Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Known Limitations

Learn about known limitations in this release for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • Currently, IP options are not supported for egress firewall attach points, relevant supporting doc attached: opics/concept/firewall-filter-match-conditions-for-ipv4-traffic.html. The issue might occur IP-options router alert traffic not hitting the egress firewall filter. PR1490967

  • BUM (Broadcast, Unknown Unicast, and Multicast) traffic replication over VTEP is sending out more packets than expected and there seems to be a loop. PR1570689

  • On all MX Series platforms, changing configuration AMS 1:1 warm-standby to load-balance or deterministic NAT might result in vmcore and cause traffic loss. PR1597386

  • When a packet, which triggers ARP resolution, hits services interface style filter on the output will have session create and close log with incorrect ingress interface. This typically occurs with the first session hitting such a filter. PR1597864

  • We should configure only one static ARP with multicast-mac entry per IRB interface. If we configure more than one static ARP with multicast MAC entry per IRB interface, then the packets with different destination IP having static multicast MAC will always go out with any one of the multicast MAC configured in the system. PR1621901

  • This is a product limitation for MX-SPC3 with new junos-ike architecture. The issue is seen when we have any-any TS configured and any-any TS negotiated (both in IPv4 and IPv6). As a workaround, do not configure any-any TS when it is sure that negotiated traffic selector for the IPsec tunnel will also be any-any. When there is no TS configured, the scenario might be treated as proxy-id case and bypasses the issue without having any impact on the described scenario.PR1624381

  • Changing the root-authentication password in cpce does not bring down the existing session. The password change will be in effect for all new connections. PR1630218

  • The available space check in case of: 1. Upgrade is 5 GB 2. Fresh Install is 120 GB. The scenario Upgrade/Fresh-Install is decided from within RPM spec that is if RPM finds any older version is already installed. Since RPM-DB is destroyed during LTS-19 (vm-host) upgrade, rpm install scripts deduce the upgrade as fresh-install and look for 120GB free space. The warning can be ignored, as it has no functional impact. PR1639020

  • On MX operating as a SAEGW-U/UPF at high mobile session scale (around 1 Million sessions), show services mobile-edge sessions extensive will not work. Mobiled process will take exception and generates core files. PR1639595


  • When you upgrade from Junos OS Release 21.2 to later releases, validation and upgrade will fail. The upgrading requires using of no-validate configuration statement. PR1568757

Network Management and Monitoring

  • Configuring the set system no-hidden-commands blocks NETCONF sessions. As a workaround, customer can disable the no-hidden-commands.PR1590350

  • When an ephemeral instance is being edited, if show ephemeral-configuration merge command is run from another terminal, then the uncommitted changes in the ephemeral instance being edited will also appear in the output of show ephemeral-configuration merge command. PR1629013

Platform and Infrastructure

  • Deactivating services rpm/rpm-tracking does not remove the tracked route from the routing or forwarding tables. PR1597190

  • After a switchover event, when ppmd calls sendmsg system call to transmit the protocol packets, it gets blocked long enough that a few sendmsg calls cumulatively take up around 7 seconds to 8 seconds. This indirectly impacts the BFD session because the BFD session has a Routing Engine-based detect time of 7.5 seconds to expire. PR1600684

Routing Protocols

  • When we have high scale, the openconfig telemetry sensor /bgp-rib/ used in periodic streaming will cause high CPU usage by RPD. PR1625396


  • In some scenario (for example, configuring firewall filter), routers might show obsolete IPsec SA and NHTB entry even when the peer tear down the tunnel. PR1432925