costs and reduces complexity compared to the fiber network. The BNG acts as the Third-Generation Partnership Project (3GPP) System Architecture Evolution Gateway (SAEGW). The SAEGW incorporates the functions of both the Serving Gateway (SGW) and the Packet Data Network Gateway (PGW). The SGW function routes and forwards user data packets. The PGW function provides connectivity to external packet data networks
System Management
Support for transferring accounting statistics files and router configuration archives using HTTP URL (MX Series)—Starting in Junos OS Release 19.2R1, you can transfer accounting statistics files and router configuration archives to remote servers by using an HTTP URL. In addition to SCP and FTP, the following HTTP URL will be supported under the archive-sites statement:
http://username@host:url-path password password
To transfer accounting statistics files, configure archive-sites under [edit accounting-options file <filename>] hierarchy.
To transfer router configuration archival, configure archive-sites under edit system archival configuration hierarchy.
To view the statistics of transfer attempted, succeeded, and failed, use the show accounting server statistics archival-transfer command.
To clear the statistics of transfer attempted, succeeded, and failed, use the clear accounting server statistics archival-transfer command.
[See archive-sites, Backing Up Configurations to an Archive Site, show accounting server statistics archival-transfer, and clear accounting server statistics archival-transfer].
Timing and Synchronization
Support for Synchronous Ethernet with ESMC on MPC10E-15C-MRATE (MX240, MX480, MX960)—Starting in Junos OS Release 19.2R1, MPC10E-15C-MRATE supports Synchronous Ethernet with ESMC. Synchronous Ethernet is a physical layer technology that is used to transfer clock signals over Ethernet interfaces. It supports hop-by-hop frequency transfer, where all interfaces on the trail must support Synchronous Ethernet.
ESMC is a logical communication channel. It transmits Synchronization Status Message (SSM) information, which is the quality level of the transmitting synchronous Ethernet equipment clock (EEC), by using ESMC protocol data units (PDUs).
What's Changed
Learn about what changed in Junos OS main and maintenance releases for MX Series routers.
What’s Changed in Release 19.2R3-S1
Infrastructure
Change in support for interface-transmit-statistics statement (MX Series)—You cannot configure aggregated Ethernet interfaces to capture and report the actual transmitted load statistics by using the interface-transmit-statistics statement. Aggregated Ethernet interfaces do not support reporting of the transmitted load statistics. The interface-transmit-statistics statement is not supported in the aggregated Ethernet interfaces hierarchy. In earlier releases, the interface-transmit-statistics statement was available in the aggregated Ethernet interfaces hierarchy but not supported.
What’s Changed in Release 19.2R3
General Routing
Advertising /32 secondary loopback addresses to traffic engineering database as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—We've made changes to export multiple loopback addresses to the lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router IDs instead of prefixes. In earlier releases, we added multiple secondary loopback addresses in the traffic engineering database to the lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router ID.
Command to view summary information for resource monitor (MX Series routers and EX9200 line of switches)—You can use the show system resource-monitor command to view statistics about the use of memory resources for all line cards or for a specific line card in the device. The command also displays information about the status of load throttling, which manages how much memory is used before the device acts to reduce consumption.
See show system resource-monitor and Resource Monitoring for Subscriber Management and Services.
Juniper Extension Toolkit (JET)
Set the trace log to only show error messages (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series)—You can set the verbosity of the trace log to only show error messages using the error option at the [edit system services extension-service traceoptions level] hierarchy.
[See traceoptions (Services).]
Network Management and Monitoring
Enhancement to the show snmp mib command– Starting in Junos OS Release 19.2R3, a new option, hex, is supported to display the SNMP object values in the hexadecimal format. In earlier releases, the show snmp mib command displays the SNMP object values in ASCII and decimal format only.
[ See show snmp mib.]
Routing Protocols
Advertising /32 secondary loopback addresses to Traffic Engineering Database (TED) as prefixes (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—In Junos OS Release, multiple loopback addresses export into lsdist.0 and lsdist.1 routing tables as prefixes. This eliminates the issue of advertising secondary loopback addresses as router-ids instead of prefixes. In earlier Junos OS releases, multiple secondary loopback addresses in TED were added into lsdist.0 and lsdist.1 routing tables as part of node characteristics and advertised them as the router-id.
Services Applications
New option for configuring delay in IPsec SA installation—In Junos OS Release 19.2R3, you can configure the natt-install-interval seconds option at the [edit services ipsec-vpn rule rule-name term term-name then dynamic] hierarchy level to specify the duration of delay in installing IPsec SA in a NAT-T scenario soon after the IPsec SA negotiation is complete. The default value is 0 seconds.
Subscriber Management and Services
Improved tunnel session limits display (MX Series)—Starting in Junos OS Release 19.2R3, the show services l2tp tunnel extensive command displays the configured value for maximum tunnel sessions. On both the LAC and the LNS, this value is the minimum from the global chassis value, the tunnel profile value, and the value of the Juniper Networks VSA, Tunnel-Max-Sessions (26–33). On the LNS, the configured host profile value is also considered.
In earlier releases, the command displays the value 512,000 on the LAC and the configured host profile value on the LNS.
[See Limiting the Number of L2TP Sessions Allowed by the LAC or LNS.]
What’s Changed in Release 19.2R2
General Routing
User confirmation prompt for configuring the suboptions of request vmhost commands (MX Series and PTX series)—While you are configuring the following request vmhost commands, the CLI now prompts you to confirm your choice with a [yes,no] prompt for the suboptions also.
request vmhost reboot
request vmhost poweroff
request vmhost halt
In earlier Junos OS releases, the confirmation prompt is available for only the main options.
Logical Interface is created along with physical Interface by default (EX Series switches, QFX Series switches, MX Series routers)—The logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces were created. For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), was displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.
LLDP ON_CHANGE statistics support with JTI (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series)—Enhanced telemetry ON_CHANGE event support provides the following LLDP attributes:
- When LLDP is enabled on interfaces, LLDP interface counters are notified along with other interface-level attributes.
- ON_CHANGE event reports LLDP neighbor age and custom TLVs, as well as when a neighbor is initially discovered.
[See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface)].
Precision Time Protocol (PTP) interface configuration (MX2020, MX2010, MX480, MX960, and MX240)—Remove the aggregated Ethernet interface association and upgrade the device when configuring PTP interface.
Junos OS XML API and Scripting
Root XML tag change for show rsvp pop-and-forward | display xml command (MX480)—We’ve changed the root XML tag for the show rsvp pop-and-forward | display xml command to rsvp-pop-and-fwd-information to make it consistent with the XML tag convention. In earlier releases, the command output displays rsvp-pop-and-fwd-info XML tag. Update the scripts with the rsvp-pop-and-fwd-info XML tag to reflect the new rsvp-pop-and-fwd-information XML tag.
Interfaces and Chassis
Change in error severity (MX960, MX240, MX2020, MX480, MX2008, and MX2010)—Starting in Junos OS Release 19.2R2, we have reduced the severity of the CRC errors (XR2CHIP_ASIC_JGCI_FATAL_CRC_ERROR) from Fatal to Major. Earlier, these errors caused the line card to be reset, if the CLI command interasic-linkerror-recovery-enable was configured. Now, these errors only disable the Packet Forwarding Engines that are affected. With this change, the interasic-linkerror-recovery-enable configuration has no effect when these errors occur because of the reduced severity.
Note This behavior change is applicable to the following line cards only: MPC5E, MPC6 MPC7, MPC8, and MPC9.
Logical Interface created along with physical Interface by default (MX Series routers)—The logical interfaces are created on ge-, et-, and xe- interfaces along with the physical interface, by default. In earlier Junos OS releases, by default, only physical interfaces are created.
For example, for ge- interfaces, when you view the show interfaces command in earlier releases, by default, only the physical interface (for example, ge-0/0/0), is displayed. Now, the logical interface (for example, ge-0/0/0.16386) is also displayed.
Support for creating Layer 2 logical interfaces independently (ACX Series, EX Series, MX Series, PTX Series, and QFX Series)—In Junos OS Releases 18.4R1, 18.4R2, 19.1R1, 19.1R2, 19.2R2, and later, MX Series routers support creating Layer 2 logical interfaces independent of the Layer 2 routing-instance type. That is, you can configure and commit the Layer 2 logical interfaces separately and add the interfaces to the bridge domain or Ethernet VPN (EVPN) routing instance separately. Note that the Layer 2 logical interfaces work fine only when they are added to the bridge domain or EVPN routing instance.
In earlier Junos OS releases, when you use a Layer 2 logical interface configuration (units with encapsulation vlan-bridge configuration), then you must add the logical interface as part of a bridge domain or EVPN routing instance for the commit to succeed.
Enhancement to the show interfaces mc-ae extensive command—You can now view additional LACP information about the LACP partner system ID when you run the show interfaces mc-ae extensive command. The output now displays the following two additional fields:
Local Partner System ID—LACP partner system ID as seen by the local node.
Peer Partner System ID—LACP partner system ID as seen by the MC-AE peer node.
Previously, the show interfaces mc-ae extensive command did not display these additional fields.
MPLS
Deprecated statement (MX Series)—Starting in Junos OS Release 19.2R2, we have deprecated the preference statement at the [edit protocols source-packet-routing source-routing-path name] hierarchy level. This is because you could have two different sequences of the same route, wherein the active route entry that is selected can be different.
Network Management and Monitoring
Change in startup notification after GRES (MX Series routers)—The master Routing Engine sends a coldStart notification when a device comes up. The master Routing Engine also sends warmStart notifications for subsequent restarts of the SNMP daemon. After graceful routing engine switchover (GRES) the new master Routing Engine sends a single warmStart notification and the backup Routing Engine does not send any notification. In earlier releases, after GRES, the new master Routing Engine would sometimes send two notifications or a single notification. Of these, the first notification was always a coldStart notification and the second was either a coldStart notification or a warmStart notification.
OAM
Performance monitoring history data is lost when a change in number of supported history records is detected (ACX Series and MX Series)—In Junos OS Release 19.2R2, when Ethernet connectivity fault management starts, it detects the number of history records supported by the existing Performance Monitoring history database and if there is any change from the number of history records supported (that is, 12) in Release 19.2R2, then the existing Performance Monitoring history database is cleared and all performance monitoring sessions are restarted with mi-index 1.
Platform and Infrastructure
NTP Boot Server configuration (MX204, MX960, MX10003, MX10002, MX10016, MX10000, MX480, MX104, MX10008, MX240, MX2010, MXTSR80, MX80, MX2008, MX150, and MX2020)—Use set ntp server address | hostname command to set the correct time when we boot the router instead of boot-server address | hostname.
[See Synchronizing and Coordinating Time Distribution Using NTP.]
Routing Protocols
XML RPC equivalent included for the show bgp output-scheduler | display xml rpc CLI command (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 19.2R2, we have included an XML RPC equivalent for the show bgp output-scheduler | display xml rpc CLI command. In Junos OS releases before Release 19.2R2, the show bgp output-scheduler | display xml rpc CLI command does not have an XML RPC equivalent.
[See show bgp output-scheduler.]
Automatic installation of YANG-based CLI for RIFT protocol (MX Series, QFX Series, and vMX with 64-bit and x86-based servers)—In Rift 1.2 Release, installation of the CLI for RIFT protocol occurs automatically along with the installation of the junos-rift package. In the pre-1.0 releases of the junos-rift package, the RIFT CLI had to be installed separately using request system yang command after installation of the junos-rift package.
Services Applications
Update to CLI option for configuring the version number to distinguish between currently supported version of the Internet draft draft-ietf-softwire-map-03 (MX Series Services Applications)—In Junos OS Release 19.2R2, the version-3 option under the [edit services softwire softwire-concentrator map-e] hierarchy is optional. The version number helps distinguish between the currently supported version of the Internet draft draft-ietf-softwire-map-03 is optional. In earlier Junos OS releases, if you do not configure the version-3 option, the configuration results in an error.
[See map-e.]
Change in NAT port block syslog message display (MX Series routers)—When you configure a softwire prefix other than 128, all the JSERVICES_NAT_PORT_BLOCK logs now display the prefixed B4 address. We have modified the following JSERVICES_NAT_PORT_BLOCK logs:
JSERVICES_NAT_PORT_BLOCK_ALLOC
JSERVICES_NAT_PORT_BLOCK_RELEASE
JSERVICES_NAT_PORT_BLOCK_ACTIVE
In earlier releases of Junos OS, when a softwire prefix is configured, some of the B4 addresses displayed in the JSERVICES_NAT_PORT_BLOCK log are /128 addresses (irrespective of the configured prefix). This change is not observed when the softwire prefix is not configured.
Software Defined Networking (SDN)
Increase in the maximum value of delegation-cleanup-timeout (MX Series)—You can now configure a maximum of 2,147,483,647 seconds as the delegation cleanup time for a Path Computation Client (PCC). This extends the time taken by the PCC to retain the last provided path over a PCEP session from the last session down time.
With the increase in the maximum value of delegation-cleanup-timeout from 600 to 2,147,483,647 seconds, you can benefit during a Path Computation Element (PCE) failover, or other network issues that may disrupt the PCEP session with the main active stateful PCE.
[See delegation-cleanup-timeout.]
Subscriber Management and Services
Enhancement to commands to display reason for Routing Engine disconnect (MX Series)—Starting in Junos OS Release 19.2R2, several commands display the reason when the master and standby Routing Engines disconnect because of a memory mismatch error. On a chassis with two Routing Engines, a DRAM size mismatch error can result when both of the following are true:
The Routing Engines have different amounts of DRAM.
A 64-bit Junos OS image is loaded on the chassis.
You can avoid this problem by doing either of the following:
Ensure that both Routing Engines have the same amount of DRAM.
Load a 32-bit image.
The show database-replication summary and show system subscriber-management summary commands display the DRAM mismatch as the reason in the Disconnection field. The request chassis routing-engine master switch check command displays an error message if the DRAM size is different for the two Routing Engines.
Prevent queue-based throttling from stopping subscriber login (MX Series)—Starting in Junos OS Release 19.2R2, you can specify a value of 0 with the high-cos-queue-threshold statement. This value prevents any subscriber from being throttled by queue-based throttling.
XML output format change for test aaa type user commands (MX Series)—Starting in Junos OS Release 19.2R2, the XML output format changes for the test aaa authd-lite user, test aaa dhcp user, and test aaa ppp user commands. Each RADIUS server attribute name has an associated attribute value. Each of these pairs is now enclosed by the <radius-server-data> tag. The new tag makes it easier to recognize the name/value pairs, both for operators and API clients. You may have to change any scripts that use the XML output to work properly with the new format.
Support for Pseudowire Physical Interface for ANCP Autoconfiguration (MX Series)—Starting in Junos OS Release 19.2R2, you can associate an ANCP neighbor with a subscriber-facing pseudowire physical interface for ANCP autoconfiguration of VLANs. When configured, ANCP Port Up and Port Down messages received on the interface trigger notifications to the autoconfiguration daemon (autoconfd) to initiate VLAN creation (Port Up) or removal (Port Down). In earlier releases, ANCP supports only the following physical interface types for this feature: aggregated Ethernet (ae), Gigabit Ethernet (ge), 10-Gigabit Ethernet (xe), 100-Gigabit Ethernet (et), and demux.
What’s Changed in Release 19.2R1
EVPN
Support for disabling automatic ESI generation (MX Series and QFX Series)—Starting with Junos OS Release 19.2R1, Junos OS supports disabling the automatic ESI generation for virtual gateway addresses. We recommend that you disable the automatic ESI generation for EVPN networks with edge-routed bridging to improve performance. To disable automatic ESI generation, include the no-auto-virtual-gateway-esi statement at the [edit interfaces name irb unit logical-unit-number] hierarchy level.
Interfaces and Chassis
Deprecation of the [edit fabric protocols bgp] hierarchy level (MX Series)—Starting in Junos OS Release 19.2R1 and later, the [edit fabric protocols bgp] hierarchy level is deprecated.
Support to get Optics Loopback Status for QSFP-100GE-DWDM2 transceivers (MX Series)—In Junos OS Release 19.2R1, and later, on MX Series routers, you can get the optics loopback status of QSFP-100GE-DWDM2 transceivers along with the regular ethernet loopback status by issuing the show interfaces interface-name or show interfaces interface-name brief command. New Output field Optics Loopback is added under Link-level type when show interfaces interface-name CLI command is executed.
Monitoring information available only in Trace log (MX Series)—In Junos OS Release 19.2R1 and later, the Ethernet link fault management daemon (lfmd) in the peer router stops monitoring the locally occurred errors until ISSU completes. You can view the monitoring-related details only through the trace log file.
Health check for power supplies (MX10008 and MX10016)—Starting in Junos OS Release 19.2R1, on the MX10008 and MX10016 routers, the show chassis environment pem command displays the health check information about the DC or AC Power supplies. For any power supply that does not support health check, the status is shown as Unsupported. The system starts health check of a power supply only if the power consumption exceeds 7 KW.
MPLS
New debug statistics counter (MX Series)—The show system statistics mpls command has a new output field, called Packets dropped, over p2mp composite nexthop, to record the packet drops over composite point-to-multipoint next hops.
IPv4 explicit-null label retained from the merged protocol MPLS label stack—The IPv4 explicit-null label is retained from the merged protocol MPLS label stack, if the IPv4 explicit-null is at the bottom of the MPLS label stack.
Network Management and Monitoring
The show system schema command and
<get-yang-schema>RPC require specifying an output directory (MX Series)—Starting in Junos OS Release 19.2R1, when you issue the show system schema operational mode command in the CLI or execute the<get-yang-schema>RPC in a remote session to retrieve schema files, you must specify the directory in which to generate the output files by including the output-directory command option in the CLI or the<output-directory>element in the RPC. In earlier releases, you can omit the output-directory argument when requesting a single module to display the module in standard output.Custom YANG RPC support for input parameters of type empty (MX Series)—Starting in Junos OS Release 19.2R1, custom YANG RPCs support input parameters of type
emptywhen executing the RPC’s command in the Junos OS CLI, and the value passed to the action script is the parameter name. In earlier releases, input parameters of typeemptyare only supported when executing the RPC in a NETCONF or Junos XML protocol session, and the value passed to the action script is the string'none'.[See Creating Action Scripts for YANG RPCs on Devices Running Junos OS.]
Change in power supply alarms (MX10003)—Starting in Junos OS Release 19.2R1, the MX10003 routers do not raise an alarm if a Power Entry Module (PEM) slot is empty. However, when the number of operational PEMs available is less than 2, the router raises a major alarm. This alarm is cleared when the required number of PEMs are made available.
[See show chassis alarms]
Routing Policy and Firewall Filters
Fixed an issue with certain combination of match conditions—In Junos OS Release 19.2R1, fixed a temporary issue wherein configuring a firewall filter with a match condition for port along with source-port and/or destination-port in the same filter term would cause a commit error. Any valid combination of the filter terms is now supported.
Routing Protocols
Change in the default behavior of advertise-from-main-vpn-tables configuration statement—BGP now advertises EVPN routes from the main bgp.evpn .0 table. You can no longer configure BGP to advertise the EVPN routes from the routing instance table. In earlier Junos OS Releases, BGP advertised EVPN routes from the routing instance table by default.
Services Applications
Support for host generated traffic on a GRE over GRE tunnel (MX Series)—In Junos OS Release 19.2R1, you can send host generated traffic on a GRE over GRE tunnel. However, when path maximum transmission unit (PMTU) is updated for the outer GRE tunnel, MTU for inner GRE tunnel is not corrected.
New syslog message displayed during NAT port allocation error (MX Series Routers with MS MPC)—With address pooling paired (APP) enabled, an internal host is mapped to a particular NAT pool address. In case, all the ports under a NAT pool address are exhausted, further port allocation requests from the internal host results in a port allocation failure. The following new syslog message is displayed during such conditions:
JSERVICES_NAT_OUTOF_PORTS_APP
This syslog message is generated only once per NAT pool address.
Software Defined Networking
Deprecated CLI commands and options for JDM (MX480, MX960, MX2010, MX2020, and MX2008)—Starting in Junos OS Release 19.2R1, in Junos Node Slicing, Juniper Device Manager (JDM) does not support the following CLI commands or options:
show system visibility
show system inventory
the jinventoryd option in the restart command
Subscriber Management and Services
Changing attributes of physical interface with active subscribers (MX Series)—Starting in Junos OS Release 19.2R1, the commit check fails when you change any attribute of the physical interface, such as the MTU, when subscribers are active. This affects only aggregated Ethernet physical interfaces with targeted distribution configured. In earlier releases, the commit check does not fail and the attribute change brings down the physical interface and all subscribers using that interface.
[See CoS for Aggregated Ethernet Subscriber Interfaces Overview.]
Out-of-address SNMP trap requires thresholds to be configured (MX Series)—Starting in Junos OS Release 19.2R1, the behavior has changed for generating an out-of-address SNMP trap for an address pool. You must now configure both the high-utilization and abated-utilization thresholds. When the number of assigned addresses surpasses the high-utilization threshold, a high-utilization trap is generated. If all the addresses are assigned from the pool, an out-of-address trap is generated and an out-of-address syslog message is sent.
In earlier releases, an out-of-address trap is generated when the address pool is exhausted, regardless of whether the thresholds are configured.
[See Configuring Address-Assignment Pool Usage Threshold Traps.]
juniper-access-line-attributes option replaces juniper-dsl-attributes (MX Series)—Starting in Junos OS Release 19.2R1, the juniper-access-line-attributes option replaces the juniper-dsl-attributes option at the [edit access profile profile-name radius options] hierarchy level. For backward compatibility with existing scripts, the juniper-dsl-attributes option redirects to the new juniper-access-line-attributes option. We recommend that you use juniper-access-line-attributes from now on.
VLAN Infrastructure
Specifying a descending VLAN ID range ( MX Series routers, and vMX virtual routers)—In Junos OS releases prior to Junos OS Release 19.2R1, the system accepts a descending range—for example, 102-100, with the vlan-id-range configuration statement in the [edit interfaces interface-name unit logical-unit-number] hierarchy.
Starting with Junos OS Release 19.2R1, the system considers a descending range specified with vlan-id-range to be invalid and raises an error if you try to commit this configuration.
Known Limitations
Learn about known limitations in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
General Routing
The Routing Engine boots from the secondary disk when you: a) press the reset button, on the RCB front panel, while the Routing Engine is booting up but before Junos OS is up. b) Upgrade software, by booting from the network using the request vmhost reboot network command, and the system fails to boot from the network. c) Upgrade BIOS and the upgrade fails. d) Reboot and the system hangs before Junos OS is up. PR1344342
During a unified ISSU that warrants host upgrade, if the router is configured with 8 million IPv4/IPv6 routes or more, the unified ISSU might fail resulting in FPC restart. PR1348825
The commit is successful when the configured MTU value is greater than 9500, which is the maximum permissible value. However, the actual value is set back to 1518B without any error. Check the DCD log to verify the occurrence. PR1372690
The MIC-MACSEC-20G supports 10-Gigabit speed through the set chassis fpc x pic y pic-mode 10G configuration applied to both the PICs in that MIC. Any other PIC mode configuration should be removed and then the 10-Gigabit PIC mode configuration is to be applied. PR1374680
In Junos OS, most daemons underwent architectural change in transition from Junos OS Release 14.1X53 to Junos OS Release 17.X (4 years) and many new features were added. These changes caused an increase in memory footprint in Junos OS Release 17.X compared to Junos OS Release 14.1X53. Unless we see system instability or any adverse performance impact, or a daemon crash due to low memory, this increased memory footprint should not be an issue, and functionality should work fine. The increased memory footprint is a Junos OS property. PR1390226
On MX2008 platform with MPC9E, in line rate traffic with a redundant SFB2 scenario, if offline one redundant SFB2, there might be tail or sometimes WRED drops in MPC9E, resulting in partial traffic loss. Under normal circumstances, the SFBs should be auto fail-over if one of them fails, and there should be only a little packet dropped momentarily. PR1395591
The dfe tuning failing at times is a known issue on MX10003, the only recovery option in this situation is to restart the FPC. PR1413233
The MX104 router has the following limitations in error management:The show chassis fpc error command is not available for MX104 in Junos OS eleases 13.3R7, 15.1R2,14.1R5,14.2R4, 13.3R8, and later. Junos OS does not initiate restart of the system on encountering a fatal error. Although you can configure the action to disable the Packet Forwarding Engine when major errors occur, Junos OS does not disable the Packet Forwarding Engine on encountering a major error. PR1413314
In Next Gen Services and non-Next Gen Services cases, the monitor interface is MS or VMS. When chassisd restarts, all FPCs are restarted. The service redundancy daemon (srd) also gets restarted and the ICCP connection goes down. If the FPC hosting the ICL goes down first before srd receives the information about the down physical interface for the monitored interface, it will not do switchover immediately. The same behavior is observed in the Next Gen Services and the non-Next Gen Services as well. PR1416064
In the following scenario Device 1 Remote Device MX10003-mx1ru-h <----------------> MX10003-mx3ru-i et-0/0/2 et-1/0/1. If PRBS is started on simultaneously as TX and RX on both the devices, there will be errors seen at remote device because when PRBS is started as TX on remote device, it attempts to dfe tune the line again but PRBS is already running as RX which causes the error. So first start As Tx on Device 1 and as Rx on Remote device, then stop the test on both the ends and start as TX on remote device and as Rx on Device 1. PR1416124
Names of user-defined applications are always displayed in the sessions output if they match the traffic criteria defined in the application definition. This happens irrespective of whether the match conditions in the rule has these applications as one of the match condition or not. PR1416365
Since creating the loopback at the MacSec port (remote end) in this specific situation, the link itself is down at the EA port hence PRBS test fails with incrementing error counts. PR1421432
Due to a race condition between the creation of logical interfaces and sending out of GARP when a logical interface is configured, there is an issue of logical interface statistics incrementing by one output packet. PR1430431
FLT will not support source-port and port combination match due to the limitation. PR1432201
Dynamic spring-te tunnel creation to LDP (non SR) speaking nodes are not supported even in the presence of mapping server configurations. Spring-te internally converts the tunnel-hop IP addresses (prefix/adjacency) into corresponding labels through auto-translate feature. This feature internally makes use of Traffic Engineering Database (TED); where at present the mapping server entries are not present. PR1432791
On MPC2 Junos telemetry interfaces services statistics might not be available after the unified ISSU. PR1433589
128k source-ip addresses as match condition should be configured under couple terms. After commit the configuration, it will take 10 minutes to effect. PR1433974
On MX10003 platform with no MSATA device, xSTP topology change is seen during FRU upgrade state in unified ISSU. PR1435397
When the Junos telemetry interface collector runs for a longer duration, the iLatency will be negative. PR1436126
With scaled inline single-hop BFD sessions, and events such as restart of FPC, ppm, drpd, and some of the BFD sessions might flap. PR1436543
In a large-scale setup (such as large number of routing instances or interfaces), if there are frequent changes in configuration and interface flapping when the rpd is restarted by deactivating and then activating the logical system or restarting routing, the rpd might crash. PR1438049
MX Series routers report Routing Engine and FPC policer violation when DDoS violation occurs. PR1439427
Whenever the primary path goes down for the SRTE tunnel, dynamic tunnel module (DTM) starts an expiry timer of 15 minutes. If the primary path comes up within this timer period, the tunnel will be up again. After the timer expires and the primary path is still not up, DTM asks SRTE to remove the tunnel. Also, if there are multiple paths to reach the tunnel endpoint, bgp routes will resolve over the other route, for example a L-ISIS path. Later even if the primary path comes up, bgp routes will remain resolved over the other secondary route and does not change. No re-resolution is happening because the SRTE tunnel is resolving with more than one indirection (SRTE over MPLS over IS-IS in this case). Because of the whole design of how resolution happens and multiple dependencies, there is no simple fix for this. The same issue is applicable to RSVP tunnels also. The issue is applicable to uncolored tunnels only. PR1439557
Interworking between MPC10E and SCBE3 is not supported. PR1440073
A privilege escalation vulnerability might occur in devices running Junos OS configured with dual Routing Engines, Virtual Chassis or high-availability cluster might allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. PR1441795
The jinsightd might display constant CPU utilization levels (for example, 5-6 percent) with no health monitor due to the presence of default fault monitoring telemetry sensors (check with the show agent sensors command). This is expected and there is no service impact due to this. The utilization level depends on the number of FPCs in the chassis. PR1451057
Syslog error message Failed to complete DFE tuning is generated. This message has no functional impact and can be ignored. PR1473280
Interfaces and Chassis
Upgrading Junos OS Release 14.2R5 and later maintenance releases and Junos OS Release 16.1 and later mainline releases with CFM configuration might cause the cfmd process to crash after upgrade. This is because of the presence of an old version of
/var/db/cfm.db. PR1281073In a large-scale subscriber environment, changing aggregated Ethernet member link configuration might generate core files for the two Routing Engines. PR1375638
When disabling physical interface with JNP-100G-AOC-xM AOC cables, port LED could turn red or go off depending on vendor. JNP-100G-AOC-xM cables sourced by Finisar will cause port LED to turn red when physical interface is disabled. Cables sourced by Innolight will cause the port LED to turn off in contrary. Tranceiver vendor information can be obtained from the show chassis pic fpc-slot <fpc slot> pic-slot<pic slot> CLI command. Transceiver vendor field contains 'JUNIPER-FINISAR' for Finisar and 'JUNIPER-INNO' for Innolight. PR1415958
Firmware upgrade for nPhi Madison optics is not supported on MX10008/16 platform. PR1424408
Platform and Infrastructure
On all platforms running Junos OS, execution of Python scripts through enhanced automation does not work on veriexec images. PR1334425
Routing Protocols
When 32,000 SR-TE policies are configured at once, during configuration time there might be scheduler slips. PR1339829
A mis-design in the route selection code with respect to BGP multiple exit discriminator (MED) grouping is done. This interacts poorly with families such as EVPN and Layer 2 VPN which create their own routes rather than doing rib-leaking similar to Layer 3 VPN. However, this issue might trigger even without those families if routes are made comparable to BGP (for example, preference 170). This is a corner case with racing condition within rpd code. PR1352697
Open Issues
Learn about open issues in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
EVPN
Duplicate packets in EVPN scenario are seen because a nondesignated forwarder is sending an inclusive multicast packet to the PE-CE interface after MAC lookup. PR1245316
In an EVPN-VXLAN core isolation scenario, the server is multihomed to the leaf devices through LACP interfaces. If graceful restart is enabled, when you reboot the system or restart routing on the leaf device, the core isolation does not work. If you reboot the system, the issue results in the leaf device silently dropping the traffic sent from the server during the time window between LACP coming up and BGP coming up. If you restart routing, there might be no traffic drop because of the graceful restart. PR1461795
In an EVPN-MPLS scenario with the proxy-macip-advertisement enabled on an IRB, ARP for remote CE device on local PE device might fail and forwarding-table entry always remains in hold state. The proxy-macip-advertisement enables the proxy advertisement feature on a device that can function as a Layer 3 gateway. With this feature enabled, the Layer 3 gateway advertises the MAC and IP routes (MAC+IP type 2 routes) on behalf of Layer 2 VXLAN gateways. PR1506343
Forwarding and Sampling
The skip-service configuration does not work with IPv6 NDP negotiation or ping. PR1074853
If IPv4 prefix is added to a prefix list referred by IPv6 firewall filter, then the log message Prefix-List [Block-Host] in Filter [Protect_V6] not having any relevant prefixes , Match [from prefix-list Block-Host] might be optimized is not seen. PR1395923
Restart the firewall process in both Routing Engines when firewall error logs are noticed along with SSD hardware failure logs. PR1397171
In the case of a physical interface policer for ip-option traffic, the traffic rate is found to be more than 10 percent. PR1398728
Verify event CP down/up is long enough to trigger EP timeout for CoS hierarchy model 2, failing as expected when DHCP subscribers are not bound. PR1505409
General Routing
SIP session fails when the IPv4 SIP client in a public network initiates a SIP call with the IPv6 SIP client in a private network. PR1139008
If a VM host snapshot is taken on an alternate disk and there is no further VM host software image upgrade, the expectation is that if the current VM host image gets corrupted, the system boots from the alternate disk so the user can recover the primary disk to restore the state. However, if the host root file system is corrupted, the node boots with the previous VM host software instead of booting from the alternate disk. PR1281554
The deletion of the oneset/leaf-list configuration through JSON might not be successful when the delete attribute is passed in the JSON string. PR1287342
The chain-composite statement does not bring in a lot of gain because TCNH is based on an ingress rewrite premise. Without this statement things work fine. PR1318984
With regard to FPC restarts or Virtual Chassis splits, the design of MX Series Virtual Chassis infrastructure relies on the integrity of the TCP connections. The reactions to failure situations might not be handled gracefully. This results in TCP connection timeouts because of jlock hog crossing the boundary value (5 seconds), which causes bad consequences in MX Series Virtual Chassis. Currently, there is no other easy solution to reduce this jlock hog besides enabling marker infrastructure in the MX Series Virtual Chassis setup. PR1332765
The first packet pertaining to the J-Flow Packet Forwarding Engine sensor in UDP mode is missing after the line card reboots on an MX150 platform. PR1344755
With GRES enabled in a subscriber environment, if subscribers are logging in or logging out quickly, the service sessions in the session database (SDB) of the backup Routing Engine might leak. If the problem is not detected for a long time, the backup Routing Engine might not be able to synchronize with the master Routing Engine and will not be ready for GRES. PR1346300
Backup Routing Engine might crash after more than 10 continuous GRES switchovers. PR1348806
For configurations of bridging routing instances with aggregated Ethernet logical interfaces (6400 logical interfaces) and IRB instances, all from a single FPC, the CPU utilization of the FPC stays at 100 percent for 4 minutes. The behavior from PFEMAN of the FPC has the processing time spiked on IF IPCs, and this seems to be the case of MPC7E line cards from Junos OS Release 16.1R1 (or even earlier). After 4 minutes, the CPU utilization comes down and the FPC is normal. Therefore, scaled configurations on MPC7E line card takes settling time of more than 4 minutes. PR1359286
In rare circumstances, a faulty SFP transceiver installed in an MX104 might cause the AFEB to go offline. The backup Routing Engine and fan tray might also show an alarm. PR1360426
When an FPC is booting up (either during unified ISSU, router reboot, or FPC restart), I2C timeout errors for an SFP transceiver are seen and the I2C action is not completed because the device is busy. When the FPC is up, all the I2C transactions to the device are normal, so no periodic failure is observed. There is no functional impact and these errors can be ignored. PR1369382
If any of the log messages continue to appear in the MPC console, it indicates the presence of a faulty SFP/SFP+ transceiver is causing I2C transaction from the main board CPU. There is no software recovery available to recover from this situation. These logs also indicate potential I2C transaction failure with any of the 10 ports available with GMIC2 in PIC 0, resulting in an unexpected behavior. For example, links do not come up or the MIC does not boot when restarted. I2C Failed device: group 0xa0 address 0x70 Failed to enable PCA9548(0x70):grp(0xa0)->channel(0) mic_sfp_select_link:MIC(0/0) - Failed to enable PCA9548 channel, PCA9548 unit:0, channel ID: 0, SFP link: 0 mic_sfp_id_read: Failed to select link 0. As a workaround, detect and replace the faulty SFP/SFP+ transceiver plugged into the GMIC2 ports. PR1375674
On MX480 routers, a few xe- interfaces are going down with the error message if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840
The virtio throughput remains the same for multi-queue and single-queue deployments. PR1389338
In a BGP Prefix-Independent Convergence (PIC) case, if a route R1 resolves on top of the multipath route R2, where R2 has primary and backup indirect next hops, it will be better if the backup leg is not used for the resolution of R1. There is no impact on any existing CLI commands. The backup path is never used when the primary path is available. PR1401322
Parity error detection and correction is not supported. PR1402455
On MX150 and vMX-based platforms, when the clear pim join instance instance-name all command is issued, it might result in stopping of the riot process on the system. PR1409527
A small number of tunneled subscribers might terminate during the unified ISSU because of momentary loss of IP connectivity between the LAC and LNS devices. PR1414928
FPC core files are generated on multiple additions or deletions of hierarchical CoS from pseudowire devices. As a workaround, remove the pseudowire device without changing the hierarchical CoS configuration. PR1414969
In Next Gen Services and non-Next Gen Services cases, the monitor interface is MS or VMS. When chassisd restarts, all FPCs are restarted. The service redundancy daemon (srd) also gets restarted and the ICCP connection goes down. If the FPC hosting the ICL goes down first before srd receives the information about the down physical interface for the monitored interface, it will not do switchover immediately. The same behavior is observed in the Next Gen Services and the non-Next Gen Services as well. PR1416064
The MX Series Packet Forwarding Engine does not account for the labels pushed on to the packet on the egress Packet Forwarding Engine, while the PTX Series Packet Forwarding Engine does. This results in a slight difference in the byte count for the same traffic stream across these two platforms. The packet count is still the same across the platforms. Currently, this issue is noticed for uncolored SR-TE policies. PR1416738
System ID of an old master Routing Engine is reported by FPCs even after GRES. PR1417366
Traffic statistics are not displayed for the hybrid access gateway session and tunnel traffic. PR1419529
The ROUTING_LOOP_DETECTED subcode is not generated under the PATHERR_RECV code when a strict path loop is created for LSP event telemetry notifications. PR1420763
If the HTTP header enrichment function is used, the traffic throughput decreases when the traffic passes through header enrichment. PR1420894
Because the loopback was created at the MACsec port (remote end) in this specific situation, the link itself is down at the EA port. Therefore, the PRBS test fails with incrementing error counts. PR1421432
For ALGs with out-to-in sessions, if the data sessions come from an IP address that is different from the IP address available in the control sessions with the NAT rule matching, such ALGs should have the match condition for the destination-address as any and not a specific IP, or you must add all possible IP addresses from where the data sessions for the ALGs can come. PR1421555
The Junos OS Releases 19.1 and later support RFC8231 and RFC8281 compliance by default. However, if the controller is not compliant with RFC8231 and RFC8281, a backward compatibility can be configured to fall back to pre-RFC 8231/8281 behavior. PR1423894
Due to a race condition between the creation of logical interfaces and sending out of gratuitous ARP when a logical interface is configured, there is an issue of logical interface statistics incrementing by one output packet. PR1430431
On MPC10 line card, the error message failed, Return code: 500 is seen with baseline. PR1431552
After restarting the router, changing the anti-spoof status causes tunnel duplication. However, half of those tunnels are up because they have not been cleaned up. PR1433930
On MX Series platforms, if the clock frequency is slowly changing on CB0 (slow drift), the clock source for MPC-3D-16XGE-SFPP might not be changed to CB1, which causes interfaces on it to go down and remain in the down state. PR1433948
When you reboot or power off the backup Routing Engine, a trap message is reported. This is the generic design for the MX10003 platform. PR1436212
Error of traffic does not get policed as expected after locally switched for VLAN 100 and 101, while verifying the selective local-switching functionality with 4000 VLANs. PR1436343
With scaled inline single-hop BFD sessions, and events such as restart of FPC, ppmd, rpd, and some of the BFD sessions might flap. PR1436543
FPC might crash when the Packet Forwarding Engine memory usage for a partition such as NH/DFW is high. Under low Packet Forwarding Engine memory condition, log message Safety Pool below 25% Contig Free Space" or "Safety Pool below 50% Contig Free Space might be observed. PR1439012
The interface-specific filters do not work on the MPC10E line card, and both count and policer actions are affected. It is advisable not to use interface-specific firewall filters in this release. PR1439327
MX Series routers report Routing Engine and FPC policer violation when DDoS violation occurs. PR1439427
Before switching mastership of Routing Engine, you need to wait at least 4 minutes after enabling the GRES configuration for both the Routing Engines to come up in dual Routing Engine mode. Check GRES readiness by executing the request chassis routing-engine master switch check command from the master Routing Engine and the show system switchover command from the backup Routing Engine. PR1439884
There is a change in the way egress topology is being set up for the control packets in MPC10 line cards from the way it is set up in legacy MX Series routers. In legacy MX Series routers, the control packets (ARP) are not subject to family any firewall next hops, whereas in MPC10 line card they will be. Thus, if the firewall does not have the ACCEPT default term, it is expected to drop the ARP packet. PR1440792
On MX204 and MX10003 routers, egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, and MPC9E line cards. PR1441816
The BGP session establishing over the GRE tunnel fails when the router receives the BGP packets encapsulated as GRE and uses the firewall filter action to de-encapsulate the GRE header. PR1443238
When an xe- interface working in 1-Gigabit mode is added to a member link of an aggregated Ethernet interface, the speed of the aggregated Ethernet interface is incorrectly shown as 10 Gbps. There is no functional impact. This is a display issue. PR1449887
On MX Series, the dropped packets are seen on MQ/XM-based MPCs, although there is no traffic flowing through the system. PR1451958
When you use the replace pattern command to replace the name in the apply-group, the mgd crashes. PR1452136
SDK upgrade from 5.10 to 6.5.16 is done in this release. PR1454144
When you edit a command and run the command from CLI command history, the timestamp might not appear. PR1454387
The firewall filter might be incorrectly updated in the MPC10E Packet Forwarding Engine when a change (for example, add, delete, deactivate, or activate) of firewall filter terms occurs in some scenarios, such as large-scale term changes or changes happening during MPC reboot. The incorrect firewall filter might cause the traffic to be silently dropped or discarded and even lead to an MPC crash. It is a timing issue. PR1458499
The commit script does not apply changes in private mode unless a commit full operation is performed. PR1465171
With BGP RIB sharding and update threading, traffic drops by 100 percent in the BGP Layer 3 VPN streams after removal or restoration of the configuration. PR1469873
When enhanced-mode ISSU is in progress, the MPC7E, MPC8E, and MPC9E line cards lose control connection, chassisd incorrectly marks FPCs offline reason as "Bad Voltage". PR1473722
When you reboot the external server, the SNMP values configured within
/etc/snmp/snmpd.confat the server get overwritten with content from the JDM SNMP stanza. Trap configuration changes get completely removed. JDM restart or stop/start does not change thehost /etc/snmp/snmpd.conffile; only system reboot of the server does this change. PR1474349Changing framing modes on a CHE1T1 MIC between E1 and T1 on an MPC3E NG HQoS line card causes the PIC to go offline. PR1474449
In VPLS configurations, ARP resolution over an IRB interface might fail if the hosts are behind a vt- tunnel. As a workaround, you can use no-tunnel-services statement. PR1477005
When specific hardware failure conditions occur in MX2000 platforms, fabric healing attempts to auto-heal the fault location in three phases to prevent traffic get silently dropped and discarded. In such fault conditions, fabric healing process in last phase-3 might not be able to decide which FPC slot should be marked faulty and off-line all the FPCs in the system reporting fabric destination time out. PR1482124
BFD over Layer 2 VPN or Layer 2 circuit does not work because of the SDK upgrade to version 6.5.16. PR1483014
Viewing a large file from vFPC console using cat application might hog the console. PR1493805
On deactivating and activating routing instance, packets from nonexisting source on GRE or UDP designated tunnel are accepted where they are supposed to be dropped. PR1503421
On all Junos OS platforms with the Juniper Telemetry Interface configured, the rpd might crash when there is telemetry streaming is in progress and meanwhile there is a network churn. This is a timing issue, and the rpd recovers automatically. PR1505425
In an EVPN scenario with VRRPv6 is used, the Ethernet source MAC address might be used for IPv6 mac-ip binding when the NA is sent from VRRPv6 master. As this unexpected behavior is triggered on regular intervals, it causes the entries to keep refreshing in the EVPN database because NS from VRRPv6 master changes the mac-ip binding. This impacts the traffic. PR1505976
A 10-Gigabit Ethernet interface configured with WAN-PHY framing might flap continuously if the hold-down timer is set to 0 (which is the default). This is not applicable to an interface with the default framing LAN-PHY. PR1508794
Infrastructure
The following messages are seen during FTP: ftpd[14105]: bl_init: connect failed for `/var/run/blacklistd.sock' (No such file or directory). PR1315605
Interfaces and Chassis
Out-of-sequence packets are seen with the LSQ interface. PR1258258
With a connectivity fault management (CFM) configuration, if you execute an upgrade between releases that uses a different db format, the continuous cfmd crashes might be seen after upgrade. PR1281073
After GRES, 1-Gigabit Ethernet speed calculation changes to 10-Gigabit Ethernet. PR1326316
In MX Series Virtual Chassis, flooding of the error message CHASSISD_CONFIG_ACCESS_ERROR: pic_parse_ifname: Check fpc rnage failed can be seen when MPC7, MPC8, and MPC9 line cards are inserted to member 1. The errors only impact DWDM PICs, and do not affect the MPC7, MPC8, and MPC9 line cards. Hence this syslog message can be safely suppressed. PR1349277
There are multiple failures when events such as node reboot, ICL flaps, and ICCP flaps occur, and even with enhanced convergence configured there is no guarantee that subsecond convergence will be achieved. PR1371493
Some routers index the SFP transceivers starting at 1, while interface numbering starts from 0; thus, reading the Packet Forwarding Engine-level output can be confusing. PR1412040
Syslog error scchassisd[ ]: CHASSISD_IPC_WRITE_ERR_NULL_ARGS: FRU has no connection arguments fru_send_msg Global FPC x is observed after MX Virtual Chassis local or global switchover. This syslog is harmless in this scenario. PR1428254
If an aggregated Ethernet interface has VRRP configuration, in the following use cases, member logical interfaces are not created after a member physical interface comes up and the aggregated Ethernet interface is in down state:
FPC restart (request chassis fpc restart slot <>)
Chassis-control restart (restart chassis-control)
Reboot of both Routing Engines (request system reboot both-routing-engines).
So, before performing these operations, we recommend that you remove the VRRP configuration from the aggregated Ethernet interface. PR1429045
Junos Fusion for Provider Edge
On a Junos fusion for enterprise system, intermediate traffic drop is seen between aggregation and satellite device when sFlow is enabled on an ingress interface. This issue is not seen always. When sFlow is enabled, the original packet gets corrupted for those packets that hit the sFlow filter. This is because a few packets transmitted from the egress interface of AD1 is short of FCS (4 bytes) + 2 bytes of data, due to which the drop occurs. It is seen that the normal data packets are of size 128 bytes (4 bytes FCS + 14 bytes Ethernet header + 20 bytes IP header + 90 bytes data), while the corrupted packet is 122 byte (14 bytes Ethernet header + 20 byte IP header + 88 bytes data). PR1450373
Layer 2 Features
If VLAN ID lists are configured under a single physical interface, Q-in-Q might stop working for certain VLAN ID lists. PR1395312
Layer 2 Ethernet Services
DHCPV6_LEASEQUERY counter might not be as expected in the show dhcpv6 relay statistics command output. PR1521227
MPLS
With nonstop active routing (NSR), when the routing protocol process (rpd) restarts on the master Routing Engine, the rpd on the backup Routing Engine might restart. PR1282369
The root XML tag in the output is changed from
rsvp-pop-and-fwd-infotorsvp-pop-and-fwd-informationto be consistent with the XML tag convention. PR1365940The default behavior of local reversion has changed from Junos OS Release 16.1 and that impacts the LSPs for which the ingress router does not perform make-before-break. Junos OS does not perform make-before-break for no-CSPF LSPs. PR1401800
Packet drop might be seen if SR-TE and mapping server are configured. Dynamic SPRING-TE tunnel creation to LDP (non-SR) speaking nodes is not supported even in the presence of mapping-server configurations. SPRING-TE internally converts the tunnel hop IP addresses (prefix/adjacency) into corresponding labels through the auto-translate feature. This feature internally makes use of traffic engineering database where currently the mapping-server entries are not present. PR1432791
When an interface in an MVPN routing instance is changed from a virtual tunnel (VT) interface to a label-switched interface (LSI), the P2MP LSP might get stuck in an incorrect state due to no-tear-down message created from the LSP egress side. In the end, MVPN traffic will be lost. PR1454987
Network Management and Monitoring
Junos OS is used to send a cold trap from the new master just after the first GRES. This is because the cold_start timestamp file is not present or updated after the reboot. So, for the first GRES, it is used to send the cold start trap. PR1461839
Platform and Infrastructure
In configurations with IRB interfaces, during times of interface deletion (for example, FPC reboot), the Packet Forwarding Engine might log the error as nh_ucast_change:291Referenced l2ifl not found. This condition should be transient, with the system reconverging on the expected state. PR1054798
An accuracy issue occurs with three-color policers of both types, single rate and two rate, in which the policer rate and burst-size combination of the policer accuracy vary. This issue is present starting in Junos OS Release 11.4 on all platforms that use the MX Series ASIC. PR1307882
If scaling logical-interface-set members and aggregated Ethernet members are configured on the same FPC, the FPC might crash when it restarts. PR1380527
On MX Series routers with MPCs, the unicast traffic might drop when the destination is reachable over an integrated routing and bridging (IRB) interface and a label-switched interface (LSI) with two next hops. PR1420626
On MX Series routers with MS-MPC cards, when an FPC restarts or the routing-instance type is changed (for example, virtual-router to VRF), or route distinguisher is changed, traffic from a group virtual private network (GVPN) tunnel to MPLS over UDP tunnel might fail to get decrypted on the MS-MPC, and this causes complete service loss. PR1422242
On all platforms running Junos OS, with NSR enabled, the BGP session with a hold time of 6 seconds or smaller flaps after if the backup Routing Engine is powered off ungracefully. PR1428518
For the bridge domains configured under an EVPN instance, ARP suppression is enabled by default. This enables the EVPN to proxy the ARP, and reduces the flooding of ARP in the EVPN networks. Because of that, storm control is not taking effect to the ARP packets on the ports under such bridge domains. PR1438326
A dual Routing Engine Juniper node slicing GNF with no GRES configured and with system internet-options no-tcp-reset drop-all-tcp configured might enter dual backup Routing Engine state after a manual GNF Routing Engine mastership switchover attempt with the request chassis routing-engine master [acquire|release|switch] CLI command from either GNF Routing Engine CLI. PR1456565
Expected PIM joins are not learned after performing GRES. PR1457166
In NTP with the boot-server scenario, when the router or switch boots, the NTP daemon sends an ntpdate request to poll the configured NTP boot-server to determine the local date and time. If the ntpdate is not activated correctly while the device is booting, the ntpdate might not work successfully. Then, some cosmetic error messages of time synchronization might be seen, but there is no impact with time update because the NTP daemon will update the time eventually. PR1463622
Routing Protocols
When interoperating with other vendors in a draft-rosen multicast VPN, by default the Junos OS attaches a route target to multicast distribution tree (MDT) subsequent address family identifier (SAFI) network layer reachability information (NLRI) route advertisements. But some vendors do not support attaching route targets to the MDT-SAFI route advertisements. In this case, the MDT-SAFI route advertisement without route-target extended communities will be excluded from propagating if the BGP route target filtering is enabled on a device running Junos OS. Note that draft-rosen-idr-rtc-no-rt has been created in IETF to document this issue and carry the proposed fix through standards. PR993870
Certain BGP traceoption flags (for example, open, update, and keepalive) might result in (trace) logging of debugging messages that do not fall within the specified traceoption category, which results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294
LDP and OSPF are in the in-sync state because an IGP interface is down with LDP synchronization enabled for OSPF. According to the current analysis, the IGP interface down message is seen as the reason because although LDP notified OSPF that LDP synchronization is achieved, OSPF is not able to take note of the LDP synchronization notification because the OSPF neighbor is not up yet. PR1256434
In rare cases, RIP replication might fail as a result of performing NSR Routing Engine switchovers when the system is not NSR ready. PR1310149
BGP I/O threading was added in Junos OS Release 16.1R1, whereby BGP writes were batched to improve efficiency. This might sometimes lead to some latency in sending BGP update while reacting to certain network events. PR1332301
SCP command with routing option (-JU) is not supported. PR1364825
It is possible for a GNF with rosen6 multicast to display stuck KRT queue entries after recovery from a dual Routing Engine reboot at the BSYS. PR1367849
Performance improvement with addpath-optimization statement configured will vary across releases because of variability of baseline convergences without the configuration statement. PR1395684
During NSR initial state replication on a scaled setup, while BGP state replication is still ongoing, the BGP task replication might get marked as completed. This is because BGP replication is triggered and controlled through the backup Routing Engine. You must check the output of the show bgp replication command to confirm whether replication has actually completed. This corner case scenario is valid only on a scaled setup and during initial state synchronization.PR1404470
The issue is seen when a direct change of route distinguisher is done on a routing instance. As a workaround, deactivate the instance before changing route distinguisher and then reactivate. PR1433913
On the MX2010 Series routers, the BFD session on the IS-IS step up flaps during the ISSU - FRU upgrade stage. PR1453705
When the system is in transient state (that is, it is learning new routes), the number of routes and the active routes in inet.0 and junosmain::inet.0 are not supposed to be same. When the system is in stable state, the number of routes and the active routes in inet.0 and junos-main::inet.0 converge eventually. PR1453981
When the system is in transient state (that is, it is learning new routes), the number of routes and the active routes in inet.0 and junosmain::inet.0 are not supposed to be same. When the system is in stable state, the number of routes and the active routes in inet.0 and junos-main::inet.0 converge eventually. PR1453981
The order of the statement displayed for the show configuration command is changed. PR1457240
User Interface and Configuration
Changing nested apply groups does not take effect. PR1427962
VPNs
In an MVPN environment with the SPT-only option, if the source or receiver is connected directly to the c-rp PE device and the MVPN data packets arrive at the c-rp PE device before its transition to SPT, the MVPN data packets might be dropped. PR1223434
The LSP might stay down if you configure both the virtual tunnel (VT) interface and vrf-table-label in an MVPN scenario. In this case, VT is preferred over LSI. Later when the VT interfaces are deleted, there is no notification to MVPN indicating that LSI is still available. Hence traffic loss might be seen. PR1474830
Resolved Issues
This section lists the issues fixed in Junos OS main and maintenance releases for MX Series routers.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Resolved Issues: 19.2R3
Class of Service (CoS)
MX Series platforms with MPC1-Q and MPC2-Q line cards might report memory errors. PR1500250
EVPN
Remote MAC address present in EVPN database might be unreachable. PR1477140
The ESI of IRB interface does not update after autonomous-system number change if the interface is down. PR1482790
Dead next hops might flood in a rare scenario after remote PE devices are bounced. PR1484296
The rpd core file might be generated when doing Routing Engine switchover after disabling BGP protocol globally. PR1490953
VXLAN bridge domain might lose VTEP logical interface after restarting chassisd. PR1495098
The l2ald memory leak might be observed in an EVPN scenario. PR1498023
The VXLAN function might be broken due to a timing issue. PR1502357
The MAC address of the LT interface might not be installed in the EVPN database. PR1503657
Forwarding and Sampling
Issue of UTC timestamp in the flat-file-accounting files when profile is configured. PR1509467
General Routing
The cosmetic error mspmand[190]: msvcs_session_send: Plugin id 3 not present in the svc chain for session is observed in the output. PR1258970
The show security group-vpn member ipsec security-associations detail | display xml command output is not in the expected format. PR1349963
On MX2010 routers, error message Failed to get xfchip which_xfchip 7, CMTY_FM_HSL2: [cmty_fm_hsl2_adc_xbar_set_cell_limit_per_link] xbar limit set failed pb_slot[3], pfe[1], sfb_slot[7], sub_plane[2], link_index[83] is observed during unified ISSU. PR1388076
The configuration database might not be unlocked automatically if the related user session is disconnected when the commit operation in progress. PR1410322
Core files are generated with reference to ddl_access_check_sequence during software upgrade. PR1414118
FPC x Voltage Tolerance Exceeded alarm is raised and cleared upon bootup of JNP10K-LC2101. PR1415671
Resetting the playback engine log messages are seen on MPC5E line card. PR1420335
FPC crash might be observed after GRES when you commit changes in the firewall filter with the next term statement in subscriber scenario. PR1421541
Configuration commit might fail when the file system gets into full state. PR1423500
IRB over VTEP unicast traffic might get dropped on MX Series platforms. PR1436924
FPC19 (MPC9E) might not go offline due to unreachable destinations in phase 3 stage. PR1443803
Interfaces shut down by disable-pfe action might not be up using MIC offline or online command. PR1453433
FPC or Packet Forwarding Engine might crash with ATM MIC installed in the FPC. PR1453893
Multiple daemons might crash when you commit configuration changes related to groups. PR1455960
All the IPsec tunnels might be cleared when the clear command is executed for only one IPsec tunnel with specified service-set name. PR1456749
The MPC2E-NG or MPC3E-NG line card with specific MIC might crash after a high rate of interface flap. PR1463859
Daemons might not be started if commit is executed after commit check. PR1468119
IPv6 dynamic subscribers might be unable to access on Junos OS Release 18.2R3 and later. PR1468414
NSD core file generates after committing the configuration successfully if the destination NAT rule matches the destination address. PR1469613
When both MSTP and ERP are enabled on the same interface, then ERP does not come up properly. PR1473610
Routing Engine might not be able to send packets after some time when traffic-manager enhanced-priority-mode configuration is enabled on MPC10 or MPC11 line cards. PR1476683
Error log message chassisd[7836]: %DAEMON-3-CHASSISD_IOCTL_FAILURE: acb_get_fpga_rev: unable to get FPGA revision for Control Board (Inappropriate ioctl for device) is observed after every commit. PR1477941
MPCs might crash when there is bulk route update failure in a corner case. PR1478392
FPC with vpn-localization vpn-core-facing-only configuration might get stuck in ready state. PR1478523
PPPoE subscribers might not log in after FPC restart. PR1479099
The downstream IPv4 packets greater than BR MTU are getting dropped in MAP-E. .
Interface input error counters are not increasing on MX150 routers. PR1485706
Kernel core files are generated if you delete an ifstate. PR1486161
The unified ISSU is not supported on next-generation MPC cards. PR1491337
MS-MIC is down after loading some releases in MX Virtual Chassis scenario. PR1491628
FPCs might stay down or restart when you swap the MPC7, MPC8, and MPC9 line cards with the MPC10 and MPC11 line cards or vice versa in the same slot. PR1491968
User-configured MTU might be ignored after the unified ISSU upgrade uses request vmhost software in-service-upgrade. PR1491970
On MX10008 platform, SNMP table entPhysicalTable does not match the PICs shown for the show chassis hardware command. PR1492996
MPC10 and MPC11 line cards might crash if the interface is configured with firewall filter referencing shared bandwidth policer. PR1493084
Flapping of one port on MIC-3D-2XGE-XFP might cause the other port on the same MIC to flap. PR1493699
In node slicing setup after GRES, RADIUS interim updates might not carry actual statistics. PR1494637
B4 devices might not be able to establish softwire with an AFTR device. PR1496211
The MPC10E line card might restart with sensord crash on it due to a timing issue. PR1497343
Outbound SSH connection flap or a memory leak issue might be observed during the high rate of pushing the configuration to the ephemeral DB. PR1497575
In a node slicing scenario, when a FPC with aggregated Ethernet member port comes online, subscribers might be disconnected. PR1498024
SNMP polling does not show correct PSM jnxOperatingState when one of the PSM inputs failed. PR1498538
The rpd might crash when multiple VRFs with IFLs link-protection are deleted at a single time. PR1498992
On MX2020 and MX2010, the pem_tiny_power_remaining message will be continuously logged in chassisd log. PR1501108
Traffic might be silently dropped and discarded in a fast reroute scenario. PR1501817
The chassisd process might get stuck. PR1502118
Core files are generated if you add or delete ERP configuration multiple times and restart l2cpd. PR1505710
The disabled QSPF transceiver might fail to turn on. PR1510994
Static subscribers logs out after creating a unit under demux0 interface. PR1511745
The l2ald memory leak might be seen after you add or delete VXLAN routing instances and interfaces. PR1512802
The wavelength configured through CLI might not be set on SFP+-10G-T-DWDM-ZR optics when the optics is placed on MPC7E line card. PR1513321
Infrastructure
An alarm might be seen if the PEM's serial number starts with 1F1. PR1398128
Interfaces and Chassis
The vrrp-inherit-from change operation leads to packet loss when traffic is forwarded to the VIP gateway. PR1489425
Unexpected dual VRRP backup state might happen after performing two subsequent Routing Engine switchovers with the track priority-hold-time statement is configured. PR1506747
J-Web
Security vulnerability in J-Web and Web-based (HTTP/HTTPS) services. PR1499280
Junos Fusion Provider Edge
The stats of extended ports on satellite device cluster might show wrong values from the aggregation device. PR1490101
Junos Fusion Satellite Software
Temperature sensor alarm is seen in Junos fusion scenario. PR1466324
Layer 2 Features
Connectivity is broken through LAG because of the members configured with hold-time and force-up. PR1481031
Layer 2 Ethernet Services
On MX204 platform, the Vendor-ID is set as MX10001 in factory-default configuration and DHCP client messages. PR1488771
Issues with DHCPv6 relay processing confirm and reply packets. PR1496220
The MC-LAG might become down after disabling and then enabling the force-up statement. PR1500758
DHCPV6 leasequery is not as expected while verifying the DHCPV6 server statistics. PR1506418
MPLS
Traffic loss might be seen if p2mp with NSR enabled. PR1434522
The RSVP interface bandwidth calculation might be incorrect when the RSVP subscription percentage is configured under the RSVP interface. PR1458527
The rpd might crash in PCEP for the RSVP-TE scenario. PR1467278
The fast reroute detour next-hop down event might cause primary LSP go in the Down state in a particular scenario. PR1469567
High CPU utilization for rpd might be seen if RSVP is implemented. PR1490163
The rpd might crash when BGP with FEC 129 VPWS enabled flaps. PR1490952
BGP session might keep flapping between two directly connected BGP peers because of the incorrect TCP-MSS in use. PR1493431
The rpd process might crash and generate a core file when SNMP polling is done using OID jnxMplsTeP2mpTunnelDestTable. PR1497641
Traffic loss might happen after a switchover when RSVP point-to-multipoint is configured. PR1500615
CSPF job might get stalled for new or existing LSP in a high scale LSP setup. PR1502993
The rpd process might crash with the RSVP configured in a rare timing case. PR1505834
Activating or deactivating LDP-sync under OSPF might cause the LDP neighborship to go down and stay down. PR1509578
The rpd might crash after upgrading from pre Junos OS Release 18.1 to Junos OS Release 18.1 and later. PR1517018
Platform and Infrastructure
Core.vmxt.mpc0 is seen at
5 0x096327d5 in l2alm_sync_entry_in_pfes (context=0xd92e7b28, sync_info=0xd92e7a78) at ../../../../../src/pfe/common/applications/l2alm/l2alm_common_hw_api.c:1727. PR1430440Traffic loss might be seen in case of Ethernet frame padding with VLAN. PR1452261
The show system buffer command displays all zeros in the MX104 chassis. PR1484689
MAC learning under bridge domain stops after MC-LAG interface flaps. PR1488251
In node slicing setup MPLS TTL might be set to zero when the packet goes through af interface configured with CCC family. PR1492639
Packets get dropped when next hop is IRB over lt- interface. PR1494594
Routing Engine crash might be seen when a large number of next hops are quickly deleted and readded in large ARP/ND scale scenario. PR1496429
Python or Slax script might not be executed. PR1501746
Traffic originated from another subnet is sent out with 0x8100 instead of 0x88a8. PR1502867
MPCs might crash when there is a change on routes learned on IRB interface configured in VPLS and EVPN instances. PR1503947
Traffic loss might be seen in certain conditions under MC-LAG setup. PR1505465
During route table object fetch failure, FPC might crash. PR1513509
Routing Protocols
PIM RPF selection for the specific multicast group might get incorrectly applied to other multicast groups. PR1443056
The rpd crash might be observed because of specific BGP update packets. PR1481641
Multicast traffic loss might be seen in certain conditions while enabling IGMP snooping under EVPN-VXLAN ERB scenario. PR1481987
RIPv2 packets stop transmitting when changing interface-type configuration from p2mp to broadcast. PR1483181
Rpd memory leak is observed in certain looped MSDP scenario. PR1485206
The rpd process might generate soft core files after always-compare-med is configured for BGP path-selection. PR1487893
The rpd crashes when reset OSPF neighbors. PR1489637
The BGP route target family might prevent route reflector from reflecting Layer 2 VPN and Layer 3 VPN routes. PR1492743
The rpd might crash because of rpd resolver problem of INH. PR1494005
Receipt of certain genuine BGP packets from any BGP speaker causes rpd to crash. PR1497721
The rpd might crash if the import policy is changed to accept more routes that exceed the teardown function threshold. PR1499977
The show bgp neighbors command shows change in x-path output for input-updates value. PR1504399
The rpd crash might occur due to RIP updates being sent on an interface in down state. PR1508814
The rpd process might crash on backup Routing Engine if BGP (standby) received a route from peer which is rejected due to invalid target community. PR1508888
The rpd process might crash if there is a huge number of SA messages in MSDP scenario. PR1517910
Services Applications
The FPC might crash and generate NPC core file if the service interface is configured under service-set in USF mode. PR1502527
Subscriber Access Management
Syslog message pfe_tcp_listener_open_timeout: Peer info msg not received from addr: 0x6000080. Socket 0xfffff804ad23c2e0 closed is seen. PR1474687
The authd logs events might not be sent to syslog host when destination-override is used. PR1489339
MX Series platforms are not compliant with RFC 2868 and sending RADIUS access request includes tunnel assignment ID for LTS client. PR1502274
User Interface and Configuration
The version information under the configuration changes from Junos OS Release 19.1. PR1457602
VPNs
Traffic loss might be observed when the inter-AS next-generation MVPN VRF is disabled on one of the ASBRs. PR1460480
The l2circuit neighbor might be stuck in RD state at one end of MG-LAG peer. PR1498040
The rpd fork process might crash on removing last l2circuit neighbor interface. PR1511783
The rpd might crash when you delete l2circuit configuration in a specific sequence. PR1512834
Resolved Issues: 19.2R2
Application Layer Gateways (ALGs)
SIP messages that need to be fragmented might get dropped by SIP ALG. PR1475031
FTPS traffic might get dropped on MX Series platforms if FTP ALG is enabled. PR1483834
Authentication and Access Control
The LLDP packets might get discarded on all Junos OS running devices. PR1464553
Class of Service (CoS)
The host-inbound packets might be dropped if you configure host-outbound FC. PR1428144
The dfwd crashes for the forwarding-class configuration in policers. PR1436894
MX Series generated OAM/CFM LTR messages are sent with a different priority than the incoming OAM/CFM LTM messages. PR1466473
Unexpected traffic loss might be discovered under certain conditions in a Junos fusion scenario. PR1472083
The MX10008 and MX100016 routers might generate cosd core file after executing commit/commit check command if policy-map configuration is set. PR1475508
EVPN
The RA packets might be sent out without using the configured virtual gateway address. PR1384574
Unexpected next-hop operation error from kernel to l2ald in a Layer 2 gateway during the MAC movement operation is observed. PR1430764
Incorrect MAC count is observed with the show evpn/bridge statistics command. PR1432293
Asynchronous state between ARP table and Ethernet switching table occurs if EVPN ESI link flaps multiple times. PR1435306
EVPN/MPLS IRB logical interface might not come up when local Layer 2 interface is down. PR1436207
Configuring ESI on a single-homed 25-Gigabit Ethernet port might not work. PR1438227
On EVPN/VXLAN setup, the specific source-ports of UDP packet are dropped. PR1441047
Restarting Layer 2 learning might cause some remote MAC addresses to move into forwarding dead state. PR1441565
Traffic drop might be observed in an EVPN Layer 3 gateway scenario. PR1442319
On MX Series platform, the core-isolation feature does not work after setting and then deleting the no-core-isolation statement. PR1442973
The EVPN type 2 routes might not be advertised properly in logical-systems. PR1443798
The local host address is not present in the EVPN database and the mac-ip-table table. PR1443933
The bridge mac-table age timer does not expire for rbeb interfaces. PR1453203
Instance type is changed from VPLS to EVPN, which results in loss of packet. PR1455973
Preference-based DF Election algorithm does not work on the LT interface. PR1458056
ARP request or NS might be sent back to the local segment by the DF router. PR1459830
Traffic received from VTEP gets dropped if the VNI value used for Type-5 routes is greater than 65,535. PR1461860
The rpd might crash after changing EVPN-related configuration. PR1467309
Dead next hops might flood in a rare scenario after remote PE devices bounce. PR1484296
The ARP entry gets deleted from the kernel after adding and deleting the virtual-gateway-address. PR1485377
The rpd core might be generated when you do Routing Engine switchover after disabling the BGP protocol globally. PR1490953
On an MX10003, VTEP interface are not installed under the VXLAN bridge domain after a chassisd restart. PR1495098
The VXLAN function might be broken due to a timing issue. PR1502357
Fault Management
Cmerror Op Set log message is missing for bringup jspec command-based error simulation. PR1430300
Forwarding and Sampling
The SRRD might crash when memory corruption occurs. PR1414568
DT_BNG: rt-delay-threshold can be set below one second. However, rt-marker-interval is limited to one second. PR1425544
The device is in amnesiac mode after ISSU with mgd: error: configuration check-out failed error generated. PR1432664
Enable interface with input or output VLAN maps to be added to a routing instance configured with a VLAN ID or VLAN tags with the virtual-switch instance type and VLPS protocol. PR1433542
The test aaa ppp command gets timed out with Client session Activate: no response error. PR1435689
Sampling might return incorrect ASN for BGP traffic. PR1439630
High CPU utilization of l2ald is observed after replacing the EVPN configuration. PR1446568
On MX204, input/output counters of an aggregated Ethernet bundle or member links configured on nondefault logical systems are not updated. PR1446762
The ARP packets get dropped by Packet Forwarding Engine after chassis-control is restarted. PR1450928
Crafted packets traversing in a BNG configured with IPv6 NDP proxy could lead to denial-of-service. PR1451959
On the PTX Series or TVP platforms, the pfed might crash and might not be able to come up. PR1452363
Commit error and dfwd core files might be observed when applying a firewall filter with then traffic-class or then dscp action. PR1452435
On devices running Junos OS, the l2ald process might experience memory leak. PR1455034
The following syslog error messgaes are seen at pfed: rtslib: ERROR received async message with no handler: 28. PR1458008
A problem with statistics on some interfaces of a router might be observed after FPC or PIC reboot. PR1458143
With the MX Series devices, the following logs are seen: L2ALD_MAC_IP_LIMIT_REACHED_IF: Limit on learned MAC+IP bindings reached for .local.1048605; current count is 1024. PR1462642
Type 1 ESI/AD route might not be generated locally on EVPN PE device in the all-active mode. PR1464778
On the MX10008 and MX10016 routers, policer bandwidth-limit cannot be set higher than 100-Gigabit Ethernet. PR1465093
An output bandwidth-percent policer with logical-bandwidth-policer applied to an aggregated Ethernet bundle along with an output-traffic-control-profile has incorrect effective policing rate. PR1466698
Traffic might not be forwarded into the correct queue instead of the default queue when the VPLS traffic has three or more VLAN tags with VLAN priority 5. PR1473093
The filter might not be installed if the policy-map xx is present under the filter. PR1478964
General Routing
On MX Series Virtual Chassis, suboptimal aggregated Ethernet load balancing occurs when an aggregated Ethernet bundle is part of an ECMP path. PR1255542
PFEIFD: Could not decode media address with length 0 syslog error messages might be generated by the Packet Forwarding Engine. PR1341610
Default credentials supplied in vMX configuration. PR1344858
SFP stop forwarding traffic after unified ISSU upgrade. PR1379398
The severity of the error is reduced from fatal to major PR1390333
The high-cos-queue-threshold range is changed to [uint 0 .. 90;]. PR1390424
Commit error might be observed after adding additional sites to existing group and routing-instance configuration. PR1391668
Layer 3 gateway des not update ARP entries IP or MAC quickly move from one router to another router in an EVPN-VXLAN environment. PR1395685
NAPT66 pool split is not supported with AMS hus commit fail with IPv6 pool in AMS. PR1396634
The PPPoE subscribers are unable to reconnect after FPC reboot. PR1397628
Confirmation message is missing when issuing request vmhost reboot re*. PR1397912
The rpd might crash when condition-manager policy is configured for routing table and the same routing table is repeatedly deleted then re-added. PR1401396
The na-grpcd log file is not rotated and keeps growing until the Routing Engine is out of disk space. PR1401817
Kernel memory leak in virtual memory because of interface flap. PR1407000
FPC crash and slow convergence upon HMC fatal error condition is seen when inline J-Flow is usedPR1407506
For the initial packet, which is specific to MPC10 and onward, the ICMP redirects are not seen at the source and packets are sent to the better next hop. PR1409346
Nonexistent subscribers might appear in the output of the show system resource-monitor subscribers-limit chassis extensive command. PR1409767
Slow SNMP on entityMIB during subscribers load test. PR1411062
Parity error might cause FPC alarm. PR1411610
Log severity level change is seen on MX150. PR1411846
Egress monitored traffic is not mirrored to destination for analyzers on MX Series router. PR1411871
Redirect IP is not supported for BGP FlowSpec filters. If such an action is programmed for BGP FlowSpec rules, then it will not be reflected in filter term action. PR1413371
J-Flow gets disabled when you reduce the maximum flow table size byusing the flex-flow-sizing statement enabling the bandwidth command. PR1413513
On PowerPCbased MX Series platforms, the DHCP/DHCPv6 subscribers might fail to establish sessions. PR1414333
The FPC x Voltage Tolerance Exceeded alarm is raised and cleared after the JNP10K-LC2101 is powered on. PR1415671
cRPD does not restrict the number of simultaneous JET API sessions. PR1415802
The JSU package installation might fail. PR1417345
The rpd core files are seen when you restart the rpd or when the logical system is deactivated. PR1418192
Multiple ANs are created when you configure or unconfigure PSK and last for a longer duration. PR1418448
Resetting the Playback Engine generates log files on the MPC5E line card. PR1420335
Core voltage of ASIC chip in SIBs is not set as per the required e-fuse value and remains to default value of 0.9V on JNP10008-SF and JNP10016-SF SIBs. PR1420864
jnxFruState shows value as 10 for Routing Engine instead of 6 in response to .1.3.6.1.4.1.2636.3.1.15.1.8.9.1.0.0. PR1420906
MX Series LNS might fail to forward the traffic on the subscriber access route. PR1421314
PTP might not work on MX104 if phy-timestamping is enabled. PR1421811
After control plane event, a few IPsec tunnels failed to send traffic through the tunnelPR1421843
RSI bloat VM host-based log collection. PR1422354
Packet Forwarding Engine wedge m be observed after running the show forwarding-options load-balance command. PR1422464
The XML output might be not be hierarchically structured if you issue the show security group-vpn member ipsec statistics command. PR1422496
Ports might get incorrectly channlized if they are 10-Gigabit Ethernet already and they are channelized to 10-Gigabit Ethernet again. PR1423496
The MPC10line card might crash once multiple filters are configured in a scaled environment. PR1423709
PTP asymmetry change needs PTP bounching. PR1423860
The system does not reboot or halt as configured when encountering the disk error. PR1424187
The rpd keeps crashing after changing the configuration. PR1424819
Interface with FEC disabled might flap after Routing Engine mastership switchover. PR1425211
The mspmand process might crash and restart with a mspmand core file created after you do a commit change to deactivate and activate service set. PR1425405
One hundred percent CPU usage is seen on route monitor of static routes after the client disconnected from prpd server. PR1425559
MPC reboot or Routing Engine mastership switchover might occur on MX204 and MX10003. PR1426120
The host-bound traffic might be dropped after performing a change configuration related to prefix-list. PR1426539
Some CFM and BFD sessions might flap while collecting MPLS statistics. PR1426727
The show lldp neighbors interface command does not display all interface information. PR1426793
The decoding of telemetry data at collector might not be proper if you configure the sensors. PR1426871
ENTITY MIB has incorrect containedIn values for some fixed MPCs with built-in PICs. PR1427305
Rebooting or halting a Virtual Chassis member might cause the RTG link to be down for 30 seconds. PR1427500
When broadband edge PPPoE and DHCP subscribers coming up over Junos fusion satellite ports are active, the commit full and the commit synchornization full commands fail. PR1427647
When installing YANG package without proxy-xml statement, the CLI environment does not work well. PR1427726
The PPP session does not work properly on MX Series platform. PR1428212
The global-mac-limit and global-mac-ip-limit configuration statements might allow more entries than the configured values. PR1428572
Fabric drops might be seen on MX10003 platform when two FPCs come online together. PR1428854
Incorrect IGMP interface counter for dynamic PPP interfaces. PR1429018
The emitted XML output INVALID is thrown for the show virtual-network-functions command. PR1429090
A race condition vulnerability might cause RPD daemon to crash when processing a BGP notification message. PR1429719
Extended ukern thread (PFEBM task) priority to support BBE performance tuning. PR1429797
The aggregated Ethernet interface does not come up after rebooting the FPC or device although the physical member link is up. PR1429917
Protect core configured router might send IPFIX sampling packets with incorrect next-hop information. PR1430244
Performance degradation is observed for about 20 seconds after the fabric board on MX10008 or MX100016 is taken offline. PR1430739
Disabling DAC QSFP port might not work on MX204 and MX10003. PR1430921
Inline LSQ might not work when it is configured on the same FPC where MIC-3D-16CHE1-T1 is slotted. PR1431069
Error might be observed when you use a script to load the configuration. PR1431198
The l2cpd process might crash and generate a core file when interfaces flap. PR1431355
SIB Link Error is detected on a specific Packet Forwarding Engine might cause complete service impact. PR1431592
Allow installation of three identical framed routes in the same routing instance. PR1431891
Line card might be offline when Packet Forwarding Engine is powered off. PR1432019
Dual-stack subscriber accounting statistics are not baselined when one stack logs out. PR1432163
Traffic might be sent on the standby link of aggregated Ethernet bundle and lost with LACP fast-failover enabled. PR1432449
Change to in-use parameterized filter prefix-list result in bbe-smgd core files on the backup Routing Engine. PR1432655
Output traffic statistics might be incorrect with Routing Enginegenerated traffic. PR1432724
In BBE configurations, receipt of a specific MPLS or IPv6 packet causes a denial of service. PR1432957
After deleting the CLI configuration chassis license bandwidth, the bandwidth value is not defaulting to maximum bandwidth value. PR1433157
A few entries specific to show dynamic-tunnels database output are not getting populated while testing the functionality after both PICs are taken offline and then one PIC is brought online. PR1433247
Traffic drop sa-multicast is configur. PR1433306
The gNMI set RPC with replace field does not work and the mgd-api might crash. PR1433378
RSI and RSIbrief should not include show route forwarding-table when is enabled. PR1433440
Junos telemetry interface-firewall ollected service statistics all 0 after unified ISSU for MPC2. PR1433589
Lawful intercept for subscriber traffic is not programmed in Packet Forwarding Engine if it activated by Access-Accept. PR1433911
URL case sensitivity support is needed. PR1434004
Incorrect PLUGGABLE ID 17 on MX10003-LC2103. PR1434183
rpd crashes during the route flash when the policy is removed. PR1434243
Packet Forwarding Engine memory leak might be seen if MLPPP links are flapped. PR1434980
Micro BFD 3x100 ms flap is seen upon inserting a QSFP to another port. PR1435221
Traffic drops when session key rolls over between primary and fallback for more than 10 times. PR1435277
DHCPv6 advertise to client might use incorrect destination MAC address. PR1435694
Total number of packets mirrored after adding the DTCP trigger and enabling DTC is not in the expected range while verifying traffic on mirror port after DTCP drop policy is enabled. PR1435736
MPC7/8/9/MX10003 MPC/EX9200-12QS/EX9200-40XS line card might crash in a scaling setup. PR1435744
The mc-ae interface might get stuck in waiting state in a dual mc-ae scenario. PR1435874
The local route in the secondary routing table gets stuck in the KRT. PR1436080
The ifHCInOctets counter on aggregated Ethernet interface shows the zero value when SNMP MIB walk is executed. PR1436201
Control logical interface is not created by default for LLDP. PR1436327
A few static PPP/PPPoE get subscribers stuck in the initialization state permanently and the Failed to create client session, err=SDB data corrupted error message is seen. PR1436350
The subscriber interim statistics might reset to zero and idle-timeout might not work in the statistics setup. PR1436419
The device might not be reachable after a downgrade from some releases. PR1436832
On MPC10E, micro BFD sessions do not come up in centralized mode. PR1436937
MX10003 FPCs show high CPU because the JGCI_Background thread runs for a long period. PR1437283
Schema XSDs are missing objects/commands from Junos OS Release 19.1. PR1437469
The CPU utilization on a daemon might be around 100 percent or backup Routing Engine might crash in race conditions. PR1437762
The LIBCOS_COS_TVP_FC_INFO_NOT_FOUND: Forwarding-class information not specified messages is seen while you commit the configurations. PR1437824
LNS router might send the router-advertisement packet with NULL source link-layer option field. PR1437847
The chassisd might crash after you enable hash-key. PR1437855
Unified ISSU fails from 19.1R1 legacy Junos OS release images. PR1438144
The rpd crash might be seen during the router startup file pointer issue. PR1438597
Subscriber flows might not be synchronized between aggregated Ethernet members on MX Series Virtual Chassis platforms. PR1438621
Carrier-grade NAT logs are not received by the syslog server over TCP-based-syslog when data traffic is sent at 10,000 sessionssec. PR1438928
Incorrect values are seen in JUNIPER-TIMING-NOTFNS-MIB table. PR1439025
The show jdaf service cmd statistics / clients command is not available. PR1439118
FPC on Virtual Chassis backup router might reboot in an MX Series Virtual Chassis scenario. PR1439170
LACP state might get stuck in Attached state after disabling peer active members. PR1439268
Packet drop might be seen when chained composite next hop is enabled for Layer 3 VPN. PR1439317
The vlan all interface all combination not workas expected under VSTP. PR1439583
When group is applied at nonroot level, updating commands inside the group does not update the hierarchies where it is applied. PR1439805
The bbe-smgd core files are seen after restart. PR1439905
PRPD flexible tunnel profile queries do not return DMAC when set to all zeros by client. PR1439940
CoS-related errors are seen and subscribers could not get service. PR1440381
CPU might hang or interface might be stuck down on a particular 100-Gigabit Ethernet port. PR1440526
FPC might stuck 100 percent CPU GRES and multiple daemons continuous restart on MX platforms. PR1440676
DHCP offer packets toward IRB over LT interface getting dropped in DHCP relay environment. PR1440696
The Layer 2 dynamic VLAN misses when an interface is added to or removed from an aggregated Ethernet interface. PR1440872
The EX ports might stay in up state even if the EX4600 line of devices or the QFX5100 line of devices are rebooted. PR1441035
For a route received through EBGP, the AIGP value might not be considered as expected. PR1441438
The rpd might crash or consume 100 percent of CPU after flapping the routes. PR1441550
New OID is added that calculates the buffer utilization where inactive memory is not considered as free memory. PR1441680
The outgoing aggregated Ethernet traffic might be dropped after changes are made to the aggregated Ethernet interface. PR1441772
Privilege escalation vulnerability in dual Routing Engine, Virtual Chassis, or HA cluster might allow unauthorized configuration change. PR1441795
SNMP trap comes twice for FRU removal in MX10000—one trap with FRU name as FPC: JNP10K-LC2101 and second with FRU name as FPC @ 1/*/*. PR1441857
The packets originating from the IRB interface might be dropped in a VPLS scenario. PR1442121
The chassisd is unable to power off a faulty FPC after Routing Engine switchover, which leads to chassisd restart loop. PR1442138
In enhanced-ip or enhanced-ethernet mode with destination-class-usage (DCU) accounting enabled, MS-DPC might drop all traffic that should egress through aggregated Ethernet interface. PR1442527
EVENT UpDown interface logs are partially collected in syslog messages. PR1442542
Different formats of the B4 addresses might be observed in the SERVICES_PORT_BLOCK_ALLOC/RELEASE/ACTIVE log messages. PR1442552
A few Path Computation Element Protocol (PCEP) logs are marked as ERROR even though they are not. Now the severity of those logs is corrected as INFO. PR1442598
The interface might go into the down state after FPC restarts with the PTP configuration enabled. PR1442665
DHCPv6 client might fail to get an IP address. PR1442867
On MX Series platforms, the bbe-smgd might crash. PR1443109
Improper handling of specific IPv6 packets sent by clients eventually leads to kernel crash (vmcore) on the device. PR1443576
The kmd process might crash and restart with a kmd core file created if IP of NAT mapping address for IPsec-VPN remote peer is changed. PR1444183
GRE packets that are larger than MTU get dropped on MX204 platforms when sampling is enabled on the egress interface. PR1444186
For eventd, you might observe high CPU utilization along with error logs. PR1444462
Inline-keepalive might stop working for LNS subscribers if the routing-services statement is enabled. PR1444696
Access route might be stuck in bbe-smgd and rpd might not be cleared. PR1445155
The CPCDD process might crash continuously if the captive-portal-content-delivery service is activated for dual-stack PPPoE/DHCPv6 subscriber. PR1445382
ECMP-FRR might not work for BGP multipath ECMP routes. PR1445391
Detached LACP member link gets LACP state as enabled in Packet Forwarding Engine when switchover occurs because of device reboot. PR1445428
The 1-Gigabit Ethernet interface on MX204 might stay down after the device is rebooted. PR1445508
Irregular traffic drop might be seen when traffic is ingress from MPC3E and egress to MPC10E. PR1445649
In Junos OS Release 19.2 the group level use of wildcard <*> is not an available option. PR1445651
The l2ald might crash when FPC restarts. PR1445720
The mspmand process might crash if URL filtering is configured and one blacklisted domain name is a substring of another blacklisted domain name in URL filter database file. PR1445751
The jdhcpd process might crash after you issue the show access-security router-advertisement-guard command. PR1446034
When you use a converged CPCD, MX Series router rewrites the HTTPS request with destination-port 80. PR1446085
Upgrade of jfirmware might fail on MX chassis with MX-SCBE3 installed. PR1446205
The static route for NAT might never come up if switchover happens with MX Series route service interface that has NAT and GR configuration. PR1446267
The rpd process might crash when it is terminated immediately after it has been started. PR1446320
Accurate statistics might not include packets forwarded during the last two seconds before subscriber termination. PR1446546
On MX Series routers with MPC10 or MPC11 line cards, the incoming packets might get dropped. PR1446736
NAT service set in a certain scale might fail to get programmed. PR1446931
MX Series-based MPC might crash and restart during unified ISSU with large-scale logical interfaces. PR1446993
The J-Flow version 5 stops working after changing input rate value. PR1446996
The bbe-smgd core file bbe_ifd_add_vlan (ifd=0x8c3e835, ifl=0xcaf59f18) is generated on the backup Routing Engine at
../../../../../../src/junos/usr.sbin/bbe-svcs/smd/infra/bbe_ifd.c:6374. PR1447493Traffic silently drops when using ps- interface over RLT in Layer 2 circuit with no-control-word enabled. PR1447917
The rpd process might crash if BGP is activated or deactivated multiple times. PR1448325
The vehostd process might crash without generating core files and automatic restart of vehostd might fail. PR1448413
Interface attributes might cause high CPU usage of dcd. PR1448858
FPC might reboot when PIC 0 is taken offline on MX204 platforms. PR1449067
The DHCP relay feature might not work as expected with helpers bootp configured. PR1449201
Increase in the maximum value of delegation-cleanup-timeout. PR1449468
Currently IS-IS is sending system host-name instead of system-id in OC paths in lsdb or adjacency xpaths in periodic streaming and on-change notification. PR1449837
No localhost ifl for rtt 65535 can be seen on MX Series routers running Junos OS enhanced subscriber management feature. PR1450057
Interfaces might flap forever after deleting the interface disable configuration. PR1450263
The Mixed Master and Backup RE types alarm is observed when MX2008 with RE-MX2008-X8-128G detects backup Routing Engine as RE-MX2008-X8-64G. PR1450424
VLAN configuration change with l2ald restart might cause kernel synchronization issues and impact forwarding. PR1450832
JNP10K-LC2101 FPC generates Voltage Tolerance Exceeded major alarm for EACHIP 2V5 sensors. PR1451011
The burst size is not updated when the dynamic profile uses the static traffic control profile. PR1451033
Main chassisd thread at a JNS GNF might stall upon the GNF SNMP polling for hardware-related OIDs. PR1451215
SNMP query for IPsec decrypted/encrypted packets does not fetch correct values and KMD_SNMP_FATAL_ERROR error is observed. PR1451324
DHCP snooping statistics binding does not take effect after deleting and readding the entries. PR1451688
RMPC core file is found after configuration changes are done on the network for PTP/clock synchronization. PR1451950
Firmware upgrade for PSU (JNP10K-AC2 and JNP10K-DC2) on MX10000 and PTX10000 systems with Routing Engine redundancy configuration enabled might fail due to lcmd being disabled by the firmware upgrade command. PR1452324
PLL errors might be seen after FPC reboot or restart. PR1452604
Framing errors and packet loss might be seen when high throughput traffic passes through MACsec device. PR1452851
Sensord core file might be seen when the script runs on the MPC10E line card. PR1452976
The values displayed in the output of show snmp mib walk jnxTimingNotfnsMIB.3 are not correct. PR1453436
PTP goes out of synchronization when HWDB is not accessible during initialization. PR1453531
Alarm was not sent to syslog on MX10003 platforms. PR1453533
The FPC might crash due to the memory corruption in JNH pool. PR1453575
The ANCP interface-set QoS adjusts might not be processed. PR1453826
The FPC might crash when the severity of error is modified. PR1453871
RADIUS interim accounting statistics are not populated on the MX204. PR1454541
The 100-Gigabit Ethernet interfaces might not come up again after going down on MPC3E-NG. PR1454595
The access request for L2BSA port up might not be retransmitted if the RADIUS server used is unreachable. PR1454975
CRAFTD syslog fatal errors along with junk characters are seen upon its startup and exits after four startup attempts. PR1454985
JET/JSD RPC tag handling bug. PR1455426
SmiHelperd process is not initialized in Junos OS running on PPC-based platforms. PR1455667
Device chooses incorrect source address for locally originated IPv6 packets in routing-instance when destination address is reachable through static route with next-table statement. PR1455893
BgpRouteInitialize API exits with error code 2. PR1455967
Queue data might be missing from the following path:
/interfaces/interface/state. PR1456275High temperature from the show chassis environment output is observed after MPC4E is inserted to slot 5. PR1456457
CLI command with invoke-on and display xml rpc results in unexpected multiple RPC commands. PR1456578
All the IPsec tunnels might be cleared when the clear command is executed for only one IPsec tunnel with a specified service-set name. PR1456749
The bbe-statsd process continuously crashes if any parameter is set to 0 in the mx_large.xml file. PR1457257
Default value of 2^32 replay-window size results in framing errors at an average of one in 2^32 frames received. PR1457555
The chassisd process and all FPCs might restart after Routing Engine switchover. PR1457657
The subscriber routes are not cleared from backup Routing Engine when the session is aborted. PR1458369
Subscribers are unable to log in after more than 2 million multicast subscribers are being activated. PR1458419
The correct VoIP VLAN information in LLDP-MED packets might not be sent after commit if dynamic VoIP VLAN assignment is used. PR1458559
The FPC X major errors alarm might be raised after committing the PTP configuration change. PR1458581
The rpd crash might be seen if BGP route is resolved over the same prefix protocol next hop in inet.3 table that has both RSVP and LDP routes. PR1458595
The traffic might be stuck on MS-MPC or MS-MIC with sessions receiving a huge number of affinity packets. PR1459306
The following error message might be seen after the chassisd restarts: create_pseudos: unable to create interface device for pip0 (File exists). PR1459373
The show ancp subscriber access-aggregation-circuit-id < access aggregation circuit ID> command displays incomplete output. PR1459386
Telemetry streaming of mandatory TLV ttl learned from LLDP neighbor is missing. PR1459441
The traffic might be silently dropped or discarded during link recovery in an open Ethernet access ring with ERPS configured. PR1459446
In MC-LAG scenario, the traffic destined to VRRP-virtual MAC gets dropped. PR1459692
Traffic is silently dropped and discarded upon interface flap after DRD autorecovery. PR1459698
CPCDD core file is found at
ServicesManager::cpcddSmdInterface::processServiceNotifyMsg ,SmdInterface::cbStateSyncServiceNotifyMsgHandler ,statesync_consumer_poll_new_state_cb. PR1459904Subscriber statistics might be broken after unified ISSU. PR1459961
The PPTP does not work with destination NAT. PR1460027
Multiple leaf devices and prefixes are missing when LLDP neighbor is added after a streaming starts at global level. PR1460347
If vlan-offload is configured on the VMX platform, input-vlan-map might not work. PR1460544
Support of del_path for the LLDP neighbor changes at various levels. PR1460621
When you receive IPv6 over IPv4 IBGP session, the IPv6 prefix is hidden. PR1460786
The PTP function might consume the kernel CPU for a long time. PR1461031
Explicit deletion notification (del_path) is not received when LLDP neighbor is lost as a result of disabling local interface on the DuT using CLI (gNMI). PR1461236
A bbe-smgd core file is generated when all RADIUS servers are unreachable. PR1461340
Traffic might be impacted because the fabric hardening is stuck. PR1461356
On the MPC10E line card, more output packets are seen than expected when the ping function is performed. PR1461593
In EVPN scenario, memory leak might be observed when proxy-macip-advertisement is configured. PR1461677
The rpd core files are generated during system startup. PR1461796
Memory leak causes bbe-statsd and bbe-smgd crash. PR1461821
On MPC11E line card, the PPS information on the physical interface is inaccurate and varies. PR1461872
The rpd might crash after committing the dynamic-tunnel-anchor-pfe command. PR1461980
The rpd process might crash if the show v4ov6-tunnels information anti-spoof-ip command is executed. PR1462047
The CHASSISD_SNMP_TRAP6: SNMP trap generated: Power Supply failed message appears when both DIP switches and power switch are turned off. PR1462065
On MX204, RADIUS interim accounting statistics are not populated. PR1462325
The EA WAN SerDes gets into the Stuck state that leads to continuous DFE tuning timeout errors and causes the link to stay down. PR1463015
The Routing Engine switchover might not be triggered when the master CB clock fails. PR1463169
MVPN traffic might be dropped after performing switchover. PR1463302
The subscribers might not pass traffic after making some changes to the dynamic-profiles filter. PR1463420
The MPC2E-NG or MPC3E-NG card with specific MIC might crash after a high rate of interface flaps. PR1463859
The bbe-smgd process generates core files on the backup routing engine. PR1466118
The mspmand process might crash when stateful firewall and RPC ALG are used on MX Series platforms with MS-MIC or MS-MPC. PR1464020
The IPoE subscriber route installation might fail. PR1464344
Observing bbe-smgd-core (0x000000000088488c in
bbe_autoconf_delete_vlan_session_only (session_id=918)at../../../../../../src/junos/usr.sbin/bbe-svcs/smd/plugins/autoconf/bbe_autoconf_plugin.c:3115). PR1464371The PPP IPv6CP might fail if the routing-services command is enabled. PR1464415
The CPU utilization on mgd daemon might get stuck at 100 percent after the NETCONF session is interrupted by a flapping interface. PR1464439
The MS-MIC might not work when it is used on a specific MPC. PR1464477
The show task memory detail command shows incorrect cookie information. PR1464659
The PPPoE session goes in to the Terminated state and the accounting stops for the delayed session. PR1464804
MPC5E or MPC6E might crash due to internal thread hogging the CPU. PR1464820
MPC10E might crash due to inconsistencies during firewall filter add or delete operations. PR1465153
The jdhcpd might consume high CPU and no further subscribers can be brought up if there are more than 4000 dhcp-relay clients in the MAC-MOVE scenario. PR1465277
The physical interface of aggregated Ethernet might take time to come up after disabling or enabling the interface. PR1465302
The internal ixlv1 interface might not be created after PXE or network installation. PR1465547
ICMP error messages do not appear even after enabling the enable-asymmetric-traffic-processing statement. PR1466135
The PPPoE subscribers get stuck due to the PPPoE inline keepalives that do not work properly. PR1467125
A few DHCP inform packets specific to particular VLAN might be taking the wrong resolve queue. PR1467182
Layer 2 wholesale does not forward all the client requests with stacked VLAN. PR1467468
Hot-swapping between MPC11E and legacy MPC9, MPC8, or MPC6 is not supported. PR1467725
The rpd process might stop after several changes to the flow-spec routes. PR1467838
Crypto code might cause high CPU utilization. PR1467874
Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435
The tcp-log connections fail to reconnect and get stuck in the Reconnect-In-Progress state. PR1469575
Memory leak on Layer 2 cpd process causes Layer 2 cpd to crash. PR1469635
A hierarchical-scheduler should not be configured on a ps- interface. PR1470049
The SNMP interface-mib stops working for the PPPoE clients. PR1470664
Multiple FreeBSD vulnerabilities fixed in Junos OS. PR1470693
Sudden FPC shutdown due to hardware failure or ungraceful removal of line card might cause major alarms on other FPCs in the system. PR1471372
The clksyncd crash might be seen when PTP over an aggregated Ethernet interface is configured on the MX104 platform. PR1471466
Phase or frequency synchronization might not work correctly when PTP is configured in the hybrid mode. PR1471502
On the MX10008 and MX10016 line cards, the ARP suppression (default enabled) in EVPN does not work. PR1471679
The pccd core file and PCEP session flaps might be seen in PCE-initiated or PCE-delegated LSP scenario. PR1472051
Chassis alarm on BSYS might be observed: RE0 to one or many FPCs is via em1: Backup RE. PR1472313
Service accounting statistics do not get updated after changes are made to the firewall filters. PR1472334
The kernel might crash and VM core file might be generated after the configuration change is committed. PR1472519
Performing back-to-back rpd restarts might cause rpd to crash. PR1472643
Active errors counts do not increase for I2C in the synchronization cards. PR1472660
SDB goes down very frequently if the reauthenticate lease-renewal statement is enabled for DHCP. PR1473063
ERP might not come up properly when MSTP and ERP are enabled on the same interface. PR1473610
Ingress multicast replication does not work with the GRES configuration. PR1474094
On MX150 routers, unable to see generated core files for the show system core-dumps command. PR1474118
An MPC11 crash might occur on MX2000 platform using multidimensional advanced scale configuration that has inline keepalive sessions. PR1474160
MX10000 QSA adapter lane 0 port goes in the down state when you disable one of the other lanes. PR1474231
A newly added LAG member interface might forward traffic even though its micro BFD session is down. PR1474300
The clksyncd generates core files after GRES. PR1474987
SFW rule configuration deletion might lead to memory leakage. PR1475220
The RADIUS accounting updates of the service session have incorrect statistic data. PR1475729
Dark window size is more than expected and 31.0872721524375 seconds of traffic loss is observed. PR1476505
The bbe-mibd might crash on the MX Series platform in subscriber environment. PR1476596
Traffic loss might be observed to the LNS subscribers in case the routing-service statement is enabled under the dynamic-profile. PR1476786
In a NAT-T scenario, IKE version 2 tunnel flaps if the tunnel initiator is not behind NAT. PR1477483
The Packet Forwarding Engine might be disabled due to major error on MPC2E-NG, MPC3E-NG, MPC5, MPC6, MPC7, MPC8, and MPC9 line cards. PR1478028
FPC memory leak might happen after you execute the show pfe route command. PR1478279
Output chain filter counters are not proper. PR1478358
The protocol MTU might not be changed on lt- interface from the default value. PR1478822
The TCP-log sessions might be in Established state, but no logs get sent out to the syslog server. PR1478972
The SCBE3 fabric plane gets into check state in MX Virtual Chassis. PR1479363
After kmd restart IPsec SA comes up but traffic fails for some time. PR1480692
The rpd process might crash when executing the show route protocol l2-learned-host-routing or show route protocol rift command on a router. PR1481953
The MX204 router reboots when the PPPoE client starts to log in and no core files are generated. PR1482431
Packet loss might be observed after device reboots or l2ald restarts in an EVPN-MPLS scenario. PR1484468
ARP entry might not be created in the EVPN-MPLS environment. PR1484721
The logical tunnel interface might not work on MPC10 line cards. PR1484751
MPC9E line cards show "Bad Voltage" state when you power on by deleting set chassis fpc X power off setting. PR1485216
Interface input error counters are not increasing on MX150 routers. PR1485706
When rpd starts or restarts, krt-nexthop-ack-timeout might not pick up automatically. PR1485800
The unified ISSU is not supported on NG-MPC cards. PR1491337
On the MX240, MX480, and MX960 router with SCB3E, FPCs might stay down or restart when you swap MPC7, MPC8, or MPC9 with MPC10, MPC11, or vice versa in the same slot. PR1491968
DHCP subscribers do not come up as expected after deactivating Virtual Chassis port. PR1493699
The ptp-clock-global-freq-tracable leaf value is not changing to True. PR1493743
UID might not release properly in some scenarios after service session deactivation. PR1188434
Need to change the default parameters for resource-monitor rtt-parameters. PR1407021
The show system subscriber-management summary command needs to include failure reason for standby disconnect when primary and backup Routing Engine memories do not match. PR1422976
The show subscriber extensive command incorrectly displays the DNS address provided to DHCP clients. PR1457949
DHCP relay with forward-only fails to send OFFER when the client is terminated on the logical tunnel interface. PR1471161
Dynamic-profile for VPLS-PW pseudowire incorrectly reports the Dynamic Static Subscriber Base Feature license alarm. PR1473412
DHCP-server: RADIUS given mask is being reversed. PR1474097
Infrastructure
The duplex status of the management interface might not be updated in the output of the show command. PR1427233
The operations on the console might not work if the system ports console log-out-on-disconnect command is configured. PR1433224
On all Junos OS VM-based platforms, FPC might reboot if jlock hog occurs. PR1439906
Slow response from SNMP might be observed after an upgrade to Junos OS Release 19.2R1 and later releases. PR1462986
The scheduled tasks might not be executed if cron daemon goes down without restarting automatically. PR1463802
Interfaces and Chassis
Restarting chassisd with GRES disabled might cause FPC to restart and some demux interfaces to be deleted. PR1337069
Unrelated aggregated Ethernet interfaces might go down if you commit configuration changes. PR1409535
MX Series Virtual Chassis unified ISSU is not supported when Redundant LT (RLT) is configured. PR1411729
The demultiplexer interfaces will be down after the MTU of the underlying et- interface is changed. PR1424770
Upgrade from releases before Junos OS Release 17.4R1 results in the generation of cfmd core files. PR1425804
The NCP session might be brought down after IPCP configure-reject is sent. PR1431038
VRRP mastership might flap when the tracked route is deleted or the tracked interface goes down. PR1432361
In MX Series platform where PPPoE is used, the router might not send LCP termination-request or LCP terminate-ack. PR1433489
The output of the show interfaces <> command for AFT card might be different from legacy card. PR1435416
Mixed link-speed ae- bundle could not add new subinterface successfully. PR1437929
Targeted-distribution for static demux interface over aggregate Ethernet interface does not take correct LACP link status into consideration when choosing primary and backup links. PR1439257
The cfmd process might crash after a restart on Junos OS Release 17.1R1 and later. PR1443353
Enhancement of add or delete a single VLAN in vlan-id-list under interface family bridge. PR1443536
When the logical interface is associated to a routing-instance inside a LR, the logical interface is removed from routing-instance and the logical interface is not added to the default routing instance. PR1444131
Unified ISSU might fail when you upgrade a device that has an aggregated Ethernet bundle with more than 64 logical interfaces. PR1445040
The OAM CCM messages are sent with single-tagged VLAN even when configuring with two VLANs. PR1445926
Continuous VRRP state transition (VRRP master or backup flaps) is observed when one device drops the VRRP packets. PR1446390
Unable to connect to newly installed Routing Engine from other Routing Engine in MX Series Virtual Chassis. PR1446418
VRRP dual-master status is seen after Routing Engine switchover on the backup router. PR1447028
The l2ald might fail to update composite next hop. PR1447693
The ifinfo daemon might crash on the execution of the show interface extensive command. PR1448090
Interface descriptions might be missing under logical systems CLI. PR1449673
Dual VRRP mastership might be seen after Routing Engine switchover occurs ungracefully. PR1450652
LACP daemon crashes continuously. PR1450978
The severity level log might be flooded when the QSFP-100GE-DWDM2 is inserted. PR1453919
CFM UP MEP session does not come up in scaled scenario over L2VPN circuits on LAG interfaces. PR1454187
The VRRP traffic loss is longer than one second for some backup groups after performing a GRES. PR1454895
Mismatched MTU value causes the RLT interface to flap. PR1457460
The EOAM CFM primary-vid functionality does not work if the enhanced-cfm-mode is enabled. PR1465608
The vrrpv3mibs does work to poll the VRRPv6-related objects. PR1467649
The voltage high alarm might not be cleared when the voltage level comes back to normal for MIC on MPC5. PR1467712
When you configure ESI on a physical interface, the traffic drops when you disable the logical interface under the physical interface. PR1467855
Executing commit might hang up due to stuck dcd process. PR1470622
Commit error was not thrown when member link was added to multiple aggregation groups with different interface specific options. PR1475634
The interface on MIC3-100G-DWDM might go down after performing an interface flap. PR1475777
Multichassis aggregated Ethernet interface might be shown as an unknown status when you add the subinterface as part of the VLAN on the peer multichassis aggregated Ethernet node. PR1479012
J-Web
Session fixation vulnerability in J-Web. PR1410401
Cross-site scripting (XSS) in J-Web. PR1434553
Some error messages might be seen when using J-Web. PR1446081
Security vulnerability in J-Web and web based (HTTP/HTTPS) services. PR1499280
Junos Fusion for Enterprise
The SDPD generates core files at
vfpc_all_eports_deletion_complete vfpc_dampen_fpc_timer_expiry. PR1454335Loop detection might not work on the extended ports in Junos fusion scenarios. PR1460209
Layer 2 Ethernet Services
LACP PDU might be looped toward peer MC-LAG nodes. PR1379022
Error messages might be seen when you add a logical interface for physical interfaces. PR1424106
The DHCP DECLINE packets are not forwarded to the DHCP server when forward-only is set within dhcp-reply. PR1429456
DHCP request might get dropped in a DHCP relay scenario. PR1435039
The jdhcpd process might go into an infinite loop and cause full utilization of CPU. PR1442222
The ppman and aft process might crash if ppm control logs are enabled. PR1443410
The dhcp-relay statement might not work on MX10008 and MX10016 platforms. PR1447323
DHCPv6 authentication via RADIUS server might fail as a result of the missing VSA option 26-207. PR1448100
Multiple vulnerabilities in JDHCPD allow for OS command injection and code execution of JDHCPD. PR1449353
PPPoE holding DHCPv6 prefix causes DHCPv6 binding failure due to a duplicate prefix. PR1453464
DHCP subscriber might not come online after rebooting the router. PR1458150
DHCP packet might not be processed correctly if DHCP option 82 is configured. PR1459925
The metric does not change when configured under DHCP. PR1461571
The ISSU might fail during the subscriber in-flight login. PR1465964
Telemetry data for
relay/bindings/binding-state-v4relay-binding and relay/bindings/binding-state-v4relay-boundare not correct. PR1475248
Layer 2 Features
LSI interface might not be created, which prevents MAC addresses from being learned. The following error is seen: RPD_KRT_Q_RETRIES: ifl iff add: Device busy. PR1295664
VPLS neighbors might stay in the down state after changing the configuration in vlan-id. PR1428862
After disabling and enabling the aggregate interface, the next hop of CE-facing aggregate interface might be in a wrong state. PR1436714
The operational status of the interface in hardware and software might be out of synchronization in an EVPN setup with the proxy ARP feature enabled. PR1442310
In Virtual Chassis scenario, traffic drop might be seen when one Virtual Chassis member reboots and rejoins the Virtual Chassis. PR1453430
Connectivity is broken through LAG due to members configured with hold-time and force-up. PR1481031
MPLS
The FPC might be stuck in the Ready state after making a change in the configuration that removes RSVP and triggers FPC restart. PR1359087
The rpd might restart after an MPLS LSP flap if no-cspf and fast-reroute are configured in an LSR ingress router. PR1368177
RSVP LSP might get stuck in down state in an OSPF multiarea topology. PR1417931
MPLS LSP autobandwidth statistics miscalculations might lead to high bandwidth reservation. PR1427414
Continuous rpd core files at l2ckt_alloc_label , l2ckt_standby_assign_label , l2ckt_intf_change_process in new backup during GRES in MX2010 box. PR1427539
The LDP might withdraw a label for an FEC after the IGP route is inactive in inet.0. PR1428843
MPLS ingress LSPs might not come up after MLPS is disabled or enabled. PR1432138
SRLG entry shows uknown after removing it from configuration in the show mpls lsp extensive or show mpls srlg output. PR1433287
Restart routing might result in RPD core files while GRES and NSR are enabled. PR1433857
Traffic loss might occur if p2mp with NSR is enabled. PR1434522
The P2MP LSP branch traffic might be dropped for a while when the sender PE device switchover occurs. PR1435014
Traffic loss might be seen after the LDP session flaps rapidly. PR1436119
The rpd might crash after executing the ping mpls ldp command. PR1436373
The flow label is not pushed when chained-composite-next-hop ingress l2ckt/l2vpn is enabled. PR1439453
The LDP route and LDP output label are not displayed in the inet.3 table and LDP database respectively if OSPF rib-group is enabled. PR1442135
The active path of a no-cspf LSP might keep flapping when one or more transit nodes are shared by primary path and secondary path. PR1442495
The backup LSP path messages are rejected if the bypass tunnel path is an interarea LSP. PR1442789
RSVP path message with long refresh interval is dropped between nodes running Junos OS releases earlier than and later than Release 16.1. PR1443811
P2MP LSP might get stuck in the down state after link flaps. PR1444111
The rpd memory leak might be seen when the interdomain RSVP LSP is in the down state. PR1445024
Traffic might be silently dropped or discarded if two consecutive PLRs along the LSP perform local repair simultaneously under certain misconfigured conditions. PR1445994
The transit packets might be dropped if an LSP is added or changed on MX Series device. PR1447170
Traffic drop might be seen after traceoption configuration is committed in RSVP P2MP scenario. PR1447480
The LDP route timer resets when you commit unrelated configuration changes. PR1451157
The traffic might be silently discarded after the LACP timeouts. PR1452866
The rpd crash might be observed with traceoption enabled in MPLS. PR1457681
All LDP adjacencies flap after changing LDP preference. PR1459301
Previously configured credibility preference is not considered by CSPF despite that the configuration is deleted or changed to prefer another protocol in the traffic engineering database. PR1460283
High CPU usage and rpd core file might be observed if ldp track-igp-metric is configured and IGP metric is changed. PR1460292
The rpdtmd process might crash while SNMP polls the statistics of the lpd interface. PR1465729
The device might use the locally computed path for the PCE-controlled LSPs after link or node fails. PR1465902
The rpd process might crash during shutdown. PR1471191
The rpd crash might be seen after some commit operations, which might affect the RSVP ingress routes. PR1471281
The following error messages continuously flood the backup Routing Engine: (JTASK_IO_CONNECT_FAILED: RPDTM./var/run/rpdtmd_control: Connecting to 128.0,255.255,255.255,0.0.0.0,0.0.0.0, failed: No such file or directory). PR1473846
RSVP LSPs might not come up in scaled network with a very high number of LSPs if NSR is used on the transit router. PR1476773
Kernel crashes and device might restart. PR1478806
RPD 100 percent CPU load and RPD core files are generated on the backup Routing Engine. PR1479249
The rpd core files are generated during unified ISSU. PR1493969
Network Address Translation (NAT)
The nsd process might crash when SNMP query deterministic NAT pool information. PR1436775
Network Management and Monitoring
MX10000 reports jail socket errors. PR1442176
The Wrong Type error might be seen for the hrProcessorFrwID object. PR1446675
Platform and Infrastructure
The jcrypto syslog help package and events are not packaged even when errmsg is compiled. PR1290089
LACP DDoS policer is incorrectly triggered by other protocol’s traffic. PR1409626
Error logs might be observed after performing unified ISSU. PR1412463
The slax scripts triggered by event options might be stuck forever. PR1422939
Packet drops, replication failure, or ksyncd crashes might be seen on the logical system of a device running Junos OS after Routing Engine switchover. PR1427842
With CNH for 6PE, MPLS EXP rewrite rule for non-VPN IPv4 over MPLS traffic might not work. PR1430878
The FPC might crash when the firewalls filter manager deals with the firewall filters. PR1433034
TWAMP session remains in pending state when cooperating with a non-Juniper device. PR1434740
Traffic from the same physical interface cannot be forwarded. PR1434933
The device might not be accessible after the upgrade. PR1435173
BR for MAP-E does not return ICMP Type=3/Code=4 when over MTU sized packet comes with DF bit. PR1435362
MAP-E encapsulation or de-encapsulation with specific parameter might work incorrectly. PR1435697
The RPM http-get probe always returns HTTP 400 error. PR1436338
The
/var/db/scriptsdirectory might be deleted after you execute the request system zeroize command. PR1436773With CNH enabled, the MPLS CoS rewrite does not work for 6PE traffic. PR1436872
The BGP session might flap after you perform Routing Engine switchover simultaneously on both end of BGP peers. PR1437257
The next-hop MAC address in the output for the show route forwarding-table command might be incorrect. PR1437302
A certain combination of allow-commands/deny-commands does not work properly after Junos OS Release 18.4R1. PR1438269
The inner IPv4 packet might get fragmented using the same size as the configured mtu-v6, which is used for the MAP-E softwire tunnel in the MAP-E configuration. PR1440286
The RPM udp-ping probe does not work in a multiple routing instance scenario. PR1442157
ARP resolution might fail after ARP HOLD next hops are added and deleted continuously. PR1442815
When a host-bound packet is received in a MAP-E BR router, service interface statistics counter shows incorrect number of bytes. PR1443204
Packets drop due to missing destination MAC address in the Packet Forwarding Engine. PR1445191
Python op scripts are executed as user "nobody" if started from NETCONF session, not as logged in user, resulting in failing PyEZ connection to the device. PR1445917
On certain MPC line cards, cm errors need to be reclassified. PR1449427
Some hosts behind unnumbered interfaces are unreachable after the router or FPC restarts. PR1449615
FPC might reboot with vmcore due to memory leak. PR1449664
REST API process becomes nonresponsive when a number of requests come in at a high rate. PR1449987
In an EVPN-VXLAN scenario, sometimes host-generated packets gets dropped as hitting reject route in Packet Forwarding Engine. PR1451559
The Routing Engine originated IPv6 packets might be dropped when interface-group rule is configured under IPv6 filter. PR1453649
The MPC might drop packets after you enable the firewall fast lookup filter. PR1454257
The DDoS protection does not stop logging when remote tracing is enabled. PR1459605
Modifying the REST configuration might cause the system to become unresponsive. PR1461021
CLI configuration flag version-03 must be optional. PR1462186
On the MX204 platform, Packet Forwarding Engine errors occur when the incoming GRE tunnel fragments get sampled and undergo inline reassembly. PR1463718
EVPN-VXLAN T-5 tunnel does not work properly. PR1466602
On the MX150 devices, the default subscriber management license does not include Layer 2 TP. PR1467368
The Layer 2 traffic over ae- interfaces sent from one member to another member is corrupted on MX Series Virtual Chassis. PR1467764
The JNH memory leaks after CFM session flap for LSI and VT interfaces. PR1468663
The switch might not be able to learn MAC address with dot1x and interface-mac-limit configured. PR1470424
SSH login might hang, and the TACAS plus server closes the connection without sending any authentication failure response. PR1478959
The time convergence for the MVPN fast upstream failover might be more than 50 ms. PR1478981
Show system buffer command displays all zeros in the MX104 chassis. PR1484689
MAC malformation might occur in rare scenarios under MX Series Virtual Chassis. PR1491091
A specific IPv4 packet might lead to FPC restart. PR1493176
Routing Engine crash might be seen when a large number of next hops are quickly deleted and added again in a large ARP or ND scale scenario. PR1496429
Traffic to VRRP VMAC/VIP drops as "my-mac check failed" when ingress queueing enabled on an aggregated Ethernet interface. PR1501014
Python or Slax script might not be executed. PR1501746
Routing Policy and Firewall Filters
The route-filter-list configuration with noncontinuous match might not work as expected after being updated. PR1419731
Policy matching RD changes next hop of the routes that do not carry the RD. PR1433615
The rib-group might not process the exported route correctly. PR1450123
The rpd might crash after Routing Engine switchover when prefix-list is configured PR1451025
Routes resolution might be inconsistent if any route resolves over the multipath route. PR1453439
Routing Protocols
The rpd crashes in Junos OS Release 16.1 or later during BGP convergence. PR1351639
Routing Engine-based micro-BFD packets do not go out with configured source IP address when the interface is in logical system. PR1370463
The rpd might crash under a rare condition if GR helper mode is triggered. PR1382892
Processing a large scale AS-path regex causes the flap of the route protocols to flap. PR1396344
BFD link-failure detection of the broken path is delayed when IGP link-state update is received from the same peer through an alternative path. PR1410021
BGP might get stuck in the idle state when the peer triggers a GR restart event. PR1412538
The Layer 3 VPN link protection does not work after flapping the CE-facing interface. PR1412667
Transit traffic does not forward under TI-LFA and IS-IS overLoad bit setting scenario. PR1412923
Multicast traffic might be lost for around 30 seconds during Routing Engine switchover. PR1427720
The next hop of IPv6 route remains empty when a new IS-IS link comes up. PR1430581
The BGP configuration statement multipath multiple-as does not work in specific scenario. PR1430899
IPv6 aggregate routes are hidden. PR1431227
The rpd process might crash continuously if egress-te is configured under the EBGP VRF routing instance. PR1431536
The show isis adjacency extensive output does not contain the state transition details. PR1432398
In BFD and GR enabled scenario, BFD DOWN packets are not being sent immediately after BFD failure. PR1432440
Per-prefix LFA might not work as expected where the last hop needs to be protected on the penultimate node. PR1432615
PIM-SM join message might be delayed when MSDP is enabled. PR1433625
The rpd crashes after removing MVPN configuration from a VRF instance. PR1434347
With SR enabled, 6PE next hop is not installed. PR1435298
The rpd might crash during the best-path changes in BGP-L3VPN with multipath and no-vrf-propagate-ttl enabled. PR1436465
BGP route next hop can be incorrect in some scenarios with PIC edge configuration. PR1437108
Removing SSH protocol version 1 from configuration. PR1440476
RIP routes are discarded by Juniper Networks device over a /31 subnet interface. PR1441452
The rpd process might crash in inter-AS option B Layer 3 VPN scenario if CNH is used. PR1442291
The CPU utilization on rpd spins at 100 percent once the same external BGP route is learned on different VRF tables. PR1442902
The rpd might crash with SR-TE configuration change. PR1442952
IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507
The rpd crash might be seen after configuring OSPF nssa area-range and summaries. PR1444728
The rpd might crash in OSPF scenario due to invalid memory access. PR1445078
The rpd process crashes if the multicast scope with an invalid prefix is configured and committed. PR1445746
BRP: RPC call is missing for show bgp output-scheduler. PR1445854
The BGP route prefixes are not being advertised to the peer. PR1446383
The as-external route might not work in OSPF overload scenario for a VRF instance. PR1446437
The rpd might crash when the policy applied to the MoFRR is deleted. PR1446472
The rpd uses full CPU utilization due to incorrect path selection. PR1446861
The multicast traffic might be dropped in PIM with BGP PIC setup. PR1447187
The rpd crashes and commit fails when trying to commit configuration changes. PR1447595
On the MX2000 Series of devices, Layer 3 VPN PE-CE link protection exhibits unexpected behavior. PR1447601
Junos OS BFD sessions with authentication flaps occur after some time. PR1448649
The connection between ppmd (Routing Engine) and ppman (FPC) might get lost due to session timeout. PR1448670
The BGP routes might fail to be installed in routing instance if the from next-hop policy match condition is used in the VRF import policy. PR1449458
The TI-LFA backup path for adj-sid is broken in OSPF. PR1452118
SPRING-LDP interoperability issues are observed with colocated SRMS+SR-client+LDP-stitching. PR1452956
The SSH login might fail if a user account exists in both local database and RADIUS or TACACS+. PR1454177
The rpd scheduler slip for BGP GR might be up to 120 seconds after the peer goes down. PR1454198
MoFRR with MLDP inband signaling is not working. PR1454199
The rpd memory might leak in a certain MSDP scenario. PR1454244
Invalid BGP update sent to peer device might cause BGP session to terminate. PR1454677
The rpd might crash when BGP features ORR and IS-IS are configured. PR1454803
The rpd process might crash when multipath is in use. PR1454951
The rpd might crash continuously due to memory corruption in IS-IS setup. PR1455432
Prefix SID conflict might be observed in IS-IS. PR1455994
Packets drop and CPU spike on Routing Engine might be seen in certain conditions if labeled-unicast protection is enabled for a CsC-VRF peer. PR1456260
The rpd might crash when OSPF router-id gets changed for NSSA with the area-range configured. PR1459080
The rpd memory leak might be observed on backup Routing Engine due to BGP flap. PR1459384
The other querier present interval timer cannot be changed in an IGMP or MLD snooping scenario. PR1461590
Rpd scheduler slips might be seen on RPKI route validation-enabled BGP peering router in a scaled setup. PR1461602
Need to install all possible next hops for OSPF network LSAs. PR1463535
IS-IS IPv6 multitopology routes might flap every time when there is an unrelated commit under protocol stanza. PR1463650
The rpd might crash if both BGP add-path and BGP multipath are enabled. PR1463673
The rpd might crash if the IPv4 routes are programmed with IPv6 next hop through JET APIs. PR1465190
The BGP peers might flap if the hold-time parameter is set as small. PR1466709
The configured BGP damping policy might not take effect after BGP is disabled and then enabled followed by commit. PR1466734
BGP multipath does not work for MT on cRPD. PR1467091
The rpd might crash after configuring independent-domain under the master routing instance. PR1469317
The mcsnoopd might crash when the STP moves the mrouter port to the blocked state. PR1470183
The BFD client session might flap when removing the BFD configuration from the peer end (from other vendor) of the BFD session. PR1470603
The rpd might stop when both the instance-import and instance-export policies contain the as-path-prepend action. PR1471968
The rpd process might crash with BGP multipath and damping configured. PR1472671
Removal of the cluster from BGP group might cause prolonged convergence time. PR1473351
The rpd process might crash with BGP multipath and route withdrawal occasionally. PR1481589
The rpd crashes if the same neighbor is configured in different RIP groups. PR1485009
The BGP-LU routes do not have the label when BGP sharding is used. PR1485422
The rpd might crash when you perform GRES with MSDP configured. PR1487636
High CPU utilization might be observed when the outgoing BGP updates are sent slowly. PR1487691
BGP RIB sharding feature cannot be run on a system with a single CPU. PR1488357
The routing protocol process (rpd) crashes while processing a specific BGP update information. PR1448425
Receipt of certain genuine BGP packets from any BGP speaker causes rpd to crash. PR1497721
Services Applications
The kmd process might crash when DPD timeouts for some IKEv2 SAs occur. PR1434521
Traffic might be dropped in an IPsec VPN scenario when the VPN peer is behind a NAT device. PR1435182
The output of the show subscriber user-name on LTS shows only one session instead of two. PR1446572
The jl2tpd process might crash during the restart procedure. PR1461335
On an MX Series router, L2tp LTS fails to forward the agentCircuitId and agentRemoteId AVP toward the LNS. PR1472775
The kmd might crash due to the incorrect IKE SA establishment after the remote peer's NAT mapping address is changed. PR1477181
Subscriber Access Management
Subscriber filtering for general authentication services traceoptions could report debug messages for other users. PR1431614
Incorrect Acct-Session-Time and no LCP Termination-Ack by MX Series BNG. PR1433251
Subscriber deactivation might get stuck in terminated state. PR1437042
Missing
<radius-server-data>tags on test ppp aaa display XML output. PR1444438On MX Series platforms, there might be a false error for SAE policy activation or deactivation failure. PR1447632
Subscriber’s login fails when PCRF server is unreachable. PR1449064
DHCPv6 subscribers might be stuck in a state after the authd process crashes. PR1460578
The subscriber address allocation might fail after deleting the pool link in the middle of the chain. PR1465253
The volume statistics attributes are missing in the accounting-stop for the Configuration Activated Services and CLI Activated Services. PR1470434
The subinterfaces might be missing in the NAS port ID. PR1472045
The authd process might crash after the unified ISSU setup from Junos OS Release 18.3 and earlier to Junos OS Release 18.4 and later. PR1473159
Some address-relevant fields are missing when executing the test aaa ppp command. PR1474180
The CoA request might not be processed if it includes the proxy-state attribute. PR1479697
The mac-address CLI option is hidden under the access profile profile-name radius options calling-station-id-format statement. PR1480119
User Interface and Configuration
The show chassis hardware satellite command is not available in Junos OS Release 17.3. PR1388252
On an MX Series device, a J-Web page might not get redirected to login once the session expires with an idle timeout. PR1459888
VPNs
In a specific CE device environment in which asynchronous-notification is used, after the link between the PE and CE devices goes up, the Layer 2 circuit flaps repeatedly. PR1282875
The rpd core file is seen at
rtbit_reset, rte_tgtexport_rth. PR1379621The rpd crash might be seen if Layer 2 circuit or local-switching connections flap continuously. PR1418870
MPLS LSP ping over Layer 2 circuit might not work when flow-label is enabled. PR1421609
MVPN using PIM dense mode does not prune the OIF when PIM prune is received. PR1425876
The P1 configuration delete message is not sent on loading baseline configuration if there is a prior change in VPN configuration. PR1432434
The resumed multicast traffic for certain groups might be stopped in overlapping MVPN scenario. PR1441099
Memory leak might happen if PIM messages are received over an MDT (mt- interface) in Draft-Rosen MVPN scenario. PR1442054
The rpd process might crash due to memory leak in
MVPN RPF Src PEblock. PR1460625The l2circuit displays MM status, which may cause traffic loss. PR1462583
The Layer 2 circuit connections might become stuck in OL state after changing the Layer 2 circuit community and flapping the primary LSP path. PR1464194
The rpd might crash when the link-protection is added to or deleted from LSP for the MVPN ingress replication selective provider tunnel. PR1469028
Layer 2 circuit stuck in RD state at one end. PR1498040
Resolved Issues: 19.2R1
Application Layer Gateways (ALGs)
DNS requests with the EDNS option might be dropped by the DNS ALG. PR1379433
Authentication and Access Control
The dot1xd might crash when dot1xd receives incorrect reply length from the authd. PR1372421
Push-to-JIMS now supports push auth entry to all online jims servers. PR1407371
Class of Service (CoS)
Traffic drop occurs when deleting MPLS family or disabling the interface that has non-default EXP rewrite-rules. PR1408817
EVPN
The rpd process would crash if deactivating the Autonomous-System (AS) in an EVPN scenario. PR1381940
The RA packets might be sent out without using the configured virtual gateway address. PR1384574
[EVPN/VXLAN] VTEP tunnel does not get deleted when EVPN peer goes down. PR1390965
On EVPN setups, incorrect destination MAC addresses starting with 45 might show up when using the show arp hostname command. PR1392575
The rpd process might crash with EVPN type-3 route churn. PR1394803
The rpd process generates core files upon Routing Engine switchover with scaled EVPN configuration. PR1401669
The rpd crashes due to memory corruption in EVPN. PR1404351
EVPN database and bridge MAC-table are out of sync due to the interface's flap. PR1404857
EVPN routes might show Route Label: 0 in addition to the real label. PR1405695
The rpd might crash after NSR switchover in an EVPN scenario. PR1408749
Local L2ALD proxy MAC+IP advertisements accidentally delete MAC+IP EVPN database state from remotely learned type 2 routes. PR1415277
The rpd process crash on backup Routing Engine after enabling nonstop-routing with EVPN. PR1425687
The device might proxy the ARP probe packets in an EVPN environment. PR1427109
IP is missing in mac-ip-table of EVPN database but is present in the EVPN database when CE interface has two primary IP address. PR1428581
Extra incorrect MAC move might be seen when the host moves continuously between the different ESIs. PR1429821
Stale MAC addresses are present in the bridge MAC-table in a EVPN/MPLS scenario. PR1432702
Configuring ESI on a single-homed 25G port might not work. PR1438227
The RPD process might crash after you commit the changes. PR1439537
Flow-based and Packet-based Processing
Fragmentation and ALG support for Power Mode IPSec. PR1397742
Forwarding and Sampling
The LSI binding for the IPv6 neighbor is missing. PR1388454
Firewall flexible match syntax clarification. PR1389103
In Junos OS Release 13.3R9.13, the firewall filter action, "decapsulate gre", decapsulates gre, ip-over-ip, and ipv6-over-ip, but in 17.3R3.9, it only decapsulates gre. PR1398888
General Routing
In a BGP/MPLS scenario, if the next hop type of label route is indirect, disabling and enabling the family mpls of the next hop interface might cause the route to go into a dead state. PR1242589
Large-scale user’s log in and log out might cause mgd memory leak. PR1352504
Packet Forwarding Engine selector get stuck in rerouted state on unilist NH after primary aggregated Ethernet interface is link deactivated and activated. PR1354786
The voltage high alarm might not be cleared when the voltage level comes back to normal for a MIC on an MPC5E. PR1370337
The filter service might fail to get installed for the subscriber in a scaled BBE scenario. PR1374248
In a subscriber scenario, FPC errors might be seen. PR1380566
The routes learned over an interface will be marked as "dead" next hop after changing the prefix-length of IPv6 address on that interface. PR1380600
Traffic is silently discarded that is caused by FPC offline in a MC-LAG scenario. PR1381446
High cpu utilization for chassisd on bsys, approximately 20 percent at steady state. PR1383335
Disable reporting of correctable single-bit error on Hybrid Memory Cube (HMC) and prevent Major Alarm. PR1384435
Subscriber connection setup is 30 percent lower than expected. PR1384722
The rpd might crash when switchover is performed along with configuration changes being committed. PR1385005
Incorrect log message for chip errors (extra dash "-"). PR1385066
The MPC10E line card interface filter statistics are not showing the input packet count or rejects. The show pfe statistics traffic statement does not report for any normal discard. PR1383579
The rpd and KRT queue might get stuck in a VRF scenario. PR1386475
Behavior of the set interfaces ams0 service-options session-limit rate <integer value> has changed. PR1386956
Migrate from syslog API to errmsg API - VMhost messages on Junos OS. PR1387099
Some SFBs might go down when one of the PSMs in the chassis generates a bad output voltage which is out-of-range. PR1387737
IPsec IKE keys are not cleared when delete/clear notification is received. PR1388290
BBE SMGD core files are geneerated if MTU is changed while subscribers are logged in on the physical interface. PR1389611
The jnxFruState might show incorrect PIC state after replacing a MPC with another MPC having less PICs. PR1390016
Traffic destined to VRRP VIP gets dropped as filter is not updated to related logical interface. PR1390367
Delete chassis redundancy will not give commit warning. PR1390575
The BNG might not respond with PADO and create any Demux interface when PPPoE PADI packet is received. PR1390989
The Packet Forwarding Engine might not respond with ICMP time exceeded error when packet arrives from the subscriber. PR1391932
FPC might reboot on vMX in a subscriber scenario. PR1393660
Junos OS enhancement configuration statement to modify mcontrol watchdog timeout. PR1393716
The FPC cards might not come up while performing unified ISSU on MX10003. PR1393940
IDS aggregate configuration statement should not be considered for the installation of the IDS dynamic. filter PR1395316
L3 gateway did not update ARP entries if IP or MAC quickly move from one router to another router in EVPN-VXLAN environment. PR1395685
The MPC, and Forwarding Engine Board (AFEB or TFEB) with channelized OC MIC might crash with the generation of core files. PR1396538
Adding IRB to bridge-domain with PS interface causes kernel crash. PR1396772
Subscriber flapping might cause SMID resident memory leak. PR1396886
The routing protocol process (rpd) has facilities to attempt to trap certain classes of nonfatal bugs by continuing to run, but it generates a "soft" core file. PR1396935
Seeing VMHost RE 0 Secure BIOS Version Mismatch and VMHost RE 1 Secure Boot Disabled alarms. PR1397030
The service PIC might crash while changing CGNAT mode. PR1397294
The show system firmware command might provide unexpected output on some MX Series routers such as MX104. PR1398022
Wrong transmit clock quality is observed when router is in holdover. PR1398129
MPLSoUDP/MPLSoGRE tunnel might not come up on the interface route. PR1398362
JET/PRPD incompatibility for the rib_service.proto field RouteGateway.weight from Junos OS Release 18.4R1 to Release 18.4R2 onward. PR1400563
The mgd-api might crash due to a memory leak. PR1400597
Only one Packet Forwarding Engine could be disabled on FPC with multiple Packet Forwarding Engines in error/wedge condition. PR1400716
The show | compare command output on global group changes lose the diff context after a rollback or 'load update' is performed. PR1401505
The TCP connection between ppmd and ppman might be dropped due to a kernel issue. PR1401507
The FPC generates core files due to a corner case scenario (race condition between RPF, IP flow). PR1401808
Traffic loss is seen in IGMP subscribers after GRES. PR1402342
The MPC might crash due to the CPU hogging by dfw thread. PR1402345
DHCP subscriber cannot reconnect over dynamic VLAN demux interfaces due to RPF check failure. PR1402674
Observed rpd core files when few colored LSPs changed to uncolored LSPs. PR1403208
The sync_response received earlier for interface sensor subscribed in on-change mode. PR1403672
Continuous kernel crashes might be observed in the backup Routing Engine or VC-BM. PR1404038
With MS-MPC and MS-MIC service cards, Syslog messages for port block interim might show 0.0.0.0 for the private-IP and PBA release messages might show the NAT'd IP as the private IP. PR1404089
The FPC might crash in a CoS scenario. PR1404325
The repd continues to generate core files on VC-Bm when there are too many IPv6 addresses on one session. PR1404358
Incorrect output of the assigned prefixes to the subscriber in the output of the show interface < dynamic demux interface> command. PR1404369
On an MX10003 and an MX10008, its i2c bus might fail a read operation. PR1405787
MPC might generate core files after restarting the FPC that belongs to targeting aggregate Ethernet and host subscribers. PR1405876
NAT64 translation issues of ICMPv6 Packet Too Big message with MS-MPC/MS-PIC. PR1405882
The FPC crash might be observed in MS-MPC HA environment. PR1405917
Fabric performance drops on MPC7, MPC8, and MPC9E and SFB2 based MX2000 routers. PR1406030
A rpd crash is seen post configuration commit and bt has pointers on receiving SNMP packet. PR1406357
Traffic impact might be seen if auto-bandwidth is configured for RSVP LSPs. PR1406822
New CLI option to display DF and MLR in split format. PR1406884
MX10003 gives a cosmetic error message ALARMD_CONNECTION_FAILURE: after 60 attempts craftd connect returned error: Connection refused. PR1406952
Layer 2 VPN might flap repeatedly after the link up between PE and CE devices. PR1407345
The rpd might crash when a commit check is executed on LDP trace options filtering. PR1407367
NPC core file is generated after daemon restart in jnh_get_oif_nh ( ) routine. PR1407765
Ephemeral database might get stuck during commit. PR1407924
Traffic forwarding fails when crossing VCF members. PR1408058
openconfig-network-instance:network-instances support for IS-IS must be hidden unless supported. PR1408151
Group VPN (GVPN): ToS/DSCP byte is not copied into the outer IPSec header during IP header preservation. PR1408168
Alarm mismatch in total memory is detected after reboot vmhost both. PR1408480
The MPC line cards might crash when performing unified ISSU to Junos OS Release 19.1R1 or above. PR1408558
Python script might stop working due to Too many open files error. PR1408936
MX-service templates are not cleaned up. PR1409398
MX-MPC2-3D-EQ and MPC-3D-16XGE-SFPP will now show the Exhaust A temperature, rather than the Intake temperature. PR1409406
MIC-MACSEC-20GE supports Extended Packet Numbering (XPN) mode on 1-Gigabit or 10-Gigabit Ethernet interfaces PR1409457
Telemetry: interface-set meta-data needs to include the CoS TCP names in order to aid collector reconciliation with queue-stats data. PR1409625
The non-existent subscribers might appear at show system resource-monitor subscribers-limit chassis extensive output. PR1409767
FPC might crash during next hop change when using MPLS inline-jflow. PR1409807
MX80 drops DNS responses which contain an underscore. PR1410062
When using SFP+, the interface optic output might be non-zero even though the interface has been disabled. PR1410465
Traffic loss might be seen on MPC8E or MPC9E after request one of the SFB2s offline/online. PR1410813
Kernel replication failure might be seen if an IPv6 route next hop points to an ether-over-atm-llc ATM interface. PR1411376
Packet Forwarding Engine heap memory leak might happen during frequent flapping of PPPoE subscribers connected over aggregated Ethernet interface. PR1411389
Virtual Route Reflector might report DAEMON-3-JTASK_SCHED_SLIP_KEVENT error on some hypervisor or host machine because of NTP sync. Routing protocol might be impacted. PR1411679
If GRE over GRE tunnel is used for sending Routing Engine-originating traffic, the traffic cannot be encapsulated properly although the GRE over GRE tunnel works for transit traffic. PR1411874
The file copy command might not work if the routing-instance option is not specified. PR1412033
On MX10003 router, the rpd process crash with switchover-on-routing-crash does not trigger the Routing Engine switchover and the rpd process on the master Routing Engine goes into STOP state. PR1412322
Junos OS PCC might reject PCUpdate/PCCreate message if there is metric type other than type 2. PR1412659
PPPoE subscribers might not be able to login after unified ISSU. PR1413004
The rpd memory leak might be seen due to a wrong processing of a transient event. PR1413224
During unified ISSU from Junos OS Release 16.1R4-S11.1 to Junos OS Release 18.2R2-S1.2, CoS GENCFG write failures are observed. PR1413297
The support of inet6 filter attribute for ATM interface is broken in the Junos OS Release 17.2R1 and onwards PR1413663
DHCP subscribers over HAG might cause core file generation. PR1413862
The services load balance might not be effective for AMS if the hash-key under the forwarding-options hierarchy is configured. PR1414109
FPC crash might be observed if it reaches the heap utilization limit. PR1414145
Firewall filters are not getting programmed into Packet Forwarding Engine. PR1414706
The user might not enter the configure mode due to mgd is in lockf status. PR1415042
PMTU issue IPv4/IPv6 MX does not respond when MTU exceeded for clients terminated on tunnel type interfaces. PR1415130
Port speed change and scaled aggregate Ethernet configuration can lead to MQSS errors and subsequent card crash. PR1415183
PCE-initiated LSPs get deleted from the PCC if the PCEP session goes down and gets re-established within the configured delegation-cleanup-timeout period. PR1415224
The bbe-smgd process might have memory leak while running the show system subscriber-management route route-type <> routing-instance <> command. PR1415922
jdhcpd core file is observed after deletion of the active lease-query configurations. PR1415990
BMP type 1 message with extra 24 bytes at end of the message. PR1416301
After a GRES on a MX104 some tunnels will fail to pass traffic after a re-key. PR1417170
The ECMP fast reroute protection feature might not work on MX5, MX10, MX40, MX80, and MX104 routers. PR1417186
An IPv4 packet with a zero checksum might not be translated to IPv6 packet properly under NAT64 scenario. PR1417215
With NETCONF the xmlns attribute is displayed twice when the RPC get-arp-table-information is sent to the router. PR1417269
Some subscribers might be offline when doing GRES or daemon restart. PR1417574
Observed zero tunnel statistics on the soft-gre tunnel. PR1417666
The BGP session might flap after Routing Engine switchover. PR1417966
CGNAT with MS-MPC card does not account for AP-P out of port errors or generate a syslog message when this condition is met. PR1418128
There is no SNMP trap message generated for jnxHardDiskMissing/jnxHardDiskFailed on MX10003 routers. PR1418461
Clear PRBS statistics is ineffective on latest build. PR1418495
lsp-cleanup-timer is not being honored when lsp-cleanup-timer is configured to be greater than 2147483647. PR1418937
PPPoE compliance issue with RFC2516, the MX allows PPPoE session-id 65535. PR1418960
A PPP session under negotiation might be terminated if another PPPoE client bearing the same session ID. PR1419500
CPU usage on Service PIC might spike while forming an IPSec tunnel under DEP/NAT-T scenario. PR1419541
A new tunnel could not be established after changing the NAT mapping IP address until the IPEC SA Clear command is run. PR1419542
rtsock_peer_unconsumed_obj_free_int: unable to remove node from list logged extensively. PR1419647
A bbe-mibd memory leak is causing daemon crash when having live subscribers and SNMP OIDs query. PR1419756
In the scenario where the MX Series router and the peer device both try to bring an IPsec tunnel up, so both sides are acting as an initiator, if the peer side does not answer the MX ISAKMP requests the MX can bring the peer initiated tunnel down. PR1420293
On MX Series routers, the PTP phase is aligned but TE/cTE not good. PR1420809
The FPC CPU might be hogged if channelized interfaces are configured. PR1420983
Failed to reload keyadmin database for
/var/etc/keyadmin.conf. PR1421539bbemg_smgd_lock_cli_instance_db should not log as error messages. PR1421589
MX-VC: VCP port reports MTU value 9152 in the ICMP MTU exceeded message while the VCP port MTU is set to 9148. PR1421629
RPM syslogs are not getting generated after deactivating the aggregate Ethernet interface. PR1421934
Remote gateway address change is not effective on MX150 router when its an initiator. PR1421977
The CoS IEEE-802.1 classifier might not get applied when it is configured with service activation on underlying interface. PR1422542
On the MX204 router, the number of PICs per FPC is incorrectly used as 8, that causes MAC allocation failure on the physical interfaces. PR1422679
Added support for SFP-T with QSA adapter in MX10003. PR1422808
Incorrect PIC mode on MX10003 MX1RU when pic mode is changed to default mode. PR1423215
While commiting huge configuration customer is seeing the error: mustd trace init failed error. PR1423229
MX10003: enhanced-hash-key symmetric is not effective and not shown on FPC. PR1423288
Traffic is dropped after FPC reboot with aggregated Ethernet member links deactivated by the remote device. PR1423707
The MPC10 line card crash is seen on Ktree alloc ( jnh_dfw_instance_add (filter_index=< optimized out>)) at
../../../../../src/pfe/common/applications/dfw/dfw_iff.c:1030 with inline + scale prefix filter. PR1423709On MX204 optics, "SFP-1GE-FE-E-T" I2C read errors are seen when an SFP-T is inserted into a disabled state port. PR1423858
The bbe-smgd process might crash after executing the show system subscriber-management route prefix <> command. PR1424054
MX10000 port configured for 1-Gigabit flaps after a Routing Engine switchover. PR1424120
The interface configured with 1-Gigabit speed on JNP10K-LC2101 cannot come up. PR1424125
mgd-api core file is seen while running the gNMI set operation. PR1424128
Continuous MAC change might cause CPU hogs and FPC reboot. PR1424653
[vMX]Continous disk error logs on vCP Console (Requesting switchover due to disk failure on ada1). PR1424771
The jdhcpd might consume 100 percent CPU and then crash if dhcp-security is configured. PR1425206
The rpd might crash continuously when MD5 authentication on any protocols is used along with master password. PR1425231
Soft-gre tunnel route is lost after reboot or GRES or upgrade in WAG scenario. PR1425237
Log messages are seen continuously on MX204 router fru_is_present: out of range slot 0 for. PR1425411
All interfaces creation fails after NSSU. PR1425716
Sometimes, the interface is down after rebooting. PR1426349
Traffic loss might be seen when multiple IPsec tunnels are established with the remote peer. PR1426975
Traffic is not flowing through MACsec interfaces when configured with an unknown cipher algorithm and change back. PR1427294
Execution of the clear-session re-cli command should not be allowed from Standby DUT. PR1428353
The subscriber IP route might get suck in bbe-smgd if the subscriber IP address is the same with local IP address. PR1428428
Incorrect normalization on routing instance where an interface includes a vlan-id-range. PR1428623
PTSP subscriber is stuck in configured state. Auto-clear-timer does not work as well. PR1428688
Incorrect IGMP statistics for dynamic PPP interfaces are observed. PR1428822
L2TP subscriber and MPLS Pseudowire Subscriber volume accounting statistics value remains unchanged post unified ISSU. PR1429692
The rpsd daemon is not getting killed on when unconfigured simulatenous to toggling rpd 'force-64-bit', rpsd core file is seen 10 minutes later. PR1429770
Cmerror Op set log message is missing for bringup jspec command-based error simulation in EVO. PR1430300
Configuration is prevented from being applied on MX Series routers in subscriber scenario. PR1430360
Destination unreachable counter is counting up without receiving traffic. PR1431384
The bbe-smgd process might crash if PPPoE subscribers are trying to log in when commit is in progress. PR1431459
MX10003 - PEM not present alarm is raised when minimum required PEM exist in the system. PR1431926
Error message for show system resource-monitor and show system resource-cleanup is error: command is not valid on the qfx5220-32cd. PR1435136
A unified ISSU fails from Junos OS Release 19.1R1 legacy Junos OS release images. PR1438144
Infrastructure
SNMP OID IFOutDiscards is not updated when drops increase. PR1411303
Increase in Junos image size for Junos OS Release 19.1R1. PR1423139
Interfaces and Chassis
LFM sessions might flap during unified ISSU. PR1377761
Changing the value of mac-table-size to default might lead all FPC to reboot. PR1386768
The dcd memory leak might be seen when committing configuration change on static route tag. PR1391323
The dcd crash might be seen after deleting the sub interface from VPLS routing-instance and mesh-group. PR1395620
NPC crashes at
rt_nh_install (rnh=0x618123d8, rnh_src=0x0, rt=< optimized out>, p_rtt=0x74f886c0) at ../../../../src/pfe/common/pfe-arch/trinity/applications/route/rt_nh.c:631. PR1396540Static demux0 logical interfaces do not come up after a configuration change if the underlying interface is et. PR1401026
Certain otn-options cause interface flapping during commit. PR1402122
Missing mandatory ICCP configuration statement redundancy-group-id-list produces misleading error message. PR1402606
The subscriber might not be able to access the device due to the conflicted assigned address. PR1405055
On MX Series routers, the EX-SFP-1FE-LX SFP transceiver does not initialize with MIC-3D-20GE-SFP-E(EH). PR1405271
The cfmd might fail to start after it is restarted. PR1406165
The aaa-options configuration statement for PPPoE subscribers does not work on the MX80 and MX104 routers. PR1410079
OAM CFM MEP flaps might occur when hardware-assisted keep alives are enabled. PR1417707
Monitor Ethernet loss-measurement command returns Invalid ETH-LM request for unsupported outgoing logical interface. PR1420514
Incorrect value on speed will cause traffic destined to the IRB's VIP to be dropped. PR1421857
The syslog message /kernel: %KERN-3: pointchange for flag 04000000 not supported on IFD aex is seen on executing LFM related configuration commit on the aggregated Ethernet interfaces. PR1423586
[EVPN] Aggregate Ethernet interface flaps followed by commit. PR1425339
flexible-queuing-mode is not working on MPC5E of Virtual Chassis member1. PR1425414
PEMs lose DC output power load sharing after PEM switch off and on operation on MX routers. PR1426350
CFM message flooding. PR1427868
Vrrpd crashes during group mastership change if preemption is configured and logical interface was enabled/activated some time after disabling/deactivation. PR1429906
Layer 2 Features
The unicast traffic from IRB interface towards LSI might be dropped due to Packet Forwarding Engine mismatch at egress processing. PR1381580
Traffic loss might be seen over LDP-VPLS scenario. PR1415522
The rpd crashes after iw0 interface is configured under a VPLS instance. PR1406472
In a Layer 2 domain, there might be unexpected flooding of unicast traffic at every 32-40 seconds interval towards all local CE-facing interface. PR1406807
Broadcast traffics might be discarded in a VPLS local-switching scenario. PR1416228
Commit error will be seen but the commit is processed if adding more than one site under protocols vpls in the VPLS routing-instances. PR1420082
Layer 2 Ethernet Services
The SNMP query on LACP interface might lead to lacpd crash. PR1391545
Log messages dot1xd[]: task_connect: task ESP CLIENT:...: Connection refused might be reported in Junos OS Release 17.4 or later. PR1407775
DMAC problem of IRB interface for traffic over the Layer 2 cuircuit. PR1410970
The IRB interface might flap after committing configuration change on any interface. PR1415284
The IPv6 neighbor might become unreachable after the primary link goes down in a VPLS scenario. PR1417209
The jdhcpd becomes aware about some of the existing configuration only after 'commit full' or jdhcpd restart. PR1419437
Change the nd6 next hops to reject NH once Layer 2 interfaces gets disassociated with IPv6 entries. PR1419809
The jdhcpd process might consistently run at 100 percent CPU and not provide service if delay-offer is configured for the DHCP local server. PR1419816
JDI-RCT:BBE:DHCP subscribers on non-default routing instance went down after unified ISSU. PR1420982
The jdhcpd daemon might crash during continuous stress test. PR1421569
MPLS
Not found number of ingress, transit, and egress LSP's as expected. PR1242558
Collecting LDP statistics do not work correctly and kernel memory leak is observed after configuring ldp traffic-statistics. PR1258308
With an SR-TE path with "0" explicit NULL as the innermost label, SR-TE path does not get installed with label "0". PR1287354
A RSVP-signaled LSP might stay in down state after a link in the path flaps. PR1384929
The rpd process might crash when executing traceroute mpls bgp. PR1399484
MPLS LSP traffic loss might be seen under rare conditions if CSPF is enabled. PR1402382
Scaled MPLS labels might cause slow labels allocation and high CPU utilization. PR1405033
The Layer 2 circuit information is not advertised over the LDP session if ldp dual-transport inet-lsr-id is different from the router-id. PR1405359
Resources might be reserved for stale RSVP LSP when RSVP is disabled on the interface. PR1410972
The rpd might crash in BGP-LU with egress-protection while committing configuration changes. PR1412829
The rpd might crash if longest-match is configured for LDP. PR1413231
LDP route is not present in inet6.3 if IPv6 interface address is not configured. PR1414965
Rpd memory might leak when RSVP LSP is cleared/re-signaled. PR1415774
RSVP signalled LSP takes 3 - 4 minutes before LSP switchover begins, causing long traffic to be silently discarded. PR1416487
LDP route might be missing in inet.3 when enabling sr-mapping-client on LDP-SR stitching node. PR1416516
Traffic might be dropped because of the LDP label corruption after Routing Engine switchover. PR1420103
Bad length for Sub-TLV 34 (RFC 8287) in MPLS echo request. PR1422093
LDP route metric might not match IGP route metric even with ldp track-igp-metric configured. PR1422645
Bypass dynamic RSVP LSP tears down too soon when being used for protecting LDP LSP with dynamic-rsvp-lsp statement. PR1425824
MPLS ping sweep stops working and gets CLI irresponsive. PR1426016
When MBB for P2MP LSP fails, it is stuck in the old path. PR1429114
Network Management and Monitoring
The chassisd might crash and restart after the AGENTX session timeout between master(snmpd) and sub-agent. PR1396967
The snmp query might not get data in scaled L2 circuit environment. PR1413352
Syslog filtering(match "regular-expression" statement) does not work if each line of
/etc/syslog.confis over 2048 bytes. PR1418705
Platform and Infrastructure
The kernel and ksyncd core after dual cb flap at rt_nhfind_params: rt_nhfind() found an nh different from that onmaster 30326. PR1372875
Traffic is being dropped when passing through MS-DPC to MPC. PR1390541
All FPCs might restart after the Layer 3 VPN routes churn multiple times. PR1398502
MAP-E some ICMP types cannot be encapsulated or decapsulated on the SI interface. PR1404239
Abnormal queue-depth counters are seen in the show interface queue command output on interfaces that are associated to XM2 and 3. PR1406848
IPv6 traffic might be dropped between VXLAN bridge-domain and IP/MPLS network. PR1407200
CoS configuration changes might lead to traffic drop on cascade port in a Junos fusion setup. PR1408159
Traffic is getting dropped when there is a combination of DPC/FPC card and MPC card on egress PE router in Layer 3 VPN. PR1409523
The VLAN tag is wrongly inserted on the access interface if the packet is sent from an IRB interface. PR1411456
The MPC might crash when one MIC is pulled out while the MIC is booting up. PR1414816
Distributed multicast forwarding to the subscriber interface might not work. PR1416415
The op url command cannot run a script with libs from
/config/scripts. PR1420976arp request is not replied although proxy-arp is configured. PR1422148
show jnh trap-info with incorrect LU instance crashes and generates a core file on FPC. PR1423508
The native VLAN ID of packets might fail to be removed when leaving out. PR1424174
The policer bandwidth might be incorrect for the aggregated Ethernet interface after activating the shared-bandwidth-policer statement. PR1427936
Pre-fragmented ICMP IPv4 packets might fail to arrive at the destination. PR1432506
Enable sensor
/junos/system/linecard/qmon/causing continuous ppe_error_interrupt errors. PR1434198
Routing Policy and Firewall Filters
The rpd process might crash when the policy configuration is being changed. PR1357802
MX-Series: The CLI statement as-path-expand last-as causes commit failures. PR1388159
The rpd process might crash when routing-options flow configuration is removed. PR1409672
Routing Protocols
Dynamic NextHop template cache does not shrink when application frees the NextHop template. PR1346984
Qualified next hop of static route might not be withdrawn when BFD is down. PR1367424
The static route might persist even after its BFD session goes down. PR1385380
BGP sessions might keep flapping on backup RE if proxy-macip-advertisement is configured on IRB interface for EVPN-VXLAN. PR1387720
In rare cases, rpd process might crash after Routing Engine switchover when BGP multipath and L3VPN vrf-table-label are configured PR1389337
BGP IPv6 routes with IPv4 next hop causes a rpd crash. PR1389557
Multicast traffic might be interrupted in some H-VPLS scenario. PR1394213
BGP DMZ LINK BANDWIDTH - not able to aggregate bandwidth, when applying the policy. PR1398000
The process rpd might crash in a BGP setup with NSR enabled. PR1398700
Unexpectedly high packet loss might be observed after an uplink failure when the MoFRR feature is used in a scaled environment. PR1399457
There might be unexpected packets drop in MoFRR scenario if active RPF path is disabled. PR1401802
The rpd might be stuck at 100 percent when auto-export and BGP add-path are configured. PR1402140
BGP router on the same broadcast subnet with its neighbors might cause IPv6 routing issue on the neighbor from other vendors. PR1402255
Some times when a new logical router is configured, the logical router core might be seen on the system. PR1403087
Memory leaks when labeled-isis transit routes is created as a chain composite next hop. PR1404134
Extended traffic loss might be seen after link recovery when source-packet-routing is used on OSPF P2P links. PR1406440
SBFD failure is seen with a special IP address like 127.0.0.1 under interface lo0. PR1406631
IGMP join through PPPOE sub is not propagated to upstream PIM. PR1407202
The rpd crashes on static route configuration for multicast source. PR1408443
On MX Series routers, mcsnoopd core file is generated immediately after the commit change related to EVPN-VXLAN configuration. PR1408812
SID label operation might be performed incorrectly in an OSPF SPRING environment. PR1413292
An unexpected AS prepending action for AS path might be seen after the no-attrset statement is configured or deleted with vrf-import/vrf-export configuration. PR1413686
The CPU utilization of the rpd process is stuck at 100 percent if BGP multipath is configured. PR1414021
Dynamic routing protocol flaps with vmhost Routing Engine switchover on Next Generation-Routing Engine. PR1415077
The IS-IS SR route sent by the mapping server might be broken for ECMP. PR1415599
Route info might be inconsistent between RIB and OSPF database when using the OSPF LFA feature. PR1416720
A memory leak in rpd might be seen if source packet routing is enabled for the IS-IS protocol. PR1419800
IPv6 IS-IS routes might be deleted and not be reinstalled when MTU is changed under the logical interface level for family inet6. PR1420776
A timing issue is seen while closing a PIM task and an auto-RP at the same time that might sometimes result in an rpd core file generation. PR1426711
The rpd might crash while handling the withdrawal of an imported VRF route. PR1427147
The rpd process might crash with OSPF overload as external configuration. PR1429765
The request system core-dump routing CLI is not supported in cRPD. PR1433349
Services Applications
Hide HA information when the service set does not have HA configured. PR1383898
The following log message is seen: SPD_CONN_OPEN_FAILURE: spd_svc_set_summary_query: unable to open connection to si-0/0/0 (No route to host). PR1397259
Inconsistent content might be observed to the access line information between ICRQ and PPPoE. message PR1404259
The stale si- logical interface might be seen when L2TP subscribers with duplicated prefixes or framed-route log in. PR1406179
The kmd process might crash on MX/ACX platforms when IKEv2 is used. PR1408974
The ERA value does not match with configured values while verifying if the new ERA settings are reflected in messages log. PR1410783
The jpppd generates core files on LNS. PR1414092
L2TP LAC might fail to tunnel static pp0 subscriber to the desired LNS. PR1416016
IPsec SA might not come up when the local gateway address is a VIP for a VRRP configured. interface. PR1422171
In subscriber with L2TP scenario, subscribers are stuck in INIT state forever. PR1425919
Some problems might be seen if client negotiates LCP with no ppp-options to LAC. PR1426164
Software Installation and Upgrade
The configuration loss and traffic loss might be seen if the backup Routing Engine is zeroized and is then switched over to master within short time. PR1389268
JSU might be deactivated from FPC in case of power cycle. PR1429392
Subscriber Access Management
The DHCPv6-PD client connection might be terminated after commit when the RADIUS assigned address is not defined within the range of a local pool. PR1401839
The authd crash might be seen due to a memory corruption issue.PR1402012
Adding a firewall filter service through the test aaa command causes a crash in dfwd. PR1402051
The authd re-uses address too quickly before jdhcpd completely cleans up the old subscriber that is causing the flooding error log DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add x.x.x.x as it is already used by xxx. PR1402653
Continuous log message authd[18454]: %DAEMON-3-LI: liPollTimerExpired returned 0. PR1407923
Authd telemetry: Linked pool head attribute is incorrect for single pools. PR1413293
CoA-NACK is not sent when performing negative COA request tests by sending incorrect session-id. PR1418144
Subscribers might not be able to re-login in Gx-plus provisioning scenario. PR1418579
PPPoE session might be disconnected when LI attributes are received in access-accept with invalid data. PR1418601
Address allocation issue with linked pools when using linked-pool-aggregation. PR1426244
RADIUS authentication server might always be marked as DEAD. PR1429528
User Interface and Configuration
The show configuration and rollback compare commands are causing high CPU usage. PR1407848
Commit reject occurs for ae0.0 vlan-id-list and routing-instance vlan-id (but does not reject for vlan-range). PR1427278
VPNs
The receivers belonging to a routing instance might not receive multicast traffic in an Extranet next-generation MVPN scenario. PR1372613
Downstream interface is not removed from multicast route after getting PIM prune. PR1398458
Routes with multiple communities are being rejected in an inter-AS next-generation MVPN scenario. PR1405182
For rosen MVPN configuration with data-mdt, the show pim mdt data-mdt-limit instance < instance name> CLI command with family option causes high CPU usage of the rpd. PR1405887
The rpd might crash in rosen MVPN scenario when the same provider tunnel source address is being used for both IPv4 and IPv6. PR1416243
The deletion of (S,G) entry might be skipped after the PIM join timeout. PR1417344
The rpd process might crash in rare conditions when Extranet next-generation MVPN is configured. PR1419891
A permanent traffic loss is seen on next-generation MVPN selective tunnels after Routing Engine switchover (one-time). PR1420006
The rpd process might crash and core file is generated during mpls ping command on L2 circuit. PR1425828
Documentation Updates
This section lists the errata and changes in Junos OS Release 19.2R3 documentation for the MX Series.
Installation and Upgrade Guide
Veriexec explained (MX Series)—Verified Exec (also known as veriexec) is a file-signing and verification scheme that protects the Junos operating system (OS) against unauthorized software and activity that might compromise the integrity of your device. Originally developed for the NetBSD OS, veriexec was adapted for Junos OS and enabled by default from Junos OS Release 7.5 onward.
[See Veriexec Overview.]
Subscriber Management Provisioning Guide
The Broadband Subscriber Sessions User Guide published for Junos OS Release 19.2R1 erroneously reported support for a feature to manage certain PCRF server errors. Support for an extended session ID was also incorrectly reported. The incorrect information has been removed from the affected topics.
The Broadband Subscriber Sessions User Guide published for Junos OS Release 19.2R1 reported that the juniper-access-line-attributes option is backward compatible. This option is not backward compatible with Junos OS Release 19.1 or earlier releases. This means that if you have configured juniper-access-line-attributes option in Junos OS Release 19.2 or higher releases, you must perform the following steps to downgrade to Junos OS Release 19.1 or earlier releases:
Delete the juniper-access-line-attributes option from all access profiles that include it.
Perform the software downgrade.
Add the juniper-dsl-attributes option to the affected access profiles.
Migration, Upgrade, and Downgrade Instructions
This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.
Starting in Junos OS 18.3R1 release, FreeBSD 11.x is the underlying OS for all Junos OS platforms which were previously running on FreeBSD 10.x based Junos OS. FreeBSD 11.x does not introduce any new Junos OS related modifications or features but is the latest version of FreeBSD.
The following table shows detailed information about which Junos OS can be used on which products:
Platform | FreeBSD 6.x-based Junos OS | FreeBSD 11.x-based Junos OS |
MX5,MX10, MX40,MX80, MX104 | YES | NO |
MX240, MX480, MX960, MX2010, MX2020 | NO | YES |
Basic Procedure for Upgrading to Release 19.2
Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:
The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files) might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Installation and Upgrade Guide.
For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.
Procedure to Upgrade to FreeBSD 11.x based Junos OS
Products impacted: MX240, MX480, MX960, MX2010, and MX2020.
To download and install FreeBSD 11.x based Junos OS:
- Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:
- Select the name of the Junos OS platform for the software that you want to download.
- Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
- Select the Software tab.
- In the Install Package section of the Software tab, select the software package for the release.
- Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
- Review and accept the End User License Agreement.
- Download the software to a local host.
- Copy the software to the routing platform or to your internal software distribution site.
- Install the new jinstall package on the routing
platform.
Note We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.
All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:
For 32-bit Routing Engine version:
user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-19.2R3.9-signed.tgz
For 64-bit Routing Engine version:
user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-19.2R3.9-signed.tgz
Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos package):
For 32-bit Routing Engine version:
user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-19.2R3.x-limited.tgz
For 64-bit Routing Engine version:
user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-19.2R3.9-limited.tgz
Replace source with one of the following values:
/pathname—For a software package that is installed from a local directory on the router.For software packages that are downloaded and installed from a remote location:
ftp://hostname/pathnamehttp://hostname/pathnamescp://hostname/pathname
Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 11.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 11.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.
Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.
After you install a Junos OS Release 19.2 jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.x) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.
Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.
Procedure to Upgrade to FreeBSD 6.x based Junos OS
Products impacted: MX5, MX10, MX40, MX80, MX104.
To download and install FreeBSD 6.x based Junos OS:
- Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:
- Select the name of the Junos OS platform for the software that you want to download.
- Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
- Select the Software tab.
- In the Install Package section of the Software tab, select the software package for the release.
- Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
- Review and accept the End User License Agreement.
- Download the software to a local host.
- Copy the software to the routing platform or to your internal software distribution site.
- Install the new jinstall package on the routing
platform.
Note We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.
All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:
user@host> request system software add validate reboot source/jinstall-ppc-19.2R3.9-signed.tgz
Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos OS package):
user@host> request system software add validate reboot source/jinstall-ppc-19.2R3.9-limited-signed.tgz
Replace source with one of the following values:
/pathname—For a software package that is installed from a local directory on the router.For software packages that are downloaded and installed from a remote location:
ftp://hostname/pathnamehttp://hostname/pathnamescp://hostname/pathname
The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.
Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.
Rebooting occurs only if the upgrade is successful.
After you install a Junos OS Release 19.2 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.
Upgrade and Downgrade Support Policy for Junos OS Releases
Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.
You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.
You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.
For more information about EEOL releases and to review a list of EEOL releases, see https://www.juniper.net/support/eol/junos.html.
Upgrading a Router with Redundant Routing Engines
If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:
Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.
Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.
After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.
Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.
For the detailed procedure, see the Installation and Upgrade Guide.
Downgrading from Release 19.2
To downgrade from Release 19.2 to another supported release, follow the procedure for upgrading, but replace the 19.2 jinstall package with one that corresponds to the appropriate release.
You cannot downgrade more than three releases.
For more information, see the Installation and Upgrade Guide.