QFX10002-60C: Commit should deny when mixed L2 and L3/L4 match conditions are configured on an L2 filter.

This issue applies to QFX10002-60C platform only. When the user configures an L2 filter with mixed L2 and L3/L4 match condition, error syslog is displayed to the user. The above has been corrected. With this fix, JUNOS software denies a commit when mixed L2 and L3/L4 match conditions are configured on an L2 filter.

An enhancement for better accuracy on the drop statistic of the command "show class-of-service fabric statistics"

The output of the CLI command "show class-of-service fabric statistics" now calculates traffic that was dropped because of internal errors in the fabric forwarding path.

Some storm-control error logs might be seen on QFX-series platforms

On QFX Series platforms, in a corner scenario with a Virtual Chassis setup, if storm control configuration is enabled on interfaces and multicast traffic ingresses on the interfaces, some storm-control error logs might be observed on these interfaces. It is only seen in one customer setup and not reproducible in a local setup. Also, it is just a logging issue and has no traffic impact.

l2ald process may crash and generate a core on EX2300 VC when converted a trunk port to dot1x access port with tagged traffic flowing

l2ald process may crash and generate a core on EX-VC when converted a trunk port to dot1x access port while tagged traffic is flowing. There may be a race-condition, where interface mode is being changed while traffic is running and l2ald has processed interface delete but dot1x has not.

The rpd might crash under a rare condition if GR helper mode is triggered

When a graceful restart is configured on the BGP peer device, if the peer device initiates new TCP connection when there is an existing TCP connection for the BGP session, send an OPEN message and this new TCP connection also get torn down immediately after establishment/sending of the OPEN message. The rpd might crash.

The IRB transit traffic might not be counted for EVPN/VXLAN traffic

On QFX10002\QFX10008\QFX10016 Series platforms with EVPN/VXLAN deployment scenario, the transit statistics of Integrated Routing and Bridging (IRB) interface might fail to be counted for the EVPN/VXLAN traffic, but it works for the regular IRB interface.

The rpd might crash when traceoptions are enabled

When traceoptions are enabled with a lot of trace flags or 'flag all', the rpd might crash due to buffer overflow issue. This is a timing issue.

JUNOS FUSION: "show chassis hardware satellite" command is not available on 17.3 JUNOS versions

JUNOS FUSION: "show chassis hardware satellite" command is not available on JUNOS versions 17.3

The process rpd crash may be observed with EVPN type-3 route churn

In an EVPN scenario, rpd may crash with EVPN type-3 route churn due to a race condition (Incorrect sequence of allocating and freeing memory for processing the updates between BGP and EVPN).

The rpd process crashes when LSP template for a provider tunnel is changed

In an MVPN scenario, when the P2MP LSP template for a provider tunnel is changed, the rpd process might crash due to the previous template not being unlinked correctly.

MPC card/AFEB/TFEB with Channelized OC MIC might crash with a core dump

On MX-series platforms, if Channelized OC MIC (such as 1xCOC12/4xCOC3 CH-CE) is used, the MPC card/AFEB/TFEB (Forwarding Engine Board) might crash with a core dump. This is not easily reproducible. The traffic through the MIC would be impacted.

The PPPoE subscribers are unable to reconnect after FPC reboot

In the scale subscribers management environment, the PPP inline keepalives don't work after all the AE (Aggregate Ethernet) member link line cards reboot. This issue may cause the PPPoE subscribers are unable to reconnect.

JUNOS rpd core seen after a couple of config rollback event from baseline config to PDT profile config

JUNOS RPD core seen after multiple configuration rollback events from baseline config to configuration with large BGP+IGP configuration. In certain events, a change in import policy or resolution rib at the same time when BGP peer is shutting down can cause inconsistencies in Next-Hop entries, in causing RPD process coredump.

The MTU might change to a Jumbo default size on PFE side after deleting and re-adding the interface

On EX and QFX platforms, if there is no manually MTU configuration, the MTU changes to be the Jumbo MTU after deleting and re-adding the interface.

Change the default parameters for resource-monitor rtt-parameters

Default parameters for reource-monitor rtt-parameters have been changed from 3 X 5 = 15 seconds to 1 x 3 = 3 seconds.

The port at FPC(e.g. JNP10K-LC1101) might fail to come up

On rare occasions, the port at FPC(e.g. JNP10K-LC1101) might fail to come up due to the retimer initialization failure upon the FPC reboot/OIR and a QSFP OIR.

MIB OID "dot3StatsDuplexStatus" shows the wrong status

On SRX Series devices, the result of MIB OID dot3StatsDuplexStatus shows full duplex for the interface which the status is half-duplex due to auto-negotiation failure.

Resources might be reserved for stale RSVP LSP when RSVP is disabled on the interface

If Resource Reservation Protocol (RSVP) is disabled on the incoming interface of a transit Label-Switching Router (LSR) along Label Switched Path (LSP) requesting link protection, no PathTear message is sent downstream. Hence all LSRs downstream retain the LSP till the state ages out. As the LSRs use long refresh interval by default, it will take approximately an hour and a half for the LSP to age out on the downstream LSRs.

Storm control not shutting down the mc-ae interface

On QFX10000 platform, when storm-control profile is applied on an mc-ae interface, although the traffic exceeds the bandwidth of the storm configuration it is not getting shut down, but storm-control works on regular interfaces.

The vlan tag is wrongly inserted on the access interface if the packet is sent from an IRB interface

With the access interface configured on MPC7E/MPC8E/MPC9E/MX10k-LC2101/MX10003/MX204, the vlan tag is wrongly inserted on the access interface if the packet is sent from an IRB interface.

Error logs might be observed after performing ISSU

On MX platform with MPC2E-NG-2Q/MPC3E-NG-3Q, after performing ISSU, the error logs might be observed and the interfaces queue statistics on the affected MPC might stop incrementing.

BGP stuck in Idle (Close in progress) after rpd start on the peer

If a new BGP open connection comes when in Established Sync state (waiting for NSR to sync, before the session goes all the way to established), the peer will end up not closing correct

The support of inet6 filter attribute for ATM interface is broken in the release 17.2R1 and onwards

On all Junos platforms with the release 17.2R1 and onwards, the support of inet6 filter attribute for Asynchronous Transfer Mode (ATM) interface is broken by mistake.

Traffic blackhole might be seen due to a long LSP switchover duration in RSVP-signaled LSP scenario

In RSVP-signaled LSP scenario with LSP bypass path configured, when all interfaces on a transit node along primary LSP are brought down, the LSP might not go down on the ingress node, it will take 3-4 minutes before LSP switchover begins and cause a long traffic blackhole.

Mac learning might not happen on trunk mode interface in EVPN/MPLS scenario

On QFX10k platforms with EVPN scenario, if an EVPN instance is created via the statement "set protocols evpn encapsulation mpls", then the MAC learning might not happen on the CE-facing interface if the interface is configured with trunk-mode, because the solution of EVPN/MPLS is not currently supported on QFX10000 Series devices.

The IPv6 neighbor might become unreachable after the primary link goes down in VPLS multihoming scenario

In VPLS (Virtual Private LAN Service) multihoming with LSI (Label-switched Interface) interfaces used scenario, if the IPv6 neighbor is established via the VPLS, the IPv6 neighbor might become unreachable after the primary link of the VPLS multihoming goes down. The issue results in traffic loss for the IPv6 neighbor.

Traffic loss might be seen on the ae interface on QFX10000 platforms

On QFX10000 platforms(QFX10002/QFX10008/QFX10016), and there is an ae interface which has at least 2 child links, which are located on different PFE chips, and this ae interface is added to a VXLAN VLAN with IRB as an access interface, if ae membership changes, for example, removing one child link from the ae, traffic loss might be seen on the ae interface.

The rpd crash might be seen if l2circuit/local-switching connections flap continuously

On all Junos platforms, if there are multiple interfaces configured under a single l2circuit/local-switching, and each of these interfaces has a description field configured under them when l2circuit/local-switching connections flapping continuously, memory usage increment might happen, eventually, it will result in rpd crash because of running out of memory.

The IPsec tunnel might get down when the Junos platforms and the peer both act as the initiator and try to bring an IPsec tunnel up at the same time

In the scenario where the the Junos platforms and the peer device both try to simultaneously bring up an IKE SA and both sides act as an initiator for separate tunnels, if one of the IKE negotiations fails and the other one is successful, then during the clean up of failed negotiations, it will perform a tunnel failover process which used to delete the IKE SA only on one side. And due to the fix for PR 1369340, it stops sending the IKE delete notification to the peer in the tunnel failover condition, which leads to this situation where the IKE SA is deleted on one peer while the other peer continues to have the same IKE SA. So some functional impact about the IPsec SA would be seen and then the IPsec tunnel might be down. If DPD (Dead Peer Detection) is not configured, the system will continue to remain in this state until this IKE SA is deleted after its hard lifetime expiry.

The system does not reboot or halt as configuration when encountering the disk error

Even though "disk-failure-action reboot" or "disk-failure-action halt" is configured, the system does not reboot or halt as expected when it encounters the disk error.

Mac overlapping between different switches

If the 2 consecutively produced switches placed in the same L2 network, then their MAC might have overlapped before this fix.

SNMP (ifHighSpeed) value is not getting appear properly only for VCP interfaces, it is getting appear as zero.

On EX4300 switches, SNMP (ifHighSpeed) value is not getting appear properly only for VCP interfaces, it is getting appear as zero.

VC split after network topology changed

In Virtual Chassis (VC) scenario, when the interfaces flaps or VLAN configuration is changed frequently, the network topology will be changed accordingly, then CPU utilization will be dramatically increased to very high within a short time, which might cause the failure of essential communications between VC master and members. When the failure happens, FPC will automatically restart. As a result, VC is split and traffic is lost.

QFX5100-VCF - 'rollback' for uncommitted config takes 1 hour

Performing "config# rollback 0" may takes a long time to complete.

IPv6 traffic might be dropped when static /64 Ipv6 routes are configured

On EX4300, when static /64 IPv6 route is configured and points to the interface where uRPF is configured, IPv6 packets which match the routes might be dropped.

The dcpfe process might crash and restart in MC-LAG scenario when the ARP/NDP next-hop is changed

On QFX10002/QFX10008/QFX10016 Series platforms with enhanced MC-LAG scenario, the dcpfe process might crash and restart if the ARP/NDP next-hop is changed.

PTX10K/LC1101: when an interface is configured with jumbo frames support (e.g. MTU = 9216), the effective MTU size for locally sourced traffic is 24 bytes less than the expected value

PTX10K/LC1101: when an interface is configured with jumbo frames support (e.g. MTU = 9216), the effective MTU size for locally sourced egress traffic is 24 bytes less than the expected value. This issue is confined to locally originated traffic only and does not affect transit traffic.

Data port LED's are off even while interfaces are up

Data Port LEDs were off even when the interfaces came up. This PR fixes the issue. Now, the data port LEDs are ON when the interfaces are up.

The LDP might withdraw a label for an FEC once the IGP route is inactive in inet.0

If LDP is used without using egress-policy, when the route from other routing protocol is preferred over the IGP route in inet.0, e.g. BGP-LU route exported in inet.0, LDP might withdraw the FEC label hence causing LDP traffic to get lost.

The delay in transmission of BPDUs after GRES might result in loss of traffic on EX2300/3400 VC

On EX2300/3400 virtual-chassis platforms in GRES/NSB scenario, if the RSTP/MSTP is enabled, after the shutdown of the master RE (by 'request system halt' or power shutdown), the GRES is triggered but the delay in transmission of BPDUs might occur for several seconds. Apart from this, if the 'bpdu-timeout-action block' knob is enabled on the RSTP/MSTP peer, the STP re-convergence might occur instead of RSTP/MSTP re-convergence, which results in traffic loss for about 30 seconds.

[QFX10008] After RE switchover, led status is not set for missing fan tray.

Fan led not set when lcmd detects a missing fan at startup.

When forward-only is set within dhcp-reply, dhcp declines are not forwarded to server

When forward-only is set within dhcp-reply configuration, dhcp declines are not forwarded to server This can be seen with traceoptions is set and a duplicate MAC address is sent to server.

EX4300 without soft error recovery(parity check, correction and memscan) enable

EX4300 has enabled the soft error recovery feature on the PFE, which can automatically detect the PFE parity error and recover by itself.

The optical power of interface may gradually reduce the optical power for almost 3 mins after issuing "request system reboot at now" on QFX5110/5120/5210

On QFX5110/5120/5210, optical interface like 1G/10G SFP/SFP+ may take almost 3 mins to reduce the tx power to "0" on the other end of the interface, after issuing "request system reboot at now" command.

"show isis adjacency extensive" output is missing state transition details

CLI command 'show isis adjacency extensive' output in text format is missing some details from the adjacency transition log. The output in XML format is still correct.

Traffic might be sent on the standby link of AE bundle and get lost with LACP fast-failover enabled

On all Junos platforms, if Link Aggregation Control Protocol (LACP) fast-failover is enabled, The same weight might be installed for both active and standby links of the Aggregated Ethernet (AE) bundle. Due to this issue, the traffic will be sent on both active and standby links and leads to traffic loss on the standby link.

Outer VLAN tag may not be pushed in the egress VXLAN traffic towards the host for QinQ scenario

In EVPN-VXLAN with QinQ scenario, if the "encapsulate-inner-vlan" knob is configured on some VXLANs but not configured on some other VXLANs, and after an interface flap OR a configuration change, the switch may stop pushing the outer VLAN tag towards host for QinQ scenario.

The operations on console might not work if the knob "system ports console log-out-on-disconnect" is configured

With the knob "system ports console log-out-on-disconnect" configured, if executing some operations on console, the console operations might fail to work properly.

SRLG entry shows Uknown after removing it from configuration in show mpls lsp extensive output or show mpls srlg. Shows Unknown-0xXX (XX will vary)

After deleting srlg from an interface under (protocols -> mpls or routing-options -> srlg, Unkown-0xXX (XX will vary) can be seen in the output of show mpls srlg and under show mpls lsp extensive for previously configured LSPs. No known impact due to these Unknown entries.

The kmd process may crash when DPD timeout for some IKEv2 SAs happens

If IPsec with IKEv2 (Internet Key Exchange Version 2) used and multiple IPsec peers are established behind the same NAT (Network Address Translation), the kmd (Key Manager Daemon) process may crash if DPD (Dead Peer Detection) timeout for some IKEv2 SAs (Security Association) of these peers happens. The issue may result in IPSec traffic loss.

IPv6 neighbor solicitation packets getting dropped on PTX

In IPv6 scenario on PTX platforms (including PTX3K/5K with FPC3, PTX1K, PTX10K), when a parity error which is due to hardware error occurs on FPC, the neighbor solicitation (NS) packets might get dropped. It will cause IPv6 neighbor discovery failure, and no relevant alarms or logs are reported during the issue.

PFE memory leak might be seen if MLPPP links are flapped

On all Trio-based platforms, MLPPP links flap continuously might result in PFE memory exhaustion. Furthermore, the PFE crash might be seen due to running out of memory.

The device might not be accessible after the upgrade

On all Junos platforms, if upgrade a device to a newer version and 'retry-options' knob exists in the configuration file, after the upgrade, the older version of login-attempts and login-locks exist on an upgraded device, under these circumstances, the device might not be accessible via ssh/telnet/console, meanwhile, the sshd process crash might be seen.

With SR enabled 6PE next-hop is not installed

With "no-ipv6-routing" enabled under isis, inet6.3 table was not getting created, which affected 6PE and 6VPE scenarios.

Asynchronous ARP table and ethernet switching table happens if EVPN ESI link flap multiple times

There are 2 issues in this PR. Issue 1: On QFX5000 platform, if EVPN ESI link flap multiple times, ARP entry points to incorrect IFL (RVTEP or AE IFL), so that synchronous ARP table and ethernet switching table happens. Issue 2: On all junos platform, if EVPN ESI link flap multiple times, ARP entry is not cleaned up and remain in only one of the PE programmed incorrectly, so that synchronous ARP table and ethernet switching table happens.

BGP session flaps when Invalid Update Message sent to iBGP in independent-domain Scenario

In scenario when "autonomous-system independent-domain" is configured, in corner case, the BGP update message can get get malformed at "AttrSet(128): Origin AS" which can cause BGP flap. The trigger is generation of transitive path attribute 128 (attribute set) with attrset length between 252 to 255. The independent domain scenario by default uses path attribute 128, but if this were disabled via the knob no-attrset, then the trigger would be eliminated.

On QFX10K platforms, SIB and FPC minor Link Error alarms might happen on QFX10K switches due to a single CRC

SIB and FPC Minor alarms might happen on QFX10K switches due to a single CRC in the internal Fabric link. Example: show chassis alarms 2 alarms currently active Alarm time Class Description 2019-05-12 18:20:26 UTC Minor FPC 4 SIB Link Error 2019-05-10 00:47:16 UTC Minor SIB 5 FPC Link Error

IRB IFL is not up when local L2 member is down and IM NH present

In EVPN scenario, IRB subunit is marked down when local L2 interfaces are down even though IM route exists

The FPC/pfex crash may be observed due to DMA buffer leaking

On EX2300/EX3400/EX4300/EX4600 platforms, DMA buffer leaking may be hit once the next-hop of received traffics is not resolved and eventually to cause an FPC/pfex crash if the DMA buffer runs exhaustion.

Firewall process crash can be seen with Multifield Classifier configuration.

In scenarios where a customer is configuring multifield classifier, the firewall process may crash due to a missing check in the code.

Unknown SNMP trap (1.3.6.1.4.1.2636.3.69.1.0.0.1) sent on QFX5110 restart

Unknown SNMP trap (1.3.6.1.4.1.2636.3.69.1.0.0.1) sent on QFX5110 restart.

BGP route next-hop can be incorrect in some scenarios with PIC edge configuration

BGP route next-hop can be incorrect in some scenarios with PIC edge configuration

The next-hop mac address in the output from "show route forwarding-table" command might be wrong

Cosmetic problem cli display of wrong next hop mac address in show route forwarding-table command.

The sdpd process may continuously crash if there are more than 12 cascade-ports configured to a satellite device

In Junos Fusion scenario, if there are more than 12 cascade-ports configured to a satellite device (SD), the satellite discovery and provisioning process (sdpd) may continuously crash after committing, as a result, the SD cannot be managed from the aggregation device (AD). Traffic loss may not be observed right after sdpd crash, and since it's continuous to crash if there is no interruption, the related FPCs on AD device may reach 100% CPU utilization.

Mixed ae link-speed throwing log errors "kernel: bundle ae1.32767: link et-1/0/0 not added due to speed mismatch"

Adding a child link with a mixed speed to an existing bundle may fail when creating new bundle sub-interface (i.e. for new VLAN's), this was caused due to an improper handling when adding the new child member to the bundle, "speed-mismatch" was not read correctly in the parent bundle hence it complains about the speed mismatch.

Configuring ESI on a single-homed 25G port might not work

In an EVPN scenario, if the 25G interface of CE (Leaf node) is configured with an Ethernet Segment Identifier (ESI), and it actually only has a single-homed to reach its peer, that might cause the packets to the peer to be discarded.

The DHCP Snooping table might be cleared for VLAN ID 1 after adding a new VLAN ID to it

On EX/QFX-Series platforms with DHCP Snooping configuration, the DHCP Snooping table of default VLAN ID 1 might be cleared if another VLAN ID is added to the DHCP Snooping configuration. The impact is that all the hosts' traffic in the default VLAN 1 might be blocked, especially if other features that leverage the DHCP Snooping table (like Dynamic ARP Inspection) are also configured on the device.

The FPC might crash when PFE memory is exhausted

FPC might crash when PFE memory usage for a partition such as NH/DFW is high. Under low PFE memory condition log "Safety Pool below 25% Contig Free Space" or "Safety Pool below 50% Contig Free Space" might be observed.

Interfaces configured with flexible-vlan-tagging might loss connectivity

On QFX5000 series platform and related products (like ACX5K and EX4600), a port configured in service provider style (flexible-vlan-tagging) might lose connectivity over the native VLAN when additional tagged VLANs are added to it. The impact is that all the hosts' traffic over the designated native VLAN might be dropped.

Targeted-distribution for static demux interface over aggregate ether interface does not take correct lacp link status into consideration when choosing primary and backup links

The value of "lacp-port-mode" (or LACP mode on child-links of AE bundle) is always "0", irrespective of whether LACP is turned ON or OFF on AE bundle. Whereas the expectation is that as per the LACP mode (OFF/ACTIVE/PASSIVE) present on AE bundle, the same should be propagated to child-links. Since the lacp mode was not propagated to child links, Device Control Daemon (DCD) used to assign the links to subscribers only based on its physical status. But there were few links which were physically UP but lacp down, so traffic disrupted.

Error message "RPD_DYN_CFG_GET_PROF_NAME_FAILED: Get profile name for session XXX failed: -7", maybe seen in syslog after restarting routing daemon

Error message "RPD_DYN_CFG_GET_PROF_NAME_FAILED: Get profile name for session XXX failed: -7", may be seen in syslog after restarting routing daemon. This message may or may not impact any subscribers coming up. An earlier issue where few subscribers were seen offline along with this message is fixed by PR-1417574 but the message is still seen.

The "vlan all interface all" combination not working as expected under VSTP

In VSTP scenario, if flexible vlan tagging is configured on the interface and multiple IFLs are configured for the interface, if "vlan all interface all" is configured under VSTP, not all interfaces are enabled for this protocol.

DHCP offer packets towards IRB over LT interface getting dropped in DHCP relay environment

In DHCP relay environment, the DHCP offer packets from the server might get dropped towards IRB (Integrated Routing and Bridging) over LT (Logical Tunnel) interface.

DDOS violation for protocols with shared host-path queue even when PPS rate is below the configured bandwidth value

Fixed in 14.X53-D51, 17.3R4 ,17.4R3

Multicast traffic for certain groups might stop in Extranet NG-MVPN scenario

When the local-receiver in extranet instance and the multicast flow is regenerated from source after the previous multicast flow state timeout, this issue might happen. The multicast traffic will not forward since the SPT (Short path tree) wrongly established.

RIP routes are discarded by Juniper device when the next-hop field in the RIPv2 response packet contains a subnet Broadcast address

When RIPv2 neighborship is formed address between a Juniper device and a RIP device from a different vendor that encodes the next-hop field of a RIP response packet with interface IP address, RIP routes advertised by the neighbor would be discarded by the Juniper device if the interface IP addresses on the neighbor is configured with a subnet mask of 255.255.255.253 (/31 subnet). The PR fix allows for installation and propogation of RIP routes received in updates with next-hop set to subnet broadcast address, when RIP neighborship is configured over a /31 subnet.

ATT Whitebox : Mac+IP routes are not consistent // ATTip46103

Mac+IP routes are consistent when MAC aged out.

On PTX/QFX AE outgoing traffic might be dropped after changes are made to AE

On PE-chip based PTX/QFX platforms (including PTX1K/3K/5K/10K series, QFX10K series), if CoS IEEE-802.1 rewrite rule is configured and bound to the AE interface, traffic going out the AE interface might get dropped after changes are made to AE, due to nexthop install failure on ingress PFEs.

Memory may leak while processing PIM messages received over an MDT (mt- interface) in a draft-rosen MVPN

A memory leak may be seen in rpd for the "so_in" data structures while processing PIM messages received over an MDT (mt- interface) in a draft-rosen MVPN. The size of the so_in data structures can be monitored using "show task memory detail".

The packets originating from the IRB interface might be dropped in VPLS scenario

In VPLS scenario on the PE router, The packets originating from the IRB interface might be dropped, which look up for the LSI resolved on LT interface. In the multihoming VPLS scenario, the connect of the IRB interfaces between the multiple VPLS PEs might be broken due to this issue, which might result in dual master VRRP.

The rpd process might crash in inter-AS option B L3VPN scenario if CNHs is used

In inter-AS option B L3VPN scenario with chained composite next hops (CNHs) used, on autonomous system boundary router (ASBR), if the configuration family mpls on the ASBR to ASBR interface is missing, the rpd might crash when there is AS loop of the received inter-AS option B L3VPN routes. It is a timing issue.

Flow control does not work as expected on 100G interface of QFX5110

On 100G interface of QFX5110, flow control does not work as expected. As a result, QFX5110 may stop transferring traffic when receiving a pause frame on flow control disabled interface or flow control does not work though enabling it.

Few Path Computation Element Protocol (PCEP) logs are marked as ERROR even though they are not. Now severity of those logs are corrected as INFO.

1. Connection with rpd established! 2. Switched to master mode 3. received SIGHUP, handle configuration 4. Switched to slave 5. PCCD mastership is: %d 6. Delegation retry timedout: LSP id: %d with PCE: %s 7. Connection with pce %s (%s:%u) successful 8. Connection to pce %s (%s:%u) failed 9. PCCD received message '%s' from libpcep 10. PCClose received from PCE. Switching to new main PCE 11. No protocol trace configuration found 12. Could not get pce-group id from pce

The cfmd process might crash after a restart on Junos 17.1R1 and above

On MX platforms running Junos 17.1R1 and above, when enhanced-ip mode and CFM centralized mode ("no-aggregate-delegate-processing" konb is configured for CFM) are used , after a cfmd restart (e.g. device cold start/restart, RE switchover), the cfmd process might crash and could not run anymore.

Enhancement of add/delete a single vlan in vlan-id-list under interface family bridge

Enhancement of add/delete a single vlan in vlan-id-list under interface family bridge.

PIM (S,G) joins can cause MSDP to incorrectly announce source active messages in some cases

In the event of a network running: 1) a first-hop PIM router also being a rendez-vous point (RP); and 2) anycast RP in conjunction with MSDP; and 3) any-source multicast; and 4) a PIM last-hop router sending an (S,G) join when there is no traffic in the network matching the source and group, the first-hop RP will incorrectly send MSDP source-active messages to other MSDP peers. In other cases such as when the RP is not the first-hop PIM router, the traffic source needs to originate packets before the RP would originate MSDP source-active messages.

RSVP refresh-timer interoperability between 15.1 and 16.1+

Path message with long refresh interval (equal to or more than 20 minutes) from a node that does not support Refresh-interval Independent RSVP (RI-RSVP) is dropped by the receiver with RI-RSVP.

When a line-card is rebooted, the MC-LAG may not get programmed after the line-card comes back online

On QFX10002/QFX10008/QFX10016 series platforms with enhanced convergence is configured in an MC-LAG scenario, if a line-card that has MC-LAG links is rebooted, the MC-LAG may not function correctly after the line-card comes back up. The impact is that it might not block the BUM traffic received on the interchassis link (ICL) and might cause the MAC movement and packet loss on the downstream devices.

The kmd process may crash and restart with a kmd core file created if IP of NAT mapping address for IPsec-VPN remote peer is changed

The kmd (Key Manager Daemon) process is mainly responsible for IPSec key negotiation. When IPsec-VPN peers enable Network Address Translation-Traversal (NAT-T) and established IKE SA (IPsec security associations) with Dynamic Endpoint (DEP) tunnel through the intermediate NAT device, the kmd might crash when IP of NAT mapping for IPsec-VPN remote peer is changed. The kmd crash may result in IPSec traffic loss. When kmd crashes, the established IPsec tunnel will not be affected, unless the IPsec SA re-negotiate happens to take place during the kmd restarting. For the new establishing IPSec tunnel, it cannot be established until kmd comes back up automatically. In rare cases, the kmd will restart, but it may crash again.

The rpd might crash in OSPF scenario due to invalid memory access

In Open Shortest Path First (OSPF) scenario, rpd might crash when trying to resolve the Forwarding Address (FA) from an OSPF LSA type 5/7. The issue is due to accessing memory bytes exceeding the valid size, and occurs in rare condition.

Packets drop due to misssing destination MAC in the PFE

In l2backhaul-vpn scenario, when the link between client and PE goes down for over 40s, it will lead to client MAC getting expired on PE. So when packets are transited from PE to client, the packets will be dropped because client MAC is missing on PE.

Detached LACP member link gets LACP State as enabled in PFE when switchover because of device reboot

If particular set of events happened the status for detached LACP link may get turned on in PFE which may later create traffic blackholing for transit traffic.

The 1G interface on MX204 might stay down after the device is rebooted

On MX204 platform, the interface with the parameter "speed 1g" configured might stay down after the device is rebooted. This is a timing issue.

The process jdhcpd may crash after issuing the command "show access-security router-advertisement-guard"

On the platforms that don't support Router Advertisement Guard (RA Guard), such as PTX, after issuing the command "show access-security router-advertisement-guard", the process jdhcpd may crash.

Traffic Discarded for only specified VLAN in IPACL_VXLAN filters

When there is only one term containing user-vlan-id match condition and there are no other terms in the IPACL_VXLAN filter except discard, the discard action for non-matching traffic will work for only that VLAN which is specified under user-vlan-id and not for other VxLAN VLANs which are part of that trunk port on which filter is applied. This can be ignored by adding another term to the filter which doesn't contain user-vlan-id match.

The high CPU utilization of l2ald is seen after replacing EVPN config

The l2-learning CPU utilization might get high and remain stuck forever after switching configuration files several times between EVPN and non-EVPN (e.g VRRP) by loading the corresponding configuration file. Because of that some of the data in the device is not successfully clean up, when EVPN-config (virtual-switch) is removed and the Ethernet Segment Identifier (ESI) interface is configured in a non-EVPN routing-instance.

EX4300: TCAM Issues || Firewall Filter || NKKN_CORE_EX-4300_NEW pfex: DFWE DFW: Cannot program filter "test" (type FBF_VFP) - TCAM has 0 free entries and the filter requires 3 free entries.

TCAM programming issues seen on the switch with firewall filter applied on the irb. When the problem is triggered, device tries to program invalid ports (AE interfaces) which leads to deletion of filter entries causing issue. with the fix programming of invalid ports is skipped.

When using "set protocol mpls sensor-based-stats" and "ldp-tunneling", every time an LSP is added or changed, part of its data structure is not freed leads to KRT queue build-up

When using "set protocol mpls sensor-based-stats", and "ldp-tunneling" - every time an LSP is added or changed, part of its data structure is not freed which will cause the resources to be exhausted. Once the resource is exhausted, the KRT queue is built-up and new routes cannot be programmed in the forwarding engine causing transit packets lost.