Open Issues

On MX platforms, deactivating or activating the target-mode using the set chassis satellite-management fpc target-mode command leads to a bad state at the Packet Forwarding Engine on the extended ports, which leads to traffic disruption. PR1593059

On MX platforms with MPC10 and MPC11 line cards, if you apply Class-of-Service (CoS) ieee-802.1 rewrite rule on the aggregated Ethernet interface with VLAN circuit cross-connect encapsulation, the rewrite rule might not work as expected. PR1604943

A few duplicate packets might be seen in an A/A EVPN scenario when the remote PE device sends a packet with an IM label due to MAC not learned on the remote PE device, but learned on the A/A local PE device. The nondesignated forwarder sends the IM-labeled encapsulated packet to the PE-CE interface after MAC lookup instead of dropping the packet, which causes duplicate packets to be seen on the CE side. PR1245316

With Junos OS Release 19.3R1, VXLAN OAM host-bound packets are not throttled with DDoS policers. PR1435228

In PBB-EVPN (Provider Backbone Bridging - Ethernet VPN) environment, ARP suppression feature which is not supported by PBB might be enabled unexpectedly. This might cause the MAC addresses of remote CEs not to be learned and hence traffic loss. PR1529940

EVPN-MPLS multi-homing control MACs are missing after vlan-id removal and adding back on a trunk IFL of one of the multi-homing PEs. This is not a recommended way to modify vlan-id configuration. Always both MH PE devices must be in symmetric. PR1596698

Issue occurs with translation VNI when MAC moved one from DC1 to DC2. VM move across DC where there is not translate VNI configuration in the interconnect works as expected. PR1610432

EVPN Local ESI MAC limit configuration might become effective immediately when it has already learned remote MH Macs. Clear the Mac table from all MH PE devices and configure the MAC limit over the local ESI interfaces. PR1619299

You can use an antireplay window size of 512 for IPv4 or IPv6 in fat-tunnel. The ESP sequence check might otherwise report out-of-order packets if the fat-tunnel parallel encryption is within 384 packets (12 cores * 32 packets in one batch). Hence, there are no out-of-order packets with 512 antireplay window size. PR1470637

fast-lookup-filter with match not supported in FLT hardware might cause the traffic to drop. PR1573350

AFEB crashes with PTP thread hog on the device. Through it fixes the PTP packet processing when PTP is enable, which is when PTP configuration is active. If the PTP configuration is not there, PTP packet processing is ignored even if FPGA displays PTP packet is available. PR1068306

On MX104 devices, when RE CPU usage is going high, sporadic I2C error message gets generated. The I2C access might succeed in the next polling. PR1223979

If a vmhost snapshot is taken on an alternate disk and there is no further vmhost software image upgrade, the expectation is that if the current vmhost image gets corrupted, the system boots with the alternate disk so the user can recover the primary disk to restore the state. However, the host root file system and the node boots with the previous vmhost software instead of the alternate disk. PR1281554

Backup Routing Engine might crash after GRES occurs continuously for more than 10 times. PR1348806

When VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter does not get installed. PR1362609

Due to transient hardware condition, single-bit error (SBE) events are corrected and have no operational impact. Reporting of those events had been disabled to prevent alarms and possibly unnecessary hardware replacements. This change applies to all Platforms using Hybrid Memory Controller (HMC). PR1384435

Due to a timing issue during the sxe interface bring up (w.r.t i40e driver). Recovery can be done by rebooting the complete board. PR1442249

In race condition, if a BGP route is resolved over the same prefix protocol next hop in a routing table that has routes of the prefix from different routing protocols, when the routes are flapping (firstly these routes are down and then up), the BGP route will be re-resolved, and then the rpd might crash. PR1458595

Either static routes (or) implicit filters should be configured for forwarding DNS traffic to service pic. It solves DNS packet looping issue. PR1468398

Currently, IP options are not supported for egress firewall attach points. The issue might occur in the IP-options router alert traffic not hitting the egress firewall filter. PR1490967

On MX204 and MX10003 routers, MPCs MPC7E through MPC10E, and JNP10K-LC2101, an error syslog unable to set line-side lane config (err 30) might be generated. PR1492162

When you run the show pfe filter hw filter-name filter name command, the command fails to retrieve the Packet Forwarding Engine programming details of the filter. PR1495712

After backup Routing Engine halt, CB1 goes offline and comes back online causing the backup Routing Engine to boot up and generate the 0x1:power cycle/failure message. PR1497592

On all platform with BGP SR-TE (Spring-TE), in the SR topology the transit IPv4 traffic might have missing labels and might get dropped in first hop, when ingress is forwarding traffic. All labels might be missed out except the last hop in the v4 traffic forwarded by nexthop interface. PR1505592

On a fully scaled system where all the slices are utilized by different families of CLI filters, if you try to call delete for one family and add/change for another family with a higher number of filter terms, which requires either expansion of the filter or creation of a new filter, the Packet Forwarding Engine fails to add the new filter. PR1512242

A delay of 35 seconds gets added in reboot time in Junos OS Release 20.2R1 compared to Junos OS Release 19.4R2. PR1514364

Active sensor check fails while issuing the show agent sensors | display xml command. PR1516290

When you configure an AMS ifd for the first time or any member of the AMS bundle is removed or added, the PICs on which the members of AMS bundle are present go for a reboot. There is a timer running in the AMS kernel which is used as a delay for the PIC reboot to complete and once that timer expires AMS assumes that the PICs might have been rebooted and it moves into next step of AMS fsm. In scaled scenarios, this rebooting of the PIC is delayed due to DCD. This is because when a PIC goes down, DCD is supposed to delete the IFDs on that PIC and then the PIC reboot happens. But DCD is busy processing the scaled config and the IFD deletion is delayed. This delay is much greater than the timer running in AMS kernel. When the above timer expires, the FSM in AMS kernel wrongly assumes the PIC reboot would be completed by then, but the reboot is still pending. By the time DCD deletes this IFD the AMS bundles are already UP. Because of this, there is a momentary flap of the bundles. PR1521929

On the MX platforms with NG-RE installed, after upgrading the Intel i40e-NVM firmware to version 6.01, the FRUs disconnection alarms may be seen along with traffic loss. PR1529710

Due to BRCM KBP issue route lookup might fail. PR1533513

After performing ISSU (In-Service Software Upgrade) on the Junos node slicing, the ISSU unsupported FRU (Field Replaceable Unit) stays offline until bringing online manually once ISSU finishes. This issue causes a service/traffic impact for the offline FRUs. PR1534225

The request system software validate command gets disabled currently from Junos OS Release 19.4 and later. Use the request system software add command to validate. PR1537729

If the Packet Forwarding Engine processes distributed IGMP pseudo ifl delete, it attempts to delete all associated multicast flows. On a scaled setup, deleting several thousand multicast flows hogs CPU for long time that gets killed by the scheduler, resulting in generating core file. PR1537846

The Socket to sflowd closed error message comes up when the ukern socket to sflowd daemon (server) is closed. The error is rectified by itself as the client successfully reestablishes the connection in the subsequent attempts. When these errors are consistent, it indicates a communication issue between sflowd and the sFlow running on the FPC. PR1538863

In scaled MX2020 router, with vrf localisation enabled, 4 million nexthop scale, 800,000 route scale. FPCs may go offline on GRES. Post GRES, router continues to report many fabric related CM_ALARMs. FPC may continue to reboot and not come online. Rebooting the primary and backup Routing Engine helps to recover and get router back into stable state. PR1539305

Broadcom has updated that BCMX calls are deprecated and needs to be replaced with BCM calls. PR1541159

PTP to PTP noise transfer is passing for impairments profile "400nsp-p_1Hz", but failing for profile "400nsp-p_0.1Hz" and lower BW profiles as well. The issue is common to 10g also. PR1543982

Hardware performance counters may not be correctly exported to the CLI when the Packet Forwarding Engine gets disabled. PR1547890

Validation of OCSP certificate may not go through for some CA servers using openssl . In some cases, when we get the ca address using getaadrinfo(), the gataddrinfo() api returns multiple entries of the same ca address. Due to this pkid creates multiple socket connections to the same CA and goes into busy state. PR1548268

100G AOC from Innolight does not comes up after multiple reboots.It recovers after interface enables or disables. PR1548525

The issue applies to the initial release of CBNG for 22.1. Running the help apropos command in the configuration mode causes an MGD core. The MGD comes back up and as long as the command is not issues again the core will not occur. PR1552191

When the telemetry data for a node which is streamed is deleted during a network churn and the same node is being walked/rendered for the sensor, RPD might core dump. This is a corner case where the rendering and deletion of a particular node has to happen at the same instance. This issue can occur only in case of a unstable network. PR1552816

5M DAC connected between QFX10002-60C and MX2010 doesn't link up. But with 1M and 3M DAC this interop works as expected. Also it is to be noted QFX10002-60C and ACX or Traffic generator the same 5M DAC works seamlessly. There seems to be certain SI or link level configuration on both QFX10002-60C and MX2010 which needs to be debugged with the help from HW and SI teams and resolved. PR1555955

VE and CE mesh groups are default mesh groups created for a given Routing instance. On VLAN/bridge-domain add, flood tokens and routes are created for both VE and CE mesh-group/flood-group. Ideally, VE mesh-group doesn't require on a CE router where IGMP is enabled on CE interfaces. PR1560588

Due to a race condition, the output of the show multicast route extensive instance instance-name command displays the session status as invalid. PR1562387

To avoid the additional interface flap, interface hold time needs to be configured. PR1562857

In a rare scenario, SPMB does not reply during FPC online which was moved from SLC mode to full line card mode. PR1563050

When SLC is reconfigured from asymmetric mode to symmetric mode in a single commit it is possible that on some occasions one of the SLC shows chassis connection dropped state. The SLC becomes online. PR1564233

Starting Junos OS Release 21.1R1, Junos OS ships with python3 (python2 is no longer supported). In ZTP process, if a python script is being downloaded, please ensure the python script follows python3 syntax (there are certain changes between python2 and python3 syntax). Also, so far (until 20.4R1), the python script had #!/usr/bin/python as the first line (the path of the python interpreter). The same needs to be changed to #!/usr/bin/python3 from 21.1R1 PR1565069

In Dual CPE scenario, after RG0 failover, the best path link status displayed as PARTIAL SLA VIOLATED instead of SLA MET due to active probe result gone wrong in certain scenarios. PR1565777

During the ingress processing we maintain separate counters for Layer 2 unicast, multicast, and broadcast as well as for unknown unicast. Whereas during egress processing we only maintain the ifl level stats after the wan out. Hence, at egress level output multicast counter always shows 0. PR1566436

Stale TCNH entries are seen in new primary Routing Engine after switchover with NSR even though all the prpd routes are deleted. These TCNH entries are present because NSR is not supported for BGP static programmable routes. This leads to an extra reference count in the backup Routing Engine, due to which the next hop is not freed. PR1566666

In an external server-based Junos Node Slicing scenario, the logical partitions (called sub line cards or SLCs) can be additionally configured for MX2K-MPC11E and assigned to different guest network functions (GNFs). If the inline services and services are applied to SLCs, some issues might happen during processing these services along with firewall process (dfwd) filter actions. It might cause SLCs to reboot and aftd crash. PR1567313

Packet Forwarding Engine error message Tunnel id: does not exist gets generated while executing the show dynamic-tunnel database statistics command after deactivating routing-options dynamic-tunnel when we have a high scale of tunnels. This is just a transient error message and has no functional impact. The error can appear while tunnels are getting deleted and will not be displayed after all the tunnels are deleted. PR1568284

In MX Series devices, the device may not send pause frames in case of congestion. PR1570217

Copying files to /tmp/ causes a huge JTASK_SCHED_SLIP. Copy files to /var/tmp/ instead. PR1571214

Under very rare conditions for HA cluster deployment, when it does RG0 failover and at same time, the control link is down, then it will hit this mib2d core because the primary Routing Engine and secondary Routing Engine are out of syncing dcd.snmp_ix information. PR1571677

On all Junos platforms, traffic loss might be observed due to a rare timing issue when performing frequent IFBD (Interface Bridge Domain) configuration modifications. This behavior is seen when the Packet Forwarding Engine receives out-of-order IFBD(s) from Routing Engine and might lead to the fxpc process crash and traffic drop. PR1572305

After Junos OS upgrade, MAC address changes will be seen on MPC9E PIC1 interfaces. Static MAC configurations will be affected. PR1575009

Max ports used is not getting displayed properly in the show services nat pool pool-name detail command. PR1576398

On MX platforms, in subscriber scenario with scaled around 32,000 connections, the Replication Daemon might generate core files or stop running, which results in failure on subscriber services on the new RE after the upgrade/GRES. The fix is to increase the max capacity of the ifl Stats DB shared memory. PR1577085

In EVPN/VXLAN scenario with OSPF configured over the IRB, OSPF sessions might not get established due to connectivity issues. PR1577183

This issue is caused by /8 pool with block size as 1, when the config is committed the block creation utilizes more memory causing NAT pool memory shortage which is currently being notified to customer with syslog tagged RT_NAT_POOL_MEMORY_SHORTAGE. PR1579627

In a fully loaded devices, at times, firewall programming was failing due to scaled prefix configuration with more than 64,800 entries. However, this issue is not observed in development setup. PR1581767

If a BSYS Routing Engine switchover is triggered by simulating a kernel crash on a node-sliced platform, the FPCs or SLCs stay in present state while the related GNFs become unreachable. A system reboot is required to resolve this issue. This issue is seen only in the MX2020 platform with the REMX2K-X8-128G Routing Engine. PR1584478

COS classifiers and rewrites not supported on a logical tunnel (LT interface) with Ethernet-CCC or Ethernet-bridge encapsulation. COSD does not prevent a commit but then the classifiers/rewrites are not bound to the LT interface at PFE and hence wont work. Sample configuration: set interfaces lt-11/0/0 unit 0 encapsulation ethernet-ccc set interfaces lt-11/0/0 unit 0 peer-unit 1 set interfaces lt-11/0/0 unit 0 statistics set interfaces lt-11/0/0 unit 1 encapsulation ethernet-bridge set interfaces lt-11/0/0 unit 1 peer-unit 0 set interfaces lt-11/0/0 unit 1 statistics set bridge-domains data vlan-id none set bridge-domains data interface lt-11/0/0.1 set bridge-domains data interface xe-11/0/3:2 set protocols l2circuit neighbor 1.1.2.1 interface lt-11/0/0.0 virtual-circuit-id 100 set class-of-service interfaces lt-11/0/0 forwarding-class expedited-forwarding Attaching fixed classifier to LT tunnel interface where the tunnel carries etherent-ccc/ethernet-bridge encapsulation. PR1585374

With preserve hierarchy statement ON and option c is used with BGP CT, the VPN CT stitching routes at ASBR if resolving over an SRTE tunnel having single label. Then, the forwarding mpls.0 route programming will be incorrect on MX boxes. PR1586636

The rpd process generates core file at rt_iflnh_set_nhid. Core is due to assertion caused by failure of hbt_insert for nhid belonging to an ifl. It is seen that there is a duplicate entry present which causes the hbt_insert failure. PR1588128

Transient Traffic drop will be seen during MBB of RSVP LSP without "optimize-adaptive-teardown delay 60" knob PR1590656

On all devices running Junos OS Release 19.1R3-S5-J3, the subscriber IFL(logical interface) might be in a stuck state after the ESSM (Extensible Subscriber Services Manager) deletion. PR1591603

On DUT with MPC11E linecard and scaled pseudowire headend termination configs,on performing iterative enahaced mode ISSU, PPE(packet processing engine) traps and BGP peer flaps are seen. These result in transient traffic loss of several minutes on DUT. traps and protocols flaps are NOT seen in first iteration, but subsequent iterations. RE and linecards are NOT rebooted between enhanced mode ISSU iterations. PR1593335

On a node sliced platform with mpc11e sliced into Sub Line cards it is possible that the syslog messagesdisplays the error message aftd-trio[13014]: [Error] IF:IfdCfgMsg, ifd not found, ifdIndex:2399, when GNF has configuration that does not pertain to the Packet Forwarding Engines. PR1594816

On all MX platforms, changing configuration AMS 1:1 warm-standby to load-balance or deterministic NAT may result in vmcore and cause traffic loss. PR1597386

Continuous offline/online of FPC multiple times can result into FPC restart at init state causing additional 2min in boot time. PR1599469

The show chassis fabric plane command might display incorrect plane status in some cases when injecting fec errors. PR1600187

In some instances, when FHP recovery action is performed on an SLC due to blackholing, the restart operation on the SLC may result may not be successful and the FHP recovery action may timeout. PR1600559

Frame stack messages are seeing during MPC11E subLC boot up, when subLC is added to GNF. PR1600749

When the interface transitions from down to up, the carrier transition counter value of a particular interface can be incorrect when the peer interface takes longer time to come up. Configuring hold-time for up and down helps to resolve. PR1601946

In Junos OS Release 21.1R2 and Junos OS Release 21.1R3, in chassis with mix of MPC10 or MPC11 and MPC1 to MPC9, and AE bundle configuration with member links on both MPC10/MPC11 and MPC1-MPC9, packet loss may be seen for unicast packets on link flap using ifconfig down/up command in the Routing Engine shell. PR1604073

During the Routing Engine switchover if there is a burst of ICMP/BFD/SSH/FTP/TELNET/RSVP packets (around 18,000 pps), new backup Routing Engine restarts. PR1604299

On aggregate Ethernet interfaces with some of the member links part of MPC10 or MPC11, and other member links part of other MPC type (MPC1 up to MPC9), if you delete an "ae" interface, other "ae" interfaces may experience unicast packet loss. PR1604450

In Junos OS Release 21.1R2 and Junos OS Release 21.1R3, in chassis with mix of MPC10 or MPC11 and MPC1 to MPC9, and AE bundle configuration with member links on both MPC10/MPC11 and MPC1-MPC9, packet loss might be seen for unicast packets on link flap using deactivate bundle/activate bundle. PR1604800

In Junos OS Release 21.1R2 and 21.1R3 release, in chassis with mix of MPC10 or MPC11 and MPC1 to MPC9, and AE bundle configuration with member links on both MPC10/MPC11 and MPC1-MPC9, packet loss may be seen for unicast packets on link flap using ifconfig down/up command in the Routing Engine shell. PR1604814

When fabric plane offline/online may results in destination error on line cards. PR1605770

On the MX240, MX480, and MX960 system with both MPC10E and MPC2, MPC3, MPC4, MPC5, and MPC6 based FPCs are installed, when MPC10E sends high traffic to MPC4E or other mentioned cards as the destination, the destination line card will not be able to cope up with MPC10E traffic flow. PR1606296

Issue occurs when there is an Packet Forwarding Engine error causing disable-pfe, not seen in the normal FRR switchover. PR1609768

Output of the show network agent command should be null, which shows statistic per component after GRES. PR1610325

In MX240, MX480, and MX960 platforms with SCBE3-MX and Enhanced midplane scenario, in some rare cases, if flooding huge traffic from MPC7, MPC8, and MPC9 to MPC2E, MPC3E, MPC4E, MPC5E and flapping the interface on MPC2E, MPC3E, MPC4E, and MPC5E, it will cause the unexpected request time errors on MPC7, MPC8, MPC9 since the MPC2E, MPC3E, MPC4E, MPC5E might not be able to handle such high volume of requests, it will cause PFE destinations to become unreachable even when the fabrics are online. Then PFE/SIB/SCBE/FPCs might reboot automatically while these accumulated fabric errors hit the fabric connectivity restoration conditions of the Fabric Healing process (FHP). PR1612957

In some NAPT44 and NAT64 scenarios, duplicate SESSION_CLOSE syslog messgae gets generated. PR1614358

On MX-SPC3 platform, a memory corruption is occurring in the iked daemon occasionally when ams interfaces are used in service-set configuration. Issue is occasionally seen in 21.2R2.4. Issue not seen at all from 21.2R2.8 onwards. PR1620115

When installing an IPv6 firewall filter using BGP flowspec, matching traffic counters displays 0 values. PR1623170

When traffic selector (optional parameter) and bind interface (required parameter) is configured for a vpn profile and static route is configured for the same remote ip (mentioned in the traffic selector) with same next-hop interface (mentioned in the bind-interface) on MX-SPC3 devices, then the static route takes preference over the route installed by the ipsec daemon (iked) based on the traffic selector, which causes data traffic loss as the packets are routed via the wrong route. PR1624062

On Junos OS Release 21.1R2.4, an issue has been introduced on the flowd (service-card) side where any protocol packet expect for TCP/UDP/ICMP/ICMPV6 gets dropped when NAT translation doesn't happen. The mentioned bug has been fixed from 21.2R2.8 junos version onwards. PR1624063

On MX platforms that use MPC11E cards, when fast-lookup-filter is enabled, traffic drop might be seen in the node slicing scenario. PR1626115

On MX Series platforms with MPC10/MPC11 and MS-MPC/MS-MIC are used, if aggregated multiservices (AMS) interface is configured as next-hop with equal-cost multipath (ECMP), load balancing will not happen properly according to source-ip hashing. PR1628076

Bad IP length packets (ip header length field > actual packet size) when encapsulated within MPLS are dropped as expected, but might trigger PPE traps in some cases. PR1628091

Zeroize RPC returns no positive reply. PR1630167

On MX platform with SPC3 service card installed, TFTP control sessions are getting refreshed with inactivity time out after data session is closed, causing the control session to stay in session table for some more time. Service impact is minor or negligible as the TFTP control session will eventually get deleted after timeout. PR1633709

On all MX platforms, when the interface (xe-0/0/x) is equipped with a QSA module, only channel 0 (xe-0/0/x:0) is supported and channels 1 to 3 are not supported, though they show up in the show interface command. But disabling laser for one of these non-supported channels puts the entire optics in low power. As a result, transmit power of channel 0 becomes 0 and the link goes down. PR1636874

On Junos platforms equipped with MPC10E/MPC11E/LC2301/MX10K-LC9600 line cards, when any 100G/400G interface with high priority class-of-service scheduler configuration flaps, it might result in series of error messages during high traffic flow. Eventually this would result in PFE-disable action, impacting the related traffic. However, the issue could be recovered after FPC reboot. PR1638410

USB installation requires a keypress before reboot to enable removal of USB device before system is restarted. Failing to remove USB stick will cause installation to start again. This fix prompts user for a keypress after installation and before reboot. PR1640143

JDHPCD core dump occurs when client attempts connection on pseudowire for dhcp-relay after JUNOS upgrade. PR1649638

On MX480 routers, remote-mep-state does not work as expected. PR1623960

When ip-fix transfers telemetry files and ntf-agent daemon closes or restartes, there could be a core with the backtrace (CRYPTO_THREAD_unlock). The daemon recovers by itself. PR1617568

In the MVPN case, if the nexthop index of a group is not the same between the primary and backup after a nsr switchover, we might see a packet loss of 250 to 400 ms. PR1561287

On MX480 router, during the verification of GRES and NSR functionality with VXLAN feature, the convergence is not as expected Layer 2-DOMAIN-TO-Layer 3 VXLAN. PR1561287

When you perform GRES with the interface em0 (or fxp0) disabled on the primary Routing Engine, then enable the interface on the new backup Routing Engine, it isn't able to access network. PR1372087

On all Junos platforms with broadband subscriber management protocols being implemented, when redundant logical tunnel interface[rlt0] having 2 member interfaces in 2 different FPCs and it is used as the anchor point for the pseudo subscriber interface[ps0] in an event which can bring the primary member interface down, traffic is not failed over to the backup interface. PR1492864

When family bridge is configured, IFLs are not created. If IFLs are not created, l2ald does not create IFBDs (interface to BD association) and if we don't have IFBDs in the system, STP is not enabled on that interface. PR1622024

The Firefox browser displays an unsaved changes error message in the J-Web Basic Settings page if the Autofill logins and passwords option is selected under the Browser Privacy and security settings. PR1560549

On MX5/MX10/MX40/MX80/MX104 Series platforms with DHCP server configuration for DHCP subscribers, the jdhcpd memory leak might happen and the memory increase by 15MB which depends on the number of subscribers when testing the DHCP subscribers log-in/out. PR1432162

If the request system zeroize command does not trigger zero-touch provisioning, please re-initiate the ZTP as a workaround PR1529246

On MX Series platforms, there may be a mismatch in subscriber information between the devices when the two devices are configured as Dynamic Host Configuration Protocol (DHCP) relay Active lease Query (ALQ) peers. This is a timing issue that occurs frequently when the lease timer is less than 300secs. PR1638050

Bfd session flaps during ISSU only in MPC7E card(Bfd sessions from other cards of DUT to peer routers did not flap during ISSU). Issue is not seen frequently. PR1453705

Single hop BFD sessions can sometimes flap after GRES in highly scaled setups which have RSVP link or link-node-protection bypass enabled. This happens because sometimes RSVP neighbor goes down after GRES if RSVP hellos are not received after GRES before neighbor timeout happens. As a result of RSVP neighbor going down, RSVP installs a /32 route pointing to bypass tunnel which is required to signal backup LSPs. This route is removed when all lsps stop using bypass after link comes back up. The presence of this /32 route causes BFD to flap. PR1541814

As the update-threshold configuration changes from an attribute to an object between Junos OS Release 18.2X75-D65 and Junos OS Release 18.2X75-D521, the user will need to delete the update-threshold stanza and re-configure it after the downgrade. PR1546447

The rsvp interface update threshold configuration syntax has changed between Junos OS Release 18.2X75-D435 and Junos OS Release 20.3X75-D10 to include curly braces around the threshold value. Upgrading and downgrading between these releases is not entirely automatic. The user must delete this stanza if configured before the downgrade and then manually reconfigure. PR1554744

In MVPN Case, if the nexthop index of a group is not same between master and backup after a nsr switchover, we may see a packet loss of 250 to 400 ms. PR1561287

If IS-IS-TE or OSPF-TE is enabled, but extended admin groups (which is configured under routing-options) are configured after the peer router advertises the extended admin groups, the LSP with extended admin groups constraints might fail to be established. PR1575060

The use-for-shortcut knob is meant to be used only in SRTE tunnels which use SSPF (Strict SPF Algo 1) Prefix SIDs. If "set protocols isis traffic-engineering family inet-mpls shortcuts" and "set protocols isis traffic-engineering tunnel-source-protocol spring-te" is configured on a device, and if any SRTE tunnel using Algo 0 Prefix SIDs is configured with "use-for-shortcut" knob, it could lead to routing loops or rpd cores. PR1578994

When there is scaled RSVP sessions [~21K] and have enabled RSVP for all the interfaces,RPD process walks through all the interfaces which results into high CPU for some time, which also results LSP flap. PR1595853

When there is scaled RSVP sessions [~21K] and have enabled RSVP for all the interfaces,RPD process walks through all the interfaces which results into high CPU for some time, which also results LSP flap, will see the log message on RE switch over,due to this protocols also can flap. PR1600159

There is no traffic impact but the show route forwarding-table destination < a.b.c.d> command, contains stale entry for around 60 seconds. PR1610620

If LSP reoptimization is enabled for the primary and secondary path that is standby, the standby secondary LSP might get stuck on the same path as primary LSP after network change that triggers reoptimization happens. PR1615326

When RSVP setup protection is enabled, the LSP over a broadcast segment might stay down, due to a missing function of nexthop check for broadcast segment in code. PR1638145

MPLS traffic going through the ingress pre-classifier logic may not determine MPLS payload correctly, classifying MPLS packet into control queue versus non-control queue and exposing possible packet re-order. PR1010604

The commit synchronize command fails because the kernel socket gets stuck. PR1027898

On MX-Series platforms with MPC7/8/9 or MX-204/MX-10003 when the packets which exceed the MTU and whose DF-bit is set go into a tunnel (such as GRE, LT), they might be dropped in the tunnel egress queue. PR1386350

The traps are the result of PPE commands injected from the host. One possible reason could be Layer 2 BD code, which is trying to decrement BD MAC count in the data plane. It is unlikely that there is a packet loss during this condition. This could happen during ISSU and this may be due to a problem with ISSU counter morphing used for LU-based cards, where certain counters are not disabled or disabled too late during ISSU. PR1426438

Arrival rates are not seen at system level when global-disable fpc is configured on qfx PR1438367

Due to software implementation, firewall filter is re-applied during graceful switchover (GRES). This may lead to short duration when filter is not applied to the provoking side effects like drop of traffic. PR1487937

With GRES and NSR functionality with VXLAN feature, the convergence time may be slightly higher than expected for L2-DOMAIN-TO-L3VXLAN PR1520626

When the DHCP relay mode is configured as no-snoop, we are observing the offer gets dropped due to incorrect asic programming. This issue only affects while running DHCP relay on EVPN/VXLAN environment. PR1530160

This issue notes an impact to RPM behavior in non-delegate mode with MPC10 line cards. It is observed that the RPM packets from client are received and processed by RPM server but the response packets are dropped before they are received by the client. PR1556697

On MX Series devices and the EX9200 line of switches, the FPC gets restarted and thereby disrupts traffic when there is an out-of-order filter state and terms. This issue might be seen only in back-to-back GRES in more than 40 to 50 iterations. PR1579182

The issue is due to output byte count not getting updated properly. The script logs shows that there is no packet loss, There is no functional impact and will be taken up in the upcoming releases. PR1579797

On MX platforms, during reboot, the AE ifls are first added, then deleted and again added, this flapping causes corner case where the filter attachment ipc has older AE ifl index on which the filter bind fails. Filter will not be attached to the interface, so any filter related service will not work. PR1614480

While interoperating with other vendors in a draft-rosen multicast VPN, by default Junos OS attaches a route target to multicast distribution tree (MDT) subsequent address family identifier (SAFI) network layer reachability information (NLRI) route advertisements. But some vendors do not support attaching route targets to the MDT-SAFI route advertisements. In this case, the MDT-SAFI route advertisement without route-target extended communities is prevented from propagating if the BGP route-target filtering is enabled on the device running Junos OS. PR993870

Certain BGP traceoption flags (for example, "open", "update", and "keepalive") might result in (trace) logging of debugging messages that do not fall within the specified traceoption category, which results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294

LDP OSPF are in synchronization state because the IGP interface is down with ldp-synchronization enabled for OSPF. user@host> show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1 Type: P2P, Address: 10.0.60.93, Mask: 255.255.255.252, MTU: 9100, Cost: 1050 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 2, Not Stub Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTC Protection type: None Topology default (ID 0) -> Cost: 1050 LDP sync state: in sync, for: 00:04:03, reason: IGP interface down config holdtime: infinity. As per the current analysis, the IGP interface goes down because although LDP notified OSPF that LDP synchronization was achieved, OSPF is not able to take note of the LDP synchronization notification, because the OSPF neighbor is not up yet. PR1256434

In rare cases, RIP replication might fail as a result of performing NSR Routing Engine switchovers when the system is not NSR ready. PR1310149

On MX platforms, unexpected log message will appear if the CLI command 'show version detail' or 'request support information' is executed: test@test> show version detail *** messages *** Oct 12 12:11:48.406 re0 mcsnoopd: INFO: krt mode is 1 Oct 12 12:11:48.406 re0 mcsnoopd: JUNOS SYNC private vectors set PR1315429

SCP command with Routing Instance (-JU) is not supported. PR1364825

On all platforms with a large-scale BGP setup (e.g. advertising 300K routes over 500 BGP peers), high CPU utilization (close to 100%) by BGP I/O thread on master RE might be seen for a couple of minutes (like 10 minutes), which may lead to dramatic performance degradation and even traffic loss if NSR is enabled while there is a lot of advertisements and the backup RE is busy (performing "clear bgp neighbor all" on the RR can achieve this). PR1488984

TILFA backup path fails to install in LAN scenario and also breaks SR-MPLS tilfa for lan with more than four end-x sids configured per interface. PR1512174

In previous versions of RFC 9072's draft-ietf-idr-bgp-ext-opt-param, the optional-parameter length was required to be 255 in order to trigger the updated behavior. Later editions of the Internet-Draft permitted non-zero optional parameter length values to be used to support this feature. PR1554639

post configuration change commit, due to race on ordering of routing-instance parsing, and rt-export module processing, rt-export may act on stale handle pointing to the previous incarnation of transport-class auto-created instance. Hence it causes the issue in this PR. PR1556632

A single hop BFD session over IRB interface works in centralised mode if the VPLS instance the IRB belongs to has only LSI interfaces bound to VPLS pseudowires and has no local non-tunnel attachment circuits. PPMD daemon responsible for the session distribution to FPC microkernel will be attempting to distribute the session indefinitely failing every time. Upon every distribution failure, the following counter increases by 1, typical counter increase rate is about +40 per minute: > user@router> show ppm distribution-statistics > > PPMD distribution statistics: > PFE not eligible: 0 > Kernel returned no address: 340 Client hash index fail: 0 > PFE marked for deletion: 0 > Client eligibility fail: 0 > PFE is not capable: 0 > DFWD is not capable: 0 > Lo0 subunit missing: 0 This issue could be seen on any JUNOS release/platform supporting distributed or inlined single hop BFD over IRB. Both session distribution failure and endless failing attempts to distribute it are expected to be addressed in JUNOS, there is no confirmed date of the fixes arrival. General centralised mode recommendations like avoiding agressive subsecond BFD timers are applicable to this case. PR1563947

Multicast traffic is hogging the switch core when igmp-snooping is removed. The MCSNOOPD will be cored due to the changes in mrouter interfaces and routes PR1569436

If the Junos config contains a SHA-1 hashed password for a specific user, that user will be unable to login post upgrade. To identify any SHA-1 hashed passwords, run the following from the edit command line: # show | match \$sha1\$ Post upgrade do not use the SHA-1 password format. If the password format is set to SHA-1, the password will be hashed with SHA-512 instead. PR1571179

If OSPF and RSVP are configured, a device that is out of service is transmitting a large number of link-state advertisement (LSAs) (more than 100k), extremely busy neighbors are slow in sending LSACKs, and some LSA churn happens caused by route flaps, then unexpected CSPF link down/deleted events happen on LSPs. This causes other OSPF routers in the OSPF domain to fail their CSPF calculation for the router loopbacks that act as P routers in this topology and thus drop the LSPs, causing traffic impairment. In addition, rpd utilization will be pegged to 100%. PR1576818

Traffic loss is seen across the LDP path during traffic shift from one router to another device in the MPLS cloud. Two routers with two different capacities converge at two different times, so a microloop occurs between the two nodes. See workaround provided. PR1577458

With max number of IFLs [4K GRE tunnel per PFE] with following configuration. 1.> family inet and associated source and destination for each tunnel 2.> Configure allow-fragmentation knob on one endpoint of the tunnel and configure reassemble-packets on the other endpoint of the tunnel As above configuration, if we do "deactivate chassis fpc slot", we may hit this issue. We are still doing analysis to find out root cause of this issue. PR1581042

When mpls traffic-engineering and rib inet.3 protect core knob is enabled then transport routes in inet.3 will not be used for route resolution PR1605247

When ip-fix is transferring telemetry files and ntf-agent daemon is closed/restarted there could be a core with the backtrace (CRYPTO_THREAD_unlock). The daemon recovers by itself. PR1617568

On all Junos OS platforms, traffic might continue to forward on the aggregated Ethernet interface member link even if MicroBFD(Bidirectional Forwarding Detection) status is in a hold-down state. PR1624085

UTM web-filtering statistics: Total requests: 0 White list hit: 1 Black list hit: 1 Default action hit: 1 Added this field to show display counter for default action hit Custom category permit: 1 Custom category block: 1 Custom category quarantine: 0 Custom category qurantine block: 0 Custom category quarantine permit: 0 Safe-search redirect: 0 Safe-search rewrite: 0 Web-filtering sessions in total: 128000 Web-filtering sessions in use: 0 Fallback: log-and-permit block Default 0 0 Timeout 0 0 Connectivity 0 0 Too-many-requests 0 0 PR1570500

The commitd process might generate core file when issuing the load override statement after DB resize. PR1569607

On all Junos OS platforms, when copy-config, get-configuration, discard-change RPCs run in two parallel NETCONF sessions and the database is also accessed in parallel by two NETCONF sessions, it leads to database corruption and mgd related services might crash. PR1641025

In some scenario (e.g configuring firewall filter) sometimes srx5K might show obsolete IPsec SA and NHTB entry even when the peer tear down the tunnel. PR1432925

BGP and PIM should have default preference since backup MVPN will choose PIM route based on higher preference only. If BGP is preferred over PIM then PIM route will not be accepted on backup RE. PR1578164