Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Open Issues

Learn about open issues in this release for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.


  • In PBB-EVPN (Provider Backbone Bridging - Ethernet VPN) environment, ARP suppression feature which is not supported by PBB might be enabled unexpectedly. This could cause MAC addresses of remote CEs not to be learned and hence traffic loss. PR1529940

Forwarding and Sampling

  • When the "fast-lookup-filter" statement is configured with a match that is not supported in the FLT hardware, traffic might be lost. PR1573350

General Routing

  • If a vmhost snapshot is taken on an alternate disk and there is no further vmhost software image upgrade, the expectation is that if the current vmhost image gets corrupted, the system boots with the alternate disk so the user can recover the primary disk to restore the state. However, the host root file system and the node boots with the previous vmhost software instead of the alternate disk. PR1281554

  • When VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter is not installed. PR1362609

  • FPC crash on MX240 and MX2020 routers or Packet Forwarding Engine crash on MX104 routers might happen when the MIC-3D-8OC3-2OC12-ATM is installed and ATM interface is configured. PR1453893

  • VXLAN VNI (multicast learning) scaling on QFX5110 traffic issue is seen from VXLAN tunnel to Layer 2 interface. PR1462548

  • On all Junos OS platforms, after performing back-to-back rpd restarts, rpd might crash. The rpd core may be observed after a timeout of 10 minutes. PR1472643

  • When there are HW link errors occurred on all 32 links on an FPC 11. Because of these link errors, all FPCs reported destination errors towards FPC 11 and FPC 11 was taken offline with reason "offlined due to unreachable destinations". PR1483529

  • After backup Routing Engine halt, CB1 goes offline and comes back online; this leads to the backup Routing Engine booting up, and it shows the reboot reason as "0x1:power cycle/failure." This issue is only for the RE reboot reason, and there is no other functional impact of this. PR1497592

  • In MAC-OS platforms when Juniper Secure Connect client connects successfully, the client is not getting minimized to tray icon and needs to be minimized manually.PR1525889

  • Due to BRCM KBP issue route lookup might fail. PR1533513

  • In scaled MX2020 router, with vrf localisation enabled, 4 million nexthop scale, 800K route scale. FPCs may go offline on GRES. Post GRES, router continues to report many fabric related CM_ALARMs. FPC may continue to reboot and not come online. Rebooting master and backup Routing Engine will help recover and get router back into stable state. PR1539305

  • High CPU utilization observed for RPD after applying test configuration. PR1555159

  • 5M DAC connected between QFX10002-60C and MX2010 does not link up. But with 1M and 3M DAC this interop works as expected. Also, it is to be noted that QFX10002-60C and ACX or traffic generator the same 5M DAC works seamlessly. There seems to be certain SI or link level configuration on both QFX10002-60C and MX2010 which needs to be debugged with the help from hardware and SI teams and resolved. PR1555955

  • With IPsec PMI/fat-core file is generated, when show services sessions utilization CLI does not display the CPU utilization appropriately. PR1557751

  • The Sync-E to PTP transient simulated by Calnex Paragon Test equipment is not real network scenario. In real network deployment model typically there will be two Sync-E sources (primary and econdary) and switchover happens from one source to another source. MPCE7 would pass real network SyncE switchover and associated transient mask. PR1557999

  • VE CE mesh groups are default mesh groups created for a given routing instance. On VLAN or bridge-domain add, flood tokens and routes are created for both VE and CE mesh-group/flood-group. Ideally, VE mesh-group doesn't require on a CE router where IGMP is enabled on CE interfaces. MX Series linecard based CE boxes have unlimited capacity of tokens, so this would not be a major issue. PR1560588

  • This is a feature enhancement and work is in progress to provide this support. This will have impact only when routing daemon crashes and will not have impact on rest of the NSR support. PR1561059

  • Due to a race condition, the 'show multicast route extensive instance instance-name" output can display the session status as Invalid. Such an output is a cosmetic defect and not indicative of a functional issue. PR1562387

  • To avoid the additional interface flap , interface hold time needs to be configured . PR1562857

  • This issue is caused by /8 pool with block size as 1, when the config is committed the block creation utilizes more memory causing NAT pool memory shortage which is currently being notified to customer with syslog tagged RT_NAT_POOL_MEMORY_SHORTAGE. PR1579627

  • In rare circumstances when doing routing-engine switchover, the routing protocol daemon in former active routing-engine (new backup routing-engine) might restart with a coredump while in process of being terminated.PR1589432

  • On all devices running Junos 19.1R3-S5-J3, the subscriber IFL(logical interface) may be in a stuck state after the ESSM (Extensible Subscriber Services Manager) deletion. PR1591603

  • This crash might be seen intermittently When config for interface associated with service set is changed, during handling of this config change crash happens due to incorrect pointer typecasting.PR1596578

  • Pim Vxlan not working on TD3 chipsets enabling VxLAN flexflow after release 21.3R1. Customers Pim Vxlan or data plane VxLAN can use the version 21.3R1. PR1597276

  • MX2010, MX2020: MPC11E: ISSU is not supported for software upgrades from 21.2 to 21.3 and 21.4 releases due to a flag day change PR1597728

  • During RE switchover, if there is a burst of ICMP/BFD/SSH/FTP/TELNET/RSVP packets (~18K pps) you might see new backup RE restarting. PR1604299

  • Correct the partition size so vmcore can be generated, when needed.PR1604755

  • On MX-VC (Virtual Chassis) platforms with MS-MPC or SPC3 service cards and AMS(Aggregated Multi-Service), traffic on the line card in the backup chassis may not be load-balanced properly due to timing conditions. This works well on the line card in the master chassis. There might be traffic loss when interfaces are not properly balanced.PR1605284

  • On all MX platforms, in a subscriber management environment, new subscribers might not connect if CoS (Class of service) CR-features (Classifier Rewrite) are used by the VBF (Variable Based Flow) service. The reference count mismatching between RE (Routing Engine) and VBF is caused by VBF flow VAR CHANGE failure. PR1607056

  • Several warning messages show up while the RPD process restarts during performing GRES on a system running Junos EVO. PR1612487

  • In some NAPT44 and NAT64 scenarios, Duplicate SESSION_CLOSE Syslog will be seen. PR1614358

  • For ACX5448, MX204 and MX2008 "VM Host-based" platforms, starting with Junos 21.4R1 or later, ssh and root login is required for copying line card image (chspmb.elf for MX2008) from Junos VM to Linux host during installation. The ssh and root login are required during installation. Use "deny-password" instead of "deny" as default root-login option under ssh config to allow internal trusted communication. Ref PR1629943

  • On MX platform with enhanced subscriber management enabled, when "host-prefix-only" is configured on the underlying-interface for subscribers, it might not work in FPC. PR1631646

  • The fabric statistics counters are not displayed in the output of "show snmp mib walk ascii jnxFabricMib". PR1634372

  • On all devices running Junos OS or Junos OS Evolved, where this is a high BGP scale with flapping route and the BGP Monitoring Protocol (BMP) collector/station is very slow, the rpd process might crash due to memory pressure.PR1635143

  • WIth PTPoIPv6 on MPC2E 3D EQ, PTP slave stays in acquiring state.PR1642890

  • When CFP2-DCO is used, operator need to configure otn-option - that is the only mode supported PR1643815

  • On MX10004/10008/10016 platforms, oamd process is not started and GRE keepalives adjacency is down.PR1644480

  • Committing config changes during the PFE reset pause window (when PFE is disabled, yet the PFE reset proper has not started yet) has the potential of causing errors and traffic loss. In particular, config changes that result in re-allocating policers (which are HMC-based) might lead to traffic being entirely policed out (i.e. not flowing). Once the PFE reset procedure has started config changes ought to be avoided until the procedure is completely done.PR1644661

  • On Daniel linecard, for PTP to work, port speed should be configured under the PIC heirarchy for both the PICs. (pic 0 and pic1) 1) When port speeds for some additional random ports are configured under the PIC hierarchy when PTP is configured, in that case PTP may fail. 2) When we perform PIC deactivate/activate, PTP gets stuck in acquiring state. 3) When port speed is not configured under PIC heirarchy, PTP will fail to go to Phase Aligned state. 4) Even with port speed config, PTP may still fail randomly. PR1645562

  • With overlapping NAT pool configured with different NAT rules under different service sets, when service outside interface is moved between different routing instances (EX: from vr1 to default, and from default to vr1), NAT routes corresponding to the service-set in default routing instance are getting deleted, resulting in reverse path traffic failure for NAT sessions. PR1646822

  • In the IPv6 segment routing deployment, packets are sent out with the wrong ethernet type. PR1647622

  • V6 default route will not get added after successful dhcpv6 client binding on PTX1000 router during ztp PR1649576

  • This issue occurs when the interface flaps (goes down and comes up within 1 second hold-off time), And if this happens twice in a sequence, we get into holdover issue. This issue is not specific to Daniel line-card, this can be seen in Indus line-card too.PR1654008

  • Core dump reported intermittently where random grpc stack crash is observed. The license service will auto restart and recover.PR1656975

  • Interop for 1G interfaces between EX4100 SKUs and acx5448/acx5448-M/D or MX480 will not workPR1657766

  • During startup of a cBNG container or when JSD is restarted from the CLI in a cBNG container, JSD might crash creating a core dump. JSD should recover from the crash and automatically restart. JSD should function normally after recovering from the crash.PR1659175

  • For MX204, MX10003, ACX5448 platform, if a non-default ssh port is configured for system login, after upgrade to 21.4 release, the FPC is stuck in offline. To avoid such issue please use default SSH port and use protect RE filter to only allow the access from the trusted source.PR1660446

  • EX4600 and QFX5100-24Q devices VC (Virtual-chassis) is in unstable state for 3-7 minutes causing traffic loss.PR1661349

  • On EX92XX series and MX platforms with the EVPN-VXLAN (Ethernet VPN-Virtual Extensible LAN) scenario, the DHCP (Dynamic Host Configuration Protocol) packets from the client get dropped while tunneling to the EVPN-VXLAN. When this happens, the packets will not reach the DHCP server and the host could not get the IP address.PR1662524

  • The version details for certain daemons will appear in the command output after the device has been rebooted after the completion of the USB installation of Junos.PR1662691

  • The command "show chassis fpc" shows inaccurate information about heap memory in output.PR1664448

  • Avoid change of user mesh group (HVPLS) instead delete or add. PR1667310

  • user should not modify the locator attributes, instead locator, SIDs should be deleted and configured back. Otherwise it will lead to coredump.PR1667320

  • On EX4100 platforms, delay in the CLI display for PoE commands might be observed when more POE devices with LLDP enabled (Power via MDI) are connected to the switch in a scaled environment with Perpetual POE scenarios. The LLDP PD requested power for all the ports are processed for each of the connected PDs, however the values in CLI display (CLI sync) might be delayed. PR1671311

  • In over temperature situation, there will be a 10s timer before device bring the FPC down . However in some situation due to high temperature, a FPC offline action will be triggered before the 10s timer expires. Then the FPC will stuck in Present/Announce offline state. Cli offline/online it or physical reseat will not be able to recover the issue. When the issue happening, you may observe log message " graceful offline in progress, returning false" flooding: (date) (time) fpc_ok_to_start_generic: [FPC 0] gracefull offline in progress, returning false (date) (time) fpc_ok_to_start_generic: [FPC 0] gracefull offline in progress, returning false. Below MPCs are affected by this issue: MPC7/8/9 MPC10 MPC11 LC480 LC2101 LC9600 LC304 LC4800 FPC-P2, FPC-P3. PR1676008

High Availability (HA) and Resiliency

  • When you perform GRES with the interface em0 (or fxp0) disabled on the primary Routing Engine, then enable the interface on the new backup Routing Engine, it isn't able to access network. PR1372087

Interfaces and Chassis

  • Error logs related to invalid anchor next hops are seen when the MPC10 or MPC11 FPCs are restarted with distributed aEthernet IRB VRRP sessions. The aggregated Ethernet should span multiple FPCs.PR1674069

Layer 2 Features

  • In case of the access-side interfaces used as SP-style interfaces, when a new logical interface is added and if there is already a logical interface on the physical interface, there is 20--50 ms traffic drop on the existing logical interface. PR1367488


  • In MVPN Case, if the nexthop index of a group is not same between master and backup after a nsr switchover, we may see a packet loss of 250 to 400 ms. PR1561287

  • Ingress will retry after LSP stay down for extended period of time or customer can clear lsp to speed up the retry. PR1631774

Network Management and Monitoring

  • When maximum-password-length is configured and user tries to configure password whose length exceeds configured maximum-password-length, error is thrown, along with error 'ok' tag is also emitted. (Ideally 'ok' tag should not be emitted in an error scenario.) The configuration does not get committed. PR1585855

  • The mgd process might crash when an invalid value is configured for identityref type leafs/leaf-lists while configuring Openconfig or any other third-party YANG, problem happens with json and xml loads. PR1615773

Platform and Infrastructure

  • On all Junos and Junos OS Evolved platforms, while using source-address NTP configuration parameter and issue the command "set ntp date" from the CLI, packets will be sent with the source address of the outgoing interface rather than the manually configured IP address. Typically, the manually configured IP address would be a loopback address. The problem does not apply to automatically generated NTP poll packets.PR1545022

  • When the deactivate services rpm and deactivate routing-options rpm-tracking configuration statements are committed, some of the rpm tracked added routes are not deleted from the routing table. As a workaround, deactivate routing-options rpm-tracking, commit the configuration. As a result, all the rpm tracked routes are deleted. To deactivate the RPM service, deactivate services rpm and commit. PR1597190

  • With given multi dimensional scale, if configuration is removed and restored continuously for more than 24 times, MX Series based FPC might crash and restart. During the reboot, there can be traffic impact if backup paths are not configured. PR1636758

Routing Protocols

  • On all platforms, the issue is when the first time when ESIS is coming up sometimes the ESIS route might not get installed. PR1559005

  • Any platforms with micro BFD configured on member links of the LAG/ae interface, BFD Session state in Routing Engine remains as UP always even though PEER device has ceased.PR1675921

Routing Options

  • When an AMS physical interface is configured for the first time or any member of the AMS bundle is removed or added, the PICs on which the members of AMS bundle are present reboots. There is a timer running in the AMS kernel which is used as a delay for the PIC reboot to complete. After the timer expires, AMS assumes that the PICs might have been rebooted and it moves into next step of AMS fsm. In scaled scenarios, this rebooting of the PIC is delayed due to DCD. This is because when a PIC goes down, DCD is supposed to delete the physical interfaces on that PIC and then the PIC reboots. But DCD is busy processing the scaled configuration that delays to deleter the physical interface. This delay is much greater than the timer running in AMS kernel. When the above timer expires, the FSM in AMS kernel incorrectly assumes to complete the PIC reboot. But the reboot is still pending. By the time DCD deletes this physical interface, the AMS bundles are already UP. Because of this, there is a momentary flap of the bundles. PR1521929

Services Applications

  • L2TP LAC functionality is not working in this release when MX Series router are operating and a BNG-UP. PR1642991


  • Change here is basically reverting to old enum value used for ATM VPN, and using a new value for BGP multicast address family, and although these are not visible behavior change, due to this, there may be impact on unified ISSU for ATM VPN and BGP multicast address family if enabled.PR1590331