Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Open Issues

Learn about open issues in Junos OS Release 22.2R1 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

  • If a vmhost snapshot is taken on an alternate disk and no further vmhost software image is upgraded, the expectation is that if the current vmhost image gets corrupted, the system boots with the alternate disk so the user can recover the primary disk to restore the state. However, the host root file system and the node boots with the previous vmhost software instead of the alternate disk. PR1281554

  • On MX Series devices with MPC7E, MPC8E, or MPC9E installed, if optics QSFPP-4X10GE-LR from vendor (subset of modules with part number 740-054050) is used, the link might flap. PR1436275

  • VXLAN VNI (multicast learning) scaling on QFX5110 traffic issue is seen from VXLAN tunnel to Layer 2 interface. PR1462548

  • With NAT/Stateful-firewall/TCP tickle (enable by default) configured on MS-MPC/MS-MIC, the vmcore process crashes sometimes along with mspmand crash might happen if large-scale traffic flows (e.g. million flows) are processed by it. PR1482400

  • When there are HW link errors occurred on all 32 links on an FPC 11. Because of these link errors, all FPCs reported destination errors towards FPC 11 and FPC 11 was taken offline with reason offlined due to unreachable destinations. PR1483529

  • The WAN-PHY interface continuously flaps with the default hold-time down of value 0. This is not applicable to an interface with the default framing LAN-PHY. PR1508794

  • When an AMS physical interface is configured for the first time or any member of the AMS bundle is removed or added, the PICs on which the members of AMS bundle are present go for a reboot. There is a timer running in the AMS kernel which is used as a delay for the PIC reboot to complete and once that timer expires, AMS assumes that the PICs might have been rebooted, and it moves into next step of AMS finite state machine (FSM). In scaled scenarios, this rebooting of the PIC is delayed due to DCD. This is because when a PIC goes down, DCD is supposed to delete the physical interfaces on that PIC and the PIC reboot happens. But DCD is busy processing the scaled configuration and the physical interface deletion is delayed. This delay is much greater than the timer running in AMS kernel. When the timer expires, the FSM in AMS kernel incorrectly assumes the PIC reboot would be completed by then, but the reboot is still pending. By the time DCD deletes this physical interface, the AMS bundles are already up. Because of this, there is a momentary flap of the bundles. PR1521929

  • Due to BRCM KBP issue route lookup might fail. Need to upgrade KBP to address this issue. PR1533513

  • The riot might crash due to a rare issue if vMX run in the performance mode. PR1534145

  • FPC might generate a core file if flap-trap-monitor feature under set protocols oam ethernet cfm performance-monitoring sla-iterator-profiles is used and performance monitoring flap occurs.PR1536417

  • In scaled MX2020 devices, with vrf localisation enabled, 4 million nexthop scale, 800,000 route scale. FPCs might go offline on GRES. Post GRES, router continues to report many fabric related CM_ALARMs. FPC might continue to reboot and not come online. Rebooting the primary and backup Routing Engine will help recover and the router gets stable. PR1539305

  • The mspmand process leaks memory in relation to the MX Series telemetry reporting the following error message: RLIMIT_DATA exceed.PR1540538

  • 5M DAC connected between QFX10002-60C and MX2010 devices doesn't link up. But with 1M and 3M DAC, this interoperation works as expected. Also it is to be noted on QFX10002-60C and ACX Series devices or traffic generator, the same 5M DAC works seamlessly. There seems to be a certain SI or link-level configuration on both QFX10002-60C and MX2010 devices which needs to be debugged with the help from HW and SI teams and resolved.PR1555955

  • The SyncE to PTP transient response is a stringent mask to be met with two way time error. The SyncE to PTP transient response mask might not be met for MPC7E-1G and MPC7E-10G line cards. PR1557999

  • Support switchover on routing-crash configuration statement during abnormal termination of rpd. PR1561059

  • Due to a race condition, the show multicast route extensive instance instance-name command output can display the session status as invalid. Such an output is a cosmetic defect and not an indicative of a functional issue.PR1562387

  • Interface hold time needs to be configured to avoid the additional interface flap.PR1562857

  • Copying files to /tmp/ causes a huge JTASK_SCHED_SLIP. Copy files to /var/tmp/ instead. PR1571214

  • This issue is caused by /8 pool with block size as 1. When the configuration is committed, the block creation utilizes more memory causing NAT pool memory shortage, which is currently being notified to the customer with syslog tagged RT_NAT_POOL_MEMORY_SHORTAGE. PR1579627

  • In a fully loaded devices, at times, firewall programming was failing due to scaled prefix configuration with more than 64800 entries. However, this issue is not observed in development setup. PR1581767

  • On all devices running Junos OS Release 19.1R3-S5-J3, the subscriber IFL(logical interface) might be in a stuck state after the ESSM (Extensible Subscriber Services Manager) deletion. PR1591603

  • Pim VXLAN does not work on the TD3 chipsets that enables the VXLAN flexflow. PR1597276

  • On MX2010 and MX2020 Series devices: MPC11E: Unified ISSU is not supported for software upgrades from 21.2 to 21.3 and 21.4 releases due to a flag day change.PR1597728

  • On the MX10008 and MX10016 devices, during Routing Engine switchover, if there is a burst of ICMP, BFD, SSH, FTP, TELNET, and RSVP packets (~18,000 pps), then the new backup Routing Engine might restart.PR1604299

  • On aggregate Ethernet interfaces with some of the member links part of MPC10 or MPC11, and other member links part of other MPC type (MPC1 up to MPC9), if you delete an "ae" interface, other "ae" interfaces may experience unicast packet loss.PR1604450

  • On MX-VC (Virtual Chassis) platforms with MS-MPC or SPC3 service cards and AMS (Aggregated Multi-Service), traffic on the line card in the backup chassis might not be load-balanced properly due to timing conditions. This works well on the line card in the primary chassis. There might be traffic loss when interfaces are not properly balanced.PR1605284

  • NPU sensor path for subscription is: /junos/system/linecard/npu/memory/ It's output would contain info like: system_id:wf-mt-ranier component_id:4 path:sensor_1004_1_1:/junos/system/linecard/npu/memory/:/junos/system/linec ard/npu/memory/:aftd-trio sequence_number:1 timestamp:1639179017148 . . kv { key:property[name='mem-util-firewall-fw-bytes-allocated']/state/value int_value:9064 } kv { key:property[name='mem-util-firewall-fw-allocation-count']/state/value int_value:94 } kv { key:property[name='mem-util-firewall-fw-free-count']/state/value int_value:0 } kv { key:property[name='mem-util-firewall-inline-jflow-sample-rr-(dfw)-bytes-all ocated']/state/value int_value:131160 } kv { key:property[name='mem-util-firewall-inline-jflow-sample-rr-(dfw)-allocatio n-count']/state/value int_value:6 } kv { key:property[name='mem-util-firewall-inline-jflow-sample-rr-(dfw)-free-coun t']/state/value int_value:0 } kv { key:property[name='mem-util-firewall-inline-jflow-sample-nh-(dfw)-bytes-all ocated']/state/value int_value:16 } kv { key:property[name='mem-util-firewall-inline-jflow-sample-nh-(dfw)-allocatio n-count']/state/value int_value:1 } kv { key:property[name='mem-util-firewall-inline-jflow-sample-nh-(dfw)-free-coun t']/state/value int_value:0 } kv { key:property[name='mem-util-firewall-fw-strided-bytes-allocated']/state/val ue int_value:9064 } kv { key:property[name='mem-util-firewall-fw-strided-allocation-count']/state/va lue int_value:94 } kv { key:property[name='mem-util-firewall-fw-strided-free-count']/state/value int_value:0 } kv { key:property[name='mem-util-counters-fw-counter-bytes-allocated']/state/val ue int_value:16416 } kv { key:property[name='mem-util-counters-fw-counter-allocation-count']/state/va lue int_value:3 } . . The (VTY) CLI output is: root@wf-mt-ranier-fpc4:pfe> show npu memory info | match firewall mem-util-firewall-ro-edmem-size 20971520 mem-util-firewall-ro-edmem-allocated 294912 mem-util-firewall-ro-edmem-utilization 1 mem-util-firewall-ro-edmem-size 20971520 mem-util-firewall-ro-edmem-allocated 294912 mem-util-firewall-ro-edmem-utilization 1 mem-util-firewall-ro-edmem-size 20971520 mem-util-firewall-ro-edmem-allocated 294912 mem-util-firewall-ro-edmem-utilization 1. PR1606791

  • On all MX devices, in a subscriber management environment, new subscribers might not connect if CoS (Class of service) CR-features (Classifier Rewrite) are used by the VBF (Variable Based Flow) service. The reference count mismatching between RE (Routing Engine) and VBF is caused by VBF flow VAR CHANGE failure. PR1607056

  • When rpd sends INH deletion or additions out of order (rarely occurs) message to backup rpd, the rpd crashes and generates a core file. PR1607553

  • Duplicate syslog messages gets displayed for IPv4 and IPv6 sessions after the Configure NAT Services with 2 service sets (next-hop style) one for NAPT44 and another for NAPT64. PR1614358

  • The errors are displayed with following next-hop hieINH->COMPNH->UCAST->AE_IFL. During AE-IFL flaps control detects and initiate MBB. Its possible by that Packet Forwarding Engine can see an compNH->ucast with ae-ifl down resulting into these error messages but this is only transient. There is no functionality impact due to these error messages. PR1617388

  • On MX480 devices, the ntf-agent services are not running and TCP connection is refused between router and ipfix-collector. PR1626505

  • Tunnel interface statistics displays incorrect values when jflow sampling is enabled. PR1627713

  • For MX204 and MX2008 "VM Host-based" devices, starting with Junos OS 21.4R1 Release or later, ssh and root login is required for copying line card image (chspmb.elf for MX2008) from Junos VM to Linux host during installation. The ssh and root login are required during installation. Use deny-password instead of deny as default root-login option under ssh configuration to allow internal trusted communication. Ref PR1629943

  • The fabric statistics counters are not displayed in the output of show snmp mib walk ascii jnxFabricMib. PR1634372

  • On Junos OS platforms, high BGP scale with flapping route and BGP Monitoring Protocol (BMP) collector or station is very slow might cause rpd crash due to memory pressure. PR1635143

  • The USB device on MX304 device can be accessed from host linux instead of Junos OS (as is usually done on most other platforms). MX304 device is similar to PTX1000 device in this respect.

  • On MPC10E cards, upon many very quick link down and up events in msec range might not always able to drain all traffic in the queue. This causes lost of traffic going through the interface. Traffic volume and class-of-service configuration does influence the exposure.PR1642584

  • WIth PTPoIPv6 on MPC2E 3D EQ, PTP slave stays in acquiring state.PR1642890

  • Class-of-service buffer-size exact config is not supported. The respective configured queue will still use the shared-pool. PR1644355

  • Committing configuration changes during the PFE (Packet Forwarding Engine) reset pause window (when PFE is disabled, yet the PFE reset proper has not started yet) has the potential of causing errors and traffic loss. In particular, configuration changes that result in re-allocating policers (which are HMC-based) might lead to traffic being entirely policed out (i.e. not flowing). Once the PFE reset procedure has started config changes ought to be avoided until the procedure is completely done.PR1644661

  • Run with BB device enabled using CLI command in configuration for IPoE and PPPoE access models. PR1645075

  • Configuring MPC11 in 4x100G and keeping peer in 400G mode, link comes up on peer while staying down on local end. PR1653946

  • When interop with the following systems, flow control must be enabled when MACsec is configured on the peer system. Because on these systems, flow control is forced to be on regardless of the CLI provisioning. PR1655712

  • Core seen intermittently where random grpc stack crash is observed. License service will need to be restarted.PR1656975

  • Node-index in link key is a short and cannot hold when the to node's index is more than 32 bits long. Once this index exceeds its limitation, SR-TE LSP will become down due to Compute Result failure.PR1657176

  • TOS(DSCP+ECN) bits does not get copied from the inner Layer 3 header to outer VXLAN header at the Ingress VTEP. Because of this in the core, ECN marking and DSCP classification does not work.PR1658142

  • On GNF, no streaming data received for /telemetry-system/subscriptions/dynamic-subscriptions/.PR1661106

  • Few ARP entries are not resolved for IRB interface IP when IRB is configured under VPLS routing instances.PR1662882

  • MX10008 with MX10000-LC2101 Linecard(s) supports *PTP* only with JNP10008-SF Switch Fabric Board(s), *PTP* currently does not work with JNP10008-SF2 Switch Fabric Board(s).PR1664569

  • On all Junos OS platforms, link-degrade functionality needs to be supported and manually configured. Link degrade is manually configured to monitor for link error or issues. Once the error is observed, the link goes down. PR1664978

  • RE0 to RE1 interface EM4 MTU is changed to 9192 bytes. If one of the Routing Engines does not have this fix, Routing Engine synchronisation fails. Due to this reason, ISSU will not work. In such scenario, cold image upgrade should be done.PR1665690

  • After configuring the warm-standby option, you must wait for three minutes before Routing Engine switchover. PR1623601

  • In case of routing instance type EVPN or EVPN-VPWS, the system automatically creates one default routing instance apart from EVPN and/or EVPN-VPWS routing instance. In the output of the show snmp mib walk jnxVpnInfo command, the number of configured routing instances are always one more than the number of EVPN and/or EVPN-VPWS instances configured in the system. PR1659466

  • If the interface configuration for fxp0 and lo0 gets deleted and you commit the configuration, the configuration of the internal network interfaces to spmb process also gets deleted. This results in SPMB process going down and generating major alarms. Ensure that the configuration should always have fxp0 or lo0 available. You should not commit any configuration that does not have interfaces configuration for fxp0 or lo0. PR1640746


  • In a PBB-EVPN environment, the ARP suppression feature, which is not supported by the PBB might be enabled unexpectedly. This might cause MAC addresses of remote CEs not to be learned and hence traffic loss might be seen. PR1529940

  • This is a case where interface is disabled and comes up as CE after a timeout. A manual intervention of clear CE interface command should restore this. This can be a workaround: 1) clear auto-evpn ce-interface <interface-name> 2) configure edit activate <interface-name> family inet inet6. We can fix this in phase 2 by keeping some persistent state on a interface being a core facing interface in some incarnation. PR1630627

Flow-based and Packet-based Processing

  • When customer perform unified ISSU with security VRF-group configuration, the unified ISSU cannot be completed successfully. PR1661935

Forwarding and Sampling

  • When GRES is triggered by SSD hardware failure, the syslog error of rpd[2191]: krt_flow_dfwd_open,8073: Failed connecting to DFWD, error checking reply - Operation timed out might be seen. Issue can be recovered by restarting the dfwd daemon. PR1397171

  • The fast-lookup-filter with match not supported in FLT Hardware might cause the traffic drop. PR1573350

Layer 2 Features

  • Adding one more sub-interface logical interface to an existing interface causes 20 to 50 milliseconds traffic drop on the existing logical interface.PR1367488


  • In MVPN case, if the nexthop index of a group is not same between primary and backup after a nsr switchover, you might see a packet loss of 250 to 400 milliseconds. PR1561287

  • The ingress retries after LSP stay down for extended period of time or customer clears LSP to speed up the retry. PR1631774

Network Management and Monitoring

  • When maximum-password-length is configured and user tries to configure password whose length exceeds configured maximum-password-length, error is thrown, along with error ok tag is also emitted. (Ideally ok tag should not be emitted in an error scenario.) The configuration does not get committed.PR1585855

  • A minor memory leak is seen in the event-daemon process when multiple GRES switchovers are performed.PR1602536

  • The mgd process might crash when you configure an invalid value for identityref type leafs or leaf-lists while configuring Openconfig or any other third-party YANG. The issue occurs with JSON and XML loads.PR1615773

Platform and Infrastructure

  • DRouting Engine switchover interface flap might be seen along with scheduler slippage.PR1541772

  • If you use the source-address NTP configuration parameter and issue the command set ntp date from the CLI, packets are sent with the source address of the outgoing interface rather than the manually configured IP address. Typically the manually configured IP address would be a loopback address. The problem does not apply to automatically generated NTP poll packets.PR1545022

  • TWAMP-Light is supported on MX Series devices. CLI configuration support will be disabled on all other platforms. Do not use the control-type light under platforms where this feature is not supported. Currently, IPv4 and IPv6 twamp-light is supported on the platforms using TRIO and PE chipsets. PR1603128

  • Using static LSP(labeled switched path) configuration, the child node is not removed from the flood composite when the core interface goes down.PR1631217

  • With given multi dimensional scale, if configuration is removed and restored continuously for more than 24 times, MX Trio based FPC might crash and restart. During the reboot, there can be traffic impact if backup paths are not configured. PR1636758

Routing Protocols

  • On MX devices, initial multicast register packets might get dropped, this might affect multicast services. PR1621358

  • When filter is configured through open configuration and bound to a routing table instance, the filter bind object is not getting published due to the absence of routing table object. Hence the filter does not work as expected since the traffic does not hit the filter.PR1644421

  • RFC 8950/RFC 5549, permits the advertisement of a BGP Nexthop of a different family (e.g. IPv6) than the NLRI address family (e.g. IPv4). The mapping of possible address families that can be used are exchanged using BGP Capabilities. The BGP Capabilities specification, RFC 5492, recommends that a single capability TLV of a given type is advertised when multiple elements within that TLV are present. That RFC also permits multiple capabilities of the same type to be advertised for multiple elements for backward compatibility. Junos BGP handling of the BGP extended nexthop capability did not handle multiple capabilities of the same code point when multiple extended nexthop capabilities were present. It incorrectly kept only the last one sent. PR1649332

  • Device having three routing-instance with matching IMPORT & EXPORT RT policy and when we configured auto-export in two VRF then routes from third VRF (Auto-export not configured) The route is leaking incorrectly into other two VRF with auto-export. PR1665094


  • In some scenario (for example, configuring firewall filter), routers might show obsolete IPsec SA and NHTB entry even when the peer tear down the tunnel. PR1432925

  • Tunnel debugging configuration is not synchronized to the backup node. It needs to be configured again after RG0 failover. PR1450393

  • When using Group VPN, in certain cases, the PUSH ACK message from the group member to the group key server might be lost. The group member can still send rekey requests for the TEK SAs before the hard lifetime expiry. Only if the key server sends any new PUSH messages to the group members, those updates would not be received by the group member since the key server would have removed the member from registered members list. PR1608290