Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Open Issues

Learn about open issues in this release for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • After GRES, VPWS Switchover occurs only after NSR Phantom Timer expires. The NSR Phantom timer is configurable. This can result in packet loss for that duration. PR1765052

Forwarding and Sampling

  • After switchover in MX2010 platform , test configuration is removed with load update and then rollbacked. During rollback commit , configuration commit failed with below error: error: commit-check-daemon : Invalid XML from dfwd error: configuration check-out failedPR1829614

General Routing

  • Runt, fragment and jabber counters are not incrementing on EX4300-MPs.PR1492605

  • The Sync-E to PTP transient simulated by Calnex Paragon test equipment is not real network scenario. In real network deployment model typically there will be two Sync-E sources (Primary and Secondary) and switchover happens from one source to another source. MPCE7 would pass real network SyncE switchover and associated transient mask. PR1557999

  • There will be drop of syslog packets seen for RT_FLOW: RT_FLOW_SESSION_CREATE_USF logs until this is fixed. This will not impact the functionality.PR1678453

  • Probe status is showing "Unhelpful,abort" while running P2mp LSP traceroute.PR1697658

  • When LAG is configured with mixed speed interfaces switching to a secondary interface of different port speed, results in a few packet drops for a very short duration. PTP remains lock and there is no further functional impact. PR1707944

  • The fec-codeword-rate data with render type decimal64 is rendered as string in grpc python decoder.PR1717520

  • Error message might occur once in a while with full scale during negative scenarios like clear bgp neighbor all with all the services like EVPN, vrf etc being present.PR1744815

  • MX480 CommonDiag:: JDE3(volt_services_show_clients) failing on MPC7e. PR1747033

  • MX2010 Diagnostics::Jde3Diag(phy_reg_access) test is failing. PR1747297

  • On all Junos and Junos evolved platforms with telemetry enabled, if the streaming server and export profile for reporting-rate are not properly configured in the analytics settings, rebooting the FPC would prevent any of the interfaces from coming up.PR1779722

  • Additional logging has been added to the primry Routing Engine. This is to help narrow down the issue which chassisd process restarted unexpectedly at snmp_init_oids( ) function on the primary Routing Engine while booting up. PR1787608

  • On all Junos and Junos Evolved platforms, repd core observed (in the "from" release) during unified ISSU.PR1797189

  • When interfaces with different speed are configured as members of AE, some of the members are not added to AE. And if GRES is enabled, vmcore might be generated on backup RE. PR1799451

  • MPC11 In-Service-Software-Upgrade command fails from release 24.1R1 to 24.2R1 and causes MPC11 linux crash. The issue only applies to ULC image.PR1803205

  • If standalone device has vccpd running with configurations as per virtual chassis, then it is considered a virtual chassis and not a standalone device. All messages seen will be as per virtual chassis as well.PR1805266

  • M/Mx: IS-IS session over MPC11 cards flapped due to "3-Way handshake failed" during unified ISSU (FRU upgrade stage - reboot phase). PR1809351

  • The set chassis no-reset-on-timeout is a debug command for SPC3 to prevent it from rebooting in case of issue. It is not to be set during normal operations since SPC3 might need reboots to come online. PR1809929

  • [MX] : [UT] During RE reboot with PTP FPGA, Correctable and uncorrectable AER errors seen. Issue seen with Doon RCB as well. PR1817097

  • Traffic loss will be seen on 1G-SFP-T if speed is configured to 100m. 1G SFP-T has the AN feature enabled but the PHY we have b/w SFP-T and switch ie., PHY82756 does not support AN and this mismatch is causing the traffic loss. This needs feature enhancement PR1817992

  • Observing that actual total count is not matching with exact count while verifying no of files present under /var/log in r0 device. PR1819456

  • Multicast packets duplication happens under the condition ELAN + MVPN network and RP is out side of its core network. In this scenario, egress PE which is non-DF will send back multicast traffic to core side duplicated traffic will happen. PR1820746

  • On MX platforms with MS-MPC/MS-MIC with IPsec (Internet Protocol Security) configured, IPsec traffic loss will be observed if an SA (Security Association) deletion request is sent by the peer just before the SA installation is completed. The issue happens in the scale scenario (4000 tunnels are configured, and when the SA count reaches up to 3900). PR1825835

  • CLI /RPC "show bgp group rib-sharding all"/"get-bgp-group-information" failure with XML CRITICAL ERROR and ODL Validation failure. PR1826803

  • On MX platforms with MS-MPC and CGNAT (Carrier-Grade Network Address Translation) configured, a large number of "out-of-address" errors and stale NAT mappings for SIP (Session Initiation Protocol) traffic can occur. This can lead to a lack of available resources and cause new connections to be dropped. PR1826847

  • As per OpenSSH 9.0/9.0p1 release notes: "This release switches scp(1) from using the legacy scp/rcp protocol to using the SFTP protocol by default." In this case, since we are running OpenSSH 9.0 and above- OpenSSH_9.7p1 , this uses the "SFTP" protocol by default when scp command is invoked from shell. However, vSRX3.0 supports the "SCP" protocol by default when scp command is invoked. So to use the legacy "SCP" protocol from shell, please use the -O command line option For example: scp -O other arguments Note: Incoming SCP connections from outside hosts that are running OpenSSH version 9.0/9.0p1 could fail since sftp-server is disabled by default in Junos OS . Hence, users should either use the -O option on remote host while initiating scp file transfer OR enable sftp-server in the Juniper configuration. To enable sftp-server in Juniper configuration, use the following hierarchy: set system services ssh sftp-server PR1827152

  • MX304: show chassis synchronization extensive CLI output shows syncE is locked to both primary and secondary sources after switching between primary and secondary sources in hybrid mode. The issue is only with CLI display. No functional impact. The Clock Event" field in both primary and secondary source is shown as Locked which is wrong. The trigger for this scenario is - set the primary interface port down so that syncE switches to secondary source and then bring back the primary interface either through port down or LMIC offline and online. PR1841695

  • When trying to console into the GNF using a non-root user in Juniper Device Manager JDM users are not able to console. PR1842451

  • IPv4 frame routes which are not using /32 prefix length do not get applied. PR1855891

  • On Junos MX Series routers with MS-MPC/MS-MIC cards, when clear service sessions are executed from multiple windows (approximately 5 terminals), the PIC reboots and eventually all the service traffic will be impacted.PR1827806

  • When performing ISSU on MX-series routers from 23.4R1 to 24.4R1, repd will core in master RE during image validation phase and RE goes to # prompt. PR1855947

High Availability (HA) and Resiliency

  • Graceful Routing Engine Switchover (GRES) not supporting the configuration of a private route, such as fxp0 , when imported into a non-default instance or logical system. Please see KB https://kb.juniper.net/InfoCenter/index?page=content KB26616 resolution rib policy is required to apply as a work-around. PR1754351

  • OSPF neighborship goes down after NSR (Nonstop routing) switchover due to link flapping on Junos OS Evolved platforms with Dual RE and IPSEC configuration. PR1848313

Interfaces and Chassis

  • Junos MX | iflset stats not getting cleared after issuing clear interfaces stats all and clear interfaces interface-set statistics all CLI command. PR1741282

Layer 2 Ethernet Services

  • On MX104 platforms, when ALQ (Active-Lease Query) enabled with DHCPv6 (Dynamic Host Configuration Protocol ) relay agent configuration, ALQ syncing for DHCPv6 TCP (Transmission Control Protocol) connection will not work due to issues while processing the ALQ messages and TCP handshake messages at peer. PR1727624

  • In order to allow protocol daemons (such as rpd, dot1xd et. al.) to come up fast when master password w/ TPM is configured, the daemons must be allowed to cache the master-password when they read their config. In order to cache the master-password, the daemons must individually reach out to the TPM to decrypt the master password and cache it in their memory. This scenario leads the TPM to be flooded with decryption requests, and therefore causes the TPM to be busy and start rejecting decryption requests. To prevent the daemons from core dumping in this scenario, and to allow successful decryption of secrets, we retry the decryption request to the TPM. However, to allow the TPM queue to drain, we introduce a sched_yield() call before retrying to sleep for 1 quantum of time. Without this, we will fail on all our retries. Additionally, a decryption request can also take a large amount of time (> 5 secs). This results in SCHED_SLIP messages being seen in the logs, as the requesting process is idle while the decryption request is being processed by the TPM. This can exceed the SCHED_SLIP timeout, and result in libjtask logging the SCHED_SLIP messages into the configured system log file. These SCHED_SLIPs should not cause any route instability, are benign, and can be ignored as these are seen only during configuration consumption by the various daemons. PR1768316

MPLS

  • While performing unified ISSU if you have RSVP session scale, with ukern based MPCs you can experience few of the RSVP session protocols flap due to combined effect of ~12 secs dark window followed high utilization of CPU resource utilization by the local ttp rx thread (for ~13 secs). This problem can be avoided by the workaround provided.PR1799286

Network Management and Monitoring

  • In some NAPT44 and NAT64 scenarios, Duplicate SESSION_CLOSE Syslog will be seen. PR1614358

  • Issue: Multiple traps are generated for single event, when more target-addresses are configed in case of INFORM async notifications Cause: INFORM type of async notification handling requires SNMP agent running on router to send a Inform-Request to the NMS and when NMS sends back a get-response PDU, this need to be handled. In this issue state, when more than one target-address (NMS IP) is configured for a SNMP v3 INFORM set of configuration, when Get-Response comes out of order in which the Inform-Request is sent, the PDU is not handled correctly causing snmp agent to retry the Inform-request. This was shows as multiple traps at the NMS side. Work-around: For this issue would be to use 'trap' instead of 'inform' in the "set snmp v3 notify NOTIFY_NAME type inform" CLI configuration.PR1773863

  • Native junos modules in hello-message and yang modules in /var/run/db/yangs are not same. The build failure is due to a mismatch between the native Junos modules in the hello message and YANG modules in /var/run/db/yangs, causing the test to fail with a difference in lengths: 229 != 230. PR1816904

Platform and Infrastructure

  • On Junos platforms , the standby router goes into the error state when the switchover is performed. This will not impact the traffic. PR1847307

Services Applications

  • On all MX series platforms that support MS-MPC/MS-MIC cards, memory leak is observed on kmd (Key Management Deamon) process when IPSec VPN is configured with DiffieHellman group24. The issue is not seen on platforms that support iked process. Memory leak causes incorrect outputs for CLI ipsec/ike show commands and over time kmd might crash when reach its maximum memory, creating a core-dump and resulting in ipsec/vpn going down.PR1781993

Subscriber Management and Services

  • In Routing Engine show subscribers extensive shows ACTIVE state, and that resembles the IPDEMUX ifl (and SDB Session state) but the Pseudo IFL is not getting propagated when we take out the V6 family configuration. For V6 session it gives a deceiving notion on the health of the session ( show subscribers extensive shows state is ACTIVE where as flow is NOT present in PFE). Following CLIs need to be configured to have the FLOW propagated to the PFE. set dynamic-profiles ip-demux-profile interfaces demux0 unit "$junos-interface-unit" family inet6 demux-source $junos-subscriber-ipv6-address set dynamic-profiles ip-demux-profile interfaces demux0 unit "$junos-interface-unit" family inet6 unnumbered-address "$junos-loopback-interface IPDEMUX IFL / SDB Session has no dependency in terms of control plane "state machine" with the corresponding Pseudo IFL. Trying to tailor the state of IPDEMUX ifl / SDB Session w.r.t the pseudo ifl state increases complexity and introduces dependancy.PR1817549

  • DHCPv6 BLQ query is not working if queried with server address/server group since relay id information is not passed as part of query. PR1839348

User Interface and Configuration

  • On all Junos and Junos OS Evolved platforms, configuration changes using Python script in ZTP does not work and leads to errors. The following errors are seen: warning: [edit system scripts op allow-url-for-python] not enabled >>> error: The remote op script execution not allowed PR1718692

  • XML namespace string in rpc-reply tag for system-uptime-information was changed to represent the full version name. PR1842868