Knowledge Search


17.3R3-S3: Software Release Notification for Junos Software Service Release version 17.3R3-S3

  [TSB17512] Show Article Properties

Alert Type:
SRN - Software Release Notification
Product Affected:
Alert Description:
Junos Software Service Release version is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts

Junos Software service Release version 17.3R3-S3 is now available.

The following are incremental changes in 17.3R3-S3.

PR Number Synopsis Description

ping mpls l2circuit not working when flow-label is enabled (FAT)

When Flow-Label (FL) is enabled for PW, the OAM packets were not sent with Flow-Label because RPD is not aware of the Flow-Label values assigned by PFE software. Hence the packets were getting dropped by PFE at the tail-end PE. The remote PE was expecting the packet with FL and PW label.


Tacacs access does not work after upgrade

The /etc/passwd file is created in the process of the first commit when a pristine jinstall image is used to boot for the first time. If event-options is configured, the system will try to read the configuration from the available event scripts, which requires privileges obtained from the /etc/passwd file. That causes a circular dependency because the commit will not pass if the configuration includes event-options the first time a pristine image boots up, which is the case of an upgrade performed with virsh create.


QFX5110: dcpfe might core upon changing the applied lo0 FF term in scaled conditions.

On QFX5110 switches, the dcpfe might create a core file when the applied lo0 firewall filter term is changed in scaled conditions.


Flexible PIC concentrator (FPC) crash/reboot is observed when bringing up about 12K Layer 2 Bit Stream Access(L2BSA) subscribers simultaneously.

In an L2BSA scaling scenario, after bringing up about 12,000 subscribers, one or more FPCs will reboot.


In JVision setup, the payload MTU(maximum transmission unit) might be much less than 16KB when subscribing to component sensor

RE sensors have a payload MTU of 16KB per packet, however 2.6KB is seen in JVision setup when subscribing to component sensor.


The rpd might crash by executing the command of "show route extensive" during deleting ISIS configuration

The rpd might crash by executing the command of "show route extensive" during deleting ISIS configuration


Multihop eBGP peering session exchanging EVPN routes can result in rpd core when BGP updates are sent

When eBGP multihop sessions exchanging EVPN routes are configured, a core can result due to an internal error.


PTX10K: an FPC may restart without a warning when the speed on an interface is by configuration

Without the fix, whenever a user changes pic or port speed, the affected FPCs will restart automatically. With this change, an alarm is raised and user intervention is required to take the effect.


Non-optimal route to source might be selected for NG-MVPN with unicast-umh-election enabled

The configuration knob unicast-umh-election for NG-MVPN (next-generation multicast virtual private network) might not work as expected in special cases. This knob is to use the unicast route preference for UMH (upstream multicast hop) selection. However the non-optimal route might be selected if the routes have the same IP address value in route-import community.


Memory leak in chassisd daemon might be noticed while streaming telemetry subscriptions are active

Memory leak in chassisd daemon is noticed while streaming telemetry subscriptions are active.


Replace "show vlans evpn" command to "show ethernet-switching evpn " command for EX92xx and QFX

"show ethernet-swtching evpn" command used in EX92xx and QFX is now replaced with "show vlans evpn " command.


JSA10911 Junos OS: Kernel crash after processing specific incoming packet to the out of band management interface (CVE-2019-0011)

The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address. By continuously sending this type of packet, an attacker can repeatedly crash the kernel causing a sustained Denial of Service. Please see for details.


In Junos Fusion the AD LAG interface might flap during SD upgrade or downgrade

During SD (Satellite Device) upgrade in Junos Fusion, there is a race condition that the LACP (Link Aggregation Control Protocol) defaulted PDU received from the peer device connected in a LAG (Link Aggregation Group) is incorrectly sent to AD (Aggregation Device) with AE ECID (E-channel Identifier) instead of member ECID, which causes that LACP PDU to be received on another member in the LAG, resulting in the LAG interface flapping.


Subscribers may fail to access the device after deleting the needless AE configuration

In subscriber management scenario with Dynamic Demultiplexing Interfaces(DEMUX) configured, in the case where subscribers belonging to one AE interface are migrated to a new configured AE interface, subscribers may fail to access the device after deleting the old AE configuration.


Port 0 does not come up in Qfx5100-48t member in mixed VCF

Port 0 of Qfx5100-48t does not come up in mixed VCF. As a workaround, use "phy diag xe0 dsc" command as of now from BCM shell upon reboot which brings up the port and stays up continuously until the next reboot


Executing "commit full" might cause disconnection from Streaming Telemetry

In streaming telemetry scenario, when performing "commit full", the na-grpd daemon might restart, causing disconnection of streaming telemetry.


GRE interface might not come up after deactivate/activating the routing-instances

GRE interface might not come up after deactivating/activating the routing-instances or related changes that might result in route table change.


Port XE-0/3/0 did not turn UP

The EEPROM contents were not read properly when 1gig SFP was plugged into a 10gig mic. Therefore a check is done to see if the contents are read properly or not.


Momentary dip in traffic when a GRES is performed.

On GRES the implicit filters set by DFWD are cleared by DCD. Hence we are seeing a momentary dip in traffic.


QFX5000 platforms may display fpc0 Error requesting CMTFPC SET INTEGER, illegal setting 37 observed after upgrade

QFX5000 series platforms may show the following ERROR MESSAGE: fpc0 Error requesting CMTFPC SET INTEGER, illegal setting 37 observed after software upgrade. 


The VRF static route might not be exported when route-distinguisher-id is used on RR in BGP L3VPN scenario.

In Border Gateway Protocol (BGP) Layer 3 Virtual Private Network (L3VPN) scenario, on the Route Reflector (RR) with Virtual Routing and Forwarding (VRF) instance deployed, the VRF static route might not be exported to bgp.l3vpn.0 table correctly. Hence the static route could not be advertised to remote device.


The rpd might crash when doing RE switchover with NSR and logical-system configurations

When doing RE switchover with NSR (nonstop-routing) and logical-system configurations, rpd core might happen. This issue is platform independent. And it would cause traffic or service impact.


Netconf over SSH traffic via TCP port 830 might hit the host path queue.

On QFX10000/PTX Series platforms, NETCONF over SSH traffic via TCP port 830 might hit the host path Queue that is unclassified. This can result in DDoS violations in the unclassified queue.


RLT sub-interfaces not reporting stats

RLT sub-interfaces not reporting stats


The MPC might crash when the MIC is removed

When the MIC is removed from the MPC, the MPC might crash.


PPE Errors async xtxn error when FPC is restart/removal

XTXN error seen at FPC restart (with or without impact) needs to be communicated to the customer. As it is not an expected behavior. 


ARP learning might fail after changing the interface MAC address

On QFX5000 Series switches, the PFE might drop the ARP reply packets after changing the interface MAC address.


Traffic loss might be seen on new master after the interface flaps followed by RE switchover in VRRP scenario

VRRP MAC filter will not be seen in PFE if interfaces flap followed by GRES, before VRRP state settles down after flap. During this time VRRP state is backup in master-RE and VRRP state is idle in Backup-RE.


The packets with destination-address cannot be matched by loopback filter

Firewall filter cannot filter packets with DstIP as 224/4 and DST MAC = QFX_intf_mac on loopback interface using a single match condition for source address


QFX5100 / 14.1X53-D46.7 / Storm control profile missing for interfaces in HW

On random initialization of QFX5100 the programming of storm control profile in missed within hardware on random interfaces. This is not visible over cli and the configuration still shows intact. This happens as a result of interface speed not properly getting detected within the hardware.


Some linecards might crash in subscriber scenario enabled with distributed IGMP

On MX platforms enabled with Next Generation Subscriber Management, if subscribers are enabled with distributed Internet Group Management Protocol (IGMP), and there are some stressful operations, e.g. subscribers login/logout as well as join/leave IGMP groups repeatedly, some linecards might crash due to the timing issue.


Command "show system virtual-memory | display xml validate" displays errors

xmlised output of "show system virtual-memory" was created under a single container(for each table format) with repeated tag names. Because of the repeated tag names in the same container xml validation was failing. Added changes to xmlise each row output of table format in a seperate container.


The IPv6 subscriber may fail to access network

The IPv6 subscriber may not be authenticated successfully and fail to access network because of missing attributes (agent-circuit-id & agent-remote-id) for radius-access-request packets if they are the needed parameters for radius authentication.


rpd cores at 'Assertion failed rpd[10169]: file "../../../../../../../../src/junos/usr.sbin/rpd/lib/rt/rt_attrib.c", line 3329: "rt_template_get_rtn_ngw(nhp) <= 1" ' on doing RE switchover with SRTE routes

When RPD reads nexthops from Kernel on restart, for INH -> FWD NH{List NH} -> {Chain NH} scenario, RPD should not create old-style List NH for the forwarding nexthop.


FPC core might be observed after GRES switchover

In the dual Routing Engine (RE) platform with telemetry sensor configured. After graceful routing engine switchover (GRES) switchover, flexible PIC concentrator (FPC) core might be observed in the master RE. This issue might impact the device traffic.


The PPM mode for BFD session in EX4300 is centralized and not distributed by default

Periodic packet management (PPM) is responsible for processing a variety of time-sensitive periodic tasks so that other processes on the EX Series switch can more optimally direct their resources. It has two modes: distributed PPM and non-distributed (centralized) PPM. The distributed PPM should be enabled by default (such as, in 14.1 or prior to 14.1 version). But BFD session over IRB (integrated routing and bridging) runs in centralized mode instead of running distributed mode in some versions. It may not cause service impact since the BFD sessions will come UP fine. However, when the RE CPU is very busy or when configured intervals are less than 300 ms then BFD sessions running over IRB may flap since the sessions are not distributed. Also, during RE switchover cases these sessions may flap if the configured intervals are less than 2.5 secs.


JDI-RCT:M/Mx: Traffic loss of 1% is seen during GRES phase of ISSU from 17.3-20180527.0 to17.3-20180527.0

JDI-RCT:M/Mx: Traffic loss of 1% is seen during GRES phase of ISSU from 17.3-20180527.0 to17.3-20180527.0


L2TP Access Concentrator (LAC) tunnel connection request packets may be discarded on LNS device

In subscriber management environment where LNS is deployed, if frequently changing the "local-gateway" of an L2TP tunnel on LNS device using "replace" command, the gateway may not be operational and the tunnel connection request packets sent by the corresponding LAC devices (having "remote-gateway" matching the LNS's gateway) may be discarded on LNS device.


Type 2 EVPN routes are missing after deactivating/activating protocol evpn.

Type 2 EVPN routes are missing after deactivating/activating protocol evpn´╝îbut arp can be learned.


QFX5210: MPLS LSP ingress statistics not incrementing / zero

Statistics of transit traffic does not increment LSP statistics signaled by RSVP-TE.


Log messages: kernel: tcp_timer_keep: Dropping socket connection

On QFX5110 with Junos version 17.3R1, it is possible to see the following logs in messages file: kernel: tcp_timer_keep: Dropping socket connection due to keepalive timer expiration, idle/intvl/cnt: 7200000/75000/8 kernel: tcp_timer_keep:Local(0x80000001:60287) Foreign(0x80000001:33015) These log messages are harmless.


On EX4300/EX4600/QFX3500/QFX3600/QFX5000 platforms, the l2ald process might crash in dot1x scenario

On EX4300/EX4600/QFX3500/QFX3600/QFX5000 platforms, during any client's dynamic VLAN membership creation in a dot1x scenario, the l2ald process might crash.


QFX52100: Filter with routing-instance applied to family inet logical interface (IFL) causes traffic to be discarded on unrelated interfaces.

QFX52100: Filter with then routing-instance applied to family inet IFL causes traffic to be discarded on unrelated interfaces


FPM board status is missing in SNMP MIB walk result

On EX9xxx, or MX240/480/960 platforms with FPM board, FPM board status is missing in SNMP walk result.


The "Disconnected after ISSU and before switchover" error might be seen and FPC is restarted during ISSU

The "Disconnected after ISSU and before switchover" error might be seen and FPC is restarted during ISSU


In case of MPLS ,DMR packets are sent with different mpls exp bits if MX receives CFM DMM packets with varying exp values on MPLS header

When below conditions are met, after traversing through MPLS network, if CFM DMM packets arrive with varying exps value on MPLS header, DMR packets sent with different MPLS exp bit. The varying bit may cause VLAN priority bit viariation, then impact the receiver end, if receiver only matches one particular priority bit. 1/ CFM delay measurement is configured on CE facing AE interface 2/fixed forwarding-class is not configured on interface COS setting.


Subscribers over AE interface might have tail drops which will affect the fragmented packets due to QXCHIP buffer getting filled up

On MX platform with MPC1/MPC1E/MPC2/MPC2E, Subscribers over AE interface can't utilize their bandwidth as packets larger than 1500 is dropped.


Forwarding broken after adding protocol EVPN extended-vlan-id

Traffic will dropp on PFE as "invalid L2 token" when protocol changes from VPLS to EVPN.


On QFX5k Series switches ISIS adjacency with Cisco might go down

On QFX5k Series, If ISIS packet is received with DMAC as 09:00:2b:00:00:05 (ISO 9542, All Intermediate System Network Entities Address) and Jumbo frame with EtherType as 0x8870 (non-standard, used by Cisco), such packet will be dropped, resulting in failure in the adjacency.


QFX satellite device may restart in JunOS Fusion solutions when copper SFP is used

When using QFX5100/5110/5200/5210 as a satellite device (SD), configuring a copper small form-factor pluggable (SFP) may cause the SD to restart unexpectedly.


MPC5E restarted at trinity_pio_io_func, pio_read_u32, xqchip_read_u32, xqchip_issu_disable_q_stats, qchip_issu_disable_q_stats, issu_asic_prepare (pfe_idx=0 '\000') at ../../../../src/pfe/common/applications/issu/jam/issu_jam_npc_pfe.c:65

In some configurations, ISSU prepare time on MPC5E takes longer than usual. As a result, the chassisd triggers restart/crash of the MPC . The ISSU completes after the crash.


The rpd might crash in EVPN scenarios when configuring EVPN

In EVPN scenarios, rpd might crash and generate a core file due to a memory allocation problem.


Constant dcpfe process crash might be seen if using an unsupported GRE interface configuration

On QFX platform, if configuring GRE interface and its underlying tunnel source interface in two different routing instances, although this is a limitation, but the configuration can be committed and will cause constant dcpfe process crash.


MAC move might occur in DHCP security scenario

On EX4300/EX4600/QFX Series switches except QFX10000, in DHCP security with override no-option82 scenario, if the DHCP packets from DHCP clients are received from the DHCP snooping trust interface (by default, all trunk ports on the switch are trusted), such packets might be sent back on the same interface, resulting in the MAC move of the source MAC on the other L2 devices.


Kernel crash might be seen after committing demux related config

In subscriber management scenario, if an AE interface is associated as the underlying-interface of a demux0 unit and both demux0 unit and AE unit (corresponding to the above AE interface) are configured with a duplicated VLAN id, kernel may crash after committing the config.


The rpd might crash after RE switchover is performed or the rpd is restarted if interface-based Dynamic GRE Tunnel is configured

With interface-based Dynamic GRE Tunnel configured, there might be 2 next-hops for a single dynamic GRE tunnel when a new route is resolved over the dynamic tunnel after RE switchover is performed or the rpd is restarted. Subsequent withdrawal of the routes over that tunnel or master Routing Engine restarting will cause the rpd crash. This issue is introduced in PR 1202926 (which is fixed in 15.1F7 16.1R4 16.2R1-S6 16.2R1-S6-J1 16.2R2 17.1R2-S7 17.1R2-S8 17.1R3 17.2R1).


MLPPP subscribers might be unable to negotiate sessions when the dynamic-profile name contains more than 30 characters

On MX platform which supports dynamic Multi-link Point-to-Point (MLPPP) subscriber, if the dynamic-profile name contains more than 30 characters, MLPPP subscribers might be unable to negotiate sessions with the server, and couldn't login due to this issue.


PFE is in a bad state after performing optics insertion/removal on a port.

On QFX5000 Series platforms, performing optics insertion/removal on a port might result in the PFE Manager CPU spike and eventually microcode failure.


Route entry might be missing when ISIS shortcut is enabled and MPLS link flaps

If ISIS shortcut is enabled and ISIS "topologies ipv6-unicast" is configured, when any link with no IPv6 address configured in the MPLS LSP path is flapping (or bring down and then up), the route entry go through this flapping link might be missing for about 10 minutes, which might lead to traffic loss. The issue is because when the flapping link is down and then up, the flash route update checks both IPv4 and IPv6 address family, since IPv6 is not configured for this link, the flash route update is not triggered, hence the route entry is missing.


The Routing Engine might crash after non-GRES switchover

When LAG-enhanced is disabled, one child next hop is created for each member link of a LAG interface. During the Non-GRES switchover, the kernel memory might be exhausted, which leads to the creation failure of the child next hop, hence the Routing Engine crash happens. This crash can be avoided by enabling LAG-enhanced.


The rpd might crash when executing RE switchover under BGP environment and route churn occurs

On MX/PTX/QFX platforms and in BGP environment, if GRES (graceful Routing Engine switchover) and NSR (Nonstop active routing) are configured, rpd might crash when doing RE switchover. The reason is that severe route churn events result in multiple cycles of addition/deletion of routes/labels. And due to a software bug introduced in 17.2R1, the labels freed up in the process may not get reallocated when executing RE switchover. As a result the rpd might crash.


The traffic might not be load-balanced equally across LSPs with ldp-tunneling configured.

When there are more than one RSVP LSP toward the same downstream neighbor and more than one such downstream neighbor exist, if one of the interfaces toward one downstream neighbor is brought down, the weight might become unequal for ECMP and then the traffic might not be load-balanced equally.


JNH memory leaks in multicast scenario with MoFRR enabled

On MX platform, with Multicast-Only Fast Reroute (MoFRR) enabled, if doing any change that causes to create a new rpf nexthop, JNH memory leak might be seen.


LDP convergence delay might be seen after IGP metric change with knob bgp-igp-both-ribs configured

In a large-scale BGP/LDP environment with 'protocols mpls traffic-engineering bgp-igp-both-ribs' configured, when IGP metric of interface is changed by configuration modification (commit), the metric change could get propagated to LDP slowly, leading to long delay of LDP convergence.


JDI-RCT: QFX5200 MCLAG: parse_remove_ifl_from_routing_inst() ERROR : No route inst on et-0/0/16.16386, errors seen after restart l2cpd daemon

JDI-RCT: QFX5200 MCLAG: parse_remove_ifl_from_routing_inst() ERROR : No route inst on et-0/0/16.16386, errors seen after restart l2cpd daemon


LSP with auto-bandwidth enabled goes down during HMC error condition

On PTX or QFX10K platform, when HMC (Hybrid Memory Cube) error occurs, LSPs (Label Switched Paths) might go down due to incorrect bandwidth requested for auto-bandwidth adjustment.


The filter service might fail to get installed for the subscriber in a scaled BBE scenario.

On MX platform enabled with enhanced subscriber management, if the subscriber profile initiates a filter service for each subscriber, and there are large scale of Broadband Edge (BBE) subscribers (e.g. 10k) logging in and out repeatedly, the filter service might fail to get installed for the subscriber due to this issue. In some rare condition, it might also lead to the Flexible PIC Concentrator (FPC) crash.


Address pool does not correctly cycle to the beginning of the pool when linked-pool-aggregation parameter is defined

In subscriber scenario, when "linked-pool-aggregation" is enabled on MX platform, the address pool might not cycle to the beginning of the pool and it might report "Out of Addresses" even though not all addresses are in use.


TPI-50840: qfx5110 ethernet-switching flood group shows incorrect information

TPI-50840: On the QFX5110, the Ethernet switching flood group shows incorrect information.


bbe-smgd cores continiously while deleting multicast group node from the tree.

In case of Centralized IGMP Configuration, bbe-smgd daemon may restart on an event of last subscriber of a multicast group is leaving the group. it is not able to delete this multicast group node from the tree, in this case on daemon restart, in INIT phase, bbe-smgd will again try to delete the multicast group node and its associated multicast group service and restart again, due to this bbe-smgd will never complete the INIT phase and restart continuously in INIT phase only.


"PE Chip:pe0[0]: IPW: oversize_drop error" causes Major error on FPC

PTX routers with FPC3s that encounter oversize_drop errors will trigger an FPC Major alarm with each error seen. The alarm should clear on its own. The severity of this alarm is being reduced as there is no lasting impact to the FPC.


Few L2BSA subscriber might be stuck in init/terminating/terminated status after previous logout

On MX platforms with Access Node Control Protocol(ANCP) triggered dynamic L2 subscriber management (L2BSA Service) scenario, if scaled L2BSA subscribers (e.g. 20K) login and logout repeatedly, together with other stressful operations, e.g. Graceful Routing Engine Switchover(GRES), some daemon restart (e.g. bbe-smgd, authd, dfwd, cosd, etc.), or Flexible PIC Concentrator(FPC) reboot, few L2BSA subscribers might be stuck in init/terminating/terminated status due to this issue. These affected subscribers can't login again after previous logout.


The 802.1P rewrite may not work on inner VLAN

If a logical interface (IFL) is configured with 802.1P rewrite-rules (for both outer and inner VLAN) and fixed classification, after deactivating Class of Service (CoS) on any other IFL, the packets sent from this IFL may still have the original 802.1P bit set in the inner VLAN without being rewritten.


SFB and PDM/PSU related info is missing in jnxBoxAnatomy MIB on high end MX routers (MX2010/2020).

SFB and PDM/PSU related info is missing in jnxBoxAnatomy MIB on high end MX routers (MX2010/2020)


Traffic black-hole with indirect next hop and load balancing

On EX4300/EX4600/QFX Series switches except for QFX10000, pass-through traffic might be dropped if using multiple routes with indirect next hop and load balancing.


The subscribers might be stuck in terminating state if radius redirect is used

On MX-Series platforms that act as a Broadband Network Gateway (BNG), the subscribers might be stuck in terminating state if radius redirect is used during the Session Database (SDB) synchronization.


PFE wedge may be observed if there are interfaces going to down state

On QFX10000 or certain PTX series platform, the Packet Forwarding Engine might get wedged if there are too many interfaces (for example, more than 35) with the physical or operational state changing to down, and for which the LACP force-up parameter is enabled, while the administration state is still up.


ECMP route installation failure with log messages like unilist install failure might be observed on EX4300 device

On EX4300 devices with two ECMP interfaces, if multiple iteration happens for one interface link goes down/up, stale ECMP entries might not be deleted and still be seen in hardware due to the next-hop delete failure and unilist install failure.


DHCP Discover packets might be dropped if there is VXLAN configured

On QFX5000/EX4600 platforms, if changing an interface from Virtual Extensible Local Area Network (VXLAN) to a member of an Aggregated Ethernet (AE) interface, the Dynamic Host Configuration Protocol (DHCP) relay would not work and the DHCP client would not get IP address normally.


Traffic might be dropped on third-generation FPCs on PTX.

On PTX with third-generation FPCs, if optics not certified by Juniper Networks (NON-JNPR) are used and there is specific traffic pattern with congestion, traffic might be dropped.


Protocol adjacency might flap and FPC might reboot if jlock hog happens

On all platforms and in scaling scenario, if doing some operation which causes jlock hog, the protocols adjacency might flap and all the FPCs might reboot.


Host destined packets with filter log action might reach the RE

On EX4300/EX4600/QFX Series switches except for QFX10k, if host destined packets (i.e., the destination address belongs to the device) come from the interface with ingress filter of log/syslog action (e.g., 'filter <> term <> then log/syslog'), such packets might not be dropped and reach the RE unexpectedly.


The RE might crash with various core files due to the deadlock issue on the SDB STS

In the system that uses session database (SDB), the deadlock might happen when getting the lock on the SDB short term storage (STS) due to a rare timing issue. It is more likely to happen on Enhanced Subscriber Management environment with large-scale subscribers (such as 50k subscribers). The issue will cause the master Routing Engine (RE) to crash with various core files and lose the management connectivity. And the subscriber service could be affected. The issue might happen on single RE system as well as dual RE system. In the dual RE system, the master RE crash could trigger a RE switchover. But the issue could cause the incomplete state on the SDB in the new master RE, which could cause the subscribers login failure. A restart of smg-service on the new master RE will recover this login issue.


Packet drops on interface if the knob "gigether-options loopback" is configured

On MX ,EX9200 and SRX5K platforms, with the knob "gigether-options loopback" configured on interface, if the interface is connected using copper SFP (SFP-T), packet drops might be seen.


Daemon dfwd might crash with DFWD_TRASHED_RED_ZONE log messages

In certain scenario with OTN options configuration, memory corruption might occur in dfwd (the firewall daemon) due to large IFL (logical interface) ifstate messages. This can lead to DFWD_TRASHED_RED_ZONE messages reported in dfwd log and occasionally dfwd crashes.


The 40G-SR4 transceiver might not be recognized after upgrading to qfx5100e OS

On the QFX5100 platform, after upgrading from a 'qfx5100' OS to a 'qfx5100e' OS via CLI (not via USB media), the 40G-SR4 transceiver might not be recognized, resulting in the invalidation. The chassis must be power cycle off/on to recover.


The unicast traffic from IRB interface towards LSI might be dropped due to PFE mismatching at egress processing

On all Junos with Trio platforms, the unicast traffic might get dropped when it is passed from an Integrated Routing and Bridging (IRB) interface towards label switch interface (LSI) if the Aggregation Ethernet (AE) load balancing adaptive or per-packet is configured.


The value of 'predefined-variable-defaults routing-instances' overrides the RADIUS-supplied VSA (26-1 Virtual-Router)

If the default value for the $junos-routing-instance predefined variable is configured (i.e. 'dynamic-profiles <> predefined-variable-defaults routing-instances <>'), the subsciber will come up in the configured default routing-instance even if RADIUS has already supplied the VSA of '26-1 Virtual-Router'.


The MPC6E might crash while fetching PMC device states

PMC device is OTN framer which is sitting on the MIC6-100G-CFP2. While fetching PMC states, CPU might be hogged by the thread more than 2.5 sec. If this occurs, MPC6E might crash.


The rpd might crash on backup RE after switchover

If vrf-table-label is configured for VRF routing-instance, after executing GRES or ISSU, the label (VRF table) which is not be released may be reused by another VRF. This might cause an rpd core on backup RE.


Flows are getting exported before the expire of the configured active timeout value.

The export of the Jflow records is seen at the collector before the expire of the configured active timeout value. This export result might not be the expected.


The DMA failure errors might be seen when the cache flush or the cache is full.

The DMA failure errors might be seen when the cache flush or the cache is full. It might cause the device not to accept ssh credentials and Virtual-Chassis to go into the hang state.


DHCP packets may be dropped on a Junos Fusion Data Center scenario (QFX10000 series)

In a Junos Fusion Data Center scenario where Satellite Devices (SD) are dual-homed to Aggregation Devices (AD), if the DHCP relay is enabled for at least one IRB and both the DHCP server and clients are connected to ADs over native ports, the discover packets sent from clients which are not using DHCP-relay may be dropped on AD device.


In a Junos Fusion (MC-LAG based) deployment with dual Aggregation Devices (ADs) and dual-homed Satellite Devices (SDs) it may be possible for SDs to get into a state where LACP will not transmit to attached end/client devices.

When a Satellite Device (SD) boots up (powered on) it receives the SD configuration file from the Aggregation Devices (ADs). If the SD is configured to be dual-homed to both ADs (connections from one SD to both AD1/AD2) it will receive a configuration file which instructs the SD to communicate to both ADs. If one of the ADs is offline at the time the SD receives the configuration file specifying AD Redundancy then the SD will not be able to properly transmit LACP PDUs until it communicates and synchronizes with both ADs as specified in the received configuration.


Adjusting mac-table-size configuration may cause l2ald crash

Sometimes L2ald might crash when try adjusting mac-table-size configuration.


The VC could not come up after upgrading to QFX5E platforms (TVP-based platforms for QFX5100 or QFX5200 switches)

On QFX5100/QFX5200-VC (Virtual-chassis) scenario, if the switches upgrade to QFX5E platforms (TVP-based platform), and when the VC ports are connected to the expansion modules (PIC0/PIC1), all VC ports might be down and the VC could not come up.


VDM # JFD - DHCP Not working for some clients in dual AD fusion setup

VDM # JFD - DHCP Not working for some clients in dual AD fusion setup.


Multiple bbe-smgd cored with reference to bbe_mcast_vbf_dist_policy_service_encoder( )

When commit, any changed policy was being pushed to PFE even if the policy is not used (installed in the PFE). This caused bbe-smgd process to restart unexpectedly at the bbe_mcast_vfb_dist_policy_service_encoder() routine.


Log Message: authd: gx-plus: logout: wrong state for request session-id 

When a Subscriber is Manually Logged out using CLI "clear network-access aaa subscriber username ", Following Log Message gets Printed (messages file) in process of when GX-Plus Module is Clearing/Freeing up the Subscriber Session-id from its Table. Aug 28 12:11:50 jtac-test-node: authd [XXXX]: %DAEMON-3: gx-plus: logout: wrong state for request session-id: 


IPSec VPN traffic might fail when passing through MS-MPC of MX with CGNAT enabled

While dynamic IP Security (IPSec) virtual private network (VPN) is re-keyed due to lifetime expiration, IPSec internet key exchange (IKE) phase 1 user datagram protocol (UDP) port 500 and phase 2 UDP port 4500 sessions would be translated into two different public internal protocol (IP) addresses while passing through carrier-grade network address translation (CGNAT), which causes IPSec VPN traffic to fail. This behavior does not cause issue for Juniper MX devices with MS-MIC or SRX devices since for such devices identify key is used to authenticate the sessions and it is allowed for private IP address to be translated into two different public IP addresses.


Traffic drop might be seen on QFX10K platform with EVPN/VXLAN configured

On QFX10K platform configured with Ethernet Virtual Private Network (EVPN) and Virtual Extensible LAN protocol (VXLAN), traffic drop might be seen for the Virtual Tunnel End Point (VTEP) tunnel interface due to this issue. It might also lead to Packet Forwarding Engine (PFE) crash in some rare condition.


DCD core can be seen after FPC restart if channelized interfaces are configured

If channelized interface coc1 is configured and FPC restart is performed then a core will generate and DCD restart can be seen. Currently we do not have any workaround for this issue. In case of all other interfaces core will not generate and normal behavior is seen.


ICMPV6 packets are not classified with static or multifield forwarding-class mapping.

ICMPv6 packets are hitting the dynamic ingress filter with higher priority, thus never reaching an MF or static classifier.


The lsi binding for the IPv6 neighbor is missing.

On ACX, EX, MX, QFX and Virtual Chassis Fabric platform, if irb interface is configured under VPLS instance, after switchover the lsi binding for the IPv6 neighbor might be missing.


The bbe-smgd might not respond the NS message for the SLAAC client on dynamic VLAN

On all MX-Series with dynamic VLAN and NDRA deployment for the subscriber access, the SLAAC (Stateless Address Autoconfiguration) client might not get the gateway MAC address from the BNG (Broadband Network Gateways), as a result, the SLAAC client will not get a link-local prefix and the IPv6 global connectivity will not be established.


Fabric drops might be seen if using a newer generation of MPC with SFB2

On MX2020, MX2010 and MX2008 platforms with SFB2 cards installed, if a newer generation of MPC (e.g. MPC type 3, 4, 5, 6, 7, 8 or 9) is installed into a slot which had MPC 3D 16x10GE, MPC type 1 or MPC type 2 previously installed, the available fabric bandwidth to the new MPC card would be rate-limited due to residual programming on the fabric planes. Traffic impact is observed during peak utilization.


MAC learning might stop working on some LAG interfaces.

On QFX10000 platforms, MAC learning does not work on some LAG interfaces after frequent MAC moves


FPC might crash on QFX5100 and EX4600 platforms in a large-scale scenario

On QFX5100 and EX4600 platforms, if the size of the configuration is huge, when upgrade from a lower release to a higher one, the FPC might crash.


Traffic destined to VRRP VIP gets dropped as filter is not updated to related ifl

On MX platform with enhanced-ip and VRRP configured, if remove/add a child link from AE bundles via "replace pattern" several times, traffic destined to VRRP VIP might be dropped.


LSP "statistics" and "auto-bandwidth" functionality may not take effect with single hop LSPs

In an Multiprotocol Label Switching (MPLS) scenario, label-switched path (LSP) "statistic" and "auto-bandwidth" functionality may not take effect with single hop LSPs on QFX10000 platform.


The vmcore might be seen when routing changes are made on the peer spine in an EVPN VXLAN scenario

On all QFX-Series platforms with a standard EVPN VXLAN scenario, when the eBGP is used for underlay and iBGP for the overlay, the OSPF neighborship is established between two IRBs on the spines, upon exporting OSPF routes on any of the spines, as a result, a routing loop might occur on the spine once it receives the OSPF route update and causes the Routing Engine to have a kernel crash with a vmcore generated on the peer spine.


An incorrect error message might be seen when Jflow sensors are configured with reporting rate less than 30 seconds.

On all TVP platforms for QFX devices (QFX10000, QFX5100, QFX5200 platforms), when Jflow sensors are configured with reporting rate less than 30 seconds, the error message was incorrect.


All the BGP sessions will flap after switchover.

With GRES and NSR enabled, if executing switchover, all the BGP session might flap


The bbe-smgd process might crash after commiting config changes

In enhanced subscriber management environment, the bbe-smgd process might crash after commiting config changes, especially when some parts of the dynamic-profiles are modified.


The rpd core file may be dropped due to a soft assert if non-BGP protocol route with an AS_PATH is used.

Rpd's route selection mechanism has multiple user-configurable mechanisms by which route ordering may be changed. To assist with debugging issues with defects in the route selection code, a function would generate a low priority soft core that didn't crash rpd when route selection was incorrect. However, there have been circumstances wherein not-best was incorrectly being determined. One such situation that is addressed in this PR involves when routes are learned or redistributed from non-BGP protocols and had an AS_PATH attribute. Using BGP route selection rules, if a BGP route and a non-BGP route had a leading AS_PATH with the same AS, BGP MED selection rules for grouping were being applied. Such MED election should only be done using BGP-only routes. Such a situation can come from various BGP carried VPN protocols wherein routes from the VPN protocol generated IPv4 routes when redistributed from one routing instance to another. An example of this would be an EVPN route.


When applying filter on loopback other firewall filters might not work

On EX4300 platform with TCAM (ternary content addressable memory) optimization enabled, when a firewall filter is applied on the loopback interface, the other firewall filters for multicast may not work.


The filter counter is not written to the accounting file when accounting is enabled on the bridge firewall filter

Whenever bridge firewall filter is configured and accounting is enabled on it, the filter counter is not written to the accounting file.


The ppmd on RE may run with high CPU utilization after RE switchover

In the rare case, ppmd on RE might stay high cpu usage after RE master switch event. There will be no impact on this problem.


High rpd CPU utilization on the backup RE might be observed in MVPN+NSR scenario

Under extreme case, Routing process under Backup Routing Engine might be under high utilization upon route updates.


sdk-vmmd may consistent write to the memory.

sdk-vmmd might consistently write to the memory.


Certain builds of Junos OS do not allow you to upgrade or commit configuration changes when the SI service interface is used.

Certain builds of JUNOS do not allow you to upgrade or commit config changes when the SI service interface is used. 17.2R3, 17.4R2, 18.1R3, 18.2R2, 18.3.R1, 16.1R8, 16.2R3 are known to encounter this issue. 


If FPGA on the new master CB has a specific hardware failure, the chassid might keep crashing after GRES switchover

On MX/EX/SRX platforms, after GRES switchover, if a chassis has bent-pin or failed Field Programmable Gate Array (FPGA) on the new CB has a specific hardware failure and fails to detect FPC presence properly, the chassisd might keep crashing.


IPV6 Next-Hop programming issue might be observed on QFX10K/PTX1K/PTX10K devices

On QFX10K/PTX1K/PTX10K devices, when 6PE (the 'protocols mpls ipv6-tunneling' knob) is configured, the IPv6 Next-Hop installation might be incorrect and it might cause IPv6 traffic drop. 


[ACX] MTU is not properly applied - and output of - ping mpls l2circuit sweep is giving lower values than expected

On ACX1x00/ACX2x00/ACX4x00 the MPLS MTU value is derived from the INET family MTU.


RPD core on backup routing-engine during neighbor-ship flap when using authentication-key with size larger than 20 character

RPD core on backup routing-engine during neighbor-ship flap when using authentication-key with size larger than 20 character. When using "security authentication-key-chains key-chain <*> key <*> secret <*> " with hmac-sha-1 algorithm and the secret key length is higher than 20 character, this causes memory corruption in RPD and later RPD crashes on backup RE.


The rpd process might crash when rp-register-policy is configured with more than 511 terms.

On all Junos platforms, when rp-register-policy is configured for Protocol Independent Multicast (PIM) Rendezvous Point (RP), and the policy is defined with more than 511 terms, if the incoming register messages doesn't match initial 511 terms in the policy, but match the term afterwards, the rpd process might crash due to this issue, therefore impact normal routing functions and service.


L2ALD core seen when l2-learning traceoptions were enabled.

L2ALD core may be seen when l2-learning traceoptions are enabled. This occurs due to a race condition when l2ald log file is getting rotated and simultaneously l2ald trying to write a new trace log message. Issue may not get reproduce easily.


The best and the second-best routes might have the same weight value if BGP PIC is enabled.

In BGP PIC (Prefix Independent Convergence) scenario, next-hop of unequal BGP multipath routes might have the same weight (0x1), resulting in unexpected load balance for traffic.


The l2ald process might crash when doing "commit check" for some specific configurations

On all Junos platforms, if bridge-domain parameters are defined in routing-instance group and applied to a routing-instance via apply-group, at the same time, the routing-instance type is setting to be "virtual-switch", and no bridge-domain is configured in the routing-instance, the l2ald process might crash during executing "commit check" or "commit" for these configurations. The l2ald process will restart automatically and therefore impact related Layer 2 service. Due to this issue, all the further commits will be blocked until the offending configurations are removed.


Unable to install licenses automatically on QFX platforms

On QFX Series platforms, it is unable to update licenses automatically with "request system license update" command.


After GRES switchover, LACP will be down on peer device and never been recovered automatically

On VC series platforms, RE switchover will cause LACP down on peer device as the LACP does not sync between master and backup RE.


BBE CST telenorSweden bbe-smgd core during inflight AE reconfigure action

BBE CST telenorSweden bbe-smgd core during inflight AE reconfigure action


IPv6 link-local address for virtual-gateway address is marked as duplicate in EVPN

In EVPN A-A mode, if the same link-local IPv6 address is configured on both IRB interfaces on the two PEs, DAD will mark one of the IRB interfaces as the duplicate.


IP ToS bits are not copied to outer IPSec header

On MX platform, if Dynamic End Points (DEP) tunnel is configured, IP ToS bits might not be copied from inner header to outer IPSec header.


TPI-57374:EVPN-VxLAN: DCPFE cored _bcm_field_td_counter_last_hw_val_update after upgrading spine with latest image.

Issue - A deadlock situation between pfeman thread and broadcom's linkscan thread causes watchdog trigger and results it dcpfe coring. Trigger - No specific trigger as such. Issue occurs sometimes in during the port init stage. Effect - dcpfe cores


The backup RE might get stuck in amnesiac mode after reboot

In the original implementation of inline LSQ (ICHIP), it was not possible to configure the "delay-buffer-rate" knob for buffer adjustment purposes. This restriction is not relevant for Trio family of ASICs anymore. The fix, committed as part of this PR, removes unneeded checks.


Invalid Layer 4 checksum might be observed on IPv4 packets generated by NAT64 with MS-DPC after translating fragmented IPv6 UDP/TCP packets

On MX-Series platforms wherever the MS-DPC or MS-PIC line card is used, when the router executes the NAT64 translation for the fragmented IPv6 UDP/TCP packets, invalid Layer 4 checksum would be observed on IPv4 packets generated by NAT64. The reason is that during fragmentation the first fragment`s next-header doesn`t point to the L4 information and hence wrong calculation is done at L4 checksum. And due to this invalid checksum, the traffic would be dropped. 


The rpd soft core might be seen when L2VPN is used.

RPD provides a mechanism to validate that route selection has successfully been done. When errors in route selection are detected, a soft core is dropped: RPD remains running, a single core file is dropped, it is rate limited to not do this frequently. When running L2VPN, BGP MED selection may be inappropriately run on the routes. As a result, the route selection sanity code will notice an unexpected result and leave a soft core.


The process rpd may crash in BGP setup with NSR enabled.

In BGP setup where "prefix-limit" is configured with teardown parameter and damping is configured, if a flapping route is received, the related figure of merit doesn't reach the "suppress-limit" but it causes the device to teardown the respective peer since the "prefix-limit" to be exceeded, then the process rpd may crash because of the corruption on the NSR process to resync the database entries.


The bbe-smgd process might crash when executing "show pppoe lockout"

On MX platforms for Point-to-Point Protocol over Ethernet (PPPoE) subscriber management scenario, the bbe-smgd process might crash when executing "show pppoe lockout".


All dcd operations might be blocked if profile-db is corrupt

In 'dynamic-profiles' scenario, if the profile-db is corrupt, all dcd operations are blocked. (e.g., not be able to add any interfaces). The device control process (dcd) is used to control the device's interfaces.


EX4300 might drop incoming ISIS hello packets when IGMP or MLD snooping is configured.

On EX4300 platform, when IGMP or MLD snooping is enabled, and ESIS/ISIS packets with below destination multicast mac-address are received, ESIS/ISIS packets are not flooded. It would cause ISIS adjacency establish failure. The MAC-level point-to-point addresses are: 09-00-2B-00-00-04 (AllEndSystems) 09-00-2B-00-00-05 (AllIntermediateSystems)


The Framed-Route beyond the first may not be installed in a DHCP subscriber management environment

In a DHCP subscriber management environment, the framed route beyond the first may not be installed to a subscriber session if receiving it from the radius which has more than one Framed-Route.


The authd might crash when issuing "show network-access requests pending" command during the authd restarting

The authd might crash when issuing "show network-access requests pending" command during the authd restarting.


The MPC might crash due to the CPU hogging by dfw thread

When a large amount of packets hit the firewall filter term action 'syslog' and a thread hogs CPU for more than 4 minutes, the MPC might crash.


In JUNOS Logical System, configuration of "chained-composite-next-hop ingress l3vpn extended-space" failed to commit after upgrading to 17.2/later releases

After upgrading JUNOS to 17.2 or later releases, the knob "chained-composite-next-hop ingress l3vpn extended-space" cannot be configured any longer on a Logical system.


The ICMPv6 packet with embedded IPv6 fragment might not be translated correctly to IPv4 ICMP packet in a NAT64 with MS-DPC deployment

On MX-Series platforms with MS-DPC deployed for NAT64, the translation for IPv6 packet to IPv4 packet might not be translated correctly when a node in IPv6 network sends an ICMPv6 Packet Too Big (PTB) message with an embedded ipv6 fragment towards a node in IPv4 network. This results in Path MTU discovery failure.


Some error logs might be seen on FPC when reading attempt from Uninitialized memory location

On all MX platforms that support enhanced subscriber management (Next Generation Subscriber Management) with L2TP subscriber scenario, when a packet arrives with size higher than LNS (L2TP network server) IFL (Logical interface) MTU and 'Do-not fragment' bit is set, because the micro kernel generates ICMP error messages and increment 'out-mtu-errors' in IFD (Pysical interface) stream counter, and then the OIF (Outgoing interface) index is wrongly programmed in LNS IFL output feature list. So some error logs would be seen when reading attempt from Uninitialized memory location. This only impacts the traffic from Core to LNS subscriber on PFE which needs to generate ICMP error message like MTU exceeded. It would not impact normal transit traffic. 


On newer QFX5K switches, file permissions are changed for /var/db/scripts files after reboot. This can impact scripts running on the box..

On newer QFX5K switches, file permissions are changed for /var/db/scripts files after reboot. This can impact scripts running on the box.


The cosd might crash during commit via netconf.

The cosd might crash during commit via netconf if excess-priority is configured. It is a timing issue.


Smg-service can become unresponsive

Issuing the cli show command "show services soft-gre tunnel" and then changing configuration of the router can make smg-service unresponsive, eg regress@leonis> show system subscriber-management statistics error: timeout communicating with smg-service daemon


JSRC used Radius Service accounting protocol instead of JSRC for SRC installed service

JSRC provisioned service used Radius Service accounting protocol instead of JSRC for SRC installed service


PTP timing is not working with subscriber management enabled

PTP timing is not working with subscriber management enabled


Config load override or load replace resets ANCP neighbours

In ANCP (Access Node Control Protocol) scenario, if executing configuration load override or replace, after the commit operation, All ANCP neighbour sessions might be restarted, even though without any ANCP configuration change.


When LDP dual-transport inet-lsr-id is set to non-primary ip address of loopback interface, L2circuit information is not advertised over the ldp session..

When "prototcols ldp dual-transport inet-lsr-id" is not the same as router-id, LDP fails to advertise l2circuit label mapping to its neighbor. Thus, l2circuit will not come up properly.


Fabric performance drop on MPC7/8/9E and SFB2 based MX2000 platform

On MPC7/8/9E and SFB2 based MX2000 Series platforms, code change done by PR 1336446 fixing MPC7/8/9E fabric re-ordering issue with SFB causes fabric performance drop. The throughput might not reach the expected value in high volume traffic scenario.


The stale si- IFL might be seen when L2TP subscribers with duplicated prefixes or framed-route login

If L2TP LNS uses inline service (si) interface and the routing service (such as framed-route) is configured in dynamic-profiles, when subscribers login with duplicated prefixes or framed-route, the LNS will reject the second subscriber due to route adding failure. But the si- IFL for the failure subscriber will be left in PFE as a stale IFL.

Modification History:
First publication 2019-01-18
Related Links: