Open Issues

A few duplicate packets might be seen in an AA EVPN scenario when the remote provider edge device sends a packet with an IM label due to MAC not learned on the remote PE device, but learned on the AA local PE device. The nondesignated forwarder sends the IM-labeled encapsulated packet to the PE-CE interface after MAC lookup instead of dropping the packet, which causes the duplicate packets to be seen on the customer edge side.PR1245316

The vmcore process generates core file at rts_ifbd_get_parent, rts_ifstate_chk_if_interesting_int, rts_ifstate_chk_if_interesting_int_with_stats. PR1542037

EVPN-MPLS multihoming control MACs are missing after VLAN ID removal and adding it back to a trunk logical interface of one of the multihoming PE devices. This is not a recommended way to modify VLAN ID configuration. Always perform symmetric change (remove or add VLAN ID) on both multihoming PE devices. PR1596698

MAC IP moves across L2-DCI is not updated in MAC-IP table of the gateway nodes. This problem occurs only with the translation VNI when the MAC is moved from DC1 to DC2. VM moves across DC where there is no translate VNI configuration in the interconnect works as designed. PR1610432

Use 512 antireplay window size for IPv6 in fat-tunnel. The ESP sequence check might otherwise report out-of-order packets if the fat-tunnel parallel encryption is within 384 packets (12 cores * 32 packets in one batch). Hence there are no out-of-order packets with 512 antireplay window size.

PR1470637

fast-lookup-filter with match not supported in FLT hardware might cause the traffic drop. PR1573350

In MX104, you will see sporadic I2C error messages when Routing Engine CPU usage is high. The I2C might successfully access in the next polling with no impact. PR1223979

On PTX Series routers with FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter a single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. PR1254415

Next Generation Routing Engine (NG-RE) with RE-S-X6-64G, RE-S-2X00x6, and RE-PTX-X8-64G models on MX Series or PTX Series devices might encounter a transient system freeze of the Linux-based host (VM host) for about 20-35 seconds causing protocol flap, FPC restart that switches between the primary Routing Engines. PR1312308

When you add VLAN as an action for changing the VLAN in both ingress and egress filters, the filter won't get installed. PR1362609

With Next Generation Routing Engine (NG-RE), in some race conditions, the following messages might be seen on the primary Routing Engine: kernel: interrupt ACX7100-32C detected on "irq11:"; throttling interrupt source. PR1386306

On MX series routers with MPC7E, MPC8E, or MPC9E installed, if optics QSFPP-4X10GE-LR (Part number 740-054050) is used, the link might flap. PR1436275

Primary PTP and secondary PTP port configuration accepts PTP packets with multicast MAC address according to the port settings. If you configure forwardable multicast, only PTP packets with forwardable MAC address are accepted, non-forwardable is dropped. If you configure link-local multicast, only PTP packets with non-forwardable MAC address are accepted, forwardable is dropped. PR1442055

In race conditions, if a BGP route is resolved over the same prefix protocol next hop in a routing table that has routes of the prefix from different routing protocols, when the routes are flapping (firstly these routes are down and then up), the BGP route will be re-resolved, and then the rpd crash might be seen. PR1458595

IP options router alert header is not hitting the firewall filter on egress. PR1490967

When running show pfe filter hw filter-name filter- name command, the command fails to retrieve the Packet Forwarding Engine programming details of the filter. PR1495712

When backup Routing Engine stops, CB1 goes offline and comes back online. This restarts the backup Routing Engine, and it shows the reboot reason as "0x1:power cycle/failure". PR1497592

A delay of 35 seconds is added in reboot time in Junos OS Release 20.2R1 compared to Junos OS Release 19.4R2. PR1514364

After performing unified ISSU on the Junos node slicing, the unsupported Field Replaceable Unit (FRU) unified ISSU will stay offline until it is brought online manually after the ISSU. This issue will cause a service or traffic impact for the offline FRUs. PR1534225

FPC might generate a core file if flap-trap-monitor feature under set protocols oam ethernet cfm performance-monitoring sla-iterator-profiles is used and performance monitoring flap occurs. PR1536417

"Socket to sflowd closed" error occur when the ukern socket to sflowd daemon (server) is closed. The error is rectified by itself as the client successfully reestablishes the connection in the subsequent attempts. When these errors are consistent, it indicates a communication issue between sflowd and the sFlow running on the FPC. PR1538863

In scaled MX2020 router, with vrf localisation enabled, 4 million nexthop scale, 800k route scale. FPCs might go offline on GRES. Post GRES, router continues to report many fabric related CM_ALARMs. FPC might continue to reboot and not come online. Rebooting the primary and backup Routing Engine will help recover and the router gets stable. PR1539305

PTP to PTP noise transfer is passing for impairments profile "400nsp-p_1Hz", but failing for profile "400nsp-p_0.1Hz" and lower BW profiles as well. The issue is common to 10g also. PR1543982

100G AOC from innolight does not come up after multiple reboots. It recovers after the interface is enabled or disabled. PR1548525

This log is harmless Feb 27 20:26:40 xolo fpc3 Cannot scan phys_mem_size.out. Please collect /var/log/*.out (0;0xdd3f6ea0;-1) (posix_interface_get_ram_size_info): Unknown error: -1. PR1548677

5M DAC connected between QFX10002-60C and MX2010 does not link up. But with 1M and 3M DAC this interoperability works as expected. Also, it is to be noted QFX10002-60C and ACX or Traffic generator the same 5M DAC works seamlessly. There seems to be certain SI or link level configuration on both QFX10002-60C and MX2010 which needs to be debugged with the help from HW and SI teams and resolved. PR1555955

VE and CE mesh groups are default mesh groups created for a given Routing instance. On VLAN or bridge-domain add, flood tokens and routes are created for both VE and CE mesh-group or flood-group. Ideally, VE mesh-group does not require on a CE router where IGMP is enabled on CE interfaces. MX Series-based CE boxes have unlimited capacity of tokens, therefore this is not a major issue. PR1560588

timingd-lc errors, "CdaExprClient: grpc api call ExprServerInfoGet failed" and "CdaExprClient: Failed to fetch server info error:5", seen on all fpcs after restarting router or fpc restart. PR1561362

Because of the race condition, the show multicast route extensive instance instance-name output can display the session status as invalid. Such an output is a cosmetic defect and not indicative of a functional issue. PR1562387

To avoid the additional interface flap, interface hold time needs to be configured . PR1562857

Starting in Junos OS Release 21.1R1, Junos OS will be shipping with python3 (python2 is no longer supported). In ZTP process, if a python script is being downloaded, please ensure the python script follows python3 syntax (there are certain changes between python2 and python3 syntax). Also, until Junos OS Release 20.4R1, the python script had #!/usr/bin/python as the first line (that is, the path of the python interpreter). The same needs to be changed to #!/usr/bin/python3 from Junos OS Release 21.1R1. PR1565069

The chassisd logs are flooded with "pic_create_ifname: 0/0/0 pic type F050 not supported" messages for every port that is connected. This will happen every few seconds.PR1566440

Stale TCNH entries are seen in new primary Routing Engine after switchover with NSR even though all the prpd routes are deleted. These TCNH entries are present because NSR is not supported for BGP static programmable routes. This leads to an extra reference count in the backup Routing Engine, due to which the next hop is not freed. PR1566666

Packet Forwarding Engine error message "Tunnel id: does not exist" can be seen while executing show dynamic-tunnel database statistics after deactivating routing-options dynamic-tunnel when we have a high scale of tunnels. This is just a transient error message and has no functional impact. The error can appear while tunnels are getting deleted and will not be displayed after all the tunnels are deleted. PR1568284

Copying files to /tmp/ causes a huge JTASK_SCHED_SLIP. As a workaround, copy files to /var/tmp/ instead. PR1571214

Under very rare conditions for HA cluster deployment, when it does RG0 failover and at same time, the control link is down, then it will hit this mib2d core file because the primary Routing Engine and secondary Routing Engine are out of syncing dcd.snmp_ix information. PR1571677

On all Junos OS platforms, traffic loss might be observed because of a rare timing issue when performing frequent Interface Bridge Domain (IFBD) configuration modifications. This behavior is seen when the Packet Forwarding Engine receives out-of-order IFBD(s) from Routing Engine and might lead to the fxpc process crash and traffic drop. PR1572305

The following messages might be seen in the logs from MPC11E line-card: Feb 9 11:35:27.357 router-re0-fpc8 aftd-trio[18040]: [Warn] AM : IPC handling - No handler found for type:27 subtype:9. As there is no functional impact, these logs can be ignored. PR1573972

On MX Series routers, in a subscriber scenario with scaled around 32000 connections, the replication daemon might generate core files or stop running, which results in failure on subscriber services on the new Routing Engine after upgrading GRES. PR1577085

In EVPN-VXLAN scenario with OSPF configured over the IRB, OSPF sessions might not get established due to connectivity issues. PR1577183

This issue is caused by /8 pool with block size as 1, when the configuration is committed the block creation utilizes more memory causing NAT pool memory shortage which is currently being notified to customer with syslog tagged RT_NAT_POOL_MEMORY_SHORTAGE. PR1579627

For input subscription paths containing a ":" character, the extension header in case of GNMI and certain fields for the show network-agent statistics CLI will have incorrect values. PR1581659

On fully loaded devices, at times, firewall programming was failing due to scaled prefix configuration with more than 64800 entries. However, this issue is not observed in the development setup. PR1581767

When the active secondary interface is deactivated, the PTP lock status is set to 'INITIALIZING' state in show ptp lock-status output for few seconds before BMCA chooses the next best slave interface. This is the day 1 behavior and there is no functional impact. PR1585529

With preserve hierarchy configuration ON and option C is used with BGP CT, if the VPN CT stiching routes at ASBR are resolved over an SRTE tunnel with a single label, then the forwarding mpls.0 route programming will be incorrect on MX Series boxes. PR1586636

In USF mode (MX-SPC3), NAT EIM mapping is getting created even for out to in FTP ALG child sessions. PR1587849

On all Junos OS and EVO platforms, when there is a congestion on the link where telemetry streams are connected, then in a race conditions, there can be na-grpcd core and telemetry service will be impacted as na-grpcd will take a minute to come back online. PR1587956

In USF mode (MX-SPC3), with NAPT44,EIM,APP and PCP configuration, show services session count on vms interface is not as expected for FTP traffic initiated from public side. PR1588046

On all devices running Junos OS Release 19.1R3-S5-J3, the subscriber logical interface might get stuck after deleting the extensible subscriber services manager (ESSM). PR1591603

In USF mode, for IPSec specific scenario involving GRES, RPD immediately purges the route entry (the ARI routes injected by IKED-based on negotiated traffic selector) as it considers it as a stale route entry on Routing Engine mastership switch which impacts the uplink (or encrypt) traffic until IKED adds back the ARI routes as part of the IKE and IPSec SA restore processing on mastership switch. In order to minimize the traffic loss, it is recommended to use the following configurable configuration statement: set system services subscriber-management gres-route-flush-delay. PR1592655

On MX Series routers inline NPT does not translate source IPv6 of packet with authentication header present. The packet is simply passed through upstream. Consequently, it is not expected that downstream traffic arrives with NPT pool IPv6 address as IPv6 destination address and with authentication header. Such traffic might be malicious and this must be handled through external configuration. The fix suggested is to configure firewall for downstream direction that blocks traffic destined to NPT pool address and with authentication header. PR1592957

Pim VxLAN does not work on TD3 chipsets enabling VxLAN flexflow after Junos OS Release 21.3R1. PR1597276

On all MX Series routers, changing configuration AMS 1:1 warm-standby to load-balance or deterministic NAT might result in generating vmcore file and cause traffic loss. PR1597386

MX2010, MX2020: MPC11E: Unified ISSU is not supported for software upgrades from Junos OS Releases 21.2 to 21.3 and Junos OS Releases 21.4 due to a flag day change. PR1597728

On MX10008, MX10016, PTX10008, and PTX10016 with JNP10K-RE1, some of the SMART attributes of StorFly VSFBM8CC200G SSD might be shown as "Unknown_Attribute". There is no service impact due to this issue. PR1598566

When PTP is on default profile and PTPoE is configured in stateful with ordinary clock-mode configuration is not supported. Below unsupported configuration does not throw commit error. There are no error logs reported with below unsupported configuration. Un-supported PTP configuration: user@router# show protocols ptp clock-mode ordinary; stateful { interface xe-0/0/0.0 { multicast-mode { transport { ieee-802.3; } } } } Stateful port configuration for PTP over Ethernet and default profile is supported only on boundary clock mode and not on ordinary clock mode. As a work around change the clock-mode or to remove stateful configuration. PR1601843

When the interface transition occur from down to up, the carrier transition counter value of a particular interface can be incorrect when the peer interface takes longer time to come up. Configuring hold-time for up and down helps to resolve. PR1601946

Comparing convergence time with Junos OS Release 21.1R1.5, seen degradation in ISISv6 , ospfv2 and ospfv3 convergence time. As it is a convergence time issue, many components will be involved and therefore need investigation from multiple teams (rpd, kernel, Packet Forwarding Engine). . PR1602334

In an MX Series Virtual Chassis setup with MS-MPC or SPC3 service cards with AMS/MAMS interfaces configuration, it is possible that the traffic on an MPC2 line card in the protocol backup chassis is not correctly load balanced due to timing conditions. As a workaround, reboot the affected line card while the service card is online. PR1605284

In some NAPT44 and NAT64 scenarios, duplicate SESSION_CLOSE syslog will be seen. PR1614358

With DSLite and NAT rule configuration to match ICMP and UDP traffic in place, ICMP error packet payload IP and UDP header translations are not happening properly. PR1616633

Memory zone does not reflect appropriately while doing memory tests via Vty command test usp service-sets memory-testing start. PR1619499

Enabling FIPS mode fails with self-test failure and kernel crash. PR1623128

Zeroize RPC returns no positive reply. PR1630167

DHCP ALQ syslog error bbesmgd[26939]: LIBSDB_RSMON_PS_TABLE_PTR_FAILURE: sdb_get_ps_interface_table_record:2076 failed to get the ps_table_header ptr. PR1631858

On MX Series routers with SPC3 service card installed, TFTP control sessions are getting refreshed with inactivity time out after data session is closed, causing the control session to stay in session table for some more time. The service impact is minor or negligible as the TFTP control session will eventually get deleted after timeout. PR1633709

After inserting local_dest_timeout, plane-1 is not going to check state. PR1636943

The jsd process might take sometime to detect abrupt termination of the socket at the collector or client side in certain cases. This can occur when flapping the interface on which the collector is connected to the router or when a firewall terminates the client port. In such cases, the client must wait for the connection termination to be detected, which could take around 1 hour, or restart the jsd process before being able to reconnect with the same client ID.

PR1549044

The stub creation functions will not be available. PR1580789

ZTP does not get activated after deleting the device once or twice. PR1529246

Adding one more subinterface logical interface to an existing interface causes 20-50 milliseconds traffic drop on the existing logical interface. PR1367488

BFD session flaps during unified ISSU only in MPC7E line card. The issue is not seen frequently. PR1453705

The single hop BFD sessions might flap sometimes after GRES in a highly scaled setup which have RSVP link or link-node-protection bypass enabled. This happens because the RSVP neighbor goes down sometimes after GRES if RSVP hellos are not received before neighbor time out happens. As a result of the RSVP neighbor being down, RSVP installs a /32 route pointing to bypass tunnel which is required to signal backup LSPs. This route is removed when all LSPs stop using bypass after the link comes back. The presence of this /32 route causes BFD to flap. PR1541814

The use-for-shortcut statement is meant to be used only in SR-TE tunnels which use Strict SPF Algo 1 (SSPF) prefix SIDs. If set protocols isis traffic-engineering family inet-mpls shortcuts and set protocols isis traffic-engineering tunnel-source-protocol spring-te is configured on a device, and if any SR-TE tunnel using Algo 0 prefix SIDs is configured with the use-for-shortcut statement, it could lead to routing loops or rpd process core files. PR1578994

On the MX10008 and MX10016 routers, when there is scaled RSVP sessions (for example, 21,000) and the RSVP is enabled for all the interfaces, then the rpd process goes through all the interfaces which results into a high CPU utilization for some time. This also results in LSP flap. PR1595853

When a protected link goes down, MPLS gets tunnel local repair message from RSVP and trigger CSPF computation. Next, MPLS gets link protection information through RRO notification. If MPLS receives TED notification first before RRO notification, then CSPF computation fails. Since the link protection flag is not set, MPLS thinks it is an unprotected link and brings down the LSP. PR1598207

A few RSVP sessions are down in ingress nodes. PR1631774

When RSVP setup protection is enabled, the LSP over a broadcast segment might stay down, due to a missing function of nexthop check for broadcast segment in code. PR1638145

When the ephemeral instance is deleted, physical files related to the instance is not deleted and the content of the file will remain as it is and might cause the device to behave uncertainly. PR1553469

The commit synchronize command fails because the kernel socket gets stuck. PR1027898

Loss of traffic on switchover occurs when you use filter applied on the logical child interface. PR1487937

On MX480 router, during the verification of GRES and NSR functionality with VXLAN feature, the convergence is not as expected L2-DOMAIN-TO-L3VXLAN. PR1520626

When the DHCP relay mode is configured as no-snoop, the offer get dropped due to incorrect ASICs programming. This issue only affects while running DHCP relay on EVPN-VXLAN environment. PR1530160

On the MX Series-based line card with firewall filter used scenario, in rare cases, adding and then deleting configurations at scale in multiple iterations might cause the line card to crash and FPC to restart. The traffic landing on this FPC is lost until it comes online again. PR1589619

If authentication (for example, tacplus-server, radius-server) is configured on a device, it might fail to open files in a rare case, which might crash the mgd process. PR1600615

Traffic loss of is observed with vrrp mastership change from backup to primary. This is seen while you bring up the route back after enabling the link. PR1612504

With Junos OS Release 21.3R1, with EVPN VxLAN SMET multicast snooping configuration traffic might drop at VTEPs. PR1613457

EX4400-48MP - VM core file is generated and Virtual Chassis split might be observed with multicast scale scenario. PR1614145

On MX Series routers, during reboot, the aggregated Ethernet logical interfaces are first added, then deleted and again added. This flapping is a corner case where the filter attachment ipc has an older aggregated Ethernet logical interface index on which the filter bind fails. Filter will not be attached to the interface. Therefore, any filter related service will not work. PR1614480

MAC addresses not learnt for some bridge domains. PR1632411

Traffic drop is seen when you restart FPC of gre and aggregated Ethernet interface in L2GRE with virtual switch and aggregated Ethernet configured. PR1640953

Already configured routing-policies are incorrectly changed and all the configured "from" matching criterias are removed from them, when global default route-filter walkup option is changed, that is, when add/delete of set policy-options default route-filter walkup configuration is performed. This issue affects only those routing policies which do not have "from route-filter" configured in any of the terms. PR1646603

When interoperating with other vendors in a draft-rosen multicast VPN, by default the Junos OS attaches a route target to multicast distribution tree (MDT) subsequent address family identifier (SAFI) network layer reachability information (NLRI) route advertisements. But some vendors do not support attaching route targets to the MDT-SAFI route advertisements. In this case, the MDT-SAFI route advertisement without route-target extended communities will be excluded from propagating if the BGP route target filtering is enabled on a device running Junos OS. Note that draft-rosen-idr-rtc-no-rt has been created in IETF to document this issue and carry the proposed fix through standards.PR993870

TILFA backup path fails to install in LAN scenario and also breaks SR-MPLS TILFA for LAN with more than four end-x SIDs configured per interface. PR1512174

Conformance issues with draft-ietf-idr-bgp-ext-opt-param. In previous versions of RFC 9072 (that is, draft-ietf-idr-bgp-ext-opt-param), the required optional-parameter length is 255 in order to trigger the updated behavior. Later editions of the internet draft permitted non-zero optional parameter length values to be used. PR1554639

clns ping statement fails through L3 VPN. PR1559005

In a Virtual Chassis or Virtual Chassis fabric scenario, inconsistent MCSNOOPD core file is seen when the igmp-snooping configuration is removed. PR1569436

SHA-1 system login password format are not accepted post the upgrade. PR1571179

On all platforms supporting unified ISSU, if ISSU is performed on two routers connected over Link Fault Management (LFM), the process is aborted with 'Aborting Daemon Prepare' on one of the routers. The bidirectional forwarding detection (BFD) process get stuck at abort state and is not reverted back to idle state. Any subsequent attempt of ISSU on failed node fails with the same message. PR1598786

When MPLS traffic-engineering and rib inet.3 protect core configuration statement is enabled then transport routes in inet.3 will not be used for route resolution. PR1605247

DTCP radius-flow-tap fails to program Packet Forwarding Engine when trigger X-NAS-Port-Id exceeds 48 character length. PR1647179

Event-timestamp in RADIUS Acct-Stop might show future time in certain circumstance. PR1643316

bbe-smgd core file is observered at 0x040e9caf in abort () at /.amd/svl-engdata5vs2/occamdev/build/freebsd/stable_12_213/20211023.042806__ci_fbsd_builder_stable_12_213.0.7016a19/src/lib/libc/stdlib/abort.c:67. PR1637272