Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

close
keyboard_arrow_left
Release Notes: Junos OS Release 22.2R3
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
keyboard_arrow_right

Open Issues

date_range 13-Feb-23

Learn about open issues in this release for MX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Class of Service (CoS)

  • The AE interfaces in per-unit-scheduler mode and committing CoS configuration on AE IFLs in a single commit leads to race-conditions. PR1666010

EVPN

  • A few duplicate packets might be seen in an A/A EVPN scenario when the remote PE device sends a packet with an IM label due to MAC not learned on the remote PE device, but learned on the A/A local PE device. The nondesignated forwarder sends the IM-labeled encapsulated packet to the PE-CE interface after MAC lookup instead of dropping the packet, which causes duplicate packets to be seen on the CE side. PR1245316

  • In PBB-EVPN (Provider Backbone Bridging - Ethernet VPN) environment, ARP suppression feature which is not supported by PBB might be enabled unexpectedly. This could cause MAC addresses of remote CEs not to be learned and hence traffic loss. PR1529940

  • This is a case where interface is disabled and comes up as CE after a timeout. A manual intervention of clear ce interface command should restore this.

    As a workaround,

    • Clear auto-evpn ce-interface interface-name

    • Configure edit activate interface-name family inet inet6

      PR1630627

Forwarding and Sampling

  • When GRES is triggered by SSD hardware failure, the syslog error of rpd[2191]: krt_flow_dfwd_open,8073: Failed connecting to DFWD, error checking reply - Operation timed out might be seen. The issue can be recovered by restarting the dfwd daemon. PR1397171

  • On all Junos dual-RE platforms, when performing activate/deactivate Graceful Routing Engine Switchover (GRES) multiple times, synchronization issues are observed between the master and backup dfwd process. PR1697959

General Routing

  • AFEB crashing with PTP thread hog on the device. PR1068306

  • On the PTX Platform with FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter a single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. The following syslog message gets reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero Jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 The Junos OS Chassis Management error handling detects such a condition, raises an alarm, and disables the affected Packet Forwarding Engine entity. To recover this Packet Forwarding Engine entity, restart the FPC. Contact your Juniper support representative if the issue persists even after the FPC restarts. PR1254415

  • If a vmhost snapshot is taken on an alternate disk and there is no further vmhost software image upgrade, the expectation is that if the current vmhost image gets corrupted, the system boots with the alternate disk so the user can recover the primary disk to restore the state. However, the host root file system and the node boots with the previous vmhost software instead of the alternate disk. PR1281554

  • When VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter is not installed. PR1362609

  • TALUS(number) PCIe(number) DMA RX interrupt received. Queue stuck status 0xeeeeee0 are spurious messages which are triggered in system logs due to queue-back pressure or FPGA drops. PR1465888

  • With NAT/Stateful-firewall/TCP tickle (enable by default) configured on MS-MPC/MS-MIC, the vmcore crash sometimes along with mspmand crash might happen if large-scale traffic flows (e.g. million flows) are processed by it. PR1482400

  • When there are hardware link errors occurred on all 32 links on an FPC 11. Because of these link errors, all FPCs reported destination errors towards FPC 11 and FPC 11 was taken offline with reason offlined due to unreachable destinations. PR1483529

  • Runt, fragment and jabber counters are not incrementing. PR1492605

  • After backup Routing Engine halt, CB1 goes offline and comes back online; this leads to the backup Routing Engine booting up, and it shows the reboot reason as 0x1:power cycle/failure. This issue is only for the RE reboot reason, and there is no other functional impact of this. PR1497592

  • PR1463859 introduces a software defect that causes a 10GE interface to flap continuously when configuring with the WAN-PHY framing with the default hold-down timer (0). Once upgrading a router to an affected software release, the interface might flap continuously. This is not applicable to an interface with the default framing - LAN-PHY. PR1508794

  • When an AMS ifd is configured for the first time or any member of the AMS bundle is removed or added, the PICs on which the members of AMS bundle are present go for a reboot. There is a timer running in the AMS kernel which is used as a delay for the PIC reboot to complete and once that timer expires AMS assumes that the PICs might have been rebooted and it moves into next step of AMS fsm. In scaled scenarios, this rebooting of the PIC is delayed due to DCD. This is because when a PIC goes down, DCD is supposed to delete the IFDs on that PIC and then the PIC reboot happens. But DCD is busy processing the scaled configuration and the IFD deletion is delayed. This delay is much greater than the timer running in AMS kernel. When the above timer expires, the FSM in AMS kernel incorrectly assumes the PIC reboot would be completed by then, but the reboot is still pending. By the time DCD deletes this IFD the AMS bundles are already UP. Because of this, there is a momentary flap of the bundles. PR1521929

  • In Mac-OS platforms when Juniper Secure Connect client connects successfully, the client is not getting minimized to tray icon and needs to be minimized manually.PR1525889

  • Due to BRCM KBP issue route lookup might fail. Need to upgrade KBP to address this issue. PR1533513

  • If vMX product is configured to run in performance mode via configuring chassis fpc 0 performance-mode (Note: performance mode is enabled by default starting from Junos OS Release 15.1F6), flow cache will be used to improve the traffic forwarding performance. With performance mode enabled, if traffic cause a single flow in the flow cache to have a large number of flow actions which hit the max supported number (that is, 18) of flow actions. Typically, the addition of lots of firewall counters and policers in a single flow can make it add up. The riot might crash. It is a rare issue. PR1534145

  • In scaled MX2020 router, with vrf localisation enabled, 4 million nexthop scale, 800k route scale. FPCs might go offline on GRES. Post GRES, router continues to report many fabric related CM_ALARMs. FPC might continue to reboot and not come online. Rebooting master and backup Routing Engine will help recover and get router back into stable state. PR1539305

  • On MX platforms with MS-MPC/MS-MIC service card installed, the card might run out of memory due to process mspmand memory leak, which might cause traffic interruption if adding and/or deleting of telemetry sensor. This is because these operations will trigger the memory allocation for decoding configuration change messages and will not release the memory at the end of processing. PR1540538

  • During RE switchover interface flap might be seen along with Scheduler slippage. PR1541772

  • USF-SPC3 : With ipsec PMI/fat-core enabled, show services sessions utilization CLI not displaying right CPU utilization. PR1557751

  • The Sync-E to PTP transient simulated by Calnex Paragon Test equipment is not real network scenario. In real network deployment model typically there will be two Sync-E sources (Primary and Secondary) and switchover happens from one source to another source. MPCE7 would pass real network SyncE switchover and associated transient mask. PR1557999

  • This is a feature enhancement and work is in progress to provide this support. This will have impact only when routing daemon crashes and will not have impact on rest of the NSR support. PR1561059

  • Due to a race condition, the show multicast route extensive instance instance-name output might display the session status as Invalid. This output is a cosmetic defect and not indicative of a functional issue. PR1562387

  • To avoid the additional interface flap , interface hold time needs to be configured. PR1562857

  • When Inline Jflow is configured and high sampling rate (more than 4000 per second) is set, high CPU utilization might be observed and this might result in relevant impacts on traffic analysis and billing. This issue is fixed from 21.3R1 via RLI 49464.PR1569229

  • Copying files to /tmp/ causes a huge JTASK_SCHED_SLIP. Copy files to /var/tmp/ instead. PR1571214

  • This issue is caused by /8 pool with block size as 1, when the configuration is committed the block creation utilizes more memory causing NAT pool memory shortage, which is currently being notified to customer with syslog tagged RT_NAT_POOL_MEMORY_SHORTAGE. PR1579627

  • In a fully loaded devices, at times, firewall programming was failing due to scaled prefix configuration with more than 64800 entries. However, this issue is not observed in development setup. PR1581767

  • Error message seen on MX10K8 chassis with SyncE/PTP configurations, This does not affect any functionality. The error seen here because the API called is specific to ferrari platform which needs to be vecterized. PR1583496

  • When the active slave interface is deactivated, the PTP lock status is set to 'INITIALIZING' state in show ptp lock-status output for few seconds before BMCA chooses the next best slave interface. This is the day-1 behavior and there is no functional impact. PR1585529

  • On all devices running Junos OS Release 19.1R3-S5-J3, the subscriber logical interface (IFL) might be in a stuck state after the Extensible Subscriber Services Manager (ESSM) deletion. PR1591603

  • Pim Vxlan not working on TD3 chipsets enabling VxLAN flexflow after Junos OS Release 21.3R1. Customers Pim Vxlan or data plane VxLAN can use the version 21.3R1. PR1597276

  • MX2010, MX2020: MPC11E: unified ISSU is not supported for software upgrades from Junos OS Release 21.2 to release 21.3 and 21.4 releases due to a flag day change. PR1597728

  • During Routing Engine switchover, if there is a burst of ICMP/BFD/SSH/FTP/TELNET/RSVP packets (~18K pps) you might see new backup RE restarting. PR1604299

  • On MX Series Virtual Chassis platforms with MS-MPC or SPC3 service cards and Aggregated Multi-Service (AMS), traffic on the line card in the backup chassis might not be load-balanced properly due to timing conditions. This works well on the line card in the master chassis. There might be traffic loss when interfaces are not properly balanced. PR1605284

  • Leaf difference with regards to memory-usage/heap in the output of Sensor (/junos/system/linecard/firewall) between MPC7E and MPC10E. PR1606791

  • On all MX platforms, in a subscriber management environment, new subscribers might not connect if Class of service (CoS) CR-features (Classifier Rewrite) are used by the Variable Based Flow (VBF) service. The reference count mismatching between Routing Engine (RE) and VBF is caused by VBF flow VAR CHANGE failure. PR1607056

  • If RPD Agent sends INH deletion/additions out of order (rarely occurs) to backup RPD, RPD generates core files. PR1607553

  • NPU and IFL sensors path not programmed on AFT and EVO based LC. PR1610766

  • When user tries to disable AMS ifd using configuration statement, the ipsec tunnels are not deleted. Deactivating the services will provide the desired result. PR1613432

  • In some NAPT44 and NAT64 scenarios, duplicate SESSION_CLOSE Syslog will be seen. PR1614358

  • Percentage physical-interface policer is not working on AE, after switching between baseline configuration to policer configuration. PR1621998

  • Tunnel statistics displays incorrect values because it was not supposed that tunnel interfaces would cache flow. PR1627713

  • On all Junos platforms the MAC address of the 17th ae interface might be changed after the upgrade from Junos OS 18.4+ to 20.4+ releases. It will lead to mac based service interruption.PR1629050

  • For a topology with VSTP and VRRP configured and IPv6 traffic, if VSTP bridge priority is changed a couple of times (to trigger toggling of root bridge), it is possible that v6 traffic drop is seen on some of the streams. PR1629345

  • For ACX5448, MX204 and MX2008 "VM Host-based" platforms, starting with Junos OS Release 21.4R1 or later, ssh and root login is required for copying line card image (chspmb.elf for MX2008) from Junos VM to Linux host during installation. The ssh and root login are required during installation. Use deny-password instead of deny as default root-login option under ssh configuration to allow internal trusted communication. Ref https://kb.juniper.net/TSB18224 PR1629943

  • The fabric statistics counters are not displayed in the output of show snmp mib walk ascii jnxFabricMib. PR1634372

  • On all devices running Junos OS or Junos OS Evolved, where this is a high BGP scale with flapping route and the BGP Monitoring Protocol (BMP) collector/station is very slow, the rpd process might crash due to memory pressure. PR1635143

  • Same vlan cannot be used as data vlan and voip vlan together. PR1637195

  • With SFP+-10G-CU3M DAC, peer cannot detect admin down on MX10008. PR1640799

  • The mspmand daemon running on MS-MPC/MS-MIC cards might occasionally crash when the service card (fpc/pic) is turned offline and then online at regular intervals when the number of service-set configured is moderately high and when extensive hardware crypto operations are being performed. Exact issue is yet to be isolated. PR1641107

  • Source MAC should not be configured on the underlying static interface on the UP for PPPoE login to work correctly. PR1641495

  • WIth PTPoIPv6 on MPC2E 3D EQ, PTP slave stays in acquiring state.PR1642890

  • When CFP2-DCO is used, operator need to configure otn-option - that is the only mode supported. PR1643815

  • Committing configuration changes during the Packet Forwarding Engine reset pause window (when PFE is disabled, yet the PFE reset proper has not started yet) has the potential of causing errors and traffic loss. In particular, configuration changes that result in re-allocating policers (which are HMC-based) might lead to traffic being entirely policed out (that is, not flowing). Once the PFE reset procedure has started configuration changes ought to be avoided until the procedure is completely done.PR1644661

  • bb device has to be manually enabled in configuration for DHCP and PPP access models for BNG CUPS. Configuration to enable bb device is as follows: #set system subscriber-management mode force-broadband-device. PR1645075

  • On Junos platform, PTP does not lock when port speed is not configured under PIC hierarchy or port speed for some additional random ports are configured under the PIC hierarchy or perform PIC deactivate/activate. PR1645562

  • When per-interface egress and per-sid egress SR sensor stats are configured using the CLI commands below, the (pushed) MPLS label length does not get included in the output/Tx octets field that gets exported from the sensor:

    set protocols isis source-packet-routing sensor-based-stats per-interface-per-member-link egress

    set protocols isis source-packet-routing sensor-based-stats per-sid egress

    This is a day-1 behavior on all Trio ASIC based FPCs on the MX platform.

    PR1646799
  • With overlapping NAT pool configured with different NAT rules under different service sets, when service outside interface is moved between different routing instances (For example, from vr1 to default, and from default to vr1), NAT routes corresponding to the service-set in default routing instance are getting deleted, resulting in reverse path traffic failure for NAT sessions. PR1646822

  • It is non impacting message in journal logs, without any functional impact. Removing all .include inclusions from service files, via this PR.PR1647592

  • In the IPv6 segment routing deployment, packets are sent out with the incorrect ethernet type. PR1647622

  • Configuring MPC11 in 4x100G and keeping peer in 400G mode, Link comes up on peer while staying down on local end. This issue is also specific to 400G-ZR optics as it has single media lane. The issue is not seen on other 400G optics supporting 4x100G mode.PR1653946

  • When interop with the following systems, flow control must be enabled when MACsec is configured on the peer system. Because on these systems, flow control is forced to be on regardless of the CLI provisioning. Other Reference (already documented) https://www.juniper.net/documentation/us/en/software/junos/security-service s/topics/ref/statement/interfaces-edit-security-macsec-mx-series.htmlPR1655712

  • Currently user can install images older that the minimum supported image on RE-S-X6-128G-K. System comes up in Linux prompt in such cases.PR1655935

  • Core file reported intermittently where random grpc stack crash is observed. The license service will auto restart and recover. PR1656975

  • UDP Telemetry output fields might misalign on AFT-based line cards such as MPC10/11 or Junos Evolved platform. PR1658017

  • ZTP: DHCPACK not received at ztp-server after zeroize of the device (client). PR1658287

  • On Junos platforms, in the VPLS environment when having routing-options resolution preserve-nexthop-hierarchy configured results in the packet dropped at egress PE for multiple MPLS stack labels. PR1658406

  • SNMP MIB walk on jnxVpnInfo show snmp mib walk jnxVpnInfo for EVPN or EVPN-VPWS routing instance. PR1659466

  • On configuring network-services lan and performed commit check, the system changes the Layer 2 structures and family bridge disappeared from CLI.PR1661057

  • The OpenSSL project has published security advisories for multiple vulnerabilities resolved in OpenSSL. Please Refer to https://kb.juniper.net/JSA70186 for more information.PR1661450

  • When there is hard failure on the RE-RE link, the system might fail to recognise the fault and report as an alarm. PR1661635

  • Traffic drop observed for few instances while it send via irbv6 routed interface.PR1662620

  • The version details for certain daemons will appear in the command output after the device has been rebooted after the completion of the USB installation of Junos.PR1662691

  • If the physical link status of the ethernet link between the RE and FPC goes down, there are recovery attempts to bring up the link again. Log messages indicate the recovery attempts and the success/failure status of the attempt. However an alarm is not raised when this failure occurs. PR1664592

  • RE0 to RE1 interface EM4 MTU is changed to 9192 bytes through PR 1642364. If one of the REs don't have this fix, RE sync fails. Due to this reason, ISSU will not work. In such scenario, cold image upgrade should be done. PR1665690

  • UDP Telemetry might not work when subscribes to /junos/system/linecard/intf-exp/ sensor. PR1666714

  • On MX platforms with MIC-MACSEC-20GE, FEB(Forwarding Engine Board) might go down while activating/deactivating Graceful Routing Engine Switchover (GRES) configuration.PR1668983

  • These are expected error logs, and doesn't cause any functional impact. jsr_iha_pri_unrepl_msg_func: Error: Invalid primary handle in msg 0x10006c600000621, error=2 These logs might be seen if the following conditions are met:

    On all Junos OS platforms

    non stop routing is enabled

    with scaled setup

    The possible triggers would be restart chassisd, ksyncd, switchover, re reboot, which causes nsr unreplication/replication. PR1675057

  • The issue was recreated only with IXIA connection. Arp response is not received in the DUT port to store the destination MAC address. unable to determine if the issue is with the MX port or medium or IXIA port. PR1677624

  • The IFD remaining stats flag is not set properly in chassid in today's code. It should be set to TRUE only if HCOS is configured on an interface. Else, it should not be SET. Not setting this rightly, results in statistics not being displayed or the command output not being displayed at all. The impacted command is run show interfaces extensive intf-name and the impact is seen in GNF environment with no explicit CoS configuration on the interfaces. Not using extensive will ensure there is no issue as well. This is specific to MPC11 with sub LC (GNF) setup.PR1678071

  • There will be drop of syslog packets seen for RT_FLOW: RT_FLOW_SESSION_CREATE_USF logs until this is fixed. This will not impact the functionality.PR1678453

  • On all MX platforms with MPC7E-10GE line card, auto-negotiation will not be set properly when changing the port speed from 10GE to 1G on a port with auto-negotiation configured. The port remains down until the commit is done separately for changing the port speed.PR1682962

  • One time l2ald (Layer 2 Address Learning Daemon) core will be seen once the box comes up after zeroize. There will be no service impact due to this.PR1686097

  • On all Junos and Junos Evolved platforms, configuring Link Layer Discovery Protocol (LLDP) with system services netconf notification enabled will trigger the l2cpd crash. This crash causes the CPU to spike. PR1695057

  • On all Junos platforms, the dcd (device control daemon) process crash is observed when more than 256 VLANs as name tags are added on the same interface.PR1696428

  • FIPS mode is not supported in this release.PR1697999

  • The optic configuration mismatch alarm was always enabled, but was not reported by the RE during show chassis alarms. This alarm will now be correctly reported by the FPC and displayed in the RE. There is no behavior change other than the alarm being reported correctly now.PR1700606

High Availability (HA) and Resiliency

  • When GRES is performed with the interface em0 (or fxp0) disabled on the primary Routing Engine, then enable the interface on the new backup Routing Engine, it isn't able to access network.PR1372087

Infrastructure

  • Below IPC timeouts logs can be seen for statistics query to kernel(queried from cli or daemons querying internally)when there is config churn, or large number of IPCs getting exchanged between kernel and pfe in the system. if_pfe_msg_handler: pfe_peer_msg_handler error: error for msg type type, msg subtype subtype, opcode op and peer index index Default IPC timeout value in kernel for IPC statistics request is 10s. This can be incremented to larger value by setting below hidden config to avoid IPC timeout errors. # set system stats-timeout-lifetime 15 # commit. PR1629930

Interfaces and Chassis

  • On MX platforms with Subscriber Management configured, the subscribers will fail to negotiate the PPP (Point-to-Point Protocol) session and be unable to login when jpppd transitions from backup to Master and does not receive all the Routing Table events from Kernel post upgrade.PR1686940

Layer 2 Features

  • In case of the access-side interfaces used as SP-style interfaces, when a new logical interface is added and if there is already a logical interface on the physical interface, there is 20--50 ms traffic drop on the existing logical interface. PR1367488

MPLS

  • In MVPN case, if the nexthop index of a group is not same between master and backup after a nsr switchover, we might see a packet loss of 250 to 400 ms. PR1561287

  • Ingress will retry after lsp stay down for extended period of time or customer can clear lsp to speed up the retry. PR1631774

  • On all Junos and Junos OS Evolved platforms, if CCC (Circuit Cross-Connect) is configured to use a label-switched-path such as IGP routed, i.e., no-cspf and no strict ERO (Explicit Route Object) configuration, then restarting egress CCC node or restarting FPC on the egress CCC node containing remote-interface-switch configuration multiple times may cause CCC to remain stuck in remote-if-down state, resulting in loss of traffic. (The knob remote-interface-switch is configured on the egress LER of the RSVP-TE LSP (Resource Reservation Protocol-Traffic Engineering label-switched-path) which binds the LSP terminating on the node to a local interface).PR1694777

Network Management and Monitoring

  • When maximum-password-length is configured and user tries to configure password whose length exceeds configured maximum-password-length, error is thrown, along with error 'ok/' tag is also emitted. (Ideally 'ok/' tag should not be emitted in an error scenario.) The configuration does not get committed.PR1585855

  • On Junos and Junos Evolved platforms, post ephemeral database configuration commit sync leads to a state mismatch between master and backup.PR1610713

Platform and Infrastructure

  • On all Junos and Junos OS Evolved platforms, while using source-address NTP configuration parameter and issue the command set ntp date from the CLI, packets will be sent with the source address of the outgoing interface rather than the manually configured IP address. Typically, the manually configured IP address would be a loopback address. The problem does not apply to automatically generated NTP poll packets. PR1545022

  • On MX platform, when the "fast-lookup-filter" statement is configured with a match that is not supported in the FLT(fast-lookup-filter) hardware, traffic might be lost.PR1573350

  • Don't use the control-type light under platforms where this feature is not supported at present. At present IPv4 and IPv6 twamp-light is supported on the platforms using TRIO and PE chipsets. PR1603128

  • VM cores and Virtual Chassis split might be observed with multicast scale scenario. PR1614145

  • With given multi dimensional scale, if configuration is removed and restored continuously for more than 24 times, MX Trio based FPC might crash and restart. During the reboot, there can be traffic impact if backup paths are not configured. PR1636758

  • On SRX5k and MX240/MX480/MX960 platforms,when device is powered on with multiple line cards, power might not be sufficient and few line cards fail to come into online state.PR1645817

  • The process sshd will crash if Terminal Access Controller Access Control System (TACACS) user authentication is configured and the user is successfully authenticated by the TACACS server. The crash occurs with every successful authentication and an sshd coredump will be created. Because of the core ssh access is denied. PR1672581

  • On Junos with MX platform using specific MPC7E/MPC8E/MPC9E/JNP10K-LC2101/JNP10003-LC2103/JNP10K-LC480 line cards in the event of a transient memory hardware issue, parity errors are generated which cannot be rectified by the ASIC. When the Flexible PIC Concentrators(FPC) encounters such an error, it will automatically deactivate the Packet Forwarding Engine(PFE) which leads to traffic impact. PR1706494

Routing Protocols

  • Certain BGP traceoption flags (for example, "open", "update", and "keepalive") might result in (trace) logging of debugging messages that do not fall within the specified traceoption category, which results in some unwanted BGP debug messages being logged to the BGP traceoption file. PR1252294

  • LDP OSPFs are in the Synchronization state because the IGP interface is down with ldp-synchronization enabled for OSPF. PR1256434

  • On MX platforms, unexpected log message will appear if the CLI command show version detail or request support information is executed.PR1315429

  • On all platforms, the issue is when the first time when ESIS is coming up sometimes the ESIS route might not get installed. PR1559005

  • On MX platforms, initial multicast register packets might get dropped, this might affect multicast services. PR1621358

  • On all Junos and Junos OS Evolved platforms, when configuring the network instance for openconfig, an error might be observed while executing a commit if the configured network instance type is "default_instance" but the instance name is not default.PR1644421

  • RFC 8950/RFC 5549, permits the advertisement of a BGP Nexthop of a different family (e.g. IPv6) than the NLRI address family (e.g. IPv4). The mapping of possible address families that can be used are exchanged using BGP Capabilities. The BGP Capabilities specification, RFC 5492, recommends that a single capability TLV of a given type is advertised when multiple elements within that TLV are present. That RFC also permits multiple capabilities of the same type to be advertised for multiple elements for backward compatibility. Junos BGP handling of the BGP extended nexthop capability did not handle multiple capabilities of the same code point when multiple extended nexthop capabilities were present. It incorrectly kept only the last one sent. This PR addresses that deficiency. PR1649332

  • The show security keychain detail CLI displays algorithm as hmac-* instead of ao.PR1651195

  • When l2cpd (in the context of xSTP) clears the entries that it has programmed on ppmd, ie when you delete xSTP configs from the box, there can be a possibility of ppmd core. If ppmd is in distributed mode then there will be no service impact, else there can be service impact as packet transmission for various protocols will happen via if ppmd is in centralized mode.PR1660299

  • The rpd (routing protocol daemon) crash happens when a non-BGP (Border Gateway Protocol) route is exported via LDP (Label Distribution Protocol) and later on, if the same prefix advertised by BGP is received, we select that as the forwarded route rather than the already advertised route. This is due to the logic in the forwarding route to pick the BGP route for the BGP-owned routes rather than the active route. This is a rare case and the system recovers by itself until the next event.PR1671081

  • Dynamic IFL add request is waiting to be processed in KRT queue during that if chassid down event occurs. To handle the chassid down event RPD Infra sends notification to protocol(producer of Dynamic IFL add request) and it is producer jobs to DELETE the dynamic ifls request which were there in the KRT queue. PIM code is not clearing those Dyanamic IFLs ADD request during chassis fpc down event. Hence getting error 'ENOENT -- Item not found' when chassis comes back up.PR1675212

  • Any platforms with Micro BFD configured on member links of the LAG/ae interface, BFD Session state in RE remains as UP always even though PEER device has ceased.PR1675921

  • On all Junos and Junos Evolved platforms, the rpd ( routing protocol daemon) can crash when PIM (Protocol Independent Multicast), MoFRR (Multicast only Fast Reroute) configuration is present and some network churn event such as continuous interface cost changes, resulting in a change of active and backup paths for ECMP (Equal Cost Multi-Path) happens. There will be service impact because of the rpd crash but the system self-recovers until the next crash.PR1676154

  • VRF Rouging table might not get updated immediately upon change of maximum-prefixes. PR1680277

  • OSPF Route Type Extended Community cannot be configured as 'rte-type'. PR1687273

  • On all Junos and Junos Evolved platforms BGP-LU (Border Gateway Protocol Labeled-Unicast) Advertisements fail with the message "BGP label allocation failure: Need a gateway" based on timing conditions involving route resolution and installation.PR1689904

  • On Junos and Junos Evolved platforms configured with graceful-shutdown sender under the BGP dynamic neighborship, the peer device does not receive routes with communities "graceful-shutdown", as it is not advertised by the sender causing the traffic drop for the affected routes.PR1699633

  • On all Junos and Junos Evolved platforms, when IPv4 prefix advertisement received by an IS-IS/OSPF router in the Extended IP reachability TLV and SR mapping server (SRMS) advertisement for the same prefix received through the segment identifier (SID) label Binding TLV, then SRMS advertised label preferred over IS-IS/OSPF SID label advertised via opaque-AS Extended-Prefix. Traffic will be sent via incorrect path due to this issue. PR1702456

VPNs

  • Tunnel debugging configuration is not synchronized to the backup node. It needs to be configured again after RG0 failover. PR1450393

  • Change here is basically reverting to old enum value used for ATM VPN, and using a new value for BGP Multicast address family, and although these is no visible behavior change due to this, there might be impact on ISSU for ATMVPN and BGP Multicast address family if enabled.PR1590331

  • When using Group VPN, in certain cases, the PUSH ACK message from the group member to the group key server may be lost. The group member can still send rekey requests for the TEK SAs before the hard lifetime expiry. Only if the key server sends any new PUSH messages to the group members, those updates would not be received by the group member since the key server would have removed the member from registered members list. PR1608290

  • This happens only when MVPN protocol has separate route targets configured and then both the address families are disabled. RPD infra parsing does not check if MVPN protocol is disabled and hence will create the auto policies for route-targets if configured. So if those policies are not marked as active in MVPN configuration flow, it does not get resolved and thereby the policy object may not be valid thus leading to the core files. PR1700345

  • With inter area/AS segmented scenario the provider tunnel termination interface on ASBR/ABR is set to global lo0 and added to tai data structure. However if there is a change in lsi/vt interface, specifically causing deletion of interface, in change notification callback MVPN tries to delete tai data structure with lsi/vt interface and not lo0 since this is inter area/AS segmented scenario. Since lsi/vt was never added, the code asserts. PR1710255

external-footer-nav