Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Open Issues

Learn about open issues in this release for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.


  • A few duplicate packets might be seen in an AA EVPN scenario when the remote provider edge device sends a packet with an IM label due to MAC not learned on the remote PE device, but learned on the AA local PE device. The nondesignated forwarder sends the IM-labeled encapsulated packet to the PE-CE interface after MAC lookup instead of dropping the packet, which causes the duplicate packets to be seen on the customer edge side.PR1245316

  • The vmcore process generates core file at rts_ifbd_get_parent, rts_ifstate_chk_if_interesting_int, rts_ifstate_chk_if_interesting_int_with_stats. PR1542037

  • EVPN-MPLS multihoming control MACs are missing after VLAN ID removal and adding it back to a trunk logical interface of one of the multihoming PE devices. This is not a recommended way to modify VLAN ID configuration. Always perform symmetric change (remove or add VLAN ID) on both multihoming PE devices. PR1596698

  • MAC IP moves across L2-DCI is not updated in MAC-IP table of the gateway nodes. This problem occurs only with the translation VNI when the MAC is moved from DC1 to DC2. VM moves across DC where there is no translate VNI configuration in the interconnect works as designed. PR1610432

Flow-based and Packet-based Processing

  • Use 512 antireplay window size for IPv6 in fat-tunnel. The ESP sequence check might otherwise report out-of-order packets if the fat-tunnel parallel encryption is within 384 packets (12 cores * 32 packets in one batch). Hence there are no out-of-order packets with 512 antireplay window size.


Forwarding and Sampling

  • fast-lookup-filter with match not supported in FLT hardware might cause the traffic drop. PR1573350

General Routing

  • In MX104, you will see sporadic I2C error messages when Routing Engine CPU usage is high. The I2C might successfully access in the next polling with no impact. PR1223979

  • On PTX Series routers with FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter a single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. PR1254415

  • Next Generation Routing Engine (NG-RE) with RE-S-X6-64G, RE-S-2X00x6, and RE-PTX-X8-64G models on MX Series or PTX Series devices might encounter a transient system freeze of the Linux-based host (VM host) for about 20-35 seconds causing protocol flap, FPC restart that switches between the primary Routing Engines. PR1312308

  • When you add VLAN as an action for changing the VLAN in both ingress and egress filters, the filter won't get installed. PR1362609

  • With Next Generation Routing Engine (NG-RE), in some race conditions, the following messages might be seen on the primary Routing Engine: kernel: interrupt ACX7100-32C detected on "irq11:"; throttling interrupt source. PR1386306

  • On MX series routers with MPC7E, MPC8E, or MPC9E installed, if optics QSFPP-4X10GE-LR (Part number 740-054050) is used, the link might flap. PR1436275

  • Primary PTP and secondary PTP port configuration accepts PTP packets with multicast MAC address according to the port settings. If you configure forwardable multicast, only PTP packets with forwardable MAC address are accepted, non-forwardable is dropped. If you configure link-local multicast, only PTP packets with non-forwardable MAC address are accepted, forwardable is dropped. PR1442055

  • In race conditions, if a BGP route is resolved over the same prefix protocol next hop in a routing table that has routes of the prefix from different routing protocols, when the routes are flapping (firstly these routes are down and then up), the BGP route will be re-resolved, and then the rpd crash might be seen. PR1458595

  • IP options router alert header is not hitting the firewall filter on egress. PR1490967

  • When running show pfe filter hw filter-name filter- name command, the command fails to retrieve the Packet Forwarding Engine programming details of the filter. PR1495712

  • When backup Routing Engine stops, CB1 goes offline and comes back online. This restarts the backup Routing Engine, and it shows the reboot reason as "0x1:power cycle/failure". PR1497592

  • A delay of 35 seconds is added in reboot time in Junos OS Release 20.2R1 compared to Junos OS Release 19.4R2. PR1514364

  • After performing unified ISSU on the Junos node slicing, the unsupported Field Replaceable Unit (FRU) unified ISSU will stay offline until it is brought online manually after the ISSU. This issue will cause a service or traffic impact for the offline FRUs. PR1534225

  • FPC might generate a core file if flap-trap-monitor feature under set protocols oam ethernet cfm performance-monitoring sla-iterator-profiles is used and performance monitoring flap occurs. PR1536417

  • "Socket to sflowd closed" error occur when the ukern socket to sflowd daemon (server) is closed. The error is rectified by itself as the client successfully reestablishes the connection in the subsequent attempts. When these errors are consistent, it indicates a communication issue between sflowd and the sFlow running on the FPC. PR1538863

  • In scaled MX2020 router, with vrf localisation enabled, 4 million nexthop scale, 800k route scale. FPCs might go offline on GRES. Post GRES, router continues to report many fabric related CM_ALARMs. FPC might continue to reboot and not come online. Rebooting the primary and backup Routing Engine will help recover and the router gets stable. PR1539305

  • PTP to PTP noise transfer is passing for impairments profile "400nsp-p_1Hz", but failing for profile "400nsp-p_0.1Hz" and lower BW profiles as well. The issue is common to 10g also. PR1543982

  • 100G AOC from innolight does not come up after multiple reboots. It recovers after the interface is enabled or disabled. PR1548525

  • This log is harmless Feb 27 20:26:40 xolo fpc3 Cannot scan phys_mem_size.out. Please collect /var/log/*.out (0;0xdd3f6ea0;-1) (posix_interface_get_ram_size_info): Unknown error: -1. PR1548677

  • 5M DAC connected between QFX10002-60C and MX2010 does not link up. But with 1M and 3M DAC this interoperability works as expected. Also, it is to be noted QFX10002-60C and ACX or Traffic generator the same 5M DAC works seamlessly. There seems to be certain SI or link level configuration on both QFX10002-60C and MX2010 which needs to be debugged with the help from HW and SI teams and resolved. PR1555955

  • VE and CE mesh groups are default mesh groups created for a given Routing instance. On VLAN or bridge-domain add, flood tokens and routes are created for both VE and CE mesh-group or flood-group. Ideally, VE mesh-group does not require on a CE router where IGMP is enabled on CE interfaces. MX Series-based CE boxes have unlimited capacity of tokens, therefore this is not a major issue. PR1560588

  • timingd-lc errors, "CdaExprClient: grpc api call ExprServerInfoGet failed" and "CdaExprClient: Failed to fetch server info error:5", seen on all fpcs after restarting router or fpc restart. PR1561362

  • Because of the race condition, the show multicast route extensive instance instance-name output can display the session status as invalid. Such an output is a cosmetic defect and not indicative of a functional issue. PR1562387

  • To avoid the additional interface flap, interface hold time needs to be configured . PR1562857

  • Starting in Junos OS Release 21.1R1, Junos OS will be shipping with python3 (python2 is no longer supported). In ZTP process, if a python script is being downloaded, please ensure the python script follows python3 syntax (there are certain changes between python2 and python3 syntax). Also, until Junos OS Release 20.4R1, the python script had #!/usr/bin/python as the first line (that is, the path of the python interpreter). The same needs to be changed to #!/usr/bin/python3 from Junos OS Release 21.1R1. PR1565069

  • The chassisd logs are flooded with "pic_create_ifname: 0/0/0 pic type F050 not supported" messages for every port that is connected. This will happen every few seconds.PR1566440

  • Stale TCNH entries are seen in new primary Routing Engine after switchover with NSR even though all the prpd routes are deleted. These TCNH entries are present because NSR is not supported for BGP static programmable routes. This leads to an extra reference count in the backup Routing Engine, due to which the next hop is not freed. PR1566666

  • Packet Forwarding Engine error message "Tunnel id: does not exist" can be seen while executing show dynamic-tunnel database statistics after deactivating routing-options dynamic-tunnel when we have a high scale of tunnels. This is just a transient error message and has no functional impact. The error can appear while tunnels are getting deleted and will not be displayed after all the tunnels are deleted. PR1568284

  • Copying files to /tmp/ causes a huge JTASK_SCHED_SLIP. As a workaround, copy files to /var/tmp/ instead. PR1571214

  • Under very rare conditions for HA cluster deployment, when it does RG0 failover and at same time, the control link is down, then it will hit this mib2d core file because the primary Routing Engine and secondary Routing Engine are out of syncing dcd.snmp_ix information. PR1571677

  • On all Junos OS platforms, traffic loss might be observed because of a rare timing issue when performing frequent Interface Bridge Domain (IFBD) configuration modifications. This behavior is seen when the Packet Forwarding Engine receives out-of-order IFBD(s) from Routing Engine and might lead to the fxpc process crash and traffic drop. PR1572305

  • The following messages might be seen in the logs from MPC11E line-card: Feb 9 11:35:27.357 router-re0-fpc8 aftd-trio[18040]: [Warn] AM : IPC handling - No handler found for type:27 subtype:9. As there is no functional impact, these logs can be ignored. PR1573972

  • On MX Series routers, in a subscriber scenario with scaled around 32000 connections, the replication daemon might generate core files or stop running, which results in failure on subscriber services on the new Routing Engine after upgrading GRES. PR1577085

  • In EVPN-VXLAN scenario with OSPF configured over the IRB, OSPF sessions might not get established due to connectivity issues. PR1577183

  • This issue is caused by /8 pool with block size as 1, when the configuration is committed the block creation utilizes more memory causing NAT pool memory shortage which is currently being notified to customer with syslog tagged RT_NAT_POOL_MEMORY_SHORTAGE. PR1579627

  • For input subscription paths containing a ":" character, the extension header in case of GNMI and certain fields for the show network-agent statistics CLI will have incorrect values. PR1581659

  • On fully loaded devices, at times, firewall programming was failing due to scaled prefix configuration with more than 64800 entries. However, this issue is not observed in the development setup. PR1581767

  • When the active secondary interface is deactivated, the PTP lock status is set to 'INITIALIZING' state in show ptp lock-status output for few seconds before BMCA chooses the next best slave interface. This is the day 1 behavior and there is no functional impact. PR1585529

  • With preserve hierarchy configuration ON and option C is used with BGP CT, if the VPN CT stiching routes at ASBR are resolved over an SRTE tunnel with a single label, then the forwarding mpls.0 route programming will be incorrect on MX Series boxes. PR1586636

  • In USF mode (MX-SPC3), NAT EIM mapping is getting created even for out to in FTP ALG child sessions. PR1587849

  • On all Junos OS and EVO platforms, when there is a congestion on the link where telemetry streams are connected, then in a race conditions, there can be na-grpcd core and telemetry service will be impacted as na-grpcd will take a minute to come back online. PR1587956

  • In USF mode (MX-SPC3), with NAPT44,EIM,APP and PCP configuration, show services session count on vms interface is not as expected for FTP traffic initiated from public side. PR1588046

  • On all devices running Junos OS Release 19.1R3-S5-J3, the subscriber logical interface might get stuck after deleting the extensible subscriber services manager (ESSM). PR1591603

  • In USF mode, for IPSec specific scenario involving GRES, RPD immediately purges the route entry (the ARI routes injected by IKED-based on negotiated traffic selector) as it considers it as a stale route entry on Routing Engine mastership switch which impacts the uplink (or encrypt) traffic until IKED adds back the ARI routes as part of the IKE and IPSec SA restore processing on mastership switch. In order to minimize the traffic loss, it is recommended to use the following configurable configuration statement: set system services subscriber-management gres-route-flush-delay. PR1592655

  • On MX Series routers inline NPT does not translate source IPv6 of packet with authentication header present. The packet is simply passed through upstream. Consequently, it is not expected that downstream traffic arrives with NPT pool IPv6 address as IPv6 destination address and with authentication header. Such traffic might be malicious and this must be handled through external configuration. The fix suggested is to configure firewall for downstream direction that blocks traffic destined to NPT pool address and with authentication header. PR1592957

  • Pim VxLAN does not work on TD3 chipsets enabling VxLAN flexflow after Junos OS Release 21.3R1. PR1597276

  • On all MX Series routers, changing configuration AMS 1:1 warm-standby to load-balance or deterministic NAT might result in generating vmcore file and cause traffic loss. PR1597386

  • MX2010, MX2020: MPC11E: Unified ISSU is not supported for software upgrades from Junos OS Releases 21.2 to 21.3 and Junos OS Releases 21.4 due to a flag day change. PR1597728

  • On MX10008, MX10016, PTX10008, and PTX10016 with JNP10K-RE1, some of the SMART attributes of StorFly VSFBM8CC200G SSD might be shown as "Unknown_Attribute". There is no service impact due to this issue. PR1598566

  • When PTP is on default profile and PTPoE is configured in stateful with ordinary clock-mode configuration is not supported. Below unsupported configuration does not throw commit error. There are no error logs reported with below unsupported configuration. Un-supported PTP configuration: user@router# show protocols ptp clock-mode ordinary; stateful { interface xe-0/0/0.0 { multicast-mode { transport { ieee-802.3; } } } } Stateful port configuration for PTP over Ethernet and default profile is supported only on boundary clock mode and not on ordinary clock mode. As a work around change the clock-mode or to remove stateful configuration. PR1601843

  • When the interface transition occur from down to up, the carrier transition counter value of a particular interface can be incorrect when the peer interface takes longer time to come up. Configuring hold-time for up and down helps to resolve. PR1601946

  • Comparing convergence time with Junos OS Release 21.1R1.5, seen degradation in ISISv6 , ospfv2 and ospfv3 convergence time. As it is a convergence time issue, many components will be involved and therefore need investigation from multiple teams (rpd, kernel, Packet Forwarding Engine). . PR1602334

  • In an MX Series Virtual Chassis setup with MS-MPC or SPC3 service cards with AMS/MAMS interfaces configuration, it is possible that the traffic on an MPC2 line card in the protocol backup chassis is not correctly load balanced due to timing conditions. As a workaround, reboot the affected line card while the service card is online. PR1605284

  • In some NAPT44 and NAT64 scenarios, duplicate SESSION_CLOSE syslog will be seen. PR1614358

  • With DSLite and NAT rule configuration to match ICMP and UDP traffic in place, ICMP error packet payload IP and UDP header translations are not happening properly. PR1616633

  • Memory zone does not reflect appropriately while doing memory tests via Vty command test usp service-sets memory-testing start. PR1619499

  • Enabling FIPS mode fails with self-test failure and kernel crash. PR1623128

  • Zeroize RPC returns no positive reply. PR1630167

  • DHCP ALQ syslog error bbesmgd[26939]: LIBSDB_RSMON_PS_TABLE_PTR_FAILURE: sdb_get_ps_interface_table_record:2076 failed to get the ps_table_header ptr. PR1631858

  • On MX Series routers with SPC3 service card installed, TFTP control sessions are getting refreshed with inactivity time out after data session is closed, causing the control session to stay in session table for some more time. The service impact is minor or negligible as the TFTP control session will eventually get deleted after timeout. PR1633709

  • After inserting local_dest_timeout, plane-1 is not going to check state. PR1636943

Juniper Extension Toolkit (JET)

  • The jsd process might take sometime to detect abrupt termination of the socket at the collector or client side in certain cases. This can occur when flapping the interface on which the collector is connected to the router or when a firewall terminates the client port. In such cases, the client must wait for the connection termination to be detected, which could take around 1 hour, or restart the jsd process before being able to reconnect with the same client ID.


  • The stub creation functions will not be available. PR1580789

Layer 2 Ethernet Services

  • ZTP does not get activated after deleting the device once or twice. PR1529246

Layer 2 Features

  • Adding one more subinterface logical interface to an existing interface causes 20-50 milliseconds traffic drop on the existing logical interface. PR1367488


  • BFD session flaps during unified ISSU only in MPC7E line card. The issue is not seen frequently. PR1453705

  • The single hop BFD sessions might flap sometimes after GRES in a highly scaled setup which have RSVP link or link-node-protection bypass enabled. This happens because the RSVP neighbor goes down sometimes after GRES if RSVP hellos are not received before neighbor time out happens. As a result of the RSVP neighbor being down, RSVP installs a /32 route pointing to bypass tunnel which is required to signal backup LSPs. This route is removed when all LSPs stop using bypass after the link comes back. The presence of this /32 route causes BFD to flap. PR1541814

  • The use-for-shortcut statement is meant to be used only in SR-TE tunnels which use Strict SPF Algo 1 (SSPF) prefix SIDs. If set protocols isis traffic-engineering family inet-mpls shortcuts and set protocols isis traffic-engineering tunnel-source-protocol spring-te is configured on a device, and if any SR-TE tunnel using Algo 0 prefix SIDs is configured with the use-for-shortcut statement, it could lead to routing loops or rpd process core files. PR1578994

  • On the MX10008 and MX10016 routers, when there is scaled RSVP sessions (for example, 21,000) and the RSVP is enabled for all the interfaces, then the rpd process goes through all the interfaces which results into a high CPU utilization for some time. This also results in LSP flap. PR1595853

  • When a protected link goes down, MPLS gets tunnel local repair message from RSVP and trigger CSPF computation. Next, MPLS gets link protection information through RRO notification. If MPLS receives TED notification first before RRO notification, then CSPF computation fails. Since the link protection flag is not set, MPLS thinks it is an unprotected link and brings down the LSP. PR1598207

  • A few RSVP sessions are down in ingress nodes. PR1631774

  • When RSVP setup protection is enabled, the LSP over a broadcast segment might stay down, due to a missing function of nexthop check for broadcast segment in code. PR1638145

Network Management and Monitoring

  • When the ephemeral instance is deleted, physical files related to the instance is not deleted and the content of the file will remain as it is and might cause the device to behave uncertainly. PR1553469

Platform and Infrastructure

  • The commit synchronize command fails because the kernel socket gets stuck. PR1027898

  • Loss of traffic on switchover occurs when you use filter applied on the logical child interface. PR1487937

  • On MX480 router, during the verification of GRES and NSR functionality with VXLAN feature, the convergence is not as expected L2-DOMAIN-TO-L3VXLAN. PR1520626

  • When the DHCP relay mode is configured as no-snoop, the offer get dropped due to incorrect ASICs programming. This issue only affects while running DHCP relay on EVPN-VXLAN environment. PR1530160

  • On the MX Series-based line card with firewall filter used scenario, in rare cases, adding and then deleting configurations at scale in multiple iterations might cause the line card to crash and FPC to restart. The traffic landing on this FPC is lost until it comes online again. PR1589619

  • If authentication (for example, tacplus-server, radius-server) is configured on a device, it might fail to open files in a rare case, which might crash the mgd process. PR1600615

  • Traffic loss of is observed with vrrp mastership change from backup to primary. This is seen while you bring up the route back after enabling the link. PR1612504

  • With Junos OS Release 21.3R1, with EVPN VxLAN SMET multicast snooping configuration traffic might drop at VTEPs. PR1613457

  • EX4400-48MP - VM core file is generated and Virtual Chassis split might be observed with multicast scale scenario. PR1614145

  • On MX Series routers, during reboot, the aggregated Ethernet logical interfaces are first added, then deleted and again added. This flapping is a corner case where the filter attachment ipc has an older aggregated Ethernet logical interface index on which the filter bind fails. Filter will not be attached to the interface. Therefore, any filter related service will not work. PR1614480

  • MAC addresses not learnt for some bridge domains. PR1632411

  • Traffic drop is seen when you restart FPC of gre and aggregated Ethernet interface in L2GRE with virtual switch and aggregated Ethernet configured. PR1640953

Routing Policy and Firewall Filters

  • Already configured routing-policies are incorrectly changed and all the configured "from" matching criterias are removed from them, when global default route-filter walkup option is changed, that is, when add/delete of set policy-options default route-filter walkup configuration is performed. This issue affects only those routing policies which do not have "from route-filter" configured in any of the terms. PR1646603

Routing Protocols

  • When interoperating with other vendors in a draft-rosen multicast VPN, by default the Junos OS attaches a route target to multicast distribution tree (MDT) subsequent address family identifier (SAFI) network layer reachability information (NLRI) route advertisements. But some vendors do not support attaching route targets to the MDT-SAFI route advertisements. In this case, the MDT-SAFI route advertisement without route-target extended communities will be excluded from propagating if the BGP route target filtering is enabled on a device running Junos OS. Note that draft-rosen-idr-rtc-no-rt has been created in IETF to document this issue and carry the proposed fix through standards.PR993870

  • TILFA backup path fails to install in LAN scenario and also breaks SR-MPLS TILFA for LAN with more than four end-x SIDs configured per interface. PR1512174

  • Conformance issues with draft-ietf-idr-bgp-ext-opt-param. In previous versions of RFC 9072 (that is, draft-ietf-idr-bgp-ext-opt-param), the required optional-parameter length is 255 in order to trigger the updated behavior. Later editions of the internet draft permitted non-zero optional parameter length values to be used. PR1554639

  • clns ping statement fails through L3 VPN. PR1559005

  • In a Virtual Chassis or Virtual Chassis fabric scenario, inconsistent MCSNOOPD core file is seen when the igmp-snooping configuration is removed. PR1569436

  • SHA-1 system login password format are not accepted post the upgrade. PR1571179

  • On all platforms supporting unified ISSU, if ISSU is performed on two routers connected over Link Fault Management (LFM), the process is aborted with 'Aborting Daemon Prepare' on one of the routers. The bidirectional forwarding detection (BFD) process get stuck at abort state and is not reverted back to idle state. Any subsequent attempt of ISSU on failed node fails with the same message. PR1598786

  • When MPLS traffic-engineering and rib inet.3 protect core configuration statement is enabled then transport routes in inet.3 will not be used for route resolution. PR1605247

Services Applications

  • DTCP radius-flow-tap fails to program Packet Forwarding Engine when trigger X-NAS-Port-Id exceeds 48 character length. PR1647179

Subscriber Access Management

  • Event-timestamp in RADIUS Acct-Stop might show future time in certain circumstance. PR1643316

User Interface and Configuration

  • bbe-smgd core file is observered at 0x040e9caf in abort () at /.amd/svl-engdata5vs2/occamdev/build/freebsd/stable_12_213/20211023.042806__ci_fbsd_builder_stable_12_213.0.7016a19/src/lib/libc/stdlib/abort.c:67. PR1637272