Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Known Limitations

Learn about known limitations in Junos OS Release 21.4R3 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.


  • EVPN-VXLAN ESI might result in minor loop in some scenarios and this might hit duplicate address detection (DAD) in IPV6. PR1619504

General Routing

  • When the device is up and running for a long time, there is a possibility FS gets bad blocks and it is accumulated. When any change done to it, it reloads and tries to recover the bad blocks from the FS. PR910445

  • When cmerror disables pfe, it does not power off the ea and hmc chips. The periodic continues monitoring the temp on hmc and other devices. If the temp is overheated, the system can take proper actions, such as increase the fan speed or shutdown the systems. The periodic calls hmc_eri_config_access() to get temp readings. It is expected to get ERI timeout continuously in this case. PR1324070

  • Upon MPC11 boot up, errors such as following could be seen, but these are harmless and does not have functional impact. timestamp device kernel: i2c i2c-100: (11/1:0x41) i2c transaction error (0x00000002) timestamp device kernel: i2c i2c-64: (7/1:0x41) i2c transaction error (0x00000002) PR1457655

  • Currently, IP options are not supported for egress firewall attach points, relevant supporting doc attached: opics/concept/firewall-filter-match-conditions-for-ipv4-traffic.html. The issue might occur IP-options router alert traffic not hitting the egress firewall filter. PR1490967

  • In Junos OS Release 20.3R1 and Junos OS Release 21.2R1, the LFM might flap during MX-VC ISSU. PR1516744

  • The issue applies to the initial release of CBNG for Junos OS Release 22.1. Running help apropos command in configuration mode is going to cause an MGD core. The MGD will comeback up and as long as the command is not issues again the core will not occur. PR1552191

  • Once vxlan is configured on an physical interface, its always treated as vlxan port even though Layer 2 VLAN exists. PR1570689

  • During boot up PTP FPGA link resets which toggles the link. Therefore, the message is observed in the console. PR1572061

  • When a packet, which triggers ARP resolution, hits services interface style filter on the output will have session create and close log with incorrect ingress interface. This usually happens with the first session hitting such a filter. PR1597864

  • On MX Series platforms, enhanced policer counter output shows double value when policer is applied in the ingress direction. The output shows normal when the filter is applied in the egress direction. PR1615373

  • When the show command show services web-filter secintel-policy-db ip-prefix-information is being used, exact prefix mentioned in the feed file database needs to be provided. PR1615465

  • When filter has next-term then it becomes unoptimized and started to get executed serially .Since all the terms are configured with next term in the given config, forcing terms to be evaluated in sequential manner instead of jump which causes the ppe thread to execute >900 instructions causing the bottleneck. PR1617385

  • Percentage physical-interface policer is not working on AE, after switching between baseline config to policer config PR1621998

  • Minor packet drops due to bb-drops seen while creating ~45k TCP session creates with NAT EIM mapping configured. PR1623276

  • If we have scaled number of PPPoE subscribers hosted on PS anchored over RLT interface. Now if we try to remove LT member link from the RLT bundle, then some of the subscribers may go down. So It's advised to bring down all the subscribers before removing RLT member links. PR1623641

  • Media install (USB, PXE) and media-zeroize operations do not succeed and boot time is increased. PR1624053

  • In ULC-based linecards, we can see duplicate leaf values for the following counters exported in /interfaces/interface/state/counters hierarchy - in-unicast-pkts in-broadcast-pkts in-multicast-pkts in-pause-pkts in-errors in-discards out-unicast-pkts out-multicast-pkts out-broadcast-pkts out-pause-pkts out-errors out-discards These leaves are produced by picd and aftd-trio. PR1624864

  • The available space check in case of: 1. Upgrade is 5 GB 2. Fresh Install is 120 GB The scenario Upgrade/Fresh-Install is decided from within RPM spec i.e. if RPM finds any older version is already installed. Since RPM-DB is destroyed during LTS-19 (vm-host) upgrade, rpm install scripts deduce the upgrade as fresh-install and look for 120GB free space. The warning can be ignored, as it has no functional impact. PR1639020

  • On SRX4600 platform, the CPU might overrun while performing sanity check due to incompatibility issues between ukern scheduler and Linux driver which might lead to traffic loss.PR1641517

  • Inter DC ARP request packet will be dropped in DC-GW enabled with Port mirroring configsPR1650597

  • The ZPL ISSU operation for MPC11e are incompatible to in-service-upgrade from releases to new releases with infra change in sysman_msg.emg. PR1652737


  • While upgrading the image from Junos OS Release 21.2T to 21.3DCB, the no-validate configuration statement is mandatory for the upgrade command to proceed. PR1586481

  • Below IPC timeouts logs can be seen for statistics query to kernel(queried from cli or daemons querying internally)when there is config churn, or large number of IPCs getting exchanged between kernel and pfe in the system. if_pfe_msg_handler: pfe_peer_msg_handler error: error for msg type type, msg subtype subtype, opcode op and peer index index Default IPC timeout value in kernel for IPC statistics request is 10s. This can be incremented to larger value by committing set system stats-timeout-lifetime 15 hidden configuration to avoid IPC timeout errors. PR1629930


  • The Firefox browser displays an unsaved changes error message in the J-Web basic settings page if the autofill logins and passwords option is selected under the browser privacy and security settings. PR1560549


  • With local reversion ON, there is a possibility of transit router not informing headend of RSVP disabled link when link is flapped more than once. As a work around, remove local-reversion configuration. PR1576979

Network Management and Monitoring

  • Junos OS has a feature to block/deny all hidden commands. Users can get this feature by configuring 'set system no-hidden-commands'. However when this is configured and committed Junos blocks/denies new netconf/junoscript XML sessions. As a workaround users can delete 'system no-hidden-commands' configuration knob and start the new netconf/junoscript sessions. PR1590350

Platform and Infrastructure

  • On MX Series and EX9200 Series platforms, under EVPN environment, packets routed using IRB interface could not be fragmented due to media maximum transmission unit (MTU) problem. PR1522896

  • Configured 4000 vpls instance and sending bidirectional traffic with 200k macs each side. After clearing vpls mac table, Observed Error messages. RT------------ bison ---------------- archerfish------------RT 200k mac 4k-vpls 4k-vpls 200k mac host# run show l2-learning global-mac-count 400000 dynamic and static MAC addresses learned globally host# run show l2-learning global-mac-count 400000 dynamic and static MAC addresses learned globally host@bison# run clear vpls mac-table Issue: Below error logs were seen, While running 'clear vpls mac-table'. [Mar 9 06:20:42.795 LOG: Err] disp_force_callout(1994): EA[0:0].disp[0] forced callout timeout 0 msec. [Mar 9 06:20:42.795 LOG: Err] luss_send_callout_parcel(793): EA[0:0].disp[0] failed to send callout parcel (ptype 14, snum 977 tid 0). [Mar 9 06:20:43.510 LOG: Err] dispatch_event_handler(684): EA[0:0].disp[0] PRIMARY_TIMEOUT (PPE 4 Zone 8). Impact: There will not be any functional impact during this issue, just the error logs. It occurs with a scaled count of more than 1.5L MACs and eventually all the MACs will get cleared successfully. PR1575316

  • When the deactivate services rpm and deactivate routing-options rpm-tracking CLIs are applied together and then committed, some of the rpm tracked added routes are not deleted from the routing table. Issue cannot be seen using the following steps. 1. deactivate routing-options rpm-tracking 2. commit the configuration then all the rpm tracked routes will be deleted. If the RPM service needs to be deactivated, 3. deactivate services rpm 4. commit. PR1597190

  • After a switchover event, when ppmd calls sendmsg system call to transmit the protocol packets, it gets blocked long enough that a few sendmsg calls cumulatively take up around 7 to 8 seconds. This indirectly impacts the BFD session because the BFD session has a Routing Engine-based detect time of 7.5 seconds to expire. PR1600684

  • USB image upgrade for RE-1800x4 K2re "bare-metal" platforms (SRX5k, MX240, MX480, MX960, MX2010, EX9208 chassis) might not be successful. PR1630040

Subscriber Access Management

  • A restart of APM's provisioning micro-service (prov-man) when connected to a BNG or BNGs may result in the inability for APM to re-establish a functional APMi connection with a BNG or BNGs. This is a result of the BNG's inability to detect the loss of the initial connection. The BNG's JSD service has loose gRPC keep-alive settings which make connection loss detection difficult.PR1645910