Open Issues

A few duplicate packets might be seen in an A/A EVPN scenario when the remote PE device sends a packet with an IM label due to MAC not learned on the remote PE device, but learned on the A/A local PE device. The nondesignated forwarder sends the IM-labeled encapsulated packet to the PE-CE interface after MAC lookup instead of dropping the packet, which causes duplicate packets to be seen on the CE side. PR1245316

If a vmhost snapshot is taken on an alternate disk and there is no further vmhost software image upgrade, the expectation is that if the current vmhost image gets corrupted, the system boots with the alternate disk so the user can recover the primary disk to restore the state. However, the host root file system and the node boots with the previous vmhost software instead of the alternate disk. PR1281554

VXLAN VNI (multicast learning) scaling on QFX5110 traffic issue is seen from VXLAN tunnel to Layer 2 interface. PR1462548

runt, fragment and jabber counters are not incrementing on EX4300-MPsPR1492605

IPSec rekey fails when SRX is configured with kilobyte based lifetime in remote access solution. PR1527384

The Sync-E to PTP transient simulated by Calnex Paragon Test equipment is not real network scenario. In real network deployment model typically there will be two Sync-E sources (Primary and Secondary) and switchover happens from one source to another source. MPCE7 would pass real network SyncE switchover and associated transient mask PR1557999

VE and CE mesh groups are default mesh groups created for a given Routing instance. On vlan/bridge-domain add, flood tokens and routes are created for both VE and CE mesh-group/flood-group. Ideally, VE mesh-group doesn't require on a CE router where IGMP is enabled on CE interfaces. Trinity based CE boxes have unlimited capacity of tokens, so this would not be a major issue. PR1560588

Due to a race condition, the 'show multicast route extensive instance instance-name" output can display the session status as Invalid. Such an output is a cosmetic defect and not indicative of a functional issue. PR1562387

On EX2300, EX3400,:EX4300-48MP and EX4300 , Pause frames counters does not get incremented when pause frames are sent.PR1580560

When the active slave interface is deactivated, the PTP lock status is set to 'INITIALIZING' state in 'show ptp lock-status' output for few seconds before BMCA chooses the next best slave interface. This is the day-1 behavior and there is no functional impact. PR1585529

Pim Vxlan not working on TD3 chipsets enabling VxLAN flexflow after release 21.3R1. Customers Pim Vxlan or data plane VxLAN can use the Junos OS release 21.3R1. PR1597276

output of show network agent command should be null, which shows statistic per component after GRES. PR1610325

Percentage physical-interface policer is not working on AE, after switching between baseline config to policer config PR1621998

The mspmand daemon running on MS-MPC/MS-MIC cards can occasionally crash when the service card (fpc/pic) is turned offline and then online at regular intervals when the number of service-set configured is moderately high and when extensive hardware crypto operations are being performed. Exact issue is yet to be isolated.PR1641107

Please do not enable host-path tracing when there is high volume of packets been received in the host-path.PR1645741

Multiple vulnerabilities have been resolved in MQTT (Message Queuing Telemetry Transport) included with Junos by fixing vulnerabilities found during external security research. Please refer to https://supportportal.juniper.net/JSA71655 for more information.PR1651519

An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to cause a Denial of Service (DoS). Please refer to https://supportportal.juniper.net/JSA75741 for more information.PR1653316

If the physical link status of the ethernet link between the RE and FPC goes down, there are recovery attempts to bring up the link again. Log messages indicate the recovery attempts and the success/failure status of the attempt. However an alarm is not raised when this failure occurs. Affects MX304 platform onlyPR1664592

On MX Series platforms with MIC-MACSEC-20GE, Forwarding Engine Board (FEB) might go down while activating and deactivating GRES configuration.PR1668983

On SyncE over LAG interfaces, if the end points have different ESMC QL configured, on one of configured syncE interface, ESMC QL is toggling between PRC and DNU and sync-E does not lock and moves to holdover state. PRC packets are received with MAC address of the upstream master. These packets are not dropped based on the link-local MAC address. Based on PLM recommendation inspired by the customer requirements and MEF 6.1.1 EPL Option 2 service (an excerpt below, taken from here https://www.mef.net/wp-content/uploads/2012/01/MEF-6-1-1.pdf) So, by default we are Option #2 compliant, if someone needs Option #1 behavior, a filter can be configured to match and discard. PR1677131

A new command has been introduced that will display the differences between the destroute entries learned within l2ald and present in the kernelPR1677996

There will be drop of syslog packets seen for RT_FLOW: RT_FLOW_SESSION_CREATE_USF logs until this is fixed. This will not impact the functionality.PR1678453

On QFX5100 platforms (both stand-alone and VC scenario) running Junos, occasionally during the normal operation of the device, PFE (Packet Forwarding Engine) can crash resulting in total loss of traffic. The PFE reboots itself following the crash.PR1679919

This fix supports single zone cooling(MX480:MX960:MX240). When one-third of time(240 sec) has past, chassisd brings down the FRU(FPC) which was causing over temp situation. If over temp condition persists, timer will expire and whole chassisd will shutdown within 240 sec count down.PR1681716

The issue here is that we see ?MQSS(0): DRD: Error: WAN reorder ID timeout error? once per PFE during bootup of FPC. This happens because during the FPC bootup some control packet from vmhost comes before the PFE init is fully complete. Because of this the EA Asic is not able to process the packet and throwing the error. The fix involves complex changes in the bootup sequence of ASICS and will result in other major issues. The original issue has no functionality impact. It is just one error per PFE seen during the FPC reload case only. At that time the traffic is not started yet and once the system is up no other impact is seen due to the Error. Hence the issue will not be fixed. Any "WAN reorder ID timeout error" during the bootup of FPC can be safely ignored.PR1681763

For leaves of data type ieeefloat32, the value will be encoded in bytes while being streamed to collector. The value contained in such leaves may not be completely accurate.PR1690598

Release note neededPR1697658

Release note neededPR1697806

FIPS mode is not supported in this release for SRXSME devices.PR1697999

On MX platform, Once the device is loaded with the new image, PIC tries to boot up. mspmand is one of the processes inside PIC, crashes sometimes.PR1700462

On MX platforms (with ukern based FPCs), dynamic VxLAN (PIM based) traffic convergence takes a little longer post ISSU.PR1703062

When subscribing to sensor paths "/junos/system/linecard/packet/usage/", "/junos/services/label-switched-path/usage/" or other line card (PFE) sensor paths in gNMI subscription mode, packet drops may be seen in the CLI command "show network-agent statistics gnmi detail" output. The collector output may also contain missing sequence numbers. For example, the sequence number output may be 0, 3, 6, 9, 12, etc. instead of 0, 1, 2, 3, 4, etc.PR1703418

Release note neededPR1703807

The packets with internal ip address 128.0.0.xx -> 128.0.0.1 and upd port 2000 might be forwarded out the default egress interfaces. Such packets are telemetry data for PFE fabric sensor, which should be sent to routing-engine only.PR1706155

When deleting a service-sets configuration, the Packet Forwarding Engine might restart on MX Series platforms with Multiservice-Modular Port Concentrator (MS-MPC). This leads to traffic loss. PR1706171

In Chassisd, Junos Telemetry interface thread takes more time in streaming of Junos Telemetry interface packets because of volume of data and number of sensors involved with this daemon. Jvision thread engaged for more time to process streaming events caused Chassisd master thread to lose receive/send keepalive messages to/from other Routing Engine, which eventually was causing automatic Routing Engine switchover in most of the cases. To avoid this, fix done for exporting small payload jvision packets (formation of which takes less time) and deferring jvision thread more in an interval, to allow chassisd master thread to process high-priority hello/keep-alive messages. This means now, more number of packets is sent in one reporting interval and with larger spread (earlier same amount of data was sent with 2 or 3 packets of higher payload size, and 100ms of deferring time for jvision thread. This behaviour is increasing KPI-2 but lowering KPI-1 (payload size). It is not possible to back out changes done to solve keep-alive message loss issue. Hence we will have to keep Chassisd as an exception, when we measure/report KPI-2 values. Jvision in Chassisd has to give more priority/time to process keep-alive messages than sending of jvision packets. Hence delay between jvision packets are more.PR1706300

Current stack and display is correctly set to 128 ports that is qualified on all MX10K8 linecardsPR1706376

When LAG is configured with mixed speed interfaces switching to a secondary interface of different port speed, results in a few packet drops for a very short duration. PTP remains lock and there is no further functional impact. PR1707944

1PPS and 2Way TE does not meet class B performance for 400G ports on JNP10K-LC9600 MPC. PR1709075

On Junos OS and Junos OS Evolved platforms, the Dense Concentrator Packet Forwarding Engine (dcpfe) process crash will be observed due to memory fragmentation issue. This is a rare case and might impact traffic as due to dcpfe failure the Packet Forwarding Engine restarts, so the interfaces will flap.PR1711860

The commit notification from 'edit private' mode won't produce correct patch.PR1713447

Release note neededPR1713626

On the MX104 platform, the Wrong threshold-temperature is displayed.PR1713788

PRPD installed flowspec routes were not deleted on routing-instance delete, leading to RPD crash.PR1715599

fec-codeword-rate data with render type decimal64 is rendered as string in grpc python decoder.PR1717520

The requirement is to logout all subscribers on a port that will be further used in an SGRP, as config commit will not flag the existent subscribers for this port.PR1719297

Segmentation fault on grpc timer thread (might be related to keepalive) #32085 grpc issue https://github.com/grpc/grpc/issues/32085 grpc stack needs to be upgraded to 1.53 or later.PR1722414

In Subscriber Management, adding or deleting subscriber groups and subscriber group tags with one commit operation might generate an authd process core file. PR1722802

The issue is related to the help syslog "^PFE_?" command tried on the configuration mode. As of now in some of the ERR_MSG tags are not listed when this command is triggered. This issue does not affect any functionality, but the impact is some of the Error message tags used are not listed when 'help syslog' command is used.PR1732668

400g option is visible under "set chassis fpc 0 pic 0 port port_num speed" command. For example: # set chassis fpc 0 pic 0 port 20 speed ? Possible completions: 100g Sets the interface mode to 100Gbps 10g Sets the interface mode to 10Gbps 200g Sets the interface mode to 200 Gbps 25g Sets the interface mode to 25Gbps 400g Sets the interface mode to 400Gbps 40g Sets the interface mode to 40Gbps 50g Sets the interface mode to 50GbpsPR1734654

With a two-color policer configured on Aggregate Ethernet interfaces, the "queue-counters-trans-bytes-rate" counter may display an incorrect value.PR1735087

On all Junos devices, the time needed to commit increases when a Trusted Platform Module (TPM) is configured.PR1738193

On MX Series Virtual Chassis, because of the timing issue, when you restart the device, RPD will not spawn again. This issue is rarely reproducible.PR1740083

On Junos OS Evolved ACX platforms with GRES (Graceful Routing Engine switchover), after performing GRES switchover jdhcpd doesn't start on the new master RE (Routing Engine) due to which DHCPv4/v6 (Dynamic Host Configuration Protocol) session binding will be lost resulting in traffic loss.PR1740530

On MX Series platforms with MS-MPC/MS-DPC, when the system is busy in the creation/deletion of sessions results in the picd process crashes for executing the CLI command "show service sessions/flows" or "clear service sessions/flows" aggressively (executing CLI command in 5-10 secs iteration).PR1743031

[TIMING BITS] - LOS alarm not generating when BITS is in LOS state. PR1744419

On all Junos platforms with dual RE, error message: 'Minor potential slow peers are: X' will be seen. Due to some reason the PFE/PIC will be slow and services will face latency issue. the peerbuf list gets full, peer proxy could not enqueue further IPCs (ifstate chain/peer update to backup gets stalled ) causing pfe/pics to be a slow consumer, this impacts service on the device. PR1747077

On Junos using afeb/tfeb way of communication to PFE that is MX80/MX104 platforms with Virtual Router Redundancy Protocol (VRRP) configured, deleting a member link from the Aggregated Ethernet (AE) bundle removes the VRRP filter entry in the Packet Forwarding Engine (PFE) which causes VRRP traffic to get dropped even though other active member links in the AE bundle exists.PR1747289

On MX104 platform with MACSEC MIC, the 'per-unit-scheduler' configuration on the MACSEC MIC interface results in the PFE crash leading to traffic impact.PR1747532

On Junos QFX/EX platforms, the Packet Forwarding Engine (PFE) crash is observed while applying the firewall filters.PR1750828

Mx304 the primary Routing Engine reports core-spmbpfe and secondary Routing Engine reports core-lcmd. PR1752639

On MX2020, MX2010, MX10K4, and MX10K8 platforms and MPC11E, LC9600, LC4800 line cards, linecard loses all fabric planes (no links active) and takes all interfaces down when another linecard is powered off ungracefully .PR1762114

Continuous reads can be performed by the control plane server side in some situations even when the external entity or client has closed the connection. This can cause increased control plane process CPU utilization.PR1765417

On MX Series platform with a combination of MPC1-9, LC480, LC2101, and MPC10E, MPC11E, LC9600 line cards, when preserve-nexthop-hierarchy configuration statement enabled and maximum-ecmp configured with more than 32 next-hops in the MPLS fast-Reroute (MPLS-FRR) and BGP multipath scenario, packet loss when primary path is added back in ECMP nexthop (say after primary interface or session is marked UP) will be higher compared to that on MX Series platform with MPC1-9, LC480, LC2101 line cards only, OR with MPC10E, MPC11E, LC9600 line cards only. This packet loss is proportional to the value in maximum-ecmp configuration.PR1765856

This error is only seen during corner case when you upgrade unified ISSU with scale configuration. The unified ISSU command still completes successfully even with this error. .PR1765931

For certain releases, performing unified ISSU on MPC10 or MPC11 might generate an FPC core file. PR1766307

SFB3 could go offline due to "[FATAL] Tx Async FIFO Underflow INTR for ZFIO" interrupt happened during SFB3, ADC, MPC7E links initialization. PR1768592

On all Junos OS and Junos OS Evolved MX Series platforms, it is observed that when EVPN-MPLS and Preserve-nexthop-hierarchy are configured, then the address-resolution protocol (ARP) resolution fails and impacts the MPLS header packets that are sent to the MPLS core.PR1776913

On MX Series platforms the "vxlan-gpe source-udp-port-range" feature is not working as expected leading to a traffic drop at the destination node if it validates the source port range.PR1781948

If a PFE ASIC has a fatal fault leading to PFE Disable, there is a possibility that Fabric REQ Timeout logs may continue to flood the log messages for that PFE even though the PFE is no longer doing any traffic. These log messages can be ignored, but they will result in the /var/log/ message file being rotated frequently.PR1788846

On Junos OS platforms, when ISSU (in-service software upgrade) is initiated, a process called INDB (Incompatible Database) will be triggered to perform a pre-check on database compatibility. There could be some corner case that causes the INDB crash. If that happens, the ISSU should be aborted.PR1740744

The configuration of a private route doesn't support GRES, such as fxp0, when imported into a non-default instance or logical system. As a workaround, resolution rib policy is required. See KB26616. PR1754351

You can configure the routing platform to track IPv6-specific packets and bytes passing through the router. To enable IPv6 accounting, include the route-accounting statement at the [edit forwarding-options family inet6] hierarchy level: [edit forwarding-options family inet6] route-accounting; By default, IPv6 accounting is disabled. If IPv6 accounting is enabled, it remains enabled after a reboot of the router. To view IPv6 statistics, issue the show interface statistics operational mode command. PR717316

Logical interface counter has a counter named "IPv6 transit statistics". It can be confirmed on show interfaces extensive command output. However, this counter is originally for IPv6 total statistics(transit + local) and the counter name was wrong from the first. On older releases like 19.1R1, as the support for IPv6 local stats was not available the local statistics was always zero. So, the meaning of the counter name was the same to the counting content coincidentally. In latest releases support for IPv6 local stats has been added but the counter name was not changed. As the local stats will not be zero the difference between the meaning of the counter name and the counting content started being visible. PR1631200

On all Junos OS platforms, if a speed mismatch happens in the link aggregation (LAG) and member interface then a traffic drop will be seen.PR1725168

On platforms like mx204, in case of near-end loss in SLM, "Near-end loss" percentage in CLI or jnxSoamLmCurrentStatsBackwardAvgFlr in SNMP will show very high, out of range values.PR1754637

On MX104 platforms, when Active-Lease Query (ALQ) enabled with Dynamic Host Configuration Protocol (DHCPv6) relay agent configuration, ALQ syncing for DHCPv6 Transmission Control Protocol connection will not work due to issues while processing the ALQ messages and TCP handshake messages at peer.PR1727624

in a H-VPLS network with VPLS hot-standby and the configuration statement routing-options forwarding-table vpls-hotstandby-convergence enabled on spokes, if the active hub is rebooted, 20-25 seconds loss for inter-zone traffic stream is seen. This is due to hubs in other zones connected by full-mesh ldp, starting global repair before spokes starting local repair.PR1699645

On Junos OS and Junos OS Evolved platforms in the VPLS multi-homing with multicast snooping enabled, the multicast traffic looping will be observed due to L2 (Layer 2) Multicast traffic being sent on the access interface status marked as CCC-DOWN.PR1774580

Tag rnh appears to be freed somewhere in the corner case, but the relevant pat node has been missed to delete from the tag patricia tree. That makes tag rnh/(pat_node->Tnh) a dangling pointer and later on, it results in a crash while accessing invalid pointer addresses in the tag rnh/Tnh structure.PR1707053

Trace route in MPLS OAM on SR over IPv6 may fail in ECMP case if EVO box is in topology. This is because linux kernel in EVO puts an auto flow label on every IPv6 packet. This flow label is transparent to daemon process, which uses a null value for it and calculates the NH details. PFE however takes the flow label into account and calculates the NH details. This difference in calculation of NH details leads to a mismatch in the path the packet takes to the destination and can cause trace route to fail.PR1710285

LDP sync not complete with NSR (stuck at Inprogress forever) when "protocols ldp strict-targeted-hellos" is enabled when LDP signalled VPLS is configured.PR1725519

In some NAPT44 and NAT64 scenarios, Duplicate SESSION_CLOSE Syslog will be seen. PR1614358

After upgrading the Junos OS on DUT, yang package with lower revisions are available in upgraded Junos OS version. PR1693646

When the deactivate services rpm and deactivate routing-options rpm-tracking configuration statements are applied together and then committed, some of the rpm tracked added routes are not deleted from the routing table. Issue cannot be seen using the following steps. 1. deactivate routing-options rpm-tracking 2. commit the configuration then all the rpm tracked routes will be deleted. If the RPM service needs to be deactivated, 3. deactivate services rpm 4. commit. PR1597190

MVPN RVT MX EA cards: RVT interface traffic statistics are not proper. PR1755516

R1 which is in DF forwards BUM traffic to CE where only DF PE is supposed to forward. PR1757314

Auto export feature requires a target tree to be created for it to function. This target tree is created when an exporter has an export policy with that target configured under "then" clause and an importer has that target configured under the "from" clause. Without this target tree, the route will not be exported. Say we have a situation where an instance 'VRF-1' with auto export configured has a route with a target and an importer 'VRF-2' has a policy accepting this route. 1) VRF-1 will not export the route unless its export policy has that target community configured under "then" clause. 2) Let us assume VRF-1 does not have the target community configured under "then". So the target tree is not created. Now let us assume another instance VRF-3 has an export policy with that community configured under "then". Now, VRF-1 will export that route to the VRF-2. This is why it is inconsistent. If VRF-1 wants to export the route, a config change in VRF-3 should not suddenly allow the export to happen.PR1745957

Certain BGP traceoption flags (for example, "open", "update", and "keepalive") might result in (trace) logging of debugging messages that do not fall within the specified traceoption category, which results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294

LDP OSPF are in synchronization state because the IGP interface is down with ldp-synchronization enabled for OSPF. user@host> show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1 Type: P2P, Address: 10.0.60.93, Mask: 255.255.255.252, MTU: 9100, Cost: 1050 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 2, Not Stub Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTC Protection type: None Topology default (ID 0) -> Cost: 1050 LDP sync state: in sync, for: 00:04:03, reason: IGP interface down config holdtime: infinity. As per the current analysis, the IGP interface goes down because although LDP notified OSPF that LDP synchronization was achieved, OSPF is not able to take note of the LDP synchronization notification, because the OSPF neighbor is not up yet. PR1256434

On MX Series platforms, unexpected log message will appear if the CLI command show version detail or request support information is executed: test@test> show version detail *** messages *** Oct 12 12:11:48.406 re0 mcsnoopd: INFO: krt mode is 1 Oct 12 12:11:48.406 re0 mcsnoopd: JUNOS SYNC private vectors set PR1315429

On all Junos and Junos Evolved platforms, the rpd ( routing protocol daemon) can crash when PIM (Protocol Independent Multicast), MoFRR (Multicast only Fast Reroute) configuration is present and some network churn event such as continuous interface cost changes, resulting in a change of active and backup paths for ECMP (Equal Cost Multi-Path) happens. There will be service impact because of the rpd crash but the system self-recovers until the next crash.PR1676154

Errors might be seen on ephemeral commit during ISSU.PR1679645

BGP LU statistics does not report correct statistics when sharding is enabled. PR1684238

On all Junos OS and Junos OS Evolved platforms, whenever a commit is done, that involves mcsnoopd daemon config parsing such as (VLAN creation/deletion, interface add/delete to VLAN, interface enable/disable, IGMP (Internet Group Management Protocol) snooping/MLD (Multicast Listener Discovery) snooping related config commands) mcsnoopd will consume CPU. In less scaled setup (few IGMP snooping enabled VLANs and few hundred IGMP snooping memberships), the CPU time taken is less. In a more scaled setup (many IGMP snooping-enabled VLANs and a few thousand IGMP snooping memberships), the CPU may reach >90%. Since mcsnoopd is taking high CPU, it may affect other daemons like rpd. It may affect all the protocols if the CPU is not available to the protocols/daemons. This can impact route entries expiring and cause traffic drop.PR1710565

Egress statistics are not seen on Junos Telemetry interface sensor configured over the segment routing. PR1700063

On all platforms, high rpd CPU utilization might be observed when a routing related commit is performed in a high-scaled environment having BGP groups configured with VPN family (inet-vpn, inet6-vpn). No traffic impact or protocol flap will be seen but unexpected high rpd CPU utilisation will raise operational challenges, especially if the system is very scaled.PR1728829

On all Junos OS and Junos Evolved platforms, with BGP Monitoring Protocol (BMP) configured when a BGP peer import policy configuration change is committed that triggers the BGP reconfiguration job for routes re-evaluation, then high Routing Protocol Daemon (rpd) CPU utilization up to 100% will be observed for a long time which may impact routing as high rpd utilization can starve some processes.PR1729733

On all Junos OS and Junos OS Evolved platforms with dual Routing Engine and Multicast Virtual Private Network (MVPN) enabled, when the user initiates a GRES, it triggers a route change from the MVPN . During this process, there's a gap where traffic loss is observed because the flood next hop pointed to the route gets deleted.PR1747703

Additional ipmsi-min-rate option provided as part of existing min-rate to configure separate rate for IPMSI, if configured. If not configured, the existing min-rate will be applicable for both IPMSI and SPMSI.PR1788769