Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos OS Release Notes for MX Series 5G Universal Routing Platform


These release notes accompany Junos OS Release 19.4R1 for the MX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at

What's New

Learn about new features introduced in Junos OS Release 19.4R1 for MX Series routers.

Class of Service

  • update-threshold statement modified to generate IGP update for lower bandwidth reservation (MX Series)—Starting in Junos OS Release 19.4R1, you can configure the threshold value of the update-threshold statement to accept:

    • an integer or floating point values up to 3 significant digits after decimal point using the threshold-percent option

    • an absolute value of bandwidth threshold which generates an IGP update using the threshold-value option

    These options are mutually exclusive and can be used for generating an IGP update for lower bandwidth reservations.

    [See update-threshold.]

  • Support for seamless MPLS Layer 3 features (MX Series with MPC10E line cards)—Starting in Junos OS Release 19.4R1, the following MPLS Layer 3 features are supported on MX Series routers with MPC10E line cards:

    • Redundant logical tunnel interfaces.

    • Pseudowire subscriber interfaces using logical tunnel or redundant logical tunnel interfaces as anchor point.

    [See Redundant Logical Tunnels Overview, and MPLS Pseudowire Subscriber Logical Interfaces.]

  • Support for 802.1p rewrite of host outbound traffic (EX4300-MP)—Starting in Junos OS Release 19.4R1, support is provided for 802.1p rewrite of host outbound traffic on EX4300-MP devices.

    [See Applying Egress Interface Rewrite Rules to the IEEE 802.1p Field for All Host Outbound Traffic on the Interface.]


  • Support for EVPN routing policies (ACX5448, EX4600, EX4650, and EX9200, MX Series, QFX Series, and vMX)—Starting in Junos OS Release 19.4R1, Junos has expanded routing policy support to include the creation and application of policy filters specific to EVPN routes. You can create policies and apply policy filters to import and export EVPN routes at the routing-instance level or at the BGP level. Junos OS supports the following matching criteria for EVPN routes:

    • Route distinguisher ID

    • NLRI route type

    • EVPN Ethernet tag

    • BGP path attributes

    • Ethernet segment identifier

    • MAC address on EVPN Type 2 routes

    • IP address on EVPN Type 2 and EVPN Type 5 routes

    • Extended community

    [See Routing policies for EVPN.]

  • Exclusion list with MAC pinning in an EVPN network (EX9200 and MX Series)—When you enable mac-pinning on an interface, all MAC addresses that are learned on that interface will be pinned and cannot be relearned on the other interfaces in the EVPN network. Starting in Junos OS Release 19.4R1, you can create a list of MAC addresses that would be excluded from being pinned and the MAC address can be moved and relearned on another interface within the EVPN network. While MAC pinning is configured on the interface, the exclusion list is configured for the device. To create an exclusion list, include a list of MAC addresses with the exclusive-mac parameter at the [edit protocols l2-learning global-mac-move] hierarchy level.

    [See Creating exclusion list for MAC Pinning.]

  • Support for EVPN functionality (MX Series with MPC10 line card)—Starting in Junos OS 19.4R1, you can configure MPC10 line cards on a MX Series router to support single-homed devices on an EVPN-MPLS network.

    [See EVPN Multihoming Overview.]

Forwarding and Sampling

  • Inline monitoring services (MX Series with MPCs excluding MPC10E and MPC11E linecards)—Starting in Junos OS Release 19.4R1, you can configure a new monitoring technology that provides the flexibility to monitor different streams of traffic at different sampling rates on the same interface. You can also export the packet up to the configured clip length to a collector in an IP Flow Information Export (IPFIX) format. The IPFIX format includes important metadata information about the monitored packets for further processing at the collector.

    The inline monitoring services overcome the limitations of traditional sampling technologies, such as JFlow, sFlow, and port mirroring, thereby providing you the benefit of effective sampling and troubleshooting processes.

    [See Inline Monitoring Services Configuration.]

  • Improved failover in conjunction with consistent load balancing for ECMP groups (MX Series routers with MPCs)—Starting in Junos OS Release 19.4R1, we’ve added new functionality to prevent the reordering of flows to already active paths in an equal-cost multipath routing (ECMP) group if one or more path next-hops go down. Before this feature, when a server in the ECMP path failed, the flows directed to that server were redistributed to other, active links. If a second server in the ECMP path also went down, the newly redistributed traffic would be redistributed again, even though the ECMP path is active. The improved failover and traffic rebalancing introduced in this release minimize the traffic redistribution when multiple servers in the ECMP path fail.

    [See Configuring Consistent Load Balancing for ECMP Groups and Load Balance Traffic on MX Series Routers.]

General Routing

  • Optimized BGP peer reestablishment (MX Series, PTX Series, and QFX Series)—Starting with Junos OS Release 19.4R1, BGP peers in different groups can close in parallel. The connect/retry algorithm makes 16 attempts instead of 5 to reestablish BGP peers in the first 256 seconds after they go down. Peers can reestablish while cleanup of the Adj-RIB-In routes is in progress. If a peer comes back up before its route has been deleted from the routing table, that route is not deleted. The DeletePending flag in the show route detail and show route extensive command output indicates that a BGP route needs to be processed. PurgePending, PurgeInProgress, and PurgeImpatient flags in the show bgp neighbor command output show the status of the purge of routing table entries.

    [See Understanding External BGP Peering Sessions, show bgp neighbor, show route detail, and show route extensive.]


  • JRR200 Route Reflector—Starting with Junos OS Release 19.4R1, JRR200 Route Reflector a 1U form factor appliance with a multicore x86 CPU and preinstalled vRR software that can host one route reflector instance is available. JRR200 is suitable for large enterprises, data centers and service providers for hosting vRR software to scale up to 30 million routing information base (RIB) entries.

    The JRR200 route reflector comes with eight 1/10 Gigabit Ethernet SFP+ ports, 64 GB of DDR4 memory, and two 240-GB solid-state drives (SSDs) in a RAID1 configuration. It is available in both AC and DC models which support Zero Touch Provisioning mode (ZTP) to ensure seamless insertion into the network and provide operational simplicity.

    [See JRR200 Route Reflector Hardware Guide and JRR200 Route Reflector Quick Start  ]

  • ZTP Support for JRR200 Route Reflector—Starting in Junos OS Release 19.4R1, ZTP can automate the provisioning of the device configuration and software image on JRR200 Route Reflector. ZTP supports self image upgrades and automatic configuration updates using ZTP DHCP options. In this release, ZTP supports revenue ports em2 thru em9, in addition to management port em0 which is supported in Junos OS Releases before 19.4R1.

    [See Zero Touch Provisioning.]

High Availability (HA) and Resiliency

  • View ISSU status during an upgrade (MX240, MX480, MX960, MX2010, MX2020, PTX3000, and PTX5000)—Starting in Junos OS Release 19.4R1, you can use the request system software in-service-upgrade status command to display the status of a unified ISSU. You will need to run this command on the Routing Engine where the unified ISSU was triggered to display the correct unified ISSU log file.

    [See request system software in-service-upgrade.]

Interfaces and Chassis

  • Smart SFP transceivers for transporting PDH traffic (MX Series routers)—Starting in Junos OS Release 19.4R1, we support the following smart SFP transceivers on MX Series routers with MPCs (MPC1, MPC2, and MPC3) and MICs:

    • DS3 smart SFP (SFP-GE-TDM-DS3)

    • E1 smart SFP (SFP-GE-TDM-E1)

    • T1 smart SFP (SFP-GE-TDM-T1)

    You can use these transceivers to encapsulate PDH (E1 or T1 or DS3) packets as Ethernet frames while transporting legacy time division multiplexing (TDM) traffic over packet switched networks (PSNs). At the receiver end of the emulated circuit, another smart transceiver, paired with the first one and preconfigured to carry packets that are in the same multicast MAC address group, de-encapsulates the Ethernet frames, rebuilds the TDM data stream, and forwards it onto the local TDM interface.

  • Smart SFP transceivers for transporting SDH traffic (MX Series routers)—Starting in Junos OS Release 19.4R1, we support the following smart SFP transceivers on MX Series routers with MPCs (MPC1, MPC2, and MPC3) and MICs:

    • STM1 Smart SFP (SFP-GE-TDM-STM1)

    • STM4 Smart SFP (SFP-GE-TDM-STM4)

    • STM16 Smart SFP (SFP-GE-TDM-STM16) - Also supported on MPC4E

    You can use these transceivers to encapsulate SDH (STM1, or STM4, or STM16) packets as Ethernet frames while transporting legacy time division multiplexing (TDM) traffic over packet switched networks (PSNs). At the receiver end of the emulated circuit, another smart transceiver, paired with the first one and preconfigured to carry packets that are in the same multicast MAC address group, de-encapsulates the Ethernet frames, rebuilds the TDM data stream, and forwards it onto the local TDM interface.

  • Support for 1-Gbps speed on 10-Gbps port (JNP10K-LC2101 line card on MX10008 and MX10016)—Starting in Junos OS Release 19.4R1, you can configure the 10-Gigabit Ethernet port on the JNP10K-LC2101 line card to operate at 1-Gbps speed by using the speed statement at the [edit interfaces interfacename gigether-options] hierarchy level. After you commit the configuration, the operating speed of the 10-Gbps port changes to 1-Gbps speed.

    To view the speed configured for the interface, use the show interfaces extensive command. The SpeedConfiguration field in the command output indicates the current operational speed of the interface. If the interface is configured with 1-Gbps speed, then the value of the SpeedConfiguration field is displayed as 1G; if the interface is configured with 10-Gbps speed, then SpeedConfiguration displays AUTO.

    Autonegotiation is supported when the interface speed is configured for 1-Gbps speed.


    On the JNP10K-LC2101 line card, rate selectability at PIC level and port level does not support 1-Gbps speed.

    [See Introduction to Rate Selectability.]

  • Support for monitoring link degradation (MX Series routers with MPC7E, MPC8E, and MPC9E)—Starting in Junos OS Release 19.4R1, you can monitor the quality of physical links on Ethernet Interfaces and take corrective action when the link quality degrades beyond a certain value. To enable your device to monitor the links, use the link-degrade-monitor statement at the [edit interfaces interface-name] hierarchy level. This feature monitors the bit error value (BER) of the link and initiates corrective action when the BER value crosses a user-configured threshold.

    Starting in Junos OS Release 19.4R1, the following line cards support link degrade monitoring:

    • MPC7E (MPC7E-MRATE and MPC7E-10G (non-MACsec mode))




    Link degrade monitoring is not supported on the MACsec-enabled MPC7E-10G and MIC-MACSEC-MRATE.

    [See Link Degrade Monitoring Overview.]

  • Optimize fabric path to prevent traffic hop (MX2008, MX2010, and MX2020 with MPC9E)—Starting in Junos OS Release 19.4R1, you can optimize the fabric path of the traffic flowing over abstracted fabric (af) interfaces between two guest network functions (GNFs) by configuring a fabric optimization mode. This feature reduces fabric bandwidth consumption by preventing any additional fabric hop (switching of traffic flows from one Packet Forwarding Engine to another because of abstracted fabric interface load balancing) before the packets eventually reach the destination Packet Forwarding Engine.

    To configure fabric optimization mode, use the following CLI commands at the base system (BSYS): set chassis network-slices guest-network-functions gnf id collapsed-forward <monitor | optimize>.

    [See Optimizing Fabric Path for Abstracted Fabric Interface.]

  • SCBE3-MX interoperates with MPC 3D 16x10GE (MX240, MX480, and MX960)—Starting in Junos OS Release 19.4R1, the Enhanced Switch Control Board SCBE3-MX (model number: SCBE3-MX-S) supports the 16-port 10-Gigabit Ethernet MPC (MPC 3D 16x10GE) on the MX240, MX480, and MX960 routers with enhanced midplane. The SCBE3-MX-S supports a pluggable Routing Engine and provides a control plane and data plane interconnect to each line card slot. The MPC 3D 16x10GE supports a fabric bandwidth of 160 Gbps.

    [See SCBE3-MX Description and 16x10GE MPC.]

  • New universal PSM and PDM (MX2008, MX2010, and MX2020)—Starting in Release 19.4R1, Junos OS supports the high-voltage second-generation universal power supply module (PSM; model number: MX2K-PSM-HV-S) and power distribution module (PDM; model number: MX2K-PDM-HV). The PSM has a main output and a standby output. The main output provides up to 3000 W power with a single feed, and up to 3400 W power with dual feeds. The standby output provides up to 30 W power. The PSM accepts either a AC input (voltage range: 180 VAC through 305 VAC) or DC input (voltage range: 190 VDC through 410 VDC). The new single-phase universal PDM has nine power cords rated 30A each.


    We recommend that you use MX2K-PSM-HV-S PSM only with MX2K-PDM-HV PDM.

    [See MX2010 Power System Description and MX2020 Power Subsystem Description.]

  • High-capacity second-generation AC PSM (MX960)—Starting in Release 19.4R1, Junos OS supports the new high-capacity second-generation AC power supply module (PSM; model number: MX960-PSM-5K-AC-S) on MX960 routers. An enhanced version of the existing PSM used in the MX960 chassis, the new high-capacity PSM provides a maximum output power of 5100 W with dual feeds, and 2550 W with a single feed. The PSM supports a minimum input voltage of 180 VAC and a maximum input voltage of 264 VAC. The PSM supports 1+1 redundancy.

    [See MX960 Power System Overview.]

  • Enhancement to increase the threshold of corrected single-bit errors (MPC7E, MPC8E, and MPC9E on MX Series)—In Junos OS Release 19.4R1, the threshold of corrected single-bit errors is increased from 32 to 1024, and the alarm severity is changed from Major to Minor for those error messages. There is no operational impact upon corrected single-bit errors. Also, a log message is added to display how many single-bit errors have been corrected between the reported events as follows:

    EA[0:0]: HMCIF Rx: Link0: Corrected single bit errordetected in HMC 0 - Total count 25

    EA[0:0]: HMCIF Rx: Link0: Corrected single bit errordetected in HMC 0 - Total count 26

    [See Alarm Overview.]

Junos OS, XML, API, and Scripting

  • Python 3 support for commit, event, op, and SNMP scripts (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 19.4R1, you can use Python 3 to execute commit, event, op, and SNMP scripts on devices running Junos OS. To use Python 3, configure the language python3 statement at the [edit system scripts] hierarchy level. When you configure the language python3 statement, the device uses Python 3 to execute scripts that support this Python version and uses Python 2.7 to execute scripts that do not support Python 3 in the given release.

    The Python 2.7 end-of-support date is January 1, 2020, and Python 2.7 will be EOL in 2020. The official upgrade path for Python 2.7 is to Python 3. As support for Python 3 is added to devices running Junos OS for the different types of onbox scripts, we recommend that you migrate supported script types from Python 2 to Python 3, because support for Python 2.7 might be removed from devices running Junos OS in the future.

    [See Understanding Python Automation Scripts for Devices Running Junos OS.]

  • Automation script library upgrades (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 19.4R1, devices running Junos OS that support the Python extensions package include upgraded Python modules. Python scripts can leverage the upgraded versions of the following modules:

    • idna (2.8)

    • jinja2 (2.10.1)

    • jnpr.junos (Junos PyEZ) (2.2.0)

    • lxml (4.3.3)

    • markupsafe (1.1.1)

    • ncclient (0.6.4)

    • packaging (19.0)

    • paho.mqtt (1.4.0)

    • pyasn1 (0.4.5)

    • yaml (PyYAML package) (5.1)

    [See Overview of Python Modules Available on Devices Running Junos OS.]

  • Support for 64-bit architecture added for use of management interface in a nondefault routing instance in op scripts and JET applications (MX Series)—Junos OS Release 19.4R1 supports 64-bit architecture for Junos operating scripts and on-box JET applications being able to use the function set_routing_instance() to program the protocol software (TCP/UDP) to use a nondefault routing instance instead of the default management routing interface.

    [See set_routing_instance() Function (Python).]

Junos Telemetry Interface

  • Transceiver sensor support on JTI (MX960, MX2010, MX2020, PTX1000, PTX5000, PTX10000)—In Junos OS Release 19.4R1, you can use Junos telemetry interface (JTI) and remote procedure calls (gRPC) or gRPC Network Management Interface (gNMI) services to export transceiver statistics from MX960, MX2010, MX2020, PTX1000 and PTX5000 routers to outside collectors. This feature supports OpenConfig transceiver model openconfig-platform-transceiver.yang 0.5.0.

    Both streaming and ON-CHANGE statistics are supported using the following base path:

    • /components/components/transceiver/

    [See Understanding OpenConfig and gRPC on Junos Telemetry Interface and Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • Physical Ethernet interface sensor support on JTI (MX960, MX2020, PTX1000, PTX5000)—Starting in Junos OS Release 19.4R1, you can use Junos telemetry interface (JTI) and remote procedure calls (gRPC) services or gRPC Network Management Interface (gNMI) services to export physical Ethernet interface statistics from MX960, MX2020, PTX1000, and PTX5000 routers to outside collectors. This feature supports OpenConfig model openconfig-if-ethernet.yang (physical interface level) version 2.6.2 (no configuration). Both streaming and ON-CHANGE statistics are supported using the following resource paths:

    • /interfaces/interface/ethernet/state/mac-address (with ON_CHANGE support)

    • /interfaces/interface/ethernet/state/auto-negotiate (with ON_CHANGE support)

    • /interfaces/interface/ethernet/state/duplex-mode (with ON_CHANGE support)

    • /interfaces/interface/ethernet/state/port-speed (with ON_CHANGE support)

    • /interfaces/interface/ethernet/state/enable-flow-control (with ON_CHANGE support)

    • /interfaces/interface/ethernet/state/hw-mac-address (with ON_CHANGE support)

    • /interfaces/interface/ethernet/state/negotiated-duplex-mode (with ON_CHANGE support)

    • /interfaces/interface/ethernet/state/negotiated-port-speed (with ON_CHANGE support)

    • /interfaces/interface/ethernet/state/counters/in-mac-control-frames

    • /interfaces/interface/ethernet/state/counters/in-mac-pause-frames

    • /interfaces/interface/ethernet/state/counters/in-oversize-frames

    • /interfaces/interface/ethernet/state/counters/in-jabber-frames

    • /interfaces/interface/ethernet/state/counters/in-fragment-frames

    • /interfaces/interface/ethernet/state/counters/in-8021q-frames

    • /interfaces/interface/ethernet/state/counters/in-crc-errors

    • /interfaces/interface/ethernet/state/counters/in-block-errors

    • /interfaces/interface/ethernet/state/counters/out-mac-control-frames

    • /interfaces/interface/ethernet/state/counters/out-mac-pause-frames

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

  • ON_CHANGE support for component sensors on JTI (MX960)—Junos OS Release 19.4R1 supports ON_CHANGE statistics for the following component sensors using Junos telemetry interface (JTI) and either remote procedure call (gRPC) services or gRPC Network Management Interface (gNMI) services. Junos OS releases before Release 19.4R1 support these component sensors on the MX960 router only to stream statistics.

    • /components/component

    • /components/component/name/

    • /components/component/state/type

    • /components/component/state/id

    • /components/component/state/description

    • /components/component/state/serial-no

    • /components/component/state/part-no

    Streaming telemetry data through gRPC or gNMI requires the OpenConfig for Junos OS module.

    [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface).]

Layer 2 Features

  • Layer 2 services on PWHT (MX2K-MPC11E line card)—Starting in Junos OS Release 19.4R1, the following Layer 2 services are supported with Pseudowire Headend Termination (PWHT):

    • Service provider style bridging

    • MAC learning and MAC table aging

    • BUM traffic handling including split horizon

    • MAC move

    • Statistics

    • Mesh groups

    • Static MAC

    • MAC learning and forwarding on aggregate Ethernet interfaces

    • Bridging on untagged interfaces

    • Simple dual tag bridging (with VLAN-translation and VLAN map operations)

    [See Layer 2 VPNs and VPLS User Guide for Routing Devices.]

  • Support for an increase in MAC table size on the MPC10E-15C-MRATE line cards (MX Series)—Starting in Junos OS Release 19.4R1, MX Series routers with MPC10E-15C-MRATE line cards support MAC table size of upto 1 million entries per PFE for Layer 2 services.

    You can configure the MAC limit size at global level at the [edit protocols l2-learning global-mac-limit] hierarchy level.

    You can also configure the MAC table size using bridge domains at the [edit bridge-domains bridge-domain-name bridge-options mac-table-size] hierarchy level.

    [See Understanding Layer 2 Bridge Domains , Understanding Layer 2 Learning and Forwarding .]

Layer 2 VPN


  • Distributed CSPF for segment routing LSPs (MX Series)—Starting in Junos OS Release 19.4R1, you can compute a segment routing LSP locally on the ingress device according to the constraints you have configured. With this feature, the LSPs are optimized based on the configured constraints and metric type. The LSPs are computed to utilize the available ECMP paths to the destination.

    Prior to Junos OS Release 19.4R1, for traffic engineering of segment routing paths, you could either explicitly configure static paths, or use computed paths from an external controller.

    [See Enabling Distributed CSPF for Segment Routing LSPs.]

  • Color-based mapping of VPN services over SRTE (MX Series)—Starting in Junos OS Release 19.4R1, you can specify a color attribute along with an IP protocol next hop to resolve transport tunnels over static colored and BGP segment routing traffic-engineered (SRTE) label-switched paths (LSPs). This is called the color-IP protocol next hop resolution, where you are required to configure a resolution-map and apply it to the VPN services. Prior to this release, the VPN services were resolved over IP protocol next hops only.

    With this feature, you can enable color-based traffic steering of Layer 2 and Layer 3 VPN services.

    [See Color-Based Mapping of VPN Services Overview.]

  • Support for static adjacency segment identifier for aggregated Ethernet member links on MPC10E-15C-MRATE line cards (MX240, MX480, MX960, and MX2020)—Starting with Junos OS Release 19.4R1, you can configure a transit single-hop static label-switched path (LSP) for a specific member link of an aggregated Ethernet (ae) interface. The label for this route comes from the segment routing local block (SRLB) pool of the configured static label range. Configure the ae member interface name using the member-interface statement option at the [edit protocols mpls static-label-switched-path name transit name] hierarchy level. This feature is supported for ae interfaces only.

    [See transit and Configuring Static Adjacency Segment Identifier for Aggregate Ethernet Member Links Using Single-Hop Static LSP.]


  • Next-generation multicast VPN supported on MPC10E-15C-MRATE line cards (MX240, MX480, and MX960)—Starting in Junos OS Release 19.4R1, the MPC10E-15C-MRATE line card supports next-generation MVPN.

    [See Multicast Overview.]

  • Continuous, persistent IGMP and MLD statistics (MX Series)—Starting in Junos OS Release 19.4R1, in addition to collecting statistics on IGMP and MLD control traffic for currently active subscribers, MX Series routers also collect and maintain cumulative and persistent statistics that account for both past and current subscribers. The device stores these statistics and copies them to the backup Routing Engine at a configurable interval, so this information is preserved across routing daemon restarts, graceful Routing Engine switchovers (GRES), in-service software upgrade (ISSU) operations, or line card reboots. Use the continuous option with the show igmp statistics or show mld statistics command to view continuous statistics; without this option, you see default statistics only for currently active subscribers.


    This feature is documented but not supported on MX series in Junos OS Release 19.4R1.

    [See show igmp statistics or show mld statistics.]

Network Management and Monitoring

  • Packet mirroring with Layer 2 headers for Layer 3 forwarded traffic (MX Series routers with MPCs or MICs)—Starting in Junos OS Release 19.4R1, you can enable port mirroring at packet level along with Layer 2 headers even if the filters are installed with Layer 3 match actions. Use the new firewall-filter action l2-mirror at the [edit firewall family inet|inet6 filter filter-name term tcp-flags then] hierarchy level to request Layer 2 header reporting.


  • Support for Ethernet OAM and Metro Ethernet services over segment routing (ACX5448-D, ACX5448-M, MX Series)—Starting with Junos OS Release 19.4R1, ACX5448-D, ACX5448-M and MX Series routers support Ethernet OAM and Metro Ethernet services over segment routing.

    [See Understanding Adjacency Segments, Anycast Segments, and Configurable SRGB in SPRING for IS-IS Protocol, Understanding Topology-Independent Loop-Free Alternate with Segment Routing for IS-IS, Ethernet OAM Connectivity Fault Management .]

Routing Policy and Firewall Filters

  • Support for firewall forwarding on MPC10E line cards (MX240, MX480, and MX960)—Starting in Junos OS Release 19.4R1, the following traffic policers are fully supported on MX240, MX480, and MX960 routers with MPC10E line cards:

    • GRE tunnels, including encapsulation (family any), decapsulation, GRE-in-UDP over IPv6, and the following sub-options: sample, forwarding class, interface group, and no-ttl-decrement

    • Input and output filter chains

    • Actions, including policy-map filters, do-not-fragment, and prefix

    • Layer 2 policers

    • Policer overhead adjustment

    • Hierarchical policers

    • Shared bandwidth

    • Percentages

    • Logical interfaces

    [See Traffic Policer Types.]

  • GTP load balancing on MPC10E-15C-MRATE line cards (MX240, MX480, MX960, MX2010, and MX2020)—Starting in Junos OS Release 19.4R1, the MPC10E-15C-MRATE line card supports GPRS tunneling protocol (GTP) load balancing.

    [See Understanding Per-Packet Load Balancing.]

Routing Protocols

  • Bidirectional Forwarding Detection (BFD) Strict Mode for OSPF (MX Series)—Starting in Release 19.4R1, Junos OS supports BFD strict mode for OSPF. The BFD strict mode for OSPF enables a router to prevent establishing OSPF adjacency until a BFD session is established. This helps in faster and more reliable connection with the peer devices. To enable this feature, both the devices should support BFD strict-mode.

    To configure BFD strict-mode, use set strict-bfd at the [edit protocols ospf area area_id interface interface_name] hierarchy level.

    You can also configure a hold down interval to delay the sending of session UP notification to the BFD client which helps in achieving a more stable connection. To configure a hold down interval, use set holddown-interval holddown-interval at the [edit protocols ospf area area_id interface interface_name bfd-liveness-detection] hierarchy level.

  • BGPIO Thread Enhancements—Starting in Junos OS Release 19.4R1, the BGP protocol work to do Update message generation for peers in a BGP group is moved out from the main BGP thread to its own new set of pthreads, called BGP Update I/O threads. Each Update I/O thread is responsible for generating updates for one or more BGP peer groups. BGP Update threads construct updates for groups in parallel and independent of other groups that are being serviced by different update threads. This might offer significant convergence improvement in a write-heavy workload that involves advertising to many peers spread across many groups. BGP Update I/O threads can be configured independent of RIB sharding feature but are mandatory to use with RIB sharding as they help improve packing of prefixes in outbound BGP update messages and thus help improve performance.

    BGP update thread is disabled by default. If you configure update-threading on a routing engine, RPD creates update threads. By default, the number of update threads created is the same as the number of CPU cores on the routing engine. Update threading is only supported on a 64 bit routing protocol process (rpd). Optionally, you can specify the number-of-threads you want to create by using set update-threading <number-of-threads> statement at the [edit system processes routing bgp] hierarchy level. The range is currently 1 through 128.

    See [update-threading] and [Understanding BGP UPDATE IO Thread.]

  • Support for BGP RIB Sharding (MX Series)—Starting in Junos OS Release 19.4R1, the BGP process is split into different threads so that they can run concurrently on a multicore routing engine through RIB sharding which results in reduced convergance time and faster performance. BGP RIB sharding splits a BGP RIB into several sub RIBs and each sub RIB handles a subset of BGP routes. Each sub RIB is served by a separate RPD thread to achieve parallel processing.

    BGP RIB sharding is disabled by default. This feature is supported only on 64-bit routing protocol process (rpd) where the Routing Engine has at least 4 CPU cores and 16 GB of memory.

    If you configure rib-sharding on a routing engine, RPD will create sharding threads. By default the number of sharding threads created is same as the number of CPU cores on the routing engine. Optionally, you can specify the number-of-shards you want to create. The range is currently 1 through 31.

    The show route command shows the aggregate data from main and all shards to provide the unified view of the RIBs.


    BGP RIB sharding is supported for inet.0 and inet6.0 RIBs only. All the other RIBs are still processed without sharding.

    To enable this feature, you can configure rib-sharding at the [edit system processes routing bgp] hierarchy level. Sharding is dependent on the update I/O thread feature. Therefore, update I/O thread feature is essential and mandatory when you configure sharding. To enable update I/O, you need to configure update-threading at the [edit system processes routing bgp] hierarchy level for rib-sharding configuration to pass commit check.

    See [rib-sharding.]

  • Optimizing the static route configuration processing during commit (MX Series)— Starting in Release 19.4R1, Junos OS optimizes the static route configuration processing during commit by managing only the new, modified and deleted routes instead of all the routes. The processing of these static route configurations are optimized:

    • Local SRGB

    • Global SRGB

    • Node-segment implementation of 256 label block

  • Integrating RIFT protocol into Junos OS (MX Series and VMX virtual routers)—Starting in Junos OS Release 19.4R1, you can integrate a new IGP protocol, Routing in Fat Tree (RIFT), into Junos OS to route packets in variants of CLOS-based and fat tree network topologies (also called the spine and leaf model).

    The RIFT protocol is capable of automatic construction of fat-tree topologies, providing you the benefit of having a close to zero necessary configuration. RIFT makes networks resilient, extensively traceable, and simpler to manage, thereby overcoming the deployment limitations of evolving IP fabrics.

    [See Understanding Junos Implementation of Routing in Fat Tree (RIFT) Protocol].

  • BFD authentication and seamless BFD support on MPC10E and MPC11E line cards (MX Series)—Starting in Junos OS Release 19.4R1, MX Series routers with MPC10E and MPC11E line cards support BFD authentication and inline mode for seamless BFD.

    [See Example: Configuring BFD Authentication for BGP.]

  • VRRP support for MPC10E-15C-MRATE line cards (MX Series)—Starting in Junos OS Release 19.4R1, MPC10E-15C-MRATE line cards support VRRP.

    [See Understanding VRRP.]

  • Unnumbered interface support for IS-IS and OSPFv2 with topology-independent loop-free alternate (ACX Series, MX Series and PTX Series)—Starting in Junos OS Release 19.4R1, you can enable IPv4 processing on a point-to-point interface without assigning it an explicit IPv4 address. The router borrows the IPv4 address of another Ethernet or loopback interface already configured on the router and assigns it to the unnumbered interface to conserve IPv4 addresses.

    To enable IPv4 processing for unnumbered interfaces include unnumbered-address source at the [edit interfaces [name] unit [name] family inet] hierarchy level.

    [See Configuring an Unnumbered Interface.]

  • Support for flexible algorithm in IS-IS for segment routing–traffic engineering (MX Series and PTX Series)—Starting in Junos OS Release 19.4R1, you can thin slice a network by defining flexible algorithms that compute paths using different parameters and link constraints based on your requirements. For example, you can define a flexible algorithm that computes a path to minimize IGP metric and define another flexible algorithm to compute a path based on traffic engineering metric to divide the network into separate planes. This feature allows networks without a controller to configure traffic engineering and utilize segment routing capability of a device.

    To define a flexible algorithm, include flex-algorithm statement at the [edit routing-options] hierarchy level.

    To configure participation in a flexible algorithm include the flex-algorithm statement at the [edit protocols isis segment routing] hierarchy level.

    [See Understanding IS-IS Flexible Algorithm for Segment Routing.]

  • Support for disable-4byte-as and minimum-hold-time configurations (MX Series)—Starting in Junos OS Release 19.4R1, you can use the minimum-hold-time and disable-4byte-as configurations. By configuring minimum-hold-time, you can now prevent BGP session establishment toward BGP peers that attempt to negotiate a lower BGP session hold-time than the configured minimum-hold-time, which helps reduce the load on a router by avoiding sending constant keepalive messages at a high frequency. You can use disable-4byte-as configuration to enable a BGP peer that uses a 4-Byte to interact with another BGP peer old speaker that uses 2-Byte.

    • We recommend using Bidirectional Forwarding Detection (BFD) rather than lowering BGP hold timers and also recommend configuring a meaningful minimum-hold-time value (for example, 20 seconds or higher) for all BGP peers (for example, at the BGP group level). If a BGP remote node does not support BFD, and therefore a reduced BGP hold-time is easier for the quicker discovery of a BGP neighbor failure, you can configure a lower minimum-hold-time value. Use it with caution and only for a limited number of BGP peers.

    • We recommend that you configure the disable-4byte-as configuration only if the BGP peer does not support or ignores the capability advertisement of 4byte-as, and brings up the session as a 2byte AS.

      [See disable-4byte-as and minimum-hold-time]

  • Support for BGP PIC Edge with BGP labeled unicast (MX Series and PTX Series)—Starting with Junos OS Release 19.4R1, MX Series and PTX Series routers support BGP PIC Edge with BGP labeled unicast as the transport protocol. BGP PIC Edge using the BGP labeled unicast transport protocol helps to protect traffic failures over border nodes (ABR and ASBR) in multi-domain networks. Multi-domain networks are typically used in metro-aggregation and mobile backhaul networks designs.

    [See Load Balancing for a BGP Session.]

Services Applications

  • Port Mirroring support (MPC10E line card on MX240 MX480, and MX960 routers)—Starting in Junos OS Release 19.4R1, Junos OS supports port mirroring on the MPC10E line card for VPLS.

    [See Understanding Port Mirroring]

  • Inline J-Flow support for EVPN traffic (MX-Series with MPC10 and MPC11)—Starting in Junos OS Release 20.1R1, inline J-Flow supports sampling under the bridge family. Inline J-Flow monitors traffic hitting the bridge family and reports the necessary fields in either version 9 or IPFIX format.

    A new family bridge is introduced under the forwarding-options sampling instance hierarchy that monitors all traffic hitting the VPLS or bridge family.

    [See Understanding Inline Active Flow Monitoring.]

  • Programmable DNS error code in response to DNS query (MX240, MX480 and MX960 routers)—Starting in Junos OS Release 19.4R1, for the DNS queries for blocklisted domains which are of SRV and TXT query types, you can specify a TXT or SRV response code in the DNS response with an empty answer section. To specify the response code, configure the txt-resp-err-code or srv-resp-err-code option at the [edit services web-filter profile profile-name dns-filter-template template-name] hierarchy level. For both the options, if you configure Noerror as the value, the error code is sent as 0 with an empty response; whereas, if you set Refusederror as the value, the error code is sent as 5.

    [See DNS Request Filtering for Blacklisted Website Domains].


Software-Defined Networking

  • Map PCE-initiated P2MP LSPs to MVPN (MX Series)—Starting in Junos OS Release 19.4R1, you can associate a single or range of MVPN multicast flows (S,G) to a dynamically created PCE-initiated point-to-multipoint label-switched path (LSP). You can specify only selective types of flows, which include a route distinguisher (RD), (S,G) address, and LSP name. When the incoming traffic matches the specified flows, it is mapped to the point-to-multipoint PCE-initiated LSP.

    With this feature, you can benefit from reduced configuration as the PCE-initiated point-to-multipoint LSPs are dynamically mapped, thereby eliminating the need to statically enable MVPN and point-to-multipoint LSPs.

    [See Understanding Path Computation Element Protocol for MPLS RSVP-TE with Support for PCE-Initiated Point-to-Multipoint LSPs.]

  • Tunnel templates for PCE-initiated segment routing LSPs (MX Series)—Starting in Junos OS Release 19.4R1, you can configure a tunnel template for Path Computation Element (PCE)-initiated segment routing LSPs and apply it through policy configuration. These templates enable dynamic creation of segment routing tunnels with two additional parameters – Bidirectional forwarding detection (BFD) and LDP tunneling.

    With the support for tunnel configuration, the LSPs that you would configure statically can now be automatically created from the PCE, thereby providing the benefit of reduced configuration on the device.

    [See Understanding Static Segment Routing LSP in MPLS Networks.]

Software Licensing

  • Subscriber Access Licensing (MX Series and vMX)– Starting in Junos OS Release 19.4R1, you need one license per subscriber interface created on subscriber access model.

    You need only one license if the DHCP dual stack session running with a single SDB session. To configure the single SDB session, use the classification-key option in the [edit system services dhcp-local-server] hierarchy .

    [See Subscriber Access Licensing Overview and classification-key (DHCP Relay Agent).]

Subscriber Management and Services

  • Support for GRES and anchor PFE redundancy on Junos Multi-Access User Plane (MX240, MX480, MX960)—Starting with Junos OS Release 19.4R1, Junos Multi-Access User Plane supports graceful Routing Engine switchover (GRES) and anchor PFE 1:1 hot-standby redundancy to preserve sessions and bearers in the event of failure.

    [See GRES on Junos Multi-Access User Plane and Anchor PFEs and Redundancy in Junos Multi-Access User Plane.]

  • Automatic removal of the redirect service after a one-time redirect (MX Series)—Starting in Junos OS Release 19.4R1, you can configure the router to redirect a subscriber only once when the subscriber logs in. This enables you to easily provide notifications or advertisements to your subscriber base when subscribers log in. The initial HTTP-GET request from the subscriber triggers the removal of the redirect service. After the temporary redirect to the captive portal, subscribers can reach the specified URL without being redirected for the duration of the session. Automatic removal enables you to avoid using an external policy server, such as a RADIUS CoA message, to remove the redirect service.

    [See How to Automatically Remove the HTTP Redirect Service After the Initial Redirect.]

  • Support for charging and usage reports on Junos Multi-Access User Plane (MX240, MX480, MX960)—Starting with Junos OS Release 19.4R1, Junos Multi-Access User Plane supports volume based Usage Reporting Rules (URRs) in accordance with 3GPP TS 23.203, Policy and charging control architecture.

    [See CUPS Session Creation and Data Flow with Junos Multi-Access User Plane.]

  • Junos Multi-Access User Plane (MX240, MX480, MX960)—With Junos OS Release 19.4R1, we introduce Junos Multi-Access User Plane, a software solution that turns your MX router into a high-capacity user plane function called a System Architecture Evolution Gateway-User Plane (SAEGW-U). This MX SAEGW-U interoperates with a third-party SAEGW-C (control plane function), per 3GPP Release 14 Control User Plane Separation (CUPS) architecture, to provide high-throughput 4G and 5G fixed-wireless access service with support for 5G non-stand-alone (NSA) mode. CUPS enables independent scaling of the user and control planes, network architecture flexibility, operational flexibility, and an easier migration path from 4G to 5G services. The CUPS architecture is optional for 4G but inherent in 5G architecture.

    To transform your MX240, MX480, or MX960 router into an SAEGW-U, all you need is at least one MPC7 linecard, a routing engine with at least 32GB memory, and Junos OS Release 19.4R1.

    [Junos OS Release 19.4R1 is the first release to support Junos Multi-Access User Plane functionality. We recommend you use this release for lab testing & early field qualification. Full deployment support is available in a later release. Documentation for Junos Multi-Access User Plane is included in the JUNOS Release 19.4R1 documentation here: Junos Multi-Access User Plane User Guide.]

  • Support for Lawful Intercept on Junos Multi-Access User Plane (MX240, MX480, MX960)—Starting with Junos OS Release 19.4R1, Junos Multi-Access User Plane supports Lawful Intercept in accordance with 3GPP TS 33.107, Lawful interception architecture and functions.

    [See MX Series Router As SAEGW-U.]

  • CoA messages support Session-Timeout attribute (MX Series)—Starting in Junos OS Release 19.4R1, you can apply a session timeout for subscriber sessions with a RADIUS CoA message that includes the Session-Timeout attribute (27). This capability is useful, for example, when subscribers purchase Internet access for a specific period of time and must log out when the session expires. In earlier releases, the router does not recognize the attribute if it is included in a CoA message.

    [See Understanding Session Options for Subscriber Access.]

System Logging

  • Improved intermodule communication between FFP and MGD (ACX Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release 19.4R1, intermodule communication is improved to enhance software debugging. To enhance error messages with more context, the exit conditions from libraries have been updated as follows:

    • Additional information is now logged for MGD-FFP intermodule communication.

    • Commit errors that previously were only shown onscreen are now logged.

    We provide a new operational command, request debug information, to speed up the initial information-gathering phase of debugging.

    [See request debug information.]

What's Changed

Learn about what changed in Junos OS main and maintenance releases for MX Series routers.

Interfaces and Chassis

  • Logical Interface is created along with physical interface by default (MX Series, QFX Series, EX Series)—Starting in Junos OS Release 19.4R1, logical interfaces are created on ge, et, and xe interfaces along with the physical interface, by default. In earlier Junos OS releases, by default, only physical interfaces are created.

    For example, for ge interfaces, previously when you viewed the show interfaces command, by default, only the physical interface (ge-0/0/0), was displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.

  • Change in error severity (MX960, MX240, MX2020, MX480, MX2008, and MX2010)—Starting in Junos OS Release 19.4R1, the severity of the CRC errors (XR2CHIP_ASIC_JGCI_FATAL_CRC_ERROR) has been reduced from Fatal to Major. Earlier, these errors caused the line card to be reset, if the interasic-linkerror-recovery-enable command was configured. Now, these errors will only disable the Packet Forwarding Engines that are affected. With this change, the interasic-linkerror-recovery-enable command has no effect in these errors because severity of these errors has been reduced to Major.


    This behavior change is applicable to the following line cards only: MPC5E, MPC6 MPC7, MPC8, and MPC9.

Network Management and Monitoring

  • SSHD process authentication logs timestamp (MX Series)—Starting in Junos OS Release 19.4R1, the SSHD process authentication logs use only the time zone defined in the system time zone. In the earlier releases, the SSHD process authentication logs sometimes used the system time zone and the UTC time zone.

    [See Overview of Junos OS System Log Messages.]

Services Applications

  • Update to CLI option for configuring the version number to distinguish between currently supported version of the Internet draft draft-ietf-softwire-map-03—In Junos OS Release 19.4R1, the version-3 option under the [edit services softwire softwire-concentrator map-e] hierarchy for configuring the version number to distinguish between currently supported version of the Internet draft draft-ietf-softwire-map-03 is optional. In the earlier Junos OS releases, if you did not configure the version-3 option, the configuration resulted in an error.

    [See map-e.]

Software-Defined Networking

  • Increase in the maximum value of delegation-cleanup-timeout (MX Series)—Starting in Junos OS Release 19.4R1, you can configure a maximum of 2,147,483,647 seconds as the delegation cleanup time for a Path Computation Client (PCC). This extends the time taken by the PCC to retain the last provided path over a PCEP session from the last session down time.

    With the increase in maximum value of delegation-cleanup-timeout from 600 to 2,147,483,647 seconds, you can benefit during a Path Computation Element (PCE) failover, or other network issues that might disrupt the PCEP session with the main active stateful PCE.

    [See delegation-cleanup-timeout.]

Subscriber Management and Services

  • Enhancement to commands to display reason for Routing Engine disconnect (MX Series)—Starting in Junos OS Release 19.4R1, several commands display the reason when the master and standby Routing Engines disconnect because of a DRAM size mismatch error. On a chassis with two Routing Engines, this error can result when both of the following are true:

    • The Routing Engines have different amounts of DRAM.

    • A 64-bit Junos OS image is loaded on the chassis.

    You can avoid this problem by doing either of the following:

    • Ensure that both Routing Engines have the same amount of DRAM.

    • Load a 32-bit image.

    [See show system subscriber-management summary, show database-replication summary, request chassis routing-engine master, and show chassis routing-engine].

  • Prevent queue-based throttling from stopping subscriber login (MX Series)—Starting in Junos OS Release 19.4R1, you can specify a value of 0 with the high-cos-queue-threshold statement. This value prevents any subscriber from being throttled by queue-based throttling.

    [See Throttling Subscriber Load Based on CoS Resource Capacity.]

Known Limitations

Learn about known limitations in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • First packet pertaining to J-Flow Packet Forwarding Engine sensor in UDP mode is missing after line card reboot on PORTER-R platform. PR1344755

  • Traffic on GRE interface both ingress and egress cannot be Layer 2 mirrored. PR1462375

  • Applying and removal of 1G speed results in channel being down. PR1456105

  • The control peer PFCP heartbeat request time out window must be greater than 90 seconds. PR1459135

  • Load balancing does snot work as expected when tested with NAPT44 case twice. PR1477670

  • aftd hogged on executing clear VPLS table and MACs are not learned for less than 5 minutes. PR1473334

  • If MTU is configured to a value higher than 9500, which is the maximum permissible value, configuration is done successfully. However, the actual value is set back to 1518 without any error. PR1372690

  • The MIC-MACSEC-20G supports 10-Gigabit speed through the set chassis fpc x pic y pic-mode 10G configuration that is applied to both the PICs in that MIC. Any other PIC mode configuration must be removed and the 10-Gigabit PIC mode configuration must be applied. PR1374680

  • In USF and non-USF cases, the monitor interface is MS (or) VMS interface. When chassisd restarts, all FPCs restart. SRD also restarts and ICCP connection goes down. If the FPC hosting the ICL goes down first before SRD receives physical interface IFD down for the monitored interface, the switchover does not happen immediately. PR1416064

  • JSD generates core files when aggressively subscribing and unsubscribing both gRPC and gNMI subscriptions from multiple sessions. PR1433744

  • The SPC3 cards are not supported with RE-2000. Even if the RE-2000 is the backup RE. PR1435790

  • In a large-scale setup such as large number of routing-instances or interfaces, if there are frequent changes in the configuration and interface flapping when the rpd restarts through deactivate or activate of logical-system or restart routing, the rpd might crash. PR1438049

  • Whenever the primary path goes down for the SRTE-tunnel, dynamic tunnel module (DTM) starts an expiry timer of 15 minutes. If the primary path comes up within this timer period, the tunnel comes up again. After the timer expires and the primary path is still not up, DTM asks SR-TE to remove the tunnel. Also, if there are multiple paths to reach the tunnel endpoint, BGP routes resolve over the other route, for example L-ISIS path. Later, even if the primary path comes up, BGP routes remain resolved over the other secondary route and do not change. No re-resolution happens because the SRTE-tunnel is being resolved with more than one indirection. For example, SR-TE over MPLS over IS-IS in this case. The same issue occurs in RSVP tunnels. The issue is applicable to uncolored tunnels only. PR1439557

  • Sampling applications like port-mirror and inline-jflow are not supported on VPLS tunnel interfaces in ingress direction where ingress packets are sent to the IRB interface for routing. Configuration of sampling application on VPLS tunnel interfaces in such scenario causes packet to drop in ingress direction. PR1444849

  • If Sx Modification-Request has an Update FAR Apply Action that has the DUPL and DROP bits set, the traffic is dropped as expected. However, the packets are not duplicated to the SX3LIF/MD. This happens for both upstream and downstream traffic. PR1450859

  • When 32000 inetcolor and 32000 inet6color are programmed together, the jsd process is hit. PR1452464

  • In a scaled scenario where the Routing Engine pushes a lot of routes to the Packet Forwarding Engine in the presence of the dynamic tunnel configuration, FIB convergence might take more time, leading to traffic drops. PR1454817

  • Member of lt interface of a rlt interface must have same bandwidth configured. Bandwidth mismatch might lead to unexpected behavior. Changes to lt ot rlt interfaces must not be done if a ps interface is anchored over these tunnel interfaces. PR1458951

  • The lt interface Scheduler remains in the invalid state under egress IFD list after changing the lt tunnel to a different Packet Forwarding Engine. PR1458955

  • Changes to rlt interface with ps anchored over is not recommended. For more information, refer to the following Juniper documentation: PR1460898, PR1460910

  • The traffic on GRE interface on both ingress and egress cannot be Layer 2 mirrored. PR1462375

Interfaces and Chassis

  • In a large-scale subscriber environment, changing aggregated Ethernet member link configuration might cause two Routing Engines to generate core files. PR1375638

  • When you use centralized mode for VRRP and if there are scaled VRRP instances, when the VRRP master side fails, such as ungraceful Routing Engine switchover, the traffic might drop for a short time. PR1451704


  • The device might use the locally computed path for the PCE-controlled LSPs after the link or node fails. PR1465902

Platform and Infrastructure

  • On all Junos platforms, execution of Python scripts through enhanced automation does not work on veriexec images. PR1334425

Routing Protocols

  • Three BGP replication flaps are seen on a new master Routing Engine after GRES. The route synchronization issue is also seen between Routing Engines without GRES. PR1441925

  • When you scale RIB to 80 million after FPC restarts, it is not able to scale on the backup Routing Engine. PR1444073

Open Issues

Learn about open issues in this release for MX Series routers. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Application Layer Gateways

  • When you use the SIP ALG after payload changed by ALG, some SIP messages size might be bigger than the outgoing MTU interface and it might need to be fragmented. Else, the SIP messages might be dropped by SIP ALG. PR1475031

Class of Service

  • Tag changes are intentionally added. PR1475179


  • With Junos OS Release 19.3R1, VXLAN OAM host-bound packets are not throttled with DDoS policers. PR1435228

  • When DHCP is used with EVPN, Layer 2 learning daemon adds a destination route to the kernel with the permanent remote flag while dhcp process adds a destination route with a permanent flag. There might be a race condition where the Layer 2 learning destination route is overwritten by the DHCP route, causing the remote flag to get deleted. This subsequently leads to the ARP route to age out in the kernel. To ensure that DHCP routes are not added to the kernel, you must configure the forward-only command under forwarding-options dhcp-relay. PR1439568

Forwarding and Sampling

  • For Junos OS Releases 18.4R1 and 18.3R2, if IPv4 prefix is added on a prefix-list referred by IPv6 firewall filter, the following log message is not seen: Prefix-List [Block-Host] in Filter [Protect_V6] not having any relevant prefixes , Match [from prefix-list Block-Host] might be optimized. PR1395923

  • On the MX Series routers with MPC line card (except DPC line card) used, if an input firewall filter is configured at the ingress VPLS interface, the packet with a VLAN priority of 5 with three or more VLAN tags might be forwarded into the wrong queue. When this occurs, it might cause traffic loss due to congestion as all traffic is forwarded into the default queue. PR1473093

  • Error of traffic does not get policied as expected after locally switched for VLAN 100 and 101, while verifying the selective local-switching functionality with 4000 VLANs. PR1436343

  • After restart routing, the remote mask, which indicates from which remote PE devices MAC IP addresses are learned, that the routing daemon sends might be different from the existing remote mask that the Layer 2 learning daemon had prior to restart. This causes a mismatch between Layer 2 learning and routing daemons interpretation as to where the MAC IP address entries are learned, either local or remote, leading to the MAP IP table being out of synchronization. PR1452990

General Routing

  • On the MX104 platform, when using snmpbulkget or snmpbulkwalk (for example, used by the SNMP server) on a chassisd-related component (for example, jnxOperatingEntry), chassis process (chassisd) high CPU usage and slow response might be seen because of a hardware limitation, which might also lead to a query timeout on the SNMP client. In addition, the issue might not be seen while using an SNMP query for interface statistics. As a workaround, to avoid the issue, use either of the following approaches:

    • Use snmpget or snmpwalk instead of snmpbulkget or snmpbulkwalk and include the -t 30 option when doing the SNMP query. For example, snmpget -v2c -c XX -t 30.

    • Use the -t 30 option with snmpbulkget or snmpbulkwalk. For example, snmpbulkget -v2c -c XX -t 30. PR1103870

  • On the MX Series devices, if the reauthenticate lease-renewal statement is enabled for DHCP, when the DHCP authentication and re-authenticate lease-renewal occurs, the SDB might go down very frequently. PR1473063

  • In subscriber scenario, when there is a configuration change of the firewall filter used by the subscriber service, the RADIUS accounting updates of service session might have incorrect statistic data. The abnormal accounting data might have impact on billing system, so this issue has service impact. PR1475729

  • If redundant APFEs simultaneously fails or reboots while sessions are bound, inconsistencies might occur between the APFEs. This inconsistency can occur in rare situations that lead to an rmpsd to generate core files on the backup Routing Engine with additional subsequent APFE failovers. PR1471580

  • Error message are observed during loading of the RLI configurations. PR1451213

  • On Junos OS Release from 16.2R1 onwards, if commit is executed after commit check, the daemon (for example, dhcpd and sampled) might not get started even after the related configuration is successfully committed. PR1468119

  • PPP IPv6 NCP fails to negotiate during the PPP login. PR1468414

  • Traceroute generates ICMP error message like destination host unreachable and time exceeded that helps in identifying the intermediate hops. Code logic for handling ICMP errors was not there as part of asymmetric processing. PR1466135

  • When MS-MIC becomes unreachable or SPD restart, the next hop used by tcp-log connection are set to discard. However the SPD does not delete this next hop and incorrectly continue using this next hop in the Packet Forwarding Engine. This causes the MS-MIC not able to establish the TCP connection to the syslog server. PR1469575

  • Error messages are observed that doe not impact the functionality and can be ignored. PR1475187

  • If a GRES is performed while the mobile-edge sessions are logged in with URR enabled, they cannot be removed by the PFCP session deletion request and a portion of these requests are rejected. Sessions gets stuck in the delete state with the use of the show services mobile-edge sessions summary command. A Routing Engine reboot through the request system reboot both-routing-engines statement is the only way to recover from this state. PR1478424

  • All the mobile-edge sessions are lost when you perform a GRES while sessions with URR are logged in. Sessions that attempt to login after the GRES will also be rejected in this state. It is necessary to reboot the router using the request system reboot both-routing-engines statement to recover from this state. PR1478985

  • When Layer 2 bridge domain is configured and traffic is flowing only on one particular interface, the MACsec statistics might be updated incorrectly on other channelized MACsec interfaces on the same port group. PR1472464

  • Some of the Demux VLAN over aggregated Ethernet configured statically from CLI configuration are not programmed with the child legs. All the traffic on these logical interfaces are dropped. PR1476465

  • The MX router acting as LNS does not get to program the PFE with l2tp services that causes forwarding issues for the l2tp subscribers. PR1476786

  • When enhanced subscriber management feature are enabled or Junos OS running at Junos OS Release 18.4R1 or later with the nextgen-stats enabled and with XL or EA based line cards (MPC2E-NG/MPC3E-NG/MPC5/MPC6/MPC7/MPC8/MPC9) inserted, the Packet Forwarding Engine might be disabled due to major error under very specific and very rare scenarios. PR1478028

  • During simultaneous scale login of default and dedicated bearers, the router might require the control plane to send retries in order to login all the bearers. In rare situations, the router might reject a small number of requests during the stated scale login procedure. As a workaround, the control plane can send new requests in order to eventually login all the bearers on the router. PR1478191

  • In rare situations, the router is unable to process deletion requests from the control plane for URR sessions. In these rare cases, all sessions are stuck in the delete state. This router state can be resolved by rebooting the router with the request system reboot both-routing-engines command. PR1478220

  • Traffic loss is seen for 10 seconds when switching from secondary to primary path, even with disabled SBFD configuration. PR1478299

  • DHCP-server : RADIUS given mask is being reversed. PR1474097

  • Traffic stops after the volume limit is reached but the traffic resumes after APFE fails. PR1463723

  • This issue occurs only with GRES when both the Routing Engines are rebooted together. During chassis init time, the kernel does not allow any GENCFG to be added before the Routing Engines mastership transition is complete, if GRES is active. If ingress multicast replication configuration is changed after GRES is enabled, before rebooting both the Routing Engines, you must disable the GRES configurations. PR1474094

  • During host ping with gr-tunnel endpoint and lt-interface termination, gr-interface input and lt-interface output counters comes as a host path with transit counter. PR1461593

  • VMCORE-/../src/junos/bsd/sys/netjsr/jsr_prl.c:2128 PR1472519

  • Ike version 2 tunnel flaps with DPD if initiator is not behind NAT. PR1477483

  • The following error messages keep on continuously flooding in the backup Routing Engine: ( JTASK_IO_CONNECT_FAILED: RPDTM./var/run/rpdtmd_control: Connecting to 128.0,255.255,255.255,,, failed: No such file or directory ) PR1473846

  • [firewall] [filter_installation] Output chain filter counters are not correct. PR1478358

  • [firewall] [filter_installation] chain_filters_negative: output chain filter counter is 0. PR1478371

  • The core files are generated at cassis_alloc_list_timed_free in cassis_free_thread_entry. PR1478392

  • The mustd core files are generated at dbm_malloc (dbmp=< optimized out>, size=< optimized out>) at, in cdg_add_path (cdbmp=0x30000000, sidents=< optimized out>, didents=< optimized out>) at ../../../../../../src/ui/lib/constraint/constraint_dependency _graph.c:934. PR1475141

  • Expected number of 512000 MACs are not re-learned in the bridge table after clearing 512000 MACs from the table. PR1475205

  • Dark window size is more than expected. 31.0872721524375 seconds of traffic lost is observed. PR1476505

  • With the traffic-manager enhanced-priority mode configuration on ZT-based line cards (MPC10 and MPC11), Routing Engine might not be able to send packets after sometime. PR1476683

  • The following error message continuously appears in the backup Routing Engine: ( JTASK_IO_CONNECT_FAILED: RPDTM./var/run/rpdtmd_control: Connecting to 128.0,255.255,255.255,,, failed: No such file or directory ) PR1473846

  • The clksyncd core files are generated after GRES. PR1474987

  • ALG-SIP64: SIP session fails when the IPv4 SIP client in a public network initiates a SIP call with the IPv6 SIP client in the private network. PR1139008

  • Bandwidth percent with shaping rate is not working on aggregated Ethernet after deactivating and activating the class of service. PR1465766

  • Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435

  • With BGP rib-sharding and update-threading, traffic drops 100 percent in the BGP Layer 3 VPN streams, post the removal or restoration configuration. PR1469873

  • Unable to setup 26M sessions (NAPT44) at 900Kpps/s. PR1470833

  • DHCP relay with forward-only fails to send OFFER when the client is terminated on the lt-0/0/0.2 logical tunnel interface. PR1471161

  • Support of del_path for the LLDP neighbor changes at various levels. PR1460621

  • JDI_MMX_REGRESSIONS:[MPC10E][LT Tunnel] More number of output packets are seen than expected when the ping function is performed. PR1461593

  • On dual Routing Engines with graceful routing engine switchover (GRES) enabled, after performing GRES, if the configuration synchronization on the backup Routing Engine fails when it becomes the new master Routing Engine, then in rare conditions, some interfaces cannot be deleted or configuration changes cannot be committed. PR1179324

  • When the scale configurations are applied, chassisd CLI command might delay response or might time out for 10 minutes. PR1454638

  • If a vmhost snapshot is taken on an alternate disk and there is no further vmhost software image upgrade, the expectation is that if the current vmhost image gets corrupted, the system boots with the alternate disk so the user can recover the primary disk to restore the state. However, host root file system, the node boots with the previous vmhost software instead of the alternate disk. PR1281554

  • In some scenarios with MPC, major alarm and following messages are generated: messages log: fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) alarmd[3158]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC x Major Errors Major alarm set, FPC x Major Errors fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) cli> show chassis alarms 1 alarms currently active Alarm time Class Description 2019-01-25 15:18:03 UTC Major FPC x Major. Despite major alarm set, this error is due to Unknown Error Address logged in hardware to DQ underrun. This message is harmless and has no service impact. PR1303489

  • As a vendor does not use chained CNH, using the feature does not bring in a lot of gain because TCNH is based on an ingress rewrite premise. Without this feature, things work just fine. PR1318984

  • In Message Queuing Telemetry Transport (MQTT) scenario, about 4000 memory leakage every 30 seconds might be seen. However, on very long runs, this uses up high memory, which can indirectly impact other daemons running. PR1324531

  • With regard to FPC restarts or Virtual Chassis splits, the design of MX Series Virtual Chassis infra relies on the integrity of the TCP connections. The reactions to failure situations might not be handled gracefully, resulting in TCP connection timeouts because of jlock hog crossing the boundary value (5 seconds), which causes bad consequences in MX Series Virtual Chassis. Currently, there is no other easy solution to reduce this jlock hog besides enabling marker infra in the MX Series Virtual Chassis setup. Unfortunately, there is no immediate plan on enabling marker, because doing so caused a lot of issues in MX Series Virtual Chassis when we tried to enable it. PR1332765

  • In some cases, online insertion and removal (OIR) of a MIC on an FPC can lead to traffic destined to the FPC being silently dropped or discarded. The only way to recover from this is to restart the FPC. The issue is not be seen if you use the corresponding CLI commands to offline and then online the MIC. PR1350103

  • For configurations of bridging routing instances with aggregated Ethernet logical interfaces (6400 IFLs) and IRB instances, all from a single FPC, the CPU utilization of the FPC stays at 100 percent for 4 minutes. The behavior from PFEMAN of the FPC has the processing time spiked on IF IPCs and this seems to be the case of MPC7E from Junos OS Release 16.1R1 (or even earlier). After 4 minutes, the CPU utilization comes down and the FPC is normal. Therefore, this scaled configurations on MPC7E takes settling time of more than 4 minutes. PR1359286

  • In rare circumstances, a faulty SFP transceiver installed in an MX104 might cause the AFEB to go offline. The backup routing Eengine and fan tray will also show alarm. PR1360426

  • If any of the log messages continue to appear in the MPC console, it indicates the presence of a faulty SFP/SFP+ transceiver, which causes the I2C transaction from main board CPU. There is no software recovery available to recover from this situation. These logs also indicate potential I2C transaction failure with any of the 10 ports available with GMIC2 in PIC 0 resulting in unexpected behavior. The following is an example of the error message: link not coming up or the MIC itself not booting up on restart. I2C Failed device: group 0xa0 address 0x70 Failed to enable PCA9548(0x70):grp(0xa0)->channel(0) mic_sfp_select_link:MIC(0/0) - Failed to enable PCA9548 channel, PCA9548 unit:0, channel ID: 0, SFP link: 0 mic_sfp_id_read: Failed to select link 0. The only way to recover from these failures is to detect and replace the faulty SFP/SFP+ transceiver plugged into the GMIC2 ports. PR1375674

  • On the EX9208 device, a few XE interfaces go down with the following error message: if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840

  • In a subscriber management environment, multiple error messages of shmlog: argcnt 309 not enough memory might be generated every hour. PR1387690

  • NAPT66 pool split is not supported with AMS; thus commit must fail with V6 pool in AMS. PR1396634

  • On MX10003 platform, after removing the FPC from a slot, when a new FPC is plugged in, not only does the chassis shows old serial number for this new FPC, but the entire FPC ID EEPROM data is retained. All the fields show old values. PR1409930

  • The MX104 router has the following limitations in error management: The show chassis fpc error CLI command is not available for MX104 in Junos OS Releases 13.3R7, 15.1R2,14.1R5,14.2R4, 13.3R8, and later. Junos OS does not initiate restart of the system on encountering a fatal error. Although you can configure the action Disable PFE for major errors, Junos OS does not disable its only Packet Forwarding Engine on encountering a major error. PR1413314

  • On MX Series routers with Trio chip set based MPCs, unicast traffic might drop when the destination is reachable over an integrated routing and bridging (IRB) interface and a label-switched interface (LSI) with two next hops. PR1420626

  • Certain JNP10008-SF and JNP10016-SF Switch Interface Boards (SIBs) manufactured between July 2018 and March 2019 might have incorrect core voltage setting. As a workaround, you can correct the issue by reprogramming the core voltage and updating the setting in NVRAM memory. PR1420864

  • The following syslog error message is seen: "Err] dfw_abstract_issu_stats_counters_restore:2222 Failed to find Index = 4613734? during ISSU with 19.3I-20190409_dev_common.0.2212. PR1429879

  • In gRIBI, programmed routes reference a next-hop group ID, which in turn points to one or more next-hop IDs. Each next-hop ID contains details of the actual next hop. Next-hop group ID and next-hop ID are mapped to an IPv6 prefix (for example, FC01::<GRPID>). In the case of an IPv4 indirect next hop, gRIBI needs to resolve IPv6 via IPv4 next hop over three levels of indirection. Junos OS does not support IPv6 over IPv4 multilevel next-hop resolution. Therefore, gRIBI cannot resolve nexthop GRPID FC01::<grpid> and nexthop ID <FC01> through an actual indirect IPv4 gateway address. PR1434050

  • On dual routing engines MX Series platforms with subscriber management, the replication daemon (repd process) might crash after booting the first time with a newly installed Junos OS release. The repd process synchronizes subscriber information across Routing Engines, so normally the repd crash has no impact on the live service. PR1434363

  • MPC10E 3D MRATE-15xQSFPP : Layer 2 over GRE is not supported in Junos OS Release 19.3R1. Even though the configuration gets committed, the feature will not work. PR1435855

  • ZF interrupts for out-of-range Dest PFE INTR for Gnt seen during MPC6/9 linecard bringup. PR1436148

  • Multiple interfaces on specific FPC’s go down on MX480 after baseline profile configuration verification. PR1437221

  • With DAC cable used between the EX4600 or QFX5100 lines of switches and an EX Series device and EX device, during reboot of the EX46XX or QFX51XX device, the ports on EX Series device might still be up and running. PR1441035

  • On routers running Junos OS and serving as EVPN gateways, FPC core files available at heap_block_log due to NULL entries are also seen in the ifbd level list, which are typically added for flush list. This occurs because of the relink logic failure flush logic for MACs when there is ifbd/bd delete. PR1441824

  • The interface might go into the down state after the FPC restarts with the PTP configuration enabled. PR1442665

  • Interface hold-down timers cannot be achieved for less than 15 seconds on MPC11E at FRS. PR1444516

  • Push label is missing in the show route command output for colored tunnels. PR1447900

  • The show ddos-protection protocols arp statistics |display xml command does not show APR violation packets and the packets are not incremented. PR1449968

  • On Junos fusion system, intermediate traffic drop is sometimes seen between AD and SD when sFlow is enabled on the ingress interface. When sFlow technology is enabled, the original packet is getting corrupted for those packets that hit the sFlow filter This due to few packets transmitted from the egress of AD1 is short of FCS (4 bytes) + 2 bytes of data due to which the drops occur. it is seen that the normal data packets are of size 128 bytes while the corrupted packet is 122 byte. PR1450373

  • Chassisd main thread stalls might be seen at a JNS GNF upon GNF SNMP polling for HW-related OIDs (for example, the ones from jnxBoaAnatomy MIB). When the issue is ongoing, the following messages are logged into the GNF /var/log/mastership log if the stall duration is longer than 60 seconds: > main chassis-control thread stalled for 60 sec - If the stall duration is longer than 200 seconds, then the GNF chassisd will crash and dump a core, and the following message will be logged into the GNF /var/log/messages file: > chassisd[PID]: %DAEMON-3-CHASSISD_MAIN_THREAD_STALLED: main chassis-control thread stalled for 200 sec ? exiting - Once chassisd crashed, it will restart automatically; - These GNF chassisd main thread stalls and GNF chassisd crashes do not cause GNF-assigned FPC restarts/reconnects to chassisd since a JNS GNF does not manage any hardware component; ISSUE-2: ******** - If a GNF chassisd main thread stalls are ongoing and the GNF is restarted, then a service MGD process at the BSYS could start spinning at 100% CPU. This MGD process won't terminate by itself and will be consuming 100% CPU even when the GNF is back online. This condition could be seen at the BSYS JUNOS root shell as follows: > root@BSYS-re0:~ # ps wuaxd | grep mgd | grep -v grep > root 60221 0.0 0.0 733764 7768 - I 09:31 0:00.02 | |-- /usr/sbin/mgd-api -N > root 60223 0.0 0.1 792196 13672 - I 09:31 0:00.05 | |-- /usr/libexec32/bbe-smgd -b -N > root 60225 0.0 0.2 1410708 37740 - S 09:31 0:32.57 | `-- /usr/sbin/mgd -N > root 9954 100.0 0.3 1413260 49528 - Rs 04:11 66:35.37 | |-- mgd: (mgd) (root) (mgd) <<<--- > root 18029 0.0 0.2 1413260 38508 - Is 04:33 0:00.37 | |-- mgd: (mgd) (root)/dev/pts/1 (mgd) > root 35331 0.0 0.2 1413260 38516 - Is 05:21 0:00.01 | |-- mgd: (mgd) (root)/dev/pts/0 (mgd) > root 35392 0.0 0.2 1413260 38516 - Is 05:21 0:00.01 | |-- mgd: (mgd) (root)/dev/pts/0 (mgd) > root 35414 0.0 0.2 1413260 38516 - Is 05:21 0:00.01 | |-- mgd: (mgd) (root)/dev/pts/0 (mgd) PR1451215

  • OIDs-related service-set module might not work because the service-set database for SNMP module is not created yet when the following command is performed: show snmp mib walk enterprises.2636. show snmp mib walk enterprises.2636. show snmp mib walk enterprises.2636. This is expected behavior. "show snmp mib walk"/ "show snmp mib walk jnxSpSvcSet" OID access (one time good enough) would result in creating the service-set SNMP data base needed. Once "show snmp mib walk"/ "show snmp mib walk jnxSpSvcSet" is accessed, above OIDs would successfully return proper values. PR1452153

  • Issues with CLI command is observed after ANCP restarts, before ANCP neighbor reestablishes, and before receiving the port-ups. PR1453837

  • Behavior has been modified to display the correct protocol number instead of 255 whenever unknown protocol is encountered. PR1454792

  • IPv6 accounting stop attributes are not correct for MLPPP subscribers. PR1455175

  • When you enable the persist-groups-inheritance command and execute a delete operation to delete the entire configuration, if the user selects no and then later tries to commit the configuration changes related to groups, multiple daemons might crash. PR1455960

  • With logical system configuration, filter-based GRE encapsulation does not work. PR1456762

  • After more than 2 million multicast subscribers are activated without performing GRES or bbe-smgd restart, further multicast subscribers might be unable to log in. PR1458419

  • With the scale filter-based forwarding (FBF) configuration, two instances seem to unable to forward the traffic to respective routing instances. It appears that the FBF programming is incorrect for these two FBF instances. PR1459340

  • In a subscriber management environment, subscriber statistics reported by CLI commands and RADIUS can be broken if in-service software upgrade (ISSU) is performed from any Junos OS Release earlier than 18.4 to Release 18.4 or later. PR1459961

  • NAT performance is impacted with remote syslog enabled. PR1460211

  • If a NETCONF session is initiated over an inband connection, the CPU utilization on mgd daemon might be 100 percent after the NETCONF, which executes an RPC call for some commands and gets interrupted by flapping interface. There is no impact observed to the control plane or the forwarding plane, the subsequent NETCONF session continues to function. PR1464439

  • The following syslog error messages are harmless and expected during ISSU or GRES or FPC offline/online scenarios: [Oct 3 08:48:35.836 LOG: Err] ifl ps240.1 (1712): child ifl lt-1/0/0.32767 (7709) already there [Oct 3 08:48:35.836 LOG: Err] IFRT: 'Aggregate interface ifl add req' (opcode 87) failed [Oct 3 08:48:35.836 LOG: Err] ifl 1712, child ifl 7709; agg add failed PR1464524

  • The following syslog error messages are harmless and expected during FPC offline/restart scenarios with PS-RLT with or without link protection configuration: Nov 12 15:02:00 cleansing kernel: lag_remove_link_from_stack_bundle: vid 0x0 delete failed for ifl lt-3/0/0.32767 with err=2 Nov 12 15:02:00 cleansing kernel: lag_remove_link_from_stack_bundle: vid 0x1 delete failed for ifl lt-3/0/0.32767 with err=2 Nov 12 15:02:43 cleansing kernel: lag_remove_link_from_stack_bundle: vid 0x1 delete failed for ifl lt-5/0/0.32767 with err=2 Nov 12 15:02:43 cleansing kernel: lag_remove_link_from_stack_bundle: vid 0x0 delete failed for ifl lt-5/0/0.32767 with err=2 Nov 12 15:02:43 cleansing kernel: lag_lp_handle_event: LP event = 6, child lt-5/0/0 err = 22 The following syslog error messages are harmless and expected during ISSU or GRES or FPC offline/online scenarios. Nov 12 15:08:37 cleansing fpc3 user.err aftd-trio: [Error] IF:Unable to add member to aggregate member list, member already exists, aggIflName:ps1.0 memberIflName:lt-3/0/0.32767 Nov 12 15:08:37 cleansing fpc3 user.err aftd-trio: [Error] IF:Unable to add member to aggregate member list, member already exists, aggIflName:ps1.0 memberIflName:lt-5/0/0.32767 PR1466531

  • In the PPPoE subscriber management environment, due to the PPPoE inline keepalives timeout, events might be dropped by the Routing Engine and the PPPoE subscribers might get stuck. This issue might cause the PPPoE subscribers to be unable to reconnect. PR1467125

  • FPC online might take additional time during movement of MPC11 FPC from one GNF to another GNF. PR1469729

  • SNMP interface-mib stops working for PPPoE clients. In this scenario SNMP works fine for standard queries on the MX Series router; however, for subscriber statistics, it always returns zero value. PR1470664

  • On MPC11, PIC online event does not generate SNMP trap when PIC goes through offline to online transition. PR1470796

  • USB install image does not work for JRR200 platform. PR1471986

  • For MPC10E card line, the IS-IS and micro BFD sessions does not come up during baseline. PR1474146

  • On multicore next-generation Routing Engines on MX960/240/480 with USF mode enabled and USF based services configuration, the subsequent Junos vmhost upgrade fails with the following error message: Validation failed ERROR: Failed to add /var/tmp/ z warning: Host software installation has failed. As a workaround you can use the no-validate argument to the request vmhost software add <> command. For example, request vmhost software add junos-vmhost-install-mx-x86-64-20.1I-20191112_dev_common.0.1229.tgz no-validate. You can also move the chassis to the baseline configuration and commit, and then perform a software upgrade. After software upgrade the original configuration can be reapplied. PR1472287

  • Adding 100000 CPS IPv6 SFW traffic on top of 12 million PPS/50-Gbps IPv6 SFW traffic results in PPS traffic reduction to 10 million PPS/42-Gbps due to the latency that the CPS traffic processing creates. PR1472314

  • When the same objects are used in both inet and inet6 services of the same subscriber session, deactivation of the first session causes conditions that avoid releasing the UID entry after deactivation of the second service session. This leads to having a stale UID entry and can cause a subscriber connection problem in the future when the UID pool might be completely exhausted. The probability of hitting the issue increases if the amount of subscribers to the amount of unique services ratio is approaching 1, which occurs when almost every subscriber has a service with unique service objects. PR1188434

  • In a subscriber management environment, multiple error messages shmlog: argcnt 309 not enough memory might be generated every hour. PR1384371

  • For ATM interfaces configurations, if any logical interface has allow-any-vci configuration, then the commit operation might fail. PR1479153


  • Slow Response from SNMP might be observed after an upgrade to Junos OS Release 19.2R1. PR1462986

Interfaces and Chassis

  • After GRES, the 1-Gigabit Ethernet interface changes to 10-Gigabit Ethernet. PR1326316

  • When priority is increased for all 4000 VRRP sessions, some of the VRRP sessions does not take over the mastership. Peer router continues to become master for those sessions. There are no traffic impact as one of the router is still a master. As a workaround, deactivate and activate VRRP sessions in the backup state. PR1478349

  • On EVPN active or active software design, disabling the ESI logical interface might effect the designated forwarder election of EVPN when the physical interface has ESI configured. In such configuration, disabling the ESI logical interface, type-1 routes (AD/EVI and AD/ES) are not generated from this PE. With ESI configured at the IFD level, as one of the logical interface in the IFD is down, DF election can not happen for the ESI. Also, AD/EVI and AD/ESI routes are deleted. The following warning message occurs upon commit, where this configuration might cause DF election issues and undesired unicast or BUM traffic drop: DCD_PARSE_CFG_WARNING: aex.y : Disabling the IFL might affect the Designated Forwarder election of EVPN when IFD is having ESI configured. PR1467855

  • When dynamic DHCP sessions exists in the device and if multiple commits in parallel are performed, the commit might become nonresponsive. PR1470622

  • Commit error was not thrown when member link was added to multiple aggregation group with different interface specific options. When member interface added to bundle with both the ether and gig-ether interface specific options, the gig-ether option takes precedence over the other. PR1475634

  • For ATM interfaces configuration, if any logical interface has the allow-any-vci configuration, then the commit operation might fail. PR1479153

  • MPC10 line cards run on newer version of FPC software. Currently , the convergence number for MPC10 is not at par with the legacy MPC card lines for a high scale. Following are few recommendation to achieve better convergence numbers with VRRP on MPC10 card lines:

    • Configure failover delay to 5 seconds. This will help in quick action without impacting the Routing Engine CPU usage.

    • Set the VRRP failover-delay protocols to 5000. If system has inherit sessions configured then it is recommended to reduce the inherit advertisement interval timer to 6 seconds. Default value of the inherit time is 120 seconds that causes slower convergence for inherit sessions.

    • Set VRRP inherit-advertisement-interval protocols to 6 seconds. With the above two statements configured, the worst case convergence for a scale of 8000 can be expected to be at 38 seconds. PR1474656

  • When FPC is restarted all VRRP transmit sessions anchored on that FPC gets redistributed to other available FPC. Tx gets disrupted during this time causing flap at peer end. Because peer router takes mastership traffic that gets redirected to peer for some time. But when transmit sessions are up again on the DUT, the peer router moves to backup. For active VRRP sessions, traffic revert back to original master quickly. Its primarily because advertisement interval of active VRRP session is 1 second. But traffic for inherit session does not revert back to original router quickly. This is because advertisement interval of inherit session is 120 seconds. Even though the peer router has moved to backup intermediate switch still point towards peer for VMAC. It changes only after getting packet from original master. This might take up to 120 seconds for inherit sessions that causes silent discarding of the sessions for 120+ seconds. Similar traffic drop can be seen when FPC4 is restarted on rubles when its has mastership. This can be avoided by reducing advertisement interval of inherit sessions with following command set protocols VRRP inherit-advertisement-interval to 6 seconds. After configuring this worst case, loss were observed to be around 8.5 seconds. PR1474694

  • When there are three VRRP routers (for example, R1, R2, and R3), the VRRP priority on R1 is larger than R2 and R2 is larger than R3. Additionally, a firewall filter on R3 interface input direction is configured to drop all VRRP packets. Then, continuous VRRP state transition (VRRP master or backup flaps) might be seen. It might affect the service. PR1446390

  • The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC5. PR1467712

  • Traffic hit can be as high as 129 seconds when the track route recovers with active or inherit configuration. PR1475140

  • When the addition and the deletion of an logical interface (both logical interfaces with same VLAN ID) is performed in a single commit configuration, the check fails with the following error message: duplicate VLAN-ID PR1477060

  • Traffic is seen for 248 seconds when an aggregated Ethernet member link is brought down with minimum link configuration. PR1477821

Layer 2 Features

  • When input-vlan-map with a push operation is enabled for dual-tagged interfaces in the enhanced-IP mode, there is a probability that the broadcast, unknown unicast, and multicast (BUM) traffic might be silently dropped or discarded on some of the child interfaces of the egress aggregated Ethernet interfaces, or on some of the equal-cost multipath (ECMP) core links. PR1078617

Layer 2 Ethernet Services

  • In EVPN multi-homed active/active scenario, when LACP is enabled on PE-CE child member links and after recovering from a core-isolation on the PE device, the PE-CE child member links might be stuck in Detached state if LACP sync-reset feature is enabled on the CE device. The child links on the CE device might show the LACP state as Collecting Distributing. However, on the PE devices, the LACP state might be shown as Detached. PR1463791

  • EVPN-VXLAN core isolation is not working when the system is rebooted or the routing is restarted. PR1461795


  • In RSVP LSP with loose or undefined path, the LSP might stay in a down state due to loop detection after the link in the path flaps. PR1384929

  • RPD crashs on the backup Routing Engine when LDP tries to create LDP p2mp tunnel upon receiving corrupted data from the master Routing Engine. PR1479249

  • In a corner case on Junos OS platform, where the family circuit cross-connect is configured along with any other existing family within the same interface such as, inet and inet6, which Junos OS never allows to do so, but somehow a customer did it, and if the family circuit cross-connect is deleted from the interface, that causes kernel to crash and the device reboot automatically, all the traffic will be interrupted. PR1478806

  • The rpd crash might be seen after some commit operations, which might affect the RSVP ingress routes. PR1471281

  • With LDP-tunneling over RSVP LSP where RSVP LSP has link-protection, LDP route might flap when the interface on the bypass is brought down. PR1450516

  • The traffic might be silently discarded after the LACP time outs. PR1452866

Network Management and Monitoring

  • Junos OS used to send a cold start trap from the new master just after the first GRES. This was because the cold_start timestamp file was not present or updated after the reboot. PR1461839

Platform and Infrastructure

  • The jcrypto syslog help package and events are not packaged even when errmsg is compiled. PR1290089

  • MAC address does not learn on the correct interface when irb- logical interface is moved from an existing bridge domain to another new bridge domain. PR1459121

  • On Junos OS platforms, if dot1x and interface-mac-limit are configured when sending traffic continuously to the interfaces, the switch might not be able to learn MAC address. Hence, traffic drop might be seen. PR1470424

  • In configurations with IRB interfaces, during times of interface deletion (for example, FPC reboot), the Packet Forwarding Engine might log the following error: nh_ucast_change:291Referenced l2ifl not found. This condition should be transient, with the system re-converging on the expected state. PR1054798

  • Few OAM sessions are not established with scale EVPN ETREE and CFM configurations. PR1478875

  • When traffic is received from 1000 different VRF instance on PF from CE, few flows are dropped at PE. PR1460471

  • On the MX Series devices with chained composite next hop (CNH) for labeled BGP configured, the MPLS COS rewrite does not work for 6 PE traffic. This issue has service or traffic impact. PR1436872

  • In MVPN instance, the traffic drops on multicast receivers within range of 0.1 to 0.9 percent. PR1460471

  • Sometime high CPU utilization is observed in MPC 3D 16x 10GE after ISSU. PR1461715

  • In some cases, the PS interfaces over RLT might appear up but not pass traffic. Log messages reporting ASIC error and a chassis alarm reporting hard FPC errors might also be seen. PR1400269

  • On the EX9208 devices, traffic loss is observed if ingress and egress ports are in different FPCs. PR1429714

  • For the bridge-domains configured under an EVPN instance, the ARP suppression is enabled by default. This enables the EVPN to proxy the ARP and reduces the flooding of ARP in the EVPN networks. As a result, the storm-control does not effect the ARP packets on the ports under such bridge-domain. PR1438326

  • A dual Routing Engine Junos node slicing GNF with no GRES configured and with system internet-options no-tcp-reset drop-all-tcp configuration might enter dual backup Routing Engine state upon manual GNF Routing Engine mastership switchover attempt with request chassis routing-engine master [acquire|release|switch] command from either GNF Routing Engine CLI. PR1456565

  • While SNMP-Agent polls round-trip time (RTT) related to OIDs from router running Junos OS, such as pingResultsAverageRtt, the router might respond with zero (0) value even there is no RPM ping failure. The following objects might be impacted: iso. -> pingResultsMinRtt iso. -> pingResultsMaxRtt iso. -> pingResultsAverageRtt iso. -> pingResultsProbeResponses iso. -> pingResultsRttSumOfSquares. PR1458983

  • The Layer 2 traffic sent from one member to another member is corrupted on MX Series Virtual Chassis. PR1467764

  • On the MX150 devices, the default subscriber management license does not include Layer 2 TP. PR1467368

Routing Protocols

  • LDP OSPF are in synchronization state because the IGP interface is down with ldp-synchronization enabled for OSPF. user@host> show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt 1 Type: P2P, Address:, Mask:, MTU: 9100, Cost: 1050 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 2, Not Stub Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTC Protection type: None Topology default (ID 0) -> Cost: 1050 LDP sync state: in sync, for: 00:04:03, reason: IGP interface down config holdtime: infinity. As per the current analysis, the IGP interface goes down because although LDP notified OSPF that LDP synchronization was achieved, OSPF is not able to take note of the LDP synchronization notification, because the OSPF neighbor is not up yet. PR1256434

  • BGP graceful restart might have some traffic loss when sharding is enabled. PR1475773

  • It is possible for a GNF with Rosen 6 multicast to display stuck KRT queue entries after recovery from a dual Routing Engine reboot at the BSYS. PR1367849

  • TI-LFA backup path for adj-sids is broken in OSPF, where the shortest path to the node opposite the adj-sid is not the one-hop path over the interface indicated by the adj-sid. PR1452118

  • Multiple nonstop attempts to clear IGP database might result in routing daemon generating a core file when locally computed SR-TE LSPs are configured in the order of thousands. PR1456212

  • Removal of cluster from the BGP group might cause prolonged convergence times. PR1473351

  • sftp does not connect properly and the following error message is seen: Received message too long. PR1475255

  • Even when protocols mpls traffic-engineering bgp-igp command is configured, the UDP tunnel routes are not added to inet.0. The UDP tunnel routes are added only to inet.3 table whether the command is configured or not. PR1457426

  • Consider the case where the backup nexthop for a route in inet6.3 has all valid labels except for the last label. While it is not possible to install a working backup path in inet6.3, it is possible to install a working backup path for inet6.0. This is because the inet6.0 backup path is derived from the inet6.3 backup path by removing the last label. Removing the last label leaves a label stack with all valid labels. However, the current implementation does not install the inet6.0 backup path. PR1458791

  • When Bidirectional Forwarding Detection (BFD) configuration is removed, a BFD packet with session state set to AdminDown and diagnostic code set to some appropriate value must be sent to the peer end. However, the RFC does not mandate what diagnostic code must be sent and what action should be taken if a different diagnostic code is received. Currently, if a BFD packet with session state set to AdminDown is received by the Juniper device, the Juniper device checks both the session state and the diagnostic code in the packet. If the session state is AdminDown and the diagnostic code is 7, which means diag AdminDown, the BFD session is set to Down and the BFD client (that is, the service that is protected by BFD) is notified with AdminDown and the BFD client session does not flap. However, if the BFD packet with session state set to AdminDown along with a diagnostic code other than 7 is received, the BFD client is notified with Down and the BFD client session flaps. Juniper device sets the diagnostic code to 7 for AdminDown packet, so no issue occurs between Juniper devices. If Juniper device is interworking with other vendor device (for example, Huawei device) that does not set the diagnostic code to 7, the BFD client session might flap on Juniper device side when the BFD configuration is removed from the peer end of the BFD session. The fix now only checks the session state and takes action but does not depend on diagnostic code if BFD AdminDown packet is received. PR1470603

Services Applications

  • Memory corruption causes to L2TP process to crash. PR1407885

  • In L2TP subscriber environment with Juniper LTS (L2TP Tunnel Switch) and LNS (L2TP Network Server), if client negotiates LCP (Link Control Protocol) with no ppp-options to LAC (L2TP Access Concentrator), it might cause some problems but it has no service impact. These ppp-options are ACFC (Address and Control Field Compression), PFC (PPP Protocol Field Compression) and ACCM (Async Control Character Map). The reason is that when the MX Series router functions as L2TP LTS or LNS, it will initiate LCP renegotiation (ppp-options) if Last Received LCP CONFREQ AVP (attribute-value pair) is not included in ICCN (Incoming-Call-Connected) message received from LAC. This might cause some problems for peers, which do not support these options and do not want to negotiate with them. PR1426164

Subscriber Access Management

  • CoA request fails to standard attribute proxy state value [33]. PR1479697


  • The p2mp lsp replication to backup Routing Engine is not correct. PR1453900

  • MPC10E: Next-generation MVPN for remote IPv6 source is not working. PR1454163

  • MVPN: Traffic loss is observed while verifying multicast route with VT for VPNA. PR1460480

  • The Layer 2 circuit connections might become stuck in the OL state after changing the Layer 2 circuit community and flapping the primary LSP path. PR1464194

  • Traffic loss is observed while verifying multicast route with VT for VPNA. PR1460480

  • After NSR switch overs, sometimes the selective tunnel on the new master Routing Engine might fall back to the inclusive tunnel. After sometime, the traffic gets migrated to the selective tunnel. Some traffic loss are seen during this migration. PR1475204

  • When ingress PE has duplicate selective tunnel for IPv4 and IPv6, where one is a wildcard, the other is specific (s, g). If the ingress replication configuration is deleted on the egress PE, sometimes it is observed that the ingress replication entries in ingress PE (DUT) are not properly flushing out for IPv6, but it got flushed out for IPv4. No traffic loss is observed. All PIM state and multicast traffic are not impacted due to this issue. PR1475834

  • In the NG-MVPN setup, using MPC10 on egress PE with load balance join of multiple groups in C_VPN, the egress PE might not receive multi-cast traffic. PR1476969

  • In MVPN scenario with ingress replication selective provider tunnel being used, if the ink-protection statement is added or deleted from the LSP for MVPN, rpd crash might be seen. The reason is that when link-protection is deleted, the ingress tunnel is not deleted, and when link link-protection is added back, it tries to add same tunnel. Due to which, the rpd asserts as same tunnel exists and the rpd generates core files. PR1469028

Resolved Issues

This section lists the issues fixed in Junos OS Release 19.4R1 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 19.4R1

Class of Service (CoS)

  • Unexpected traffic loss might be discovered in certain conditions under fusion scenario. PR1472083


  • Asynchronous results between ARP table and Ethernet switching table occurs if EVPN ESI link flaps multiple times. PR1435306

  • EVPN or MPLS IRB logical interface might not come up when local Layer 2 interface is down. PR1436207

  • The specific source ports of UDP packet are dropped on EVPN or VXLAN setup. PR1441047

  • The rpd might crash or consume 100 percent of CPU after flapping the routes. PR1441550

  • Restarting Layer 2 learning might cause some remote MAC addresses to move into forwarding dead state. PR1441565

  • Traffic drop might be seen in EVPN Layer 3 Gateway. PR1442319

  • Core-isolation feature does not work after you set or delete the no-core-isolation command on MX Series router. PR1442973

  • The EVPN type 2 routes might not have advertised properly in the logical systems. PR1443798

  • The local host address is missing from the EVPN database and mac-ip-table. PR1443933

  • The bridge mac-table age timer does not expire for rbeb interfaces. PR1453203

  • Instance type is changed from VPLS to EVPN, resulting in loss of packet. PR1455973

  • Preference-based DF Election algorithm does not work on LT interface. PR1458056

  • The rpd crash might be seen if BGP route is resolved over the same prefix protocol next-hop in inet.3 table that has both RSVP and LDP routes. PR1458595

  • The DF router might send ARP request or NS to the local segment. PR1459830

  • In EVPN scenario, memory leak might be observed when proxy-macip-advertisement is configured. PR1461677

  • Traffic received from VTEP is dropped if the VNI value used for type-5 routes is greater than 65535. PR1461860

  • Rpd might crash with EVPN-related configuration changes in static VXLAN to MPLS stitching scenario. PR1467309

Forwarding and Sampling

  • You might not be able to apply the firewall filter configuration change after ISSU upgrades to release 16.1R1 or later. PR1419438

  • The following syslog error messgaes are seen at pfed: rtslib: ERROR received async message with no handler: 28 PR1458008

  • On the MX Series and QFX Series devices, the Layer 2 ald process might leak memory. PR1455034

  • The rt-delay-threshold can be set below 1 second but rt-marker-interval is limited to 1 second. PR1425544

  • The high CPU utilization of Layer 2 ald is seen after replacing EVPN configuration. PR1446568

  • On MX Series routers with MPC10 or MPC11 line cards, the incoming packets might get dropped. PR1446736

  • On MX204, input/output counters of aggregated Ethernet bundle or member links configured on non-default logical systems are not updated. PR1446762

  • ARP packets gets dropped by Packet Forwarding Engine after chassis-control in the MX Series routers. PR1450928

  • Commit error and dfwd core file might be observed when you apply a firewall filter with the then traffic-class or then dscp action. PR1452435

  • The following false warning message is seen on commit (commit check) after upgrading to Junos OS Release 19.2R2-S1.4: warning: vxlan-overlay-load-balance configuration for forwarding options has been changed...... PR1459833

  • On MX Series router, the following logs are seen: L2ALD_MAC_IP_LIMIT_REACHED_IF: Limit on learned MAC+IP bindings reached for .local.1048605; current count is 1024. PR1462642

  • The EA WAN SerDes gets into a stuck state, leading to continuous "DFE tuning timeout' errors and link staying down. PR1463015

  • An output bandwidth-percent policer with logical-bandwidth-policer applied to an aggregated Ethernet bundle along with an output-traffic-control-profile has incorrect effective policing rate. PR1466698

  • Type 1 ESI/ or AD route are not generated locally on EVPN PE in all-active mode. PR1464778

General Routing

  • Load balancing is uneven across aggregated Ethernet member links when the aggregated Ethernet bundle is part of an ECMP path. The aggregated Ethernet member links must span the Virtual Chassis members. PR1255542

  • Unable to configure pic-mode when MPC10E is inserted. PR1452467

  • Basic circuit cross-connect traffic flow does not occur with the logical systems. PR1474983

  • Service accounting statistics do not get updated after changes are made to the firewall. filters PR1472334

  • MPC11e: PPS information on the IFD are inaccurate and varies. PR1461872

  • System reboot is required when GRES is enabled or disabled with the mobile-edge configuration. PR1444406

  • Agentd memory might leak and crash when the RPD session closes without releasing memory. PR1455384

  • Active error counts are not increasing for Layer 3 circuit in SYNCE cards. PR1472660

  • The PTP function might consume the kernel CPU for a long time. PR1461031

  • Not able to get the service sessions when configure NAT64 with destination-prefix length is 32. PR1468058

  • Inner-list functionality with dual tag does not work. Traffic gets dropped at the ingress port. PR1469396

  • Memory leak on Layer 2 cpd process causes Layer 2 cpd to crash. PR1469635

  • On MPC-11E interfaces, certain configuration steps might cause traffic to not get policed properly.PR1470629

  • The interfaces on MPC-3D-16XGE-SFPP card does not get created after upgrading the system to Junos OS Release 18.1 and later. PR1471429

  • In cRPD platform, license violations are captured as nagging log messages and no alarm is raised. PR1471455

  • PCC tries to send a report to PCE but the connection between PCC and PCE is not in the up state especially in the case of MBB in PCE provisioned or controlled LSP. PR1472051

  • Active error counts are not increasing for I2C in the SYNCE cards. PR1472660

  • JDI-RCT : MPC11 : AFTD crash seen at std::pair< std::_Rb_tree_iterator< std::weak_ptr< EmNext> >, bool> std::_Rb_tree< std::weak_ptr< EmNext>, std::weak_ptr< EmNext>, std::_Identity< std::weak_ptr< EmNext> >, std::owner_less< std::weak_ptr< EmNext> >, std::allocator< std::weak_ptr< EmNext> > >::_M_insert_unique< std::weak_ptr< EmNext> >(std::weak_ptr< EmNext>&&) () from /usr/share/pfe/aft/usr/lib64/ PR1474160

  • MX10000 QSA adapter lane 0 port goes in the down state when disabling one of the other lanes. PR1474231

  • The show services sessions and show services sessions extensive output command does not display the member interface of the AMS where the session got landed. It displays only the AMS interface name. PR1474313

  • request system [halt | power-off] reboots the system instead of halting the system. PR1474985

  • The physical interface of aggregated Ethernet might take time to come up after disabling or enabling the interface. PR1465302

  • Observing bbe-smgd-core (0x000000000088488c in bbe_autoconf_delete_vlan_session_only (session_id=918) at ../../../../../../src/junos/usr.sbin/bbe-svcs/smd/plugins/autoconf/bbe_autoconf_plugin.c:3115). PR1464371

  • ZT VPLS: The native-vlan-id functionality does not work and an untagged traffic does not pass with the native-vlan-id configuration. PR1463544

  • Traffic might be impacted due to fabric hardening being stuck. PR1461356

  • The SmiHelperd process is not initialized in the Junos OS PPC Releases. PR1455667

  • Queue data might be missing from the following path: /interfaces/interface/state PR1456275

  • Interface with Tri-rate Copper SFP (P/N:740-01311) in MIC 3D 20x 1GE(LAN)-E,SFP stops forwarding traffic after unified ISSU. PR1379398

  • The vehostd application fails to generate a minor alarm. PR1448413

  • IPv6 throughput numbers for NAT with HTTP traffic is not at par with IPv4. PR1449435

  • JFLOW: reducing the maximum flow table size when you use Flex-flow-sizing. PR1413513

  • The severity of the following error is reduced from fatal to major: XR2CHIP_ASIC_JGCI_FATAL_CRC_ERROR. PR1390333

  • The high-cos-queue-threshold range is changed to [uint 0 .. 90;]. PR1390424

  • The PPPoE subscribers are not able to reconnect after FPC reboots. PR1397628

  • The rpd generates the following core files: cmgr_if_route_exists_condition_init, ctx_handle_node, task_reconfigure_complete. PR1401396

  • Change the default parameters for resource-monitor rtt parameters. PR1407021

  • When you use the inline J-Flow application, the FPC crashes and slows the convergence upon HMC fatal error condition. PR1407506

  • For the initial packet, which is specific to MPC10 and onward, the ICMP redirect s are not seen at the source and packets are sent to the better next hop. PR1409346

  • On MX150, the log severity level changes. PR1411846

  • On platforms running Junos OS Evolved, the redirect IP supports BGP flowspec filters. PR1413371

  • Behavior issues occur with SR-TE Junos telemetry interface sensors when IS-IS sensors are also enabled and the route nexthops are aggregated Ethernet interfaces. PR1413680

  • On PowerPC based MX Series platforms, the DHCP/DHCPv6 subscribers might fail to establish sessions. PR1414333

  • cRPD does not restrict the number of simultaneous JET API sessions. PR1415802

  • The JSU package installation might fail. PR1417345

  • The rpd core files are seen when you restart the rpd or when the logical system is deactivated. PR1418192

  • Changing CAK and CKN multiple times within a short interval (around 5 minutes) sometimes show the security MACsec connection's inbound and outbound channel display with more than one AN active. But on the Packet Forwarding Engine hardware side, the correct AN and SAK is programmed and MKA protocol from both ends transmit correct and latest AN on each hello packet. You should not see any traffic drop due to this display issue. PR1418448

  • The ROUTING_LOOP_DETECTED subcode is not generated under PATHERR_RECV code when a strict path loop is created for LSP event telemetry notifications. PR1420763

  • The jnxFruState shows value as 10 for Routing Engine instead of 6 in response to . PR1420906

  • MX Series router LNS might fail to forward the traffic on the subscriber access route. PR1421314

  • After the control plane event, a few IPsec tunnels fail to send traffic through the tunnel. PR1421843

  • RSI bloat occurs due to VM host-based log collection. PR1422354

  • The XML output might be not hierarchically structured if you use the show security group-vpn member ipsec statistics command. PR1422496

  • The show system subscriber-management summary command should include the failure reason for standby disconnect when primary and back Routing Engine memories are not matched. PR1422976

  • Ports might get incorrectly channelized if they are already of 10-Gigabit Ethernet and they are channelized to 10-Gigabit Ethernet again. PR1423496

  • Configuration commit might fail when the file system gets into full state. PR1423500

  • Even when disk-failure-action reboot or disk-failure-action halt are configured, the system does not reboot or halt when disk error is encountered. PR1424187

  • The rpd keeps crashing after changing configuration. PR1424819

  • The mspmand process might crash and restart with a mspmand core file created after doing a commit change to deactivate and activate the service set. PR1425405

  • One hundred percent of CPU usage is seen on route monitor of static routes after the client is disconnected from prpd server. PR1425559

  • On MX204 or MX10003, MPC reboot or Routing Engine mastership switchover might occur. PR1426120

  • Observing NPC core at trinity_rtt_hw_bulk_helper, trinity_rt_delete, rt_entry_delete_msg_proc (rt_params=0x48803bd8) at ../../../../../../../../src/pfe/common/applications/route/hal/rt_entry.c:5210. PR1427825

  • On MX Series platforms with PPP configuration, when something abnormal happens such as the user dialup router is abnormally powered off or the keepalive packet is dropped due to network problem, the PPP session ages out. In a rare case, the PPP session does not get deleted, which prevents the new session from being created. So the new session is not able to log in. The PPP traffic might be dropped because of the duplicate-protection feature on the interface. And the IP address of the PPP interface cannot be pinged. PR1428212

  • Incorrect display of MAC/MAC+IP and count values are seen after setting global-mac-limit and global-mac-ip-limit. PR1428572

  • On MX10003 platform, fabric drops might be seen when two FPCs come online together. PR1428854

  • The aggregated Ethernet interface does not come up after rebooting the FPC or device although the physical member link is up. PR1429917

  • The routers that are configured with protect core might send ipfix sampling packets with the wrong next-hop information. PR1430244

  • Performance degradation is observed for about 20 seconds after the fabric board on MX10008 or MX100016 is taken offline. PR1430739

  • Error might occur when you use a script to load the configuration. PR1431198

  • The l2cpd process might crash and generate a core dump file when interfaces are flapping. PR1431355

  • Dual stack subscriber accounting statistics are not baselined when one stack logs out. PR1432163

  • Traffic might be sent on the standby link of an aggregated Ethernet bundle and get lost with LACP fast-failover enabled. PR1432449

  • After you delete the CLI configuration chassis license bandwidth, the bandwidth value does not default to maximum bandwidth value. PR1433157

  • The rpd generates core files during the route flash when the policy is removed. PR1434243

  • Packet Forwarding Engine memory leak might be seen if MLPPP links are flapped. PR1434980

  • MicroBFD 3x100ms flap is seen upon inserting a QSFP in another port. PR1435221

  • Traffic drops when session key rolls over between primary and fallback nodes for more than 10 times. PR1435277

  • The mc aggregated Ethernet interface might get stuck in the waiting state after a device reboot. PR1435874

  • The local route in the secondary routing table gets stuck in the KRT. PR1436080

  • The ifHCInOctets counter on aggregated Ethernet interface shows the zero value when SNMP MIB walk is executed. PR1436201

  • When you reboot or power off the backup Routing Engine, a trap message is displayed. PR1436212

  • A few static PPP subscribers are stuck in the initialization state permanently and the Failed to create client session, err=SDB data corrupted error is seen. PR1436350

  • The subscriber interim statistics might reset to zero and idle-timeout might not work in the MX Series Virtual Chassis setup. PR1436419

  • Not able to reach the router after downgrading from Junos OS Release 18.2-20190513.0 to 18.2R2.6. PR1436832

  • On MPC10, the micro-BFD sessions do not come up in centralized mode. PR1436937

  • Ping fails on logical interfaces with dual tag. PR1437608

  • The CPU utilization on a daemon might be around 100 percent or the backup Routing Engine might crash in race conditions. PR1437762

  • ISSU fails from 19.1R1 legacy Junos release images. PR1438144

  • RPD might generate a core file during router boot up due to file pointer issue because there are two code paths that can close the file. PR1438597

  • On MX Series Virtual Chassis platforms, subscriber flows might not be synchronized between aggregated Ethernet members. PR1438621

  • The syslog server over TCP-based-syslog does not receive carrier-grade NAT logs when data traffic is sent at 10,000 sessions/sec. PR1438928

  • Incorrect values are observed in the JUNIPER-TIMING-NOTFNS-MIB table. PR1439025

  • On platforms running Junos OS Evolved, the show jdaf service cmd statistics/clients command is not available. PR1439118

  • In an MX Series Virtual Chassis, FPC on Virtual Chassis backup router might reboot. PR1439170

  • Interface-specific filters do not have any effect on MPC10E line cards. PR1439327

  • When a group is applied at non-root level, updating commands inside the group does not update the hierarchies where they are applied. PR1439805

  • IPv6 throughput is not on par with IPv4. PR1439917

  • PRPD flexible tunnel profile queries do not return DMAC when set to all zeros by client. PR1439940

  • The following syslog error message might appear: UI_SCHEMA_MISMATCH_SEQUENCE: Schema header sequence numbers. PR1440141

  • On VMware/ESXi in a multiple FPCs chassis, the interfaces assignment is incorrect and some physical interfaces are not visible. PR1440360

  • CoS-related errors are seen and subscribers are not able to get service. PR1440381

  • On MX Series, CPU might hang or interface might stop working on 100-Gigabit Ethernet port. PR1440526

  • In some situations when too many statistics need to be collected from the Packet Forwarding Engine level at the same time, the bulk manager thread of the FPC microkernel level might be continuously busy and cause permanent 100 percent FPC CPU utilization. PR1440676

  • DHCP offer packets toward IRB over LT interface are getting dropped in DHCP relay environment. PR1440696

  • MX MPC11 gNMI: DUT does not export firewall sensor information. PR1440817

  • The Layer 2 dynamic VLANs miss when an interface is added to or removed from an aggregated Ethernet bundle. PR1440872

  • When laser receiver power gets -inf , the telemetry value corresponding to -infinity should be equivalent to IEEE 754, which is a single-precision float and the 32-bit value should be 0xff800000. PR1441015

  • New OID is added that calculates the buffer utilization where inactive memory is not considered as free memory. PR1441680

  • Egress stream flush failure and traffic black hole might occur. PR1441816

  • LINX:SNMP trap comes twice for FRU removal in MX10000, with one trap with FRU name as FPC: JNP10K-LC2101 and second with FRU name as FPC @ 1/*/*. PR1441857

  • The packets originating from the IRB interface might get dropped in a VPLS scenario. PR1442121

  • The chassisd is unable to power off a faulty FPC after Routing Engine switchover, leading to chassisd restart loop. PR1442138

  • The operational status of the interface in hardware and software might be out of synchronization in EVPN setup with arp-proxy feature enabled. PR1442310

  • In the enhanced-ip or enhanced-ethernet mode with DCU (destination-class-usage) accounting enabled, MS-DPC might drop all traffic that should egress through aggregated Ethernet interface. PR1442527

  • EVENT UpDown interface logs are partially collected in syslog messages. PR1442542

  • Different formats of the B4 addresses might be observed in the SERVICES_PORT_BLOCK_ALLOC/RELEASE/ACTIVE log messages. PR1442552

  • A few Path Computation Element Protocol (PCEP) logs are marked as error even though they are not an error. The severity of those logs is now marked as INFO. PR1442598

  • DHCPv6 client might fail to get an IP address. PR1442867

  • On MX Series platforms, the bbe-smgd might crash. PR1443109

  • The BGP session fails to be establish when you use the firewall filter to de-capsulate BGP packets from the GRE tunnel. PR1443238

  • The kmd process might crash and restart with a kmd core file created if IP of NAT mapping address for IPsec-VPN remote peer is changed. PR1444183

  • MX204: GRE data packets with size greater than the MTU get dropped when sampling is enabled on the egress interface. PR1444186

  • For eventd, you might observe high CPU utilization along with error logs. PR1444462

  • Inline-keepalive might stop working for LNS subscribers if the routing-services statement is enabled. PR1444696

  • MX:EAPoL: MACsec sessions are down with unicast EAPOL destination address. PR1445052

  • Access route might be stuck in bbe-smgd and rpd might not be cleared. PR1445155

  • The CPCDD process continuously generates core files and stops the process in ServicesMgr::ServicesManager::cpcddSmdInterface::processInputMsg. PR1445382

  • ECMP-FRR might not work for BGP multipath ECMP routes. PR1445391

  • Detached LACP member link gets LACP state as enabled in Packet Forwarding Engine when switchover occurs because of device reboot. PR1445428

  • The 1-Gbps interface on MX204 might stay down after the device reboots. PR1445508

  • Junos OS Release 19.2 group level uses wildcard <*>. PR1445651

  • The Layer 2 ald might crash when FPC restarts. PR1445720

  • The mspmand process might crash if URL filtering is configured and one blacklisted domain name is a substring of another blacklisted domain name in URL filter database file. PR1445751

  • On Ex3400, DOT1XD core file is found at macsec_update_intf macsec_destroy_ca directory. PR1445764

  • The jdhcpd process might crash after issuing the show access-security router-advertisement-guard command. PR1446034

  • When you use a converged CPCD, MX Series router rewrites the HTTPS request with destination-port 80. PR1446085

  • When switchover happens with MX Series router with service interface that has NAT and GR configuration, the static route for NAT never comes up. PR1446267

  • The following rpd core file appears: task_block_verify(task_io_hook_block, hook),jtask_jthr_endpoint_internal_sanity ,jtask_jthr_endpoint_sanity. PR1446320

  • Accurate statistics might not include the forwarded packets during the last 2 seconds before subscriber termination. PR1446546

  • NAT service set in certain scale might fail to get programmed. PR1446931

  • ISSU: Core-RMPC3.gz.core.0 and ISSU failure are seen for MPC5. PR1446993

  • The J-Flow version 5 stops working after input rate values are changed. PR1446996

  • Sonet option is enabled for the xe interface. PR1447487

  • DT_BNG: bbe-smgd core file on backup Routing Engine in bbe_ifd_add_vlan (ifd=0x8c3e835, ifl=0xcaf59f18) at ../../../../../../src/junos/usr.sbin/bbe-svcs/smd/infra/bbe_ifd.c:6374. PR1447493

  • On MX Series routers, when you use ps interface over redundant logical tunnel in Layer 2 circuit, the pseudowire traffic gets dropped or discarded if no-control-word is enabled. PR1447917

  • The rpd process might crash if BGP is activated or deactivated multiple times. PR1448325

  • PCEP: PCE-initiated SR LSP in the first PCE tears down when PCInitiate LSP is brought up and brought down in the second PCE. PR1448665

  • DCD CPU spike is observed after Junos OS upgrade from Junos OS Release 14.2 to Release 16.1. PR1448858

  • Unexpected behavior might occur when you use the load override command. PR1448965

  • IPv6 packets might get dropped when vMX acts as a VRRPv3 gateway. PR1449014

  • FPC reboots when PIC 0 is taken offline. PR1449067

  • The DHCP relay feature might not work as expected with helpers bootp configured. PR1449201

  • The packets might get dropped when the usage of CPU Core 0 on the host is high. PR1449289

  • There might be an increase in the maximum value of delegation-cleanup-timeout. PR1449468

  • Changing the hostname triggers LSP on-change notification and not the adjacency on-change notification. PR1449837

  • The following error message is changed: Failed to fetch JDM software version from <other_server_full_name>. If authentication of peer server is not done yet, run request server authenticate-peer-server from the earlier message: Failed to fetch software version from <other_server_full_name> to make the error message meaningful. PR1449871

  • On MX Series router running Junos OS enhanced subscriber management feature, no localhost logical interface for rtt 65535 is observed. PR1450057

  • The power that supplies LED on the status panel remains green while one or more PEMs have FAULT LED turned on. PR1450090

  • Interfaces might flap forever after deleting the interface disable configuration. PR1450263

  • MoFRR: Issue with MLD plus IGMP scale. PR1450803

  • On VLAN configuration changes with Layer 2 ald, restart might cause kernel synchronization issues and impact forwarding. PR1450832

  • On MPC10E, dcd is unable to clean stale mt- logical interfaces while reloading rosen configuration on the DUT. PR1450953

  • When you use the Standard_D5_v2, which has 16 vCPUs and 56 GB of memory, the deployment fails. PR1450975

  • JNP10000-LC2101 FPC generates Voltage Tolerance Exceeded major alarm for EACHIP 2V5 sensors. PR1451011

  • The burst size is not updated when the dynamic profile uses the static traffic control profile. PR1451033

  • SNMP query for IPsec with decrypted or encrypted packets does not fetch the correct values. The following error is observed: KMD_SNMP_FATAL_ERROR PR1451324

  • The VFP external static IP configuration is not persistent after rebooting the VFP instance. PR1451709

  • RMPC core files are found after the configuration changes are done on the network for PTP or clock synchronization. PR1451950

  • On MX Series, the dropped packets are seen on MQ/XM-based MPCs, although there is no traffic flowing through the system. PR1451958

  • The mgd might crash when you use the replace pattern command. PR1452136

  • On the MX10000 and PTX10000 lines of routers with Routing Engine redundancy configuration enabled, the firmware upgrade for PSU (JNP10000-AC2) and JNP10000-DC2) might fail due to lcmd being disabled by the firmware upgrade command. PR1452324

  • PLL errors might be seen after FPC reboots or restarts. PR1452604

  • On MX10003, MACsec framing errors are seen whenever the sequence number exceeds 2 power 32 with extended packet numbering (XPN). PR1452851

  • Hide the drop-flow command under tcp-non-syn configuration. PR1452902

  • On MPC10E, inconsistency between AFT and non-AFT line cards occurs while displaying ldp p2mp traffic-statistics on bud node. PR1453130

  • The values displayed in the output of the show snmp mib walk jnxTimingNotfnsMIB.3 command are not correct. This MIB table is responsible for timing feature defect or event notification. PR1453436

  • PTP can go out of synchronization due to Layer 2 ald hwdb access failure. PR1453531

  • On MX10003 platform, alarms are not sent to syslog. PR1453533

  • Delay in freeing processed defragment buffers lead to prolonged flow control and might crash. PR1453811

  • The ANCP interface-set QoS adjusts might not be processed. PR1453826

  • The FPC might crash when the severity of error is modified. PR1453871

  • Timestamp is not shown with count option after changing the match condition for the show <> | mathc <> | count command. PR1454387

  • On the MX204 platform, the radius-acct-interim statistics are not populated for subscribers. Statistics are properly populated in the radius-acct-stop packets. PR1454541

  • The 100-Gigabit Ethernet interfaces might not come up again after going down on MPC3E-NG. PR1454595

  • The access request for Layer 2 BSA port up might not be retransmitted if the RADIUS server was unreachable. PR1454975

  • JNS/GNF: CRAFTD syslog fatal errors along with junk characters appear upon startup and exits after four startup attempts. PR1454985

  • JET/JSD RPC tag handling bug. PR1455426

  • Device chooses incorrect source address for locally originated IPv6 packets in routing-instance when destination address is reachable through static route with next-table command. PR1455893

  • Excessive fragmentations of IKE packets might cause failure in the tunnel establishment. PR1455896

  • The BgpRouteInitialize API exits with error code 2. PR1455967

  • The rpd crashes at __mem_assert func=0x2266f3a "free_jemalloc”, while adding and deleting the sensors. PR1456049

  • High temperature from the show chassis environment output is observed after MPC4E is inserted to slot 5. PR1456457

  • CLI command with invoke-on and display xml rpc results in unexpected multiple RPC commands. PR1456578

  • All the IPsec tunnels might be cleared when the clear command is executed for only one IPsec tunnel with specified service-set name. PR1456749

  • The bbe-statsd process might continuously crash if any parameter is set to 0 in the mx_large.xml file. PR1457257

  • Default value of 2^32 replay-window size results in framing errors at an average of one in 2^32 frames received. PR1457555

  • The chassisd process and all FPCs might restart after Routing Engine switchover. PR1457657

  • The show subscriber extensive command incorrectly displays DNS address provided to the DHCP clients. PR1457949

  • The subscriber routes are not cleared from the backup Routing Engine when the session is aborted. PR1458369

  • Traffic black hole or MPC crash might be seen on MPC10E during firewall filter terms change. PR1458499

  • If you use dynamic VoIP VLAN assignment, the correct VoIP VLAN information in LLDP-MED packets might not be sent after you commit. PR1458559

  • The FPC X major errors alarm might be raised after committing the PTP configuration change. PR1458581

  • When you perform delete operations, the gRPC updates on_change does not work. PR1459038

  • After you set interface <> is disabled with QSA, the link still remains up. PR1459093

  • The traffic might be stuck on MS-MPC or MS-MIC with sessions receiving a huge number of affinity packets. PR1459306

  • The following error message might be seen after the chassisd restarts: create_pseudos: unable to create interface device for pip0 (File exists) PR1459373

  • The show ancp subscriber access-aggregation-circuit-id < access aggregation circuit ID> command displays incomplete output. PR1459386

  • Port profile behavior changes on MPC11. PR1459433

  • Telemetry streaming of mandatory TLV 'ttl' learned from LLDP neighbor is missing. PR1459441

  • The traffic might be silently dropped or discarded during link recovery in an open Ethernet access ring with ERPS configured. PR1459446

  • In MC-LAG scenario, the traffic destined to VRRP-virtual MAC gets dropped. PR1459692

  • After the DRD auto recovery, the traffic blackholing upon interface flaps. PR1459698

  • CPCDD core file is found at ServicesMgr::ServicesManager::cpcddSmdInterface::processServiceNotifyMsg ,SmdInterface::cbStateSyncServiceNotifyMsgHandler ,statesync_consumer_poll_new_state_cb. PR1459904

  • Initial synchronization for OpenConfig event sensors are streamed only from producers supporting event paths. PR1459927

  • The PPTP does not work with destination NAT. PR1460027

  • If vlan-offload is configured on the VMX platform, input-vlan-map might not work. PR1460544

  • The bbe-smgd generates a core file when all RADIUS servers are unreachable. PR1461340

  • When you receive IPv6 over IPv4 IBGP session, the IPv6 prefix is hidden. PR1460786

  • The repd generates a core file during system startup. PR1461796

  • During the BBE statistics collection and management process, issues with the bbe-statsd memory on backup Routing Engine occurs. PR1461821

  • JET RIB API RouteRemove and RouteRemoveMatching RPCs do not work as the first RIB API call. PR1461974

  • The rpd might crash after committing dynamic-tunnel-anchor-pfe command. PR1461980

  • The CHASSISD_SNMP_TRAP6: SNMP trap generated: Power Supply failed" message appears when both DIP switches and power switch are turned off. PR1462065

  • The flow stuck and flowd watchdog generate core files while trying to ping DNS server on the internet through DUT configured with NAPT44. PR1462277

  • On MX204, RADIUS interim accounting statistics are not populated. PR1462325

  • The vty remote MAC addresses are not learned with correct age if vty is from a line card without Juniper Penta silicon. PR1463040

  • MAC-learning is broken for vlan-id all scenario. PR1463078

  • The subscribers might not pass traffic after making some changes to the dynamic-profiles filter. PR1463420

  • The MPC2E-NG or MPC3E-NG card with specific MIC might crash after a high rate of interface flaps. PR1463859

  • RPC ALG causes MSPMAND core files when MX Series router is used as a stateful firewall with the MS-MIC or MS-MPC service cards. PR1464020

  • The PPP IPv6CP might fail if the routing-services command is enabled. PR1464415

  • The show task memory detail command shows incorrect cookie information. PR1464659

  • The PPPoE session goes in to terminated state and the accounting stops for the session that is delayed. PR1464804

  • MPC5E or MPC6E might crash due to internal thread hogging of the CPU. PR1464820

  • DNS sinkhole server results in multiple core files. PR1466567

  • Layer 2 wholesale does not forward all the client requests with stacked VLAN. PR1467468

  • Hot-swapping between MPC11e and Legacy MPC9, MPC8, or MPC6 is not supported. PR1467725

  • Crypto code might cause high CPU utilization. PR1467874

  • The process rpd might crash after making several changes to the flow-spec routes. PR1467838


  • The duplex status of management interface might not be updated in the output of show command. PR1427233

  • On all Junos OS VM based platforms, FPC might reboot if jlock hog occurs. PR1439906

  • The operations on console might not work if the system ports console log-out-on-disconnect command is configured. PR1433224

  • The Routing Engine might go to amnesiac mode an earlier version of Junos OS is installed on an upgraded device. PR1445151

  • The scheduled tasks might not be executed if the cron daemon goes down without restarting automatically. PR1463802

Interfaces and Chassis

  • Unrelated aggregated Ethernet interfaces might go down if the committing configuration changes. PR1409535

  • The demux interfaces goes down after changing the MTU of the underlying et interface. PR1424770

  • Mixed link-speed aggregated Ethernet bundle are not able to a add new sub-interface successfully. PR1437929

  • Targeted-distribution for static demux interface over aggregate Ethernet interface does not take correct LACP link status into consideration when choosing primary and backup links. PR1439257

  • Mgd processes increases because the mgd processes are not closed properly. PR1439440

  • The cfmd process might crash after a restart on Junos OS Release 17.1R1 and later. PR1443353

  • Unrelated aggregated Ethernet interfaces might go down if changes in the configuration are committed. PR1409535

  • Need enhancement to add or delete a single VLAN in vlan-id-list under interface family bridge. PR1443536

  • ISSU might fail when you upgrade a device that has an aggregated Ethernet bundle with more than 64 logical interfaces. PR1445040

  • The OAM CCM messages are sent with single-tagged VLAN even when configuring with two VLANs. PR1445926

  • Not able to connect to newly installed Routing Engine from other Routing Engines in Routing Engines in MX Series Virtual Chassis. PR1446418

  • Initiating a Routing Engine switchover on VRRP backup router through a CLI command (even protocols vrrp delegate-processing ae-irb) might cause VRRP state for aggregated Ethernet bundle interfaces transitions to the master state, then very shortly afterward to backup again. PR1447028

  • The Layer 2 ald might fail to update composite next hop. PR1447693

  • The ifinfo daemon might crash on the execution of the show interface extensive command. PR1448090

  • Dual VRRP mastership might be seen after ungraceful Routing Engine switchover. PR1450652

  • LACP daemon crashed continuously. PR1450978

  • The severity level log might be flooded when the QSFP-100GE-DWDM2 is inserted. PR1453919

  • In the CFM UP MEP over Layer 2 VPN or LAyer 2 circuit service, the CFM UP MEP session might get stuck in the failed state. PR1454187

  • The VRRP traffic loss is longer than 1 second for some backup groups after performing GRES. PR1454895

  • Mismatched MTU value causes the RLT interface to flap. PR1457460


  • Some error messages might be seen when you use J-Web. PR1446081

Layer 2 Features

  • LSI interface might not be created, causing remote MACs not to be learned and display of the following error log: RPD_KRT_Q_RETRIES: ifl iff add: Device busy". PR1295664

  • VPLS neighbors might stay in the down state after configuration changes in vlan-id. PR1428862

  • Traffic drop might be seen when one MX Series Virtual Chassis member reboots and rejoins the Virtual Chassis. PR1453430

Layer 2 Ethernet Services

  • DHCP request might get dropped in DHCP relay. PR1435039

  • The jdhcpd process might go into infinite loop and cause CPU full utilization. PR1442222

  • On MX10008 or MX10016 platforms, the dhcp-relay command might not work. PR1447323

  • Some additional information can be provided in DHCPv6 option 17. This option can be in SOLICIT or REQUEST messages. BNG should relay the information from this option to RADIUS servers in ACCESS REQUEST message in the attribute 26-207. Before the fix from the PR the information was not relayed. PR1448100

  • PPPoE holding DHCPv6 prefix causes DHCPv6 binding failure due to duplicate prefix. PR1453464

  • DHCP subscriber might not come online after the router reboots. PR1458150

  • DHCP packet might not be processed correctly if DHCP option 82 is configured. PR1459925

  • The ISSU might fail during subscriber in-flight login. PR1465964


  • The FPC might be stuck in the Ready state after making a change in the configuration that removes RSVP and triggers FPC restart. PR1359087

  • Static MPLS LSP label might not get installed in MPLS.0 after the link flaps. PR1457432

  • Traffic is silently discarded after the LSP protection link on Huawei transit router goes down. PR1439251

  • Continuous rpd core files are generated at l2ckt_alloc_label, l2ckt_standby_assign_label, and l2ckt_intf_change_process in new backup during GRES in MX2010 box. PR1427539

  • The LDP might withdraw a label for an FEC once the IGP route is inactive in inet.0. PR1428843

  • Dynamic SPRING-TE tunnel creation to LDP (non SR) speaking nodes are is supported. PR1432791

  • Root XML tag in the output is changed from rsvp-pop-and-fwd-info to rsvp-pop-and-fwd-information to be consistent with the XML tag convention. PR1365940

  • SRLG entry shows unknown after removing it from configuration in show mpls lsp extensive or show mpls srlg output. PR1433287

  • The P2MP LSP branch traffic might be dropped for a while when the sender PE device performs switchover. PR1435014

  • The flow label is not pushed when chained-composite-next-hop ingress l2ckt/l2vpn is enabled. PR1439453

  • LSI interface Layer 2 Virtual Chassis goes down on one router in VPLS domain through the MPLS path is still available in inet.3. Reason shows as mpls label out of range. PR1442495

  • The backup LSP path messages are rejected if the bypass tunnel path is an inter-area LSP. PR1442789

  • RSVP path message with long refresh interval is dropped between devices running Junos OS releases earlier than Release 16.1 and devices running versions later than Release 16.1. PR1443811

  • TRUE POC: rpd core files are generated with SNMP polling. PR1457681

  • P2MP LSP might get stuck in the down state after link flaps. PR1444111

  • The rpd memory leak might be seen when the inter domain RSVP LSP is in the down state. PR1445024

  • Traffic might be silently dropped or discarded if two consecutive PLRs along the LSP performs local repair simultaneously under certain misconfigured conditions. PR1445994

  • The transit packets might be dropped if an LSP is added or changed on an MX Series or PTX Series device. PR1447170

  • Traffic drop might be seen after traceoption configuration is committed in RSVP P2MP. PR1447480

  • The rpd generated a core file at ted_delete_abstract_hop (instance=0x75d33c0, hop_name=< optimized out>) during abstract-hop testing. PR1448769

  • The LDP route timer resets when committing unrelated configuration changes. PR1451157

  • All LDP adjacencies flap after changing LDP preference. PR1459301

  • The previously configured credibility preference is not considered by CSPF even though the configuration has been deleted or changed to prefer another protocol in the traffic engineering database. PR1460283

  • High CPU usage and rpd core file might be observed if ldp track-igp-metric is configured and IGP metric is changed. PR1460292

  • MPLS trace route does not trace the SRUDP tunnel ingress router. PR1460516

Network Address Translation (NAT)

  • The nsd process might crash during SNMP query for deterministic NAT pool information. PR1436775

Network Management and Monitoring

  • MX10000 reports the jail socket errors message. PR1442176

  • The Wrong Type error message might be seen for the hrProcessorFrwID object. PR1446675

Platform and Infrastructure

  • On all the EX9200 line of switches, MX Series routers, and T4000, LACP DDoS policer is incorrectly triggered by other protocols traffic. PR1409626

  • The device might not be accessible after the upgrade. PR1435173

  • Packet drops, replication failure, or ksyncd crash might be seen on the logical system of a device running Junos OS after Routing Engine switchover. PR1427842

  • The RPM udp-ping probe does not work in multiple routing instance scenario. PR1442157

  • With CNH for 6PE, MPLS EXP rewrite rule for non-VPN IPv4 over MPLS traffic might not work. PR1430878

  • Traffic from the same physical interface cannot be forwarded. PR1434933

  • The BGP session might flap after Routing Engine switchover is done simultaneously on both boxes of BGP peer in scaled BGP session setup. PR1437257

  • GRE traffic might get dropped if the terminating routing-instance name contains dots. PR1437872

  • ARP resolution might fail after ARP HOLD net hops are added and deleted continuously. PR1442815

  • Some duplicate flowtap filters are programmed after the restart of dynamic-flow-capture. PR1442868

  • When host-bound packet is received in MAP-E BR router, service interface statistics counter shows incorrect number of bytes. PR1443204

  • Packets drop due to missing destination MAC address in the Packet Forwarding Engine. PR1445191

  • Python op scripts are executed as user nobody if started from NETCONF session, not as logged in user, resulting in failing PyEZ connection to the device. PR1445917

  • On certain MPC line cards cm errors need to be reclassified. PR1449427

  • Some hosts behind unnumbered interface are unreachable after the router or FPC restarts. PR1449615

  • FPC might reboot with vmcore due to memory leak. PR1449664

  • The DF flag BGP packets are dropped over MPLS LSP path. PR1449929

  • REST API process becomes non-responsive when a number of requests come in at a high rate. PR1449987

  • In EVPN-VXLAN scenario, sometimes host-generated packets gets dropped as hitting reject route in Packet Forwarding Engine. PR1451559

  • The Routing Engine originated IPv6 packets might be dropped when interface-group rule is configured under IPv6 filter PR1453649

  • Multicast traffic loss occurs in rare case in a seamless MPLS with MVPN configuration is observed. PR1456905

  • Port mirroring does not occur with VPLS. PR1458856

  • DDoS-protection does not stop logging when remote tracing is enabled. PR1459605

  • Traceroute initiated from PE device does not show the tunnel endpoint hop in the output. PR1461441

  • CLI configuration flag version-03 must be optional. PR1462186

Routing Policy and Firewall Filters

  • The rib-group might not process the exported route correctly. PR1450123

  • Routes resolution might be inconsistent if any route resolves over the multipath route. PR1453439

  • The rpd might crash after the Routing Engine switch overs when prefix-list is configured. PR1451025

Routing Protocols

  • The rpd crashes in Junos OS Release 16.1 or later during BGP convergence. PR1351639

  • The rpd process might crash with BGP multipath and damping configured. PR1472671

  • Need to install all possible next hops for OSPF network LSAs. PR1463535

  • The other querier present interval timer cannot be changed in a IGMP or MLD snooping scenario. PR1461590

  • BGP peers might flap if the parameter of hold-time is set as small. PR1466709

  • The rpd might crash under a rare condition if GR helper mode is triggered. PR1382892

  • The rpd crashes in Junos OS 16.1 or later during BGP convergence. PR1351639

  • BFD link failure detection of the broken path gets delayed when IGP link-state update is received from the same peer through an alternative path. PR1410021

  • BGP might become stuck in the Idle state when the peer triggers a GR restart event. PR1412538

  • BGP might get stuck in the Idle state when the peer triggers a GR restart event. PR1412538

  • TI-LFA cannot find backup path when IS-IS overLoad bit is set on computing. node PR1412923

  • Per-prefix LFA might not work as expected where the last hop needs to be protected on the penultimate node. PR1432615

  • Unsupported configuration (EPE with dynamic-next-hop GRE tunnels) continuously rpd to generat core files. PR1431536

  • The show isis adjacency extensive output does not contain the state transition details. PR1432398

  • The next-hop of IPv6 route remains empty when a new IS-IS link comes up. PR1430581

  • With SR enabled, 6PE next hop is not installed. PR1435298

  • Clearing BGP neighbors takes longer time to delete routes. PR1435466

  • Wrong next hop might be seen when BGP PIC edge is enabled. PR1437108

  • The rpd might crash in case multipath is enabled, as BGP multipath teardown is called for secondary route even though secondary routes are considered for multipath. PR1437837

  • The backup Routing Engine might go out of synchronization if you clear BGP sessions on the master Routing Engine. PR1439620

  • Removing SSH Protocol version 1 from configuration. PR1440476

  • RIP routes might be discarded by Juniper device over a /31 subnet interface. PR1441452

  • The rpd might crash with SR-TE configuration change. PR1442952

  • IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507

  • The rpd crash might be seen after configuring OSPF nssa area-range and summaries. PR1444728

  • The rpd might crash in OSPF scenario due to invalid memory access. PR1445078

  • The SSH login might fail if a user account exists in both the local database and RADIUS/TACACS+. PR1454177

  • MoFRR with MLDP inband signaling is not working. PR1454199

  • BRP: RPC call is not available for show bgp output-scheduler. PR1445854

  • The BGP route prefixes are not being advertised to the peer. PR1446383

  • The as-external route might not work in OSPF overload scenario for VRF instance. PR1446437

  • The rpd uses full CPU utilization due to incorrect path selection. PR1446861

  • The multicast traffic might be dropped in PIM with BGP PIC setup. PR1447187

  • The rpd crashes and commit fails when trying to commit configuration changes. PR1447595

  • On the MX2000 and PTX10000 lines of devices , Layer 3 VPN PE-CE link protection exhibits unexpected behavior. PR1447601

  • Junos OS BFD sessions with authentication flaps occurs after sometime. PR1448649

  • The connection between ppmd (Routing Engine) and ppman (FPC) might get lost due to session time out. PR1448670

  • The BGP routes might fail to be installed in routing instance if the from next-hop policy match condition is used in the VRF import policy. PR1449458

  • SPRING-LDP interoperability issues are observed with colocated SRMS+SR-client+LDP-stitching. PR1452956

  • The rpd scheduler slip for BGP GR might be up to 120 second after the peer goes down. PR1454198

  • The rpd memory might leak in a certain MSDP scenario. PR1454244

  • Permanent rpd core files are seen with BGP configuration option optimal-route-reflection set. PR1454803

  • Rpd might crash when multipath is in use. PR1454951

  • The rpd might crash continuously due to memory corruption in IS-IS setup. PR1455432

  • Prefix SID conflict might be observed in IS-IS. PR1455994

  • Packet drop and CPU spike on Routing Engine might be seen in certain conditions if labeled-unicast protection is enabled for a CsC-VRF peer. PR1456260

  • Rpd core file is seen at rt_nhn_tree_stop,rt_table_tree_free_family, bgp_sync_free_tsp after deactivating protocols. PR1457358

  • The rpd might crash when OSPF router-id gets changed for NSSA with area-range configured. PR1459080

  • The rpd memory leak might be observed on backup Routing Engine due to BGP flap. PR1459384

  • Rpd scheduler slips might be seen on RPKI route validation enabled BGP peering router in a scaled setup. PR1461602

  • Rpd core file is seen with BMP configured and BGP peer flapping. PR1462441

  • IS-IS IPv6 multi-topology routes might flap every time when there is an unrelated commit under protocol stanza. PR1463650

  • The rpd might crash if both BGP add-path and BGP multipath are enabled. PR1463673

  • MX80 EVPN-VXLAN RT5 does not work properly and ip-prefix-routes are not reachable. PR1466602

Services Applications

  • The kmd process might crash when DPD time outs for some IKEv2 SAs occurs. PR1434521

  • On platforms running Junos OS Evolved, the show ipsec security-associations command throws an error. PR1442161

  • Phase 1 SA is migrated to new remote IP because of the source-address translation for the static NAT tunnel. PR1477181

  • Output of the show subscriber user-name command on LTS shows only one session instead of two. PR1446572

  • The jl2tpd process might crash during the restart procedure. PR1461335

  • BGP multipath does not work for MT on cRPD. PR1467091

Subscriber Access Management

  • Subscriber filtering for general authentication services traceoptions could report debug messages for other users. PR1431614

  • Subscriber deactivation might get stuck in the terminated state. PR1437042

  • Test aaa ppp, output enhancement. PR1444438

  • On MX Series platforms, there might be a false error for SAE policy activation or deactivation failure. PR1447632

  • Subscribers login fails when PCRF server is unreachable. PR1449064

  • The authd crashes on backup Routing Engine during execution of the slax script, running < get-jsrc-counters> RPC call. PR1458185

  • DHCPv6 subscribers might be stuck in a state after the authd process crashes. PR1460578

  • Problem with linked-pool-aggregation after attempting to delete a pool in the middle of the chain. PR1465253

User Interface and Configuration

  • The show chassis hardware satellite command is not available in Junos OS Release 17,3. PR1388252

  • Changing nested apply-groups does not occur. PR1427962

  • In the Juno OS Fusion environment, the show chassis hardware satellite command is not available on Junos OS Release 17.3. PR1388252


  • In a specific CE device environment in which asynchronous-notification is used, after the link between the PE and CE devices goes up, the Layer 2 circuit flaps repeatedly. PR1282875

  • The rpd core file is seen at rtbit_reset, rte_tgtexport_rth. PR1379621

  • The rpd crash might be seen if Layer 2 circuit or local switching connections flap continuously. PR1418870

  • P1 configuration delete message is not sent on loading baseline configuration if there has been a prior change in VPN configuration. PR1432434

  • The resumed multicast traffic for certain groups might be stopped in overlapping MVPN scenario. PR1441099

  • Result of the show task replication command shows MVPN as InProgress when the active master Routing Engine is forcibly removed and NSR are enabled. PR1441292

  • Memory leak might happen if PIM messages are received over an MDT (mt- interface) in Draft-Rosen MVPN scenario. PR1442054

  • The rpd process might crash due to memory leak in MVPN RPF Src PE block. PR1460625

  • The Layer 2 circuit displays MM status which might cause traffic loss. PR1462583

Documentation Updates

This section lists the errata and changes in Junos OS Release 19.4R1 documentation for MX Series.

Feature Guides Are Renamed As User Guides

  • Starting with Junos OS 19.4R1, we renamed our Feature Guides to User Guides to better reflect the purpose of the guides. For example, the BGP Feature Guide is now the BGP User Guide. We didn’t change the URLs of the guides, so any existing bookmarks you have will continue to work. To keep the terminology consistent on our documentation product pages, we renamed the Feature Guides section to User Guides. To find documentation for your specific product, check out this link.

Migration, Upgrade, and Downgrade Instructions

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for the MX Series. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

Starting in Junos OS 19.4R1 release, FreeBSD 11.x is the underlying OS for all Junos OS platforms which were previously running on FreeBSD 10.x based Junos OS. FreeBSD 11.x does not introduce any new Junos OS related modifications or features but is the latest version of FreeBSD.

The following table shows detailed information about which Junos OS can be used on which products:


FreeBSD 6.x-based Junos OS

FreeBSD 11.x-based Junos OS

MX5,MX10, MX40,MX80, MX104



MX240, MX480, MX960,

MX2010, MX2020



Basic Procedure for Upgrading to Release 19.4


Before upgrading, back up the file system and the currently active Junos OS configuration so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files) might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. For more information, see the Installation and Upgrade Guide.

For more information about the installation process, see Installation and Upgrade Guide and Upgrading Junos OS with Upgraded FreeBSD.

Procedure to Upgrade to FreeBSD 11.x based Junos OS

Products impacted: MX240, MX480, MX960, MX2010, and MX2020.

To download and install FreeBSD 11.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-19.4R1.9-signed.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-19.4R1.9-signed.tgz

    Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos package):

    • For 32-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-32-19.4R1.x-limited.tgz
    • For 64-bit Routing Engine version:

      user@host> request system software add no-validate reboot source/junos-install-mx-x86-64-19.4R1.9-limited.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    Do not use the validate option while upgrading from Junos OS (FreeBSD 6.x) to Junos OS (FreeBSD 11.x). This is because programs in the junos-upgrade-x package are built based on FreeBSD 11.x, and Junos OS (FreeBSD 6.x) would not be able to run these programs. You must run the no-validate option. The no-validate statement disables the validation procedure and allows you to use an import policy instead.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.

  • You need to install the Junos OS software package and host software package on the routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. For upgrading the host OS on these routers with VM Host support, use the junos-vmhost-install-x.tgz image and specify the name of the regular package in the request vmhost software add command. For more information, see the VM Host Installation topic in the Installation and Upgrade Guide.

  • Starting in Junos OS Release 19.4R1, in order to install a VM host image based on Wind River Linux 9, you must upgrade the i40e NVM firmware on the following MX Series routers:

    • MX240, MX480, MX960, MX2010, MX2020, MX2008, MX10016, and MX10008



After you install a Junos OS Release 19.4 jinstall package, you cannot return to the previously installed Junos OS (FreeBSD 6.x) software by issuing the request system software rollback command. Instead, you must issue the request system software add no-validate command and specify the jinstall package that corresponds to the previously installed software.


Most of the existing request system commands are not supported on routers with the RE-MX-X6 and RE-MX-X8 Routing Engines. See the VM Host Software Administrative Commands in the Installation and Upgrade Guide.

Procedure to Upgrade to FreeBSD 6.x based Junos OS

Products impacted: MX5, MX10, MX40, MX80, MX104.

To download and install FreeBSD 6.x based Junos OS:

  1. Using a Web browser, navigate to the All Junos Platforms software download URL on the Juniper Networks webpage:

  2. Select the name of the Junos OS platform for the software that you want to download.
  3. Select the release number (the number of the software version that you want to download) from the Release drop-down list to the right of the Download Software page.
  4. Select the Software tab.
  5. In the Install Package section of the Software tab, select the software package for the release.
  6. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by a Juniper Networks representative.
  7. Review and accept the End User License Agreement.
  8. Download the software to a local host.
  9. Copy the software to the routing platform or to your internal software distribution site.
  10. Install the new jinstall package on the routing platform.Note

    We recommend that you upgrade all software packages out of band using the console because in-band connections are lost during the upgrade process.

    • All customers except the customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package:

      user@host> request system software add validate reboot source/jinstall-ppc-19.4R1.9-signed.tgz
    • Customers in the Eurasian Customs Union (currently composed of Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia) can use the following package (Limited encryption Junos OS package):

      user@host> request system software add validate reboot source/jinstall-ppc-19.4R1.9-limited-signed.tgz

    Replace source with one of the following values:

    • /pathname—For a software package that is installed from a local directory on the router.

    • For software packages that are downloaded and installed from a remote location:

      • ftp://hostname/pathname

      • http://hostname/pathname

      • scp://hostname/pathname

    The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

    Use the reboot command to reboot the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

    Rebooting occurs only if the upgrade is successful.


After you install a Junos OS Release 19.4 jinstall package, you cannot return to the previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1, 17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see

Upgrading a Router with Redundant Routing Engines

If the router has two Routing Engines, perform the following Junos OS installation on each Routing Engine separately to avoid disrupting network operation:

  1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine, and save the configuration change to both Routing Engines.

  2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

  3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

  4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Downgrading from Release 19.4

To downgrade from Release 19.4 to another supported release, follow the procedure for upgrading, but replace the 19.4 jinstall package with one that corresponds to the appropriate release.


You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.