Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Open Issues

Learn about open issues in this release for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • When configuring class-of-service stanza with interface all, the configuration of class-of-service interface all will be committed without an error. However, it does not actually set scheduler, classifier, or rewrite policy. PR1592900

  • When running NETCONF or any such session and querying interface information in XML format and having such multiple sessions (around 50-60) continuously asking for interface information might cause the child mgd process to get stuck, and if more than one (at least 4-5) child mgd processes get stuck, the mgd stops functioning, which might cause any new configuration to not take into effect. PR1599024


  • Starting Junos OS Release 19.3R1, VXLAN OAM host-bound packets are not throttled with DDoS policers. PR1435228

  • On all Junos platforms with EVPN-VXLAN to EVPN-MPLS stitching scenario, traffic loss could be seen with data forwarder changes when the traffic flows from VXLAN to MPLS. The traffic loss will occur till mac-ip ages out. PR1515096

  • On all Junos platforms which support EVPN VXLAN, if aggregation Ethernet interface or redundant logical tunnel (RLT) interface is configured in the underlay network for EVPN/VXLAN, when there is ARP request generated and flooded to the core side, the kernel crash might happen due to this issue. PR1524485

  • In a provider backbone bridging - Ethernet VPN (PBB-EVPN) environment, ARP suppression feature which is not supported by PBB might be enabled unexpectedly. This could cause MAC addresses of remote CEs not to be learned and hence traffic loss is observed. PR1529940

  • VM core files are generated while performing GRES with EVPN configuration. PR1542037

  • VM core files are generated during EVPN-MPLS script run while performing GRES. PR1580313

  • On all Junos platforms with EVPN-VXLAN scenario, the number of MAC-IP binding counters might reach the limit when MAC-IP is moved between interfaces. Since MAC-IP counters are not decremented when entry is deleted due to this defect, repeated moves will result in a limit (default value is 1024) that will be reached even though there are a fewer entries. Meanwhile, traffic loss could be seen. PR1591264

Flow-based and Packet-based Processing

  • Use an antireplay window size of 512 for IPv4 or IPv6 in fat-tunnel. The ESP sequence check might otherwise report out-of-order packets if the fat-tunnel parallel encryption is within 384 packets (12 cores * 32 packets in one batch). Hence, there are no out-of-order packets with 512 antireplay window size. PR1470637

Forwarding and Sampling

  • Packet length for ICMPv6 is shown as 0 in the output of the show firewall log detail CLI command. PR1184624

  • The fast-lookup-filter with match is not supported in FLT hardware, might cause the traffic drop. PR1573350

  • On Junos platforms, the snmpwalk might not work for some logical interfaces if the interface filter name is the same for input list filters. PR1601761

General Routing

  • On the MX104 router, if you use the snmpbulkget or snmpbulkwalk (for example, used by the SNMP server) on a chassisd-related component (for example, jnxOperatingEntry), high CPU usage and slow response of the chassis process (chassisd) might be observed because of a hardware limitation, which might also lead to a query timeout on the SNMP client. This issue might not be observed while using an SNMP query. As a workaround, use either of the following approaches: Use snmpget or snmpwalk instead of snmpbulkget or snmpbulkwalk and include the -t 30 option when doing the SNMP query. PR1103870

  • On the MX Series platforms with the FPC-PTX-P1-A or FPC2-PTX-P1A line card might encounter a single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. The following syslog message gets reported: Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002. The Junos OS chassis management error handling does detect such condition, and raises an alarm and performs the disable-pfe action for the affected Packet Forwarding Engine entity. To recover this Packet Forwarding Engine entity, a restart of the FPC is needed. Soft errors are transient or non-recurring. FPCs experiencing such SEU events do not have any permanent damage. Contact your Juniper support representative if the issue is seen after a FPC restart. PR1254415

  • When you issue a show interface command to check the interface details, the system will not check whether the interface name provided is valid or invalid. The system will not generate an error message if the interface name is invalid. PR1306191

  • Source MAC and TTL values are not updated for routed multicast packets in EVPN-VXLAN. PR1346894

  • The following log might be seen on FPC with WINTEC mSata SSD: SMART ATA Error Log Structure error: invalid SMART checksum.. PR1354070

  • A few xe- interfaces go down with the following error message: if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840

  • Latency is observed for the host-generated ICMP traffic. This ping latency behavior is expected for host generated ICMP traffic due to the design of Packet Forwarding Engine queue polling the packets from ASIC. PR1380145

  • Modifying the underlying interface on a demux0 interface with subscribers present on the underlying interface causes the FPC to generate core files. PR1396157

  • On MX Virtual Chassis, access facing FPC's CPU stays at 100 percent for 5-6 minutes after a configuration change. PR1447003

  • During VXLAN VNI (multicast learning) scaling, traffic issue is seen from VXLAN tunnel to Layer 2 interface. PR1462548

  • Either static routes or implicit filters configuration is required for forwarding DNS traffic to service PIC. It solves DNS packet looping issue. PR1468398

  • On MX platforms with the type of 3D 20x 1GE MIC installed, after performing a unified ISSU, the FPC equipping the MIC might crash and interfaces stay down. Due to this issue, the traffic on the MIC will be impacted. PR1480212

  • On MX204 and MX10003 routers with MPCs MPC7E through MPC10E, and JNP10K-LC2101, the following syslog error is observed: unable to set line-side lane config (err 30). This does not impact any function and can be ignored. PR1492162

  • When the show pfe filter hw filter-name filter name is issued, the command fails to retrieve the Packet Forwarding Engine programming details of the filter. PR1495712

  • After backup Routing Engine halt, CB1 goes offline and comes back online; this leads to the backup Routing Engine booting up, and it shows the reboot reason as 0x1:power cycle/failure. This issue is found only for the Routing Engine reboot reason, and there is no other functional impact. PR1497592

  • During flooding, MAC is learnt only on normal access port but not on the aggregated Ethernet interface trunk port. When a VLAN member is specified as a string, the IF_MSG_IFL_VADDR TLV is not generated with the VLAN information, and the TRIO afttriostream is not updated with the nativevlanId and nativevlanenable flags. Thus, the packets are still treated as untagged, and when it reaches the trunk egress interface, it is dropped because the trunk interface does not allow untagged traffic to pass through. The issue is specific to platforms with ZT line cards. As a workaround: functionally will work if the interface-vlan-members statement contains only numeral value for VLANs. The VLAN members with input as a string is not supported. PR1506403

  • 10-Gigabit Ethernet interface flaps continuously when configuring with the WAN-PHY framing with the default hold-down timer (0). When upgrading a router to an affected software release, the interface might flap continuously. This is not applicable to an interface with the default framing LAN-PHY. PR1508794

  • On a fully scaled system where all the slices are utilized by different families of CLI filters, if we try to delete one family and add or change another family with a higher number of filter terms which requires either expansion of the filter or creation of a new filter. The Packet Forwarding Engine fails to add the new filter as we are getting messages out of sequence, that is, if you add or change of filter earlier than the delete of another filter that will free up the slices. PR1512242

  • A 35 seconds delay is added in reboot time from 20.2R1 release compared to 19.4R2 release. PR1514364

  • It is possible that LFM might flap during MX Virtual Chassis ISSU to/from this release. PR1516744

  • The rpd process does not recover after restart in scaled configuration scenarios when Junos Telemetry Interface monitoring is enabled using asymmetric configurations. The issue will not be seen with following conditions:

    1) Higher polling frequency (greater than 15 seconds).

    2) When subscribed at top level xpath /interface/sub-interface level.

    3) When the number of IPv4 and IPv6 entries are almost same, that is, mostly symmetric configurations. PR1520977

  • Rpd sensors generate core file during defer-continue case on network churn. This issue will be a timing issue and will happen only when a particular node sensor information is being rendered and the same node went through some modification. PR1526503

  • On the MX platforms with next generation Routing Engine is installed, after upgrading the Intel i40e-NVM firmware to version 6.01, the FRUs disconnection alarms might be seen along with traffic loss. PR1529710

  • On MX150 devices, the following error messages are seen in the messages log file for the interfaces that have SFP installed in them: fpc0 FAILED(-1) read of SFP eeprom for port: 13. PR1529939

  • FIPS mode is not supported. PR1530951

  • Due to BRCM KBP issue route lookup might fail. Need to upgrade KBP to address this issue. PR1533513

  • During GNF ISSU and if ISSU unsupported FRU is present, then such FRU is to be brought online manually once ISSU is finished. PR1534225

  • When an image with the third-party SDK upgrade (6.5.x) is installed, the CPU utilization might go up by around 5 percent. PR1534234

  • Inconsistent core.python2.7.mpc0 core is seen with stacktrace @ea_wi_precl,@ea_macsec_receive(). PR1534568

  • Flapping might be observed on channelized ports during ZTP when one of the ports is disabled on the supporting device. PR1534614

  • Socket to sflowd closed error comes up when the ukern socket to sflowd daemon (server) is closed. The error is rectified by itself as the client successfully reestablishes the connection in the subsequent attempts. When these errors are consistent, it indicates a communication issue between sflowd and the sFlow running on the FPC. PR1538863

  • In an EVPN-VxLAN, vm core is seen on master and backup Routing Engine with Layer 2 and Layer 3 multicast configuration. PR1539259

  • In scaled MX2020 router with VRF localisation is enabled, 4 million next hop scale and 800000 route scale. FPCs might go offline on GRES. Post GRES, router continues to report many fabric related CM_ALARMs. FPC might continue to reboot and does not come online. Rebooting master and backup Routing Engine will help recover and get router back into stable state. PR1539305

  • Intermittent license-check.core is observed during the device initialization. License daemon will restart and start providing the required support. There is no service impact. PR1545175

  • A new alarm network-service mode mismatch between configuration and kernel setting is introduced. When a unified ISSU or normal code upgrade is performed from images without this alarm commit to images with alarm commit, then the transient false alarm will be seen. PR1546002

  • Hardware performance counters might not be correctly exported to the CLI when Packet Forwarding Engines are disabled. This is purely a display issue. PR1547890

  • 100G AOC from Innolight does not comes up after multiple reboots. It recovers after interface enable and disable. PR1548525

  • If deactivated chassis synchronization source configured or no chassis synchronization source is configured is active then commit error is given as esmc-transmit requires chassis synchronization source configuration. PR1549051

  • The PKI CMPv2 (RFC 4210) client certificate enrollment does not properly work when using root-CA. PR1549954

  • On MX10008 and MX10016 platforms, the keepalive value of chassisd socket between chassisd and line card is small due to which in issues like short link-flaps/connection, the FPC reboots instead of reconnecting, which causes service impact. PR1550917

  • When neighbor discovery protocol (NDP) entries are scaled to 32,000 over IRB in one shot, ndp process might reach to 100 percent CPU utilization and unicast next hops for all 32,000 entries might not be present. This will result in traffic drops for entries for which unicast next hop is not present. PR1551644

  • Phone home supported captive portal with factory default configuration. Captive portal was used for entering activation code and to monitor bootstrap status of device using phone-home feature. From 20.4 release, support for captive portal for phone home bootstrap process is removed. PR1555112

  • 5M DAC connected between QFX10002-60C and MX2010 does not link up. But with 1M and 3M DAC works as expected. Also it is to be noted that between QFX10002-60C and ACX or traffic generator the same 5M DAC works seamlessly. There seems to be certain issues in SI or link level configuration on both QFX10002-60C and MX2010. PR1555955

  • Users should not make a configuration change in BSYS while GNF ISSU is ongoing. PR1556544

  • Once the GNF ISSU is done and MPC9E line card assigned to GNF goes though unified ISSU successfully. But later during SFB offline or online after GNF ISSU (issue not seen if BSYS also undergoes ISSU), MPC9E line card crashes during SFB online. PR1556627

  • On high availability systems, when FPC0 (when node0 is primary) or FPC7 (when node1 is primary) is restarted (for example, with CLI command request chassis fpc slot <> restart node local or due to dcpfe cores on the primary), that might cause FPC1 or FPC8 to restart, which might cause the pre-existing TCP sessions to break and not get reestablished by itself. The TCP sessions might need to be manually reestablished. PR1557607

  • On the MX10008 routers, the GRE keepalive adjacency state is Down even though the GRE tunnel is in Up state. PR1559200

  • VE and CE mesh groups are default mesh groups created for a given routing instance. On adding vlan and bridge-domain, flood tokens and routes are created for both VE and CE mesh-group and flood-group. Ideally, VE mesh-group does not require on a CE router where IGMP is enabled on CE interfaces. MX Series based CE boxes have unlimited capacity of tokens, so this would not be a major issue. PR1560588

  • On MX Series routers, timingd-lc errors, CdaExprClient: grpc api call ExprServerInfoGet failed and CdaExprClient: Failed to fetch server info error:5 are seen on all FPCs after restarting router or FPC restart. PR1561362

  • Due to a race condition, the show multicast route extensive instance instance-name command output displays the session status as Invalid. Such an output is a cosmetic defect and not indicative of a functional issue. PR1562387

  • To avoid the additional interface flap , interface hold time needs to be configured . PR1562857

  • In a rare scenario, SPMB do not reply during FPC online which was moved from SLC mode to full line card mode. The FPC was stuck as the training is not complete. PR1563050

  • When SLC is reconfigured from asymmetric mode to symmetric mode in a single commit, it is possible that on some occasions one of the SLC shows chassis connection in dropped state. The SLC will come online and no functional impact is seen. PR1564233

  • When a new p2mp template (for example, template1) is added, it overwrites the default_p2mp template for the LSPs. When we update from template1 to template2, the change is not taking effect. This is a day one issue. The issue has a workaround by removing p2mp template for template1 and then re-adding the template2. PR1564795

  • Unable to execute python or shell scripts in flex mode. Starting 21.1R1 release, Junos will be shipping with python3 (python2 is no longer supported). In ZTP process, if a python script is being downloaded, ensure that the python script follows python3 syntax (there are certain changes between python2 and python3 syntax). Also, so far (that is, until Junos OS Release 20.4R1), the python script had #!/usr/bin/python as the first line (that is, the path of the python interpreter). The same needs to be changed to #!/usr/bin/python3 from Junos OS Release 21.1R1. PR1565069

  • Synce to PTP noise transfer passes for 400 ns port-to-port amplitude and frequency of 1Hz but fails for 200 ns port-to-port amplitude and frequency of 0.005Hz. PR1566291

  • G.8273.2 transient response test fails. Issue exists for legacy line cards also. PR1566354

  • The pic_create_ifname: 0/0/0 pic type F050 not supported chassisd log messages are flooded for every port that is connected. This will happen every few seconds. Jan 5 15:15:25 pic_create_ifname: 0/0/0 pic type F050 not supported Jan 5 15:15:25 pic_create_ifname: 0/0/1 pic type F050 not supported Jan 5 15:15:25 pic_create_ifname: 0/0/2 pic type F050 not supported Jan 5 15:15:25 pic_create_ifname: 0/0/3 pic type F050 not supported Jan 5 15:15:25 pic_create_ifname: 0/0/4 pic type F050 not supported Jan 5 15:15:25 pic_create_ifname: 0/0/5 pic type F050 not supported Jan 5 15:15:25 pic_create_ifname: 0/0/6 pic type F050 not supported Jan 5 15:15:25 pic_create_ifname: 0/0/7 pic type F050 not supported Jan 5 15:15:25 pic_create_ifname: 0/0/28 pic type F050 not supported Jan 5 15:15:25 pic_create_ifname: 0/0/29 pic type F050 not supported Jan 5 15:15:25 pic_create_ifname: 0/0/30 pic type F050 not supported Jan 5 15:15:25 pic_create_ifname: 0/0/31 pic type F050 not supported. PR1566440

  • On an SLC scenario, the filter actions with discard, reject, and send-to-host will lead to crash AFTD. PR1567313

  • With T-BC across multiple line card, average time error (cTE) test is fails as there are other delays introduced causing phase variation across line cards. PR1567662

  • After enabling vpn-localization, IPv6 traffic does not flow between logical systems and routing-instance. When VPN localization is enabled in fusion or v44 setup, ensure cascade ports (satellite devices) are not part of VPN core facing FPC. PR1567850

  • The problem is with L1 node (physical interface) not reflecting correct bandwidth configured for tunnel services. This appears, when baseline configuration has 1G configuration on some FPC or PIC in groups global chassis and if we override with local chassis tunnel service 10 G bandwidth in a scaled scenario. Out of 10 Gbps bandwidth configured only 1 Gbps is allowed per 1G speed configured in baseline configuration. PR1568414

  • Traffic might be dropped on MX platforms when the default route is changed in the inet.0 table. It might take 2 to 3 seconds to be updated in Packet Forwarding Engine. This issue will be recovered automatically. PR1568944

  • Flag, source and logical address are not expected in MAC address found in BD BD-3 instance.PR1569546

  • The Precision Time Protocol (PTP) clock might fail to be locking and stuck in acquiring state at clock servo. PR1570310

  • BUM traffic replication over VTEP is sending out more packets than expected. PR1570689

  • Part of the show ptp lock-status detail command output is missing while changing the interface configuration from encapsulation Ethernet to family inet. This issue is not seen every time and issue exists for legacy line cards also. PR1572047

  • On all Junos platforms, traffic loss might be observed due to a rare timing issue when performing frequent interface bridge domain (IFBD) configuration modifications. This behavior is seen when the Packet Forwarding Engine receives out-of-order IFBDs from Routing Engine and might lead to the fxpc process crash and traffic drop. PR1572305

  • PIM rib-group failures to add in VRF-PIM so rib-group VRF not usable in this context; all RIBs are not in instance. PR1574497

  • Max ports used is not getting displayed properly in the show services nat pool pool-name detail. PR1576398

  • When firewall is configured with both discard and port-mirror as actions in the same term, mirrored packet will be corrupted (This creates two Layer 2 headers). PR1576914

  • On MX platforms, in subscriber scenario with scaled around 32,000 connections, the replication daemon might generate core files or stop running, which results in failure on subscriber services on the new Routing Engine after the upgrade or GRES. PR1577085

  • When a sub line card (SLC) assigned to a GNF in a node sliced setup is booting up generates some PCIe alarms. This alarm will not have any functional impact and will resolve once the SLC is online. PR1578187

  • Snapshot banner message displays reboot the system from primary disk using request node reboot re disk1 command but correct command is request node reboot re0 disk1. PR1578556

  • The MPC7E, MPC8E, MPC9E, and MPC11E line cards might be stuck in the Unresponsive state in a Junos node slicing setup. PR1580168

  • If MPC11E line card configured with SLC is restarted multiple times, then on some instances the complete FPC restarts. PR1581107

  • On MX Series platforms with SPC3, traffic drop is observed in either of the following cases:

    1) When there is an ICMPv6 error message is sent to the Address Family Transition Router (AFTR) IP. The ICMP error might be triggered from the Packet Forwarding Engine or the intermediate node having the AFTR address as the destination address. Flow ICMP vector will not handle this error as the destination is of AFTR and this leads to looping.

    2) When there is a normal IP-IP session opened instead of a DSLITE session in case of the server to client session establishment and upon force tunnel session close by session timeout configuration or session clear command on the tunnel session and also with a timing case. PR1582447

  • TSU access might fail sometimes which leads to PTP functionality that will not work on the box. PR1587990

  • As part of filter configuration, the out-of-order scenario corner case validation was not handled at Packet Forwarding Engine. Because of this, you might see a core file that will restart FPC and will interrupt the data path for the interfaces belongs to restarting FPC till it comes online. PR1589619

  • On MX platforms with MS-MPC/MS-PIC, the packet loop might be seen after receiving the PCP mapping request packets to service-set where pcp rule is not configured and the packet loop might cause high CPU utilization. PR1598720

  • Unable to commit configuration due to error check-out failed for mobility process. If mobility process dependent process (like CUPS) are configured, then we do not see this issue. PR1601785

  • Core files will be observed in SPC3 when you change dslite configuration multiple times under service-set. PR1601977

  • On MX Series platforms with MPC10E line card, output bps is not in expected range on aggregate Ethernet interface for egress traffic. PR1602307

  • The Jflow-syslog for CGNAT uses 0x0000 in IPv4 identification field. This might have issues for some jflow-syslog-collectors especially when jflow-syslog packets gets fragmented along the path to collector. PR1602528

  • Minor transient traffic drop will be seen during MBB of RSVP LSP without optimize-adaptive-teardown delay X statement. PR1590656

  • J-Web deny log nested-application=UNKNOWN instead of specific application. PR1593560

  • On MX platforms with MPC10E and MPC11E line cards, if received a large number of packets and its length is greater than the outgoing interface MTU, the Packet Forwarding Engine might get wedged when performing IPv4 packet fragmentation at the high traffic rate. The traffic flow through this Packet Forwarding Engine will be affected. PR1596100

  • After unified ISSU, issue will be seen on deleting and adding back the following sample configuration:

  • On all MX Series platforms, changing configuration AMS 1:1 warm-standby to load-balance or deterministic NAT might result in vm core generation and causes traffic loss. PR1597386

  • On MX Series with multiservices card (MS-PIC/MS-MPC) installed, when the user's TCP session is passing the multiservices card, TCP tickle functionality tries to extend TCP session after the inactivity-timeout expires by sending self-generated TCP keepalive packets to both parts of TCP connection and expecting the TCP ACK to be seen from both parts. While the expected behavior is to drop that TCP ACK packet on multiservices card upon receiving, it sends to another part of TCP connection, this causes confusion and inability to extend TCP session, and then causes impact on long-lived TCP sessions with low volume of traffic. PR1600619

  • In rare occurrence of pthread lock failure of work queue, bbe-smgd generates core file, it will be recovered by itself. PR1601203

  • On MX150 routers, interface hold-time down works correctly, but hold-time up does not work. PR1604554

  • On MX Series with MPCs/MICs platforms working as MPLS transit router, if entropy label is configured and the ingress interfaces and egress interfaces of the LSP are on the same Packet Forwarding Engine, an extra entropy label would be pushed to the LSP. Traffic loss might be seen if the egress routers can not handle the extra entropy label (for example, DPC to DPC connection on the egress router with the penultimate router). PR1605865

  • In a Layer 2 Bit Stream Access or Layer 2 wholesale services using the auto-sensed VLAN subscriber interfaces over a dynamic underlying VLAN interface scenario, if the auto-config is used on pseudowire physical interface and logical interface of it, the Junos next hop might not be properly installed for the new requested tagged VLAN after deleting the pseudowire logical interface or clearing the subscriber's sessions. Then, it might not be recreated single-vlan tag for the subsequent subscribers again, the access services on the pseudowire physical interface and logical interface might be unavailable due to this. PR1609844

High Availability (HA) and Resiliency

  • When MTU is configured on an interface, a rare ifstate timing issue could occur at a later point resulting in ksyncd process crash on backup Routing Engine. When ksyncd crashes on backup Routing Engine, a live kernel core is also dumped on both the Routing Engines. There is no service impact due to this issue. PR1606779


  • On MS Series platforms, an interface is configured for single VLAN or multiple VLANs, if all these VLANs of this interface have igmp-snooping enabled, then this interface will drop hot standby router protocol for IPv6 (HSRPv2) packets. But if some VLANs do not have igmp-snooping enabled, then this interface is working fine. PR1232403

  • The error message IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) is observed continuously in AD with base configurations. PR1485038

Interfaces and Chassis

  • On the MX480 routers, the output of the show interfaces transport pm otn current interface command is not as expected. The CLI output for this command has a formatting issue with the interval range. The correct range information is returned in the commands XML message. The information can be displayed by redirecting the command output to display xml using the show interfaces transport pm otn current xe-1/0/9 | display xml. PR1560533

  • On MX platforms, the dcd internal data structure of the distribution bundle might get corrupt after removing the aggregated Ethernet logical interface of members of a targeted logical interface set from the targeted distribution database. Later the dcd process will crash when it accesses the corrupted entry. PR1591032

  • 100G aggregated Ethernet interfaces flap on fusion satelite devices upon unrelated configuration changes. PR1602656

  • With aggregated multiservices interface (AMS) configured, the memory leak on dcd daemon occurs when making configuration changes on any interface. The leak rate is slow and depends on the scale of the logical interfaces on AMS interfaces (for example, if there are 8 AMS physical interfaces with 8000 logical interfaces, the leak is about 5 MB on each commit), which might lead to dcd crash. PR1608281

Juniper Extension Toolkit (JET)

  • The jsd process might take some time to detect abrupt termination of the socket at the collector or client side in certain cases. This might occur when flapping the interface on which the collector is connected to the DUT or when a firewall terminates the client port. In such cases, the client must wait for the connection termination to be detected, which could take around 1 hour, or restart the jsd process before being able to reconnect with the same client ID. PR1549044

Layer 2 Ethernet Services

  • On MX5, MX10, MX40, MX80, and MX104 platforms with DHCP server configuration for DHCP subscribers, the jdhcpd memory leak might happen and the memory increase by 15MB which depends on the number of subscribers when testing the DHCP subscribers log-in and log-out. PR1432162

  • It is observed rarely that issuing request system zeroize does not trigger zero touch provisioning (ZTP). As a workaround, reinitiate the ZTP. PR1529246


  • When we configure minimum-bandwidth, the LSP is still resignaled with the previous configured minimum-bandwidth and not the current configured minimum-bandwidth. PR1526004

  • The RSVP interface update threshold configuration syntax has changed to include curly braces around the threshold value. Upgrading and downgrading between those releases is not entirely automatic. The user must delete this stanza if configured before the downgrade and then manually reconfigure. PR1554744

  • When some LSPs that request facility backup protection using bypass tunnels are brought up using respective Resv messages that do not contain the mandatory RECORD_ROUTE object, and when such LSPs undergo local repair, then rpd might generate core file with the backtrace specified in this problem. If either the Resv messages originated by egress LERs contain the mandatory RECORD_ROUTE object or if such LSPs brought up with malformed Resv messages do not undergo local repair, then the core will not occur. PR1560059

  • If IS-IS-TE or OSPF-TE is enabled, but admin-groups-extended-range or admin-groups-extended (which is configured under routing-options) and admin-group-extended are configured after the peer router advertises the extended admin groups, the LSP with extended admin groups constraints might fail to be established. PR1575060

  • With local reversion on, there is a possibility of transit router not informing headend of RSVP disabled link when link is flapped more than once. Workaround is to remove local-reversion configuration. PR1576979

  • When a protected link goes down, MPLS gets tunnel local repair message from RSVP and trigger CSPF computation. Next, MPLS gets link protection information through RRO notification. If MPLS receives TED notification first before RRO notification, then CSPF computation fails. Since the link protection flag is not set, MPLS thinks it is an unprotected link and brings down the LSP. PR1598207

  • In an RSVP environment with the fast-reroute enabled, when an LSR in a detour LSP goes down in a particular scenario, the newly signaled detour path might be brought down and remain in incomplete state, due to a defect in RSVP-IO thread that continue sending incorrect path refresh which brings down the detour path. PR1603613

  • The rpd process might crash on standby_re LDP module when VPLS mac-flush enabled on peer by default or by configuration. The core files are generated only when the peer sends LDP address_withdrawal_message with first TLV other than address_tlv. This issue occurs particularly with extreme networks as peer VPLS PE device. PR1610638

Network Management and Monitoring

  • The SNMP polling failures timeout might be observed when the number of outstanding requests to any subagent (mib2d, snmpd-subagent) reaches 500. This will impact the SNMP polling functionality. PR1585409

  • When the ARP entry gets removed in the ARP table, and if there is a presence of a static route referring to the removed next hop IP, the refcount will not be 0. In that case, the kernel does not send a DELETE message to mib2d. As a result, SNMP still has the ARP entry even after it is expired in the ARP cache. PR1606600

Platform and Infrastructure

  • On MX Series platforms with MPC7, MPC8, MPC9 or MX-204 and MX-10003, when the packets which exceed the MTU and whose DF-bit is set go into a tunnel (such as GRE, LT), they might be dropped in the tunnel egress queue. PR1386350

  • Arrival rates are not seen at system level when global-disable fpc is configured. PR1438367

  • Due to software implementation, firewall filter is reapplied duration graceful Routing Engine switchover (GRES). This might lead to short during when filter is not applied provoking side effects like drop of traffic. PR1487937

  • With GRES and NSR functionality with VXLAN feature, the convergence time might be slightly higher than expected for L2-DOMAIN-TO-L3VXLAN. PR1520626

  • When the DHCP relay mode is configured as no-snoop, we might observe the offer gets dropped due to incorrect ASIC programing. PR1530160

  • On the MX platforms with XM chipset based line card installed, when the line card experiences the CMERROR XMCHIP_CMERROR_DDRIF_PROTECT_WR_RD_SRAM_RUNN_CHKSUM, the disable-pfe action will be involved. This issue will cause the Packet Forwarding Engine to be disabled and traffic lost. PR1568072

  • This issue might be seen only in back to back GRES in about more than 40 to 50 iterations. No workaround available and FPC gets restarted. PR1579182

  • FPC core file is generated at dfw_term_cc_list_loop_init , dfw_term_cc_detect_loop , dfw_term_filter_process_consistent during GRES. The issue is due to output byte countis not getting updated properly. The script logs shows that there is no packet loss and there is no functional impact. PR1579797

  • MS-PIC RPM probes with large data size fails at random. PR1602508

  • On MX Series platform working as PE device in an MVPN, when traffic is received (from core) on upstream multicast LSI interface and then forwarded over VPLS via IRB interface, the packets are forwarded without vlan-tags, which leads to traffic drop at the remote VPLS PE device. PR1607311

Routing Policy and Firewall Filters

  • On all Junos OS platforms with the policy-options rtf-prefix-list configured, if upgrade to a specific version, the device might fail to validate its configuration which eventually causing rpd to crash unexpectedly due to a software fault. PR1538172

Routing Protocols

  • While interoperating with other vendors in a draft-rosen multicast VPN, by default Junos OS attaches a route target to multicast distribution tree (MDT) subsequent address family identifier (SAFI) network layer reachability information (NLRI) route advertisements. But some vendors do not support attaching route targets to the MDT-SAFI route advertisements. In this case, the MDT-SAFI route advertisement without route-target extended communities are prevented from propagating if the BGP route-target filtering is enabled on the device running Junos OS. PR993870

  • SCP command with routing instance (-JU) is not supported. PR1364825

  • TILFA backup path fails to install in LAN scenario and also breaks SR-MPLS TILFA for LAN with more than four end-x SIDs configured per interface. PR1512174

  • Due to behavior change, if there is no IFA present in the interface, we do not encode the router-id in the hello packets by default. If in a scenario between R1 and R2, we do not have any inet or inet6 address set for interfaces forming the adjacency in question. Then in the show isis adjacency detail we do not see IPv4 or IPv6 address and it is shown that the adjacency is missing an IP address. This is expected. PR1559079

  • With max number of logical interfaces (4000 GRE tunnel per Packet Forwarding Engine) with following configuration.

    1) Configuring family inet and associated source and destination for each tunnel.

    2) Configuring allow-fragmentation option on one endpoint of the tunnel and configuring reassemble-packets on the other endpoint of the tunnel.

    With above configuration, if we do deactivate chassis fpc slot, we might face this issue. PR1581042

  • IS-IS might advertise multi topology IPv6 NBR as up even if both sides do not advertise link local address as up. This happens during link flap for a brief duration. During this time, traffic drops might be seen until the link local addresses come up. PR1585471

  • On all platforms with high scaled routes scenario, after the FPC restarts, some routes might get incorrectly programmed in the forwarding table in the kernel with next hop installed as dead. This might lead to traffic impact. This is a timing issue. PR1601163

  • After changing INET MTU on MPLS enabled interface is in the IS-IS SPRING scenario, L-IS-IS routes might not get refreshed and dead next hop will be installed by the kernel. PR1605376

Subscriber Access Management

  • In subscriber scenario, if RADIUS accounting backup is configured and the RADIUS server is unavailable for more than 30 minutes, some subscribers might be stuck in terminated state and cannot be recovered even if the RADIUS server is reachable. PR1600655

User Interface and Configuration

  • When a user tries to deactivate the MPLS related configuration, the commit fails on backup Routing Engine. PR1519367

  • The mgd core file is observed upon simultaneous rollback command in two different terminals of same router. It is a very rare and corner case and is a timing issue. If this happens, the CLI session ends abruptly. PR1554696

  • When performing commit-check for the firewall and interface related configurations, if you use the Ctrl+C to abort it, the dfwc and dcd might crash after performing another commit-check. This issue happens only with those daemons that follow the message-based commit-check model (such as, dfwc, dcd, rdmd, and fwa), and has no impact on other daemons. PR1600435


  • During in-service software upgrade (ISSU), the IPsec tunnels flap, causing a disruption of traffic. The IPsec tunnels recover automatically after the ISSU process is completed. PR1416334

  • In some scenario (for example, configuring firewall filter) sometimes router might show obsolete IPsec SA and NHTB entry even when the peer tear down the tunnel. PR1432925