Open Issues

With Next Generation Routing Engine (NG-RE), in some race conditions, the following interrupts messages might be seen on primary RE: kernel: interrupt storm detected on "irq11:"; throttling interrupt source. PR1386306

In some NAPT44 and NAT64 scenarios, Duplicate SESSION_CLOSE Syslog will be seen. PR1614358

Multiple vulnerabilities have been resolved in MQTT (Message Queuing Telemetry Transport) included with Junos by fixing vulnerabilities found during external security research. Please refer to https://supportportal.juniper.net/JSA71655 for more information. PR1651519

EX4100-24mp,48mp,24p/t,48p/t,F-24p/t,F-48-p/t: In an interop scenario, when using 1G SFP Optic on PIC-2, auto-negotiation should be disabled on the peer. PR1657766

When LAG is configured with mixed speed interfaces switching to a secondary interface of different port speed, results in a few packet drops for a very short duration. PTP remains lock and there is no further functional impact. PR1707944

In Netconf private edit configuration session, commit RPC fails when unprotect operation is performed. PR1751574

Junos (JET) telemetry that is pre-gNMI telemetry that uses sensors that are of a double data type are converted to a float data type when streamed to a collector.PR1777319

JDI-RCT:M/Mx: ISIS session over MPC11 cards flapped due to "3-Way handshake failed" during ISSU (FRU upgrade stage - reboot phase). PR1809351

Zeroize command not working. PR1857029

On rebooting DCI (Data Center Interconnect) Gateway device, while the device is coming up, multicast traffic drop is observed in the highly scaled configuration. The traffic drop is observed in the following condition. The rebooted device was the EVPN DF on I-ESI and after coming up, the DF election is triggered and the device is elected as EVPN DF on I-ESI. After coming up and elected as DF, the device builds the multicast routes afresh. This results in traffic drop.PR1872219

When VMHost image on both routing engines are installed and rebooted simultaneously, the EEPROM read issue is observed intermittently in RE1. This leads to CB driver not being loaded in RE1 and further leading to LCMD crash. PR1879559

Logs from internal ethernet links monitoring script keep repetitively logged to /var/log/messages file if set system syslog file messages user any configuration is used. PR1886633

Phase jump of around 300ns is seen upon LAG member switchover from secondary to primary on 400G interface with ZR optics. PR1893122

Issue specific to scenario of system/linecard reboot with PTP available but SyncE not available. Otherwise issue is not seen. PR1897460

On all Junos MX platforms that have MS-MPC or MS-MIC service cards installed, the use of the CPU throttling can cause the production service sessions to be dropped.PR1899178

If the admin tries to configure Proxy-ID and traffic-selector based IPSec tunnels for the same IKE peer(same IKE gateway) and if the proxy-ID(Any-Any IPv4/IPv6) based tunnel gets negotiated first, then the IPSec tunnel corresponding to traffic-selector will not come up as there already exists another tunnel (Proxy-ID) in the system which can also protect the traffic which was intended to be protected by the traffic-selector based IPSec tunnel. Hence, it is recommended that if the admin wants both proxy-id and traffic-selector based tunnel on the system then, the admin should configure unique IKE gateway objects for both of them i.e. unique IKE local-remote gateway pair which means that proxy-ID and traffic-selector should have their individual unique IKE SAs negotiated. PR1900529

The EP IFD/IFL output traffic stats as seen via ?show interfaces EP IFD detail? can be different from the EP IFL queue stats as seen via ?show interfaces queue egress EP IFL?. This is because EP IFD and IFL traffic stats are maintained on the EP port's forwarding topology which gets executed prior to the actual queuing. Hence the packets dropped in COS queues are not considered in EP IFD/IFL traffic stats and it shows the queued stats value (not the transmitted stats value) as output stats. Currently there is no support for 'accurate-stats' kind of functionality for EP ports and hence this behavioural difference as compared to non-NGPE WAN interfaces. PR1901790

In BGP-CT scenario at ASBR instead of swap operation, we have a pop and push NH programmed which results in pops the transport and service label and then pushes only transport label. Due to this service label is lost and once it reaches Penultimate Hop Router we pops (PHP) the transport label and sends plain IP packet and because service label is lost the DUT is unable to identify the VRF and results in default route reject. PR1902144

A vmcore may be observed on the backup when any of the following configurations are performed on the EP IFDs with GRES configured 1. Port Speed change on the EP IFDs When configuring(set)/unconfiguring(delete) port speed on the EP IFDs using the config stanza "chassis port-extender fpc-slot <> pic-slot <> port <> speed <>" 2. Changing the configuration attribute "cascade-port"/"target-mode"/"device" under the config hierarchy "chassis port-extender <> fpc-slot " "chassis port-extender <> fpc-slot cascade-port " "chassis port-extender <> fpc-slot target-mode " "chassis port-extender <> fpc-slot device " Impact: 1. Traffic will be impacted. 2. Backup RE is not available for graceful switchover until state resync/replay completes from the primary. Though vmcore is observed, backup does not reboot as it is system generated live core for debugging. PR1902701

On all Junos OS MX platforms that support MPC2E-NG,MPC2E-3D-NG-Q,MPC3E-NG and MPC3E-3D-NG-Q, the Auto-Negotiation (AN) process on certain PHY interfaces of the MIC (MIC-3D-10GE-SFP-E) may intermittently get stuck, preventing link establishment and causing traffic loss. This issue can be triggered by reinserting an SFP-T module, multiple times restarting the mic or by interface driver resets, which lead to inconsistent enable/disable sequences during Auto-Negotiation. PR1906675

On MX301 and MX304 in certain configuration scenarios for tunnel and inline services PFE may not be able to allocate streams causing traffic black hole for inline or tunnel services.PR1907685

On MX304 with PTP PPM feature enabled, the PTP port state is not moving to Passive after disabling and enabling the interface. PR1910401

We have an Issue in NH when we push the configuration, so to work around this we need to activate or deactivate the service-set configured on the interface.PR1910673

On Junos and Junos Evolved where Segment Routing Traffic Engineering (SRTE) Tunnel is supported, the log message (RPD_SPRING_TE_ENTROPY_UNSUPPORTED_FOR_ONE_LBL: SPRING-TE Entropy-label is not supported for segment-list with single label for tunnel) is observed even when entropy label feature is not configured. PR1911821

As part of the RSI process, the command show vmhost support-info is executed, which comprehensively collects vmhost logs using various cat commands. Some of these commands attempt to access files that do not exist on the MX304, leading to the display of error messages. PR1913540

On Junos MX platforms and Junos OS Evolved ACX platforms that support BNG CUPS ( Broadband Network Gateway Control and User Plane Separation), L2TP (Layer 2 Tunneling Protocol) subscriber sessions will fail to come up. When this happens, the subscriber session does not bind correctly and no data traffic will pass for the affected subscribers.PR1916030

On MX platforms like with AFT based Packet forwarding Engine (MX304/MX301/MX10003) and MX Chassis based systems with AFT based LC there is a limitation of maximum of 1024 ifls on 1G interfaces.PR1921080

While verifying export EFP group, sensor components verification failedPR1922040

On MX301 rpd may core when logical-systems configuration is used to create EVPN-VPWSPR1922759

When Macsec is enabled on 1G interface, Auto-neg needs to be disabled for MX301. Config to disable auto-negotiation: set interfaces <1g-intf-name> gigether-options no-auto-negotiationPR1922797

Starting 25.4R1 , Flood traffic in EVPN MPLS deployment on the NodeSlice platform, might experience drop for certain flowsPR1922876

there is the change tin log message for the CB 0_TEMP_0 sensor while testing RCB on MX301PR1924853

traffic drop seen for VPLS Unicast traffic over IRB over LSI with enhanced-convergence knob configured.PR1925479

l2ald Core @l2ald_gbptag_change_mac_in_db, @gbptagdb_update_internal_taginfo is seen in Suite teardownPR1925496

On MX10004 and MX10008 devices, display-only issue in Junos CLI show chassis environment : current/power for some of the POLs are shown as 0, observed in 25.2R1-S1. Fixed in later releases.

Humidity Sensor CLI command is not applicable on MX10004 and MX10008 devices. The command has been suppressed in later releases.

Support for Virtium SSD firmware upgrade on MX10004 and MX10008 devices not available in Junos OS 25.2R1-S1 Release. Fixed in later releases.

During ISSU, some traffic drop may occur in HW sync phase for few L3VPN flows. The traffic recovers post HW sync phase. This issue is not specific to 25.4R1. PR1925599

HTTPv6 redirect functionality does not work on the MX301 platform.PR1925736

Graceful Routing Engine Switchover (GRES) not supporting the configuration of a private route, such as fxp0 , when imported into a non-default instance or logical system. Please see KB https://kb.juniper.net/InfoCenter/index?page=content &id=KB26616 resolution rib policy is required to apply as a work-around. PR1782934

When a GE interface that is part of the interface-set is added as a member of an AE interface, and if the AE interface units are added to the same interface-set in which the GE interface was present in the previous commit, then an error message can be seen in the logs mentioning about a failure in deleting the IFL from interface-set. This is happening due to a race condition between creation of the AE interface and the updating the AE IFLs to the interface-set. The exact sequence of operations is as below (the interface mentioned below can be XE/GE/FE/ethernet interfaces that can be added to an AE bundle.) commit 1 -------- - Create IFLs on a GE interface. - Add the GE IFLs to an Interface set, say iflset1 commit 2 -------- - Delete the GE interface config - Create AE interface with units. - Add the GE interface as member of AE interface - Add the AE IFLs to interface set iflset1 (same interface set in commit 1) - Delete the GE interface from interface set iflset1 When the above config changes are committed, error message similar to the below could be seen in syslog when the issue is hit [Error] IF:Ifl not deleted, not present in IflSet, iflSetIndex:2 iflIndex:355 This has no impact on functionality or stability of the box. The workaround for the same could be to split the commit 2 as - Delete the GE interface config - Delete the GE interface from interface set iflset1 - commit - Create AE interface with units. - Add the GE interface as member of AE interface - Add the AE IFLs to interface set iflset1 (same interface set in commit 1) - commit Also please check the other limitation related to CoS and Aggregated Interface mentioned in the link below https://www.juniper.net/documentation/us/en/software/junos/cos/topics/conce pt/schedulers-cos-ae-sdh-limits-cos-config-guide.htmlPR1905458

On all Junos devices supporting subscriber services, in case of dual stack DHCP (Dynamic Host Configuration Protocol) subscribers with IA_NA (Identity Association for Non-temporary Address) and IA_PD (Identity Association for Prefix Delegation) bindings with lease times (For the assignment of IPv6 address to a client device), when a client initiates separate renew exchanges for the IA_NA and IA_PD, and once client and DHCP server are in sync with these timers, there can be a race condition at Junos device which is DHCPv6 relay, has not refreshed lease timer and can go out of sync. This can result in deleting IA_NA/IA_PD binding and route to get deleted for that subscriber only. This causes one of the leg for IA_PD or IA_NA to go down for that subscriber, which can result in traffic impact for that leg.PR1911001

On MX301, rpd core might be seen after deactivate/activate protocol IS-IS triggerPR1901973

On MX301 snmd might core in certain scenarios.PR1913131

With HCOS 2 level hierarchy configuration in logical tunnel interface, the forwarding pipeline for LT interfaces was not having the right queue information leading to the packets getting stuck in memory which leads to an increase in usemeter numbers causing the FPC get into major error. PR1767970

An Authentication Bypass by Spoofing vulnerability in the RADIUS protocol of Juniper Networks Junos OS and Junos OS Evolved platforms allows an on-path attacker between a RADIUS server and a RADIUS client to bypass authentication when RADIUS authentication is in use. Please refer to https://supportportal.juniper.net/JSA88210 for more information. PR1850776

There are limitations associated with the implementation features of the generator in the Broadcom chip. Multiple Y.1564/RFC2544 generators should not be used on the same interface. Juniper engineering recommend running tests one by one or distributing tests across different VLANs. This PR will commit code to ensure an error is presented when trying to run multiple tests. PR1908499

On MX301, IGMP might not get enabled by default when PIM is enabled. Use set protocols igmp interface to explicitly enable IGMP. PR1918590

On MX301, the fetch command verbose output has changed causing scripts to fail. As a workaround, you must change the expect script matching string. PR1924159

This is system limitation due to high system load and aggressive IS-IS hello timer. Workaround: hello Timer need to increase in order adj not to flap. PR1314650

On all Junos platforms, after interface configuration rollback, sessions stay in Idle state when multiple BGP(Border Gateway Protocol) sessions exist.PR1880630

In large scale routing instance configuration, please provide interval of 20-30 mins for system to stabalize. PR1883895

Resolver optimizations for BGP labeled families will work if the "per-prefix-label" allocation mode is used. When using per-nexthop label allocation, the routes resolution will not be optimized in releases where this PR is not committed. Workaround has been provided. PR1900514

On MX301, IGMP might not get enabled by default when PIM is enabled. Use set protocols igmp interface to explicitly enable IGMP. PR1918590

Getting validation error for get-interface-information rpc execution through ODL controller. PR1899597