Traffic loss may be seen if sending traffic via the 40G interface

On QFX5100/QFX5110/QFX3500/QFX3600 platform, traffic loss may be seen if sending traffic via the 40G interface which is connected with peers through DWDM and the CRC errors of the interface may also keep on increasing after flapping the interface on QFX side. 

Interface down due to "PFE Marked Disabled" on PECHIP causing traffic loss

Consider Ingress FPC to be up, fully Init and stable and follow below flow: We restart the egress FPC. It will come up and do its Block driver Init and program the PFE states. During fpc and ASIC initialization Init all global ASIC tables and during initialization we bring up paths for special path IFD's like RHI. After this FPC will send to RE (chasisd) FPC ONLINE message. As soon as this message is sent chaassid it will send IFD ATTACH to all cards. This will start the traffic in case of AE on Ingress card (The root problem). As soon as Ingress FPC start traffic a request will be generated that will traverse fabric path and reach FI which is the first block on egress. Since IFD Init is not complete on egress card this request will lookup in a queue mapping table, at this moment this table will point to an uninitialized value causing the traffic drops. This bug affects the multi slot PTX routers, single slot system like PTX1000 is not affected with this bug. 

JSA10896 2018-10 Security Bulletin: Junos OS: Denial of service in telnetd (CVE-2018-0061)

A denial of service vulnerability in the telnetd service on Junos OS allows remote unauthenticated users to cause high CPU usage which may affect system performance. 

PTX-Series: Invalid programming of interfaces during PFE initialization may lead to traffic black hole.
TSB17535

While a PTX-platform performs Packet Forwarding Engine (PFE) initialization, the PFE may not initialize interfaces data structure properly. This causes transit traffic drop while traffic egressing out of those interfaces. The problem is applicable only to PTX1000 ,PTX3000,PTX5000 and PTX10000. 

The FPC might crash due to the IFL index corruption when IPv6 traffic goes through the IRB interface

In IPv6 scenario, if the IPv6 traffic is coming in an IRB interface and triggering ICMPv6 error packet with the error type of 'MTU exceeded' or 'redirect', and the ICMPv6 error packet is sent out a different IRB interface than the incoming IRB interface, the index of the IRB logical interface (IFL) might be corrupted. The subsequent configuration change (e.g. deactivating/activating, deleting or changing interface configuration) might cause the crash of the FPC hosting the corrupted IFL index. The traffic black hole also might be seen on the affected FPC. 

Nexthop programming issue during link flapping on PTX

In ECMP (Equal-Cost Multipath) scenario on PTX series platforms, the unilist nexthop might be incorrectly programmed on PFE (Packet Forwarding Engine) when a member link flaps, resulting in traffic blackhole. 

The "dead" next-hop may be seen in BGP-LU scenario.

In BGP Labeled Unicast (BGP-LU) scenario, if the device works as penultimate hop and receives BGP-LU routes with indirect next-hop from an egress router, after the operational next-hop interface corresponding to those labeled routes flaps, a "dead" next-hop type (discard action is performed for this type) may be set for the related clone routes (s=0) and still there even the next-hop interface is operational again. 

MX10003 - Master LED glows on Master & backup RCB, while performing the image upgrade on master with GRES/NSR enabled

Master LED glows on Master & backup RCB, while performing the image upgrade on master with GRES/NSR enabled 

Member of IPv4 unilist next-hops might be stuck in "Replaced" state after interface flaps

On PTX platform with FPC3 or PTX1000, if the unilist next-hop is not deleted for some reasons and then it is reused, the member of unilist next-hop might be stuck in "Replaced" state on Packet Forwarding Engine (PFE) after interface flaps with down time longer than Address Resolution Protocol (ARP) aged out. While the issue occurs, the output of "show route forwarding-table" looks normal but traffic might be dropped since the forwarding next-hop on PFE is in "Replaced" status and no longer active. 

Link flapping or staying down due to interoperation issue between MX/EX9200 and transport device

On MX204, MX10003, or MPC7E/8E/9E, or EX9200-40XS/EX9200-12QS, a 100G, 40G, or 10G interface might keep flapping or stay down due to an interoperation issue between Juniper device and the remote transport device connected. 

MX Series: L2ALD daemon may crash if a duplicate MAC is learned by two different interfaces (CVE-2018-0056)

MX Series: L2ALD daemon may crash if a duplicate MAC is learned by two different interfaces (CVE-2018-0056); Refer to https://kb.juniper.net/JSA10890 for more information. 

JSA10882 2018-10 Security Bulletin: Junos OS: Memory exhaustion denial of service vulnerability in Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support (CVE-2018-0048)

Junos OS: Memory exhaustion denial of service vulnerability in Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support (CVE-2018-0048); Refer to https://kb.juniper.net/JSA10882 for more information. 

The MPC might crash when the MIC is removed

When the MIC is removed from the MPC, the MPC might crash. 

JSA10892 2018-10 Security Bulletin: Junos OS: authd allows assignment of IP address requested by DHCP subscriber logging in with Option 50 (Requested IP Address) (CVE-2018-0057)

Junos OS: authd allows assignment of IP address requested by DHCP subscriber logging in with Option 50 (Requested IP Address) (CVE-2018-0057); For more details, please refer to https://kb.juniper.net/JSA10892 for more information. 

JSA10912 2019-01 Security Bulletin: Junos OS: rpd crash on VPLS PE upon receipt of specific BGP message (CVE-2019-0012)

DoS vulnerability in BGP in Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. See https://kb.juniper.net/JSA10912 for details. 

Commit error observed if box is downgraded from from 18.2/18.3 release to 17.3R3

Commit error observed if box is downgraded from from 18.2/18.3 release to 17.3R3 On loading the new image, certain stale symlinks from previous image contents need to be removed which impact mgd. In this case, the .slax script symlinks from /var/db/sripts/translation are not getting removed, which causes issues in the initial commit by mgd The issue is only seen when the previous image was having translation scripts (as part of Junos image) and the new image isn't have these translation scripts 

The l2circuit on MPC7E/8E/9E with asynchronous-notification and ccc configured might keep flapping when the circuit is going up

The l2circuit on MPC7E/8E/9E with asynchronous-notification and ccc configured might keep flapping when the circuit is going up. 

The multicast route update may stuck in KRT queue and the rpd may crash if rpd and kernel go out of sync

In multicast scenario under large-scale route environment, the multicast route update may stuck in KRT queue, and the rpd may crash and restart.

2019-01 Security Bulletin: Junos OS: Multiple vulnerabilities in libxml2

Multiple vulnerabilities in libxml2 have been resolved in Junos OS. Refer to https://kb.juniper.net/JSA10916 for more information. 

MPC7E:ukern crash and FPC reboot with vty command "show agent sensors verbose"

When you use "show agent sensors verbose" FPC VTY command on MPC7E, the FPC might crash. 

JSA10889 2018-10 Security Bulletin: Junos OS: The jdhcpd process crash during processing of specially crafted DHCPv6 message (CVE-2018-0055)

The jdhcpd process crash during processing of specially crafted DHCPv6 message (CVE-2018-0055); Refer to https://kb.juniper.net/JSA10889 for more information. 

Packets might be dropped on data plane in the inline Jflow scenario

On MX series with MPC, in the inline Jflow scenario, due to a software defect, the data structure associated with inline Jflow feature may not be initialized correctly. This leads to not being able to forward traffic correctly on the affected MPC. 

L3VPN traffic might be dropped due to one core-facing interface down

On QFX10000/PTX Series platforms, the L3VPN traffic might be dropped if one core-facing interface gets down in the L3VPN multipath scenario. 

JSA10883: Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel crash (CVE-2018-0049)

Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel crash (CVE-2018-0049). Please refer to https://kb.juniper.net/JSA10883 for more information. 

The kmd crashes with core file after bringing up IPSec connection.

On ACX, M, MX and T platforms, after bringing up IPSec tunnels, if issuing show command, kmd crash might be seen. 

Configured bandwidth 0 does not get applied on RSVP interface

When RSVP interface is configured with bandwidth 0, the bandwidth value 0 does not get applied, but overwritten with the default interface bandwidth. It might lead to unexpected behavior of LSP setup. 

BFD flaps are seen on PTX or QFX10K platforms with inline BFD

With inline-BFD configured on the PTX or QFX10000 platforms, BFD sessions might flap continuously. 

RTG MAC refresh packets will be sent out from non-RTG ports if the RTG interface belonging to the Virtual Chassis master flaps.

On EX4300/EX4600/QFX Series switches except for QFX10000, in Virtual-Chassis and RTG scenario, if the RTG (redundant trunk group) interface flaps on VC master, RTG MAC refresh packets will be sent out from all the ports which is belong to the same VLAN. Normally, the MAC refresh packets are used to refresh MAC entries on the peer L2 device connected to the RTG ports. 

Forwarding issue on mixed link-speed AE interface after FPC reloads

On PTX series, in mixed link-speed AE interface scenario, if the FPC which hosts one of the member links of the AE reloads and after the FPC comes back, the member link of the AE on the FPC recovers to be up and joins the AE bundle, but the member link is not able to forward traffic, which results in uneven load-balance or black-hole of the AE interface traffic. 

The knob routing-engine-power-off-button-disable does not work on MX204 and MX10003

The knob routing-engine-power-off-button-disable does not work on MX204 and MX10003.