Open Issues

The show Class-of-service Interface command might not display the Classifier bind information on an IFL with only Inet/Inet6 (without family mpls or not with any rewrite rules). PR1652342

A few duplicate packets might be seen in an A/A EVPN scenario when the remote PE device sends a packet with an IM label due to MAC not learned on the remote PE device, but learned on the A/A local PE device. The nondesignated forwarder sends the IM-labeled encapsulated packet to the PE-CE interface after MAC lookup instead of dropping the packet, which causes duplicate packets to be seen on the CE side. PR1245316

In PBB-EVPN (Provider Backbone Bridging-Ethernet VPN) environment, the ARP suppression feature ,which is not supported by PBB might be enabled unexpectedly. This might cause MAC addresses of remote CE devicess not to be learned and hence traffic loss. PR1529940

Sometime vmcore occurs while performing GRES with the EVPN configuration. PR1542037

EVPN-MPLS multi-homing control MACs are not present after the removing and adding the VLAN-ID oval on a trunk IFL of one of the multi-homing PE devices. Junos OS does not recommend this process to modify the VLAN-ID configuration. You must ensure both the MH PE devices are symmetric. PR1596698

Issue occurs only with translation VNI when you move MAC one from DC1 to DC2. VM move across DC where there is no translates VNI configuration in the interconnect works as designed. PR1610432

Use an antireplay window size of 512 for IPv4 or IPv6 in fat-tunnel. The ESP sequence check might otherwise report out-of-order packets if the fat-tunnel parallel encryption is within 384 packets (12 cores * 32 packets in one batch). Hence, there are no out-of-order packets with 512 antireplay window size. PR1470637

The fast-lookup-filter command with match not supported in FLT hardware might cause the traffic to drop. PR1573350

AFEB crashing with PTP thread hog on the device. Through this fix, the PTP packet processing occurs when you enable PTP, when PTP configuration is active. If the PTP configuration is not there, PTP packet processing gets ignored even if FPGA displays PTP packet availability. PR1068306

In MX104 devices, when the usages of the Routing Engine goes high, the sporadic I2C error messagegets displayed. Since the situation would be temporary, the I2C access might be successful in the next polling and there would be no impact. PR1223979

If a vmhost snapshot gets taken on an alternate disk and there is no further vmhost software image upgrade, the expectation is that if the current vmhost image gets corrupted, the system boots with the alternate disk so the user can recover the primary disk to restore the state. However, the host root file system and the node boots with the previous vmhost software instead of the alternate disk. PR1281554

Next Generation Routing Engine (NG-RE) with models RE-S-X6-64G, RE-S-2X00x6 and RE-PTX-X8-64G on MX platform might encounter a transient system freeze of the Linux based host (VMHost) for about 20 to 35 seconds causing protocol to flap, FPC restart, and mastership switch between Routing Engines. Due to incorrect handling of the disk IO commands, a disk I/O timeout gets reported and the system recovers by resetting the solid-state drives (SSD) channel. The system continues to operate correct after such an event. PR1312308

With the Next Generation Routing Engine (NG-RE) in some race conditions, the following interrupts messages might be generated on the primary Routing Engine.

On MX devices with MPC7E, MPC8E, or MPC9E line cards installed, if you use optics QSFPP-4X10GE-LR from Innolight vendor (subset of modules with part number 740-054050), the link might flap. PR1436275

When there are hardware link errors on all 32 links on an FPC 11, all FPCs reports destination errors towards FPC 11 and FPC 11 gets considered as offline with the offlined due to unreachable destinations message. PR1483529

Currently, Junos OS does not support the IP options for the egress firewall attach points. See, firewall-filter-match-conditions-for-ipv4-traffic. The issue might occur in the IP-options router alert traffic due to not hitting the egress firewall filter. PR1490967

When you run the show pfe filter hw filter-name filtername command, the command fails to retrieve the Packet Forwarding Engine programming details of the filter. PR1495712

After the backup Routing Engine halts, CB1 goes offline and comes back online, This causes the backup Routing Engine to boot up, and displays 0x1:power cycle/failure error message. This issue occurs only for the Routing Engine to reboot but there is no other functional impact. PR1497592

A delay of 35 seconds gets added in the reboot time in Junos OS 20.2R1 release compared to Junos OS 19.4R2 release. PR1514364

When an AMS ifd gets configured for the first time or any member of the AMS bundle gets removed or added, the PICs on which the members of AMS bundle are present go for a reboot. There is a timer running in the AMS kernel which is used as a delay for the PIC reboot to complete and once that timer expires AMS assumes that the PICs might have been rebooted and it moves into next step of AMS fsm. In scaled scenarios, the rebooting of the PIC gets delayed due to DCD as when a PIC goes down, DCD is supposed to delete the IFDs on that PIC and then the PIC reboot happens. However, DCD becomes busy processing the scaled configuration and the IFD deletion gets delayed. This delay is much greater than the timer running in AMS kernel. When the timer expires, the FSM in AMS kernel wrongly assumes the PIC reboot might be completed by then, but the reboot is still pending. By the time DCD deletes the IFD, the AMS bundles are already UP due to which there is a momentary flap of the bundles. PR1521929

In MAC-OS platforms, when client connects successfully, client does not get minimized to tray icon, stays connected, and needs to manually minimize it. PR1525889

Due to BRCM KBP issue, the route lookup might fail. PR1533513

After performing ISSU (In-Service Software Upgrade) on the Junos node slicing, the ISSU unsupported FRU (Field Replaceable Unit) will stay offline until bringing online manually once ISSU finishes. This issue causes a service or traffic impact for the offline FRUs. PR1534225

The Flexible PIC Concentrator (FPC) might generate a core file (or dump file) if the flap-trap-monitor feature under the set protocols oam ethernet cfm performance-monitoring sla-iterator-profiles statement and the performance monitoring flaps. PR1536417

The Socket to sflowd closed error message comes up when the ukern socket to sflowd daemon (server) is closed. The error gets rectified by itself as the client successfully reestablishes the connection in the subsequent attempts. When these errors are consistent, it indicates a communication issue between sflowd and the sFlow running on the FPC. PR1538863

In a scaled MX2020 router with vrf localisation enabled, 4 million nexthop scale, 800,000 route scale, FPCs might becomeoffline on GRES. Post GRES, router continues to report many fabric related CM_ALARMs. FPC might continue to reboot and not come online. Rebooting the primary and backup Routing Engine helps recover and get router back into the Stable state. PR1539305

PTP to PTP noise transfer passes for the 400nsp-p_1Hz impairments profile, but fails for the 400nsp-p_0.1Hz profile and lowers the BW profiles. This issue is common for 10g. PR1543982

100G AOC from Innolight does not comes up after multiple reboots. 100G AOC recovers after you enable or disable the interface. PR1548525

The following log gets generates, however, the log is harmless:

The issue applies to the initial release of CBNG for Junos OS 22.1 release. Running the help apropos command in the configuration mode causes an mgd process to generate core file. The mgd process comes back up and does not generate core file. PR1552191

Unsupported configuration gets attempted by the script, that hits the maximum threshold for the given platform. PR1555159

The VE and CE mesh groups are default mesh groups created for a given Routing instance. On VLAN/bridge-domain add, flood tokens, and routes gets created for both the VE and CE mesh-group/flood-group. Ideally, the VE mesh-group is not require on a CE router where IGMP is enabled on the CE interfaces. Trinity-based CE boxes have unlimited capacity of tokens. PR1560588

An impact occurs only when the routing daemon crashes. This issue does not have any impact on the rest of the NSR support. PR1561059

Error messgae gets logged in the FPCs once during bootup of LCs after restarting router or FPC restarts. PR1561362

Due to a race condition, the output of the show multicast route extensive instance instance-name command displays the session status as Invalid. PR1562387

To avoid the additional interface flap, interface hold time needs to be configured. PR1562857

Starting in Junos OS 21.1R1 release, Junos OS ships with python3 as Juos OS does not support python2. In ZTP process, if a python script is being downloaded, ensure the python script follows python3 syntax. PR1565069

The following log gets logged in the chassisd logs with the pic_create_ifname: 0/0/0 pic type F050 not supportederror messages for every port that gets connected:

Stale TCNH entries gets displayed in the new primary Routing Engine after switchover with NSR even though all the prpd routes gets deleted. These TCNH entries are present because Junos OS does not support NSR for BGP static programmable routes. This leads to an extra reference count in the backup Routing Engine due to which the next hop does not get freed. PR1566666

The Packet Forwarding Engine Tunnel id: does not exist error message gets generated while executing the show dynamic-tunnel database statistics command after deactivating the routing-options dynamic-tunnel when we have a high scale of tunnels. This is a transient error message and has no functional impact. The error message gets displayed while tunnels gets deleted and does not get displayed after all the tunnels gets deleted. PR1568284

Copying files to /tmp/ file causes a huge JTASK_SCHED_SLIP. You must copy files to /var/tmp/ file instead. PR1571214

Under a very rare conditions for HA cluster deployment, when it does RG0 failover and at same time, the control link gets down and then hits this mib2d core because the primary and secondary Routing Engine becomes out of synchronization dcd.snmp_ix information. PR1571677

On all Junos platforms, traffic loss might be observed due to a rare timing issue when performing frequent IFBD (Interface Bridge Domain) configuration modifications. This issue occurs when the Packet Forwarding Engine receives out-of-order IFBD(s) from the Routing Engine and might lead to the fxpc process crash and traffic drop. PR1572305

The following messages might get displayed in the logs from MPC11E line card:

There is no functional impact and the logs can be ignored. PR1573972

On MX platforms, in subscriber scenario with scaled around 32,000 connections, the replication daemon might generate core files or stop running, which results in failure on subscriber services on the new Routing Engine after upgrade or GRES. PR1577085

In the EVPN-VXLAN scenario with OSPF configured over the IRB, OSPF sessions might not get established due to connectivity issues. PR1577183

Issue occurs when /8 pool with block size as 1 and configuration gets committed the block creation utilizes more memory causing the NAT pool memory shortage, which gets currently being notified with syslogmessgae tagged RT_NAT_POOL_MEMORY_SHORTAGE. PR1579627

For input subscription paths containing a : character, the extension header in case of GNMI and certain fields for the show network-agent statistics command displays incorrect values. PR1581659

In a fully loaded devices at times, the firewall programming fails due to scaled prefix configuration with more than 64800 entries. However, this issue does not get observed in the development setup. PR1581767

When the active slave interface gets deactivated, the PTP lock status gets set to the INITIALIZING state in the output of the show ptp lock-status command for few seconds before BMCA chooses the next best slave interface. There is a day-1 behavior and no functional impact. PR1585529

With the preserve hierarchy statement on and use the option c with BGP CT, the VPN CT stitching routes at ASBR if resolving over an SRTE tunnel having single label, then the forwarding mpls.0 route programming becomes incorrect on the MX boxes. PR1586636

On all Junos platforms, when there is a congestion on the link where telemetry streams are connected, then in a race conditions, there can be na-grpcd core file and telemetry service impacts as na-grpcd takes a minute to come back online. PR1587956

In USF mode (MX-SPC3) with NAPT44,EIM, APP and PCP configuration, the show services session count command on vms interface does not get displayed as expected for the FTP traffic initiated from public side. PR1588046

In rare circumstances with routing-engine switchover, the routing protocol daemon in former active routing-engine (new backup routing-engine) might restart with a coredump while in process of being terminated. PR1589432

On all devices running Junos OS 19.1R3-S5-J3 release, the subscriber IFL(logical interface) might be in a Stuck state after the ESSM (Extensible Subscriber Services Manager) deletion. PR1591603

In USF mode, for IPSec specific scenario involving GRES, RPD immediately purges the route entry(the ARI routes injected by IKED based on negotiated traffic selector) as it considers it as a stale route entry on RE mastership switch which impacts the uplink(or encrypt)traffic until IKED adds back the ARI routes as part of the IKE and IPSec SA restore processing on mastership switch. In order to minimize the traffic loss, Junos OS recommends to use the set system services subscriber-management gres-route-flush-delay configurable command. The following link already documents the configurable command and it clearly states usage of the command to minimize or avoid traffic loss for GRES scenario: https://www.juniper.net/documentation/us/en/software/junos/subscriber-mgmt-%20access/topics/topic-map/high-availability-subscriber-access-networks.html#i%20d-minimize-traffic-loss-due-to-stale-route-removal-after-a-graceful-routing%20-engine-switchover PR1592655

Inline NPT on MX does not translate Source IPv6 of packet with Authentication Header present. The packet is simply passed through upstream. Consequently, it is not expected that downstream traffic arrives with NPT pool IPv6 address as IPv6 destination address and with Authentication header. Such traffic would be malicious and this must be handled via external configuration. The fix suggested is to configure firewall for downstream direction that blocks traffic destined to NPT pool address and with authentication header. PR1592957

Need to provide a CLI command to reload firmware after upgrade. PR1594579

Pim VXLAN does not work on TD3 chipsets enabling the VXLAN flexflow after Junos OS 21.3R1 release. You can use PIM VXLAN or data plane VXLAN of Junos OS 21.3R1 release. PR1597276

On all MX devices, changing configuration AMS 1:1 warm-standby to load-balance or deterministic NAT might result in vmcore and cause traffic loss. PR1597386

On MX2010 and MX2020 devices, Junos OS does not support ISSU for software upgrades from Junos OS 21.2 release to Junos OS 21.3 and 21.4 releases due to a flag day change. PR1597728

On MX10008 and MX10016 devices with JNP10K-RE1, some of SMART attributes of StorFly VSFBM8CC200G SSD might be shown as Unknown_Attribute. PR1598566

In some instances, when you perform the FHP recovery action on an SLC due to silently discard traffic, the restart operation on the SLC result might not be successful and the FHP recovery action might timeout. PR1600559

Comparing convergence time with Junos OS 21.1R1.5 release displaying degradation in isisv6, ospfv2, and ospfv3 convergence time. As it is a convergence time issue, many components gets involved and hence need investigation from multiple teams (RPD, Kernel, and Packet Forwarding Engine). These kind of issuer requires multiple iteration of experiments to narrow it down, a bit difficult to do RCA and it takes some good amount of time. PR1602334

On MX-VC (Virtual Chassis) platforms with MS-MPC or SPC3 service cards and AMS (Aggregated Multi-Service) with 8 interfaces, traffic on the line card in the backup chassis might not be load-balanced properly due to timing conditions. This works well on the line card in the master chassis and there might be traffic loss when interfaces are not properly balanced. PR1605284

In some NAPT44 and NAT64 scenarios, duplicate SESSION_CLOSE syslog message gets displayed. PR1614358

Errors get displayed with the hieINH->COMPNH->UCAST->AE_IFL next-hop during AE-IFL flaps control detects and initiate MBB. PR1617388

On MX platforms, the MPC10E-10C-MRATE becomes offline or online due to FO (Fabric out) timeouts. PR1625820

Deleting all values of RPC returns no positive reply. PR1630167

During ZPL ISSU of MPC10 and MPC11 line cards, if LACP and LFM configurations are present, the ppman process might generate core file. PR1633286

On MX platform with SPC3 service card installed, TFTP control sessions gets refreshed with inactivity time out after data session is closed, causing the control session to stay in session table for some more time. Service impact is minor or negligible as the TFTP control session eventually gets deleted after timeout. PR1633709

WIth PTPoIPv6 on MPC2E 3D EQ, PTP slave stays in the Acquiring state. PR1642890

The low priority stream might be marked as destination error as a result of low priority stream being stuck and dropping all traffic. PR1657378

On all MX platforms, EDAC errors gets triggered but alarms do not until the FPC gets rebooted due to the data corruption in hardware. PR1646339

When you configure multipath, multipath computation gets missed for the routes resulting in missing multipath routes. PR1659255

When you perform GRES with the interface em0 (or fxp0) disabled on the primary Routing Engine, then enable the interface on the new backup Routing Engine, network is not accessible. PR1372087

Abrupt termination of the client socket might take time for JSP to detect disconnection. The client must wait for the connection terminal to be detected in such cases, which could be around 1 hour. You can also restart JSD before being able to connect back with the same client ID. PR1549044

In case of the access-side interfaces used as SP-style interfaces, when you add a new logical interface and if there is already a logical interface on the physical interface, there is 20 to 50 ms traffic drop on the existing logical interface. PR1367488

If the request system zeroize statement does not trigger the zero-touch provisioning, you must re-initiate the ZTP as a workaround. PR1529246

On MX devices, there might be a mismatch in the subscriber information between the devices when the two devices are configured as Dynamic Host Configuration Protocol (DHCP) relay Active lease Query (ALQ) peers. This is a timing issue that occurs frequently when the lease timer is less than 300 seconds. PR1638050

The BFD session flaps during ISSU only in the MPC7E line card (BFD sessions from other cards of DUT to peer routers did not flap during ISSU). PR1453705

Single hop BFD sessions can sometimes flap after GRES in highly scaled setups which have RSVP link or link-node-protection bypass enabled. This happens because sometimes RSVP neighbor goes down after GRES if RSVP hellos are not received after GRES before neighbor timeout happens. As a result of RSVP neighbor going down, RSVP installs a /32 route pointing to bypass tunnel which is required to signal backup LSPs. This route is removed when all lsps stop using bypass after link comes back up. The presence of this /32 route causes BFD to flap. PR1541814

The use-for-shortcut statement is meant to be used only in the SRTE tunnels which, uses SSPF (Strict SPF Algo 1) Prefix SIDs. If you configure set protocols isis traffic-engineering family inet-mpls shortcuts and set protocols isis traffic-engineering tunnel-source-protocol spring-te command on a device, and if you configure any SRTE tunnel using Algo 0 Prefix SIDs with the use-for-shortcut command, it might lead to routing loops or rpd cores. PR1578994

When there is scaled RSVP sessions (around 21,000) and have enabled RSVP for all the interfaces,RPD process walks through all the interfaces, which results into high CPU for some time and LSP flaps. PR1595853

When a protected link goes down, MPLS gets tunnel local repair message from RSVP and trigger CSPF computation. Then, MPLS gets link protection information through RRO notification. If MPLS receives TED notification first before RRO notification, then CSPF computation fails. Since, the link protection flag is not set, MPLS thinks it is an unprotected link and brings down the LSP. PR1598207

Ingress retries after LSP stays down for an extended period of time or when you clear LSP to speed up the retry process. PR1631774

Routing protocol daemon (RPD) crashes when you configure dual transport Label distribution protocol (LDP) along with Nonstop routing (NSR). PR1635863

The commit synchronize command fails as the kernel socket gets stuck. PR1027898

Due to software implementation, firewall filter gets re-applied during graceful switchover that might cause traffic drop. PR1487937

With GRES and NSR functionality with VXLAN feature, the convergence time might be slightly higher than expected for the L2-DOMAIN-TO-L3VXLAN. PR1520626

When the DHCP relay mode is configured as no-snoop, we are observing the offer gets dropped due to incorrect ASIC programming. This issue only affects while running DHCP relay on EVPN-VXLAN environment. PR1530160

If you use the source-address NTP configuration parameter and issue the command "set ntp date" from the CLI, packets will be sent with the source address of the outgoing interface rather than the manually configured IP address. Typically the manually configured IP address would be a loopback address. The problem does not apply to automatically generated NTP poll packets. PR1545022

On the Trio-based line card with firewall filter used scenario,adding or deleting configurations at scale in multiple iterations might cause the line card to crash and FPC to restart and traffic landing on the FPC gets lost until it comes online again. PR1589619

Traffic loss occurs with vrrp mastership change from backup to primary. This issue occurs while route come back after enabling the link. PR1612504

With Junos OS 21.3R1 release with EVPN VXLAN SMET multicast snooping configuration, traffic might drops at VTEPs. PR1613457

On MX devices during reboot, the aggregated Ethernet interface ifls gets first added, then deleted and again added. The flapping causes corner case where the filter attachment ipc has older aggregated Ethernet interface ifl index on which the filter bind fails. Filter does not get attached to the interface. Hence. any filter related service does not work. PR1614480

With given multi-dimensional scale, if you remove configuration and restored continuously for more than 24 times, MX Trio-based FPC might crash and restart. During the reboot, there might be traffic impact if backup paths are not configured. PR1636758

Using static LSP (labeled switched path) configuration, the child node does not get removed from the flood composite when the core interface goes down. PR1631217

While interoperating with other vendors in a draft-rosen multicast VPN, by default Junos OS attaches a route target to multicast distribution tree (MDT) subsequent address family identifier (SAFI) network layer reachability information (NLRI) route advertisements. But some vendors do not support attaching route targets to the MDT-SAFI route advertisements. In this case, the MDT-SAFI route advertisement without route-target extended communities is prevented from propagating if the BGP route-target filtering is enabled on the device running Junos OS. PR993870

Certain BGP traceoption flags (for example, open, update, and keepalive) might result in (trace) logging of debugging messages that do not fall within the specified traceoption category, which results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294

LDP OSPF are in synchronization state because the IGP interface is down with ldp-synchronization enabled for OSPF. As per the current analysis, the IGP interface goes down because although LDP notified OSPF that LDP synchronization was achieved, OSPF is not able to take note of the LDP synchronization notification, because the OSPF neighbor is not up yet. PR1256434

On MX devices, the following unexpected log message appears if the show version detail or request support information command gets executed:

TILFA backup path fails to install in LAN scenario and also breaks SR-MPLS tilfa for LAN with more than four end-x sids configured per interface. PR1512174

In previous versions of RFC 9072s draft-ietf-idr-bgp-ext-opt-param, the optional-parameter length required to be 255 in order to trigger the updated behavior. Later editions of the Internet-Draft permitted non-zero optional parameter length values to be used to support the feature. PR1554639

Multicast traffic hogs the switch core when you remove igmp-snooping. The mcsnoopd process might generate core file due to the changes in the mrouter interfaces and routes. PR1569436

Traffic loss occurs across the LDP path during traffic shift from one router to another device in the MPLS cloud. Two routers with two different capacities converge at two different times. Hence, a microloop occurs between the two nodes. PR1577458

On all platforms supporting ISSU (In-Service Software Upgrade), if you perform ISSU on two routers connected over LFM (Link Fault Management), the process gets aborted with the Aborting Daemon Preparemessage on one of the routers. The BFD (Bidirectional Forwarding Detection) process gets stuck at the Abort state and does not get reverted back to the Idle state. Any subsequent attempt of ISSU on the failed node fails with the same message. PR1598786

When you enable the MPLS traffic-engineering and rib inet.3 protect core command, the transport routes in inet.3 does not get used for the route resolution. PR1605247

On MX devices, the initial multicast register packets might get dropped that might affect multicast services. PR1621358

For the DEFAULT_INSTANCE routing-instance, the name gets restricted to DEFAULT now. Since, the functionality of DEFAULT_INSTANCE is different from all other instances. Also, the network instance is the base network instance that is populated by the routing protocols, referred to as the global or default. Hence, DEFAULT is the only name forward. PR1644421

When you use the Group VPN in certain cases, the PUSH ACK message from the group member to the group key server might get lost. The group member can still send rekey requests for the TEK SAs before the hard lifetime expiry. Only if the key server sends any new PUSH messages to the group members, those updates would not be received by the group member since the key server would have removed the member from registered members list. PR1608290