Junos OS: RPD process crashes when BGP peer restarts (CVE-2019-0049)

Junos OS: RPD process crashes when BGP peer restarts (CVE-2019-0049); Refer to https://kb.juniper.net/JSA10943 for more information.

On QFX5100 platforms, LR4 QSFP can take up to 15 min to come up after VC reboot

On QFX5100 platforms, LR4 QSFPs might take take longer to come up than others (up to 15 minutes). This is a intermittent occurrence.

ACX5448: Not able to configure Bridge Domain more than 1024, Using 100G and AE interface in BD.

BD scale limit beyond 1024 is not available in this release.

QFX5120 : In VxLAN-EVPN configuration , transition from collapsed to non-collapsed L2/L3 GW and vice versa needs switch reload

On a QFX5120 system Transition from VXLAN/EVPN collapsed to non-collapsed L2/L3 GW and vice versa needs switch reload due to stale source vtep IP.

IGMP-snooping on EVPN-VXLAN might impact OSPF hello packets flooding after VTEP leaf reboot

In EVPN-VXLAN (Ethernet VPN - Virtual Extensible LAN protocol) scenario, if IGMP-snooping (Internet Group Management Protocol) is configured, OSPF (Open Shortest Path First) hello packets flooding might be broken after the VTEP (VXLAN Tunnel Endpoint) reboot. After the reboot, OSPF hello packets are received by the VTEP, but they might be no longer flooded out. The issue results in OSPF neighbor down which leads to traffic loss.

Junos OS: MX Series: An MPC10 Denial of Service (DoS) due to OSPF states transitioning to Down, causes traffic to stop forwarding through the device.

This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device's Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack.

Junos OS: OpenSSL Security Advisory [26 Feb 2019]

The OpenSSL project has published a security advisory for a vulnerability resolved in the OpenSSL library on February 28, 2019. Refer to https://kb.juniper.net/JSA10949 for more information.

The route-filter-list with non-continuous match might not work as expected after being updated

When route-filter-list is updated, the deletion of older router-filter-list is not taking effect. This results in both new and old router-filter-list presenting in the tree.

The 100G PSM4 optics connected ports go down randomly during a repeated power cycle

The 100G PSM4 optics go to a state where the link does not come up during a repeated power cycle on QFX5120 Series platforms. This issue happens more frequently when in a negative temperature environment (below -5 degrees Celsius).

Ping fails over Type-5 tunnel on IRB interfaces under EVPN-VXLAN scenario

On EVPN-VXLAN scenario with Type-5 route used, if ping Type-5 destinations over IRB interfaces, it might fail and packets are all dropped. The reason is that ethernet header is not added into packet to be encapsulated. And this incomplete ICMP ping packet is VXLAN encasulated, which causes failure.

QFX5120-32C: DHCP binding on client might fail when QFX5120-32C acting as DHCP server, this is seen only for channelized port

QFX5120-32C: DHCP binding on client might fail when QFX5120-32C acting as DHCP server, this is seen only for channelized port. For non channelized port (40G or 100G), this issue is not seen.

Traffic loss when one of logical interfaces on LAG is deactivated or deleted

If SP style config is used in EX4300, deactivated or deleted one of logical interfaces on LAG would cause traffic failure passing through the same LAG interface. Using EP style config will be a workaround.

Error seen on vmx with fpc0 ntpd[1040]: frequency file /var/lib/ntp.drift.TEMP: Permission denied

Due to incorrect file authority setting, below error may show up in the log every hour. ntpd[1040]: frequency file /var/lib/ntp.drift.TEMP: Permission denied

ON QFX5120-32C , BUM traffic coming over irb underlay interface gets dropped on destination vtep in PIM based VxLAN

BUM traffic coming over irb underlay interface gets dropped on destination VTEP in PIM based VxLAN

On MX204 Optics "SFP-1GE-FE-E-T" I2C read errors are seen when an SFP-T is inserted into a disabled state port

MX204 supports SFP "SFP-1GE-FE-E-T" from some releases. I2C read errors are seen when an SFP-T is inserted into a disabled state port, configured with "set interface <*> disable" cli command. [M LOG: Err] smic_mx1ru_8xsfpp_mpcs_i2c_read: - SFPP set start_addr failed [M LOG: Err] I2C Failed device: group 0x812 address 0x56 [M LOG: Err] mpcs_i2c_single_io: MPCS(0) ctlr 2 group 2 addr 0x56 prio 1 flags 0x0 failed status 0x1 [M LOG: Err] smic_mx1ru_8xsfpp_mpcs_i2c_read: - SFPP set start_addr failed [M LOG: Err] I2C Failed device: group 0x812 address 0x56 [M LOG: Err] smic_sfpp_ext_phy_get_linkstate: SMIC(0/1) - SFPP ext phy read failed [M LOG: Err] smic_phy_periodic DFE tuning failed for xe-0/1/2 [M LOG: Err] smic_periodic_raw: SMIC(0/1) - Error in PHY periodic function

All interfaces will be down and the dcpfe will get crash if SFP-T is inserted on QFX5210

On QFX5210 platform starts from Junos 18.1R1, all interfaces will be down and the dcpfe will get crash if SFP-T is inserted on QFX5210. All service will be impacted as all interfaces are down.

The traffic loss might start after deleting IRB logical interface

On QFX5000 and EX4600 platform with multiple IRB logical interfaces configured, after deleting one of the IRB logical interfaces, packets destined to other IRB logical interfaces where MAC is not configured will get impacted.

Traffic drop might be seen after link flaps on vMX platforms

On vMX platforms, the link flapping for the ixgbe interface might trigger PF (Physical Function) to reset for ixgbe, but the VF (Virtual Function) reset will not be done. The issue results in traffic drop for the interface.

QFX5120 QSFP-100G-PSM4 become undetected and come back up as channelized interfaces

When using QSFP-100G-PSM4 transceiver on QFX5120, there is a possibility that after leaving setup idle more than 10 days, the port might not be available as it goes to channelized state and gets stuck there.

The rpd will crash continuously if MD5 authentication on any protocols is used along with master-password

On all junos platforms running 64-bit mode rpd, the rpd will crash continuously if MD5 authentication on any protocols (like MD5 authentication for BGP/ISIS/OSPF) is used along with master-password.

Interfaces may come to down after device reboots

On MX204/SRX4600/EX9251 platform, interfaces with the parameter "speed 1g" configured may come to down after device reboots, this is a timing issue and reproduced after about 50 reboots in the test.

QFX5120-48Y/EX4650-48Y: Interface with optic "QSFP-100GBASE-ER4L" is not coming up in "18.3R1-S2.1"

As part of PR 1410687 changes, behavior was modified to use sequential FPGA access even for single byte EEPROM reads while accessing QSFP transceiver EEPROM via FPGA hardware on QFX5120-48Y/EX4650-48Y. This exposed an issue in vendor driver code due to which high power optics like ER4L and LR4-T2 do not get powered on correctly and hence link does not come up for these optics. The issue is addressed in this fix.

DHCP-relay may not work in an EVPN-VxLAN scenario

On QFX5110 platforms with an EVPN-VxLAN setup, DHCP-relay may not work if the DHCP server is reached via the routes learnt through EVPN type-5 routes.

[evpn_vxlan] [default_switch_instance] Onyx - In Collapsed VGA4 script ping on shared ESI R6 to R7 irb address is failing

Sometime when the irb is trying to broadcast an arp request, the arp request may not go out of the chip due to sdk bug, which may lead to arp failure in QFX5120.

Ping fails over Type-5 tunnel on IRB interfaces under EVPN-VXLAN scenario

On EVPN-VXLAN scenario with Type-5 route used, if ping Type-5 destinations over IRB interfaces, it might fail and packets are all dropped.

Traffic drop might be seen after deactivate/activate "class-of-service"

On ACX5448 box, after issuing deactivate/activate "class-of-service", traffic drop might be seen.