Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Known Limitations

Learn about known limitations in Junos OS Release 21.4R2 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Flow-Based and Packet-Based Processing

  • Use 512 antireplay window size for an IPv4 or IPv6 in fat-tunnel. The ESP sequence check might otherwise report out-of-order packets if the fat-tunnel parallel encryption is within 384 packets (12 cores * 32 packets in one batch). Therefore, there are no out-of-order packets with 512 antireplay window size. PR1470637

General Routing

  • When the device is up and running for a long time, there is a possibility FS gets bad blocks and it is accumulated. When any change done to it, it reloads and tries to recover the bad blocks from the FS. PR910445

  • When cmerror disables the Packet Forwarding Engine, it does not power off the EA and HCM chips. Temperature monitoring continues on the HMC and other devices, and the system can take proper actions, such as increasing the fan speed or shutting down the systems. PR1324070

  • On rebooting MPC11, errors such as following could be seen, but these are harmless and does not have functional impact. timestamp device kernel: i2c i2c-100: (11/1:0x41) i2c transaction error (0x00000002) timestamp device kernel: i2c i2c-64: (7/1:0x41) i2c transaction error (0x00000002). PR1457655

  • IP options are not supported for egress firewall attach points. The issue might occur when IP-options router alert traffic is not hitting the egress firewall filter.

    [See IP-options router alert traffic not hitting the egress firewall filter .] PR1490967

  • LFM might flap during MX Series Virtual Chassis unified ISSU to and from this release. PR1516744

  • The issue applies to the initial release of CBNG for the Junos OS Release 22.1. Running help apropos command in configuration mode is generating an MGD core file. The MGD will comeback up and as long as the command is not issued again and the core will not occur. PR1552191

  • The PTP FPGA is kept in reset during BIOS boot. During Linux boot, the PTP FPGA is taken out of reset and pcie-tree is reenumerated. Hence you would be seeing the Link-up/down during this sequence. PR1572061

  • When a packet, which triggers ARP resolution, hits services interface style filter on the output will have session create and close log with incorrect ingress interface. This usually happens with the first session hitting such a filter. PR1597864

  • On MX Series platforms, enhanced policer counter output shows double value when policer is applied in the ingress direction. The output shows normal when the filter is applied in the egress direction. PR1615373

  • When the show command show services web-filter secintel-policy-db ip-prefix-information is being used, exact prefix mentioned in the feed file database needs to be provided. PR1615465

  • When filter has next-term then it becomes unoptimized and started to get executed serially. Since all the terms are configured with the next term in the given configuration, forcing terms to be evaluated in the sequential manner instead of jump which causes the ppe thread to execute more than 900 instructions causing the bottleneck. PR1617385

  • Percentage physical-interface policer is not working on the aggregated Ethernet interface, after switching between baseline configuration and policer configuration. PR1621998

  • If we have scaled number of PPPoE subscribers hosted on PS anchored over RLT interface. Now, if we try to remove LT member link from the RLT bundle, then some of the subscribers might go down. So It is advised to bring down all the subscribers before removing RLT member links. PR1623641

  • Media install (USB, PXE) and media-zeroize operations do not succeed and boot time is increased. PR1624053

  • In ULC-based linecards, you can see duplicate leaf values for the following counters exported in /interfaces/interface/state/counters hierarchy. in-unicast-pkts in-broadcast-pkts in-multicast-pkts in-pause-pkts in-errors in-discards out-unicast-pkts out-multicast-pkts out-broadcast-pkts out-pause-pkts out-errors out-discards. These leaves are produced by picd and aftd-trio. PR1624864

  • The available space check in case of: 1. Upgrade is 5 GB 2. Fresh Install is 120 GB. The scenario of upgrading or installing is decided from within RPM spec i.e. if RPM finds any older version is already installed. Since RPM-DB is destroyed during LTS-19 (vm-host) upgrade, rpm install scripts deduce the upgrade as fresh-install and look for 120GB free space. The warning can be ignored, as it has no functional impact. PR1639020

  • The ZPL ISSU operation for MPC11E is incompatible to in-service-upgrade from releases to new releases with infra change in sysman_msg.emg PR1652737


  • EVPN-VXLAN ESI might result in minor loop in some scenarios and this might hit duplicate address detection (DAD) in IPv6. PR1619504


  • While upgrading the software image from Junos OS Release 21.2 to Junos OS Release 21.3, the no-validate configuration statement is mandatory for the upgrade command to proceed. PR1586481


  • With local reversion ON, there is a possibility of transit router not informing headend of RSVP disabled link when link flap more than once. Work around is to remove local-reversion configuration. PR1576979

Network Management and Monitoring

  • Junos OS has a feature to block or deny all hidden commands. Users can get this feature by configuring set system no-hidden-commands. However, when this is configured and committed, Junos OS blocks or denies new netconf or junoscript XML sessions. As a workaround, users can delete system no-hidden-commands configuration statement and start the new netconf or junoscript sessions. PR1590350

Platform and Infrastructure

  • After clearing vpls mac table, the following error message occurs while running clear vpls mac-table. [Mar 9 06:20:42.795 LOG: Err] disp_force_callout(1994): EA[0:0].disp[0] forced callout timeout 0 msec. [Mar 9 06:20:42.795 LOG: Err] luss_send_callout_parcel(793): EA[0:0].disp[0] failed to send callout parcel (ptype 14, snum 977 tid 0). [Mar 9 06:20:43.510 LOG: Err] dispatch_event_handler(684): EA[0:0].disp[0] PRIMARY_TIMEOUT (PPE 4 Zone 8). There will not be any functional impact during this issue, just the error logs. It occurs with a scaled count of more than 1.5L MACs and eventually all the MACs will get cleared successfully. PR1575316

  • When the deactivate services rpm and deactivate routing-options rpm-tracking CLIs are applied together and then committed, some of the rpm tracked added routes are not deleted from the routing table. Issue cannot be seen using the following steps. 1. deactivate routing-options rpm-tracking 2. commit the configuration then all the rpm tracked routes will be deleted. If the RPM service need to be deactivated, 3. deactivate services rpm 4. commit. PR1597190

  • After a switchover event, when ppmd calls sendmsg system call to transmit the protocol packets, it gets blocked long enough that a few sendmsg calls cumulatively take up around 7 to 8 seconds. This indirectly impacts the BFD session because the BFD session has a Routing Engine-based detect time of 7.5 seconds to expire. PR1600684

Subscriber Access Management

  • A restart of APM's provisioning micro-service (prov-man) when connected to a BNG or BNGs might result in the inability for APM to re-establish a functional APMi connection with a BNG or BNGs. This is a result of the BNG's inability to detect the loss of the initial connection. The BNG's JSD service has gRPC keep-alive settings which make connection loss detection difficult.PR1645910