Open Issues

Platform dependency-state error is seen on cosd. PR1649388

Show Class-of-service Interface might not show the Classifier bind info on an IFL with only Inet/Inet6 (without family mpls or not with any rewrite rules). Show issue, Classifier will be still present and functional. There is no impact to the traffic. PR1652342

The AE interfaces in per-unit-scheduler mode and committing CoS configuration on AE IFLs in a single commit leads to race-conditions.PR1666010

A few duplicate packets might be seen in an A/A EVPN scenario when the remote PE device sends a packet with an IM label due to MAC not learned on the remote PE device, but learned on the A/A local PE device. The nondesignated forwarder sends the IM-labeled encapsulated packet to the PE-CE interface after MAC lookup instead of dropping the packet, which causes duplicate packets to be seen on the CE side. PR1245316

In Provider Backbone Bridging - Ethernet VPN (PBB-EVPN) environment, ARP suppression feature which is not supported by PBB might be enabled unexpectedly. This could cause MAC addresses of remote CEs not to be learned and hence traffic loss. PR1529940

EVPN-MPLS multi-homing control MACs are missing after vlan-id removal and adding back on a trunk IFL of one of the multi-homing PEs. This is not a recommended way to modify vlan-id configuration. Both MH PEs need to be in symmetric always . PR1596698

This is a case where interface is disabled and comes up as CE after a timeout. A manual intervention of clear ce interface command should restore this. As workaround, perform the following steps:

• Clear auto-evpn ce-interface interface-name.

• Configure editactivate interface-name family inet inet6.

Use an antireplay window size of 512 for IPv4 or IPv6 in fat-tunnel. The ESP sequence check might otherwise report out-of-order packets if the fat-tunnel parallel encryption is within 384 packets (12 cores * 32 packets in one batch). Hence, there are no out-of-order packets with 512 antireplay window size. PR1470637

When the fast-lookup-filter statement is configured with a match that is not supported in the FLT hardware, traffic might be lost. PR1573350

When you perform GRES with the interface em0 (or fxp0) disabled on the primary Routing Engine, then enable the interface on the new backup Routing Engine, it isn't able to access network. PR1372087

The following IPC timeouts logs might be seen for statistics query to kernel (queried from CLI or daemons querying internally) when there is configuration churn, or large number of IPCs getting exchanged between kernel and pfe in the system. if_pfe_msg_handler: pfe_peer_msg_handler error: error for msg type type, msg subtype subtype, opcode op and peer index indexDefault IPC timeout value in kernel for IPC statistics request is 10s. PR1629930

The memory usage of the rpd process on the backup routing engine might increase indefinitely due to leak in krt_as_path_t. PR1614763

On EVO platforms during lacpd process restart, child IFD indexes from the port options IFD based data, which gets stored in kernel by lacpd, might not get reused due to old indexes not being freed. When this occurs, new indexes might be generated repeatedly, which might cause the port numbers exhaustion problem in Aggregated Ethernet (ae) interface bundle.PR1647145

The transportd.core core file is seen with fabric configuration. PR1649019

Due to the issue, there is an error log printed and DCD is restarted. But there is no functionality impact for BFD sessions. There may be a slight delay in the new configuration to take effect as DCD is restarted.

PR1658016

In Junos OS Evolved, there are two different gRPC Python files for each JAPI file. The names of the files are *pb2_grpc.py and *pb2.py. The stub creation functions are present in *pb2_grpc.py. PR1580789

Until Junos OS Release 21.3 release mgd is 32-bit binary on EVO. libsi can only be linked with 64-bit binaries. To access data/WAN ports in EVO we need libsi to be linked with the binary. By default the shell on the EVO device includes libsi, but it's not available to CLI commands as CLI will make mgd invoke cscript to run a Python script via CLI. PR1603437

BFD session flaps during unified ISSU only in mpc7e card (BFD sessions from other cards of DUT to peer routers did not flap during ISSU). The issue is not seen frequently. PR1453705

Single hop BFD sessions might sometimes flap after GRES in highly scaled setups which have RSVP link or link-node-protection bypass enabled. This happens because sometimes RSVP neighbor goes down after GRES if RSVP hellos are not received after GRES before neighbor timeout happens. As a result of RSVP neighbor going down, RSVP installs a /32 route pointing to bypass tunnel which is required to signal backup LSPs. This route is removed when all LSPs stop using bypass after link comes back up. The presence of this /32 route causes BFD to flap. PR1541814

In MVPN case, if the nexthop index of a group is not same between master and backup after a NSR switchover, we might see a packet loss of 250 to 400 ms. PR1561287

The use-for-shortcut statement is meant to be used only in SR-TE tunnels which use SSPF (Strict SPF Algo 1) prefix SIDs. If set protocols isis traffic-engineering family inet-mpls shortcuts and set protocols isis traffic-engineering tunnel-source-protocol spring-te are configured on a device, and if any SR-TE tunnel using Algo 0 prefix SIDs is configured with use-for-shortcut statement, it could lead to routing loops or rpd core files. PR1578994

When there is scaled RSVP sessions [~21K] and have enabled RSVP for all the interfaces, RPD process walks through all the interfaces, which results in high CPU usage for some time, which also results in LSP flap. PR1595853

With the chained-composite statement enabled, the following statement does not have any effect if ingress and egress ports are on the same Packet Forwarding Engine instance on the line card (FPC). For example, the outer label TTL would not be set as 255. Instead, it would be set as (ip TTL-1). PS: This issue is not seen if ingress and egress ports are on different FPC slots or on difference Packet Forwarding Engine instances of the same FPC. set protocols mpls label-switched-path <lsp-name> no-decrement-ttl, chained-compositestatement, and set routing-options forwarding-table chained-composite-next-hop ingress l3vpn PR1621943

Ingress will retry after lsp stay down for extended period of time, or customer can clear lsp to speed up the retry. PR1631774

When maximum-password-length is configured and user tries to configure password whose length exceeds configured maximum-password-length error is thrown, along with error '<ok/>' tag is also emitted. (Ideally '<ok/>' tag should not be emitted in an error scenario.) The configuration does not get committed.PR1585855

A minor memory leak is seen in the event-daemon process when multiple GRES switchovers are performed. PR1602536

mgd might crash when an invalid value is configured for identityref type leafs/leaf-lists while configuring Openconfig or any other third-party YANG, problem happens with json and xml loads. PR1615773

On all Junos and EVO platforms, the "snmpd" process might crash, if there is no response for the SNMP requests, and a timeout happens.PR1666548

AFEB crashing with PTP thread hog on the device. Through this fix PTP packet processing is done when PTP is enable That is, when PTP configuration is active. If the PTP configuration is not there we will ignore PTP packet processing even if FPGA is showing PTP packet is available. The issue is a rare issue. PR1068306

If a vmhost snapshot is taken on an alternate disk and there is no further vmhost software image upgrade, the expectation is that if the current vmhost image gets corrupted, the system boots with the alternate disk so the user can recover the primary disk to restore the state. However, the host root file system and the node boots with the previous vmhost software instead of the alternate disk. PR1281554

When VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter is not installed. PR1362609

On MX Series routers with MPC7E, MPC8E, or MPC9E installed, if optics QSFPP-4X10GE-LR from Innolight vendor (subset of modules with part number 740-054050) is used, the link might flap. PR1436275

With NAT/Stateful-firewall/TCP tickle (enable by default) configured on MS-MPC/MS-MIC, the vmcore crashes sometimes along with mspmand crash might happen if large-scale traffic flows (that is, million flows) are processed by it. PR1482400

When there are hardware link errors occurred on all 32 links on an FPC 11. Because of these link errors, all FPCs reported destination errors towards FPC 11 and FPC 11 was taken offline with reason offlined due to unreachable destinations. PR1483529

When running the command show pfe filter hw filter-name <filter name>, the command fails to retrieve the Packet Forwarding Engine programming details of the filter. PR1495712

After backup Routing Engine halt, CB1 goes offline and comes back online; this leads to the backup Routing Engine booting up, and it shows the reboot reason as "0x1:power cycle/failure." This issue is only for the Routing Engine reboot reason, and there is no other functional impact of this. PR1497592

A delay of 35 seconds is added in reboot time in Junos OS Release 20.2R1 compared to Junos OS Release 19.4R2. PR1514364

When an AMS ifd is configured for the first time or any member of the AMS bundle is removed or added, the PICs on which the members of AMS bundle are present go for a reboot. There is a timer running in the AMS kernel which is used as a delay for the PIC reboot to complete and once that timer expires AMS assumes that the PICs might have been rebooted and it moves into next step of AMS fsm. In scaled scenarios, this rebooting of the PIC is delayed due to DCD. This is because when a PIC goes down, DCD is supposed to delete the IFDs on that PIC and then the PIC reboot happens. But DCD is busy processing the scaled configuration and the IFD deletion is delayed. This delay is much greater than the timer running in AMS kernel. When the above timer expires, the FSM in AMS kernel incorrectly assumes the PIC reboot would be completed by then, but the reboot is still pending. By the time DCD deletes this IFD the AMS bundles are already UP. Because of this, there is a momentary flap of the bundles. PR1521929

In MAC OS platforms when Juniper Secure Connect client connects successfully, the client is not getting minimized to tray icon and needs to be minimized manually.PR1525889

Due to BRCM KBP issue route lookup might fail. Need to upgrade KBP to address this issue. PR1533513

The Flexible PIC Concentrator (FPC) might generate a core file (or dump file) if the flap-trap-monitor feature under set protocols oam ethernet cfm performance-monitoring sla-iterator-profiles is used and performance monitoring flap occurs.PR1536417

In scaled MX2020 router, with vrf localisation enabled, 4 million nexthop scale, 800k route scale. FPCs might go offline on GRES. Post GRES, router continues to report many fabric related CM_ALARMs. FPC might continue to reboot and not come online. Rebooting master and backup Routing Engine will help recover and get router back into stable state. PR1539305

During Routing Engine switchover interface flap might be seen along with Scheduler slippage. PR1541772

Unsupported configuration is being attempted by the script that then hits the maximum threshold for the given platform. PR1555159

5M DAC connected between QFX10002-60C and MX2010 doesn't link up. But with 1M and 3M DAC this interop works as expected. Also it is to be noted QFX10002-60C and ACX or Traffic generator the same 5M DAC works seamlessly. There seems to be certain SI or link level configuration on both QFX10002-60C and MX2010, which needs to be debugged with the help from HW and SI teams and resolved. PR1555955

With IPsec PMI/fat core file enabled, "show services sessions utilization" CLI not displaying right CPU utilization. PR1557751

The SyncE to PTP transient response is a stringent mask to be met with two way time error. The SyncE to PTP transient response mask might not be met for MPC7E-1G and MPC7E-10G line cards. PR1557999

VE and CE mesh groups are default mesh groups created for a given routing instance. On adding VLAN or bridge-domain add, flood tokens and routes are created for both VE and CE mesh-group and flood-group. Ideally, VE mesh-group does not require a CE router where IGMP is enabled on CE interfaces. MX Series based CE boxes have unlimited capacity of tokens. So, this would not be a major issue. PR1560588

Support switchover on routing-crash configuration statement during abnormal termination of rpd. PR1561059

The session status becomes nonresponsive in the invalid state after the core-facing link fails in the primary PE devices. PR1562387

Configure an interface hold time to avoid the additional interface flap. PR1562857

On MX480 routers, traffic loss is observed with a scale of 4000 tunnels 800 VRF test. The problem is with Layer 1 node not reflecting correct bandwidth configured for tunnel services. When baseline has 1G configuration on some FPC or PIC in groups global chassis and if we override with local chassis tunnel service in 10G bandwidth scaled scenario. Out of 10 Gbps bandwidth configured only 1 Gbps is allowed per 1G speed configured in baseline configuration.PR1568414

When inline Jflow is configured and high sampling rate (more than 4000 per second) is set, high CPU utilization might be observed and this might result in relevant impacts on traffic analysis and billing. PR1569229

The following messages might be seen in the logs from MPC11E line-card: router-re0-fpc8 aftd-trio[18040]: [Warn] AM : IPC handling - No handler found for type:27 subtype:9. There is no functional impact, these logs can be ignored. PR1573972

When you commit the configuration /8 pool with block size as 1, the block creation utilizes more memeory causing NAT pool memory shortage. This results in syslog RT_NAT_POOL_MEMORY_SHORTAGE. PR1579627

Firewall programming fails due to scaled prefix configuration with more than 64800 entries. PR1581767

When you configure interim logging for PBA, syslog messages are generated in regular intervals. Change in information of PBA interim syslog message, the message string change from "allocates port block" to "interim port block". PR1582394

When the active secondary interface is deactivated, the PTP lock status is set to 'INITIALIZING' state in show ptp lock-status output for few seconds before BMCA chooses the next best secondary interface. There is no functional impact. PR1585529

On all devices running Junos OS Release 19.1R3-S5-J3, when you delete Extensible Subscriber Services Manager (ESSM) the subscriber logical interface might get stuck. PR1591603

Currently, SyncE configurations are allowed during unified ISSU but trigger a warning since SyncE state might not be maintained during unified ISSU. PTP configurations, however, need to be deactivated, else the unified ISSU will be aborted. PR1592234

Pim VxLAN do not work on TD3 chipsets enabling VxLAN flexflow after Junos OS Release 21.3R1. PR1597276

On MX2010 and MX2020 devices, Junos OS does not support unified ISSU for software upgrades from Junos OS 21.2 release to Junos OS 21.3 and 21.4 releases due to a flag day change. PR1597728

Rebooting JDM from inside JDM shell changes JDM's main PID as a result systemd's knowledge of JDM PID becomes stale. Due to this reason systemd fails to stop or start JDM. PR1605060

Leaf difference w.r.t. memory-usage/heap in the output of Sensor (/junos/system/linecard/firewall) between MPC7E and MPC10E. PR1606791

If RPD Agent sends INH deletion/additions out of order(Rarely occurs) to backup RPD, RPD might generate core files. RPD then restarts and works fine. PR1607553

IS-IS adjacency remains down in backup Routing Engine during link flap test. PR1608591

Dfwd generates core files when accessing ephemeral db files which is deleted through script. PR1609201

When user tries to disable AMS ifd using configuration, the ipsec tunnels are not deleted. Deactivating the services will provide the desired result. PR1613432

Changing aggregated AE mode (aggregated-ether-options link-protection) with subscribers logged in on that AE will cause undesirable subscriber management behavior. You will need to confirm there are no subscribers on the AE before changing the AE protection mode. PR1614117

In some NAPT44 and NAT64 scenarios, Duplicate SESSION_CLOSE Syslog will be seen. PR1614358

MAX AE interfaces software index was 128. Hence, a failure is seen when you configure with 218 interfaces. Therefore, we increase the max indexes to 255. PR1618337

Memory Zone is not reflecting properly while doing Memory Tests through Vty command test usp service-sets memory-testing start. PR1619499

Percentage physical-interface policer is not working on aggregated Ethernet, after switching between baseline configuration to policer configuration. PR1621998

Minor packet drops due to bb-drops seen while creating approximately 45000 TCP session creates with NAT EIM mapping configured. PR1623276

On all MX Series platforms with MPC10+, configuring syslog as a filter action might cause the FPC to restart. PR1627986

For a topology with VSTP and VRRP configured and IPv6 traffic, if you change VSTP bridge priority a couple of times (to trigger toggling of root bridge), V6 traffic drop might be seen on some of the streams. PR1629345

For MX204 and MX2008 "VM Host-based" platforms, starting with Junos OS Release 21.4R1 or later, ssh and root login is required for copying line card image (chspmb.elf for MX2008) from Junos VM to Linux host during installation. The ssh and root login are required during installation. Use deny-password instead of deny as default root-login option under ssh configuration to allow internal trusted communication. Ref https://kb.juniper.net/TSB18224 PR1629943

On MX Series platform with enhanced subscriber management enabled, when you configure host-prefix-only on the underlying-interface for subscribers, it might not work in FPC. PR1631646

The fabric statistics counters are not displayed in the output of show snmp mib walk ascii jnxFabricMib. PR1634372

Ports speed is stuck and never changes for any port profile changes, if PIC bounce is done fast not letting the previous configuration complete. PR1637954

The USB device on MX304 can be accessed from host linux instead of junos (as is usually done on most other platofrms) MX304 is similar to PTX1000 in this respect. Regular procedure to access usb in junos on most platforms: https://kb.juniper.net/InfoCenter/index?page=content=KB12880 Procedure to access usb in host linux (ptx1000, mx304): https://www.juniper.net/documentation/us/en/software/junos/junos-install-up grade/topics/topic-map/storage-media-and-routing-engines.html#id-accessing- usb-storage-on-ptx1000-routers. PR1639071

On all Junos and Junos Evolved platforms, there may be a high Control Processing Unit (CPU) utilization for the routing processor daemon (rpd) during commit. This might only be seen in a scaled static route setup with VRF (Virtual Routing and Forwarding) and Bi-Directional Forwarding and Detection (BFD). The reason for the CPU spike is that kernel routing table (krt) might get stuck and keeps running for a long time. The high CPU might hamper the rpd functionality in rare cases, however, the system recovers by itself when you encounter this issue.PR1639252

Script fails while verifying Access Internal Routes after daemon restart during advanced DHCP test. PR1640567

The mspmand daemon running on MS-MPC/MS-MIC cards can occasionally crash when the service card (fpc/pic) is turned offline and then online at regular intervals when the number of service-set configured is moderately high and when extensive hardware crypto operations are being performed. The exact issue is yet to be isolated. PR1641107

On MPC10E cards upon many very quick link down and up events in msec range might not always able to drain all traffic in the queue. This causes lost of traffic going through the interface. Traffic volume and class-of-service configuration does influence the exposure. See also PR1638410.PR1642584

An improper input validation vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS Evolved allows an adjacent attacker to cause a Packet Forwarding Engine crash and thereby a Denial of Service (DoS). An FPC will crash and reboot after receiving a specific transit IPv6 packet over MPLS. Continued receipt of this packet will create a sustained Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA69718 for more information. PR1642721

When we use request vmhost zeroize command it doesn't show entry for no-forwarding option under possible completions. PR1642820

With PTPoIPv6 on MPC2E 3D EQ, PTP slave stays in acquiring state.PR1642890

Committing configuration changes during the Packet Forwarding Engine reset pause window (when PFE is disabled, yet the Packet Forwarding Engine reset proper has not started yet) has the potential of causing errors and traffic loss. In particular, configuration changes that result in re-allocating policers (which are HMC-based) might lead to traffic being entirely policed out (that is, not flowing). Once the Packet Forwarding Engine reset procedure has started configuration changes ought to be avoided until the procedure is completely done.PR1644661

bb device has to be manually enabled in configuration for DHCP and PPP access models for BNG CUPS. Configuration to enable bb device is as follows: #set system subscriber-management mode force-broadband-devic. PR1645075

On Junos OS platform, PTP does not lock when port speed is not configured under PIC hierarchy or port speed for some additional random ports are configured under the PIC hierarchy or perform PIC deactivate/activate. PR1645562

On all MX Series and PTX Series platforms, EDAC errors are triggered but alarms are not observed until the FPC gets rebooted due to the data corruption in hardware. PR1646339

When per-interface egress and per-sid egress SR sensor stats are configured using the CLI commands below, the (pushed) MPLS label length does not get included in the output/Tx octets field that gets exported from the sensor. set protocols isis source-packet-routing sensor-based-stats per-interface-per-member-link egress set protocols isis source-packet-routing sensor-based-stats per-sid egress This is a day-1 behavior on all Trio ASIC based FPCs on the MX platform. PR1646799

With overlapping NAT pool configured with different NAT rules under different service sets, when service outside interface is moved between different routing instances (EX: from vr1 to default, and from default to vr1), NAT routes corresponding to the service-set in default routing instance are getting deleted, resulting in reverse path traffic failure for NAT sessions. PR1646822

On all MX Series platforms with the subscriber management scenario, when unified ISSU happens from pre Junos OS Release 18.4 to post Release 18.4, subscribers that re-logged in pre 18.4 are called preNG subscribers. For any of the preNG subscribers, if the IPv4/IPv6 family interface goes up/down, the issue is triggered. PR1646846

Observed unexpected traffic steering during the verification of path computation client. PR1647073

The mobiled.core-tarball.0.tgz core file is seen while testing hcm_dpi_pcef_usf_3.robot". PR1648886

The firewall filter might be incorrectly updated in the MPC10E Packet Forwarding Engine when a change (for example, add, delete, deactivate, or activate) of firewall filter terms occurs in some scenarios, such as large-scale term changes or changes happening during MPC reboot. The incorrect firewall filter might cause the traffic to silently drop or discard and even lead to an MPC crash. It is a timing issue. PR1649499

Extra frr_inh is seeing in show route 174.174.174.174/32 table vpn1.inet.0 protocol bgp extensive fib-expanded-nh exact output. PR1651103

On MX Series devices, the low priority stream might be marked as a destination error and as a result, the low priority stream is stuck and all traffic might get dropped. PR1657378

TOS(DSCP+ECN) bits are not getting copied from the Inner Layer 3 header to Outer VXLAN header at the Ingress VTEP. Because of this in the core, ECN marking and DSCP classification are not working. PR1658142

DHCPACK is not received at ztp-server after zeroize of the device (client). PR1658287

On Junos OS platforms, in the VPLS environment when having "routing-options resolution preserve-nexthop-hierarchy" configured results in the packet dropped at egress PE for multiple MPLS stack labels. PR1658406

During startup of a cBNG container or when JSD is restarted from the CLI in a cBNG container, JSD might crash creating a core file. JSD should recover from the crash and automatically restart. JSD should function normally after recovering from the crash. PR1659175

MPC checks periodic service time. When heavy interrupts occur during periodic service, the periodic service time might exceed 200 microseconds. If it happens, Oinker: Function message will occur, but it doesn't have function impact. This is applicable to Junos OS 16.1R4 to 16.1R7 releases. PR1242915

On vMX, the blockpointer in the ktree is getting corrupted leading to core-file generation. There is no function impact such as fpc restart or system down and the issue is not seen in hardware setups. PR1525594

When the DHCP relay mode is configured as no-snoop, we are observing the offer gets dropped due to incorrect asic programming. This issue only affects while running DHCP relay on EVPN/VXLAN environment. PR1530160

If you use the source-address NTP configuration parameter and issue the command set ntp date from the CLI, packets will be sent with the source address of the outgoing interface rather than the manually configured IP address. Typically the manually configured IP address would be a loopback address. The problem does not apply to automatically generated NTP poll packets. PR1545022

In rare occurrence Routing Engine kernel might crash while handling TCP sessions if GRES/NSR are enabled. PR1546615

Don't use the control-type light under platforms where this feature is not supported at present. At present IPv4 and IPv6 twamp-light is supported on the platforms using TRIO and PE chipsets. PR1603128

VM might generate core files, and you might observe Virtual Chassis split with multicast scale scenario. PR1614145

Using static labeled switched path (LSP) configuration, the child node is not removed from the flood composite when the core interface goes down. PR1631217

With given multi dimensional scale, if a configuration is removed and restored continuously for more than 24 times, MX Trio based FPC might crash and restart. During the reboot, there can be traffic impact if backup paths are not configured. PR1636758

Observing traffic loss after Routing Engine switchover while changing the BGP hold-down timers. PR1650940

The version details for certain daemons will appear in the command output after the device has been rebooted after the completion of the USB installation of Junos.PR1662691

MX10008 with MX10K-LC2101 linecard(s) supports *PTP* only with JNP10008-SF Switch Fabric Board(s), *PTP* currently doesn't work with JNP10008-SF2 Switch Fabric Board(s). PR1664569

Micro BFD sessions which are running in distributed mode might flap if ppm thread does not get scheduled on time. This issue is applicable to MPC9 and below trio based line cards. PR1668818

On MX Series platforms with MIC-MACSEC-20GE, Forwarding Engine Board (FEB) might go down while activating/deactivating GRES configuration. PR1668983

These are expected error logs, and doesn't cause any functional impact. "jsr_iha_pri_unrepl_msg_func: Error: Invalid primary handle in msg 0x10006c600000621, error=2" These logs might be seen if the following conditions are met: * On all Junos OS platforms * Non stop routing is enabled. * with scaled setup The possible triggers would be restart chassisd, ksyncd, switchover, re reboot... which causes nsr unreplication/replication.PR1675057

On MX Series platforms with MPC10E-10C line card, with line rate traffic, continuous traffic drop can be seen when fabric mode is changed from increased bandwidth to redundant.PR1676777

The physical interface remaining stats flag is not set properly in chassid in today's code. It should be set to TRUE only if HCOS is configured on an interface. Else, it should not be SET. Not setting this rightly, results in statistics not being displayed OR the command output not being displayed at all. The impacted command is "run show interfaces extensive "intf-name"" and the impact is seen in GNF environment with no explicit COS configuration on the interfaces. Not using "extensive" will ensure there is no issue as well. This is specific to MPC11 with sub LC (GNF) setup. PR1678071

There will be drop of syslog packets seen for RT_FLOW: RT_FLOW_SESSION_CREATE_USF logs until this is fixed. This will not impact the functionality.PR1678453

On MPC10E card, the port 4 can operation in either 100G or 400G speed. In certain scenario a stale QSFP56 identifier is left in PFE. It can cause the "show interfaces diagnostics optics "interfaces"" shows all 0 even if 100G QSFP-28 is inserted and the port is up. PR1678716

In case when you first configure the SRTE LSP without delegation and get it locally computed and then delegate, then till the time controller sends an update with valid ERO the SRTE LSP will not become externally routed. In this case the SRTE LSP will not go down if the controller sends EMPTY ERO. Only when controller updates the LSP with a valid ERO the SRTE LSP route status will change to externally routed and only then the controller can send EMPTY ERO to make it DOWN. In the other case where u configure the SRTE LSP with delegation at the time of creation itself then from the very beginning the SRTE LSP route status becomes externally control. In this case the SRTE LSP will be DOWN until the controller has sent an Update with valid ERO list. So the conclusion is that when the SRTE LSP is locally routed it will continue to reply on locally computed ERO unless Controller sends a valid ERO and takes the route control of the LSP. There are different customers wanting different behaviors. so we have kept option for both.. If someone wants to get it externally routed from beginning we can do so by delegating it from the time of the LSP creation.. if someone wants to have a local computation till controller has a valid path we can do so by choosing the first option (configure and then delegate later)PR1686317

VPLS mesh group add is failing because L2ALD is keep trying to add mesh group for a deleted routing instance.PR1686523

In subscriber management environment, "failed to get template var id" error messages are generated by FPC when BFD liveness detection is negotiated by DHCP subscriber which has lawful intercept enabled.PR1689621

Certain BGP traceoption flags (for example, "open", "update", and "keepalive") might result in (trace) logging of debugging messages that do not fall within the specified traceoption category, which results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294

LDP OSPF are in synchronization state because the IGP interface is down with ldp-synchronization enabled for OSPF. user@host> show ospf interface ae100.0 extensive Interface State Area DR ID BDR ID Nbrs ae100.0 PtToPt 0.0.0.0 0.0.0.0 0.0.0.0 1 Type: P2P, Address: 10.0.60.93, Mask: 255.255.255.252, MTU: 9100, Cost: 1050 Adj count: 1 Hello: 10, Dead: 40, ReXmit: 2, Not Stub Auth type: MD5, Active key ID: 1, Start time: 1970 Jan 1 00:00:00 UTC Protection type: None Topology default (ID 0) -> Cost: 1050 LDP sync state: in sync, for: 00:04:03, reason: IGP interface down config holdtime: infinity. As per the current analysis, the IGP interface goes down because although LDP notified OSPF that LDP synchronization was achieved, OSPF is not able to take note of the LDP synchronization notification, because the OSPF neighbor is not up yet. PR1256434

On MX Series platforms, unexpected log message will appear if the CLI command 'show version detail' or 'request support information' is executed: test@test> show version detail *** messages *** Oct 12 12:11:48.406 re0 mcsnoopd: INFO: krt mode is 1 Oct 12 12:11:48.406 re0 mcsnoopd: JUNOS SYNC private vectors set PR1315429

On all platforms, the issue is when the first time when ESIS is coming up sometimes the ESIS route might not get installed. PR1559005

On MX Series platforms, initial multicast register packets might get dropped, this may affect multicast services. PR1621358

Protocols (IS-IS, LDP, BFD) flapped during graceful switchover while testing ldp oam. PR1638882

On all Junos and Junos OS Evolved platforms, when configuring the network instance for openconfig, an error might be observed while executing a commit if the configured network instance type is default_instance but the instance name is not default. PR1644421

show security keychain detail cli displays algorithm as hmac instead of AO. PR1651195

When Junos device receives BGP inetflow route with multiple nexthops, RPD will crash and generate a core file. PR1670630

On all Junos and Junos Evolved platforms, the rpd can crash when Protocol Independent Multicast (PIM), Multicast only Fast Reroute (MoFRR) configuration is present and some network churn event such as continuous interface cost changes, resulting in a change of active and backup paths for ECMP (Equal Cost Multi-Path) happens. There will be service impact because of the rpd crash but the system self-recovers until the next crash.PR1676154

L2TP LAC functionality is not working in this release. PR1642991

On all Junos with persist-groups disabled ( on Junos persist-groups feature is enabled by default Junos OS Release 19.4 onwards) and on EVO platforms where persist groups can be disabled (Junos OS Release 21.4R1 onwards persist-groups cannot be disabled on EVO) this issue can be seen. This issue occurs when grafting happens during configuration expansion (when persist-groups is disabled) and a configuration such as a customer configuration is applied (for example, a configuration in which MTU is inherited from a groups configuration). PR1636085

Due to the existing design for rib-groups, a rib-group configured with "import-policy" configuration statement is considered changed after NSR switchover. This makes IS-IS to refresh (delete and re-add) its routes in RIB, if such a rib-group is being used for ISIS protocol. The ISIS route refresh in-turn causes SBFD sessions to flap. This issue is only applicable with rib-group configured with "import-policy". Without "import-policy" this issue would not be seen.PR1654072

Tunnel debugging configuration is not synchronized to the backup node. It needs to be configured again after RG0 failover. PR1450393

Change here is basically reverting to old enum value used for ATM VPN, and using a new value for BGP multicast address family, and although these is no visible behavior change due to this, there may be impact on unified ISSU for ATMVPN and BGP Multicast address family if enabled. PR1590331

When using group VPN, in certain cases, the PUSH ACK message from the group member to the group key server might be lost. The group member can still send rekey requests for the TEK SAs before the hard lifetime expiry. Only if the key server sends any new PUSH messages to the group members, those updates would not be received by the group member since the key server would have removed the member from registered members list. PR1608290