Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Open Issues

Learn about open issues in Junos OS Release 22.1R1 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • When rate-limit-burst knob is deleted, burst size will fall back to the previously calculated burst size with the tx rate. In the above mentioned trigger, as the rate-limit-burst configs was present when the system is coming up, the burst size from the tx rate is not at all computed and when the user try to delete the knob, it is fall back to this un-computed burst size(default to 0). This is the reason for very small burst size configured to the rate limit queues. To fix this issue, we allow the burst size to be calculated even when global ratelimit knob is present and store it and use the burst size calculated from the global rate limit knob. PR1650089

  • On MX Series platforms with MPC5E and MPC6E, the hierarchical class of service (HCOS) does not work for LT interfaces configured on PIC2 and PIC3. PR1651182

EVPN

  • EVPN-MPLS multihoming control MACs are missing after VLAN ID removal and adding it back to a trunk logical interface of one of the multihoming PE devices. This is not a recommended way to modify VLAN ID configuration. Always both multihoming PE devices needs be in symmetric. PR1596698

  • MAC IP moves across L2-DCI is not updated in MAC-IP table of the gateway nodes. This problem happens only with the translation VNI when the MAC is moved from DC1 to DC2. VM moves across DC where there is no translate VNI configuration in the interconnect works as designed. PR1610432

  • EVPN Local ESI MAC limit configuration might not get effective immediately when it has already learned remote MH MACs. Clear the MAC table from all MH PEs and configure the MAC limit over local ESI interfaces. PR1619299

  • This is a case where interface is disabled and comes up as CE after a timeout. A manual intervention of clear CE interface command should restore this. This can be a workaround: 1) clear auto-evpn ce-interface <interface-name> 2) configure edit activate <interface-name> family inet inet6 We can fix this in phase 2 by keeping some persistent state on a interface being a core facing interface in some incarnation. PR1630627

  • On all Junos OS and Junos OS Evolved platforms, when EVPN-VXLAN or EVPN-MPLS multihoming single-active mode through Ethernet Segment Identifier (ESI) is configured and the configurations no-core-isolation is enabled, then the Circuit Cross-Connect (CCC) might be Up/Forwarding for both Designated Forwarder (DF) and Backup Designated Forwarder (BDF).PR1647734

Flow-based and Packet-based Processing

  • Use an antireplay window size of 512 for IPv4 or IPv6 in fat-tunnel. The ESP sequence check might otherwise report out-of-order packets. If the fat-tunnel parallel encryption is within 384 packets (12 cores * 32 packets in one batch). Hence, there are no out-of-order packets with 512 antireplay window size. PR1470637

Forwarding and Sampling

  • The configuration statement fast-lookup-filter with match condition is not supported in FLT hardware and might cause a traffic drop. PR1573350

General Routing

  • On MX Series routers with MPC7E, MPC8E, or MPC9E installed, if optics QSFPP-4X10GE-LR from vendor (subset of modules with part number 740-054050) is used, the link might flap. PR1436275

  • PTP primary and secondary port configuration only accepts PTP packets with multicast MAC address according to the port settings. If forwardable multicast is configured, only PTP packets with forward-able MAC address is accepted, non-forwardable is dropped. Link-local multicast is configured, only PTP packets with non-forwardable MAC address is accepted, forwardable is dropped. PR1442055

  • The vmcore process crashes sometimes along with the mspmand process on MS-MPC or MS-MIC if large-scale traffic flows are processed. PR1482400

  • When running the command, show pfe filter hw filter-name <filter name>, the command fails to retrieve the Packet Forwarding Engine programming details of the filter. PR1495712

  • A 35-second delay is added to reboot time in Junos OS Release 22.1R1 compared to Junos OS Release 19.4R2. PR1514364

  • Due to BRCM KBP issue route lookup might fail. Need to upgrade KBP to address this issue. PR1533513

  • When an image with the third party SDK upgrade (6.5.x) is installed, the CPU utilization might go up by around 5 percent. PR1534234

  • Flap might be observed on channelized ports during ZTP when one of the ports is disabled on the supporting device. PR1534614

  • FPC might core if flap-trap-monitor feature under set protocols oam ethernet cfm performance-monitoring sla-iterator-profiles is used and performance monitoring flap occurs. PR1536417

  • On a scaled MX2020 router with VRF localization enabled, 4 million next hop scale, and 800,000 route scale; FPCs might go offline on GRES. Post GRES, router continues to report many fabric related CM_ALARMs. FPC might continue to reboot and might not come online. Rebooting primary and backup Routing Engine will help recovering and get the router back into a stable state. PR1539305

  • Unsupported configuration is attempted by the script which then hits the maximum threshold for the given platform. PR1555159

  • 5M DAC connected between QFX10002-60C and MX2010 doesn't link up. But with 1M and 3M DAC, this interoperation works as expected. Also it is to be noted on QFX10002-60C and ACX Series devices or traffic generator, the same 5M DAC works seamlessly. There is a certain SI or link-level configuration on both QFX10002-60C and MX2010, which needs to be debugged with the help from HW and SI teams and resolved.PR1555955

  • The SyncE to PTP transient response is a stringent mask to be met with two way time error. The SyncE to PTP transient response mask might not be met for MPC7E-1G and MPC7E-10G line cards. PR1557999

  • VE and CE mesh groups are default mesh groups created for a given routing instance. On adding VLAN or bridge domain, flood tokens and routes are created for both VE and CE mesh-group and flood-group. Ideally, VE mesh-group does not require a CE router where IGMP is enabled on CE interfaces. MX Series based CE boxes have unlimited capacity of tokens. So, this would not be a major issue. PR1560588

  • Due to a race condition, the show multicast route extensive instance <instance-name> command output might display the session status as invalid. Such an output is a cosmetic defect and not indicative of a functional issue. PR1562387

  • Interface hold time needs to be configured to avoid the additional interface flap.PR1562857

  • Duplicate traffic might be observed for some Layer 3 multicast traffic streams. PR1568152

  • The problem is with Layer 1 node not reflecting correct bandwidth configured for tunnel services. When baseline has 1G configuration on some FPC or PIC in groups global chassis and if we override with local chassis tunnel service in 10G bandwidth scaled scenario. Out of 10 Gbps bandwidth configured only 1 Gbps is allowed per 1G speed configured in baseline configuration. PR1568414

  • When inline Jflow is configured and high sampling rate (more than 4000 per second) is set, high CPU utilization might be observed and this might result in relevant impacts on traffic analysis and billing. PR1569229

  • The following messages might be seen in the logs from MPC11E line-card: Feb 9 11:35:27.357 router-re0-fpc8 aftd-trio[18040]: [Warn] AM : IPC handling - No handler found for type:27 subtype:9. There is no functional impact, these logs can be ignored. PR1573972

  • CHASSISD_FRU_IPC_WRITE_ERROR: fru_send_msg: FRU GNF 2, errno 40, Message too long might appear periodically in the chassisd logs. PR1576173

  • This issue is caused by /8 pool with block size as 1, when the configuration is committed the block creation utilizes more memory causing NAT pool memory shortage, which is currently being notified to customer with syslog tagged RT_NAT_POOL_MEMORY_SHORTAGE. PR1579627

  • In a fully loaded devices at times, firewall programming fails due to scaled prefix configuration with more than 64800 entries. This issue is not observed during development setup. PR1581767

  • When interim logging is configured for PBA, it generates syslog messages at regular intervals. Change in the information of PBA interim syslog message, message string change from allocates port block to interim port block. PR1582394

  • Currently, SyncE configurations are allowed during unified ISSU, but trigger a warning since SyncE state might not be maintained during unified ISSU. PTP configurations, however, need to be deactivated, else the unified ISSU will be aborted. PR1592234

  • PIM VXLAN does not work on the TD3 chipsets that enables the VXLAN flexflow. PR1597276

  • On MX2010 and MX2020 Series platforms: MPC11E: Unified ISSU is not supported for software upgrades from 21.2 to 21.3 and 21.4 releases due to a flag day change. PR1597728

  • Rebooting JDM from inside JDM shell changes JDM's main PID as a result systemd's knowledge of JDM PID becomes stale. Due to this reason systemd fails to stop or start JDM. PR1605060

  • NPU sensor path for subscription is: /junos/system/linecard/npu/memory/ Its output would contain info as follows: system_id:wf-mt-ranier component_id:4 path:sensor_1004_1_1:/junos/system/linecard/npu/memory/:/junos/system/linec ard/npu/memory/:aftd-trio sequence_number:1 timestamp:1639179017148 . . kv { key:property[name='mem-util-firewall-fw-bytes-allocated']/state/value int_value:9064 } kv { key:property[name='mem-util-firewall-fw-allocation-count']/state/value int_value:94 } kv { key:property[name='mem-util-firewall-fw-free-count']/state/value int_value:0 } kv { key:property[name='mem-util-firewall-inline-jflow-sample-rr-(dfw)-bytes-all ocated']/state/value int_value:131160 } kv { key:property[name='mem-util-firewall-inline-jflow-sample-rr-(dfw)-allocatio n-count']/state/value int_value:6 } kv { key:property[name='mem-util-firewall-inline-jflow-sample-rr-(dfw)-free-coun t']/state/value int_value:0 } kv { key:property[name='mem-util-firewall-inline-jflow-sample-nh-(dfw)-bytes-all ocated']/state/value int_value:16 } kv { key:property[name='mem-util-firewall-inline-jflow-sample-nh-(dfw)-allocatio n-count']/state/value int_value:1 } kv { key:property[name='mem-util-firewall-inline-jflow-sample-nh-(dfw)-free-coun t']/state/value int_value:0 } kv { key:property[name='mem-util-firewall-fw-strided-bytes-allocated']/state/val ue int_value:9064 } kv { key:property[name='mem-util-firewall-fw-strided-allocation-count']/state/va lue int_value:94 } kv { key:property[name='mem-util-firewall-fw-strided-free-count']/state/value int_value:0 } kv { key:property[name='mem-util-counters-fw-counter-bytes-allocated']/state/val ue int_value:16416 } kv { key:property[name='mem-util-counters-fw-counter-allocation-count']/state/va lue int_value:3 } . . The (VTY) CLI output is: root@wf-mt-ranier-fpc4:pfe> show npu memory info | match firewall mem-util-firewall-ro-edmem-size 20971520 mem-util-firewall-ro-edmem-allocated 294912 mem-util-firewall-ro-edmem-utilization 1 mem-util-firewall-ro-edmem-size 20971520 mem-util-firewall-ro-edmem-allocated 294912 mem-util-firewall-ro-edmem-utilization 1 mem-util-firewall-ro-edmem-size 20971520 mem-util-firewall-ro-edmem-allocated 294912 mem-util-firewall-ro-edmem-utilization 1. PR1606791

  • If rpd agent sends indirect next hop deletions or additions in out of order to backup rpd, the rpd generates core file. This is a backup rpd crash issue and does not impact any functionality. PR1607553

  • Dfwd cored when accessing ephemeral database files which is deleted through script. PR1609201

  • The CLI show ldp traffic-statistics interface p2mp does not display traffic stats. This issue is applicable to AFT based trio line cards on MX routers. PR1611498

  • IPsec tunnels are not deleted on disabling the AMS physical interface. PR1613432

  • Changing aggregated Ethernet mode (aggregated-ether-options link-protection) with subscribers logged in on that aggregated Ethernet will cause undesirable subscriber management behavior. Users will need to confirm there are no subscribers on the aggregated Ethernet before changing the aggregated Ethernet protection mode. PR1614117

  • In some NAPT44 and NAT64 scenarios, duplicate SESSION_CLOSE syslog error will be seen. PR1614358

  • ICMP error packet does not have relevant header when configured with DS-Lite and with appropriate ICMP ALG name and one UDP application name. PR1616633

  • The errors are displayed with following next-hop hierarchy INH->COMPNH->UCAST->AE_IFL. During AE-IFL flaps control detects and initiate MBB. It is possible by that Packet Forwarding Engine can see an compNH->ucast with ae-ifl down resulting into these error messages but this is only transient. There is no functional impact. PR1617388

  • Maximum aggregate Ethernet interfaces software index was 128. Hence, a failure is seen when you configure with 218 interfaces. Since, we increase the maximum indexes to 255. PR1618337

  • On platforms with SPC3 services card, due to flowd daemon crash, it might trigger flowd re-start due to which FPGA (field programmable gate array) DMA module might be stuck.PR1618913

  • The flowd core observed with TLB configuration only with combination of MPC10 line cards. PR1624572

  • Pkid crash happening due to null pointer dereferencing during local certificate verification in some cases. PR1624844

  • On DUT with scaled MPLSVPN configuration and Junos Telemetry Interface sensors configured, stream of error messages agentd_telemetry_uninstall_sensor: Deleting subscription from daemon aftsysinfo failed after mgmt_sock_retries 601, ret -1 is seen on stopping jtimon. Sensor packet drops might be seen when the error message scrolls on DUT. PR1627752

  • All MX Series platforms with MPC10+, configuring syslog as a filter action might cause the FPC to restart. PR1627986

  • For MX204 and MX2008 VM Host-based platforms, starting with Junos 21.4R1 or later, ssh and root login is required for copying line card image (chspmb.elf for MX2008) from Junos VM to Linux host during installation. The ssh and root login are required during installation. Use the deny-password instead of deny as default root-login option under ssh configuration to allow internal trusted communication. Ref https://kb.juniper.net/TSB18224. PR1629943

  • If the interface is in link up transition with Hold Up timer enable (Link down, Admin Up/ Enabled), and Packet Forwarding Engine reset occurs, the interface will come UP post Packet Forwarding Engine reset after Hold timer expiry. PR1630793

  • On MX Series routers with Precision Time Protocol (PTP) hybrid mode enabled, if PTP client is configured in more than one interface and if those are in different FPC slots, disabling/deactivating/flapping of PTP configured interface or change in master clock interface parameters might result in clksync crash. Once this happens, PTP might get stuck at holdover state and thus affects clock functionality. However, deactivating and activating PTP configuration could restore the issue. The issue could be rare.PR1631261

  • On all MX devices with MX-MPC2E-3D-P and MPC2E-3D LC linecards, traffic might be flapping between ACQUIRING and HOLDOVER states while PTP with telemetry NPU is enabled.PR1631274

  • On MX platform with enhanced subscriber management enabled, when host-prefix-only is configured on the underlying-interface for subscribers, it might not work in FPC. PR1631646

  • As per FIPS compliance, in case of FIPS error on a FRU, entire system should shut down to avoid entering degraded mode.PR1632273

  • Fix the CLI show system firmware command. PR1633187

  • On all Junos OS MX devices configured with Dynamic Host Configuration Protocol (DHCP) subscribers over the Aggregated Ethernet (AE) interface and static subscribers, traffic loss might be seen for the static subscribers when the AE interface member link is removed. The static subscribers might be logged-out and logged-in automatically without any intervention.PR1634371

  • Upon repeatedly querying show network-agent statistics command on CLI, it might not list the components at times. But, more number of queries will show the output. There is no operational impact on telemetry infra. Only this CLI command is affected. PR1634716

  • On all MX150 devices, when an aggregate Ethernet (AE) interface is configured with LACP and adding a sub-interface configuration under the AE interface causes the LACP down leads to traffic loss.PR1634908

  • FPC JNP10K-LC1201 frequently generates zephyr_clock_get_tod_ext_sync_sample(xxx): READ BT-X tod_sec: xxxxxxxxxx, tod_ns: xxxxxxxxx message. PR1635771

  • From MX devices showing huge correction-field (CF) values on downstream devices in Precision Time Protocol (PTP) packets due to PTP failure on ports.PR1635877

  • On MIC-MACSEC-20G on MX platforms, SFP-1FE-FX from the EOPTOLINK INC vendor does not work and the interface is down. PR1636322

  • Ports speed is stuck and never changes for any port profile changes, if PIC bounce is done fast not letting the previous configuration complete. PR1637954

  • NPU utilization and backpressure sensors are included to indicate the FLT utilization for the ZX and BT based PTX devices. The CLI used is show npu utilization stats filter pfe. PR1638487

  • When Packet Forwarding Engine 0 and 1 are powered off, the new pfh interface(pfh-0/1/0) is not getting created with pfeId 2. Still, the old pfh-0/0/0 is created. Debug is still in progress. PR1639679

  • The mspmand daemon running on MS-MPC/MS-MIC cards can occasionally crash when the service card (fpc/pic) is turned offline and then online at regular intervals when the number of service-set configured is moderately high and when extensive hardware crypto operations are performed. Exact issue is yet to be isolated. PR1641107

  • This is a rare scenario. In a dual Routing Engine setup, assume the backup RPD has just started and re-syncing all states from FIB (Kernel). The backup RPD is not yet ready for switchover. If we do Routing Engine switchover manually through CLI or if any primary Routing Engine HW crash occurs. We end up in not installing some of the FIB entries. The work around is to restart the RPD in new primary Routing Engine. PR1641297

  • Incoming packets might be sent to RX queues of core0 or core14 mistakenly, might result in the queue buffer full and the packets getting dropped.PR1641793

  • When we use request vmhost zeroize ? command it doesn't show entry for no-forwarding option under possible completions. PR1642820

  • WIth PTPoIPv6 on MPC2E 3D EQ, PTP backup stays in acquiring state.PR1642890

  • Options to configure vxlan will not be available under set interfaces fti unit tunnel encapsulation. PR1643078

  • On all Junos OS and Junos OS Evolved platforms, clearing the MAC from an interface on which persistent-learning is enabled might result in traffic impact. Please restart l2ald process to resolve the issue. PR1643258

  • The 4x25/4x10G configurations can see CRC errors on links on ports 2,3,4,5,10,11,12,13 . These ports have dual vendor phys to ASIC (YT) and the SI values are not fine tuned between the vendor<-->vendor links leading to link down or CRC errors related issues. The issue is applicable for 22.1 release, we will try to fix this in next release. Issue is mostly seen with 4x25G , 4x10G the issue is not seen as per experiments done, but if seen then below can be tried. We can use port numbers 0,1,6,7,8,9,14 and 15 in 4x25 and 4x10G , these have single vendor towards ASIC (YT) and issue is not seen on these ports. PR1643433

  • On DHCP subscribers stacked over AutoConf (dynamic) Vlans shows subscriber summary different count that actual DHCP bindings. PR1643863

  • On all platforms, the field corresponding to the identifier of the static route if expressed in IPv6 format through NETCONF encoding or translation could generate some issues. Hence the configuration will not get translated to Junos CLI.PR1644319

  • Stateful sync failing between active and backup MX chassis because active chassis might not detect TCP connection down.PR1644579

  • Committing configuration changes during the PFE (Packet Forwarding Engine) reset pause window (when PFE is disabled, yet the PFE reset proper has not started yet) has the potential of causing errors and traffic loss. In particular, configuration changes that result in re-allocating policers (which are HMC-based) might lead to traffic being entirely policed out (i.e. not flowing). Once the PFE reset procedure has started config changes ought to be avoided until the procedure is completely done.PR1644661

  • On all Junos OS and Junos OS Evolved platforms configured with EBGP multipath and bgp-protect-core under the routing instance, if the number of external paths along with the BGP Prefix-Independent Convergence (PIC) backup paths reaches the maximum ECMP limit, then all the traffic towards the destination is dropped on Packet Forwarding Engine with the exception of sw error.PR1645296

  • Issue is specific to YT cards wherein during mlp delete messages the IFL ktree lookup is resulting in wrong dword for the IIF registry. Because of this, counter address is wrongly read resulting in ppe traps. Issue is not seen in ZT cards. PR1645483

  • Issue is seen while bringing up dual stack DHCP subscribers. Not able to bring DHCP subscribers, as subscribers are getting logged out automatically. facing difficulties in RC analysis, as events are received from different daemons. PR1645574

  • On all MX devices with the subscriber management scenario, when unified ISSU happens from pre 18.4 to post 18.4, subscribers that re-logged in pre 18.4 are called preNG subscribers. For any of the preNG subscribers, if the ipv4 or ipv6 family interface goes up or down, the issue is triggered. PR1646846

  • On MPC10E or MPC11E, with type-5 tunnels configured with same Destination IP /Source IP combinations in various VRFs(with different VNIDs), if the VNIDs configured are swapped in a single commit, due to software bug there is a possibility that traffic over those two tunnel might completely stop. PR1647516

  • The upstream RPF session state will be stuck in init state. This issue is seen only when HRS with min-rate feature is configured. This is applicable only to MX based platforms. PR1647746

  • The set vmhost management-if add-policer configuration does not take effect.PR1647750

  • Packet Forwarding Engine crash might be seen during installation of auto LSP filter in scale scenario. PR1648750

  • Commit window is closed and will fix it in next release. PR1648886

  • The firewall filter might be incorrectly updated in the MPC10E Packet Forwarding Engine when a change (for example, add, delete, deactivate, or activate) of firewall filter terms occurs in some scenarios, such as large-scale term changes or changes happening during MPC reboot. The incorrect firewall filter might cause the traffic to be silently dropped or discarded and even lead to an MPC crash. It is a timing issue. PR1649499

  • BFD liveness detection on IP-demux V6 over static VLAN interface is failing. BFD liveness test for other stacking like BFD liveness on IP-demux over dynamic VLAN interface and BFD liveness on dynamic VLAN etc., are passing. PR1651695

  • Subscribers cannot bind on a BNG-UP after the access interface has been disabled and re-enabled.PR1652203

  • On all Junos OS and Junos OS Evolved platforms, rpd crash might be seen when BGP monitoring protocol (BMP) rib-out monitoring is configured for the flow-spec route. Since there is no next-hop for flow-spec route core might be seen while generating rib-out feed. Traffic loss might be seen due to this crash.PR1653130

  • On MX series devuces when chained-composite-next-hop ingress L3VPN configuration statement is used along with internal and external BGP paths used and if IGP or BGP sessions flap BGP multi-path might not select appropriate next-hop (BGP multipath may select old stale session-id) that result into traffic drop.PR1653562

  • On all Junos OS and Junos OS Evolved platforms, when two or more collectors have subscribed to gAFT sensors on the device, fibtd daemon(forwarding information base processing daemon) observes a core and initial sync with the collectors are lost. This causes the device to stop streaming telemetry data.PR1653942

  • The upstream RPF session state will be stuck in the init state. This issue is seen only when hot root standby (HRS) with min-rate feature is configured. PR1647746

  • On all MX devices, jdhcpd core dumps might be observed when using legacy DHCP feature with pseudowire interface after the Junos OS upgrade. PR1649638

Infrastructure

  • Near-end port is not within RFC or IANA standards as ephemeral or dynamic port range has been modified. PR1602717

Interfaces and Chassis

  • The memory usage of the "rpd" process on the backup routing engine might increase indefinitely due to leak in krt_as_path_t.PR1614763

  • When Broadcast, Unknown Unicast, and Multicast (BUM) traffic is sent on MCLAG, MAC entries are learnt on ICL interface as DLR when ICL flaps as MAC learning. This might cause the traffic loss with certain traffic flow. PR1639713

  • Dual primaries are seen in VRRP when the devices are running two different Junos OS versions.PR1650873

Juniper Extension Toolkit (JET)

  • The stub creation functions will not be available. PR1580789

  • GRPC on WAN port is not working. The libsi can only be linked with 64-bit binaries. To access data or WAN ports, you need to link libsi with the binary. By default, the shell on the device includes libsi, but it is not available to the CLI commands as the CLI will make mgd invoke cscript to run a Python script through CLI. PR1603437

Layer 2 Ethernet Services

  • On all Junos OS MX devices, jdhcpd crash might be seen due to Transmission Control Protocol (TCP) connection restart between a pair of Dynamic Host Configuration Protocol (DHCP) Active Lease Query (ALQ) peers. TCP connection restart might happen if there are route flaps, remote DHCP daemon restart, configuration update, etc. When this crash happens, jdhcpd daemon will restart, impacting DHCP subscriber services. PR1644919

Layer 2 Features

  • In case of the access-side interfaces used as SP-style interfaces, when a new logical interface is added and if there is already a logical interface on the physical interface. There is 20 milliseconds to 50 milliseconds traffic drop on the existing logical interface. PR1367488

MPLS

  • BFD session flaps during unified ISSU only in MPC7E line card. The issue is not seen frequently.PR1453705

  • The single hop BFD sessions might flap sometimes after GRES in a highly scaled setup which have RSVP link or link-node-protection bypass enabled. This happens because the RSVP neighbor goes down sometimes after GRES if RSVP signals are not received before neighbor is timed out. As a result of the RSVP neighbor going down, RSVP installs a /32 route pointing to bypass tunnel which is required to signal backup LSPs. This route is removed when all LSPs stop using bypass after the link comes back. The presence of this /32 route causes BFD to flap. PR1541814

  • In MVPN case, if the nexthop index of a group is not same between primary and backup after a NSR switchover, you might see a packet loss of 250 milliseconds to 400 milliseconds. PR1561287

  • The use-for-shortcut statement is meant to be used only in SR-TE tunnels which use strict SPF Algo 1 (SSPF) prefix SIDs. If [set protocols isis traffic-engineering family inet-mpls shortcuts] and [set protocols isis traffic-engineering tunnel-source-protocol spring-te] is configured on a device, and if any SR-TE tunnel using Algo 0 prefix SIDs is configured with the use-for-shortcut statement, it could lead to routing loops or rpd process core files. PR1578994

  • On the MX10016 routers, when there is scaled RSVP sessions (for example, 21,000) and the RSVP is enabled for all the interfaces, then the rpd process goes through all the interfaces which results in a high CPU utilization for some time. This also results in LSP flap.PR1595853

  • With the chained-composite statement is enabled, the following statement does not have any effect if ingress and egress ports are on the same Packet Forwarding Engine instance on the line card (FPC). For example, the outer label TTL would not be set as 255. Instead, it would be set as (ip TTL-1). PS: This issue is not seen if ingress and egress ports are on different FPC slots or on difference Packet Forwarding Engine instances of the same FPC. The set protocols mpls label-switched-path lsp-name no-decrement-ttl chained-composite statement: set routing-options forwarding-table chained-composite-next-hop ingress l3vpn. PR1621943

  • The ingress retries after LSP stay down for extended period of time or customer clears LSP to speed up the retry. PR1631774

  • When P2MP egress interface deletes, the rpd process generates a core file while LDP p2mp MBB is in progress. PR1644952

  • On all Junos OS platforms, if routing-option resolution preserve-nexthop-hierarchy is configured globally, routing engine (RE) kernel crash might be observed in the one-hop-LSP Multiprotocol Label Switching (MPLS) scenario with RE outbound traffic.PR1654798

Network Management and Monitoring

  • The mgd might crash and generate a core file when an invalid value is configured for identityref type leafs/leaf-lists while configuring Openconfig or any other third-party YANG, problem occurs with JSON and XML loads. PR1615773

Platform and Infrastructure

  • MPC checks periodic service time. When heavy interruptions occur during periodic service, the periodic service time might exceed 200 microseconds. If it happens, Oinker: Function message will occur, but it doesn't have functional impact. PR1242915

  • The blockpointer in the ktree is getting corrupted leading to core-file generation. There is no function impact such as FPC restart or system down and the issue is not seen in hardware setups. PR1525594

  • When the DHCP relay mode is configured as no-snoop, we observe the offer drops due to incorrect ASIC programming. This issue only affects while running DHCP relay on EVPN or VXLAN environment. PR1530160

  • During Routing Engine switchover interface flap might be seen along with scheduler slippage. PR1541772

  • In rare occurrence Routing Engine kernel might crash while handling TCP sessions if GRES and NSR are enabled. PR1546615

  • Routing Engine-based BFD sessions might flap during switchover when there are large number of BFD, IS-IS, OSPF and LDP packets to be sent out. PR1600684

  • Don't use the control-type light under platforms where this feature is not supported at present. At present IPv4 and IPv6 twamp-light is supported on the platforms using TRIO and PE chipsets. PR1603128

  • Using static labeled switched path (LSP) configuration, the child node is not removed from the flood composite when the core interface goes down.PR1631217

  • MACs are not getting learned initially on a specific bridge domain. However, the MACs are learned in that specific BD after some duration. This delay in MAC learning will be fixed in the upcoming releases. PR1632411

  • With given multi dimensional scale, if configuration is removed and restored continuously for more than 24 times, MX Trio based FPC might crash and restart. During the reboot, there might be traffic impact if backup paths are not configured. PR1636758

  • On MX platforms input-vlan-map (pop) might not work on Pseudowire Subscriber (PS) interfaces if the native VLAN is configured on the uplink interface under the pseudowire headend termination (PWHT) scenario.PR1640254

Routing Policy and Firewall Filters

  • Already configured routing-policies are incorrectly changed and all the configured from matching criterias are removed from them, when global default route-filter walkup option is changed, that is when add or delete of set policy-options default route-filter walkup configuration is done. This issue affects only those routing policies which do not have from route-filter configured in any of the terms. PR1646603

Routing Protocols

  • On MX Series routers, initial multicast register packets might get dropped, this might affect multicast services. PR1621358

  • When filter is configured through open configuration and bound to a routing table instance, the filter bind object is not getting published due to the absence of routing table object. Hence the filter does not work as expected since the traffic does not hit the filter. PR1644421

  • When a BGP neighbor is configured in passive mode inside a non-forwarding routing instance, the BGP peer is unable to complete the TCP three-way handshake due to incoming BGP OPEN message received into the default primary instance.PR1645010

  • When inline add event for IPv6 inline BFD session comes without resolving neighbor for nexthop, inline event addition will fail. PR1650677

  • BGP PIC protection is not working in virtual router.PR1653356

  • Route protocol process (RPD) core files might be generated if logical interface access request is sent to MPLS-LSP-interface when IS-IS multi-topology functionality and IS-IS forwarding-adjacency label switched path (FA-LSP) feature is enabled. PR1654162

  • VM core files and VC split might be observed with multicast scale scenario. PR1614145

User Interface and Configuration

  • On all Junos OS and Junos OS Evolved devices, when copy-configuration, get-configuration, and discard-change RPCs run in two parallel NETCONF sessions and the database is also accessed in parallel by two NETCONF sessions, it leads to database corruption and mgd-related services might crash. PR1641025

  • When a top-level (first level) dop exists only in any of the databases (static/one ephemeral database), then instead of creating a merge_dop operation, we proceed with the walk with the dop corresponding to that database.PR1652605

  • Per the current design for rib-groups, a rib-group configured with import-policy configuration statement will change after NSR switchover. This makes IS-IS to refresh (delete and re-add) its routes in RIB, if such a rib-group is being used for IS-IS protocol. The IS-IS route refresh in-turn causes SBFD sessions to flap. This issue is only applicable with rib-group configured with "import-policy". Without "import-policy" the issue is not seen. PR1654072

VPNs

  • On MX Series devices, during unified ISSU, the IPsec tunnels flap, causing a disruption of traffic. The IPsec tunnels recover automatically after the unified ISSU process is completed. PR1416334

  • When using Group VPN, in certain cases, the PUSH ACK message from the group member to the group key server might be lost. The group member can still send rekey requests for the TEK SAs before the hard lifetime expiry. Only if the key server sends any new PUSH messages to the group members, those updates would not be received by the group member since the key server would have removed the member from registered members list.PR1608290