Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.4R2-S2: Software Release Notification for Junos Software Service Release version 18.4R2-S2

0

0

Article ID: TSB17669 TECHNICAL_BULLETINS Last Updated: 04 Dec 2019Version: 2.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, and VMX
Alert Description:
Junos Software Service Release version 18.4R2-S1 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.4R2-S2 is now available.

Note:
Due to issues with IGMP snooping feature for QFX5K platforms QFX5K images will be released later on.

The following are incremental changes in 18.4R2-S2

 
PR Number Synopsis Category: EX9200 Control Plane. PR Descriptions
1435874 The mc-ae interface may get stuck in waiting state in dual mc-ae scenario
 
In dual mc-ae scenario, if an LACP active device reboots or all AEs are disabled/enabled on the device, the LACP partner and its mc-ae peer might have different partner system ID, it causes mc-ae to get stuck in waiting state hence have traffic impact in the network.
PR Number Synopsis Category:EX2300 & EX3400 PFE PR Descriptions
1423310 IPv6 multicast traffic received on one VC member might be dropped when egressing on other VC member if MLD snooping is enabled
 
With MLD snooping enabled, IPv6 multicast traffic might be dropped on Virtual Chassis (VC) if ingress and egress interfaces are on different VC members.
PR Number Synopsis Category:QFX access control list PR Descriptions
1441444 QFX5210: Firewall Filter DSCP Action Modifier does not work when Firewall Filter is mapped to IRB
 
When applying a firewall filter, which has a modifier to change the DSCP value of a packet, to an IRB interface, the action modifier has no effect.
PR Number Synopsis Category: QFX PFE L2 PR Descriptions
1437577 Physical link or MAC/ARP learning might not work for copper base SFP-T on QFX5100/QFX5110/EX4600
 
On QFX5100/QFX5110/EX4600 platforms, if copper base SFP-T is used, you may encounter either link does not come up or MAC/ARP learning might not work for the SFP-T.
1455161 Unequal LAG hashing might happen on QFX devices
 
On QFX5100/QFX5110/QFX5120/QFX5200/QFX5210 Series platforms with load-balance configuration, the uneven traffic distribution might be seen on the link aggregation group (LAG) interfaces.
PR Number Synopsis Category:QFX L3 data-plane/forwarding PR Descriptions
1355607 Some storm control error logs might be seen on QFX-series platforms
 
On QFX Series platforms, in a corner scenario with a Virtual Chassis setup, if storm control configuration is enabled on interfaces and multicast traffic ingresses on the interfaces, some storm control error logs might be observed on these interfaces. It is only seen in one customer setup and not reproducible in a local setup. Also, it is just a logging issue and has no traffic impact.
1355607 Some storm control error logs might be seen on QFX-series platforms
 
On QFX Series platforms, in a corner scenario with a Virtual Chassis setup, if storm control configuration is enabled on interfaces and multicast traffic ingresses on the interfaces, some storm control error logs might be observed on these interfaces. It is only seen in one customer setup and not reproducible in a local setup. Also, it is just a logging issue and has no traffic impact.
1383680 The IRB transit traffic might not be counted for EVPN/VXLAN traffic
 
On QFX10002\QFX10008\QFX10016 Series platforms with EVPN/VXLAN deployment scenario, the transit statistics of Integrated Routing and Bridging (IRB) interface might fail to be counted for the EVPN/VXLAN traffic, but it works for the regular IRB interface.
1422324 The same traffic flow might be forwarded to different ECMP next-hops on QFX5K platforms
 
On QFX5K platforms, when MPLS traffic with the same inner IP flow (same 5-tuples) landing via different physical ports and MPLS label is terminated on this device, and the inner IP flow will be forwared by ECMP next-hop, the same flow might select different next-hops. The traffic impact will depend on how the egress interfaces are connected to peer devices: 1. If all egress interfaces are connected to a same device, it will not impact traffic. 2. If all egress interfaces are connected to different devices, it might cause asymmetric routing or packets disorder.
1441402 Traffic might be dropped after the QinQ enabled interface is flapped or a change is made to the vlan-id-list
 
On QFX5K/EX4600 with SP (Service Provider) style VLAN configuration (in this method, each VLAN-ID is locally significant to a physical interface), if interface-mac-limit/mac-table-size is configured (i.e. software MAC learning is enabled) and the scale of MAC addresses on the box is more than 2000, traffic might be dropped after QinQ enabled interface is flapped or a change is made to the vlan-id-list.
1443507 IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present
 
On all Junos platforms which are enabled with MultiChassis Link Aggregation Group (MC-LAG), if there are multiple Integrated Routing and Bridging (IRB) interfaces present, and the Inter Chassis Link (ICL) is also connected over an IRB interface, when both MC-LAG peers have not learnt link-local addresses and IPv6 ping is firstly initiated from the remote peer, the Neighbor Solicitation (NS) packet might take ICL path and couldn't get answered properly.
1460688 The egress interface in PFE for some end-hosts may not be correct on the layer 3 gateway switch after it is rebooted
 
On edge-routed bridging (ERB) EVPN-VXLAN multihoming designs with QFX5110 and QFX5120 switches work as Layer 3 gateways, in some rare condition, when one of the switches acting as L3 gateway comes up after reboot, the egress interface in PFE for some end-host may not be updated to the correct next-hop interface in the hardware on that gateway. This issue cause traffic disruption for the affected end host
PR Number Synopsis Category: "agentd" software daemon PR Descriptions
1426871 The decoding of telemetry data at collector may not be proper if configuring the sensors
 
On EX and MX platforms, if configuring the sensors to stream data over UDP in static DB, decoding of telemetry data at collector may not be proper.
PR Number Synopsis Category: MX Layer 2 Forwarding Module PR Descriptions
1446568 The high CPU utilization of l2ald is seen after replacing EVPN config
 
The l2-learning CPU utilization might get high and remain stuck forever after switching configuration files several times between EVPN and non-EVPN (e.g VRRP) by loading the corresponding configuration file. Because of that some of the data in the device is not successfully clean up, when EVPN-config (virtual-switch) is removed and the Ethernet Segment Identifier (ESI) interface is configured in a non-EVPN routing-instance.
PR Number Synopsis Category: PFE issue for flowd on SRX SPU PR Descriptions
1438887 The local interface IPv6 address might be shown as "Tentative" if the LACP is enabled on RETH interface
 
On SRX5400/SRX5600/SRX5800 chassis cluster with Service Process Card 3 (SPC3), the local interface IPv6 address might be shown as "Tentative" and the next hop type of the corresponding IPv6 route might be "Reject" if the Link Aggregation Control Protocol (LACP) is enabled on RETH interface.
PR Number Synopsis Category:Junos Fusion Infrastructure PR Descriptions
1447873 Reachability issue of the host connected to the SD might be affected in Junos Fusion Enterprise environment with EX9200 series devices as AD
 
In a Junos Fusion Enterprise environment, when traffic originates from a peer device connected to the aggregation device and the ICL is a LAG, there might be a reachability issue if the cascade port is disabled and traffic has to flow through the ICL LAG to reach the satellite device. As a workaround, use single interface as the ICL instead of a LAG.
PR Number Synopsis Category: Subscriber Management OS Infrastructure library PR Descriptions
1414333 DHCP/DHCPv6 subscribers might fail to establish sessions on PowerPC based MX platforms
 
On MX5/10/40/80/104 platforms running with Dynamic Host Configuration Protocol version 4/version 6 (DHCPv4/v6) subscribers, if large-scale subcribers (e.g. around 3500 in total) try to establish sessions simultaneously from multiple access interfaces, the DHCPv4/v6 sessions might always fail to set up due to this issue. As a result, the session set up rate would be much lower than expected.
PR Number Synopsis Category: Subscriber Management routing PR Descriptions
1444696 Inline-keepalive might stop working for LNS subscribers if the knob "routing-services" is enabled
 
On MX PowerPC platforms (e.g. MX5/10/40/80/104) enabled with enhance subscriber management feature, if the "routing-services" knob is enabled for Layer 2 Tunneling Protocol Network Server (LNS) subscribers, the inline-keepalive feature might stop working which leads to subscriber sessions broken up and turned into stale sessions. This is a timing issue.
1458369 The subscriber routes are not cleared from backup RE when session is aborted
 
On MX platforms with enhanced subscriber enabled, the subscriber routes might not be cleared from backup RE when session is aborted. The bbe-smgd memory leak might be seen on the backup RE and subscribers could not login after switchover.
1464415 The PPP IPv6CP may fail if the knob "routing-services" is enabled
 
In the IPv6 or dual stack PPPoE subscriber management scenario, if the knob "routing-services" is enabled, the PPP IPv6CP may fail. This issue will cause that IPv6 PPPoE subscriber can not login successfully.
PR Number Synopsis Category: Subscriber Management Statistics daemon & libraries PR Descriptions
1461821 The BBE statistics collection and management process, bbe-statsd memory issue on backup RE
 
The BBE statistics collection and management process, bbe-statsd memory issue on backup RE
PR Number Synopsis Category: Border Gateway Protocol PR Descriptions
1351639 The rpd crashes in JunOS 16.1 or higher during BGP convergence
 
In JunOS 16.1 or higher, during BGP convergence, the input/output thread constructing the outgoing BGP PDU and manipulating the path attributes before hand-off the data to the socket. If this PDU length is zero, it will trigger an assertion and routing-protocol demon is restarting.
1382892 The rpd might crash under a rare condition if GR helper mode is triggered
 
When graceful restart is configured on the BGP peer device, if the peer device initiate new TCP connection when there is an existing TCP connection for the BGP session, send OPEN message and this new TCP connection also get torn down immediately after establishment/sending of OPEN message. The rpd might crash.
1430899 BGP knob "multipath multiple-as" does not work in specific scenario
 
By default BGP multipath is for load balance with BGP neighbors in same AS. For load balance with BGP neighbors in different AS, the knob "multiple-as" is further needed. However if the knob "multiple-as" is only configured in some BGP groups but not in all BGP groups, the expected load balance will not work.
1454951 Rpd might crash when multipath is in use
 
If multipath is enabled, in some certain conditions, the rpd core might be seen while secondary route resolution.
PR Number Synopsis Category: Subscriber Management Remote Access Server PR Descriptions
1444438 Test aaa ppp, output enhancement.
 
The output of "test aaa ppp" is missing "" tag.
PR Number Synopsis Category:MX Platform SW - Mastership Module PR Descriptions
1424187 The system does not reboot or halt as configuration when encountering the disk error
 
When the system encounters disk error or halted system (ex. memory leak), the chassisd might go in hung state with the blow error messages even though "disk-failure-action reboot" or "disk-failure-action halt" is configured.
PR Number Synopsis Category:Class of Service PR Descriptions
1428144 The host-inbound packets might be dropped if configuring host-outbound FC
 
On all Junos platforms, if class-of-service host-outbound-traffic forwarding-class is configured and the FC (Forwarding Class) is with an implicit/explicit discard action in the firewall filter, the kernel might classify the host-inbound traffic to the same FC and being discarded.
PR Number Synopsis Category: QFX Control Plane VXLAN PR Descriptions
1446957 ARP and IPv6 neighbor entries cannot be cleared when they are learned from EVPN multi-home ESI
 
ARP and IPv6 neighbor entries cannot be cleared when they are learned from EVPN multi-home ESI. The following commands will not clear ARP and IPv6 neighbor entries when they are learned from EVPN multi-home ESI. clear ethernet-switching evpn arp-table clear ethernet-switching evpn nd-table clear ethernet-switching mac-ip-table
1453865 JDI-RCT: EVPN-VXLAN NON-COLLAPSED:ARP will get resolved on non-TVP OPUS for Vxlan having vlan-id of 2
 
When there is a vxlan with vlan -id of 2 on a non-TVP opus, ARP will not get resolved.
PR Number Synopsis Category:Device Configuration Daemon PR Descriptions
1430966 EX92 unexpected "duplicate VLAN-ID" commit error
 
A problem with configuration parsing related to vlan-list overlapped between units on the same interface There was a redundant call for the vlan-id checking function called when vlan-id-list is configured. There was a condition present to avoid this redundant call which was broken as part of the PR-1238128 fix. PR 1430966 and PR-1238128 are fixed now.
PR Number Synopsis Category:CoS support on DNX PR Descriptions
1443466 RED drops might be seen after link flaps or CoS configuration changes
 
On an ACX5448 box, link flaps or CoS configuration changes (specific to temporal value changes) might result in traffic drop on all interfaces and recorded as RED drops.
PR Number Synopsis Category: L3 V4 V6 etc support for DNX PR Descriptions
1426734 ACX5448-D: 96K ARPs are getting populated but only 47K NH entries are present. So around 50% packet drop is observed.
 
Due to BCM sdk design, EEDB hardware entry is not freed for unicast next-hop creation. This leads to resource leakage and is not allowing to higher scale.
PR Number Synopsis Category: MPLS for DN PR Descriptions
1448899 ACX5448 L2circuit stops forwarding traffic after LDP flap.
 
ACX5448 L2circuit stops forwarding traffic after LDP flap.
PR Number Synopsis Category:Miscellaneous PFE on DNX PR Descriptions
1442901 ACX5448: Pkt buffer error from PFE leading to memory leak when IGMP is sent from NNI AC in L2circuit & VPLS
 
In an ACX5448 platforms, when the PFE failed to allocate packet buffer, portion of packet memories may not be freed.
PR Number Synopsis Category:EA chips SW PR Descriptions
1407506 FPC crash and slow convergence upon HMC Fatal error condition when inline-jflow is used
 
On MX platforms using MPC7E, MPC8E, MPC9E, MX10k-LC2101 or MX10003, when inline-jflow application is used, Fatal error on Hybrid Memory Cube (HMC) will perform "disable-pfe" action. Since Jflow records are hosted on the HMC memory partition, reading and writing to the HMC memory might trigger FPC crash and high FPC CPU utilization, causing slow convergence (adding/deleting routes or nexthops) for other PFEs on the same FPC carrier.
PR Number Synopsis Category:Ethernet OAM (LFM) PR Descriptions
1454187 [PDT][CFM] CUC-1751:COMCAST: Some CFM UP MEP sessions does not come up in scaled scenario over L2VPN circuits on Lag interfaces.
 
When AE link flaps due to lacp timeout or lacp state reinitialization and l2VPN comes-up within CCM timeout, CFM sessions on l2vpn/l2circuit ifls may get stuck in failed state
PR Number Synopsis Category:EVPN control plane issues PR Descriptions
1443798 The EVPN type 2 routes might not be advertised properly in logical-systems
 
On all MX platforms with Ethernet Virtual Private Network (EVPN) running in a logical system, the logical-systems cannot advertise EVPN type 2 routes properly.
PR Number Synopsis Category:EVPN Layer-2 Forwarding PR Descriptions
1441565 Restarting l2-learning might cause some remote MAC addresses to move into forwarding 'dead' state
 
When restarting l2-learning (l2ald) process on MX in an EVPN/MPLS scenario, some mac-addresses might be pointed to dead next-hop in the forwarding-table. All further MAC-addresses learned using the same indirect next-hop or from the same remote PE will get rejected by the kernel too and will not be installed in the PFE anymore. This is only applicable if the routing-instance type is evpn. If the EVPN instances type is virtual-switch there is no exposure.
1455973 Instance type is changed from VPLS to EVPN and this results in packet loss
 
In VPLS to EVPN migration scenario, when the routing-instance type is changed from VPLS to EVPN, short-lived loss of traffic is seen.
1459830 DF may send back ARP request/NS to local segment under EVPN-ETREE leaf role conditions.
 
Under EVPN multihoming mode, DF(designated forwarder) may send back ARP request/NS traffic to local segment.
PR Number Synopsis Category:Express PFE L3 Features PR Descriptions
1431735 The dcpfe might crash on all line cards on QFX10k in scaled setup
 
On QFX10k platforms, the dcpfe might crash on all line cards if VTEP flap or next-hop deletion happens in scaled environment.
1442760 The KRT queue might be stuck when more than 65k IPv6 labeled-unicast routes are received on BGP-LU IPv6 session which is configured on PTX10000 series platform
 
When BGP labeled-unicast (BGP-LU) IPv6 session is configured on PTX10000 series platform and more than 65k IPv6 labeled-unicast routes are received on this session, the F-label might be exhausted because chained composite next hops for ingress labeled-bgp LSPs is not supported on this platform. The F-label exhaustion could cause kernel routing table (KRT) queue to be stuck with the error of "ENOMEM -- Cannot allocate memory" which could cause routes to be missing in forwarding table. The fix for this issue is to make "forwarding-table chained-composite-next-hop ingress labeled-bgp inet6" being supported under routing-options hierarchy in PTX10000 series platform.
PR Number Synopsis Category:Kernel software for AE/AS/Container PR Descriptions
1429917 The AE interface does not come up after rebooting the FPC/device though the physical member link is up
 
When a single FPC carries minimum 10 member links which belong to the same or different AE (Aggregate Ethernet) bundle, if one of the static AE bundle (LACP is not enabled) has disabled member link, this static AE interface does not come up after rebooting the FPC/device though it has physical member link with UP state.
1445428 Detached LACP member link gets LACP State as enabled in PFE when switchover because of device reboot
 
If particular set of events happened the status for detached LACP link may get turned on in PFE which may later create traffic blackholing for transit traffic.
PR Number Synopsis Category:Integrated Routing & Bridging (IRB) module PR Descriptions
1461677 In EVPN scenario memory Leak might be observed when proxy-macip-advertisement is configured
 
In EVPN scenario if "proxy-macip-advertisement" knob is configured, it might cause memory leak. Traffic would be impacted in case the memory leak is not stopped.
PR Number Synopsis Category:ISIS routing protocol PR Descriptions
1430581 The next-hop of IPv6 route remains empty when a new ISIS link comes up
 
In a scenario with ISIS running single spf (shortest-path-first) for IPv4 and IPv6, i.e. the multi-topology is not enabled, when a new ISIS link comes up, IFA (interface address) for IPv4 comes up quickly and the route is installed, but IFA for IPv6 is not up quickly due to DAD (Duplicate Address Detection) is enabled by default. Therefore, after spf calculation, the next-hop list for IPv6 remains empty for about 11 seconds, so, ISIS ends up with deleting the route.
1432398 "show isis adjacency extensive" output is missing state transition details
 
CLI command 'show isis adjacency extensive' output in text format is missing some details from the adjacency transition log. The output in XML format is still correct.
PR Number Synopsis Category:jdhcpd daemon PR Descriptions
1429456 The DHCP DECLINE packets are not forwarded to DHCP server when forward-only is set within dhcp-reply
 
If forward-only is set within dhcp-reply in Juniper device as a DHCP relay agent, the DHCP DECLINE packets which are broadcasted from DHCP client are dropped and not forwarded to DHCP server.
1431201 The jdhcpd_era log files constantly consume 121M of space out of 170M, resulting into file system full and traffic impact
 
On EX platforms with service dhcp enabled, the jdhcpd_era log files constantly consume 121M of space out of 170M, resulting into file system full and traffic impact. Memory usage of /var/log/ will reach 100%.
1459925 DHCP packet might not be processed correctly if DHCP option 82 is configured
 
In Dynamic Host Configuration Protocol (DHCP) scenario, an zero length sub-option of the option 82 in DHCP DISCOVER message might not be processed correctly causing other DHCP options from DHCP DISCOVER message to be mis-processed as well. This issue has service impact.
PR Number Synopsis Category:IPSEC/IKE VPN PR Descriptions
1434137 The kmd log shows resource temporarily unavailable repeatedly and VPNs might be down.
 
On SRX platforms with lots of IPsec VPN tunnels configured (e.g., 6700 IPsec VPN tunnels configured on SRX5400), after system bootup (system reboot or upgrading), the kmd on Routing Engine and iked on Services Processing Unit (SPU) repeatedly generates "ipc_pipe_write:353 num_sent=-1 errno=35 Resource temporarily unavailable" and certain IPsec VPN tunnels might be temporarily down.
PR Number Synopsis Category:Layer 2 Circuit issues PR Descriptions
1418870 The rpd crash might be seen if l2circuit/local-switching connections flap continuously
 
On all Junos platforms, if there are multiple interfaces configured under a single l2circuit/local-switching, and each of these interfaces has a description field configured under them, when l2circuit/local-switching connections flapping continuously, memory usage increment might happen, eventually, it will result in rpd crash because of running out of memory.
PR Number Synopsis Category:Layer2 forwarding on EX/NTF/PTX/QFX PR Descriptions
1428572 "global-mac-limit" and "global-mac-ip-limit" may allow more entries than the configured values
 
When configuring the "global-mac-limit" or "global-map-ip-limit" lower than the number of currently learned MAC/MAC-IP entries, the total number of learned MAC/MAC-IP entries may be more than the configured limit.
PR Number Synopsis Category:mc-ae interface PR Descriptions
1450978 LACP daemon crashed continuously
 
If an MC-LAG interface has ccc subinterface, and the ccc sub-interface are in down state on both side of the MC-LAG, when the MC-LAG interface is going up is going up, the lacpd keeps crashing continuously.
PR Number Synopsis Category:Multi Protocol Label Switch OAM PR Descriptions
1436373 The rpd might crash after executing 'ping mpls ldp'
 
In LDP to BGP-LU stitching scenario, when BGP route goes down, MPLS ping is done before that route is pulled out of the routing table, the rpd will crash.
PR Number Synopsis Category:Multicast Routing PR Descriptions
1457228 Few seconds of traffic drop might be seen on the existing receivers when another receiver joins/leaves
 
With "protocol igmp-snooping" configured, if some receiver joins/leaves a group, few seconds of traffic drop might be seen on the existing receivers.
PR Number Synopsis Category:FreeBSD Kernel Infrastructure PR Descriptions
1433224 The operations on console might not work if the knob "system ports console log-out-on-disconnect" is configured
 
With the knob "system ports console log-out-on-disconnect" configured, if executing some operations on console, the console operations might fail to work properly.
PR Number Synopsis Category:"ifstate" infrastructure PR Descriptions
1437762 The CPU utilization on a daemon might keep around 100% or backup RE might crash in race conditions
 
The CPU utilization on a daemon might keep around 100% or backup RE might crash in race conditions (it may get hit or triggered at times by some churn in the system, no specific trigger).
PR Number Synopsis Category:IPv6/ND/ICMPv6 issues PR Descriptions
1447115 Long IPv6 address are not displayed fully on ipv6 neighbor table.
 
It was display issue. The width of IP addresses was set to a small number hence long IPv6 address are not displayed fully on ipv6 neighbor table.
PR Number Synopsis Category:PRs requiring triage and/or fix in the PFE Peer Infra PR Descriptions
1448858 DCD CPU spike seen after a JUNOS upgrade from 14.2 to 16.1
 
DCD CPU spike seen due to IRSD going in a loop
PR Number Synopsis Category:TCP/UDP transport layer PR Descriptions
1449664 FPC might reboot with vmcore due to memory leak
 
On all Junos platforms, if the device is up for a long period (e.g. several weeks or months), there might be a slow memory leak happening in some error scenarios where an application tries to send some data on a stale TCP socket (e.g. short-lived TCP connections used by the mgd process), and this issue might lead to FPC reboot with vmcore files.
1449929 The DF flag BGP packets are dropped over MPLS LSP path
 
When the mtu-discovery is configured under BGP, the DF (Don't Fragment) flag BGP packets are dropped if they go through the smaller MTU MPLS LSP path. This issue will cause the BGP session flap and the failure of BGP routes update.
PR Number Synopsis Category:VMX PFE/RIOT related issues on BBE application PR Descriptions
1393660 FPC might reboot on VMX in subscriber scenario
 
On VMX in subscriber scenario, RIOT core might be observed on VMX. The respective FPC might reboot after generating RIOT core. All the traffic or service via that FPC will get impacted.
PR Number Synopsis Category:Periodic Packet Management Daemon PR Descriptions
1448670 Intra-router PPMD[RE] to PPMAN[FPC] connection could be closed if the session timeout is greater than 3 seconds in either direction.
 
Optimize the PPMD to PPMAN connection's session timeout. This is to improve system resiliency when JUNOS VM temporary freeze on a Routing Engine.
PR Number Synopsis Category:PTP related issues. PR Descriptions
1408178 QFX5k : Transit traffic loss when one of LAG child interfaces deleted or deactivated
 
Traffic does not pass through LAG interface on QFX5k once deleted or deactivated one of child interfaces though LAG interface is UP state. At that time, invalid vlan tag will be added to traffic.
1442665 Commit validation needed to check the Child IFDs associated with LAG interfaces for PTP
 
In JunOS PTP deployment, where configured Child IFL in the PTP config and AE in the interface configuration, during PFE initialisation, PFE microcode is not able to find the correct outgoing interface OIF to send the packet to and takes the host route path leading to congestion and interfaces brought to admin down. In the software fix, it is introduced an implementation a check for restricting PTP configuration where the slave/master IFL should not be part of any AE IFL, unless explicit AE interface is provided.
1451950 RMPC core found after configuration changes done on the network for PTP/Clock Synchronization.
 
RMPC core found after configuration changes done on the network for PTP/Clock Synchronization.
PR Number Synopsis Category:Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI PR Descriptions
1448102 Rebooting QFX5120-48Y using "request system reboot" doesn't take physical links offline immediately
 
After rebooting QFX5120-48Y using "request system reboot", the physical link doesn't become offline immediately, which might result in traffic loss.
PR Number Synopsis Category:Interface related issues. Port up/down, stats, CMLC , serdes PR Descriptions
1402588 The MTU might change to a Jumbo default size on PFE side after deleting and re-adding the interface
 
On EX and QFX platforms, if there is no manually MTU configuration, the MTU changes to be the Jumbo MTU after deleting and re-adding the interface.
1430722 Traffic impact might be seen on QFX10K platforms with interface hold-down timer configured
 
For interface on QFX10K configured with hold-down timer (knob "hold-time down" is configured), if the physical link is up while the interface is still held-down on kernel due to hold-down timer running (e.g. after a reboot), the laser is still emitting and the down port is still processing incoming packets rather than dropping it. This will cause the other end to make its own interface as "UP" and might impact traffic (for example, a loop).
1431900 The optical power of interface may gradually reduce the optical power for almost 3 mins after issuing "request system reboot at now" on QFX5110/5120
 
On QFX5110/5120, optical interface like 1G/10G SFP/SFP+ may take almost 3 mins to reduce the tx power to "0" on the other end of the interface, after issuing "request system reboot at now" command.
1435705 SIB/FPC Link Error alarms might be observed on QFX10K due to a single CRC
 
On QFX10002/10008/10016 platforms, the "SIB/FPC Link Error" alarms will be observed even though only one CRC (Cyclic Redundancy Check) error is encountered in a poll period.
PR Number Synopsis Category:QFX Control Plane Kernel related PR Descriptions
1063645 [SIRT]Certain QFX and EX Series devices are vulnerable to 'Etherleak' memory disclosure in Ethernet padding data (CVE-2017-2304)
 
Certain QFX and EX Series devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak' and often detected as CVE-2003-0001. Refer to JSA10773 for more information.
PR Number Synopsis Category:QFX platform optics related issues PR Descriptions
1337340 On QFX5100 platforms, LR4 QSFP can take up to 15 min to come up after VC reboot
 
On QFX5100 platforms, LR4 QSFPs might take take longer to come up than others (up to 15 minutes). This is a intermittent occurrence.
1402127 QSFP-100GBASE-SR4/LR4 might take a long time to come up after disabling interface or reboot
 
On QFX5110 platform with QSFP-100GBASE-SR4/LR4 port used, after disabling an 100G port and then enable the port again, or reboot the device, there is a long time delay (5-15 minutes) before the ports come up.
PR Number Synopsis Category:QFX PFE Class of Services PR Descriptions
1442522 Flow control does not work as expected on 100G interface of QFX5110
 
On 100G interface of QFX5110, flow control does not work as expected. As a result, QFX5110 may stop transferring traffic when receiving a pause frame on flow control disabled interface or flow control does not work though enabling it.
1445960 CoS classifier might not work as expected
 
On QFX5000 Series platforms(except for the QFX5100) in the VxLAN scenario, the traffic is not classified properly on the UNI interface which has multiple VLANs configured.
1453512 The classifier configuration doesn't get applied to the interface in an EVPN/VXLAN environment
 
On QFX5100/QFX5110/QFX5120/QFX5200/QFX5210 Series platforms with an EVPN/VXLAN scenario, the classifier might not be applied to the interface successfully and all traffic flows in the best-effort queue.
PR Number Synopsis Category:QFX L2 PFE PR Descriptions
1437295 The FPC might crash if both the AE boundle flapping on local device and the configuration change on peer device occur at the same time
 
On QFX platforms, the FPC might crash if both the AE (Aggregate Ethernet) boundle flapping on local device and the configuration change on peer device which can cause the interface down occur at the same time.
1439073 Interfaces configured with flexible-vlan-tagging might loss connectivity
 
On QFX5000 series platform and related products (like ACX5K and EX4600), a port configured in service provider style (flexible-vlan-tagging) might lose connectivity over the native VLAN when additional tagged VLANs are added to it. The impact is that all the hosts' traffic over the designated native VLAN might be dropped.
PR Number Synopsis Category:All issues related to L3 data-plane/forwarding PR Descriptions
1406242 QFX5200/5100 might not be able to send out control plane traffic to the peering device
 
On all QFX5200/5100 platforms, the router might not be able to send out control plane traffic to the peering device along with "Failed to allocate 16384 DMA memory" messages. All the routing protocols running over the affected interfaces will be down due to this issue, and therefore it impacts the service.
1406242 QFX5200/5100 might not be able to send out control plane traffic to the peering device
 
On all QFX5200/5100 platforms, the router might not be able to send out control plane traffic to the peering device along with "Failed to allocate 16384 DMA memory" messages. All the routing protocols running over the affected interfaces will be down due to this issue, and therefore it impacts the service.
1451032 Tunneling encapsulated packets are dropped on L3VPN MPLS PE-CE interface
 
On QFX5120/EX4650 Series switches (function as PE devices), all the L3 tunneling (e.g. IP in IP, GRE, VXLAN) packets are hitting the wrong routing table while receiving the encapsulated packets on the L3VPN MPLS PE-CE interface. This can result in a black hole issue.
1458206 Dual Tag Q-in-Q not working with EVPN-VXLAN
 
In EVPN-VXLAN with retaining S-VLAN Tags and C-VLAN tags scenario, both S-VLAN and C-VLAN tags are treated as the data of a packet when it is transported. when a dual-tagged ARP packet arrives at ingress PE, the device could only recognize either untagged ARP packet or single tag ARP packet, and if it is not, the device will assume that it is not an ARP packet. Since ARP resolution fails, all subsequent communication will not happen.
PR Number Synopsis Category:RPD Interfaces related issues PR Descriptions
1460181 The "forwarding" option is missed in routing-instance type
 
On PTX10008/PTX10016/QFX10008/QFX10016 Series platforms, the "forwarding" option for routing-instance type configuration is missed, it might impact the function related to this configuration. For example, FBF won't work because of the missing configuration.
1460181 The "forwarding" option is missed in routing-instance type
 
On PTX10008/PTX10016/QFX10008/QFX10016 Series platforms, the "forwarding" option for routing-instance type configuration is missed, it might impact the function related to this configuration. For example, FBF won't work because of the missing configuration.
PR Number Synopsis Category:RPD Next-hop issues including indirect, CNH, and MCNH PR Descriptions
1401322 The traffic might be always taking the backup path though primary path is available in BGP-PIC scenario
 
In BGP-PIC case, if a route R1, resolves on top of multipath-route R2, where R2 has primary and backup indirect-nexthops, it will be better if backup leg is not used for resolution of R1. There is no impact on any existing CLI commands. Backup path should be never used when primary path is available.
1424819 The rpd keeps crashing after changing configuration
 
In the ECMP (Equal-Cost Multipath) environment with existing more than 8 multipath for a given route, changing configuration (e.g. delete routing protocol IGP or LSP) is trying to delete a software structure which was already corrupted sometime earlier due to memory corruption, and this may cause the rpd to keep crashing. This issue applies to all types of nexthops with multipath.
1430244 "Protect core" configured router may send "ipfix" sampling packets with wrong next-hop information
 
A "protect core" configuration router may send out "ipfix" information with an incorrect "next-hop" value - "0.0.0.0" - when the router receives the router from iBGP neighbors and eBGP neighbors with the same local-preference value.
PR Number Synopsis Category:security-intelligence feature on SRX PR Descriptions
1424287 19.2DCB:SRX-RIAD:vSRX3.0:SKYATP: Dynamic IP entries are not rendered with CLI "show security dynamic-address category-name Whitelist feed-name whitelist"
 
"show security dynamic-address category-name Whitelist feed-name whitelist" is not working show security dynamic-address category-name feed-name command is not working
PR Number Synopsis Category:MX10003/MX204 MPC defects tracking PR Descriptions
1445508 The 1G interface on MX204 might stay down after the device is rebooted
 
On MX204 platform, the interface with the parameter "speed 1g" configured might stay down after the device is rebooted. This is a timing issue.
PR Number Synopsis Category:sync-e related issues. PR Descriptions
1439025 Incorrect values in JUNIPER-TIMING-NOTFNS-MIB
 
There were incorrect values in JUNIPER-TIMING-NOTFNS-MIB table (.1.3.6.1.4.1.2636.3.75.1).
1453436 Incorrect output in 'show snmp mib walk jnxTimingNotfnsMIB.3'
 
The values displayed in the output of 'show snmp mib walk jnxTimingNotfnsMIB.3' are not correct. This MIB table is responsible for Timing feature defect/event notification.
PR Number Synopsis Category:Issues related to broadband edge apps (PPP, DHCP) on Trio ch PR Descriptions
1446546 Accurate statistics may not include packets forwarded during the last two seconds before subscriber termination
 
In a subscriber-management environment, Accounting-Stop packets may not include packets forwarded during the last two seconds of the subscriber session.
PR Number Synopsis Category:Trio pfe stateless firewall software PR Descriptions
1357531 A nested filter used by multiple filters in the same filter list causes FPCs continuous crash
 
In filter list (input-list/output-list) scenario, when the filters in the same filter list refer to a same nested filter, the FPC might crash continuously. The issue results in traffic loss during FPC crash and reboot.
PR Number Synopsis Category:Configuration mgmt, ffp, load-action, commit processing PR Descriptions
1410322 The configuration database might not be unlocked automatically if the related user session is disconnected during the commit operation in progress
 
Configuration database can remain locked after the ssh session is halted.
PR Number Synopsis Category:V44 Aggregation Device Platforms PR Descriptions
1412781 Junos fusion / v44 / Incorrect power values for extended optical ports
 
On junos fusion setup there is no support to read rx power values considering internal calibration. Hence low rx power values are read across satellite node interfaces. This stands addressed through revised SNOS image. SNOS images carrying fix : 3.5R1.4 and 3.2R4.8 Issue would not be seen on JUNOS compatible with these images.
PR Number Synopsis Category:VMHOST platforms software PR Descriptions
1436201 ifHCInOctets counter on AE interface going to ZERO value when snmp mib walk execute.
 
Customer found ifHCInOctets counter on AE interface going to ZERO when snmp gets those value via both CLI and remote snmp get commands.
PR Number Synopsis Category:VNID L2-forwarding on Trio PR Descriptions
1461860 Traffic received from vtep gets dropped if the VNI value used for type-5 routes is greater than 65535
 
With EVPN-VXLAN on MX platforms, the packets received from vtep would be dropped by PFE (Packet Forwarding Engine) if the VNI value used for type-5 routes is exceeding 65535.
PR Number Synopsis Category:Virtual Private LAN Services PR Descriptions
1428862 VPLS neighbors might stay in down state after configuration changes in vlan-id
 
On all Junos platforms with NSR enabled, under EVPN-VPLS scenario, the VPLS neighbors might stay in down state after configuration changes in vlan-id.
Modification History:
Re-publish on 2019-12-04 with the following errata:
  1. PR1437577 not only fixing MAC/ARP learning but also fixing physical links not coming up on Base-T SFPs.
First publication 2019-11-04
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search