Open Issues

Default FC names (Factory defaults) can't be redefined in Junos-EVO. Different/Custom FC names can be used as an alternative. This has no bearing on the functionalityPR1827230

If there is Multicast-router-interface marked on an IFL part of Snooping, if remote IGMP querier ceases or IFL is disabled then the Multicast-router-interface state on IGMP/MLD Snooping will be timed out by default in 255 secs. Till then all Multicast traffic will be sent out of that interface. This is as per RFC. The issue can be mitigated by configuring the query-interval to tune the other querier timeout to lower value so that Multicast-router-interface marking is cleared soon and the Type-3 is advertised with IGMP-Snooping in Mcast community PR1909989

On the MX104 platform, when using snmpbulkget or snmpbulkwalk (for example, used by the SNMP server) on a chassisd-related component (for example, jnxOperatingEntry), chassis process (chassisd) high CPU usage and slow response might be seen because of a hardware limitation, which might also lead to a query timeout on the SNMP client. In addition, the issue might not be seen while using an SNMP query for interface statistics. As a workaround, to avoid the issue, use either of the following approaches: Use snmpget or snmpwalk instead of snmpbulkget or snmpbulkwalk and include the -t 30 option when doing the SNMP query. For example, snmpget -v2c -c XX -t 30. Use the -t 30 option with snmpbulkget or snmpbulkwalk. For example, snmpbulkget -v2c -c XX -t 30. PR1103870

In some NAPT44 and NAT64 scenarios, Duplicate SESSION_CLOSE Syslog will be seen. PR1614358

Multiple vulnerabilities have been resolved in MQTT (Message Queuing Telemetry Transport) included with Junos by fixing vulnerabilities found during external security research. Please refer to https://supportportal.juniper.net/JSA71655 for more information.PR1651519

There will be drop of syslog packets seen for RT_FLOW: RT_FLOW_SESSION_CREATE_USF logs until this is fixed. This will not impact the functionality.PR1678453

When LAG is configured with mixed speed interfaces switching to a secondary interface of different port speed, results in a few packet drops for a very short duration. PTP remains lock and there is no further functional impact. PR1707944

In Netconf private edit configuration session, commit RPC fails when unprotect operation is performed. PR1751574

PR1735843 has fixed a VM core on ACX5448 platform with the reason "panic: deadlres_td_sleep_q: possible deadlock detected". The same issue might also be seen on all other JUNOS vmhost platforms but with a different root cause.PR1776854

Junos (JET) telemetry that is pre-gNMI telemetry that uses sensors that are of a double data type are converted to a float data type when streamed to a collector.PR1777319

On MX104, the AFEB could crash and reboot following a change of PTP GM clock source, which affects traffic forwarding.PR1782868

An Improper Resource Shutdown or Release vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). Please refer to https://supportportal.juniper.net/JSA100088 for more information.PR1806872

JDI-RCT:M/Mx: IS-IS session over MPC11 cards flapped due to "3-Way handshake failed" during ISSU (FRU upgrade stage - reboot phase)PR1809351

On MX platforms with MS-MPC/MS-MIC with IPsec (Internet Protocol Security) configured, IPsec traffic loss will be observed if an SA (Security Association) deletion request is sent by the peer just before the SA installation is completed. The issue happens in the scale scenario (4000 tunnels are configured, and when the SA count reaches up to 3900).PR1825835

With EVO migration of dhcp client to dhcpcd , both V4 and V6 will now use the same client. Because of this, if DHCP is enabled for only one family, show dhcp[v6] client binding will always show one client irrespective of whether the the family in show command is enabled or not.PR1842656

JDI REGRESSION:VIRTUAL_REG : PCCD core found @ std::__1::__tree_node_base<void*>::__set_parent std::__1::__tree_left_rotate std::__1::__tree_node_base<void*>*> std::__1::__tree_balance_after_insert std::__1::__tree_node_base<void*>*>PR1843256

It should not be a show-stopper for customer release, as there will be no impact on traffic, problem on displaying extra lanes in SNMP query.PR1844751

On MX platforms with VMhost-based NG-RE, image validation fails with "mgd: error: xsl:import : unable to load /var/db/scripts/import/junos.xsl" while performing software downgrade from 24.2 or later releases to releases older than 23.4 (from 24.2 to < 23.4). Downgrade to 23.4 is not affected.PR1847420

On MX platforms with MPC5/MPC7 line cards when there are active pseudo wire subscribers and there is a change in the tunnel-services bandwidth configuration, FPC (Flexible Physical Interface Card Concentrators) crash is observed with the subsequent impact on the traffic.PR1849552

The pfed process crashes after downgrading Junos MX/EX/QFX platforms below the 22.3 releases. It doesn't cause any traffic and service impact. There will be loss of some statistics.PR1854637

The zeroize command not working.PR1857029

Mixed type of anchor PFE on APFE config is not supported. PR1861177

On QFX10K2-60C switches, if traffic is coming from MPLS and going towards EVPN VXLAN tunnel (problem with the next-hop via ARP/IPV6 NDP to reach final destination IP) then traffic drop will be seen.PR1861501

On MX chassis with ULC with asymmetry configured on PTP slave ports, we see small spikes which in the TIE values which are more than the expected range. The TIE values however falls within the expected range after few seconds.PR1867423

When a PTP source switchover event occurs either due to a LC reboot or optics removal on the peer side, we see 1 errored PTP packet on the slave end of a Hamilton LC. The errored packet does not cause any PTP performance issue and PTP quickly phase-aligns with new source.PR1869672

On rebooting DCI (Data Center Interconnect) Gateway device, while the device is coming up, multicast traffic drop is observed in the highly scaled config. The traffic drop is observed in the following condition. The rebooted device was the EVPN DF on I-ESI and after coming up, the DF election is triggered and the device is elected as EVPN DF on I-ESI. After coming up and elected as DF, the device builds the multicast routes afresh. This results in traffic drop.PR1872219

Jvision sgrp jvalue goes into unhealthy state: CP is reporting it as unhealthy in jvision reportsPR1878146

On all Junos platforms with management interface em0 disabled, the management port remains unreachable after performing RE switchover or rpd restart events and re-enabling the management port.PR1882329

On Junos platforms utilizing the JNP10008-SF (aka SIB8), systems experience CRC errors on fabric links between the SIB and the FPC (Flexible PIC Concentrator). These errors are attributed to electrical noise on an internal power rail within the SIB. This condition will lead to multiple FPC-to-SIB link failures, potentially affecting traffic forwarding and overall fabric stability.PR1882584

On all MX platforms with Broadband Edge Subscriber Management configured, the bbe-smgd process crashes when the multicast sync service add publish fails. This crash is automatically recovered by the system without requiring manual intervention.PR1882756

BNG Controller: Issue with changing the IP address of an active BNG user-planePR1890895

BNG user plane: Changing the BNG Controller name is allowed after the user-plane is already associated with the BNG Controller and subscribers are logged in. This leaves the system in a bad state. PR1891388

Updating BNG-UP IP Address leaves user-plane in READY state.PR1892276

On all Junos MX platforms that have MS-MPC or MS-MIC service cards installed, the use of the CPU throttling can cause the production service sessions to be dropped.PR1899178

In BGP-CT scenario at ASBR instead of swap operation, we have a pop and push NH programmed which results in pops the transport and service label and then pushes only transport label. Due to this service label is lost and once it reaches Penultimate Hop Router we pops (PHP) the transport label and sends plain IP packet and because service label is lost the DUT is unable to identify the VRF and results in default route reject.PR1902144

Support for Virtium SSD firmware upgrade for Mclaren RCB not available in 25.2R1-S1. Fixed in later releases.PR1907227

On MX150 platforms, enabling sampling, jFlow, or firewall features causes continuous mbuf pool leaks, leading to system crash or interface/protocol flaps. The issue can occur after loading the configuration or sending traffic related to the said features.PR1908413

When AE interface (member links) are configured with MACsec, the MKA session establishes successfully when the default standard MAC address is used. However, when a custom unicast MAC address is configured, the MKA session does not come up. This is not a common use case, but the workaround is to allow the MKA session to operate with the default MAC address instead of a custom unicast MAC address.PR1909930

While verifying export EFP group, sensor components verification failedPR1922040

Graceful Routing Engine Switchover (GRES) not supporting the configuration of a private route, such as fxp0 , when imported into a non-default instance or logical system. Please see KB https://kb.juniper.net/InfoCenter/index?page=content&id=KB26616 resolution rib policy is required to apply as a work-aroundPR1782934

The commit failure "Change in hierarchical-scheduler mode is not allowed" (given in description) can be seen after multiple iterations of loading test config and overriding with baseline config.PR1849110

Day-1 issue, DHCP subscribers are not going down when PFE is disabled where AE with single leg is present with BFD enabled.PR1837994

On all Junos and Junos OS Evolved platforms where RSVP (Resource Reservation Protocol) configuration is present and a RSVP enabled interface has 2 IP address of which one is configured as primary/preferred in that case the RSVP Hello message uses the secondary IP address to form neighborship.PR1881609

Issue is related to only user defined routing-instance. In this case DUT is connected to two remote-servers through the same Routing-instance. when the route for above connection is deleted and added back from the server side, stale connections are seen. This is because when routes are deleted SYN_SENT are not acknowledged but Application closes the socket. when the routes are again added, application creates new sockets and connects to the remote-server, at the same time Previous SYN_SENT got ack and moved to ESTABLISHED state. this causes stale connections. There is no impact-on functionality, Issue is seen only on Junos platform and for only user-defined RI. Infra code need to be changed to handle socket close error conditions that needs more code churn, time and thorough testing. PR1825311

An Authentication Bypass by Spoofing vulnerability in the RADIUS protocol of Juniper Networks Junos OS and Junos OS Evolved platforms allows an on-path attacker between a RADIUS server and a RADIUS client to bypass authentication when RADIUS authentication is in use. Please refer to https://supportportal.juniper.net/JSA88210 for more information.PR1850776

On MX platforms with MPC10/MPC11/LC9600/LC4800 linecards and MX304/MX301 platforms, if SCFD (Suspicious Control Flow Detection) is enabled and lot of flow are tracked on the device, error logs might be reported when the table overflows. This is purely a display issue.PR1897237

LDP OSPF are in synchronization state because the IGP interface is down with ldp-synchronization enabled for OSPF. user@host> show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1 Type: P2P, Address: 10.0.60.93, Mask: 255.255.255.252, MTU: 9100, Cost: 1050 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 2, Not Stub Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTC Protection type: None Topology default (ID 0) -> Cost: 1050 LDP sync state: in sync, for: 00:04:03, reason: IGP interface down config holdtime: infinity. As per the current analysis, the IGP interface goes down because although LDP notified OSPF that LDP synchronization was achieved, OSPF is not able to take note of the LDP synchronization notification, because the OSPF neighbor is not up yet. PR1256434

On MX platforms, unexpected log message will appear if the CLI command show version detail or request support information is executed: test@test> show version detail *** messages *** Oct 12 12:11:48.406 re0 mcsnoopd: INFO: krt mode is 1 Oct 12 12:11:48.406 re0 mcsnoopd: JUNOS SYNC private vectors set PR1315429

In large scale routing instance config, please provide interval of 20-30 mins for system to stabalize.PR1883895

A wrong remote id received from peer results in AUTH failure and this fails the IKE SA setup. This immature IKE SA doesn't go for proper cleanup hence "Not matured" IKE SA piles UP. Restarting the kmd will clear the Not matured SAs.PR1797377

On all MX platforms with MS-MPC (Multiservices Modular PIC Concentrator), when DPD (Dead Peer Detection) is enabled under IPsec/IKE (Internet Key Exchange) VPN settings and for any reason an IPsec SA (Security Association) is deleted, the kmd process crashes. Due to the kmd process restart some disruption in tunnel establishment is seen.PR1869769