Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Known Behavior


This section describes certain SRC software behaviors and related issues to clarify how the system works.

For the most complete and latest information about known defects, use the Juniper Networks online Problem Report Search application.

Aggregate Services

  • NIC does not map primary username to managing SAE in aggregate services.

    If you use aggregate services and specify a primary username for a subscriber reference expression, note that the configuration scenarios provided with the NIC do not provide a mapping from a primary username to the managing SAE. Consider using the login name instead. If you want to use the primary username as the subscriber reference expression for a fragment service, contact Juniper Networks Professional Services for assistance with setting up the NIC configuration to resolve the primary username to locate the managing SAE.

Application Server

  • If the application server (edit slot 0 application-server https) is configured to use TLSv1 or TLSv1.1 or all TLSv1, TLSv1.1, and TLSv1.2, then the following ciphers (including weak ciphers) are supported. We recommend you to configure TLSv1.2 alone to avoid vulnerabilities.

    • ECDHE-RSA-AES128-SHA256




    • AES128-SHA256

    • AES128-SHA

    • DES-CBC3-SHA

    • DHE-RSA-AES128-SHA256

    • DHE-RSA-AES128-SHA

  • If the application server (edit slot 0 application-server https) is configured to use the TLSv1.2 version, then the following strong ciphers are only supported:





Configuration Updates

  • When you use the load merge, load override, or load replace command at any hierarchy level, the command loads all the configuration in the specified file.

    If you want to load the configuration for a specified hierarchy level:

    • Ensure that the file contains the sdx:current=true text to identify the level at which the configuration is to be loaded.

    • Run a load command with the relative option at the level at which you want to update the configuration.

If a file contains configuration statements other than those at and below the level identified by sdx:current=true, the command disregards the other statements.

If you enter a load command with the relative option and the file does not contain the text sdx:current=true, you receive a message indicating that the configuration cannot be loaded.


  • From Release 4.8.0 to 4.12.0, the SRC software runs on CentOS 6.5. From Release 4.13.0 onwards, the SRC software runs on CentOS 7.6. However, neither version of CentOS supports older C series controllers (C2000 and C4000) because of hardware incompatibility. PR1049794

Juniper Networks Database

  • Recommendations for use of multiple primary Juniper Networks databases.

    We recommend that you configure two to four Juniper Networks databases as primary databases in a community. If you plan to use more than two Juniper Networks databases in a primary role and expect to have frequent updates to the Juniper Networks database, we recommend that you test your application scenario with a projected traffic load. For assistance testing your application scenario, contact Juniper Networks Professional Services or JTAC.


Policy Management

  • Use care when modifying configurations with other policy management tools for interfaces on JunosE routers that are managed by the SRC software.

    When applying policies to interfaces on JunosE routers that are managed by the SRC software, carefully consider using other policy management tools, such as CLI, RADIUS, CoA, or Service Manager. Policies that are applied to the interface before SRC management begins, such as at access-accept time, are properly replaced. However, if other policy managers change existing policies while SRC management is active, problems can occur.

    • If you have a preconfigured policy through CLI or RADIUS as part of subscriber PVC/VLAN provisioning, the existing policy becomes inactive and the SAE manages the subscriber interface. When the SAE stops managing the interface, the preconfigured policy becomes active. However, if you change the policy on the interface using CLI or CoA, problems can occur.

    • If you have a policy in Access-Accept, the existing policy becomes inactive and the SAE manages the interface.


  • When you configure an interface classifier rule under the [edit shared classification-script interface classifier] hierarchy level, the changes do not take effect immediately on the SRC software. For a workaround, see the PR record. PR973224

  • When policies are installed via RAR, service mismatch between SRC and SCG occurs if there are partial charging rule install failures at SCG side. For a workaround, see the PR record. PR1127708

  • For JSRC dual-stack subscribers, if dynamic-profile in MX Series router has either one of the inet or inet6 policies and if the corresponding family gets deactivated, MX Series router triggers an ACR-Stop for the service. This results in deactivation of that service in SRC. As SRC does not reprovision the service when the family gets reactivated, we recommend to have dynamic-profiles with both inet and inet6 families at the MX Series router end.

  • MX Series router does not send Framed-IPv6-Netmask and the prefix length of the Framed-IPv6-Address is always considered as 128. Hence, the ignore-framed-ipv6-netmask configuration will not have any effect.