Known Limitations

Currently, IP options are not supported for egress firewall attach points, relevant supporting doc attached: https://www.juniper.net/documentation/us/en/software/junos/routing-policy/t opics/concept/firewall-filter-match-conditions-for-ipv4-traffic.html. The issue might occur IP-options router alert traffic not hitting the egress firewall filter. PR1490967

BUM (Broadcast, Unknown Unicast, and Multicast) traffic replication over VTEP is sending out more packets than expected and there seems to be a loop. PR1570689

On all MX Series platforms, changing configuration AMS 1:1 warm-standby to load-balance or deterministic NAT might result in vmcore and cause traffic loss. PR1597386

When a packet, which triggers ARP resolution, hits services interface style filter on the output will have session create and close log with incorrect ingress interface. This typically occurs with the first session hitting such a filter. PR1597864

We should configure only one static ARP with multicast-mac entry per IRB interface. If we configure more than one static ARP with multicast MAC entry per IRB interface, then the packets with different destination IP having static multicast MAC will always go out with any one of the multicast MAC configured in the system. PR1621901

This is a product limitation for MX-SPC3 with new junos-ike architecture. The issue is seen when we have any-any TS configured and any-any TS negotiated (both in IPv4 and IPv6). As a workaround, do not configure any-any TS when it is sure that negotiated traffic selector for the IPsec tunnel will also be any-any. When there is no TS configured, the scenario might be treated as proxy-id case and bypasses the issue without having any impact on the described scenario.PR1624381

Changing the root-authentication password in cpce does not bring down the existing session. The password change will be in effect for all new connections. PR1630218

The available space check in case of: 1. Upgrade is 5 GB 2. Fresh Install is 120 GB. The scenario Upgrade/Fresh-Install is decided from within RPM spec that is if RPM finds any older version is already installed. Since RPM-DB is destroyed during LTS-19 (vm-host) upgrade, rpm install scripts deduce the upgrade as fresh-install and look for 120GB free space. The warning can be ignored, as it has no functional impact. PR1639020

On MX operating as a SAEGW-U/UPF at high mobile session scale (around 1 Million sessions), show services mobile-edge sessions extensive will not work. Mobiled process will take exception and generates core files. PR1639595

When you upgrade from Junos OS Release 21.2 to later releases, validation and upgrade will fail. The upgrading requires using of no-validate configuration statement. PR1568757

Configuring the set system no-hidden-commands blocks NETCONF sessions. As a workaround, customer can disable the no-hidden-commands.PR1590350

When an ephemeral instance is being edited, if show ephemeral-configuration merge command is run from another terminal, then the uncommitted changes in the ephemeral instance being edited will also appear in the output of show ephemeral-configuration merge command. PR1629013

Deactivating services rpm/rpm-tracking does not remove the tracked route from the routing or forwarding tables. PR1597190

After a switchover event, when ppmd calls sendmsg system call to transmit the protocol packets, it gets blocked long enough that a few sendmsg calls cumulatively take up around 7 seconds to 8 seconds. This indirectly impacts the BFD session because the BFD session has a Routing Engine-based detect time of 7.5 seconds to expire. PR1600684

When we have high scale, the openconfig telemetry sensor /bgp-rib/ used in periodic streaming will cause high CPU usage by RPD. PR1625396

In some scenario (for example, configuring firewall filter), routers might show obsolete IPsec SA and NHTB entry even when the peer tear down the tunnel. PR1432925