- play_arrow Junos OS Release Notes for ACX Series
- play_arrow Junos OS Release Notes for cSRX
- play_arrow Junos OS Release Notes for EX Series
- play_arrow Junos OS Release Notes for JRR Series
- play_arrow Junos OS Release Notes for NFX Series
- play_arrow Junos OS Release Notes for PTX Series
- play_arrow Junos OS Release Notes for QFX Series
- play_arrow Junos OS Release Notes for SRX Series
- play_arrow Junos OS Release Notes for vMX
- play_arrow Junos OS Release Notes for vRR
- play_arrow Junos OS Release Notes for vSRX
- Licensing
- Finding More Information
- Requesting Technical Support
- Revision History
Open Issues
Learn about open issues in this release for MX Series routers.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Class of Service (CoS)
The AE interfaces in per-unit-scheduler mode and committing CoS configuration on AE IFLs in a single commit leads to race-conditions. PR1666010
EVPN
A few duplicate packets might be seen in an A/A EVPN scenario when the remote PE device sends a packet with an IM label due to MAC not learned on the remote PE device, but learned on the A/A local PE device. The nondesignated forwarder sends the IM-labeled encapsulated packet to the PE-CE interface after MAC lookup instead of dropping the packet, which causes duplicate packets to be seen on the CE side. PR1245316
In PBB-EVPN (Provider Backbone Bridging - Ethernet VPN) environment, ARP suppression feature which is not supported by PBB might be enabled unexpectedly. This could cause MAC addresses of remote CEs not to be learned and hence traffic loss. PR1529940
This is a case where interface is disabled and comes up as CE after a timeout. A manual intervention of clear ce interface command should restore this.
As a workaround,
Clear auto-evpn ce-interface interface-name
Configure edit activate interface-name family inet inet6
PR1630627
Forwarding and Sampling
When GRES is triggered by SSD hardware failure, the syslog error of
rpd[2191]: krt_flow_dfwd_open,8073: Failed connecting to DFWD, error checking reply - Operation timed out
might be seen. The issue can be recovered by restarting the dfwd daemon. PR1397171On all Junos dual-RE platforms, when performing activate/deactivate Graceful Routing Engine Switchover (GRES) multiple times, synchronization issues are observed between the master and backup dfwd process. PR1697959
General Routing
AFEB crashing with PTP thread hog on the device. PR1068306
On the PTX Platform with FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter a single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. The following syslog message gets reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero Jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 The Junos OS Chassis Management error handling detects such a condition, raises an alarm, and disables the affected Packet Forwarding Engine entity. To recover this Packet Forwarding Engine entity, restart the FPC. Contact your Juniper support representative if the issue persists even after the FPC restarts. PR1254415
If a vmhost snapshot is taken on an alternate disk and there is no further vmhost software image upgrade, the expectation is that if the current vmhost image gets corrupted, the system boots with the alternate disk so the user can recover the primary disk to restore the state. However, the host root file system and the node boots with the previous vmhost software instead of the alternate disk. PR1281554
When VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter is not installed. PR1362609
TALUS(number) PCIe(number) DMA RX interrupt received. Queue stuck status 0xeeeeee0
are spurious messages which are triggered in system logs due to queue-back pressure or FPGA drops. PR1465888With NAT/Stateful-firewall/TCP tickle (enable by default) configured on MS-MPC/MS-MIC, the vmcore crash sometimes along with mspmand crash might happen if large-scale traffic flows (e.g. million flows) are processed by it. PR1482400
When there are hardware link errors occurred on all 32 links on an FPC 11. Because of these link errors, all FPCs reported destination errors towards FPC 11 and FPC 11 was taken offline with reason
offlined due to unreachable destinations
. PR1483529Runt, fragment and jabber counters are not incrementing. PR1492605
After backup Routing Engine halt, CB1 goes offline and comes back online; this leads to the backup Routing Engine booting up, and it shows the reboot reason as
0x1:power cycle/failure
. This issue is only for the RE reboot reason, and there is no other functional impact of this. PR1497592PR1463859 introduces a software defect that causes a 10GE interface to flap continuously when configuring with the WAN-PHY framing with the default
hold-down
timer (0). Once upgrading a router to an affected software release, the interface might flap continuously. This is not applicable to an interface with the default framing - LAN-PHY. PR1508794When an AMS ifd is configured for the first time or any member of the AMS bundle is removed or added, the PICs on which the members of AMS bundle are present go for a reboot. There is a timer running in the AMS kernel which is used as a delay for the PIC reboot to complete and once that timer expires AMS assumes that the PICs might have been rebooted and it moves into next step of AMS fsm. In scaled scenarios, this rebooting of the PIC is delayed due to DCD. This is because when a PIC goes down, DCD is supposed to delete the IFDs on that PIC and then the PIC reboot happens. But DCD is busy processing the scaled configuration and the IFD deletion is delayed. This delay is much greater than the timer running in AMS kernel. When the above timer expires, the FSM in AMS kernel incorrectly assumes the PIC reboot would be completed by then, but the reboot is still pending. By the time DCD deletes this IFD the AMS bundles are already UP. Because of this, there is a momentary flap of the bundles. PR1521929
In Mac-OS platforms when Juniper Secure Connect client connects successfully, the client is not getting minimized to tray icon and needs to be minimized manually.PR1525889
Due to BRCM KBP issue route lookup might fail. Need to upgrade KBP to address this issue. PR1533513
If vMX product is configured to run in performance mode via configuring
chassis fpc 0 performance-mode
(Note: performance mode is enabled by default starting from Junos OS Release 15.1F6), flow cache will be used to improve the traffic forwarding performance. With performance mode enabled, if traffic cause a single flow in the flow cache to have a large number of flow actions which hit the max supported number (that is, 18) of flow actions. Typically, the addition of lots of firewall counters and policers in a single flow can make it add up. The riot might crash. It is a rare issue. PR1534145In scaled MX2020 router, with vrf localisation enabled, 4 million nexthop scale, 800k route scale. FPCs might go offline on GRES. Post GRES, router continues to report many fabric related CM_ALARMs. FPC might continue to reboot and not come online. Rebooting master and backup Routing Engine will help recover and get router back into stable state. PR1539305
On MX platforms with MS-MPC/MS-MIC service card installed, the card might run out of memory due to process mspmand memory leak, which might cause traffic interruption if adding and/or deleting of telemetry sensor. This is because these operations will trigger the memory allocation for decoding configuration change messages and will not release the memory at the end of processing. PR1540538
During RE switchover interface flap might be seen along with Scheduler slippage. PR1541772
USF-SPC3 : With ipsec PMI/fat-core enabled,
show services sessions utilization
CLI not displaying right CPU utilization. PR1557751The Sync-E to PTP transient simulated by Calnex Paragon Test equipment is not real network scenario. In real network deployment model typically there will be two Sync-E sources (Primary and Secondary) and switchover happens from one source to another source. MPCE7 would pass real network SyncE switchover and associated transient mask. PR1557999
This is a feature enhancement and work is in progress to provide this support. This will have impact only when routing daemon crashes and will not have impact on rest of the NSR support. PR1561059
Due to a race condition, the
show multicast route extensive instance instance-name
output might display the session status as Invalid. This output is a cosmetic defect and not indicative of a functional issue. PR1562387To avoid the additional interface flap , interface hold time needs to be configured. PR1562857
When Inline Jflow is configured and high sampling rate (more than 4000 per second) is set, high CPU utilization might be observed and this might result in relevant impacts on traffic analysis and billing. This issue is fixed from 21.3R1 via RLI 49464.PR1569229
Copying files to /tmp/ causes a huge JTASK_SCHED_SLIP. Copy files to /var/tmp/ instead. PR1571214
This issue is caused by /8 pool with block size as 1, when the configuration is committed the block creation utilizes more memory causing NAT pool memory shortage, which is currently being notified to customer with syslog tagged RT_NAT_POOL_MEMORY_SHORTAGE. PR1579627
In a fully loaded devices, at times, firewall programming was failing due to scaled prefix configuration with more than 64800 entries. However, this issue is not observed in development setup. PR1581767
Error message seen on MX10K8 chassis with SyncE/PTP configurations, This does not affect any functionality. The error seen here because the API called is specific to ferrari platform which needs to be vecterized. PR1583496
When the active slave interface is deactivated, the PTP lock status is set to 'INITIALIZING' state in
show ptp lock-status
output for few seconds before BMCA chooses the next best slave interface. This is the day-1 behavior and there is no functional impact. PR1585529On all devices running Junos OS Release 19.1R3-S5-J3, the subscriber logical interface (IFL) might be in a stuck state after the Extensible Subscriber Services Manager (ESSM) deletion. PR1591603
Pim Vxlan not working on TD3 chipsets enabling VxLAN flexflow after Junos OS Release 21.3R1. Customers Pim Vxlan or data plane VxLAN can use the version 21.3R1. PR1597276
MX2010, MX2020: MPC11E: unified ISSU is not supported for software upgrades from Junos OS Release 21.2 to release 21.3 and 21.4 releases due to a flag day change. PR1597728
During Routing Engine switchover, if there is a burst of ICMP/BFD/SSH/FTP/TELNET/RSVP packets (~18K pps) you might see new backup RE restarting. PR1604299
On MX Series Virtual Chassis platforms with MS-MPC or SPC3 service cards and Aggregated Multi-Service (AMS), traffic on the line card in the backup chassis might not be load-balanced properly due to timing conditions. This works well on the line card in the master chassis. There might be traffic loss when interfaces are not properly balanced. PR1605284
Leaf difference with regards to memory-usage/heap in the output of Sensor (/junos/system/linecard/firewall) between MPC7E and MPC10E. PR1606791
On all MX platforms, in a subscriber management environment, new subscribers might not connect if Class of service (CoS) CR-features (Classifier Rewrite) are used by the Variable Based Flow (VBF) service. The reference count mismatching between Routing Engine (RE) and VBF is caused by VBF flow VAR CHANGE failure. PR1607056
If RPD Agent sends INH deletion/additions out of order (rarely occurs) to backup RPD, RPD generates core files. PR1607553
NPU and IFL sensors path not programmed on AFT and EVO based LC. PR1610766
When user tries to disable AMS ifd using configuration statement, the ipsec tunnels are not deleted. Deactivating the services will provide the desired result. PR1613432
In some NAPT44 and NAT64 scenarios, duplicate SESSION_CLOSE Syslog will be seen. PR1614358
Percentage physical-interface policer is not working on AE, after switching between baseline configuration to policer configuration. PR1621998
Tunnel statistics displays incorrect values because it was not supposed that tunnel interfaces would cache flow. PR1627713
On all Junos platforms the MAC address of the 17th ae interface might be changed after the upgrade from Junos OS 18.4+ to 20.4+ releases. It will lead to mac based service interruption.PR1629050
For a topology with VSTP and VRRP configured and IPv6 traffic, if VSTP bridge priority is changed a couple of times (to trigger toggling of root bridge), it is possible that v6 traffic drop is seen on some of the streams. PR1629345
For ACX5448, MX204 and MX2008 "VM Host-based" platforms, starting with Junos OS Release 21.4R1 or later, ssh and root login is required for copying line card image (chspmb.elf for MX2008) from Junos VM to Linux host during installation. The ssh and root login are required during installation. Use
deny-password
instead ofdeny
as default root-login option under ssh configuration to allow internal trusted communication. Ref https://kb.juniper.net/TSB18224 PR1629943The fabric statistics counters are not displayed in the output of
show snmp mib walk ascii jnxFabricMib
. PR1634372On all devices running Junos OS or Junos OS Evolved, where this is a high BGP scale with flapping route and the BGP Monitoring Protocol (BMP) collector/station is very slow, the rpd process might crash due to memory pressure. PR1635143
Same vlan cannot be used as data vlan and voip vlan together. PR1637195
With SFP+-10G-CU3M DAC, peer cannot detect admin down on MX10008. PR1640799
The mspmand daemon running on MS-MPC/MS-MIC cards might occasionally crash when the service card (fpc/pic) is turned offline and then online at regular intervals when the number of service-set configured is moderately high and when extensive hardware crypto operations are being performed. Exact issue is yet to be isolated. PR1641107
Source MAC should not be configured on the underlying static interface on the UP for PPPoE login to work correctly. PR1641495
WIth PTPoIPv6 on MPC2E 3D EQ, PTP slave stays in acquiring state.PR1642890
When CFP2-DCO is used, operator need to configure otn-option - that is the only mode supported. PR1643815
Committing configuration changes during the Packet Forwarding Engine reset pause window (when PFE is disabled, yet the PFE reset proper has not started yet) has the potential of causing errors and traffic loss. In particular, configuration changes that result in re-allocating policers (which are HMC-based) might lead to traffic being entirely policed out (that is, not flowing). Once the PFE reset procedure has started configuration changes ought to be avoided until the procedure is completely done.PR1644661
bb device has to be manually enabled in configuration for DHCP and PPP access models for BNG CUPS. Configuration to enable bb device is as follows:
#set system subscriber-management mode force-broadband-device
. PR1645075On Junos platform, PTP does not lock when port speed is not configured under PIC hierarchy or port speed for some additional random ports are configured under the PIC hierarchy or perform PIC deactivate/activate. PR1645562
When per-interface egress and per-sid egress SR sensor stats are configured using the CLI commands below, the (pushed) MPLS label length does not get included in the output/Tx octets field that gets exported from the sensor:
set protocols isis source-packet-routing sensor-based-stats per-interface-per-member-link egress
set protocols isis source-packet-routing sensor-based-stats per-sid egress
This is a day-1 behavior on all Trio ASIC based FPCs on the MX platform.
PR1646799With overlapping NAT pool configured with different NAT rules under different service sets, when service outside interface is moved between different routing instances (For example, from vr1 to default, and from default to vr1), NAT routes corresponding to the service-set in default routing instance are getting deleted, resulting in reverse path traffic failure for NAT sessions. PR1646822
It is non impacting message in journal logs, without any functional impact. Removing all .include inclusions from service files, via this PR.PR1647592
In the IPv6 segment routing deployment, packets are sent out with the incorrect ethernet type. PR1647622
Configuring MPC11 in 4x100G and keeping peer in 400G mode, Link comes up on peer while staying down on local end. This issue is also specific to 400G-ZR optics as it has single media lane. The issue is not seen on other 400G optics supporting 4x100G mode.PR1653946
When interop with the following systems, flow control must be enabled when MACsec is configured on the peer system. Because on these systems, flow control is forced to be on regardless of the CLI provisioning. Other Reference (already documented) https://www.juniper.net/documentation/us/en/software/junos/security-service s/topics/ref/statement/interfaces-edit-security-macsec-mx-series.htmlPR1655712
Currently user can install images older that the minimum supported image on RE-S-X6-128G-K. System comes up in Linux prompt in such cases.PR1655935
Core file reported intermittently where random grpc stack crash is observed. The license service will auto restart and recover. PR1656975
UDP Telemetry output fields might misalign on AFT-based line cards such as MPC10/11 or Junos Evolved platform. PR1658017
ZTP: DHCPACK not received at ztp-server after zeroize of the device (client). PR1658287
On Junos platforms, in the VPLS environment when having
routing-options resolution preserve-nexthop-hierarchy
configured results in the packet dropped at egress PE for multiple MPLS stack labels. PR1658406SNMP MIB walk on jnxVpnInfo
show snmp mib walk jnxVpnInfo
for EVPN or EVPN-VPWS routing instance. PR1659466On configuring
network-services lan
and performed commit check, the system changes the Layer 2 structures and family bridge disappeared from CLI.PR1661057The OpenSSL project has published security advisories for multiple vulnerabilities resolved in OpenSSL. Please Refer to https://kb.juniper.net/JSA70186 for more information.PR1661450
When there is hard failure on the RE-RE link, the system might fail to recognise the fault and report as an alarm. PR1661635
Traffic drop observed for few instances while it send via irbv6 routed interface.PR1662620
The version details for certain daemons will appear in the command output after the device has been rebooted after the completion of the USB installation of Junos.PR1662691
If the physical link status of the ethernet link between the RE and FPC goes down, there are recovery attempts to bring up the link again. Log messages indicate the recovery attempts and the success/failure status of the attempt. However an alarm is not raised when this failure occurs. PR1664592
RE0 to RE1 interface EM4 MTU is changed to 9192 bytes through PR 1642364. If one of the REs don't have this fix, RE sync fails. Due to this reason, ISSU will not work. In such scenario, cold image upgrade should be done. PR1665690
UDP Telemetry might not work when subscribes to /junos/system/linecard/intf-exp/ sensor. PR1666714
On MX platforms with MIC-MACSEC-20GE, FEB(Forwarding Engine Board) might go down while activating/deactivating Graceful Routing Engine Switchover (GRES) configuration.PR1668983
These are expected error logs, and doesn't cause any functional impact.
jsr_iha_pri_unrepl_msg_func: Error: Invalid primary handle in msg 0x10006c600000621, error=2
These logs might be seen if the following conditions are met:On all Junos OS platforms
non stop routing is enabled
with scaled setup
The possible triggers would be restart chassisd, ksyncd, switchover, re reboot, which causes nsr unreplication/replication. PR1675057
The issue was recreated only with IXIA connection. Arp response is not received in the DUT port to store the destination MAC address. unable to determine if the issue is with the MX port or medium or IXIA port. PR1677624
The IFD remaining stats flag is not set properly in chassid in today's code. It should be set to TRUE only if HCOS is configured on an interface. Else, it should not be SET. Not setting this rightly, results in statistics not being displayed or the command output not being displayed at all. The impacted command is
run show interfaces extensive intf-name
and the impact is seen in GNF environment with no explicit CoS configuration on the interfaces. Not usingextensive
will ensure there is no issue as well. This is specific to MPC11 with sub LC (GNF) setup.PR1678071There will be drop of syslog packets seen for RT_FLOW: RT_FLOW_SESSION_CREATE_USF logs until this is fixed. This will not impact the functionality.PR1678453
On all MX platforms with MPC7E-10GE line card, auto-negotiation will not be set properly when changing the port speed from 10GE to 1G on a port with auto-negotiation configured. The port remains down until the commit is done separately for changing the port speed.PR1682962
One time l2ald (Layer 2 Address Learning Daemon) core will be seen once the box comes up after zeroize. There will be no service impact due to this.PR1686097
On all Junos and Junos Evolved platforms, configuring Link Layer Discovery Protocol (LLDP) with
system services netconf notification
enabled will trigger the l2cpd crash. This crash causes the CPU to spike. PR1695057On all Junos platforms, the dcd (device control daemon) process crash is observed when more than 256 VLANs as name tags are added on the same interface.PR1696428
FIPS mode is not supported in this release.PR1697999
The optic configuration mismatch alarm was always enabled, but was not reported by the RE during
show chassis alarms
. This alarm will now be correctly reported by the FPC and displayed in the RE. There is no behavior change other than the alarm being reported correctly now.PR1700606
High Availability (HA) and Resiliency
When GRES is performed with the interface em0 (or fxp0) disabled on the primary Routing Engine, then enable the interface on the new backup Routing Engine, it isn't able to access network.PR1372087
Infrastructure
Below IPC timeouts logs can be seen for statistics query to kernel(queried from cli or daemons querying internally)when there is config churn, or large number of IPCs getting exchanged between kernel and pfe in the system.
if_pfe_msg_handler: pfe_peer_msg_handler error: error for msg type type, msg subtype subtype, opcode op and peer index index
Default IPC timeout value in kernel for IPC statistics request is 10s. This can be incremented to larger value by setting below hidden config to avoid IPC timeout errors.# set system stats-timeout-lifetime 15 # commit
. PR1629930
Interfaces and Chassis
On MX platforms with Subscriber Management configured, the subscribers will fail to negotiate the PPP (Point-to-Point Protocol) session and be unable to login when jpppd transitions from backup to Master and does not receive all the Routing Table events from Kernel post upgrade.PR1686940
Layer 2 Features
In case of the access-side interfaces used as SP-style interfaces, when a new logical interface is added and if there is already a logical interface on the physical interface, there is 20--50 ms traffic drop on the existing logical interface. PR1367488
MPLS
In MVPN case, if the nexthop index of a group is not same between master and backup after a nsr switchover, we might see a packet loss of 250 to 400 ms. PR1561287
Ingress will retry after lsp stay down for extended period of time or customer can clear lsp to speed up the retry. PR1631774
On all Junos and Junos OS Evolved platforms, if CCC (Circuit Cross-Connect) is configured to use a label-switched-path such as IGP routed, i.e., no-cspf and no strict ERO (Explicit Route Object) configuration, then restarting egress CCC node or restarting FPC on the egress CCC node containing remote-interface-switch configuration multiple times may cause CCC to remain stuck in remote-if-down state, resulting in loss of traffic. (The knob
remote-interface-switch
is configured on the egress LER of the RSVP-TE LSP (Resource Reservation Protocol-Traffic Engineering label-switched-path) which binds the LSP terminating on the node to a local interface).PR1694777
Network Management and Monitoring
When maximum-password-length is configured and user tries to configure password whose length exceeds configured maximum-password-length, error is thrown, along with error 'ok/' tag is also emitted. (Ideally 'ok/' tag should not be emitted in an error scenario.) The configuration does not get committed.PR1585855
On Junos and Junos Evolved platforms, post ephemeral database configuration commit sync leads to a state mismatch between master and backup.PR1610713
Platform and Infrastructure
On all Junos and Junos OS Evolved platforms, while using source-address NTP configuration parameter and issue the command
set ntp date
from the CLI, packets will be sent with the source address of the outgoing interface rather than the manually configured IP address. Typically, the manually configured IP address would be a loopback address. The problem does not apply to automatically generated NTP poll packets. PR1545022On MX platform, when the "fast-lookup-filter" statement is configured with a match that is not supported in the FLT(fast-lookup-filter) hardware, traffic might be lost.PR1573350
Don't use the control-type light under platforms where this feature is not supported at present. At present IPv4 and IPv6 twamp-light is supported on the platforms using TRIO and PE chipsets. PR1603128
VM cores and Virtual Chassis split might be observed with multicast scale scenario. PR1614145
With given multi dimensional scale, if configuration is removed and restored continuously for more than 24 times, MX Trio based FPC might crash and restart. During the reboot, there can be traffic impact if backup paths are not configured. PR1636758
On SRX5k and MX240/MX480/MX960 platforms,when device is powered on with multiple line cards, power might not be sufficient and few line cards fail to come into online state.PR1645817
The process sshd will crash if Terminal Access Controller Access Control System (TACACS) user authentication is configured and the user is successfully authenticated by the TACACS server. The crash occurs with every successful authentication and an sshd coredump will be created. Because of the core ssh access is denied. PR1672581
On Junos with MX platform using specific MPC7E/MPC8E/MPC9E/JNP10K-LC2101/JNP10003-LC2103/JNP10K-LC480 line cards in the event of a transient memory hardware issue, parity errors are generated which cannot be rectified by the ASIC. When the Flexible PIC Concentrators(FPC) encounters such an error, it will automatically deactivate the Packet Forwarding Engine(PFE) which leads to traffic impact. PR1706494
Routing Protocols
Certain BGP traceoption flags (for example, "open", "update", and "keepalive") might result in (trace) logging of debugging messages that do not fall within the specified traceoption category, which results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294
LDP OSPFs are in the Synchronization state because the IGP interface is down with ldp-synchronization enabled for OSPF. PR1256434
On MX platforms, unexpected log message will appear if the CLI command
show version detail
orrequest support information
is executed.PR1315429On all platforms, the issue is when the first time when ESIS is coming up sometimes the ESIS route might not get installed. PR1559005
On MX platforms, initial multicast register packets might get dropped, this might affect multicast services. PR1621358
On all Junos and Junos OS Evolved platforms, when configuring the network instance for openconfig, an error might be observed while executing a commit if the configured network instance type is "default_instance" but the instance name is not default.PR1644421
RFC 8950/RFC 5549, permits the advertisement of a BGP Nexthop of a different family (e.g. IPv6) than the NLRI address family (e.g. IPv4). The mapping of possible address families that can be used are exchanged using BGP Capabilities. The BGP Capabilities specification, RFC 5492, recommends that a single capability TLV of a given type is advertised when multiple elements within that TLV are present. That RFC also permits multiple capabilities of the same type to be advertised for multiple elements for backward compatibility. Junos BGP handling of the BGP extended nexthop capability did not handle multiple capabilities of the same code point when multiple extended nexthop capabilities were present. It incorrectly kept only the last one sent. This PR addresses that deficiency. PR1649332
The
show security keychain detail
CLI displays algorithm as hmac-* instead of ao.PR1651195When l2cpd (in the context of xSTP) clears the entries that it has programmed on ppmd, ie when you delete xSTP configs from the box, there can be a possibility of ppmd core. If ppmd is in distributed mode then there will be no service impact, else there can be service impact as packet transmission for various protocols will happen via if ppmd is in centralized mode.PR1660299
The rpd (routing protocol daemon) crash happens when a non-BGP (Border Gateway Protocol) route is exported via LDP (Label Distribution Protocol) and later on, if the same prefix advertised by BGP is received, we select that as the forwarded route rather than the already advertised route. This is due to the logic in the forwarding route to pick the BGP route for the BGP-owned routes rather than the active route. This is a rare case and the system recovers by itself until the next event.PR1671081
Dynamic IFL add request is waiting to be processed in KRT queue during that if chassid down event occurs. To handle the chassid down event RPD Infra sends notification to protocol(producer of Dynamic IFL add request) and it is producer jobs to DELETE the dynamic ifls request which were there in the KRT queue. PIM code is not clearing those Dyanamic IFLs ADD request during chassis fpc down event. Hence getting error 'ENOENT -- Item not found' when chassis comes back up.PR1675212
Any platforms with Micro BFD configured on member links of the LAG/ae interface, BFD Session state in RE remains as UP always even though PEER device has ceased.PR1675921
On all Junos and Junos Evolved platforms, the rpd ( routing protocol daemon) can crash when PIM (Protocol Independent Multicast), MoFRR (Multicast only Fast Reroute) configuration is present and some network churn event such as continuous interface cost changes, resulting in a change of active and backup paths for ECMP (Equal Cost Multi-Path) happens. There will be service impact because of the rpd crash but the system self-recovers until the next crash.PR1676154
VRF Rouging table might not get updated immediately upon change of maximum-prefixes. PR1680277
OSPF Route Type Extended Community cannot be configured as 'rte-type'. PR1687273
On all Junos and Junos Evolved platforms BGP-LU (Border Gateway Protocol Labeled-Unicast) Advertisements fail with the message "BGP label allocation failure: Need a gateway" based on timing conditions involving route resolution and installation.PR1689904
On Junos and Junos Evolved platforms configured with graceful-shutdown sender under the BGP dynamic neighborship, the peer device does not receive routes with communities "graceful-shutdown", as it is not advertised by the sender causing the traffic drop for the affected routes.PR1699633
On all Junos and Junos Evolved platforms, when IPv4 prefix advertisement received by an IS-IS/OSPF router in the Extended IP reachability TLV and SR mapping server (SRMS) advertisement for the same prefix received through the segment identifier (SID) label Binding TLV, then SRMS advertised label preferred over IS-IS/OSPF SID label advertised via opaque-AS Extended-Prefix. Traffic will be sent via incorrect path due to this issue. PR1702456
VPNs
Tunnel debugging configuration is not synchronized to the backup node. It needs to be configured again after RG0 failover. PR1450393
Change here is basically reverting to old enum value used for ATM VPN, and using a new value for BGP Multicast address family, and although these is no visible behavior change due to this, there might be impact on ISSU for ATMVPN and BGP Multicast address family if enabled.PR1590331
When using Group VPN, in certain cases, the PUSH ACK message from the group member to the group key server may be lost. The group member can still send rekey requests for the TEK SAs before the hard lifetime expiry. Only if the key server sends any new PUSH messages to the group members, those updates would not be received by the group member since the key server would have removed the member from registered members list. PR1608290
This happens only when MVPN protocol has separate route targets configured and then both the address families are disabled. RPD infra parsing does not check if MVPN protocol is disabled and hence will create the auto policies for route-targets if configured. So if those policies are not marked as active in MVPN configuration flow, it does not get resolved and thereby the policy object may not be valid thus leading to the core files. PR1700345
With inter area/AS segmented scenario the provider tunnel termination interface on ASBR/ABR is set to global lo0 and added to tai data structure. However if there is a change in lsi/vt interface, specifically causing deletion of interface, in change notification callback MVPN tries to delete tai data structure with lsi/vt interface and not lo0 since this is inter area/AS segmented scenario. Since lsi/vt was never added, the code asserts. PR1710255