Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Open Issues

Learn about open issues in this release for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • Some non-fatal interrupts (for example, CM cache or AQD interrupts) are logged as fatal interrupts. The following log messages will be shown on CM parity interrupt:

  • On MX104 platforms, when using the snmpbulkget or snmpbulkwalk (for example, used by the SNMP server) on a chassisd-related component (for example, jnxOperatingEntry), high CPU usage for chassis process and slow response might be seen because of a hardware limitation, which might also lead to a query time out on the SNMP client. In addition, the issue might not be seen while using an SNMP query for interface statistics. As a workaround, to avoid the issue, use either of the following approaches:

    Use snmpget or snmpwalk instead of snmpbulkget or snmpbulkwalk and include the -t 30 option when doing the SNMP query. For example, snmpget -v2c -c XX -t 30.

    Use the -t 30 option with snmpbulkget or snmpbulkwalk. For example, snmpbulkget -v2c -c XX -t 30. PR1103870

  • On MX platforms with FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter a single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. The following syslog message gets reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002.

    The Junos OS chassis management error handling detects such a condition, raises an alarm, and disables the affected Packet Forwarding Engine entity. To recover this Packet Forwarding Engine entity, restart the FPC. Contact your Juniper Networks support representative if the issue persists even after the FPC restart. PR1254415

  • If a vmhost snapshot is taken on an alternate disk and there is no further vmhost software image upgrade, the expectation is that if the current vmhost image gets corrupted, the system boots with the alternate disk so the user can recover the primary disk to restore the state. However, the host root file system and the node boots with the previous vmhost software instead of the alternate disk. PR1281554

  • When you issue a show interface command to check the interface details, the system does not check whether the interface name provided is valid or invalid. The system will not generate an error message if the interface name is invalid. PR1306191

  • With aggregated Ethernet bundle or ECMP next hops configured with the adaptive load balancing feature requests a large chunk of jnh counter memory . If allocation requests are spread over an interval of time, then the memory allocator might not be able to handle all these requests and error messages are reported. There is no impact on traffic. PR1329704

  • Source MAC and TTL values are not updated for routed multicast packets in an EVPN VXLAN scenario. PR1346894

  • The backup Routing Engine might crash after GRES occurs continuously for more than 10 times. PR1348806

  • When VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter is not installed. PR1362609

  • The following log message might be seen on FPC with WINTEC mSATA SSD:

  • A few xe- interfaces go down with the following error message: if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840

  • The ping command might show variable latency values. This is expected for host generated ICMP traffic due to the design of the Packet Forwarding Engine queue polling the packets from ASIC. PR1380145

  • Due to a transient hardware condition, single-bit error (SBE) events are corrected and have no operational impact. Reporting of those events had been disabled to prevent alarms and possible unnecessary hardware replacements. This change applies to all platforms using Hybrid Memory Controller (HMC). PR1384435

  • Modifying the underlying interface on a demux0 interface with subscribers present on the underlying interface causes the FPC to generate core files. In the procedure to edit underlying-interface on a demux0, do the following check:

    Verify that there are no subscribers existing on the underlying interface configured on the demux0.

    Subscribers need to be moved out of the underlying interface before editing the underlying interface under demux0. PR1396157

  • The PTP master and the PTP slave port configuration accept only the PTP packets with multicast MAC address according to the port settings. If forwardable multicast is configured, only PTP packets with the forwardable MAC address is accepted and the non-forwardable is dropped. Similarly, if the link-local multicast is configured, only the PTP packets with the non-forwardable MAC address is accepted and forwardable is dropped. PR1442055

  • On MX10003 routers with Virtual Chassis, access facing FPC's CPU stays at 100 percent for 5 to 6 minutes after a configuration change. PR1447003

  • On VXLAN VNI (multicast learning) scaling, traffic issue is seen from VXLAN tunnel to Layer 2 interface. PR1462548

  • In DNS filtering, when DNS requests are sent from the server and implicit filters as well as routes to the service PIC are configured, it causes the DNS packets to loop. As a workaround, configure either static routes or implicit filters for forwarding DNS traffic to service PIC. It solves DNS packet looping issue. PR1468398

  • On MX Series platforms with the 3D 20x 1GE MIC installed, after performing ISSU, the FPC equipped with the MIC might crash and interfaces stay down. Due to this issue, the traffic on the MIC will be impacted. PR1480212

  • On MX204 and MX10003 routers with the MPC7E, MPC8E, MPC9E, MPC10E, and JNP10K-LC2101 line cards, the following syslog error appears occasionally: unable to set line-side lane config (err 30). This does not impact the service and can be ignored. PR1492162

  • When the show pfe filter hw filter-name filter name command is issued, the command fails to retrieve the Packet Forwarding Engine programming details of the filter. PR1495712

  • After the backup Routing Engine halts, CB1 goes offline and comes back online. This leads to rebooting of the backup Routing Engine and it shows the reboot reason as 0x1:power cycle/failure. There is no other functional impact due to this issue. PR1497592

  • When a VLAN member is specified as a string, the IF_MSG_IFL_VADDR TLV is not generated with the VLAN infoformation, and the MX Series with MPCs or MICs afttriostream is not updated with the nativevlanId and nativevlanenable flags. Thus, the packet is still treated as untagged, and when it reaches the trunk egress interface, it is dropped because the trunk interface does not allow untagged traffic to pass through. The issue is specific to platforms with ZT line cards. As a workaround, configure the interface-vlan-members statement with only numeral value only for VLANs. The VLAN members with input as a string is not supported in this release. PR1506403

  • A 10-Gigabit Ethernet interface configured with WAN-PHY framing might flap continuously if the hold-down timer is set to 0 (which is the default). This is not applicable to an interface with the default framing LAN-PHY. PR1508794

  • On a fully scaled system where all the slices are utilized by different families of CLI filters, if we try to delete one family and add or change another family with a higher number of filter terms, which requires either expansion of the filter or creation of a new filter, the Packet Forwarding Engine fails to add the new filter as we are getting out of sequence messages. The add or change of the filter is called earlier than the delete of another filter will free up the slices. PR1512242

  • A 35 seconds delay is added in reboot time. PR1514364

  • When an AMS physical interface is configured for the first time or any member of the AMS bundle is removed or added, the PICs on which the members of AMS bundle are present go for a reboot. There is a timer running in the AMS kernel which is used as a delay for the PIC reboot to complete and once that timer expires, AMS assumes that the PICs might have been rebooted, and it moves into next step of AMS finite state machine (FSM). In a scaled scenario, this rebooting of the PIC is delayed due to DCD. This is because when a PIC goes down, DCD is supposed to delete the physical interfaces on that PIC and the PIC reboot happens. But DCD is busy processing the scaled configuration and the physical interface deletion is delayed. This delay is much greater than the timer running in AMS kernel. When the timer expires, the FSM in AMS kernel incorrectly assumes the PIC reboot would be completed by then, but the reboot is still pending. By the time DCD deletes this physical interface, the AMS bundles are already up. Because of this, there is a momentary flap of the bundles. PR1521929

  • The rpd sensors generate core file during defer-continue case on a network churn. This will be a timing issue and will happen only when a particular node sensor information is being rendered and the same node went through some modification. PR1526503

  • On the MX Series platforms with next generation Routing Engine installed, after upgrading the Intel i40e-NVM firmware to version 6.01, the FRUs disconnection alarms might be seen along with traffic loss. Refer to the TSB17603 to upgrade Junos OS software and Intel i40e-NVM firmware. PR1529710

  • On MX150 routers, the following error messages are seen in the messages log file for the interfaces that have SFP installed in them: fpc0 FAILED(-1) read of SFP eeprom for port: 13. PR1529939

  • FIPS mode is not supported. PR1530951

  • Ping command does not work even though the ARP entry is present during continuous script executions due to BRCM KBP issue. PR1533513

  • After performing a unified ISSU in a Junos OS node slicing, the unified ISSU unsupported field replaceable unit (FRU) will stay offline until it brings back to online manually once ISSU is finished. This issue causes a service or traffic impact for the offline FRUs. PR1534225

  • When an image with the third party SDK upgrade (6.5.x) is installed, the CPU utilization might go up by around 5 percent. PR1534234

  • Flapping might be observed on channelized ports of MX Series routers during ZTP, when one of the ports is disabled on the supporting device. PR1534614

  • In rare instances, when the et- interface gets stuck and remains down between two particular ports on MPC5E, MPC4E, and CXP MIC line cards. The MAC chip in the line card goes to a condition where the EDC convergence state (adaptive algorithm state machine error) in the firmware remains at tracking while the et- interface is stuck and remains down. PR1535078

  • The request system software validate command is disabled currently for Junos OS Release 19.4 and later. You can validate the same using the request system software add command. PR1537729

  • The Socket to sflowd closed error comes up when the ukern socket to sflowd daemon (server) is closed. The error is rectified by itself as the client successfully reestablishes the connection in the subsequent attempts. When these errors are consistent, it indicates a communication issue between sflowd and the sFlow running on the FPC. PR1538863

  • In an EVPN-VXLAN scenario with the Layer 2 and Layer 3 multicast configurations, the vmcore process generates the core file on the primary and backup Routing Engines. PR1539259

  • On a scaled MX2020 router with vrf localisation enabled, when 4 million next hop scale and 800000 route scale are available, FPCs might go offline on GRES. Post GRES, router continues to report many fabric related CM_ALARMs. The FPC might continue to reboot and does not come online. Rebooting the primary and backup Routing Engine will help to recover and get router back into stable state. PR1539305

  • The following error message occurs when you reboot the device with the enterprise base configurations: Error BCMX: Failed to add lport 0x0 (unit , port ). -8: Entry exists. PR1541159

  • PTP to PTP noise transfer is passing for impairments profile 400nsp-p_1Hz, but failing for profile 400nsp-p_0.1Hz and lower bandwidth profiles as well. The issue is common to 10G also. PR1543982

  • After performing upgrade or downgrade on VM host platform, during restarting with the new image, the Wind River Linux (WRL) kernel might go into a deadlock state due to a race condition in advanced configuration and power interface component architecture (ACPICA) module in Linux kernel. This issue might cause the system to get stuck in continuous crashing state. It is a rare timing issue and currently only seen on WRL6 kernel based image during upgrade or downgrade. PR1544875

  • Intermittent license check core files are generated during the device initialization. License daemon will restart and start providing the required support. There is no service impact. PR1545175

  • A new alarm network-service mode mismatch between configuration and kernel setting is introduced. When unified ISSU or normal code upgrade is performed from images without new alarm commit to images with new alarm commit, then the transient false alarm will be seen. PR1546002

  • Hardware performance counters might not be correctly exported to the CLI when Packet Forwarding Engines are disabled. This is purely a display issue. PR1547890

  • 100G AOC from third-party does not come up after multiple reboots. It recovers after enabling and disabling the interface. PR1548525

  • The following error message is observed: Feb 27 20:26:40 xolo fpc3 Cannot scan phys_mem_size.out. Please collect /var/log/*.out (0;0xdd3f6ea0;-1) (posix_interface_get_ram_size_info): Unknown error: -1. This log is harmless. PR1548677

  • In synce configuration, ESMC transmit is configured or if the chassis synchronization source configuration is deactivated or there are no active chassis synchronization source configurations present, it might lead to a commit error esmc-transmit. To avoid the error, include the chassis synchronization source. PR1549051

  • On MX10008 and MX10016 platforms, the keepalive value of chassisd socket between chassisd and line card is small. Due to this, when issues like short link-flaps/connection problem occur, the FPC reboots instead of reconnecting, which causes service impact. PR1550917

  • After a system reboot, BFD session status is in Init state. It is seen when we have both CFM and BFD configuration on the system and endpoint overlaps between CFM and BFD. PR1552235

  • Phone home supports captive portal with factory default configuration. Captive portal is used to enter activation code and to monitor bootstrap status of device using phone home feature. Starting Junos OS Release 20.4, support for captive portal for phone home bootstrap process is removed. PR1555112

  • 5M DAC connected between QFX10002-60C and MX2010 does not link up. But with 1M and 3M DAC, this interoperation works as expected. There seems to be a certain SI or link-level configuration on both QFX10002-60C and MX2010. PR1555955

  • On the MPC11E line cards in BSYS, commit goes through when unified ISSU is initiated in the GNF.PR1556544

  • On the MPC9E line card, core files are generated when SFB becomes online after unified ISSU of a GNF. PR1556627

  • On high availability systems, when FPC0 (when node0 is primary) or FPC7 (when node1 is primary) is restarted (for example, with the request chassis fpc slot <> restart node local CLI command or due to dcpfe core files on the primary), that might cause FPC1 or FPC8 to restart, which might cause the preexisting TCP sessions to break and might not get reestablished by itself. The TCP sessions might need to be manually reestablished. PR1557607

  • On the MX10008 routers, the GRE keepalive adjacency state is down even though the GRE tunnel is in the up state. PR1559200

  • VE and CE mesh groups are default mesh groups created for a given routing instance. On adding VLAN or bridge domain, flood tokens and routes are created for both VE and CE mesh-group and flood-group. Ideally, VE mesh-group does not require a CE router where IGMP is enabled on CE interfaces. MX Series based CE boxes have unlimited capacity of tokens, so this would not be a major issue. PR1560588

  • In an MVPN scenario, if the next hop index of a group is not same between primary and backup after a NSR switchover, we might see a packet loss of 250 to 400 ms. PR1561287

  • The timingd-lc errors CdaExprClient: grpc api call ExprServerInfoGet failed" and "CdaExprClient: Failed to fetch server info error:5 are seen on all FPCs after restarting router or FPC. PR1561362

  • Due to a race condition, the show multicast route extensive instance instance-name output can display the session status as Invalid. Such an output is a cosmetic defect and not an indicative of a functional issue. PR1562387

  • Configure the interface hold time to avoid the additional interface flap. PR1562857

  • In a rare scenario, SPMB does not reply during FPC online which is moved from SLC mode to full line card mode. The FPC gets stuck as the training is not complete. PR1563050

  • When SLC is reconfigured from asymmetric mode to symmetric mode in a single commit, it is possible that on some occasions, one of the SLC shows chassis connection as dropped state. The SLC will come online and no functional impact is seen. PR1564233

  • When a MPLS p2mp template is configured over the default_p2mp template, the configuration change does not take effect and the old configuration remains active. PR1564795

  • Starting in Junos OS Release 21.1R1, Junos OS will be shipping with python3 (python2 is no longer supported). In ZTP process, if a python script is being downloaded, ensure the python script follows python3 syntax (there are certain changes between python2 and python3 syntax). Also, so far (that is, until Junos OS 20.4R1), the python script had #!/usr/bin/python as the first line (that is, the path of the python interpreter). The same needs to be changed to #!/usr/bin/python3 from Junos OS Release 21.1R1. PR1565069

  • In a dual CPE scenario, after RG0 failover, the best path link status shows as PARTIAL SLA VIOLATED instead of SLA MET due to active probe result is incorrect in certain scenarios. PR1565777

  • SyncE to PTP noise transfer passes for 400 ns p-p amplitude and frequency of 1 Hz, but fails for 200 ns p-p amplitude and frequency of 0.005 Hz. PR1566291

  • G.8273.2 transient response test fails. Issue exists for legacy line cards also. PR1566354

  • The chassisd logs flood with the pic_create_ifname: 0/0/0 pic type F050 not supported messages for every connected port. The flooding might happen every few seconds. PR1566440

  • If the inline services and services are applied to sub line cards (SLCs), some issues might happen during processing these services along with firewall process (dfwd) filter actions. Then it might cause SLCs to reboot and aftd to crash. PR1567313

  • With T-BC across multiple line card, average time error (cTE) test fails as there are other delays introduced, causing phase variation across line cards. PR1567662

  • Fusion cascade ports must not be hosted on the VPN core facing FPC. When VPN localisation is enabled in fusion or v44 setup, ensure cascade ports (satellite devices) are not part of VPN core facing FPC. PR1567850

  • The problem is with L1 node not reflecting correct bandwidth configured for tunnel services. When baseline has 1 G configuration on some FPC or PIC in groups global chassis and if we override with local chassis tunnel service in 10 G bandwidth scaled scenario. Out of 10 Gbps bandwidth configured, only 1 Gbps is allowed per 1 G speed configured in baseline configuration. PR1568414

  • Traffic might be dropped on MX Series platforms when the default route is changed in the inet.0 table. It might take 2 to 3 seconds to update in Packet Forwarding Engine . This issue will be recovered automatically. PR1568944

  • The PTP clock might fail to be locking and stuck in acquiring state at clock servo. PR1570310

  • BUM traffic replication over VTEP is sending out more packets than expected and there seems to be a loop. PR1570689

  • Part of the output of the show ptp lock-status detail command is missing while changing the interface configuration from the encapsulation Ethernet to the family inet. This issue is not seen every time and issue exists for legacy line cards also. PR1572047

  • On all Junos platforms, traffic loss might be observed due to a rare timing issue when performing frequent Interface Bridge Domain (IFBD) configuration modifications. This behavior is seen when the Packet Forwarding Engine receives out-of-order IFBD(s) from Routing Engine and might lead to the fxpc process crash and traffic drop. PR1572305

  • When trying to configure a separate rib-group for PIM in VRF, after performing the commit check, the following error might be seen: PIM: ribgroup vrf-mcast-v4 not usable in this context; all RIBs are not in instance vrf. PR1574497

  • When the scheduler configuration is not applied to all 8 egress queues of an interface and one or more egress queues is having buffer size remainder configuration, the distribution of buffer to egress queues with buffer size remainder is not distributed correctly, which might lead to unexpected tail drops. PR1575798

  • An alarm is raised due to a transient hardware problem with MIC does not get cleared automatically after MIC restart. PR1576370

  • Max ports used is not getting displayed properly for the show services nat pool pool-name detail command. PR1576398

  • On MX Series platforms with the MPC7E, MPC10E, MX-SPC3, and LC2103 line cards might become offline resulting in complete loss of traffic when the device is running on FIPS mode. The show chassis fpc pic-status command can be used to check the status of the line cards. PR1576577

  • When a firewall is configured with both discard and port-mirror as actions in the same term, mirrored packets are corrupted. PR1576914

  • On MX Series platforms, in a subscriber scenario with scaled around 32,000 connections, the replication daemon might generate core files or stop running, which results in failure on subscriber services on the new Routing Engine after the upgrade or GRES. PR1577085

  • When a sub line card (SLC) assigned to a GNF in a node sliced setup generates some PCIe alarms during boot up. This alarm does not have any functional impact and will resolve once the SLC is online. PR1578187

  • Snapshot banner message displays to reboot the system from primary disk using the request node reboot re disk1 command, but the correct command is request node reboot re0 disk1. PR1578556

  • This issue is caused by /8 pool with block size as 1. When the configuration is committed, the block creation utilizes more memory causing NAT pool memory shortage, which is currently being notified to the customer with syslog tagged RT_NAT_POOL_MEMORY_SHORTAGE. PR1579627

  • When MPC11E is sliced into Sub Line Cards (SLC) in a node sliced environment, it is possible that in some instances the multiple times restart of one SLC might cause the complete FPC to restart. This could cause a traffic impact. PR1581107

  • When a large number of subscribers attempt to subscribe na-grpcd, core file might be seen. All telemetry subscription connections will close and collectors have to subscribe again. PR1583161

  • On MX10003 router, PEM capacity might be incorrectly shown by the show chassis power command after a PEM swap. PR1587694

  • As part of filter configuration, the out-of-order scenario corner case validation is not handled at Packet Forwarding Engine. Because of this, the aftd process crashes at dfw_term_dictionary_get_next (term=0x0, dfw=0x7f1431da34c0) at ../../../../../src/pfe/common/applications/dfw/dfw_term.c:1460. PR1589619

  • Minor transient traffic drop will be seen during MBB of RSVP LSP without the optimize-adaptive-teardown statement. PR1590656

  • The subscriber logical interface might be in a stuck state after the extensible subscriber services manager (ESSM)is deleted. PR1591603

  • On all MX Series platforms, changing configuration AMS 1:1 warm-standby to load-balance or deterministic NAT might generate vmcore file and traffic loss might be seen. PR1597386

  • Read write lock is not acquired during the sysctl invocation. The assert triggered in the interface state function call leads to go Routing Engine 1 to debug (db>) prompt. PR1598814

  • After performing an upgrade, the peer device is rebooted or the peer interface is disabled or enabled, then the SFP-T port might remain in up state but might not forward traffic. PR1600291

  • On all Junos platforms, in configurations where a large number of tag next-hops have neighbor discovery (ND6) next hop as underlying next hop, upon refresh of ND6 entry because of any reason, a large number of updates are sent to the Packet Forwarding Engine. This update processing causes a spike in the CPU usage which might hamper some scheduled tasks if they occur simultaneously. PR1600318

  • When PTP is on default profile and PTPoE is configured in stateful with ordinary clock-mode configuration is not supported. The below unsupported configuration does not throw commit error.

    The stateful port configuration for PTP over Ethernet and default profile is supported only on boundary clock mode and not on ordinary clock mode. As a workaround, change the clock-mode or to remove stateful configuration. PR1601843

  • When the interface transitions from down to up, the carrier transition counter value of a particular interface might be incorrect when the peer interface takes longer time to come up. Configuring the hold-time for up and down helps to resolve this issue. PR1601946

  • Core files will be observed in SPC3 when you change dslite configuration multiple times under service-set. PR1601977

  • When static routes are added with gr- interface names, there might be replication issues with MPLS next hops causing backup to generate core files. PR1601996

  • On MX Series platforms with MPC10E line card, output bps is not in the expected range on aggregated Ethernet interface for egress traffic. PR1602307

  • The convergence time degradation is seen in IS-ISv6, OSPFv2, and OSPFv3 when comparing convergence time with Junos OS Release 21.1R1.5. As it is a convergence time issue, many components are involved and hence need investigation of rpd, kernel, and Packet Forwarding Engine. PR1602334

  • In chassis with mix of MPC10 or MPC11 and MPC1 to MPC9 line cards, and aggregated Ethernet bundle configuration with member links on both MPC10/MPC11 and MPC1 to MPC9, packet loss might be seen for unicast packets on link flap using ifconfig down/up command in Routing Engine shell. PR1604073

  • In chassis with mix of MPC10 or MPC11 and MPC1 to MPC9 line cards, and aggregated Ethernet bundle configuration with member links on both MPC10/MPC11 and MPC1 to MPC9, packet loss may be seen for unicast packets on link flap when deleting aggregated Ethernet bundle and adding it again. PR1604450

  • In chassis with mix of MPC10 or MPC11 and MPC1 to MPC9 line cards, and aggregated Ethernet bundle configuration with member links on both MPC10/MPC11 and MPC1-MPC9, packet loss might be seen for unicast packets on link flap when deactivate and activate bundle. PR1604800

  • When performing downgrade on VM host platform, the following harmless error messages might be seen when issuing the request vmhost software add command: mkdir: cannot create directory '/tmp/partdisk-V6pHko/jrootfs/junos': File exists mkdir: cannot create directory '/tmp/partdisk-V6pHko/jrootfs/vm': File exists mkdir: cannot create directory '/tmp/partdisk-V6pHko/jrootfs/spare': File exists. PR1605915

  • On MX240, MX480, and MX960 routers with both MPC10E line card and MPC2, MPC3, MPC4, MPC5, and MPC6 based FPCs, when the MPC10E line card sends high traffic to MPC4E or other mentioned cards as the destination, the destination line card will not be able to cope up with MPC10E line card traffic flow. PR1606296

  • The dfwd core files are generated when accessing ephemeral date base files which is deleted through script. PR1609201

  • On all Junos OS platforms, when disabling the physical interface where GRE tunnels is established and performing a GRES. After GRES, enabling the physical interface will cause the BFD to become stuck in init state. PR1609630

  • In MX240, MX480, and MX960 routers with SCBE3-MX and enhanced midplane, in some rare cases, if huge traffic is flooded from MPC7, MPC8, and MPC9 line card to MPC2E, MPC3E, MPC4E, and MPC5E line card, and flaps the interface on MPC2E, MPC3E, MPC4E, and MPC5E, it will cause the unexpected request time errors on MPC7, MPC8, and MPC9 line cards because the MPC2E, MPC3E, MPC4E, and MPC5E line cards might not be able to handle such high volume of requests. It causes the Packet Forwarding Engine destinations to become unreachable even when the fabrics are online. Then the Packet Forwarding Engine, SIB, SCBE, FPCs might reboot automatically while these accumulated fabric errors hit the fabric connectivity restoration conditions of the fabric healing process (FHP). PR1612957

  • In some NAPT44 and NAT64 scenarios, duplicate SESSION_CLOSE syslog error will be seen. PR1614358

  • In Junos subscriber management environment, when the subscriber with the input service-filter configured in the service under dynamic profile fails when modified using Change-of-Authorization (CoA). CoA NAK is received when the input-service-filter is modified. PR1614903

  • On all MX Series platforms with MPC10 line card (AFT based MPC), if the filter is created with the resolved filter and deactivating filter attached to interface after MPC reboot, no filter found error might be seen when the device have multiple filters configured across different families. Due to this, filter might not be effective and counter fetch might not work. PR1616067

  • The transit IPv4-over-IPv6 encapsulated packets cannot pass through using IP over IP interface. This behavior has been seen on transit packets only. PR1618391

  • On all MX platforms running Junos OS with enhanced subscriber management environment, agent circuit identifier (ACI)-based dynamic VLAN session might fail when the size of the PPPoE vendor specific (VS) tags containing ACI and access line characteristics TLVs, exceeds 80 bytes, which would not allow the client to login. PR1619122

  • On MX platforms with subscriber management redundancy, if DHCP active lease query (ALQ) is configured without the topology discover and the no-advertise-routes-on-backup statement is configured, DHCP ALQ connection might not be established and DHCP subscribers might not be synchronized to backup Broadband Network Gateway (BNG). PR1620544

  • When the PHY-sync state of a line card moves to FALSE permanently, it fails to send a degraded clock class to its downstream neighbors. PR1622108

  • In a virtual router environment, there is a variance with respect to the traffic being passed through the interface where the accounting is enabled. PR1622514

  • Port speed shows as 100G even though chassis configuration is set for 40G. This is just a cosmetic display issue. PR1623237

  • This is a product limitation for MX SPC3 with new junos-ike architecture. The issue is seen when we have any-any TS configured and any-any TS negotiated (both in IPv4 and IPv6). As a workaround, do not configure any-any TS when it is sure that negotiated traffic selector for the IPsec tunnel will also be any-any. When there is no TS configured, the scenario might be treated as proxy-id case and bypasses the issue without having any impact on the described scenario. PR1624381

  • If option 80 ahead of option 82 in the client's DHCP discover packet, the auto-configure feature can not extract the subscriber's agent circuit-ID (ACI) and agent remote-ID (ARI). This leads to authentication failure when creating the dynamic VLAN interface where option 82 is requested. PR1626558

  • On all Junos OS platforms, the line card might crash and reload in an EVPN-MPLS scenario when there is a MAC move from local to remote and the request to delete MAC entry is received from remote. Core files are generated and complete traffic loss might be observed until the line card is reloaded. PR1627617

  • The MPC10E line card crashes without any known trigger. PR1627986

  • On MX Series platforms with MPC10, and MPC11 line card, and MS-MPC/MS-MIC are used, if aggregated multiservices (AMS) interface is configured as next hop with equal cost multipath (ECMP), load balancing does not happen properly according to source IP hashing. PR1628076

  • In a scaled subscriber service accounting scenario (~32K logical interfaces), if the flat-file-profile is configured with the use-fc-ingress-stats statement, the memory leak on pfed process might occur and if it crosses 80 percent of the total allocated memory of the process, it might crash. PR1628139

  • On all Junos OS platforms, when unified ISSU is aborted, l2ald might not be able to read issu abort notification. The l2ald might be stuck in the issu state and will not process new events while in issu state. PR1629678

  • The rpd process generates core file with the warm-standby configurations due to reference counting issues. PR1631871

  • On MX platforms enabled with the dynamic-profiles for subscribers and the subscribers are configured over aggregate Ethernet interface with the targeted-distribution. When the child links of the aggregate Ethernet interface are removed and then added, it could lead to bbe-smgd crash in the backup Routing Engine. This in turn could affect the control plane subscriber services when the primary Routing Engine fails during such event. PR1633392


  • A few duplicate packets might be seen in an AA EVPN scenario when the remote provider edge device sends a packet with an IM label due to MAC not learned on the remote PE device, but learned on the AA local PE device. The nondesignated forwarder sends the IM-labeled encapsulated packet to the PE-CE interface after MAC lookup instead of dropping the packet, which causes the duplicate packets to be seen on the customer edge side. PR1245316

  • The VXLAN OAM host bound packets are not throttled with DDoS policers. PR1435228

  • On all Junos platforms in an EVPN-VXLAN to EVPN-MPLS stitching scenario, traffic loss might be seen with data forwarder (DF) changes when the traffic flows from VXLAN to MPLS. The traffic loss occurs till MAC IP ages out. PR1515096

  • In a PBB-EVPN environment, the ARP suppression feature, which is not supported by the PBB might be enabled unexpectedly. This might cause the MAC addresses of the remote customer edge device not to be learned and hence the traffic loss might be seen. PR1529940

  • VM core files are generated during evp-mpls script running while performing GRES. PR1580313

  • EVPN-MPLS multihoming control MACs are missing after VLAN ID removal and adding it back to a trunk logical interface of one of the multihoming PE devices. This is not a recommended way to modify VLAN ID configuration. Always both multihoming PE devices needs to be in symmetric. PR1596698

  • In an EVPN-VXLAN scenario in a datacenter and EVPN-MPLS in a WAN, and the stitching is done with an LT interface, then the bridge MAC table learning entries do not work as expected for EVPN-VXLAN routing instance. This might occur after the restart interface-control command is issued on gateways. PR1600310

  • In EVPN VXLAN scenario, with the proxy-macip-advertisement statement is configured, a few ARP/ND/MAC entries might get missed. PR1609322

  • MAC IP moves across L2-DCI is not updated in MAC-IP table of the gateway nodes. This problem happens only with the translation VNI when the MAC is moved from DC1 to DC2. VM moves across DC where there is no translate VNI configuration in the interconnect works as designed. PR1610432

Flow-based and Packet-based Processing

  • Use 512 antireplay window size for IPv6 in fat-tunnel. The ESP sequence check might otherwise report out-of-order packets if the fat-tunnel parallel encryption is within 384 packets (12 cores * 32 packets in one batch). Hence there are no out-of-order packets with 512 antireplay window size. PR1470637

Forwarding and Sampling

  • The show firewall log detail command shows the packet length for ICMPv6 as 0. PR1184624

  • The configuration statement fast-lookup-filter with match condition is not supported in FLT hardware and might cause a traffic drop. PR1573350

  • On MX Series platforms, when filter-based forwarding (FBF) is configured with the next-interface action and if the interface participating in the filter gets flapped due to any reasons, notification to update the filter action is initiated. It might result in FPC crash with core dump. This might be due to a rare timing issue. PR1622585

High Availability (HA) and Resiliency

  • If you perform GRES with the interface em0 (or fxp0) disabled on the primary Routing Engine, then enabling the interface on the new backup Routing Engine might result in losing network access. PR1372087


  • If an interface is configured for single VLAN or multiple VLANs and all these VLANs of this interface have igmp-snooping enabled, then this interface will drop HSRPv2 packets. But if some VLANs do not have igmp-snooping enabled, then the interface works fine. PR1232403

  • The following messages are seen during FTP: ftpd[14105]: bl_init: connect failed for /var/run/blacklistd.sock (No such file or directory). PR1315605

  • The IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) error message is observed continuously in AD with base configurations. PR1485038

  • The show system processes detail CLI command does not display CPU details under the CPU column. PR1588150

Interfaces and Chassis

  • The CLI output for the show interfaces transport pm otn current interface command has a formatting issue with the interval range. The correct range information is returned in the commands XML message. The information can be displayed by redirecting the command output to display xml.PR1560533

  • The issue is seen in a scaled setup with 296 LM sessions with iterator cycle time interval (100ms). It seems there is degradation in scale number (OAM packet rate at ~5500). At this qualified PPS, now LMR packet loss is observed but the functionality seems to be fine. To avoid LMR packet loss, reduce the scale number and keep the OAM packet value to less than 5500 pps. PR1561397

  • Delay in application of CLI configuration by DCD when aggregated Ethernet interface members are configured via JET API. PR1621482

  • On all Junos OS platforms, the duplicate VLAN-ID on untagged interface gr-x/x/ conflicts with unit 1 syslog message might be seen and dcd process might be crashed if the same VLAN is configured on the GRE tunnel interfaces. PR1633339

  • In a Layer 3 VPN scenario with the routing-options forwarding-table chained-composite-next-hop ingress l3vpn statement is configured, if VRRP route tracking is used to track routes inside a VRF, and if such routes are with composite next hop, they might be marked as down even they are present in the VRF, hence the VRRP route tracking might not work properly. PR1635351

  • On all Junos OS platforms, after upgrading, the VRRP state will not be correct and tracking routes of VRRP might show as unknown. The intended router might not be the VRRP master instead the peer router with less priority will be master. The route states are not correct because route add messages are not received at vrrpd after activation of the interface. When the interface is activated an interface route is created for the address configured on the interface, vrrpd receives the addition, then update the track route state accordingly. When this is not being received at the vrrpd, tracking routes might become unknown. PR1638378

Juniper Extension Toolkit (JET)

  • The jsd process might take some time to detect abrupt termination of the socket at the collector or client side in certain cases. This can occur when flapping the interface on which the collector is connected to the router or when a firewall terminates the client port. In such cases, the client must wait for the connection termination to be detected, which could take around 1 hour, or restart the jsd process before being able to reconnect with the same client ID. PR1549044

Layer 2 Ethernet Services

  • If the request system zeroize does not trigger zero-touch provisioning (ZTP), reinitiate the ZTP as a workaround. PR1529246

  • On all Junos OS platforms configured as DHCP server or relay agent, the file system storage under /var directory might get filled up with DHCP event rate analyzer (ERA) logs, which is enabled by default and might result in other processes not having storage space to log details of router functionality. PR1617695

  • On MX Series platforms, the jdhcpd process might crash and dump core files in a DHCP or DHCPv6 environment when the device is configured as a relay agent or server with the active-leasequery configuration. This might lead to subscriber termination and DHCP relay binding state of the terminating subscriber shows as Release state. PR1625011


  • On MPC7E line card, the BFD session flaps during unified ISSU and the issue is not seen frequently. PR1453705

  • When we configure the minimum-bandwidth, the LSP is still resignalled with the previously configured minimum-bandwidth and not the currently configured minimum-bandwidth. PR1526004

  • The single hop BFD sessions might flap sometimes after GRES in a highly scaled setup which have RSVP link or link-node-protection bypass enabled. This happens because the RSVP neighbor goes down sometimes after GRES if RSVP hellos are not received before neighbor time out happens. As a result of the RSVP neighbor goes down, RSVP installs a /32 route pointing to bypass tunnel which is required to signal backup LSPs. This route is removed when all LSPs stop using bypass after the link comes back. The presence of this /32 route causes BFD to flap. PR1541814

  • The RSVP interface update threshold configuration syntax has changed between Junos OS Release 18.2X75-D435 and Junos OS Release 20.3X75-D10 to include curly braces around the threshold value. Upgrading and downgrading between these releases is not entirely automatic. The user must delete this stanza if configured before downgrading and then manually reconfigure. PR1554744

  • If IS-IS-TE or OSPF-TE is enabled, but extended admin groups (which is configured under routing-options) are configured after the peer router advertises the extended admin groups, the LSP with extended admin groups constraints might fail to be established. PR1575060

  • With the local reversion ON, there is a possibility of transit router not informing headend of RSVP disabled link when link is flapped more than once. As a workaround, remove the local-reversion configuration. PR1576979

  • The use-for-shortcut statement is meant to be used only in SR-TE tunnels which use strict SPF (SSPF) Algo 1 prefix SIDs. If the [set protocols isis traffic-engineering family inet-mpls shortcuts] and the [set protocols isis traffic-engineering tunnel-source-protocol spring-te] are configured on a device, and if any SR-TE tunnel using Algo 0 prefix SIDs is configured with the use-for-shortcut statement, it might lead to routing loops or rpd process core files. PR1578994

  • When a protected link goes down, MPLS gets tunnel local repair message from RSVP and trigger CSPF computation. Next, MPLS gets link protection information through RRO notification. If MPLS receives TED notification first before RRO notification, then CSPF computation fails. Because the link protection flag is not set, MPLS thinks it is an unprotected link and brings down the LSP. PR1598207

Network Management and Monitoring

  • When the ephemeral instance is deleted, physical files related to the instance is not deleted and the content of the file will remain as it is and might cause the device to behave uncertain. PR1553469

  • The shm-rtsdbd daemon generates core files when the services configuration is deactivated or activated. PR1610594

Platform and Infrastructure

  • On MX Series platforms with MPC7, MPC8, MPC9 line card or MX-204 and MX-10003, when the packets which exceed the MTU and whose DF-bit is set go into a tunnel (such as GRE and LT), they might be dropped in the tunnel egress queue. PR1386350

  • The following error message is observed during unified ISSU: Async XTXN Error PPE/Context 9/13 @ PC 0x6f77: sampling_li_launch_nh. The traps are the result of PPE commands injected from the host. One possible reason might be Layer 2 BD code, which is trying to decrement BD MAC count in the data plane. It is unlikely that there is a packet loss during this condition. This could happen during unified ISSU and this might be due to a problem with the ISSU counter morphing used for LU-based cards, where certain counters are not disabled or disabled too late during unified ISSU. PR1426438

  • Arrival rates are not seen at system level when the global-disable fpc is configured. PR1438367

  • Loss of traffic on switchover when using filter applied on logical interface. PR1487937

  • When GRES and NSR functionality with VXLAN feature, the convergence time might be slightly higher than expected for Layer 2 domain to Layer 3 VXLAN. PR1520626

  • When the DHCP relay mode is configured as no-snoop, we observe the offer gets dropped due to incorrect ASIC programming. This issue happens only while running DHCP relay on EVPN-VXLAN environment. PR1530160

  • On MX Series platforms with XM chipset based line card installed, when the line card experiences the XMCHIP_CMERROR_DDRIF_PROTECT_WR_RD_SRAM_RUNN_CHKSUM CM error, the disable-pfe action will be involved. This issue causes the Packet Forwarding Engine to be disabled and traffic lost. PR1568072

  • On MX Series platforms, FPC gets restarted and thereby disrupting traffic when there is an out-of-order filter state. This issue might be seen only in back-to-back GRES in more than 40 to 50 iterations. PR1579182

  • Ethernet-output-bytes are not in expected range while verifying Ethernet MAC level with both IPv4 and IPv6 traffic for VLAN tagged interfaces. The issue is due to output byte count not getting updated properly. The script log shows that there is no packet loss and there is no functional impact. PR1579797

  • MS-PIC RPM probes with large data-size is failing at random. PR1602508

  • On all MX Series platforms, in a rare case when CoS classifier binding message received before logical interface family creation message to Packet Forwarding Engine, traffic might be classified with default classifier instead of custom classifier. Due to this, traffic might not be classified and mapped to the right queue resulting in inappropriate CoS treatment for the traffic. PR1619630

  • On MX Series platforms, during reboot, the aggregated Ethernet logical interfaces are first added, then deleted and again added, this flapping causes corner case where the filter attachment ipc has older aggregated Ethernet logical interface index on which the filter bind fails. Filter will not be attached to the interface, so any filter related service will not work. PR1614480

Routing Policy and Firewall Filters

  • On all Junos OS platforms with the set policy-options rtf-prefix-list configured, if you upgrade to a specific version, the device might fail to validate its configuration, which eventually causes rpd to crash unexpectedly due to a software fault. PR1538172

Routing Protocols

  • While interoperating with other vendors in a draft-rosen multicast VPN, by default Junos OS attaches a route target to multicast distribution tree (MDT) subsequent address family identifier (SAFI) network layer reachability information (NLRI) route advertisements. But some vendors do not support attaching route targets to the MDT-SAFI route advertisements. In this case, the MDT-SAFI route advertisement without route-target extended communities are prevented from propagating if the BGP route-target filtering is enabled on the device. PR993870

  • If delegated BFD sessions flap continuously, packet buffer memory might be leaked. The automatic memory leak detection process reports this within the syslog once a certain threshold is reached. The following error is displayed: fpc7 SHEAF: possible leak, ID 8 (packet(clones)) (10242/128/1024) on MX-MPC or fpc4 SHEAF: possible leak, ID 9 (packet(clones)) (255/1/5). Note that BFD sessions operating in centralized mode are not exposed. PR1003991

  • Certain BGP traceoption flags (for example, open, update, and keepalive) might result in (trace) logging of debugging messages that do not fall within the specified traceoption category. This results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294

  • LDP OSPF are in synchronization state because the IGP interface is down with the ldp-synchronization enabled for OSPF. As per the current analysis, the IGP interface goes down because although LDP notified OSPF that LDP synchronization was achieved. OSPF is not able to take note of the LDP synchronization notification because the OSPF neighbor is not up yet. PR1256434

  • In rare cases, RIP replication might fail as a result of performing NSR Routing Engine switchovers when the system is not NSR ready. PR1310149

  • On MX Series platforms, the following unexpected log message will appear if the show version detail or request support information CLI command is executed: user@host> show version detail *** messages *** Oct 12 12:11:48.406 re0 mcsnoopd: INFO: krt mode is 1 Oct 12 12:11:48.406 re0 mcsnoopd: JUNOS SYNC private vectors set. PR1315429

  • SCP command with routing Instance -JU is not supported. PR1364825

  • TILFA backup path fails to install in LAN scenario and also breaks SR-MPLS TILFA for LAN with more than four end-x SIDs configured per interface. PR1512174

  • Conformance issues with draft-ietf-idr-bgp-ext-opt-param. In previous versions of RFC 9072 (that is, draft-ietf-idr-bgp-ext-opt-param), the required optional-parameter length is 255 in order to trigger the updated behavior. Later editions of the internet draft permitted non-zero optional parameter length values to be used. PR1554639

  • Due to behavior change, if there is no IFA present in the interface, we do not encode the router ID in the hello packet by default. In current scenario between R1 and R2, we do not have any inet or inet6 address set for interfaces forming the adjacency in question. Then, in the show isis adjacency detail command output, we do not see IPv4 or IPv6 address and it is shown that the adjacency is missing an IP address. PR1559079

  • With maximum number of logical interfaces (4000 GRE tunnels per Packet Forwarding Engine) with the following configuration:

    1. family inet, associated source, and destination for each tunnel.

    2. Configure the allow-fragmentation statement on one endpoint of the tunnel and configure the reassemble-packets on the other endpoint of the tunnel.

    With the above configuration, if you do deactivate chassis fpc slot, SLIP messages are observed. PR1581042

  • On all Junos OS platforms running BGP with Layer 2 VPN, kernel crash might be observed. PR1600599

  • When MPLS traffic engineering and the rib inet.3 protect core statement is enabled, then the transport routes in inet.3 will not be used for route resolution. PR1605247

  • On all Junos OS platforms, traffic drops when incorrect VPN labels are allotted. When there is a change in the next hop by BGP policy, the traffic is still forwarded to the old label. This leads to traffic drops for prefixes sending traffic to the old next hop. PR1617691

  • On all Junos OS platforms, if an aggregate route is configured under routing options, and if the from aggregate-contributor is used for many contributing routes (for example, more than 250-300 routes), the policy for these contributing routes might not work properly when the policy is exported. Due to this issue, the contributing routes might not be advertised properly. PR1629437

  • On all Junos OS platforms with multicast setup, the multicast forwarding cache might not get updated after deactivating the scope-policy configuration. This might result in the PIM register process to be incomplete and further multicast traffic to be dropped. PR1630144

  • When IS-IS database is cleaned, rpd crash might be observed. PR1631738

  • On all Junos OS platforms that support NSR, when the switchover-on-routing-crash is enabled, the rpd process crash will lead to Routing Engine switchover. In a highly scaled environment (about 15~19 million BGP routes), BGP session which is still sending update packets of size more than 2000 might flap even when NSR is enabled. This might lead to loss of traffic till the BGP session converges after the flap. This does not happen always but happens sporadically. The switchover can be either due to the rpd process crash or when switchover is performed manually. PR1632132

  • On all platforms with IS-IS multiple areas scenario, if the flood-group statement is enabled, IS-IS databases might not get synchronized between areas after clearing the IS-IS database or making the database change in any other way. This is because when the LSP is fragmented, only the first packet has the area ID list (for flood-group matching), while the rest of the fragmented LSPs do not have that list, which will result in these packets not being flooded, so that IS-IS will not work properly. PR1633858

  • On all Junos OS platforms running BGP, when a specific route is received from multiple places under a VRF, multipath route is getting formed even though the BGP route selection algorithm has the active route with higher local preference. Once multipath is formed, the traffic forwarding happens based on that, and it might result in some traffic going to an unwanted path. PR1635009

  • In a scenario where the single hop BFD of BGP, when multiple addresses of the same subnet are configured on the interface of the BFD session, the BFD session might go down. PR1635700

Services Applications

  • In an L2TP environment on L2TP LAC (L2TP access concentrator), a few L2TP tunnels might be stuck in downstate and might not be able to reestablish if the bbe-smgd process is restarted when these tunnels go down, which might impact the end customer to lose connectivity. PR1629104

  • On all MX platforms that support enhanced subscriber management (next generation subscriber management) with L2TP subscriber scenario, L2TP subscribers might get stuck in terminating state if the L2TP subscribers try to login. PR1630150

Subscriber Access Management

  • When performing unified ISSU from earlier releases to certain releases on MX Series platforms, accounting messages for new service on existing subscribers will have corrupted class attribute value, which might be rejected by RADIUS server. As a result, new service on existing subscribers might not get created. PR1624066

  • When the extensible subscriber services manager (ESSM) service is getting created on existing subscriber session, the class attribute is incorrectly formed. This happens when RADIUS sends class attribute in access accept messages after performing unified ISSU. PR1626718

User Interface and Configuration

  • The mgd process generates core file upon simultaneous rollback command in two different terminals of same router. It is a rare and corner case and is a timing issue. If this happens, the CLI session ends abruptly. PR1554696

  • In an EVPN-VXLAN scenario, mgd process generates core file when executing image upgrade command. The issue is seen on Virtual Chassis only, which can be avoided with a simple workaround by providing a valid package during upgrade command. PR1557628

  • After several ephemeral commits, interface configurations might get stuck and might not get updated on all Junos OS platforms. PR1598123

  • When performing commit check for the firewall and interface related configurations, if an operator uses the Ctrl+C to abort it, the dfwc and dcd might crash after performing another commit check. This issue will happen only with those daemons that follow the message-based commit check model (such as dfwc, dcd, rdmd, and fwa), and has no impact on other daemons. PR1600435


  • In some scenario (for example, configuring firewall filter), routers might show obsolete IPsec SA and NHTB entry even when the peer tear down the tunnel. PR1432925

  • Incorrect st0 logical interface deletion at spoke when multiple VPNs negotiate same destination address as TS. The general trigger is that when multiple VPNs configured have the traffic selectors which have the same remote-ip or subnet. And if one of the tunnels go down, the incorrect st0 route gets deleted. PR1601047