Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Open Issues

Learn about open issues in this release for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • A few duplicate packets might be seen in an A/A EVPN scenario when the remote PE device sends a packet with an IM label due to MAC not learned on the remote PE device, but learned on the A/A local PE device. The nondesignated forwarder sends the IM-labeled encapsulated packet to the PE-CE interface after MAC lookup instead of dropping the packet, which causes duplicate packets to be seen on the CE side. PR1245316

  • After GRES, VPWS Switchover occurs only after NSR Phantom Timer expires. The NSR Phantom timer is configurable. This can result in packet loss for that duration. This needs to be fixed in DCB. PR1765052

Flow-based and Packet-based Processing

  • The subscription path for flow sensor shall be changed from /junos/security/spu/flow/usage to /junos/security/spu/flow/statistics. This change is done to maintain uniform format for subscription path in request and response data. PR1738832

General Routing

  • With Next Generation Routing Engine (NG-RE), in some race conditions, the following interrupts messages might be seen on master RE: kernel: interrupt storm detected on "irq11:"; throttling interrupt. source PR1386306

  • This log is harmless: Feb 27 20:26:40 xolo fpc3 Cannot scan phys_mem_size.out. Please collect /var/log/*.out (0;0xdd3f6ea0;-1) (posix_interface_get_ram_size_info): Unknown error: -1. PR1548677

  • Due to a race condition, the 'show multicast route extensive instance instance-name output can display the session status as Invalid. Such an output is a cosmetic defect and not indicative of a functional issue. PR1562387

  • The output of show network agent command should be null, which shows statistic per component after GRES. PR1610325

  • Percentage physical-interface policer is not working on the aggregated Ethernet after switching between baseline config to policer configuration. PR1621998

  • There will be drop of syslog packets seen for RT_FLOW: RT_FLOW_SESSION_CREATE_USF logs until this is fixed. This will not impact the functionality. PR1678453

  • Current stack and display is correctly set to 128 ports that is qualified on all MX10K8 line cards. PR1706376

  • When LAG is configured with mixed speed interfaces switching to a secondary interface of different port speed, results in a few packet drops for a very short duration. PTP remains lock and there is no further functional impact. PR1707944

  • On MX2020 devices, the chassisd process generates core file during feature test as Retaining the SLC name modify the CPU nos in configuration. PR1713626

  • fec-codeword-rate data with render type decimal64 is rendered as string in grpc python decoder. PR1717520

  • Segmentation fault on grpc timer thread (might be related to keepalive) #32085 grpc issue https://github.com/grpc/grpc/issues/32085 grpc stack needs to be upgraded to 1.53 or later. PR1722414

  • As a part of recent logging enhancement in cRPD. This will be applicable only for file configured under [edit system syslog hierarchy].We have shipped logrotate binary to rotate the syslog file in junos-osbase-ub22-hooks.sh.https://opengrok.juniper.net/source/xref/DEV_COM MON_BRANCH/junos/ddl/action-impl/junos/junos_foreign.c?r=1350442#3629.Below are the parameter related to logrotate for syslog file defined in container_logrotate file.crontab is scheduled default for 15min to rotate files configured under [edit system syslog hierarchy].based on requirement you can configure on below CLI knob.[edit system syslog log-rotate-frequency 1..59min] root@crpd3:/var# cat /etc/logrotate.d/container_logrotate. PR1727111

  • In Junos OS Release 23.4 nfx-3, high CPU utilization by vcpu thread of vjunos0. Same behavior may be observed with the vcpu thread of any VNF. PR1727654

  • Telemetry Stats are not visible for MPLS LSP( RSVP Based) when the core interface is MPC11/MPC10. PR1731587

  • When class-of-service with shaping rate is configured on Aggregate Ethernet interfaces, and the firewall policer queries the aggregated Ethernet member and not the aggregated Ethernet interface, the shaping rate or the policy configuration does not take effect as the shaping rate is not configured in the aggregated Ethernet member. PR1735087

  • On all Junos devices, the time needed to commit increases when a Trusted Platform Module (TPM) is configured. PR1738193

  • There must be at least one minute spacing between consecutive key rollovers. This includes key rollovers triggered by key chain, sak_key_interval, primary/fallback, packet count rollovers. PR1739933

  • On MXVC , Due to some timing issue when RPD is restarted, It will not be spawned again. This issue is rarely reproducible. PR1740083

  • Even though Source and Feed Redundancy are mutually exclusive, they appear as suggestions to each of them in Config CLI. This is due to the way, these commands are ordered in the DDL to simplify the use of them. However, commit will be blocked if user tries to enable both Source and Feed Redundancy in config. Hence No impact for feature usage and operation. PR1741630

  • On MX platforms with MS-MPC/MS-DPC, when the system is busy in the creation/deletion of sessions results in the picd process crashes for executing the CLI command "show service sessions/flows" or "clear service sessions/flows" aggressively (executing CLI command in 5-10 secs iteration). PR1743031

  • Session synchronization does not work on standby even after replication-threshold timer (150 seconds) is complete with SRD configuration. PR1744420

  • Error message might get generated once in a while with full scale during negative scenarios like 'clear bgp neighbor all' with all the services like EVPN, vrf etc being present. PR1744815

  • Traces on line cards with no SSDs are not available on line cards as well as Routing Engine. There is no infra to transport the traces to Routing Engine. PR1747957

  • On MX960 devices, the core-vmcore-ms2 process generates core files. PR1750581

  • Problem Statement: When Feed redundancy is configured and existing load does not support the Feed redundancy, Feed Redundancy will be deactivated with an Alarm "Feed redundancy unsupported". In MX Chasssis running Junos this alarm is raised at the system level instead of the individial PEM. This behaviour of alarm is different from EVO where the feed redundancy is deactivated at the individial PEM level. Reason: The implemenation of the power budgeting in Junos and EVO is different. In case of Juons the functional split between Junos and LCMD is the constraint in handling the power bugdting. It is handled at the Junos chassisd and hence this limiation for the Junos. Customer Impact: None. Except that there is a difference in Alarm behaviour between EVO and Junos. Since the "Feed redundancy unsupported" alarm is becuse of not able to support feed-redundancy for the exising load conditions, end user has to disable the feed reduncy or increase the power with additonal PEM or additional feeds on any PEM. PR1754234

  • SRv6 TE with logical-systems is not qualified in any release. A test only RLI may be required to qualify the same. PR1760727

  • For certain releases, performing ISSU on MPC10 or MPC11 can cause an FPC core. PR1766307

  • Removing PEM FRU from the chassis during its firmware upgrade is currenlty not allowed due to firmware upgrade limitations, leading to undefined software behaviour in such situations. PR1773895

  • On MX10008 devices, PLD is higher than 2000 msec on ungraceful removal of a Fabric board. PR1776054

  • The following network overrides will not be supported in a CUPS model: set system services subscriber-management overrides no-gratuitous-arp set system services subscriber-management overrides force-show-arp-no-resolve set system services subscriber-management overrides interfaces family inet receive-gratuitous-arp set system services subscriber-management overrides interfaces family inet receive-gratuitous-arp-reply set system services subscriber-management overrides interfaces family inet ipoe-dynamic-arp-enable set system nd-override-preferred-src set system services subscriber-management overrides no-gratuitous-nd. PR1781731

  • Even after "request vmhost power-off" LEDs keep lighting on. The LEDs state should be off because routing-engine doesn't have power in case of "request vmhost power-off". PR1781815

  • On AFT(Advanced Forwarding Toolkit) based MX platforms, default ARP(Address Resolution Protocol) policer fails because of which ARP resolution fails on the interface and hence the traffic gets impacted. PR1795940

  • We might observe repd core (in the "from" release) during ISSU. There are no functional impact due to this repd core. PR1797189

  • IKE is not coming up with dhgroup19 and dhgroup20. The below Junos releases are impacted. junos:21.2R3-S7 junos:21.4R3-S6 junos:22.1R3-S5 junos:22.2R3-S3 junos:22.3R3-S2 junos:22.4R3-S1 junos:24.1R1. So previous to these releases dhgroup19 and dhgroup20 should be working. PR1801201

  • On MX platforms with SCBE3-MX (MX240, MX480 and MX960) due to a hardware failure of the Control Board, the Routing Engine(RE) switchover might not happen. This will result in the 19.4Mhz clock failure and has potential risk for chassis wide traffic impact. In worst case all revenue ports will be impacted. If the RE switchover is done in a timely manner then the device will recover because FPCs will try using the 19.4Mhz clock from the new master. PR1801284

Interfaces and Chassis

  • You can configure the routing platform to track IPv6-specific packets and bytes passing through the router. To enable IPv6 accounting, include the route-accounting statement at the [edit forwarding-options family inet6] hierarchy level: [edit forwarding-options family inet6] route-accounting; By default, IPv6 accounting is disabled. If IPv6 accounting is enabled, it remains enabled after a reboot of the router. To view IPv6 statistics, issue the show interface statistics operational mode command. Can be found here: http://www.juniper.net/techpubs/en_US/junos10.4/topics/usage-guidelines/pol icy-configuring-ipv6-accounting.html. PR717316

  • IFL counter has a counter named "IPv6 transit statistics". It can be confirmed on "show interfaces extensive" command output. However, this counter is originally for IPv6 total statistics(transit + local) and the counter name was wrong from the first. On older releases like 19.1R1, as the support for IPv6 local stats was not available the local stats was always zero. So, the meaning of the counter name was the same to the counting content coincidentally. In latest releases support for IPv6 local stats has been added but the counter name was not changed. As the local stats will not be zero the difference between the meaning of the counter name and the counting content started being visible. PR1631200

  • The LAG (Link Aggregation Group) member links may flap on all Junos platforms except MX when the configuration of any interface is changed/modified. The flap is not seen always. PR1679952

  • On Junos and Junos OS Evolved platform, In a system with scaled interface config, when deleting entire config via openconfig at interfaces hierarchy, changes got fails because translation module takes more time to process to delete the entire configuration. PR1785035

J-Web

  • PHP software included with Junos OS J-Web has been updated from 7.4.30 to 8.2.0 to resolve multiple vulnerabilities. Please refer to https://supportportal.juniper.net/JSA71653 for more information. PR1698386

MPLS

  • On all Junos and Junos OS Evolved platforms, when MPLS (Multiprotocol Label Switching) statistics is configured without LSP (Label-Switched Path) configuration, the rpd process crashes and impacts the routing protocols. This leads to traffic disruption due to the loss of routing information. PR1698889

Network Management and Monitoring

  • In some NAPT44 and NAT64 scenarios, Duplicate SESSION_CLOSE Syslog gets generated. PR1614358

Platform and Infrastructure

  • On MX960 devices, JUNOS_REG:MX960:bgp stats convergence time is 76 and not within accepted limit of 70 Secs after restart routing. PR1734760

  • Firewall filter counters are not incremented as expected when filter is applied to IRB interface in the ingress/egress direction via forwarding table. PR1766471

Routing Protocols

  • Certain BGP traceoption flags (for example, "open", "update", and "keepalive") might result in (trace) logging of debugging messages that do not fall within the specified traceoption category, which results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294

  • LDP OSPF are in synchronization state because the IGP interface is down with ldp-synchronization enabled for OSPF. user@host> show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1 Type: P2P, Address: 10.0.60.93, Mask: 255.255.255.252, MTU: 9100, Cost: 1050 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 2, Not Stub Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTC Protection type: None Topology default (ID 0) -> Cost: 1050 LDP sync state: in sync, for: 00:04:03, reason: IGP interface down config holdtime: infinity. As per the current analysis, the IGP interface goes down because although LDP notified OSPF that LDP synchronization was achieved, OSPF is not able to take note of the LDP synchronization notification, because the OSPF neighbor is not up yet. PR1256434

  • On MX platforms, unexpected log message will appear if the CLI command 'show version detail' or 'request support information' is executed: test@test> show version detail *** messages *** Oct 12 12:11:48.406 re0 mcsnoopd: INFO: krt mode is 1 Oct 12 12:11:48.406 re0 mcsnoopd: JUNOS SYNC private vectors set. PR1315429

  • On all Junos and Junos Evolved platforms, when the shortest-path-first (SPF) algorithm for IS-IS is triggered frequently, CPU usage might increase and impact the device performance and traffic. PR1667575

  • On Junos platforms and Junos Evolved platforms, if a BGP peer goes down and stays down, the system might take an extremely long time to complete removing the BGP routes. The issue is observed when a BGP peer sends many routes, only a small number of routes are selected as the active routes in the routing information base (RIB, also known as the routing table), and if the BGP delete job gets only a small part of the CPU time because other work in the routing process is utilizing the CPU. PR1695062

  • When rib (Routing Information Base) contains IPv4 routes with IPv6 next-hops, these routes do not get re-advertised by IPv4 EBGP sessions unless export policy is configured to change it to IPv4 next-hop. PR1712406

  • On all Junos and Junos Evolved platforms with TI-LFA (Topology-Independent Loop-Free Alternate) feature enabled, when IP address is removed from one interface and is assigned to another interface in the same commit, the rpd process crashes affecting routing control plane. PR1723172

  • The BFD sessions bounce during ISSU if authentication is used. PR1723992

  • The openconfig-local-routing.yang from "1.0.0" to "2.0.0" in which this module is deprecated now. As we upgraded yang model for local-routes, it deprecated few xpaths that were previously supported: /local-routes/static-routes/static/ /local-routes/local-aggregates/aggregate/. PR1735926

  • With BGP sharding and NSR configured, rpd core is hit in master RE after repeated deactivate/activate routing-instances and interfaces. PR1742915

  • There are streaming Discrepancies for /adjacency-sids/adjacency-sid in /network-instances/network-instance/protocols/protocol/isis between Junos OS Releases 22.3R2-S1 and 20.X75-D51. There is a OC YANG version difference between the two releases and the OC YANG versions are not backwards compatible. The YANG version is tightly coupled with the release. PR1750314

  • Configuration of a global AS number is necessary when route target filter is enabled. Currently JUNOS cli does not enforce configuring a global AS number and it has been the behavior for a long time. Many unexpected issues may be seen without a global AS number. It's been a recommended practice to configure a global AS number in the field. PR1783375

Services Applications

  • On Junos MX80, MX240, MX480, MX960 platforms with Multiservices Modular Interfaces Card (MS-MIC), Multiservices Modular Port Concentrators (MS-MPC) service cards, in an issue where an old dynamic security association_configuration (sa_cfg) for a tunnel is present and trying to establish new sets of Internet Protocol Security Security Association (IPSec SAs) using a new Internet Key Exchange (IKE) SA established for the same remote device but with a different request. This can happen, if for some reason old sa_cfg is not cleaned (failed in clean-up). On crash, the Key Management Daemon (kmd) restarts but fails because of kernel instance mismatch present in the kernel database. So all the IPsec tunnels will be impacted. PR1771009

VPNs

  • This happens only when MVPN protocol has separate route targets configured and then both the address families are disabled. rpd (Routing process daemon) infra parsing does not check if MVPN protocol is disabled and hence will create the auto policies for route-targets if configured. So if those policies are not marked as active in MVPN configuration flow, it does not get resolved and thereby the policy object may not be valid thus leading to the core. PR1700345

  • On all Junos and Junos Evolved platforms with Dual RE and MVPN ((Multicast Virtual Private Network) enabled, when the user initiates a GRES ( Graceful Routing Engine Switchover) switchover, it triggers a route change from the MVPN . During this process, there's a gap where traffic loss is observed because the flood next hop pointed to by the route gets deleted. PR1747703