Resolved Issues: 21.2R2

The ALG traffic might be dropped. PR1598017

Child mgd processes might become nonresponsive when multiple sessions continuously request for interface information. PR1599024

Traffic loss might occur if you configure per-unit-scheduler on the aggregated Ethernet interface. PR1599857

The 802.1p rewrite policies might not have any effect if you tie the rewrite to circuit cross-connect interfaces. PR1603909

Configuring static-mac and no-mac-learning simultaneously on the VXLAN interface causes stale MAC/IP entry in the EVPN database. PR1576147

Few ARP/ND/MAC entries for VLANs are missed with the MAC-VRF configuration. PR1609322

Change in display of nexthop type for EVPN Type-5 route occurs. PR1576421

The BUM traffic might be dropped after changing any configuration on the device without the configured router-id. PR1576943

The BUM traffic might be lost after triggering NSR in the EVPN-MPLS or EVPN-ETREE scenario. PR1586402

The traffic might be dropped when you resolve the EVPN and Layer 3 VPN routes using the same MPLS-over-UDP tunnel. PR1587204

The traffic might be dropped in the EVPN-VXLAN multihomed scenario. PR1590128

Traffic loss might occur under the EVPN-VXLAN scenario when MAC-IP moves from one CE interface to another. PR1591264

Transit traffic gets dropped after you disable one of the PE-CE links on a remote multi-homed PE device in the EVPN-MPLS A-A setup with Dynamic-List NextHop configured. PR1594326

EVPN might not work properly in the multi-homed setup. PR1596723

The device announces router-MAC, target, and EVPN VXLAN community to the BGP IPv4 NLRI. PR1600653

Logical interface statistics for the aggregated sonet displays double value than expected. PR1521223

The snmpwalk process might not get polled in the MIB for the dual-stack interface. PR1601761

Node name must not be attached to the system hostname under LLDP. PR1593991

Memory usage continuously increase on the backup chassis if you enable the subscriber service. PR1595238

The l2ald process might crash due to memory leakage when all active interfaces in a VLAN are unstable. PR1599094

Local Privilege Escalation and Denial of Service appears. PR1568654

Traffic might drop if MS-MPC/MS-PIC resources gets consumed by certain traffic, causing a partial DoS. PR1582030

IGP routing updates might delayed to program in the Packet Forwarding Engine after the interface flaps in a scaled BGP routes environment. PR1613160

The l2ald process might crash in the EVPN scenario. PR1615269

Request to provide an API, which gives list of potential policy, gives a session ID. PR1615355

The MPC8E line cards in the 1.6T bandwidth mode might not work correctly. PR1617469

With the scaled IPv6 synced sessions, clearing sessions on the primary MX router and stateful synchronization do not clear all the NAT64 sessions on the backup MX router. PR1618360

Support for whole (atomic) updates at CNHG level occurs. PR1619011

The nsd process generates core files while validating the NAT translation with the configured NAT44. PR1619216

EVPN Type 5 routes might not be installed. PR1620808

Commit failure with the error: load failure on translation changes syntax error gets generated while applying tunnel interface configurations using the openconfig cli command. PR1621369

Enabling security-metadata-streaming DNS policy might cause a dataplane memory leakage. PR1613489

A vulnerability in the Juniper Agile License Client might allow an attacker to perform the Remote Code Execution. PR1582419

On MX480 routers, the subinfo process generates core file with the Layer 2 Node Scaling. PR1598187

SSL-FP logging for non SNI session occurs. PR1442391

Inaccurate allocated memory for nh and dfw_rulemask under kernel might occur. PR1475478

The 40G or 100G interfaces might flap during ISSU if you deactivate PTP on the interfaces. PR1546704

The interface might not come up with 1G optics. PR1554098

Some transmitting packets might get dropped due to the disable-pfe action not being invoked when the fabric self-ping failure occurs. PR1558899

On the MPC10E line cards, the interface is unable to send or receive packets after repeated flapping of the 100G link. PR1560772

The MX150 router might reboot after you commit the request system snapshot recovery command. PR1565138

The show pfe statistics traffic command displays incorrect output. PR1566065

When you use the log templates (introduced in Junos OS Release 21.1R1) with unified policies, logs are not generated in a predictable manner. PR1570105

PDB pull or synchronization might fail during unified ISSU. PR1570841

High CPU usage might occur on RPD for routes that use the static subscriber. PR1572130

Some MPC4E-3D- displays si5374 clock PLL lock timed out error message at boot up. PR1573729

Only root user can execute commands on the host using vhclient. PR1574240

DS-Lite throughput degradation might occur on MS-MPC. PR1574321

Configuration of child inactivity-timeout under custom ALG configuration does not take effect. PR1575183

IPsec tunnel does not get established while receiving the proxy-id list. PR1576071

On MX10016 routers, when the Fan X Failed alarm gets cleared in the Fan Tray 1, the Fan/Blower OK SNMP traps gets generated for the Fan Tray 0 [Fan 31 - 41] and Fan Tray 1 [Fan 11 - 41]. PR1576521

The MPC7E, MPC10E, MX-SPC3 and LC2103 line cards might become offline when the device runs on the FIPS mode. PR1576577

Mirrored packets get corrupted when you apply filter with port-mirror action and discard. PR1576914

The MPC7E, MPC8E, MPC9E, and MPC11E line cards might become nonresponsive in the Unresponsive state in a Junos Node Slicing setup. PR1580168

vmcore might occur after adding or deleting the logical interface of the static interface in the Next Generation Subscriber Management subscriber scenario. PR1581260

Communication between two CE devices might fail when you enable the BGP rib-sharding. PR1582210

The rpd process might become nonresponsive in the race condition. PR1582226

Traffic drop might occur with SPC3 in the DS-LITE scenario. PR1582447

USB boot with image gets stuck and does not boot the device. PR1582592

Load balancing does not work correctly on the AMS interfaces for CGNAT traffic on the MX USF mode with SPC3. PR1582764

On MX150 router, the bcmd process might crash. PR1583281

Layer 2 multicast VXLAN instance goes down as the local vtep logical interface does not get associated to the EVPN instance. PR1584109

Secure Web proxy continues to send the DNS query for the unresolved DNS entry even after removing the entry. PR1585542

Traffic drop after enable the flexible-queuing-mode on the MPC2E line cards. PR1586403

The RPD_KRT_KERNEL_BAD_ROUTE error message might occur on certain scenarios when the rpd process restarts or GRES occurs when you enable NSR that has no functional impact. PR1586466

The bbe-smgd process might crash if the staled ACI-based subscribers do not clean up properly. PR1587792

The na-grpc process might crash and existing telemetry connections might get disconnected. PR1587956

The rpd process might crash on the router running a scaled setup. PR1588439

The bbe-statsd process might leak memory on the backup Routing Engine during the login or login of the subscribers. PR1589081

The jsd process might crash in a rare condition in a telemetry scenario. PR1589103

Traffic loss might occur for interface configured in the subnet 137.63.0.0/16. PR1590040

Fabric link training occurs if the fabric selfping silently discards traffic. PR1590054

The VXLAN DDoS violation might occur when you disable the port mirror analyzer output interface. PR1590150

Even before the FPC or SLC comes online fully during the phase 2 of fabric healing and fabric healing reports, the restart-action is completed. PR1590335

Traffic loss might occur due to FPC crash in a scaled subscriber scenario. PR1590374

Non-zero values might be displayed against the drop field in the show network-agent statistics command post switchover scenarios. PR1590432

NAT service might not occur after the AMS switchovers and, deactivating or activating the NAT service. PR1590890

Traffic loss might occur afte you change the SAK keys. PR1591432

If you configure the COS CR-features used by VBF service, MPC might crash with subscriber. PR1591533

PTP synchronization might get unstable. PR1591667

The clear-ipsec-sas-for-duplicate-ts does not clear the Secure Access (SA) for duplicate traffic-selectors (TS). PR1591735

xSTP might not get configured when enabled on an interface with SP style configuration. PR1592264

The aftmand process might crash when you configure an interface with analyzer. PR1592267

The mobiled daemon might crash after switchover for an AMS interface or might crash on the service PIC where the AMS member interfaces are present. PR1592345

AMS warm standby with deterministic NAT functionality might not work properly. PR1592437

Routing Engine kernel might crash due to logical interface of the aggregated Ethernet interface adding failure in the Junos kernel. PR1592456

The l2cpd-agent might become nonresponsive after starting the telemetry service. PR1592473

Using the BITS interface from the backup Routing Engine for the clock recovery might not work. PR1592657

The packet coming from the PS interface and forwarding to the SPC3 might be dropped. PR1592706

Any mmcq process-based services might crash due to the occurrence of the shared memory queues issue in a rare condition. PR1592889

The TCP connections to the telemetry server might become nonresponsive in the CLOSE_WAIT status. PR1593113

The TCP keepalive might not be processed by the private network host. PR1593226

The IPv6 neighbor might remain unreachable in VRRP for IPv6 scenario. PR1593539

Jweb deny log nested-application displays as UNKNOWN instead of the specific application. PR1593560

Fabric errors get generated after swapping the MPC10E line card with MPC7E line card in the same slot. PR1593821

The dcpfe process might crash in the EVPN-VXLAN scenario. PR1593950

Packet might be dropped when the traffic moves from one FPC to another FPC. PR1594244

The label field for the EVPN Type 1 route is set to 1. PR1594981

The MX5, MX40, and MX80 router TEB becomes nonresponsive in the present state. PR1595107

The interface down might be delayed after you commit the set interface interface_name disable command. PR1595682

Firmware might fail to be downloaded to MIC on the MX Virtual Chassis setup. PR1595693

Mismatch in the primary and backup Routing Engines with inetcolour tables and BGP-SRTE tunnels, after rpd-restart on primary occurs. PR1596095

The Packet Forwarding Engine wedge might occur if you receive many IPv4 packets that need to be fragmented. PR1596100

The l2ald process might crash on all leaves and spines after adding a new leaf to the EVPN fabric. PR1596229

The DCI interVNI and intraVNI traffic might silently discard traffic in the gateway node due to the tagged underlay interfaces. PR1596462

The mcscnoopd process might crash during the deletion or addition of the layer-2 forwarding configuration after ISSU. PR1596483

The USF-NSD process generates core file while verifying the session-limit rate if you apply the bypass-traffic-on-exceeding-flow-limits command properly. PR1596578

Traffic loss might occur periodically in the MACsec used setup if the Routing Engine works under a pressure situation. PR1596755

The SR-TE tunnel initiated from a non-juniper PCE might fail. PR1596821

The bbesmgd process generates core file after the Routing Engine goes down. PR1596848

Traffic fails to recover after multiple quick dot1xd restarts when you enable the MACsec suspend-for. PR1596854

CGNAT MX SPC3 AMS warm-standby 1:1 redundancy problem occurs with the CLI CPU statistics lost data after the PIC failover. PR1596976

Major alarms on all FPCs in chassis might occur after some time from bootup. PR1597066

The screen drops statistic does not increment when you test the session limits by destination with max sessions configured. PR1597382

The MAC/IP withdraw route might be suppressed by RPD in the EVPN-VXLAN scenario. PR1597391

On MX10016 router, the Plane not online SFB alarm gets generated after the primary Routing Engine switchovers. PR1597630

Deletion of the MACsec configuration on the logical interface does not take effect. PR1597848

Subscriber management daemons might continuously generate core files and shutdown with the Routing Engine sensors invalid configured. PR1598351

The AFEB process might crash with MIC-3D-8DS3-E3. PR1598411

Packet loop might occur after you receive the PCP request packets, which are destined to the softwire concentrator address. PR1598720

Component sensor does not export logs for /components/component[name='Chassis']/state/description. PR1598816

NSR switchover with BGP SR-TE tunnels might lead to the rpd process generating a core file. PR1599446

The MX SPC3 applications for protocol ICMP does not get detected and does not allow user to modify the inactivity-timeout values. PR1599603

The configuration check would fail if you configure more than 8 FCs and enable CBF. PR1600544

The multiservices card does not drop the received TCP ACK packet as a reply to the self-generated TCP keepalive. PR1600619

The Duplicate Address Detection(DAD) flags occurs for the IRB interfaces after configuration of the removal and restoration that might lead to traffic blockage. PR1601065

The BBE-SMGD process generates core file at bbe_dequeue_and_deliver bbe_process_work_queues bbe_smd_main_post_dispatch. PR1601203

Unable to commit configuration due to the Check-out failed error message for the mobility process. PR1601785

Traffic might be dropped at the NAT gateway if you enable EIM. PR1601890

A few line cards might not come up online with the increased-bandwidth mode. PR1602080

Jflow-syslog for CGNAT might use 0x0000 in the IPv4 Identification field for all fragments. PR1602528

The Packet Forwarding Engine might be disabled by a detected major CMERROR event while ungracefully removing the MIC from MPC2E-3D-NG/MPC3E--3D-NG. PR1602939

Packet loss might occur on the filter-based GRE deployments. PR1603453

The core-usf-qnc-a-fpc3.pic1-flowd_spc3.elf.0.tgz message appears while verifying the TCP-based logging functionality with GRES with the AMS-Nexthop style. PR1603466

NSSU with MACsec configuration might result in the fxpc process, generating a core file. PR1603602

The npc process generates a core file while testing second CE-FACING FPC behavior in a non-localization change. PR1604304

On MX150 routers, interface hold-time up does not work. PR1604554

The interface on the MCP3-NG HQoS and MPC7E line card flaps continuously after you enable LACP on the aggregated Ethernet interface. PR1605446

The MPLS transit router might push an extra Entropy label to the LSP. PR1605865

Continuous Over Temperature! SNMP trap for all the Renault_Daniel line cards occurs. PR1606555

TCP traffic might be dropped on the source port range 512 to 767 when you configure the FlowSpec IPv6 filter. PR1607185

In the subscriber management scenario, under a rare condition, the Routing Engine reboots and generates a vmcore. PR1607282

On MX104 router, the negotiated speed for an SFP-T interface does not get displayed after the interface-control daemon restarts or switchover. PR1607734

Memory might leaks on the l2cpd process when you perform certain LLDP operations. PR1608699

The single-vlan tagged subscribers might fail to reconnect through dynamic-vlan over the PS interface. PR1609844

When you use J-Web with HTTP, an attacker might retrieve encryption keys through the Person-in-the-Middle attacks. PR1603199

Multicast streams might stop flooding in the VXLAN setup. PR1606256

The authd process and RADIUS might have stale L2BSA subscriber entries. PR1610476

The service PICs are unable to come up when you configure the dnsf package. PR1612316

DS-Lite does not work and NAT rule lookup fails. PR1612555

The l2ald process generates core file during routing-instance configuration change. PR1612738

Memory might be exhausted when you use both the BGP rib-sharding and BGP ORR. PR1613104

Traffic loss might occur due to the shaping rate being adjusted incorrectly in a subscriber environment. PR1613126

Line cards might be unstable due to the continuous growth of the memory usage. PR1614952

The show subscribers accounting-statistics and show services l2tp session interface asi0.xx statistics might not work on LNS with the asi- interfaces. PR1616454

Reboot of the backup Routing Engine in a high-scaled subscriber management environment might result in the system not returning to a GRES ready state. PR1616611

ICMP error messages do not get generated when the SFW and IPsec service-set are configured on single PIC. PR1617830

The clksyncd process crashes with 1pps output and PTP/Hybrid gets configured by default post upgrade. PR1618929

When you configure MTU on an interface a rare ifstate timing issue could occur at a later point resulting in crashing of the ksyncd process on the backup Routing Engine. PR1606779

The fxpc process might crash and generate a core file. PR1611480

Traffic might be interrupted when you add the xe or ge interfaces as a member of the aggregated Ethernet interface bundle. PR1569399

ARP resolution failure might occur during VRRP failover. PR1578126

JVISION optics sensor alarm data type changes from bool_val to str_val. PR1580113

The dcd process might crash after the Routing Engine switchovers, reboots, or management interface configuration changes. PR1587552

The dcd process might crash after removing the aggregated Ethernet child logical interface from the targeted distribution database. PR1591032

Removal of the configuration from the interface stanza might cause the dcpfe process to crash. PR1594356

The VRRP host cannot be reached if you configure the native-vlan-id. PR1595896

The dcd process might crash and FPC might become nonresponsive in the Ready state. PR1601566

The aggregated Ethernet interface might flap upon configuration changes. PR1602656

Memory leak on the dcd process occurs when you commit configuration changes on any interfaces in a setup with the AMS interface configured. PR1608281

J-Web allows a locally authenticated attacker to escalate their privileges to root. PR1592021

A path traversal vulnerability allows an authenticated attacker to elevate their privileges to root. PR1591145

J-Web allows a locally authenticated attacker to escalate their privileges to root. PR1594516

Reverting mastership from the Routing Engine 1 to Routing Engine 0 might lead to crashing of the l2ald daemon and outage. PR1601817

There is ALQ synchronization issue on the primary BNG and backup BNG with a loss of subscriber session redundancy through the PS interface. PR1583310

The rpd process scheduler might continuously slip and slow commit after GRES when there are 7000 DHCP clients. PR1625617

The subscriber login might fail on the backup BNG running ALQ and Redundancy Services does not become available. PR1583445

The DHCP client might become offline for about 120 seconds after sending the DHCPINFORM message. PR1587982

The DHCP ALQ queue might become nonresponsive causing the subscriber to flap. PR1590421

The jdhcpd process might not respond to any discover message when the process is in the clients waiting to be restored state. PR1592552

The rpd generates core file in the backup Routing Engine at mirror_process_recvd_data_queue with mldp NSR configuration. PR1594405

The LDP replication session might not get synchronized when you enable the dual-transport. PR1598174

Static LDP P2MP might fail after the NSR switchovers. PR1598344

The rpd process might crash with the LSP external controller configuration. PR1601763

VPLS connection might get down if you configure the dual-transport command. PR1601854

The RSVP detour LSP might fail to come up when an LSR in the detour path goes down. PR1603613

The LDP P2MP traffic might be interrupted post GRES. PR1609559

The rpd process might crash on the standby_re LDP module when you enable the VPLS mac-flush on peer by default or when you configure. PR1610638

The services NAT mappings and sessions get incorrectly displayed while checking the SIP sessions from public to private, and RTP from private to public. PR1577922

SNMP reflects outdated ARP entries appear. PR1606600

The process generates the HEAP malloc(0) detected! error message when you configure the adaptive load-balancing on a LAG. PR1547240

Degraded traffic processing performance might be observed in case of processing very high PPS rate traffic PR1619111

The fpc process might generate core files and might drop packet in the VXLAN-EVPN scenario. PR1600030

Upon the receipt of specific sequences of genuine packets destined to the device, the kernel crashes and restarts. PR1557881

The L2TP tunnel might not work with the filter-based encapsulation. PR1568324

The PPP or L2TP clients on si-0/4/0 and si-0/5/0 might get disconnected due to keep alive failure. PR1570053

FPCs might crash randomly when you delete the interface-set in the system. PR1571192

The traffic might not fail with shared-bandwidth-policer enabled on the aggregated Ethernet interface. PR1588708

The audit process generates core file while changing the TACACs and login user passwords. PR1589953

VLAN tagged traffic might be dropped with the service provider style configuration. PR1598251

The service filter might be incorrectly programmed in the Packet Forwarding Engine due to a rare timing issue in the enhanced subscriber management environment. PR1598830

The kernel might generate a core file if you restart the BGP connections after deleting the BGP authentication. PR1601492

The ZTP service might not work and the image installation might fail. PR1603227

The FPC might crash if you configure flow-table-size. PR1606731

Multicast traffic gets dropped when forwarded over VPLS through IRB. PR1607311

The dns-name cannot be resolved if you configure the customer-defined routing instance under name-server. PR1539980

The BGP session might be down due to BGP-LS TLV received out of order. PR1546416

The rpd process generates core files upon the receipt of specific BGP update. PR1595165

Incorrect authentication-algorithm gets set in the BGP neighbor. PR1571705

After the first parallel ISSU, subsequent ISSU aborts with the Aborting Daemon Prepare message. PR1572265

Short multicast packets drop using PIM when multicast traffic is received at a non-RPT/SPT interface. PR1579452

The rpd process might crash in the BGP multipath scenario if the single hop EBGP peer goes down. PR1585265

Traffic might drop and the link might flap if you configure IS-IS. PR1585471

The rpd process might crash in the BGP multipath scenario if interface for a single hop EBGP peer goes down. PR1589141

The rpd process might crash in a scaled routing instances scenario. PR1590638

PIM joins might not be synchronized between the primary and backup Routing Engines because of the ppmd process restart. PR1591685

The rpd process might crash if the BGP peer flaps. PR1592123

The remote LFA (loop-free-alternate) backup path might not be formed. PR1592424

BGP Egress-TE routes lose to the BGP routes using the same protocol-preference. PR1593332

The routing process might crash due to memory corruption while processing the BGP multipath route. PR1594626

The NTF-AGENT process generates core file at Tthr_rwlock_unlock CRYPTO_THREAD_unlock OPENSSL_init_crypto. PR1597714

IPv4 static route might still forward traffic unexpectedly even when the static route configuration has already been deleted. PR1599084

Some routes might get incorrectly programmed in the forwarding table in the kernel with next-hop installed as DEAD. PR1601163

The rpd process might become nonresponsive in the OSPFv3 scenario. PR1601187

Packet might drop when you change the INET MTU for MPLS enabled interface in the IS-IS SPRING scenario. PR1605376

On the MPC10E line card, the rpd process generates cores file at rt_table_flash_job_cancel,rt_instance_set_lsi_ifl_data_shard,rt_flash_all_internal deactivating or activating interfaces. PR1605620

Multicast traffic might be duplicated on the subscriber interface. PR1607493

With rib-sharding enabled, any commit flaps all the BGP sessions with 4 byte peer-as (AS number 65536 or greater). PR1607777

The show services l2tp tunnel extensive, show services l2tp session extensive, and show subscribers accounting-statistics commands do not work on LTS. PR1596972

The kmd.core process generates core file at kmd_gen_fill_sa_pair_sadb_flags @kmd_update_sa_in_kernel @kmd_sa_cfg_children_sa_free. PR1600750

The show services l2tp tunnel extensive and show services l2tp session extensive commands provide incorrect outputs on LTS. PR1601886

Subscribers might become nonresponsive in the Terminated state when the RADIUS server becomes unreachable. PR1600655

The Service session entry creation failed error message appears during the ephemeral commit. PR1603030

Prefix duplication errors might occur for the DHCPv6 over PPPoE subscribers. PR1609403

The DHCP session fails with the session-limit-per-username command. PR1612196

The apply-path does not expand for the configuration under groups. PR1592032

Invalid JSON and XML output format for the show system resource-monitor ifd-cos-queue-mapping fpc x | display [json|xml] command occurs. PR1605897

The rpd process might crash when you add or delete the link-protection from LSP for the MVPN ingress replication selective provider tunnel. PR1469028

The iked process might crash when the IKEv2 negotiation fails. PR1577484

Unable to add BGP standard community to the NGMVPN Type-6 and Type-7 routes in VRF export policy. PR1589057

The packets failed the multicast RPF check DDoS-protection messgae might occur in the NG-MVPN scenario with the GRE transport. PR1591228

The rpd process might crash if the interface goes down in the BGP-MVPN scenario. PR1597387