Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Open Issues

Learn about open issues in Junos OS Release 21.4R1 for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

EVPN

  • EVPN-MPLS multi-homing control MACs are missing after vlan-id removal and adding back on a trunk logical interfaces of one of the multi-homing PEs. PR1596698

  • In a scenario with EVPN-VXLAN in the datacenter and EVPN-MPLS is in the WAN and the stitching is done with an LT interface, then the bridge mac-table learning entries are not as expected for EVPN-VXLAN routing instance. This could occur after restart interface-control is issued on gateways. PR1600310

  • On all Junos OS platforms with proxy-macip-advertisement statement configured, at times during longevity tests, there are missing ARP, MAC, and ND entries in the kernel while the l2ald and rpd have the entry. PR1609322

  • VM moves across DC where there is no translate VNI configuration in the interconnect work as designed. This problem occurs only with the translation VNI when MAC is moved from DC1 to DC2. PR1610432

Flow-based and Packet-based Processing

  • Use an antireplay window size of 512 for IPv4 or IPv6 in fat-tunnel. The ESP sequence check might otherwise report out-of-order packets if the fat-tunnel parallel encryption is within 384 packets (12 cores * 32 packets in one batch). Therefore, there are no out-of-order packets with 512 antireplay window size. PR1470637

Forwarding and Sampling

  • Firewall filter counter information do not match. PR1623170

General Routing

  • When VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter is not installed. PR1362609

  • PTP-primary and PTP-secondary port configuration accepts the PTP packets with multicast MAC address according to the port settings. When forwardable multicast is configured, the PTP packets with forwardable MAC address is accepted and non-forwardable MAC address is dropped. When link-local multicast is configured, the PTP packets with non-forwardable MAC address is accepted and forwardable MAC address is dropped. PR1442055

  • When you boot MPC11 linecard, the following harmless errors are seen. These errors have no functional impact. timestamp device kernel: i2c i2c-100: (11/1:0x41) i2c transaction error (0x00000002) timestamp device kernel: i2c i2c-64: (7/1:0x41) i2c transaction error (0x00000002) PR1457655

  • On the MX960 router, the following error message might be observed: SCHED L4NP[0] Parity errors. PR1464297

  • When running the command show pfe filter hw filter-name filter name, the command fails to retrieve the Packet Forwarding Engine programming details of the filter. PR1495712

  • After backup Routing Engine halt, CB1 goes offline and comes back online; this leads to the backup Routing Engine booting up, and it shows the reboot reason as "0x1:power cycle/failure." This issue is only for the RE reboot reason, and there is no other functional impact of this. PR1497592

  • In the platform using indirect next hop (INH), such as Unilist as route next hop type for multiple paths scenario (such as BGP PIC or ECMP), the fastreroute session might be enabled in Packet Forwarding Engines. When the version-id or session-id of the indirect next hop is above 256, the Packet Forwarding Engine might not respond to session update, which might cause the session-id to be stuck permanently with the weight of 65535 in the Packet Forwarding Engine. This might lead the Packet Forwarding Engine to have a different view of Unilist against load-balance selectors. Then, either the BGP PIC or the ECMP-FRR might not work properly and traffic might be dropped or silently discarded. PR1501817

  • A delay of 35 seconds is added in reboot time in Junos OS Release 20.2R1 compared to Junos OS Release 19.4R2. PR1514364

  • Due to BRCM KBP issue route lookup might fail. Need to upgrade KBP to address this issue. PR1533513

  • When an image with the third party SDK upgrade (6.5.x) is installed, the CPU utilization might go up by around 5 percent. PR1534234

  • Flap might be observed on channelized ports during ZTP when one of the ports is disabled on the supporting device. PR1534614

  • On a scaled MX2020 router with vrf localisation enabled, 4 million next hop scale, and 800k route scale, FPCs might go offline on GRES. Post GRES, router continues to report many fabric related CM_ALARMs. FPC might continue to reboot and might not come online. Rebooting master and backup Routing Engine will help recovering and get the router back into a stable state. PR1539305

  • FPC might not be recognized after power cycle (hard reboot). PR1540107

  • The following error message is observed: "Feb 27 20:26:40 xolo fpc3 Cannot scan phys_mem_size.out. Please collect /var/log/*.out (0;0xdd3f6ea0;-1) (posix_interface_get_ram_size_info): Unknown error: -1." PR1548677

  • 5M DAC connected between QFX10002-60C and MX2010 platforms does not link up. But with 1M and 3M DAC, interoperability works as expected. Also, it is to be noted that connection between QFX10002-60C and ACX or traffic generator works seamlessly with the same 5M DAC. PR1555955

  • VE and CE mesh groups are default mesh groups created for a given routing instance. On adding VLAN or bridge domain, flood tokens and routes are created for both VE and CE mesh-group and flood-group. Ideally, VE mesh-group does not require a CE router where IGMP is enabled on CE interfaces. MX Series based CE boxes have unlimited capacity of tokens, so this would not be a major issue.PR1560588

  • In MVPN case, if the nexthop index of a group is not same between primary and backup after a nsr switchover, you might see a packet loss of 250 to 400 ms. PR1561287

  • Due to a race condition, the show multicast route extensive instance instance-name output can display the session status as invalid. Such an output is a cosmetic defect and not indicative of a functional issue. PR1562387

  • To avoid the additional interface flap , interface hold time needs to be configured . PR1562857

  • Stale TCNH entries are seen in a new primary Routing Engine after switchover with NSR even though all the prpd routes are deleted. These TCNH entries are present because NSR is not supported for BGP static programmable routes. This leads to an extra reference count in the backup Routing Engine, due to which the next hop is not freed. PR1566666

  • Flag, source and logical address are not expected in MAC address found in BD BD-3 instance. PR1569546

  • When an aggregated Ethernet link is brought down, a transient error message: [Error] Nexthop: EalNhHandler: failed to add Nh: xxxx, type: composite, as pil add failed might be seen. There is no functional impact due to this error. PR1570710

  • The following messages might be seen in the logs from MPC11E line-card: Feb 9 11:35:27.357 router-re0-fpc8 aftd-trio[18040]: [Warn] AM : IPC handling - No handler found for type:27 subtype:9 There is no functional impact, these logs can be ignored. PR1573972

  • In EVPN-VXLAN scenario with OSPF configured over the IRB, OSPF sessions might not get established due to connectivity issues. PR1577183

  • When you configure /8 pool with block size as 1 and commit, the block creation utilizes more memory causing NAT pool memory shortage which is currently being notified to customer with syslog tagged RT_NAT_POOL_MEMORY_SHORTAGE. PR1579627

  • In a fully loaded device, the firewall programming fails at times due to scaled prefix configuration with more than 64,800 entries. However, this issue is not observed in development setup. PR1581767

  • Bridge domain names information is not displayed properly in show bridge statistics instance. PR1584874

  • The output of the show services count command on vms interface is not as expected when you send the FTP traffic from the public side after configuring with NAPT44+EIM+APP+PCP.PR1588046

  • An inline NPT on MX Series router does not translate source IPv6 packet with the current authentication header. The packet is simply passed through the upstream. Consequently, it is not expected that downstream traffic arrives with NPT pool, IPv6 address as IPv6 destination address, and with authentication header. Such traffic might be malicious and this must be handled via external configuration. As a workaround, configure firewall for downstream direction that blocks traffic destined to NPT pool address and with authentication header. PR1592957

  • Pim VxLAN does not work on TD3 chipsets enabling VxLAN flexflow after Junos OS Release 21.3R1. Customers Pim VxLAN or data plane VxLAN can use the Junos OS Release 21.3R1. PR1597276

  • On all MX Series routers, changing AMS 1:1 warm-standby configuration to load-balance or deterministic NAT might result in generating vmcore file causing traffic loss. PR1597386

  • On MX10016 router, the SFB plane not online alarm gets generated after the primary Routing Engine switchovers. PR1597630

  • On MX Series routers, compact forwarding engine board (afeb) process might crash with MIC-3D-8DS3-E3. If a MIC-3D-8DS3-E3 having any hardware fault is initialized into the device. The AFEB crash will restore automatically in sometime and faulty hardware need to be replaced. The AFEB crash might impact the traffic forwarding during the time of issue. PR1598411

  • Read write lock is not acquired during the sysctl invocation. The assert triggered in the interface state function call leads to RE1 going to debug (db>) prompt. PR1598814

  • Subscriber client-type dhcp count is not getting updated from GRN. PR1600502

  • It seems that ubuntu root-fs 18.04 shipped in the latest release does not have the "en_US.UTF-8" locale enabled by default. PR1601262

  • The convergence time degradation is seen in IS-ISv6, OSPFv2, and OSPFv3 when comparing convergence time with Junos OS Release 21.1R1.5. As it is a convergence time issue, many components are involved and hence need investigation of rpd, kernel, and Packet Forwarding Engine. PR1602334

  • In vMX platform, after a system reboot, the protect-Routing Engine filter on lo0 interface is no longer applied. PR1604401

  • In an MX Series Virtual Chassis setup with MS-MPC or SPC3 service cards using AMS/MAMS interfaces configuration, it is possible that the traffic on an MPC2 line card in the protocol backup chassis is not correctly load balanced due to timing conditions. As a workaround, reboot the affected line card while the service card is online. PR1605284

  • IPv6 link local BFD session might not come up if there is no child link of an aggregated Ethernet mapped to pfe inst 0. This issue is applicable to MPC9 and below MX Series-based line cards. PR1607077

  • On MX204, PIC 0 interfaces configured speed 1GE with QSFP-to-SFP adapter (QSA) keep flapping with "Ethernet PCS Block Not Locked/Locked Delta Event" messages. PR1609988

  • When high pps traffic sent for a 'establish tunnels on-tarffic' ipsec vpn with S2S configuration, IKED process will be inundated with IKE trigger and IKE negotiation messages from peer. This causes delay in handling messages at IKED process and timeouts for IKE negotiations. Eventually results in tunnels do not get established. This issue might occur when the tunnels are negotiated for the first time or when one of the VMS in the AMS bundle goes down. PR1610863

  • In some NAPT44 and NAT64 scenarios, duplicate SESSION_CLOSE syslog will be seen. PR1614358

  • "Mastership switch is not supported during fru reconnect during master release" is observed. PR1615344

  • ICMP error packet do not have relevant header when configured with DSLite and with appropriate ICMP ALG name and one UDP application name. PR1616633

  • MPC gets rebooted while enabling FLT for inet6 filter with 10000 terms, instead of fallback to DMEM filter gracefully. Currently, fast lookup filter supports up to 8000 terms. PR1617174

  • MPLS toplabel address contains invalid values as opposed to 0.0.0.0. PR1617186

  • Fabric errors could be expected when SLC is restarted when ISSU is in progress, to avoid this problem "do not restart SLC when ISSU is in progress". PR1619180

  • Error: "Nexthop: Egress NhChain: numOfTags is 2 and srteGlobalIndex is 0 on all 3 FPCs" is not seen until there is a composite next-hop with 2 labels in it. Typically, this scenario is not seen and there is no impact in behavior and traffic with these errors. PR1621689

  • System_id formate of AFT-MPC(MPC10E) is not aligned with non-AFT MPCs. PR1622073

  • Fabric goes to check state when configuration changed on Bsys during ISSU on GNF. PR1622511

  • On MX10008 router, when an interface is up on enabling ae9 at R3, it takes about 5 minutes to see LACP come to CD from detached. PR1624219

  • With Junos OS Release 21.4R1, the MAC-table clear commands are executed in sequence in scale configuration scenarios, with or without AE activate or deactivate configurations can cause an FPC crash because of fabric down issue. clear vpls mac-table, clear bridge mac-table bridge-domain all, and clear vpls mac-table vlan-id all-vlan. PR1625391

  • The CPU consumes more memory because of the large number nh composite changes in large scale and the resources will be released once the nh topo changes are complete. This delays the creation of logical interfaces as the create messages are queued. As a workaround, the logical interfaces are created to transmit pdu. PR1625407

  • A vmcore file will be generated when we have multiple netconf sessions to the router executing the following sequence of commands: show interfaces lb-stats afX clear interfaces lb-stats afX. PR1627123

  • DHCPv6 server binding does not happen when LDRA is configured. To use dhcpv6 options, relay-server configuration can be used by the customer. LDRA is an alternative for that. Once we enable dhcp-relay configuration with snooping, dhcpv6 options or binding works fine . dhcp-relay configuration functionality is similar to LDRA. From customer point of view, LDRA can be achieved by dhcp-relay configuration. PR1627600

  • On Junos platforms with MPC10E line cards, when aggregated Ethernet under the IRB interface is enabled between the snooping device and the DHCP server, the DHCP bindings can be seen in snooping device and DHCP server, but the DHCP client might not go to BOUND state, it might be stuck at discovering/requesting state. PR1627611

  • DHCP binding will not happen, when MLD snooping is enabled. It might be a baseline MLD issue and not just specific to DHCP. PR1627690

  • On DUT with scaled MPLSVPN configuration and Junos Telemetry interface sensors configured, the stream of error messages agentd_telemetry_uninstall_sensor: Deleting subscription from daemon aftsysinfo failed after mgmt_sock_retries 601, ret -1 is seen on stopping jtimon. Sensor packet drops might be seen when the error message scrolls on DUT. PR1627752

  • Carrier-transitions counters are not expected when doing interface down and up. PR1601946

  • When rpd sends INH deletion or additions out of order (rarely occurs) message to backup rpd, the rpd crashes and generates a core file.PR1607553

  • Transit IPv4-over-IPv6 encapsulated packets cannot pass through using IP over IP interface (ip-x/x/x). This behavior has been seen 'transit' packets only. PR1618391

  • In the event that a line card loses power during the BIOS upgrade, there is a change that it'll not come up and will require the BIOS to be physical re-flashed. It is recommended as a best practice to ensure that chassis has backup power during a BIOS firmware upgrade. PR1624345

  • flowd core file is generated with TLB configuration only with the combination of MPC10 cards. PR1624572

  • Traffic drop is seen with going to base-line image and loading a scaled MC-LAG configuration scenario. Some times, when system is loaded with scaled configuration of MC-LAG, we go to revert the complete configuration of MC-LAG from one of the nodes, it is observed that some of the stale entries of flabels are present. Once the configuration of MC-LAG is re-loaded, it causes the traffic loss. Traffic goes out of the interface with incorrect or no VLAN tag. This is caused by invalid flable associated with ARP-ND next hop. PR1627846

  • For a topology with VSTP and VRRP configured and IPV6 traffic, if VSTP bridge priority is changed a couple of times (to trigger toggling of root bridge), it is possible that V6 traffic drop is seen on some of the streams. PR1629345

  • For ACX5448, MX204 and MX2008 "VM Host-based" platforms, starting with Junos 21.4R1 or later, ssh and root login is required for copying line card image (chspmb.elf for MX2008) from Junos VM to Linux host during installation. The ssh and root login are required during installation. Use "deny-password" instead of "deny" as default root-login option under ssh config to allow internal trusted communication. Alternatively, once installed, it can be disabled in the configurations. Refer to https://kb.juniper.net/TSB18224. PR1629943

  • Whenever vmhost image is installed on MX10008 chassis via USB, LC9600 will eventually go offline when no interface (either loopback or management port) is configured. Configure one interface and restart chassisd process (cli> restart chassis-control) upon completion of USB installation of VMHOST image on MX10008 ROuting Engines to avoid LC9600 going offline. PR1629558

  • DSLite not working on MX platform installed with MPC7E line card and SPC3 service PIC. PR1632278

  • In Junos OS Release 21.4, observed that data traffic might not recover after Packet Forwarding Engine-reset execution when both configurations applicable to the same FPC are present:set chassis fpc x error major action disable-pfe, set chassis fpc x error scope pfe category functional major action reset-pfe. PR1632539

  • It is noted that the single hop BFD session over aggregated Ethernet is not fully functional after exercising Packet Forwarding Engine reset feature. The BFD session was up before Packet Forwarding Engine reset operation is initiated but after the reset the BFD rx session is not fully functional. PR1632585

  • On MX Series platform with SPC3 service card installed, TFTP control sessions are getting refreshed with inactivity time out after data session is closed, causing the control session to stay in session table for some more time. Service impact is minor or negligible as the TFTP control session will eventually get deleted after timeout. PR1633709

  • FLOW_INSERT is not getting generated while verifying RTP PT 98 is monitored for IPv4/MPLS-IPv4 multicast video traffic. PR1634511

  • ukern-platformd process crashes during w/ CPU hog because of retrying YT initialization. Under these conditions FPCs will be automatically be rebooted by chassisd. PR1636030

  • Filter counter do not get exported to Junos Telemetry interface server in Junos OS Release 21.4R1. PR1637023

Interfaces and Chassis

  • ICCP does not come up when mc-lag PE is rebooted since static ARP is deleted and never re-installed back. Therefore, it is not recommended to configure ICCP over IRB which is associated with mc-lag bridge 166 domain. Customer upgrading from old release to new release (PR 1075917 support) might come across issue like static ARP is not reinstalled for remote mc-lag IRB IP when existing static ARP entry is removed. PR1409508

  • When family bridge is configured, logical interfaces are not created. If logical interfaces are not created, l2ald does not create IFBDs (interface to BD association) and if we do not have IFBDs in the system, STP is not enabled on that interface. PR1622024

  • The remote-mep-state is not as expected. PR1623960

Juniper Extension Toolkit (JET)

  • Abrupt termination of the client socket may take time for the disconnect to be detected by JSD. The client would have to wait for the connection terminal to be detected in such cases, which could be around 1 hour or restart JSD before being able to connect back with the same client ID. PR1549044

  • The stub creation functions will not be available. PR1580789

MPLS

  • BFD session flaps during unified ISSU only in MPC7E line card. The issue is not seen frequently. PR1453705

  • The use-for-shortcut statement is meant to be used only in SR-TE tunnels which use Strict SPF Algo 1 (SSPF) prefix SIDs. If [set protocols isis traffic-engineering family inet-mpls shortcuts] and [set protocols isis traffic-engineering tunnel-source-protocol spring-te] is configured on a device, and if any SR-TE tunnel using Algo 0 prefix SIDs is configured with the use-for-shortcut statement, it could lead to routing loops or rpd process core files. PR1578994

  • LDP session authentication key-chain configuration made based on the session remote-id on initiator stops from session establishment even though the responder's authentication key-chain is configured for its remote-id. PR1592431

  • On the MX10016 routers, when there is scaled RSVP sessions (for example, 21,000) and the RSVP is enabled for all the interfaces, then the rpd process goes through all the interfaces which results into a high CPU utilization for some time. This also results in LSP flap.

    PR1595853

Layer 2 Features

  • In case of the access-side interfaces used as SP-style interfaces, when a new logical interface is added and if there is already a logical interface on the physical interface, there is 20--50 ms traffic drop on the existing logical interface. PR1367488

Network Management and Monitoring

  • On MX240 platform, the facter version is not installed and fails to set PATH variable. PR1609185

  • mgd might crash and generate a core file when an invalid value is configured for identityref type leafs/leaf-lists while configuring Openconfig or any other third-party YANG, problem occurs with json and xml loads. PR1615773

Platform and Infrastructure

  • With GRES and NSR functionality with VXLAN feature, the convergence time might be slightly higher than expected for Layer 2 domain to Layer 3 VXLAN. PR1520626

  • When the DHCP relay mode is configured as no-snoop, we are observing the offer gets dropped due to incorrect asic programming. This issue only affects while running DHCP relay on EVPN/VXLAN environment. PR1530160

  • Routing Engine switchover interface flap might be seen along with scheduler slippage. PR1541772

  • When a EX4400 Virtual Chassis is scaled with different features configurations and device is stressed with traffic, device might not respond for CLI commands for a short period of time and a vmcore might be reported at that time. Once VM core is saved, device will continue to operate normally.PR1599498

  • The corrupted mbuf's m_data is pointed to 0xdead, which will be set only during m_free. And the m_lw_state is not set to deallocated. Slab_info of the mbuf is in allocated state. but it's external buffer is in free state. In the socket's rcv buffer sb_mb is null and sb_ccc is zero, which indicates that the rcv buffer has been freed or there is no more data left in the buffer. PR1602442

  • TWAMP-Light is supported on MX Series and PTX Series platforms. CLI configuration support will be disabled on all other platforms. Do not use the control-type light under platforms where this feature is not supported. Currently, IPv4 and IPv6 twamp-light is supported on the platforms using TRIO and PE chipsets. PR1603128

  • On MX480 routers, traffic loss of 19 percent occurs with the vrrp mastership change from backup to master while bring up the route back after enabling the link. PR1612504

  • USB image upgrade for RE-1800x4 K2re "bare-metal" platforms (SRX5k, MX240, MX480, MX960, MX2010, EX9208 chassis) might not be successful. PR1630040

Routing Protocols

  • On MX960 router, the backup path fails to install in the LAN scenario and breaks the SR-MPLS for LAN when more than four end-x SIDs are configured on the interface.PR1512174

  • In a Virtual Chassis or Virtual Chassis fabric scenario, inconsistent MCSNOOPD core file is seen when the igmp-snooping configuration is removed. PR1569436

  • SHA-1 system login password format are not accepted post the upgrade. PR1571179

  • On all Junos OS with nonstop routing (NSR) enabled, the rpd crash and restart might occur when Resource Public Key Infrastructure (RPKI) records are being replicated between the primary and backup Routing Engine and some of the records are withdrawn over the RPKI session. PR1620463

  • Enabling FIPS mode fails with self-test failure and kernel crash. PR1623128

Services Applications

  • In L2TP environment on L2TP access concentrator (L2TP LAC), few L2TP tunnels might get stuck in down state and might not be able to re-establish if bbe-smgd process is restarted when these tunnels went down. PR1629104

VPNs

  • On MX Series devices, during unified ISSU, the IPsec tunnels flap, causing a disruption of traffic. The IPsec tunnels recover automatically after the ISSU process is completed. PR1416334