Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Open Issues

Learn about open issues in Junos OS Release 21.4R3 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • The show class-of-service interface command might not show the classifier bind information on a logical interface with only Inet/Inet6 (without family MPLS or not with any rewrite rules). Show issue, Classifier will be still present and functional. No impact to the traffic PR1652342

  • The aggregated Ethernet interfaces in per-unit-scheduler mode and committing CoS configuration on aggregated Ethernet logical interfaces in a single commit leads to race-conditions.PR1666010

EVPN

  • A few duplicate packets might be seen in an A/A EVPN scenario when the remote PE device sends a packet with an IM label due to MAC not learned on the remote PE device, but learned on the A/A local PE device. The nondesignated forwarder sends the IM-labeled encapsulated packet to the PE-CE interface after MAC lookup instead of dropping the packet, which causes duplicate packets to be seen on the CE side. PR1245316

  • In PBB-EVPN (Provider Backbone Bridging - EVPN) environment, ARP suppression feature which is not supported by PBB might be enabled unexpectedly. This might not learn the MAC addresses of remote CE devices resulting in traffic loss. PR1529940

  • EVPN-MPLS multi-homing control MACs are missing after vlan-id removal and adding back on a trunk logical interface of one of the multi-homing PE devices. This is not a recommended way to modify vlan-id configuration. Always both MH PEs needs be in symmetric. PR1596698

  • EVPN local ESI MAC limit configuration might not get effective immediately when it has already learned remote MH MACs. Clear the MAC table from all MH PEs and configure the MAC limit over local ESI interfaces. PR1619299

  • The current implementation based on RFC 7432, do not have support for changes in DF election upon deactivation of a routing instance on a PE with multiple routing instances, also the current implementation does not support AD/EVI per ethernet tag. To address this issue, the "AC influenced DF election" procedure defined in RFC 8584 needs to be implemented.PR1677206

Flow-based and Packet-based Processing

  • Use an antireplay window size of 512 for IPv4 or IPv6 in fat-tunnel. The ESP sequence check might otherwise report out-of-order packets if the fat-tunnel parallel encryption is within 384 packets (12 cores * 32 packets in one batch). Hence, there are no out-of-order packets with 512 antireplay window size. PR1470637

Forwarding and Sampling

  • When the fast-lookup-filter statement is configured with a match that is not supported in the FLT hardware, traffic might be lost. PR1573350

General Routing

  • When you perform GRES with the interface em0 (or fxp0) disabled on the primary Routing Engine, then enable the interface on the new backup Routing Engine, it isn't able to access network. PR1372087

  • AFEB crashing with PTP thread hog on the device. Through this fix PTP packet processing is done when PTP is enabled that is, when PTP configuration is active. If the PTP configuration is not there we will ignore PTP packet processing even if FPGA is showing PTP packet is available. The issue is very rare issue. The fix is in 15.1F6 and onward and 16.1 PR1068306

  • If a vmhost snapshot is taken on an alternate disk and there is no further vmhost software image upgrade, the expectation is that if the current vmhost image gets corrupted, the system boots with the alternate disk so the user can recover the primary disk to restore the state. However, the host root file system and the node boots with the previous vmhost software instead of the alternate disk. PR1281554

  • When VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter is not installed. PR1362609

  • With Next Generation Routing Engine (NG-RE), in some race conditions, the following interrupts messages might be seen on master RE: kernel: interrupt storm detected on "irq11:"; throttling interrupt source PR1386306

  • On MX Series devices with MPC7E, MPC8E, or MPC9E installed, if optics QSFPP-4X10GE-LR from Innolight vendor (subset of modules with part number 740-054050) is used, the link might flap. PR1436275

  • Upon MPC11 boot up, errors such as following could be seen, but these are harmless and does not have functional impact. timestamp device kernel: i2c i2c-100: (11/1:0x41) i2c transaction error (0x00000002) timestamp device kernel: i2c i2c-64: (7/1:0x41) i2c transaction error (0x00000002) PR1457655

  • On NFX250 devices in a rare condition, virtual port peer (VPP) functionality might not run on dual CPE (customer premises equipment) and occasionally on single CPE. This issue is seen when a redis database file 'appendonly.aof' had stale entries before redis-server started upon boot. PR1461238

  • The SCHED L4NP[0] parity errors are observed. PR1464297

  • When hardware link errors occur on all 32 links on an FPC 11, all FPCs reported destination errors towards FPC11 and FPC11 is taken offline with "offlined due to unreachable destinations" reason. PR1483529

  • When you run the show pfe filter hw filter-name filter name command, the command fails to retrieve the Packet Forwarding Engine programming details of the filter. PR1495712

  • After backup Routing Engine stops, CB1 goes offline and comes back online resulting in restarting the backup Routing Engine. The backup Routing Engine reboots because of "0x1:power cycle/failure" message. There is no other functional impact. PR1497592

  • In the platform using indirect next hop (INH), such as unilist as route next hop type for multiple paths scenario (such as BGP PIC or ECMP), the session fast-reroute might be enabled in Packet Forwarding Engines. When the version-id of session-id of INH is above 256, the Packet Forwarding Engine might not respond to session update, which might cause the session-id permanently to be stuck with the weight of 65535 in PFE. It might lead Packet Forwarding Engine to have a different view of unilist against load-balance selectors. Then either the BGP PIC or the ECMP-FRR might not work properly and traffic might be dropped or silently discarded. PR1501817

  • A delay of 35 seconds is added in reboot time in Junos OS Release 20.2R1 compared to Junos OS Release 19.4R2. PR1514364

  • When an AMS physical interface is configured for the first time or any member of the AMS bundle is removed or added, the PICs on which the members of AMS bundle are present go for a reboot. There is a timer running in the AMS kernel which is used as a delay for the PIC reboot to complete and once that timer expires AMS assumes that the PICs might have been rebooted and it moves into next step of AMS fsm. In scaled scenarios, this rebooting of the PIC is delayed due to DCD. This is because when a PIC goes down, DCD is supposed to delete the physical interfaces on that PIC and then the PIC reboot happens. But DCD is busy processing the scaled config and the physical interface deletion is delayed. This delay is much greater than the timer running in AMS kernel. When the above timer expires, the FSM in AMS kernel wrongly assumes the PIC reboot would be completed by then, but the reboot is still pending. By the time DCD deletes this physical interface the AMS bundles are already UP. Because of this, there is a momentary flap of the bundles. PR1521929

  • In MAC-OS platforms when Juniper Secure Connect client connects successfully, the client is not getting minimized to tray icon and needs to be minimized manually.PR1525889

  • Due to BRCM KBP issue route lookup might fail. Need to upgrade KBP to address this issue. Due to high risk KBP SDK upgrade planned for 21.1. PR1533513

  • The Flexible PIC Concentrator (FPC) might generate a core file (or dump file) if the flap-trap-monitor feature under set protocols oam ethernet cfm performance-monitoring sla-iterator-profiles is used and performance monitoring flap occurs.PR1536417

  • In scaled MX2020 router, with vrf localisation enabled, 4 million nexthop scale, 800k route scale. FPCs might go offline on GRES. Post GRES, router continues to report many fabric related CM_ALARMs. FPC might continue to reboot and not come online. Rebooting primary and backup Routing Engine will help recover and get router back into stable state. PR1539305

  • The FPC process might not get spawned after hard reboot in a rare case, which causes the FPC to not come online successfully. PR1540107

  • This log is harmless: Feb 27 20:26:40 xolo fpc3 Cannot scan phys_mem_size.out. Please collect /var/log/*.out (0;0xdd3f6ea0;-1) (posix_interface_get_ram_size_info): Unknown error: -1. PR1548677

  • The issue applies to the initial release of CBNG for 22.1. Running help apropos command in config mode is going to cause an MGD core. The MGD will comeback up and as long as the command is not issues again the core will not occur. PR1552191

  • Unsupported config is being attempted by the script that then hits the maximum threshold for the given platform. PR1555159

  • 5M DAC connected between QFX10002-60C and MX2010 does not link up. But with 1M and 3M DAC this interop works as expected. Also it is to be noted QFX10002-60C and ACX or Traffic generator the same 5M DAC works seamlessly. There seems to be certain SI or link level configuration on both QFX10002-60C and MX2010 which needs to be debugged with the help from HW and SI teams and resolved. PR1555955

  • USF-SPC3 : With ipsec PMI/fat-core enabled, show services sessions utilization CLI not displaying right CPU utilization. PR1557751

  • VE and CE mesh groups are default mesh groups created for a given Routing instance. On vlan/bridge-domain add, flood tokens and routes are created for both VE and CE mesh-group/flood-group. Ideally, VE mesh-group doesn't require on a CE router where IGMP is enabled on CE interfaces. Trinity based CE boxes have unlimited capacity of tokens, so this would not be a major issue. PR1560588

  • This is a feature enhancement and work is in progress to provide this support. This will have impact only when routing daemon crashes and will not have impact on rest of the NSR support. PR1561059

  • Due to a race condition, the show multicast route extensive instance instance-name output can display the session status as Invalid. Such an output is a cosmetic defect and not indicative of a functional issue. PR1562387

  • To avoid the additional interface flap , interface hold time needs to be configured . PR1562857

  • When Deactivate or Activate of security configuration is executed continuously, there are instances in which when gkmd process can core while the process exits.PR1566044

  • Stale TCNH entries are seen in new primary Routing Engine after switchover with NSR even though all the prpd routes are deleted. These TCNH entries are present because NSR is not supported for BGP static programmable routes. This leads to an extra reference count in the backup Routing Engine, due to which the next hop is not freed. PR1566666

  • On PTX platforms, when Inline Jflow is configured and high sampling rate (more than 4000 per second) is set, high CPU utilization may be observed and this might result in relevant impacts on traffic analysis and billing. This issue is fixed from 21.3R1 via RLI 49464.PR1569229

  • In MX Series devices, the device might not send pause frames in case of congestion. PR1570217

  • When a AE link is brought down, a transient error message, '[Error] Nexthop: EalNhHandler: failed to add Nh: xxxx, type: composite, as pil add failed' might be seen. There is no functional impact due to these errors. PR1570710

  • A vulnerability in the handling of exceptional conditions in Juniper Networks Junos OS Evolved (EVO) allows an attacker to send specially crafted packets to the device, causing the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) process to crash and restart, impacting all traffic going through the FPC, resulting in a Denial of Service (DoS). PR1572969

  • The following messages might be seen in the logs from MPC11E line-card: Feb 9 11:35:27.357 router-re0-fpc8 aftd-trio[18040]: [Warn] AM : IPC handling - No handler found for type:27 subtype:9 There is no functional impact, these logs can be ignored. PR1573972

  • In EVPN/VXLAN scenario with OSPF configured over the IRB, OSPF sessions might not get established due to connectivity issues. PR1577183

  • This is Day-1 behaviour and changing this needs modifications in all involved modules. Due to high risk of changing this in the last minute, this will be addressed in 21.2DCB. PR1579439

  • This issue is caused by /8 pool with block size as 1, when the config is committed the block creation utilizes more memory causing NAT pool memory shortage which is currently being notified to customer with syslog tagged RT_NAT_POOL_MEMORY_SHORTAGE. PR1579627

  • In a fully loaded devices, at times, firewall programming was failing due to scaled prefix configuration with more than 64800 entries. However, this issue is not observed in development setup. PR1581767

  • On MX platforms the JDM (Juniper Device Manager) server could not be created in in-chassis mode of junos node slicing, which results in mgd process crash and affects GNF's (Guest Network Function) provisioning. PR1583324

  • Error message seen on MX10K8 chassis with SyncE/PTP configurations, This does not affect any functionality, The error seen here because the API called is specific to ferrari platform which needs to be vecterized.PR1583496

  • Under the conditions of the bridge domains in the virtual-switch type instance having vlan-id-list, Bridge domain names information is not displayed properly in show bridge statistics instance. PR1584874

  • When the active slave interface is deactivated, the PTP lock status is set to 'INITIALIZING' state in show ptp lock-status output for few seconds before BMCA chooses the next best slave interface. This is the day-1 behavior and there is no functional impact. PR1585529

  • On QFX5000 line of switches, the Flexible PIC Concentrator (FPC) or dcpfe process might go into a very uncommon state when multiple Broadcom Counter (bcmCNTR) threads are running or spawned in FPC. This state causes the dcpfe process to crash or the FPC to reboot. The purpose of bcmCNTR is to poll statistics from hardware. PR1588704

  • In rare circumstances when doing routing-engine switchover, the routing protocol daemon in former active routing-engine (new backup routing-engine) might restart with a coredump while in process of being terminated.PR1589432

  • On Juniper Networks Junos OS Evolved devices where ntp is enabled a crafted malicious authenticated mode 6 packet from a permitted network address can trigger a NULL pointer dereference. Please refer to https://kb.juniper.net/JSA11179 for more information. PR1589449

  • On all devices running Junos 19.1R3-S5-J3, the subscriber IFL(logical interface) might be in a stuck state after the ESSM (Extensible Subscriber Services Manager) deletion. PR1591603

  • Inline NPT on MX does not translate Source IPv6 of packet with Authentication Header present. The packet is simply passed through upstream. Consequently, it is not expected that downstream traffic arrives with NPT pool IPv6 address as IPv6 destination address and with Authentication header. Such traffic would be malicious and this must be handled via external configuration. The fix suggested is to configure firewall for downstream direction that blocks traffic destined to NPT pool address and with authentication header. PR1592957

  • Pim Vxlan not working on TD3 chipsets enabling VxLAN flexflow after release 21.3R1. Customers Pim Vxlan or data plane VxLAN can use the Junos OS Release 21.3R1. PR1597276

  • On all MX platforms, changing configuration AMS 1:1 warm-standby to load-balance or deterministic NAT may result in vmcore and cause traffic loss. PR1597386

  • On the MX10016 platform, PICs might not come online for all FPCs in case of the process "spmb" restarts immediately after the power cycle. PR1597630

  • EX4400 platforms have a Cloud LED on the front panel to indicate the onboarding of the device to cloud (day0) and management after onboarding (day1). If MIST is used as a Management entity in cloud then, the cloud LED will display green in situations where device would have lost connectivity to cloud. This is dues to MIST using outbound SSH for management. This behavior is not applicable to any other management entity which uses outbound https and LED will display appropriate states to indicate the loss on connection to cloud. PR1598948

  • It seems that ubuntu root-fs 18.04 shipped in the latest release doesn't have the "en_US.UTF-8" locale enabled by default. As a workaround, enable en_US.UTF-8 locale as follows: 1. edit /etc/locale.gen to uncomment below line, save/close the file: en_US.UTF-8 UTF-8 2. From Ubuntu CLI run: $ sudo locale-gen 3. Verify locale is now enabled: root@host: locale -a C C.UTF-8 en_US.utf8 POSIX PR1601262

  • Comparing convergence time with Junos OS Release 21.1R1.5, seen degradation in isisv6 , ospfv2 and ospfv3 convergence time. As it is a convergence time issue, many components will be involved and hence need investigation from multiple teams (RPD, Kernel, PFE). These kind of issue will require multiple iteration of experiments to narrow it down, a bit difficult to do RCA and it takes some good amount of time. Considering these points, marking this as known issue. PR1602334

  • In VMX platform, after a system reboot, the Protect-RE filter on lo0 interface is no longer applied. This issue has been fixed in 17.1R1 and later releases. A commit full can clear the issue. PR1604401

  • Rebooting JDM from inside JDM shell changes JDM's main PID as a result systemd's knowledge of JDM PID becomes stale. Due to this reason systemd fails to stop/start JDM. PR1605060

  • Please update notes from below. What happens when we hit this issue ( e.g., is there a traffic impact) This is backup RPD crash. What can cause the issue? If RPD Agent sends INH deletion/additions out of order(Rarely occurs) to backup RPD, RPD is coring. What is the workaround if any? No work around as of today. How does it recover? RPD restarts and works fine(not a continuous core). PR1607553

  • Update the release note for the RLI 45750 with info describing the issue and list of potential workarounds avalable. Issue summary: When high pps traffic sent for a 'establish tunnels on-tarffic' ipsec vpn with S2S configuration, IKED process will be inundated with IKE trigger and IKE negotiation messages from peer. This causes delay in handling messages at IKED process and timeouts for IKE negotiations, and eventually results in tunnels not getting established. This issue could occur when the tunnels are negotiated for the first time or when one of the VMS in the AMS bundle goes down. This issue will be handled as part of another RLI implementation 41450. PR1610863

  • Several warning messages show up while the RPD process restarts during performing GRES on a system running Junos EVO. PR1612487

  • Changing aggregated AE mode (aggregated-ether-options link-protection) with subscribers logged in on that AE will cause undesirable subscriber management behavior. users will need to confirm there are no subscribers on the AE before changing the AE protection mode. PR1614117

  • In some NAPT44 and NAT64 scenarios, Duplicate SESSION_CLOSE Syslog will be seen. PR1614358

  • On deactivating AE interface, we could see a traffic loss of greater than 2ms. This behavior is seen due to order in which the messages are processed in FPC wherein next hop change/delete is processed prior to interface down event. PR1614508

  • Expected behaviors PR1615344

  • Firewall: MPC get rebooted while enabling FLT for inet6 filter has 10k terms, instead of fallback to DMEM filter gracefully. Currently fast lookup filter supports up to 8000 terms. PR1617174

  • Fabric errors could be expected when SLC is restarted when ISSU is in progress, to avoid this problem "do not restart SLC when ISSU is in progress". PR1619180

  • Fabric/Destination errors will be seen when ISSU is done on GNF without enhanced-mode. This is seen with and without SLC Config PR1620705

  • On Junos QFX10000 platforms with scaled number of BFD (Bidirectional Forwarding Detection) sessions configured, addition of a new BFD session might cause flapping in newly added session and other existing BFD sessions.PR1621976

  • System_id formate of AFT-MPC(MPC10E) is not align with non-AFT MPCs PR1622073

  • To avoid this issue, "do not change the configs when the SLC / GNF ISSU is in progress". PR1622511

  • Minor packet drops due to bb-drops seen while creating ~45k TCP session creates with NAT EIM mapping configuredPR1623276

  • In a scaled setup with LDP over RSVP configuration and maximum-ecmp as 32 or 64, line card CPU usage can remain high for extended duration on link flap operation. In this duration, LACP might take 5+ minutes to converge and the AE bundle to be active. PR1624219

  • Issue: DHCP binding will not happen, when MLD snooping is enabled. Root cause: During DHCPv6 binding process, ICMPv6 neighbour discovery packets will be transacted between DHCP server device and client device tp learn adjacency. As per the design, ICMPv6 multicast packets will get dropped in DHCP security device and DHCPv6 binding will not happen as well. This issue is applicable only for Trinity based line cards and this is in parity with the older legacy Line cards. So, this config is not supported on this platform. DHCP-security vlan config: set vlans dhcp-vlan vlan-id 100 set vlans dhcp-vlan forwarding-options dhcp-security option-82 circuit-id set interfaces xe-0/1/3:1 unit 0 family ethernet-switching vlan members dhcp-vlan set interfaces xe-0/1/3:3 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/1/3:3 unit 0 family ethernet-switching vlan members dhcp-vlan set interfaces xe-0/2/2:0 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/2/2:0 unit 0 family ethernet-switching vlan members dhcp-vlan Committing MLD snooping on the vlan: set protocols mld-snooping vlan dhcp-vlan PR1627690

  • For a topology with VSTP and VRRP configured and IPV6 traffic, if VSTP bridge priority is changed a couple of times (to trigger toggling of root bridge), it is possible that V6 traffic drop is seen on some of the streams. PR1629345

  • For ACX5448, MX204 and MX2008 "VM Host-based" platforms, starting with Junos 21.4R1 or later, ssh and root login is required for copying line card image (chspmb.elf for MX2008) from Junos VM to Linux host during installation. The ssh and root login are required during installation. Use "deny-password" instead of "deny" as default root-login option under ssh config to allow internal trusted communication. Ref https://kb.juniper.net/TSB18224 PR1629943

  • Zeroize RPC returns no positive reply PR1630167

  • On MX platform with SPC3 service card installed, TFTP control sessions are getting refreshed with inactivity time out after data session is closed, causing the control session to stay in session table for some more time. Service impact is minor or negligible as the TFTP control session will eventually get deleted after timeout. PR1633709

  • FRR loss of around 18- 20 seconds seen during LAG bundle failure triggers with scaled configuration PR1636785

  • NPU util and backpressure sensors are include to indicate the FLT utilization for the ZX and BT based PTX Series devices. The CLI used is show npu utilization stats filter pfe. PR1638487

  • mspmand daemon running on MS-MPC/MS-MIC cards can occasionally crash when the service card (fpc/pic) is turned offline and then online at regular intervals when the number of service-set configured is moderately high and when extensive hardware crypto operations are being performed. Exact issue is yet to be isolated. PR1641107

  • vMX: "input fifo errors" drops reported under pfe shell "show ifd" but not seen in "show interface extensive" output PR1642426

  • On MPC10E cards upon many very quick link down and up events in msec range might not always able to drain all traffic in the queue. This causes lost of traffic going through the interface. Traffic volume and class-of-service configuration does influence the exposure. See also PR1638410.PR1642584

  • WIth PTPoIPv6 on MPC2E 3D EQ, PTP slave stays in acquiring state.PR1642890

  • On Daniel linecard, for PTP to work, port speed should be configured under the PIC heirarchy for both the PICs. (pic 0 and pic1) 1) When port speeds for some additional random ports are configured under the PIC hierarchy when PTP is configured, in that case PTP may fail. 2) When we perform PIC deactivate/activate, PTP gets stuck in acquiring state. 3) When port speed is not configured under PIC heirarchy, PTP will fail to go to Phase Aligned state. 4) Even with port speed config, PTP may still fail randomly. PR1645562

  • On all MX, EDAC errors are triggered but alarms are not observed until the FPC gets rebooted due to the data corruption in hardware.PR1646339

  • With overlapping NAT pool configured with different NAT rules under different service sets, when service outside interface is moved between different routing instances (EX: from vr1 to default, and from default to vr1), NAT routes corresponding to the service-set in default routing instance are getting deleted, resulting in reverse path traffic failure for NAT sessions. PR1646822

  • During the phase 2 handing of FHP, chassis might go unresponsive.PR1648030

  • Commit window is closed. PR1648886

  • V6 default route will not get added after successful dhcpv6 client binding on PTX1000 router during ztp PR1649576

  • For MX204, MX10003, ACX5448 platform, if a non-default ssh port is configured for system login, after upgrade to 21.4 release, the FPC is stuck in offline. To avoid such issue please use default SSH port and use protect RE filter to only allow the access from the trusted source.PR1660446

  • The version details for certain daemons will appear in the command output after the device has been rebooted after the completion of the USB installation of Junos.PR1662691

  • "show system errors active details fpc slot" CLI will not report error data where error is from a MPC10 LineCard. "show system errors error-id url" CLI will not report error data where uri belongs to an error from MPC10 LineCard. As a workaround we can use the CLI "show chassis errors .." to get the same data for MPC10 LineCard.PR1666510

  • Service-oid.slax script is hooked to starting of initial processes complete system message from jlaunchd for reboot scenario using event policy infra. The exact system message as follow? Jun 8 23:37:50.477 jtac-mx480-r2040-re1 jlaunchd[11487]: Starting of initial processes complete However, on the recent releases we observed that this message coming from kernel intermittently and thus event policy fails to detect it Message from kernel looks as follows Jun 8 23:37:54.000 jtac-mx480-r2040-re0 kernel: jlaunchd 11515 - - Starting of initial processes complete Therefore, can observe periodic event generation stop working after RE reboot.PR1668152

  • In EVPN inter-subnet forwarding (type-5 route) scenario, when user performs end-to-end traceroute across provider network, destination PE responds with lowest IP address instead of the IP address from CE-facing interface. Example: CE1 = .2 10.11.11.0/30 .1 = PE1 = P = PE2 = .2 10.33.33.0/30 .1 = CE2 * PE2 also has another interface with address 10.22.22.1 in the routing-instance connecting to CE2. user@host> traceroute 10.33.33.2 no-resolve traceroute to 10.33.33.2 (10.33.33.2), 30 hops max, 52 byte packets 1 10.11.11.1 37.732 ms 17.871 ms 22.005 ms 2 10.22.22.1 66.004 ms 55.093 ms 66.200 ms Should be 10.33.33.1 3 10.33.33.2 54.561 ms 55.107 ms 55.191 ms PR1668837

  • On MX platforms with MIC-MACSEC-20GE, FEB(Forwarding Engine Board) may go down while activating/deactivating GRES(G?raceful Routing Engine Switchover) configuration.PR1668983

  • snmp_index for an interface on ULC based line cards (such as MPC11, LC9600 and MX304) will not be exported over the telemetry.PR1669333

  • chassisd core is observed during RE switchover.PR1674900

  • On MX Series platforms with MPC10E-10C line card, with line rate traffic, continuous traffic drop is seen when fabric mode is changed from increased bandwidth to redundant.PR1676777

  • 1 PPS time error fails to meet Class B requirements for 1g and asymmetric combinaton(1g/10g) for Daniel Line-cadPR1677471

  • The IFD remaining stats flag is not set properly in chassid in today's code. It should be set to TRUE only if HCOS is configured on an interface. Else, it should not be SET. Not setting this rightly, results in statistics not being displayed OR the command output not being displayed at all. The impacted command is run show interfaces extensive intf-name and the impact is seen in GNF environment with no explicit COS configuration on the interfaces. Not using "extensive" will ensure there is no issue as well. This is specific to MPC11 with sub LC (GNF) setup.PR1678071

Infrastructure

  • Below IPC timeouts logs can be seen for statistics query to kernel(queried from cli or daemons querying internally)when there is config churn, or large number of IPCs getting exchanged between kernel and pfe in the system. if_pfe_msg_handler: pfe_peer_msg_handler error: error for msg type type, msg subtype subtype, opcode op and peer index index Default IPC timeout value in kernel for IPC statistics request is 10s. This can be incremented to larger value by setting below hidden config to avoid IPC timeout errors. # set system stats-timeout-lifetime 15 # commitPR1629930

Interfaces and Chassis

  • Starting from 15.2 mc-lag do not need static entry (ARP/ND) for remote IRB IP as captured in PR 1075917 (CVBC PR 1119732). If customer has already configured static entry (ARP/ND) and tries to remove the static entry on any version higher than 15.2, Remote IRB arp resolution does not happen automatically (when the static arp configuration is present on the version and is removed). PR1409508

  • When family bridge is configured, logical interfaces are not created. If logical interfaces are not created, l2ald does not create IFBDs (interface to BD association) and if we do not have IFBDs in the system, STP is not enabled on that interface. PR1622024

  • Error logs related to invalid anchor next hops are seen when the MPC10/11 FPCs are restarted with distributed ae irb VRRP sessions. The aggregated Ethernet should span multiple FPCs.PR1674069

Juniper Extension Toolkit (JET)

  • Abrupt termination of the client socket might take time for the disconnect to be detected by JSD. The client would have to wait for the connection terminal to be detected in such cases, which could be around 1 hour or restart JSD before being able to connect back with the same client ID. PR1549044

Layer 2 Features

  • In case of the access-side interfaces used as SP-style interfaces, when a new logical interface is added and if there is already a logical interface on the physical interface, there is 20--50 ms traffic drop on the existing logical interface. PR1367488

Layer 2 Ethernet Services

  • On MX5/MX10/MX40/MX80/MX104 Series platforms with DHCP server configuration for DHCP subscribers, the jdhcpd memory leak might occur and the memory increase by 15MB which depends on the number of subscribers when testing the DHCP subscribers log-in/out. PR1432162

  • Making configuration changes with apply-group add/delete associated with DHCP can result in client connection failure. The failure is a result of not properly clean up and the stale data have the potential for DHCP client connection failure. PR1550628

MPLS

  • BFD session flap during unified ISSU only in MPC7e card (BFD sessions from other cards of DUT to peer routers did not flap during ISSU). Issue is not seen frequently. PR1453705

  • In MVPN case, if the nexthop index of a group is not same between master and backup after a nsr switchover, we may see a packet loss of 250 to 400 ms. PR1561287

  • The use-for-shortcut knob is meant to be used only in SRTE tunnels which use SSPF (Strict SPF Algo 1) Prefix SIDs. If "set protocols isis traffic-engineering family inet-mpls shortcuts" and "set protocols isis traffic-engineering tunnel-source-protocol spring-te" is configured on a device, and if any SRTE tunnel using Algo 0 Prefix SIDs is configured with "use-for-shortcut" knob, it could lead to routing loops or rpd cores. PR1578994

  • When there is scaled RSVP sessions, approximately 21,000 and have enabled RSVP for all the interfaces, RPD process walks through all the interfaces. The rpd process results into high CPU and results in LSP flap. PR1595853

  • On all Junos and Junos OS Evolved platforms, the rpd crash will be observed in multi-instance RSVP scenario when a configuration file that has many RSVPs enabled routing-instances gets overridden by another configuration file. Traffic loss will be seen when routing engine restarts.PR1641045

Network Management and Monitoring

  • When maximum-password-length is configured and user tries to configure password whose length exceeds configured maximum-password-length, error is thrown, along with error 'ok' tag is also emitted. (Ideally 'ok' tag should not be emitted in an error scenario.) The configuration does not get committed. PR1585855

  • Junos has a feature to block/deny all hidden commands. Users can get this feature by configuring set system no-hidden-commands. However, when this is configured and committed Junos blocks/denies new netconf/junoscript XML sessions. As a workaround, users can delete system no-hidden-commands configuration statement and start the new netconf/junoscript sessions. PR1590350

  • mgd can crash when an invalid value is configured for identityref type leafs/leaf-lists while configuring Openconfig or any other third-party YANG, problem happens with json and xml loads. PR1615773

Platform and Infrastructure

  • The traps are the result of PPE commands injected from the host. One possible reason could be Layer 2 BD code, which is trying to decrement BD MAC count in the data plane. It is unlikely that there is a packet loss during this condition. This could happen during ISSU and this may be due to a problem with ISSU counter morphing used for LU-based cards, where certain counters are not disabled or disabled too late during ISSU. PR1426438

  • With GRES and NSR functionality with VXLAN feature, the convergence time may be slightly higher than expected. Besides, an ARP resolution issue also might be observed before hitting the convergence issue reported to happen after ISSU.PR1520626

  • On vMX, the blockpointer in the ktree is getting corrupted leading to core-file generation. There is no function impact such as fpc restart or system down and the issue is not seen in hardware setups. PR1525594

  • When the DHCP relay mode is configured as no-snoop, we are observing the offer gets dropped due to incorrect asic programming. This issue only affects while running DHCP relay on EVPN/VXLAN environment. PR1530160

  • On all Junos and Junos OS Evolved platforms, while using source-address NTP configuration parameter and issue the command set ntp date from the CLI, packets will be sent with the source address of the outgoing interface rather than the manually configured IP address. Typically, the manually configured IP address would be a loopback address. The problem does not apply to automatically generated NTP poll packets.PR1545022

  • Do not use the control-type light under platforms where this feature is not supported at present. At present IPv4 and IPv6 twamp-light is supported on the platforms using TRIO and PE chipsets. PR1603128

  • Traffic loss of is observed with vrrp mastership change from backup to master. This is seen while we bring up the route back after enabling the link. PR1612504

  • On MX Series platforms, during reboot, the aggregated Ethernet logical interfaces are first added, then deleted and again added, this flapping causes corner case where the filter attachment ipc has older AE ifl index on which the filter bind fails. Filter will not be attached to the interface, so any filter related service will not work. PR1614480

  • The CLI set system arp arp-request-bump-priority congestion of best-effort queue configuration statement can be used to bump the ARP packets priority to use NC3 in case customers have continued. PR1644973

  • It is observed that on very rare occasions ISSU operation fails with EVPN MPLS configuration resulting in FRU failure due to the reported crash. The line card recovers and is operational after reset following ISSU. PR1653154

  • On MX Series platforms with MPC, due to the integrated routing and bridging (IRB) interface flapped MPC crash might be observed and core is generated.PR1657983

Routing Protocols

  • Certain BGP traceoption flags (for example, "open", "update", and "keepalive") might result in (trace) logging of debugging messages that do not fall within the specified traceoption category, which results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294

  • LDP OSPF are in synchronization state because the IGP interface is down with ldp-synchronization enabled for OSPF. user@host: show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1 Type: P2P, Address: 10.0.60.93, Mask: 255.255.255.252, MTU: 9100, Cost: 1050 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 2, Not Stub Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTC Protection type: None Topology default (ID 0) -> Cost: 1050 LDP sync state: in sync, for: 00:04:03, reason: IGP interface down config holdtime: infinity.

    As per the current analysis, the IGP interface goes down because although LDP notified OSPF that LDP synchronization was achieved, OSPF is unable to take note of the LDP synchronization notification, because the OSPF neighbor is not up yet. PR1256434

  • On MX Series platforms, unexpected log message will appear if the CLI command show version detail or request support information is executed: test@test> show version detail *** messages *** Oct 12 12:11:48.406 re0 mcsnoopd: INFO: krt mode is 1 Oct 12 12:11:48.406 re0 mcsnoopd: JUNOS SYNC private vectors set PR1315429

  • TILFA backup path fails to install in LAN scenario and also breaks SR-MPLS tilfa for LAN with more than four end-x sids configured per interface. PR1512174

  • Multicast traffic is hogging the switch core when igmp-snooping is removed. The mcsnoopd might crash due to the changes in mrouter interfaces and routes.PR1569436

  • When MPLS traffic-engineering and rib inet.3 protect core configuration statement is enabled, then transport routes in inet.3 will not be used for route resolution PR1605247

  • On MX Series platforms, initial multicast register packets might get dropped. This might affect multicast services. PR1621358

  • On all Junos platforms, wrong weight might be observed with BGP PIC enabled.PR1652666

  • On all Junos platforms that support add-path which is used to advertise inactive external BGP routes from the VRF table, changes to that route may not be propagated. To avoid the issue please use advertise-external knob instead of add-path to advertise not best eBGP routes internally.PR1660456

  • All Junos (other than MX Series) configured with sBFD responder with the following command: set protocols bfd sbfd local-discriminator which triggers FPC core file and leads to traffic frop. PR1678016

VPNs

  • Tunnel debugging configuration is not synchronized to the backup node. It needs to be configured again after RG0 failover. PR1450393

  • On all Junos OS platforms with MVPN scenario, stale PIM (S, G) state might be seen when there are no local/remote receivers and the multicast source is inactive. Only stale PIM entry will be seen, and it does not impact MVPN service or functionalities. PR1536903

  • Change here is basically reverting to old enum value used for ATM VPN, and using a new value for BGP multicast address family, and although these is no visible behavior change due to this, there might be impact on unified ISSU for ATM VPN and BGP multicast address family if enabled.PR1590331

  • When using group VPN, in certain cases, the PUSH ACK message from the group member to the group key server might be lost. The group member can still send rekey requests for the TEK SAs before the hard lifetime expiry. Only if the key server sends any new PUSH messages to the group members, those updates might not be received by the group member since the key server might have removed the member from registered members list.PR1608290