Open Issues

Some non-fatal interrupts (for example, CM cache or AQD interrupts) are logged as fatal interrupts. The following log messages will be shown on CM parity interrupt:

On MX104 platforms, when using the snmpbulkget or snmpbulkwalk (for example, used by the SNMP server) on a chassisd-related component (for example, jnxOperatingEntry), high CPU usage for chassis process and slow response might be seen because of a hardware limitation, which might also lead to a query time out on the SNMP client. In addition, the issue might not be seen while using an SNMP query for interface statistics. As a workaround, to avoid the issue, use either of the following approaches:

Use snmpget or snmpwalk instead of snmpbulkget or snmpbulkwalk and include the -t 30 option when doing the SNMP query. For example, snmpget -v2c -c XX -t 30.

Use the -t 30 option with snmpbulkget or snmpbulkwalk. For example, snmpbulkget -v2c -c XX -t 30. PR1103870

On MX platforms with FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter a single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. The following syslog message gets reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002.

The Junos OS chassis management error handling detects such a condition, raises an alarm, and disables the affected Packet Forwarding Engine entity. To recover this Packet Forwarding Engine entity, restart the FPC. Contact your Juniper Networks support representative if the issue persists even after the FPC restart. PR1254415

If a vmhost snapshot is taken on an alternate disk and there is no further vmhost software image upgrade, the expectation is that if the current vmhost image gets corrupted, the system boots with the alternate disk so the user can recover the primary disk to restore the state. However, the host root file system and the node boots with the previous vmhost software instead of the alternate disk. PR1281554

When you issue a show interface command to check the interface details, the system does not check whether the interface name provided is valid or invalid. The system will not generate an error message if the interface name is invalid. PR1306191

With aggregated Ethernet bundle or ECMP next hops configured with the adaptive load balancing feature requests a large chunk of jnh counter memory . If allocation requests are spread over an interval of time, then the memory allocator might not be able to handle all these requests and error messages are reported. There is no impact on traffic. PR1329704

Source MAC and TTL values are not updated for routed multicast packets in an EVPN VXLAN scenario. PR1346894

The backup Routing Engine might crash after GRES occurs continuously for more than 10 times. PR1348806

When VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter is not installed. PR1362609

The following log message might be seen on FPC with WINTEC mSATA SSD:

A few xe- interfaces go down with the following error message: if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840

The ping command might show variable latency values. This is expected for host generated ICMP traffic due to the design of the Packet Forwarding Engine queue polling the packets from ASIC. PR1380145

Due to a transient hardware condition, single-bit error (SBE) events are corrected and have no operational impact. Reporting of those events had been disabled to prevent alarms and possible unnecessary hardware replacements. This change applies to all platforms using Hybrid Memory Controller (HMC). PR1384435

Modifying the underlying interface on a demux0 interface with subscribers present on the underlying interface causes the FPC to generate core files. In the procedure to edit underlying-interface on a demux0, do the following check:

Verify that there are no subscribers existing on the underlying interface configured on the demux0.

Subscribers need to be moved out of the underlying interface before editing the underlying interface under demux0. PR1396157

The PTP master and the PTP slave port configuration accept only the PTP packets with multicast MAC address according to the port settings. If forwardable multicast is configured, only PTP packets with the forwardable MAC address is accepted and the non-forwardable is dropped. Similarly, if the link-local multicast is configured, only the PTP packets with the non-forwardable MAC address is accepted and forwardable is dropped. PR1442055

On MX10003 routers with Virtual Chassis, access facing FPC's CPU stays at 100 percent for 5 to 6 minutes after a configuration change. PR1447003

On VXLAN VNI (multicast learning) scaling, traffic issue is seen from VXLAN tunnel to Layer 2 interface. PR1462548

In DNS filtering, when DNS requests are sent from the server and implicit filters as well as routes to the service PIC are configured, it causes the DNS packets to loop. As a workaround, configure either static routes or implicit filters for forwarding DNS traffic to service PIC. It solves DNS packet looping issue. PR1468398

On MX Series platforms with the 3D 20x 1GE MIC installed, after performing ISSU, the FPC equipped with the MIC might crash and interfaces stay down. Due to this issue, the traffic on the MIC will be impacted. PR1480212

On MX204 and MX10003 routers with the MPC7E, MPC8E, MPC9E, MPC10E, and JNP10K-LC2101 line cards, the following syslog error appears occasionally: unable to set line-side lane config (err 30). This does not impact the service and can be ignored. PR1492162

When the show pfe filter hw filter-name filter name command is issued, the command fails to retrieve the Packet Forwarding Engine programming details of the filter. PR1495712

After the backup Routing Engine halts, CB1 goes offline and comes back online. This leads to rebooting of the backup Routing Engine and it shows the reboot reason as 0x1:power cycle/failure. There is no other functional impact due to this issue. PR1497592

When a VLAN member is specified as a string, the IF_MSG_IFL_VADDR TLV is not generated with the VLAN infoformation, and the MX Series with MPCs or MICs afttriostream is not updated with the nativevlanId and nativevlanenable flags. Thus, the packet is still treated as untagged, and when it reaches the trunk egress interface, it is dropped because the trunk interface does not allow untagged traffic to pass through. The issue is specific to platforms with ZT line cards. As a workaround, configure the interface-vlan-members statement with only numeral value only for VLANs. The VLAN members with input as a string is not supported in this release. PR1506403

A 10-Gigabit Ethernet interface configured with WAN-PHY framing might flap continuously if the hold-down timer is set to 0 (which is the default). This is not applicable to an interface with the default framing LAN-PHY. PR1508794

On a fully scaled system where all the slices are utilized by different families of CLI filters, if we try to delete one family and add or change another family with a higher number of filter terms, which requires either expansion of the filter or creation of a new filter, the Packet Forwarding Engine fails to add the new filter as we are getting out of sequence messages. The add or change of the filter is called earlier than the delete of another filter will free up the slices. PR1512242

A 35 seconds delay is added in reboot time. PR1514364

When an AMS physical interface is configured for the first time or any member of the AMS bundle is removed or added, the PICs on which the members of AMS bundle are present go for a reboot. There is a timer running in the AMS kernel which is used as a delay for the PIC reboot to complete and once that timer expires, AMS assumes that the PICs might have been rebooted, and it moves into next step of AMS finite state machine (FSM). In a scaled scenario, this rebooting of the PIC is delayed due to DCD. This is because when a PIC goes down, DCD is supposed to delete the physical interfaces on that PIC and the PIC reboot happens. But DCD is busy processing the scaled configuration and the physical interface deletion is delayed. This delay is much greater than the timer running in AMS kernel. When the timer expires, the FSM in AMS kernel incorrectly assumes the PIC reboot would be completed by then, but the reboot is still pending. By the time DCD deletes this physical interface, the AMS bundles are already up. Because of this, there is a momentary flap of the bundles. PR1521929

The rpd sensors generate core file during defer-continue case on a network churn. This will be a timing issue and will happen only when a particular node sensor information is being rendered and the same node went through some modification. PR1526503

On the MX Series platforms with next generation Routing Engine installed, after upgrading the Intel i40e-NVM firmware to version 6.01, the FRUs disconnection alarms might be seen along with traffic loss. Refer to the TSB17603 to upgrade Junos OS software and Intel i40e-NVM firmware. PR1529710

On MX150 routers, the following error messages are seen in the messages log file for the interfaces that have SFP installed in them: fpc0 FAILED(-1) read of SFP eeprom for port: 13. PR1529939

FIPS mode is not supported. PR1530951

Ping command does not work even though the ARP entry is present during continuous script executions due to BRCM KBP issue. PR1533513

After performing a unified ISSU in a Junos OS node slicing, the unified ISSU unsupported field replaceable unit (FRU) will stay offline until it brings back to online manually once ISSU is finished. This issue causes a service or traffic impact for the offline FRUs. PR1534225

When an image with the third party SDK upgrade (6.5.x) is installed, the CPU utilization might go up by around 5 percent. PR1534234

Flapping might be observed on channelized ports of MX Series routers during ZTP, when one of the ports is disabled on the supporting device. PR1534614

In rare instances, when the et- interface gets stuck and remains down between two particular ports on MPC5E, MPC4E, and CXP MIC line cards. The MAC chip in the line card goes to a condition where the EDC convergence state (adaptive algorithm state machine error) in the firmware remains at tracking while the et- interface is stuck and remains down. PR1535078

The request system software validate command is disabled currently for Junos OS Release 19.4 and later. You can validate the same using the request system software add command. PR1537729

The Socket to sflowd closed error comes up when the ukern socket to sflowd daemon (server) is closed. The error is rectified by itself as the client successfully reestablishes the connection in the subsequent attempts. When these errors are consistent, it indicates a communication issue between sflowd and the sFlow running on the FPC. PR1538863

In an EVPN-VXLAN scenario with the Layer 2 and Layer 3 multicast configurations, the vmcore process generates the core file on the primary and backup Routing Engines. PR1539259

On a scaled MX2020 router with vrf localisation enabled, when 4 million next hop scale and 800000 route scale are available, FPCs might go offline on GRES. Post GRES, router continues to report many fabric related CM_ALARMs. The FPC might continue to reboot and does not come online. Rebooting the primary and backup Routing Engine will help to recover and get router back into stable state. PR1539305

The following error message occurs when you reboot the device with the enterprise base configurations: Error BCMX: Failed to add lport 0x0 (unit , port ). -8: Entry exists. PR1541159

PTP to PTP noise transfer is passing for impairments profile 400nsp-p_1Hz, but failing for profile 400nsp-p_0.1Hz and lower bandwidth profiles as well. The issue is common to 10G also. PR1543982

After performing upgrade or downgrade on VM host platform, during restarting with the new image, the Wind River Linux (WRL) kernel might go into a deadlock state due to a race condition in advanced configuration and power interface component architecture (ACPICA) module in Linux kernel. This issue might cause the system to get stuck in continuous crashing state. It is a rare timing issue and currently only seen on WRL6 kernel based image during upgrade or downgrade. PR1544875

Intermittent license check core files are generated during the device initialization. License daemon will restart and start providing the required support. There is no service impact. PR1545175

A new alarm network-service mode mismatch between configuration and kernel setting is introduced. When unified ISSU or normal code upgrade is performed from images without new alarm commit to images with new alarm commit, then the transient false alarm will be seen. PR1546002

Hardware performance counters might not be correctly exported to the CLI when Packet Forwarding Engines are disabled. This is purely a display issue. PR1547890

100G AOC from third-party does not come up after multiple reboots. It recovers after enabling and disabling the interface. PR1548525

The following error message is observed: Feb 27 20:26:40 xolo fpc3 Cannot scan phys_mem_size.out. Please collect /var/log/*.out (0;0xdd3f6ea0;-1) (posix_interface_get_ram_size_info): Unknown error: -1. This log is harmless. PR1548677

In synce configuration, ESMC transmit is configured or if the chassis synchronization source configuration is deactivated or there are no active chassis synchronization source configurations present, it might lead to a commit error esmc-transmit. To avoid the error, include the chassis synchronization source. PR1549051

On MX10008 and MX10016 platforms, the keepalive value of chassisd socket between chassisd and line card is small. Due to this, when issues like short link-flaps/connection problem occur, the FPC reboots instead of reconnecting, which causes service impact. PR1550917

After a system reboot, BFD session status is in Init state. It is seen when we have both CFM and BFD configuration on the system and endpoint overlaps between CFM and BFD. PR1552235

Phone home supports captive portal with factory default configuration. Captive portal is used to enter activation code and to monitor bootstrap status of device using phone home feature. Starting Junos OS Release 20.4, support for captive portal for phone home bootstrap process is removed. PR1555112

5M DAC connected between QFX10002-60C and MX2010 does not link up. But with 1M and 3M DAC, this interoperation works as expected. There seems to be a certain SI or link-level configuration on both QFX10002-60C and MX2010. PR1555955

On the MPC11E line cards in BSYS, commit goes through when unified ISSU is initiated in the GNF.PR1556544

On the MPC9E line card, core files are generated when SFB becomes online after unified ISSU of a GNF. PR1556627

On high availability systems, when FPC0 (when node0 is primary) or FPC7 (when node1 is primary) is restarted (for example, with the request chassis fpc slot <> restart node local CLI command or due to dcpfe core files on the primary), that might cause FPC1 or FPC8 to restart, which might cause the preexisting TCP sessions to break and might not get reestablished by itself. The TCP sessions might need to be manually reestablished. PR1557607

On the MX10008 routers, the GRE keepalive adjacency state is down even though the GRE tunnel is in the up state. PR1559200

VE and CE mesh groups are default mesh groups created for a given routing instance. On adding VLAN or bridge domain, flood tokens and routes are created for both VE and CE mesh-group and flood-group. Ideally, VE mesh-group does not require a CE router where IGMP is enabled on CE interfaces. MX Series based CE boxes have unlimited capacity of tokens, so this would not be a major issue. PR1560588

In an MVPN scenario, if the next hop index of a group is not same between primary and backup after a NSR switchover, we might see a packet loss of 250 to 400 ms. PR1561287

The timingd-lc errors CdaExprClient: grpc api call ExprServerInfoGet failed" and "CdaExprClient: Failed to fetch server info error:5 are seen on all FPCs after restarting router or FPC. PR1561362

Due to a race condition, the show multicast route extensive instance instance-name output can display the session status as Invalid. Such an output is a cosmetic defect and not an indicative of a functional issue. PR1562387

Configure the interface hold time to avoid the additional interface flap. PR1562857

In a rare scenario, SPMB does not reply during FPC online which is moved from SLC mode to full line card mode. The FPC gets stuck as the training is not complete. PR1563050

When SLC is reconfigured from asymmetric mode to symmetric mode in a single commit, it is possible that on some occasions, one of the SLC shows chassis connection as dropped state. The SLC will come online and no functional impact is seen. PR1564233

When a MPLS p2mp template is configured over the default_p2mp template, the configuration change does not take effect and the old configuration remains active. PR1564795

Starting in Junos OS Release 21.1R1, Junos OS will be shipping with python3 (python2 is no longer supported). In ZTP process, if a python script is being downloaded, ensure the python script follows python3 syntax (there are certain changes between python2 and python3 syntax). Also, so far (that is, until Junos OS 20.4R1), the python script had #!/usr/bin/python as the first line (that is, the path of the python interpreter). The same needs to be changed to #!/usr/bin/python3 from Junos OS Release 21.1R1. PR1565069

In a dual CPE scenario, after RG0 failover, the best path link status shows as PARTIAL SLA VIOLATED instead of SLA MET due to active probe result is incorrect in certain scenarios. PR1565777

SyncE to PTP noise transfer passes for 400 ns p-p amplitude and frequency of 1 Hz, but fails for 200 ns p-p amplitude and frequency of 0.005 Hz. PR1566291

G.8273.2 transient response test fails. Issue exists for legacy line cards also. PR1566354

The chassisd logs flood with the pic_create_ifname: 0/0/0 pic type F050 not supported messages for every connected port. The flooding might happen every few seconds. PR1566440

If the inline services and services are applied to sub line cards (SLCs), some issues might happen during processing these services along with firewall process (dfwd) filter actions. Then it might cause SLCs to reboot and aftd to crash. PR1567313

With T-BC across multiple line card, average time error (cTE) test fails as there are other delays introduced, causing phase variation across line cards. PR1567662

Fusion cascade ports must not be hosted on the VPN core facing FPC. When VPN localisation is enabled in fusion or v44 setup, ensure cascade ports (satellite devices) are not part of VPN core facing FPC. PR1567850

The problem is with L1 node not reflecting correct bandwidth configured for tunnel services. When baseline has 1 G configuration on some FPC or PIC in groups global chassis and if we override with local chassis tunnel service in 10 G bandwidth scaled scenario. Out of 10 Gbps bandwidth configured, only 1 Gbps is allowed per 1 G speed configured in baseline configuration. PR1568414

Traffic might be dropped on MX Series platforms when the default route is changed in the inet.0 table. It might take 2 to 3 seconds to update in Packet Forwarding Engine . This issue will be recovered automatically. PR1568944

The PTP clock might fail to be locking and stuck in acquiring state at clock servo. PR1570310

BUM traffic replication over VTEP is sending out more packets than expected and there seems to be a loop. PR1570689

Part of the output of the show ptp lock-status detail command is missing while changing the interface configuration from the encapsulation Ethernet to the family inet. This issue is not seen every time and issue exists for legacy line cards also. PR1572047

On all Junos platforms, traffic loss might be observed due to a rare timing issue when performing frequent Interface Bridge Domain (IFBD) configuration modifications. This behavior is seen when the Packet Forwarding Engine receives out-of-order IFBD(s) from Routing Engine and might lead to the fxpc process crash and traffic drop. PR1572305

When trying to configure a separate rib-group for PIM in VRF, after performing the commit check, the following error might be seen: PIM: ribgroup vrf-mcast-v4 not usable in this context; all RIBs are not in instance vrf. PR1574497

When the scheduler configuration is not applied to all 8 egress queues of an interface and one or more egress queues is having buffer size remainder configuration, the distribution of buffer to egress queues with buffer size remainder is not distributed correctly, which might lead to unexpected tail drops. PR1575798

An alarm is raised due to a transient hardware problem with MIC does not get cleared automatically after MIC restart. PR1576370

Max ports used is not getting displayed properly for the show services nat pool pool-name detail command. PR1576398

On MX Series platforms with the MPC7E, MPC10E, MX-SPC3, and LC2103 line cards might become offline resulting in complete loss of traffic when the device is running on FIPS mode. The show chassis fpc pic-status command can be used to check the status of the line cards. PR1576577

When a firewall is configured with both discard and port-mirror as actions in the same term, mirrored packets are corrupted. PR1576914

On MX Series platforms, in a subscriber scenario with scaled around 32,000 connections, the replication daemon might generate core files or stop running, which results in failure on subscriber services on the new Routing Engine after the upgrade or GRES. PR1577085

When a sub line card (SLC) assigned to a GNF in a node sliced setup generates some PCIe alarms during boot up. This alarm does not have any functional impact and will resolve once the SLC is online. PR1578187

Snapshot banner message displays to reboot the system from primary disk using the request node reboot re disk1 command, but the correct command is request node reboot re0 disk1. PR1578556

This issue is caused by /8 pool with block size as 1. When the configuration is committed, the block creation utilizes more memory causing NAT pool memory shortage, which is currently being notified to the customer with syslog tagged RT_NAT_POOL_MEMORY_SHORTAGE. PR1579627

When MPC11E is sliced into Sub Line Cards (SLC) in a node sliced environment, it is possible that in some instances the multiple times restart of one SLC might cause the complete FPC to restart. This could cause a traffic impact. PR1581107

When a large number of subscribers attempt to subscribe na-grpcd, core file might be seen. All telemetry subscription connections will close and collectors have to subscribe again. PR1583161

On MX10003 router, PEM capacity might be incorrectly shown by the show chassis power command after a PEM swap. PR1587694

As part of filter configuration, the out-of-order scenario corner case validation is not handled at Packet Forwarding Engine. Because of this, the aftd process crashes at dfw_term_dictionary_get_next (term=0x0, dfw=0x7f1431da34c0) at ../../../../../src/pfe/common/applications/dfw/dfw_term.c:1460. PR1589619

Minor transient traffic drop will be seen during MBB of RSVP LSP without the optimize-adaptive-teardown statement. PR1590656

The subscriber logical interface might be in a stuck state after the extensible subscriber services manager (ESSM)is deleted. PR1591603

On all MX Series platforms, changing configuration AMS 1:1 warm-standby to load-balance or deterministic NAT might generate vmcore file and traffic loss might be seen. PR1597386

Read write lock is not acquired during the sysctl invocation. The assert triggered in the interface state function call leads to go Routing Engine 1 to debug (db>) prompt. PR1598814

After performing an upgrade, the peer device is rebooted or the peer interface is disabled or enabled, then the SFP-T port might remain in up state but might not forward traffic. PR1600291

On all Junos platforms, in configurations where a large number of tag next-hops have neighbor discovery (ND6) next hop as underlying next hop, upon refresh of ND6 entry because of any reason, a large number of updates are sent to the Packet Forwarding Engine. This update processing causes a spike in the CPU usage which might hamper some scheduled tasks if they occur simultaneously. PR1600318

When PTP is on default profile and PTPoE is configured in stateful with ordinary clock-mode configuration is not supported. The below unsupported configuration does not throw commit error.

The stateful port configuration for PTP over Ethernet and default profile is supported only on boundary clock mode and not on ordinary clock mode. As a workaround, change the clock-mode or to remove stateful configuration. PR1601843

When the interface transitions from down to up, the carrier transition counter value of a particular interface might be incorrect when the peer interface takes longer time to come up. Configuring the hold-time for up and down helps to resolve this issue. PR1601946

Core files will be observed in SPC3 when you change dslite configuration multiple times under service-set. PR1601977

When static routes are added with gr- interface names, there might be replication issues with MPLS next hops causing backup to generate core files. PR1601996

On MX Series platforms with MPC10E line card, output bps is not in the expected range on aggregated Ethernet interface for egress traffic. PR1602307

The convergence time degradation is seen in IS-ISv6, OSPFv2, and OSPFv3 when comparing convergence time with Junos OS Release 21.1R1.5. As it is a convergence time issue, many components are involved and hence need investigation of rpd, kernel, and Packet Forwarding Engine. PR1602334

In chassis with mix of MPC10 or MPC11 and MPC1 to MPC9 line cards, and aggregated Ethernet bundle configuration with member links on both MPC10/MPC11 and MPC1 to MPC9, packet loss might be seen for unicast packets on link flap using ifconfig down/up command in Routing Engine shell. PR1604073

In chassis with mix of MPC10 or MPC11 and MPC1 to MPC9 line cards, and aggregated Ethernet bundle configuration with member links on both MPC10/MPC11 and MPC1 to MPC9, packet loss may be seen for unicast packets on link flap when deleting aggregated Ethernet bundle and adding it again. PR1604450

In chassis with mix of MPC10 or MPC11 and MPC1 to MPC9 line cards, and aggregated Ethernet bundle configuration with member links on both MPC10/MPC11 and MPC1-MPC9, packet loss might be seen for unicast packets on link flap when deactivate and activate bundle. PR1604800

When performing downgrade on VM host platform, the following harmless error messages might be seen when issuing the request vmhost software add command: mkdir: cannot create directory '/tmp/partdisk-V6pHko/jrootfs/junos': File exists mkdir: cannot create directory '/tmp/partdisk-V6pHko/jrootfs/vm': File exists mkdir: cannot create directory '/tmp/partdisk-V6pHko/jrootfs/spare': File exists. PR1605915

On MX240, MX480, and MX960 routers with both MPC10E line card and MPC2, MPC3, MPC4, MPC5, and MPC6 based FPCs, when the MPC10E line card sends high traffic to MPC4E or other mentioned cards as the destination, the destination line card will not be able to cope up with MPC10E line card traffic flow. PR1606296

The dfwd core files are generated when accessing ephemeral date base files which is deleted through script. PR1609201

On all Junos OS platforms, when disabling the physical interface where GRE tunnels is established and performing a GRES. After GRES, enabling the physical interface will cause the BFD to become stuck in init state. PR1609630

In MX240, MX480, and MX960 routers with SCBE3-MX and enhanced midplane, in some rare cases, if huge traffic is flooded from MPC7, MPC8, and MPC9 line card to MPC2E, MPC3E, MPC4E, and MPC5E line card, and flaps the interface on MPC2E, MPC3E, MPC4E, and MPC5E, it will cause the unexpected request time errors on MPC7, MPC8, and MPC9 line cards because the MPC2E, MPC3E, MPC4E, and MPC5E line cards might not be able to handle such high volume of requests. It causes the Packet Forwarding Engine destinations to become unreachable even when the fabrics are online. Then the Packet Forwarding Engine, SIB, SCBE, FPCs might reboot automatically while these accumulated fabric errors hit the fabric connectivity restoration conditions of the fabric healing process (FHP). PR1612957

In some NAPT44 and NAT64 scenarios, duplicate SESSION_CLOSE syslog error will be seen. PR1614358

In Junos subscriber management environment, when the subscriber with the input service-filter configured in the service under dynamic profile fails when modified using Change-of-Authorization (CoA). CoA NAK is received when the input-service-filter is modified. PR1614903

On all MX Series platforms with MPC10 line card (AFT based MPC), if the filter is created with the resolved filter and deactivating filter attached to interface after MPC reboot, no filter found error might be seen when the device have multiple filters configured across different families. Due to this, filter might not be effective and counter fetch might not work. PR1616067

The transit IPv4-over-IPv6 encapsulated packets cannot pass through using IP over IP interface. This behavior has been seen on transit packets only. PR1618391

On all MX platforms running Junos OS with enhanced subscriber management environment, agent circuit identifier (ACI)-based dynamic VLAN session might fail when the size of the PPPoE vendor specific (VS) tags containing ACI and access line characteristics TLVs, exceeds 80 bytes, which would not allow the client to login. PR1619122

On MX platforms with subscriber management redundancy, if DHCP active lease query (ALQ) is configured without the topology discover and the no-advertise-routes-on-backup statement is configured, DHCP ALQ connection might not be established and DHCP subscribers might not be synchronized to backup Broadband Network Gateway (BNG). PR1620544

When the PHY-sync state of a line card moves to FALSE permanently, it fails to send a degraded clock class to its downstream neighbors. PR1622108

In a virtual router environment, there is a variance with respect to the traffic being passed through the interface where the accounting is enabled. PR1622514

Port speed shows as 100G even though chassis configuration is set for 40G. This is just a cosmetic display issue. PR1623237

This is a product limitation for MX SPC3 with new junos-ike architecture. The issue is seen when we have any-any TS configured and any-any TS negotiated (both in IPv4 and IPv6). As a workaround, do not configure any-any TS when it is sure that negotiated traffic selector for the IPsec tunnel will also be any-any. When there is no TS configured, the scenario might be treated as proxy-id case and bypasses the issue without having any impact on the described scenario. PR1624381

If option 80 ahead of option 82 in the client's DHCP discover packet, the auto-configure feature can not extract the subscriber's agent circuit-ID (ACI) and agent remote-ID (ARI). This leads to authentication failure when creating the dynamic VLAN interface where option 82 is requested. PR1626558

On all Junos OS platforms, the line card might crash and reload in an EVPN-MPLS scenario when there is a MAC move from local to remote and the request to delete MAC entry is received from remote. Core files are generated and complete traffic loss might be observed until the line card is reloaded. PR1627617

The MPC10E line card crashes without any known trigger. PR1627986

On MX Series platforms with MPC10, and MPC11 line card, and MS-MPC/MS-MIC are used, if aggregated multiservices (AMS) interface is configured as next hop with equal cost multipath (ECMP), load balancing does not happen properly according to source IP hashing. PR1628076

In a scaled subscriber service accounting scenario (~32K logical interfaces), if the flat-file-profile is configured with the use-fc-ingress-stats statement, the memory leak on pfed process might occur and if it crosses 80 percent of the total allocated memory of the process, it might crash. PR1628139

On all Junos OS platforms, when unified ISSU is aborted, l2ald might not be able to read issu abort notification. The l2ald might be stuck in the issu state and will not process new events while in issu state. PR1629678

The rpd process generates core file with the warm-standby configurations due to reference counting issues. PR1631871

On MX platforms enabled with the dynamic-profiles for subscribers and the subscribers are configured over aggregate Ethernet interface with the targeted-distribution. When the child links of the aggregate Ethernet interface are removed and then added, it could lead to bbe-smgd crash in the backup Routing Engine. This in turn could affect the control plane subscriber services when the primary Routing Engine fails during such event. PR1633392

A few duplicate packets might be seen in an AA EVPN scenario when the remote provider edge device sends a packet with an IM label due to MAC not learned on the remote PE device, but learned on the AA local PE device. The nondesignated forwarder sends the IM-labeled encapsulated packet to the PE-CE interface after MAC lookup instead of dropping the packet, which causes the duplicate packets to be seen on the customer edge side. PR1245316

The VXLAN OAM host bound packets are not throttled with DDoS policers. PR1435228

On all Junos platforms in an EVPN-VXLAN to EVPN-MPLS stitching scenario, traffic loss might be seen with data forwarder (DF) changes when the traffic flows from VXLAN to MPLS. The traffic loss occurs till MAC IP ages out. PR1515096

In a PBB-EVPN environment, the ARP suppression feature, which is not supported by the PBB might be enabled unexpectedly. This might cause the MAC addresses of the remote customer edge device not to be learned and hence the traffic loss might be seen. PR1529940

VM core files are generated during evp-mpls script running while performing GRES. PR1580313

EVPN-MPLS multihoming control MACs are missing after VLAN ID removal and adding it back to a trunk logical interface of one of the multihoming PE devices. This is not a recommended way to modify VLAN ID configuration. Always both multihoming PE devices needs to be in symmetric. PR1596698

In an EVPN-VXLAN scenario in a datacenter and EVPN-MPLS in a WAN, and the stitching is done with an LT interface, then the bridge MAC table learning entries do not work as expected for EVPN-VXLAN routing instance. This might occur after the restart interface-control command is issued on gateways. PR1600310

In EVPN VXLAN scenario, with the proxy-macip-advertisement statement is configured, a few ARP/ND/MAC entries might get missed. PR1609322

MAC IP moves across L2-DCI is not updated in MAC-IP table of the gateway nodes. This problem happens only with the translation VNI when the MAC is moved from DC1 to DC2. VM moves across DC where there is no translate VNI configuration in the interconnect works as designed. PR1610432

Use 512 antireplay window size for IPv6 in fat-tunnel. The ESP sequence check might otherwise report out-of-order packets if the fat-tunnel parallel encryption is within 384 packets (12 cores * 32 packets in one batch). Hence there are no out-of-order packets with 512 antireplay window size. PR1470637

The show firewall log detail command shows the packet length for ICMPv6 as 0. PR1184624

The configuration statement fast-lookup-filter with match condition is not supported in FLT hardware and might cause a traffic drop. PR1573350

On MX Series platforms, when filter-based forwarding (FBF) is configured with the next-interface action and if the interface participating in the filter gets flapped due to any reasons, notification to update the filter action is initiated. It might result in FPC crash with core dump. This might be due to a rare timing issue. PR1622585

If you perform GRES with the interface em0 (or fxp0) disabled on the primary Routing Engine, then enabling the interface on the new backup Routing Engine might result in losing network access. PR1372087

If an interface is configured for single VLAN or multiple VLANs and all these VLANs of this interface have igmp-snooping enabled, then this interface will drop HSRPv2 packets. But if some VLANs do not have igmp-snooping enabled, then the interface works fine. PR1232403

The following messages are seen during FTP: ftpd[14105]: bl_init: connect failed for /var/run/blacklistd.sock (No such file or directory). PR1315605

The IFDE: Null uint32 set vector, ifd and IFFPC: 'IFD Ether uint32 set' (opcode 151) error message is observed continuously in AD with base configurations. PR1485038

The show system processes detail CLI command does not display CPU details under the CPU column. PR1588150

The CLI output for the show interfaces transport pm otn current interface command has a formatting issue with the interval range. The correct range information is returned in the commands XML message. The information can be displayed by redirecting the command output to display xml.PR1560533

The issue is seen in a scaled setup with 296 LM sessions with iterator cycle time interval (100ms). It seems there is degradation in scale number (OAM packet rate at ~5500). At this qualified PPS, now LMR packet loss is observed but the functionality seems to be fine. To avoid LMR packet loss, reduce the scale number and keep the OAM packet value to less than 5500 pps. PR1561397

Delay in application of CLI configuration by DCD when aggregated Ethernet interface members are configured via JET API. PR1621482

On all Junos OS platforms, the duplicate VLAN-ID on untagged interface gr-x/x/x.xxx: conflicts with unit 1 syslog message might be seen and dcd process might be crashed if the same VLAN is configured on the GRE tunnel interfaces. PR1633339

In a Layer 3 VPN scenario with the routing-options forwarding-table chained-composite-next-hop ingress l3vpn statement is configured, if VRRP route tracking is used to track routes inside a VRF, and if such routes are with composite next hop, they might be marked as down even they are present in the VRF, hence the VRRP route tracking might not work properly. PR1635351

On all Junos OS platforms, after upgrading, the VRRP state will not be correct and tracking routes of VRRP might show as unknown. The intended router might not be the VRRP master instead the peer router with less priority will be master. The route states are not correct because route add messages are not received at vrrpd after activation of the interface. When the interface is activated an interface route is created for the address configured on the interface, vrrpd receives the addition, then update the track route state accordingly. When this is not being received at the vrrpd, tracking routes might become unknown. PR1638378

The jsd process might take some time to detect abrupt termination of the socket at the collector or client side in certain cases. This can occur when flapping the interface on which the collector is connected to the router or when a firewall terminates the client port. In such cases, the client must wait for the connection termination to be detected, which could take around 1 hour, or restart the jsd process before being able to reconnect with the same client ID. PR1549044

If the request system zeroize does not trigger zero-touch provisioning (ZTP), reinitiate the ZTP as a workaround. PR1529246

On all Junos OS platforms configured as DHCP server or relay agent, the file system storage under /var directory might get filled up with DHCP event rate analyzer (ERA) logs, which is enabled by default and might result in other processes not having storage space to log details of router functionality. PR1617695

On MX Series platforms, the jdhcpd process might crash and dump core files in a DHCP or DHCPv6 environment when the device is configured as a relay agent or server with the active-leasequery configuration. This might lead to subscriber termination and DHCP relay binding state of the terminating subscriber shows as Release state. PR1625011

On MPC7E line card, the BFD session flaps during unified ISSU and the issue is not seen frequently. PR1453705

When we configure the minimum-bandwidth, the LSP is still resignalled with the previously configured minimum-bandwidth and not the currently configured minimum-bandwidth. PR1526004

The single hop BFD sessions might flap sometimes after GRES in a highly scaled setup which have RSVP link or link-node-protection bypass enabled. This happens because the RSVP neighbor goes down sometimes after GRES if RSVP hellos are not received before neighbor time out happens. As a result of the RSVP neighbor goes down, RSVP installs a /32 route pointing to bypass tunnel which is required to signal backup LSPs. This route is removed when all LSPs stop using bypass after the link comes back. The presence of this /32 route causes BFD to flap. PR1541814

The RSVP interface update threshold configuration syntax has changed between Junos OS Release 18.2X75-D435 and Junos OS Release 20.3X75-D10 to include curly braces around the threshold value. Upgrading and downgrading between these releases is not entirely automatic. The user must delete this stanza if configured before downgrading and then manually reconfigure. PR1554744

If IS-IS-TE or OSPF-TE is enabled, but extended admin groups (which is configured under routing-options) are configured after the peer router advertises the extended admin groups, the LSP with extended admin groups constraints might fail to be established. PR1575060

With the local reversion ON, there is a possibility of transit router not informing headend of RSVP disabled link when link is flapped more than once. As a workaround, remove the local-reversion configuration. PR1576979

The use-for-shortcut statement is meant to be used only in SR-TE tunnels which use strict SPF (SSPF) Algo 1 prefix SIDs. If the [set protocols isis traffic-engineering family inet-mpls shortcuts] and the [set protocols isis traffic-engineering tunnel-source-protocol spring-te] are configured on a device, and if any SR-TE tunnel using Algo 0 prefix SIDs is configured with the use-for-shortcut statement, it might lead to routing loops or rpd process core files. PR1578994

When a protected link goes down, MPLS gets tunnel local repair message from RSVP and trigger CSPF computation. Next, MPLS gets link protection information through RRO notification. If MPLS receives TED notification first before RRO notification, then CSPF computation fails. Because the link protection flag is not set, MPLS thinks it is an unprotected link and brings down the LSP. PR1598207

When the ephemeral instance is deleted, physical files related to the instance is not deleted and the content of the file will remain as it is and might cause the device to behave uncertain. PR1553469

The shm-rtsdbd daemon generates core files when the services configuration is deactivated or activated. PR1610594

On MX Series platforms with MPC7, MPC8, MPC9 line card or MX-204 and MX-10003, when the packets which exceed the MTU and whose DF-bit is set go into a tunnel (such as GRE and LT), they might be dropped in the tunnel egress queue. PR1386350

The following error message is observed during unified ISSU: Async XTXN Error PPE/Context 9/13 @ PC 0x6f77: sampling_li_launch_nh. The traps are the result of PPE commands injected from the host. One possible reason might be Layer 2 BD code, which is trying to decrement BD MAC count in the data plane. It is unlikely that there is a packet loss during this condition. This could happen during unified ISSU and this might be due to a problem with the ISSU counter morphing used for LU-based cards, where certain counters are not disabled or disabled too late during unified ISSU. PR1426438

Arrival rates are not seen at system level when the global-disable fpc is configured. PR1438367

Loss of traffic on switchover when using filter applied on logical interface. PR1487937

When GRES and NSR functionality with VXLAN feature, the convergence time might be slightly higher than expected for Layer 2 domain to Layer 3 VXLAN. PR1520626

When the DHCP relay mode is configured as no-snoop, we observe the offer gets dropped due to incorrect ASIC programming. This issue happens only while running DHCP relay on EVPN-VXLAN environment. PR1530160

On MX Series platforms with XM chipset based line card installed, when the line card experiences the XMCHIP_CMERROR_DDRIF_PROTECT_WR_RD_SRAM_RUNN_CHKSUM CM error, the disable-pfe action will be involved. This issue causes the Packet Forwarding Engine to be disabled and traffic lost. PR1568072

On MX Series platforms, FPC gets restarted and thereby disrupting traffic when there is an out-of-order filter state. This issue might be seen only in back-to-back GRES in more than 40 to 50 iterations. PR1579182

Ethernet-output-bytes are not in expected range while verifying Ethernet MAC level with both IPv4 and IPv6 traffic for VLAN tagged interfaces. The issue is due to output byte count not getting updated properly. The script log shows that there is no packet loss and there is no functional impact. PR1579797

MS-PIC RPM probes with large data-size is failing at random. PR1602508

On all MX Series platforms, in a rare case when CoS classifier binding message received before logical interface family creation message to Packet Forwarding Engine, traffic might be classified with default classifier instead of custom classifier. Due to this, traffic might not be classified and mapped to the right queue resulting in inappropriate CoS treatment for the traffic. PR1619630

On MX Series platforms, during reboot, the aggregated Ethernet logical interfaces are first added, then deleted and again added, this flapping causes corner case where the filter attachment ipc has older aggregated Ethernet logical interface index on which the filter bind fails. Filter will not be attached to the interface, so any filter related service will not work. PR1614480

On all Junos OS platforms with the set policy-options rtf-prefix-list configured, if you upgrade to a specific version, the device might fail to validate its configuration, which eventually causes rpd to crash unexpectedly due to a software fault. PR1538172

While interoperating with other vendors in a draft-rosen multicast VPN, by default Junos OS attaches a route target to multicast distribution tree (MDT) subsequent address family identifier (SAFI) network layer reachability information (NLRI) route advertisements. But some vendors do not support attaching route targets to the MDT-SAFI route advertisements. In this case, the MDT-SAFI route advertisement without route-target extended communities are prevented from propagating if the BGP route-target filtering is enabled on the device. PR993870

If delegated BFD sessions flap continuously, packet buffer memory might be leaked. The automatic memory leak detection process reports this within the syslog once a certain threshold is reached. The following error is displayed: fpc7 SHEAF: possible leak, ID 8 (packet(clones)) (10242/128/1024) on MX-MPC or fpc4 SHEAF: possible leak, ID 9 (packet(clones)) (255/1/5). Note that BFD sessions operating in centralized mode are not exposed. PR1003991

Certain BGP traceoption flags (for example, open, update, and keepalive) might result in (trace) logging of debugging messages that do not fall within the specified traceoption category. This results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294

LDP OSPF are in synchronization state because the IGP interface is down with the ldp-synchronization enabled for OSPF. As per the current analysis, the IGP interface goes down because although LDP notified OSPF that LDP synchronization was achieved. OSPF is not able to take note of the LDP synchronization notification because the OSPF neighbor is not up yet. PR1256434

In rare cases, RIP replication might fail as a result of performing NSR Routing Engine switchovers when the system is not NSR ready. PR1310149

On MX Series platforms, the following unexpected log message will appear if the show version detail or request support information CLI command is executed: user@host> show version detail *** messages *** Oct 12 12:11:48.406 re0 mcsnoopd: INFO: krt mode is 1 Oct 12 12:11:48.406 re0 mcsnoopd: JUNOS SYNC private vectors set. PR1315429

SCP command with routing Instance -JU is not supported. PR1364825

TILFA backup path fails to install in LAN scenario and also breaks SR-MPLS TILFA for LAN with more than four end-x SIDs configured per interface. PR1512174

Conformance issues with draft-ietf-idr-bgp-ext-opt-param. In previous versions of RFC 9072 (that is, draft-ietf-idr-bgp-ext-opt-param), the required optional-parameter length is 255 in order to trigger the updated behavior. Later editions of the internet draft permitted non-zero optional parameter length values to be used. PR1554639

Due to behavior change, if there is no IFA present in the interface, we do not encode the router ID in the hello packet by default. In current scenario between R1 and R2, we do not have any inet or inet6 address set for interfaces forming the adjacency in question. Then, in the show isis adjacency detail command output, we do not see IPv4 or IPv6 address and it is shown that the adjacency is missing an IP address. PR1559079

With maximum number of logical interfaces (4000 GRE tunnels per Packet Forwarding Engine) with the following configuration:

1. family inet, associated source, and destination for each tunnel.

2. Configure the allow-fragmentation statement on one endpoint of the tunnel and configure the reassemble-packets on the other endpoint of the tunnel.

With the above configuration, if you do deactivate chassis fpc slot, SLIP messages are observed. PR1581042

On all Junos OS platforms running BGP with Layer 2 VPN, kernel crash might be observed. PR1600599

When MPLS traffic engineering and the rib inet.3 protect core statement is enabled, then the transport routes in inet.3 will not be used for route resolution. PR1605247

On all Junos OS platforms, traffic drops when incorrect VPN labels are allotted. When there is a change in the next hop by BGP policy, the traffic is still forwarded to the old label. This leads to traffic drops for prefixes sending traffic to the old next hop. PR1617691

On all Junos OS platforms, if an aggregate route is configured under routing options, and if the from aggregate-contributor is used for many contributing routes (for example, more than 250-300 routes), the policy for these contributing routes might not work properly when the policy is exported. Due to this issue, the contributing routes might not be advertised properly. PR1629437

On all Junos OS platforms with multicast setup, the multicast forwarding cache might not get updated after deactivating the scope-policy configuration. This might result in the PIM register process to be incomplete and further multicast traffic to be dropped. PR1630144

When IS-IS database is cleaned, rpd crash might be observed. PR1631738

On all Junos OS platforms that support NSR, when the switchover-on-routing-crash is enabled, the rpd process crash will lead to Routing Engine switchover. In a highly scaled environment (about 15~19 million BGP routes), BGP session which is still sending update packets of size more than 2000 might flap even when NSR is enabled. This might lead to loss of traffic till the BGP session converges after the flap. This does not happen always but happens sporadically. The switchover can be either due to the rpd process crash or when switchover is performed manually. PR1632132

On all platforms with IS-IS multiple areas scenario, if the flood-group statement is enabled, IS-IS databases might not get synchronized between areas after clearing the IS-IS database or making the database change in any other way. This is because when the LSP is fragmented, only the first packet has the area ID list (for flood-group matching), while the rest of the fragmented LSPs do not have that list, which will result in these packets not being flooded, so that IS-IS will not work properly. PR1633858

On all Junos OS platforms running BGP, when a specific route is received from multiple places under a VRF, multipath route is getting formed even though the BGP route selection algorithm has the active route with higher local preference. Once multipath is formed, the traffic forwarding happens based on that, and it might result in some traffic going to an unwanted path. PR1635009

In a scenario where the single hop BFD of BGP, when multiple addresses of the same subnet are configured on the interface of the BFD session, the BFD session might go down. PR1635700

In an L2TP environment on L2TP LAC (L2TP access concentrator), a few L2TP tunnels might be stuck in downstate and might not be able to reestablish if the bbe-smgd process is restarted when these tunnels go down, which might impact the end customer to lose connectivity. PR1629104

On all MX platforms that support enhanced subscriber management (next generation subscriber management) with L2TP subscriber scenario, L2TP subscribers might get stuck in terminating state if the L2TP subscribers try to login. PR1630150

When performing unified ISSU from earlier releases to certain releases on MX Series platforms, accounting messages for new service on existing subscribers will have corrupted class attribute value, which might be rejected by RADIUS server. As a result, new service on existing subscribers might not get created. PR1624066

When the extensible subscriber services manager (ESSM) service is getting created on existing subscriber session, the class attribute is incorrectly formed. This happens when RADIUS sends class attribute in access accept messages after performing unified ISSU. PR1626718

The mgd process generates core file upon simultaneous rollback command in two different terminals of same router. It is a rare and corner case and is a timing issue. If this happens, the CLI session ends abruptly. PR1554696

In an EVPN-VXLAN scenario, mgd process generates core file when executing image upgrade command. The issue is seen on Virtual Chassis only, which can be avoided with a simple workaround by providing a valid package during upgrade command. PR1557628

After several ephemeral commits, interface configurations might get stuck and might not get updated on all Junos OS platforms. PR1598123

When performing commit check for the firewall and interface related configurations, if an operator uses the Ctrl+C to abort it, the dfwc and dcd might crash after performing another commit check. This issue will happen only with those daemons that follow the message-based commit check model (such as dfwc, dcd, rdmd, and fwa), and has no impact on other daemons. PR1600435

In some scenario (for example, configuring firewall filter), routers might show obsolete IPsec SA and NHTB entry even when the peer tear down the tunnel. PR1432925

Incorrect st0 logical interface deletion at spoke when multiple VPNs negotiate same destination address as TS. The general trigger is that when multiple VPNs configured have the traffic selectors which have the same remote-ip or subnet. And if one of the tunnels go down, the incorrect st0 route gets deleted. PR1601047