Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles18.4R2-S2: Software Release Notification for Junos Software Service Release version 18.4R2-S2
Junos Software service Release version 18.4R2-S2 is now available.
Note:
Due to issues with IGMP snooping feature for QFX5K platforms QFX5K images will be released later on.
| PR Number | Synopsis | Category: EX9200 Control Plane. PR Descriptions |
|---|---|---|
| 1435874 | The mc-ae interface may get stuck in waiting state in dual mc-ae scenario |
In dual mc-ae scenario, if an LACP active device reboots or all AEs are disabled/enabled on the device, the LACP partner and its mc-ae peer might have different partner system ID, it causes mc-ae to get stuck in waiting state hence have traffic impact in the network. |
| PR Number | Synopsis | Category:EX2300 & EX3400 PFE PR Descriptions |
| 1423310 | IPv6 multicast traffic received on one VC member might be dropped when egressing on other VC member if MLD snooping is enabled |
With MLD snooping enabled, IPv6 multicast traffic might be dropped on Virtual Chassis (VC) if ingress and egress interfaces are on different VC members. |
| PR Number | Synopsis | Category:QFX access control list PR Descriptions |
| 1441444 | QFX5210: Firewall Filter DSCP Action Modifier does not work when Firewall Filter is mapped to IRB |
When applying a firewall filter, which has a modifier to change the DSCP value of a packet, to an IRB interface, the action modifier has no effect. |
| PR Number | Synopsis | Category: QFX PFE L2 PR Descriptions |
| 1437577 | Physical link or MAC/ARP learning might not work for copper base SFP-T on QFX5100/QFX5110/EX4600 |
On QFX5100/QFX5110/EX4600 platforms, if copper base SFP-T is used, you may encounter either link does not come up or MAC/ARP learning might not work for the SFP-T. |
| 1455161 | Unequal LAG hashing might happen on QFX devices |
On QFX5100/QFX5110/QFX5120/QFX5200/QFX5210 Series platforms with load-balance configuration, the uneven traffic distribution might be seen on the link aggregation group (LAG) interfaces. |
| PR Number | Synopsis | Category:QFX L3 data-plane/forwarding PR Descriptions |
| 1355607 | Some storm control error logs might be seen on QFX-series platforms |
On QFX Series platforms, in a corner scenario with a Virtual Chassis setup, if storm control configuration is enabled on interfaces and multicast traffic ingresses on the interfaces, some storm control error logs might be observed on these interfaces. It is only seen in one customer setup and not reproducible in a local setup. Also, it is just a logging issue and has no traffic impact. |
| 1355607 | Some storm control error logs might be seen on QFX-series platforms |
On QFX Series platforms, in a corner scenario with a Virtual Chassis setup, if storm control configuration is enabled on interfaces and multicast traffic ingresses on the interfaces, some storm control error logs might be observed on these interfaces. It is only seen in one customer setup and not reproducible in a local setup. Also, it is just a logging issue and has no traffic impact. |
| 1383680 | The IRB transit traffic might not be counted for EVPN/VXLAN traffic |
On QFX10002\QFX10008\QFX10016 Series platforms with EVPN/VXLAN deployment scenario, the transit statistics of Integrated Routing and Bridging (IRB) interface might fail to be counted for the EVPN/VXLAN traffic, but it works for the regular IRB interface. |
| 1422324 | The same traffic flow might be forwarded to different ECMP next-hops on QFX5K platforms |
On QFX5K platforms, when MPLS traffic with the same inner IP flow (same 5-tuples) landing via different physical ports and MPLS label is terminated on this device, and the inner IP flow will be forwared by ECMP next-hop, the same flow might select different next-hops. The traffic impact will depend on how the egress interfaces are connected to peer devices: 1. If all egress interfaces are connected to a same device, it will not impact traffic. 2. If all egress interfaces are connected to different devices, it might cause asymmetric routing or packets disorder. |
| 1441402 | Traffic might be dropped after the QinQ enabled interface is flapped or a change is made to the vlan-id-list |
On QFX5K/EX4600 with SP (Service Provider) style VLAN configuration (in this method, each VLAN-ID is locally significant to a physical interface), if interface-mac-limit/mac-table-size is configured (i.e. software MAC learning is enabled) and the scale of MAC addresses on the box is more than 2000, traffic might be dropped after QinQ enabled interface is flapped or a change is made to the vlan-id-list. |
| 1443507 | IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present |
On all Junos platforms which are enabled with MultiChassis Link Aggregation Group (MC-LAG), if there are multiple Integrated Routing and Bridging (IRB) interfaces present, and the Inter Chassis Link (ICL) is also connected over an IRB interface, when both MC-LAG peers have not learnt link-local addresses and IPv6 ping is firstly initiated from the remote peer, the Neighbor Solicitation (NS) packet might take ICL path and couldn't get answered properly. |
| 1460688 | The egress interface in PFE for some end-hosts may not be correct on the layer 3 gateway switch after it is rebooted |
On edge-routed bridging (ERB) EVPN-VXLAN multihoming designs with QFX5110 and QFX5120 switches work as Layer 3 gateways, in some rare condition, when one of the switches acting as L3 gateway comes up after reboot, the egress interface in PFE for some end-host may not be updated to the correct next-hop interface in the hardware on that gateway. This issue cause traffic disruption for the affected end host |
| PR Number | Synopsis | Category: "agentd" software daemon PR Descriptions |
| 1426871 | The decoding of telemetry data at collector may not be proper if configuring the sensors |
On EX and MX platforms, if configuring the sensors to stream data over UDP in static DB, decoding of telemetry data at collector may not be proper. |
| PR Number | Synopsis | Category: MX Layer 2 Forwarding Module PR Descriptions |
| 1446568 | The high CPU utilization of l2ald is seen after replacing EVPN config |
The l2-learning CPU utilization might get high and remain stuck forever after switching configuration files several times between EVPN and non-EVPN (e.g VRRP) by loading the corresponding configuration file. Because of that some of the data in the device is not successfully clean up, when EVPN-config (virtual-switch) is removed and the Ethernet Segment Identifier (ESI) interface is configured in a non-EVPN routing-instance. |
| PR Number | Synopsis | Category: PFE issue for flowd on SRX SPU PR Descriptions |
| 1438887 | The local interface IPv6 address might be shown as "Tentative" if the LACP is enabled on RETH interface |
On SRX5400/SRX5600/SRX5800 chassis cluster with Service Process Card 3 (SPC3), the local interface IPv6 address might be shown as "Tentative" and the next hop type of the corresponding IPv6 route might be "Reject" if the Link Aggregation Control Protocol (LACP) is enabled on RETH interface. |
| PR Number | Synopsis | Category:Junos Fusion Infrastructure PR Descriptions |
| 1447873 | Reachability issue of the host connected to the SD might be affected in Junos Fusion Enterprise environment with EX9200 series devices as AD |
In a Junos Fusion Enterprise environment, when traffic originates from a peer device connected to the aggregation device and the ICL is a LAG, there might be a reachability issue if the cascade port is disabled and traffic has to flow through the ICL LAG to reach the satellite device. As a workaround, use single interface as the ICL instead of a LAG. |
| PR Number | Synopsis | Category: Subscriber Management OS Infrastructure library PR Descriptions |
| 1414333 | DHCP/DHCPv6 subscribers might fail to establish sessions on PowerPC based MX platforms |
On MX5/10/40/80/104 platforms running with Dynamic Host Configuration Protocol version 4/version 6 (DHCPv4/v6) subscribers, if large-scale subcribers (e.g. around 3500 in total) try to establish sessions simultaneously from multiple access interfaces, the DHCPv4/v6 sessions might always fail to set up due to this issue. As a result, the session set up rate would be much lower than expected. |
| PR Number | Synopsis | Category: Subscriber Management routing PR Descriptions |
| 1444696 | Inline-keepalive might stop working for LNS subscribers if the knob "routing-services" is enabled |
On MX PowerPC platforms (e.g. MX5/10/40/80/104) enabled with enhance subscriber management feature, if the "routing-services" knob is enabled for Layer 2 Tunneling Protocol Network Server (LNS) subscribers, the inline-keepalive feature might stop working which leads to subscriber sessions broken up and turned into stale sessions. This is a timing issue. |
| 1458369 | The subscriber routes are not cleared from backup RE when session is aborted |
On MX platforms with enhanced subscriber enabled, the subscriber routes might not be cleared from backup RE when session is aborted. The bbe-smgd memory leak might be seen on the backup RE and subscribers could not login after switchover. |
| 1464415 | The PPP IPv6CP may fail if the knob "routing-services" is enabled |
In the IPv6 or dual stack PPPoE subscriber management scenario, if the knob "routing-services" is enabled, the PPP IPv6CP may fail. This issue will cause that IPv6 PPPoE subscriber can not login successfully. |
| PR Number | Synopsis | Category: Subscriber Management Statistics daemon & libraries PR Descriptions |
| 1461821 | The BBE statistics collection and management process, bbe-statsd memory issue on backup RE |
The BBE statistics collection and management process, bbe-statsd memory issue on backup RE |
| PR Number | Synopsis | Category: Border Gateway Protocol PR Descriptions |
| 1351639 | The rpd crashes in JunOS 16.1 or higher during BGP convergence |
In JunOS 16.1 or higher, during BGP convergence, the input/output thread constructing the outgoing BGP PDU and manipulating the path attributes before hand-off the data to the socket. If this PDU length is zero, it will trigger an assertion and routing-protocol demon is restarting. |
| 1382892 | The rpd might crash under a rare condition if GR helper mode is triggered |
When graceful restart is configured on the BGP peer device, if the peer device initiate new TCP connection when there is an existing TCP connection for the BGP session, send OPEN message and this new TCP connection also get torn down immediately after establishment/sending of OPEN message. The rpd might crash. |
| 1430899 | BGP knob "multipath multiple-as" does not work in specific scenario |
By default BGP multipath is for load balance with BGP neighbors in same AS. For load balance with BGP neighbors in different AS, the knob "multiple-as" is further needed. However if the knob "multiple-as" is only configured in some BGP groups but not in all BGP groups, the expected load balance will not work. |
| 1454951 | Rpd might crash when multipath is in use |
If multipath is enabled, in some certain conditions, the rpd core might be seen while secondary route resolution. |
| PR Number | Synopsis | Category: Subscriber Management Remote Access Server PR Descriptions |
| 1444438 | Test aaa ppp, output enhancement. |
The output of "test aaa ppp" is missing "" tag. |
| PR Number | Synopsis | Category:MX Platform SW - Mastership Module PR Descriptions |
| 1424187 | The system does not reboot or halt as configuration when encountering the disk error |
When the system encounters disk error or halted system (ex. memory leak), the chassisd might go in hung state with the blow error messages even though "disk-failure-action reboot" or "disk-failure-action halt" is configured. |
| PR Number | Synopsis | Category:Class of Service PR Descriptions |
| 1428144 | The host-inbound packets might be dropped if configuring host-outbound FC |
On all Junos platforms, if class-of-service host-outbound-traffic forwarding-class is configured and the FC (Forwarding Class) is with an implicit/explicit discard action in the firewall filter, the kernel might classify the host-inbound traffic to the same FC and being discarded. |
| PR Number | Synopsis | Category: QFX Control Plane VXLAN PR Descriptions |
| 1446957 | ARP and IPv6 neighbor entries cannot be cleared when they are learned from EVPN multi-home ESI |
ARP and IPv6 neighbor entries cannot be cleared when they are learned from EVPN multi-home ESI. The following commands will not clear ARP and IPv6 neighbor entries when they are learned from EVPN multi-home ESI. clear ethernet-switching evpn arp-table clear ethernet-switching evpn nd-table clear ethernet-switching mac-ip-table |
| 1453865 | JDI-RCT: EVPN-VXLAN NON-COLLAPSED:ARP will get resolved on non-TVP OPUS for Vxlan having vlan-id of 2 |
When there is a vxlan with vlan -id of 2 on a non-TVP opus, ARP will not get resolved. |
| PR Number | Synopsis | Category:Device Configuration Daemon PR Descriptions |
| 1430966 | EX92 unexpected "duplicate VLAN-ID" commit error |
A problem with configuration parsing related to vlan-list overlapped between units on the same interface There was a redundant call for the vlan-id checking function called when vlan-id-list is configured. There was a condition present to avoid this redundant call which was broken as part of the PR-1238128 fix. PR 1430966 and PR-1238128 are fixed now. |
| PR Number | Synopsis | Category:CoS support on DNX PR Descriptions |
| 1443466 | RED drops might be seen after link flaps or CoS configuration changes |
On an ACX5448 box, link flaps or CoS configuration changes (specific to temporal value changes) might result in traffic drop on all interfaces and recorded as RED drops. |
| PR Number | Synopsis | Category: L3 V4 V6 etc support for DNX PR Descriptions |
| 1426734 | ACX5448-D: 96K ARPs are getting populated but only 47K NH entries are present. So around 50% packet drop is observed. |
Due to BCM sdk design, EEDB hardware entry is not freed for unicast next-hop creation. This leads to resource leakage and is not allowing to higher scale. |
| PR Number | Synopsis | Category: MPLS for DN PR Descriptions |
| 1448899 | ACX5448 L2circuit stops forwarding traffic after LDP flap. |
ACX5448 L2circuit stops forwarding traffic after LDP flap. |
| PR Number | Synopsis | Category:Miscellaneous PFE on DNX PR Descriptions |
| 1442901 | ACX5448: Pkt buffer error from PFE leading to memory leak when IGMP is sent from NNI AC in L2circuit & VPLS |
In an ACX5448 platforms, when the PFE failed to allocate packet buffer, portion of packet memories may not be freed. |
| PR Number | Synopsis | Category:EA chips SW PR Descriptions |
| 1407506 | FPC crash and slow convergence upon HMC Fatal error condition when inline-jflow is used |
On MX platforms using MPC7E, MPC8E, MPC9E, MX10k-LC2101 or MX10003, when inline-jflow application is used, Fatal error on Hybrid Memory Cube (HMC) will perform "disable-pfe" action. Since Jflow records are hosted on the HMC memory partition, reading and writing to the HMC memory might trigger FPC crash and high FPC CPU utilization, causing slow convergence (adding/deleting routes or nexthops) for other PFEs on the same FPC carrier. |
| PR Number | Synopsis | Category:Ethernet OAM (LFM) PR Descriptions |
| 1454187 | [PDT][CFM] CUC-1751:COMCAST: Some CFM UP MEP sessions does not come up in scaled scenario over L2VPN circuits on Lag interfaces. |
When AE link flaps due to lacp timeout or lacp state reinitialization and l2VPN comes-up within CCM timeout, CFM sessions on l2vpn/l2circuit ifls may get stuck in failed state |
| PR Number | Synopsis | Category:EVPN control plane issues PR Descriptions |
| 1443798 | The EVPN type 2 routes might not be advertised properly in logical-systems |
On all MX platforms with Ethernet Virtual Private Network (EVPN) running in a logical system, the logical-systems cannot advertise EVPN type 2 routes properly. |
| PR Number | Synopsis | Category:EVPN Layer-2 Forwarding PR Descriptions |
| 1441565 | Restarting l2-learning might cause some remote MAC addresses to move into forwarding 'dead' state |
When restarting l2-learning (l2ald) process on MX in an EVPN/MPLS scenario, some mac-addresses might be pointed to dead next-hop in the forwarding-table. All further MAC-addresses learned using the same indirect next-hop or from the same remote PE will get rejected by the kernel too and will not be installed in the PFE anymore. This is only applicable if the routing-instance type is evpn. If the EVPN instances type is virtual-switch there is no exposure. |
| 1455973 | Instance type is changed from VPLS to EVPN and this results in packet loss |
In VPLS to EVPN migration scenario, when the routing-instance type is changed from VPLS to EVPN, short-lived loss of traffic is seen. |
| 1459830 | DF may send back ARP request/NS to local segment under EVPN-ETREE leaf role conditions. |
Under EVPN multihoming mode, DF(designated forwarder) may send back ARP request/NS traffic to local segment. |
| PR Number | Synopsis | Category:Express PFE L3 Features PR Descriptions |
| 1431735 | The dcpfe might crash on all line cards on QFX10k in scaled setup |
On QFX10k platforms, the dcpfe might crash on all line cards if VTEP flap or next-hop deletion happens in scaled environment. |
| 1442760 | The KRT queue might be stuck when more than 65k IPv6 labeled-unicast routes are received on BGP-LU IPv6 session which is configured on PTX10000 series platform |
When BGP labeled-unicast (BGP-LU) IPv6 session is configured on PTX10000 series platform and more than 65k IPv6 labeled-unicast routes are received on this session, the F-label might be exhausted because chained composite next hops for ingress labeled-bgp LSPs is not supported on this platform. The F-label exhaustion could cause kernel routing table (KRT) queue to be stuck with the error of "ENOMEM -- Cannot allocate memory" which could cause routes to be missing in forwarding table. The fix for this issue is to make "forwarding-table chained-composite-next-hop ingress labeled-bgp inet6" being supported under routing-options hierarchy in PTX10000 series platform. |
| PR Number | Synopsis | Category:Kernel software for AE/AS/Container PR Descriptions |
| 1429917 | The AE interface does not come up after rebooting the FPC/device though the physical member link is up |
When a single FPC carries minimum 10 member links which belong to the same or different AE (Aggregate Ethernet) bundle, if one of the static AE bundle (LACP is not enabled) has disabled member link, this static AE interface does not come up after rebooting the FPC/device though it has physical member link with UP state. |
| 1445428 | Detached LACP member link gets LACP State as enabled in PFE when switchover because of device reboot |
If particular set of events happened the status for detached LACP link may get turned on in PFE which may later create traffic blackholing for transit traffic. |
| PR Number | Synopsis | Category:Integrated Routing & Bridging (IRB) module PR Descriptions |
| 1461677 | In EVPN scenario memory Leak might be observed when proxy-macip-advertisement is configured |
In EVPN scenario if "proxy-macip-advertisement" knob is configured, it might cause memory leak. Traffic would be impacted in case the memory leak is not stopped. |
| PR Number | Synopsis | Category:ISIS routing protocol PR Descriptions |
| 1430581 | The next-hop of IPv6 route remains empty when a new ISIS link comes up |
In a scenario with ISIS running single spf (shortest-path-first) for IPv4 and IPv6, i.e. the multi-topology is not enabled, when a new ISIS link comes up, IFA (interface address) for IPv4 comes up quickly and the route is installed, but IFA for IPv6 is not up quickly due to DAD (Duplicate Address Detection) is enabled by default. Therefore, after spf calculation, the next-hop list for IPv6 remains empty for about 11 seconds, so, ISIS ends up with deleting the route. |
| 1432398 | "show isis adjacency extensive" output is missing state transition details |
CLI command 'show isis adjacency extensive' output in text format is missing some details from the adjacency transition log. The output in XML format is still correct. |
| PR Number | Synopsis | Category:jdhcpd daemon PR Descriptions |
| 1429456 | The DHCP DECLINE packets are not forwarded to DHCP server when forward-only is set within dhcp-reply |
If forward-only is set within dhcp-reply in Juniper device as a DHCP relay agent, the DHCP DECLINE packets which are broadcasted from DHCP client are dropped and not forwarded to DHCP server. |
| 1431201 | The jdhcpd_era log files constantly consume 121M of space out of 170M, resulting into file system full and traffic impact |
On EX platforms with service dhcp enabled, the jdhcpd_era log files constantly consume 121M of space out of 170M, resulting into file system full and traffic impact. Memory usage of /var/log/ will reach 100%. |
| 1459925 | DHCP packet might not be processed correctly if DHCP option 82 is configured |
In Dynamic Host Configuration Protocol (DHCP) scenario, an zero length sub-option of the option 82 in DHCP DISCOVER message might not be processed correctly causing other DHCP options from DHCP DISCOVER message to be mis-processed as well. This issue has service impact. |
| PR Number | Synopsis | Category:IPSEC/IKE VPN PR Descriptions |
| 1434137 | The kmd log shows resource temporarily unavailable repeatedly and VPNs might be down. |
On SRX platforms with lots of IPsec VPN tunnels configured (e.g., 6700 IPsec VPN tunnels configured on SRX5400), after system bootup (system reboot or upgrading), the kmd on Routing Engine and iked on Services Processing Unit (SPU) repeatedly generates "ipc_pipe_write:353 num_sent=-1 errno=35 Resource temporarily unavailable" and certain IPsec VPN tunnels might be temporarily down. |
| PR Number | Synopsis | Category:Layer 2 Circuit issues PR Descriptions |
| 1418870 | The rpd crash might be seen if l2circuit/local-switching connections flap continuously |
On all Junos platforms, if there are multiple interfaces configured under a single l2circuit/local-switching, and each of these interfaces has a description field configured under them, when l2circuit/local-switching connections flapping continuously, memory usage increment might happen, eventually, it will result in rpd crash because of running out of memory. |
| PR Number | Synopsis | Category:Layer2 forwarding on EX/NTF/PTX/QFX PR Descriptions |
| 1428572 | "global-mac-limit" and "global-mac-ip-limit" may allow more entries than the configured values |
When configuring the "global-mac-limit" or "global-map-ip-limit" lower than the number of currently learned MAC/MAC-IP entries, the total number of learned MAC/MAC-IP entries may be more than the configured limit. |
| PR Number | Synopsis | Category:mc-ae interface PR Descriptions |
| 1450978 | LACP daemon crashed continuously |
If an MC-LAG interface has ccc subinterface, and the ccc sub-interface are in down state on both side of the MC-LAG, when the MC-LAG interface is going up is going up, the lacpd keeps crashing continuously. |
| PR Number | Synopsis | Category:Multi Protocol Label Switch OAM PR Descriptions |
| 1436373 | The rpd might crash after executing 'ping mpls ldp' |
In LDP to BGP-LU stitching scenario, when BGP route goes down, MPLS ping is done before that route is pulled out of the routing table, the rpd will crash. |
| PR Number | Synopsis | Category:Multicast Routing PR Descriptions |
| 1457228 | Few seconds of traffic drop might be seen on the existing receivers when another receiver joins/leaves |
With "protocol igmp-snooping" configured, if some receiver joins/leaves a group, few seconds of traffic drop might be seen on the existing receivers. |
| PR Number | Synopsis | Category:FreeBSD Kernel Infrastructure PR Descriptions |
| 1433224 | The operations on console might not work if the knob "system ports console log-out-on-disconnect" is configured |
With the knob "system ports console log-out-on-disconnect" configured, if executing some operations on console, the console operations might fail to work properly. |
| PR Number | Synopsis | Category:"ifstate" infrastructure PR Descriptions |
| 1437762 | The CPU utilization on a daemon might keep around 100% or backup RE might crash in race conditions |
The CPU utilization on a daemon might keep around 100% or backup RE might crash in race conditions (it may get hit or triggered at times by some churn in the system, no specific trigger). |
| PR Number | Synopsis | Category:IPv6/ND/ICMPv6 issues PR Descriptions |
| 1447115 | Long IPv6 address are not displayed fully on ipv6 neighbor table. |
It was display issue. The width of IP addresses was set to a small number hence long IPv6 address are not displayed fully on ipv6 neighbor table. |
| PR Number | Synopsis | Category:PRs requiring triage and/or fix in the PFE Peer Infra PR Descriptions |
| 1448858 | DCD CPU spike seen after a JUNOS upgrade from 14.2 to 16.1 |
DCD CPU spike seen due to IRSD going in a loop |
| PR Number | Synopsis | Category:TCP/UDP transport layer PR Descriptions |
| 1449664 | FPC might reboot with vmcore due to memory leak |
On all Junos platforms, if the device is up for a long period (e.g. several weeks or months), there might be a slow memory leak happening in some error scenarios where an application tries to send some data on a stale TCP socket (e.g. short-lived TCP connections used by the mgd process), and this issue might lead to FPC reboot with vmcore files. |
| 1449929 | The DF flag BGP packets are dropped over MPLS LSP path |
When the mtu-discovery is configured under BGP, the DF (Don't Fragment) flag BGP packets are dropped if they go through the smaller MTU MPLS LSP path. This issue will cause the BGP session flap and the failure of BGP routes update. |
| PR Number | Synopsis | Category:VMX PFE/RIOT related issues on BBE application PR Descriptions |
| 1393660 | FPC might reboot on VMX in subscriber scenario |
On VMX in subscriber scenario, RIOT core might be observed on VMX. The respective FPC might reboot after generating RIOT core. All the traffic or service via that FPC will get impacted. |
| PR Number | Synopsis | Category:Periodic Packet Management Daemon PR Descriptions |
| 1448670 | Intra-router PPMD[RE] to PPMAN[FPC] connection could be closed if the session timeout is greater than 3 seconds in either direction. |
Optimize the PPMD to PPMAN connection's session timeout. This is to improve system resiliency when JUNOS VM temporary freeze on a Routing Engine. |
| PR Number | Synopsis | Category:PTP related issues. PR Descriptions |
| 1408178 | QFX5k : Transit traffic loss when one of LAG child interfaces deleted or deactivated |
Traffic does not pass through LAG interface on QFX5k once deleted or deactivated one of child interfaces though LAG interface is UP state. At that time, invalid vlan tag will be added to traffic. |
| 1442665 | Commit validation needed to check the Child IFDs associated with LAG interfaces for PTP |
In JunOS PTP deployment, where configured Child IFL in the PTP config and AE in the interface configuration, during PFE initialisation, PFE microcode is not able to find the correct outgoing interface OIF to send the packet to and takes the host route path leading to congestion and interfaces brought to admin down. In the software fix, it is introduced an implementation a check for restricting PTP configuration where the slave/master IFL should not be part of any AE IFL, unless explicit AE interface is provided. |
| 1451950 | RMPC core found after configuration changes done on the network for PTP/Clock Synchronization. |
RMPC core found after configuration changes done on the network for PTP/Clock Synchronization. |
| PR Number | Synopsis | Category:Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI PR Descriptions |
| 1448102 | Rebooting QFX5120-48Y using "request system reboot" doesn't take physical links offline immediately |
After rebooting QFX5120-48Y using "request system reboot", the physical link doesn't become offline immediately, which might result in traffic loss. |
| PR Number | Synopsis | Category:Interface related issues. Port up/down, stats, CMLC , serdes PR Descriptions |
| 1402588 | The MTU might change to a Jumbo default size on PFE side after deleting and re-adding the interface |
On EX and QFX platforms, if there is no manually MTU configuration, the MTU changes to be the Jumbo MTU after deleting and re-adding the interface. |
| 1430722 | Traffic impact might be seen on QFX10K platforms with interface hold-down timer configured |
For interface on QFX10K configured with hold-down timer (knob "hold-time down" is configured), if the physical link is up while the interface is still held-down on kernel due to hold-down timer running (e.g. after a reboot), the laser is still emitting and the down port is still processing incoming packets rather than dropping it. This will cause the other end to make its own interface as "UP" and might impact traffic (for example, a loop). |
| 1431900 | The optical power of interface may gradually reduce the optical power for almost 3 mins after issuing "request system reboot at now" on QFX5110/5120 |
On QFX5110/5120, optical interface like 1G/10G SFP/SFP+ may take almost 3 mins to reduce the tx power to "0" on the other end of the interface, after issuing "request system reboot at now" command. |
| 1435705 | SIB/FPC Link Error alarms might be observed on QFX10K due to a single CRC |
On QFX10002/10008/10016 platforms, the "SIB/FPC Link Error" alarms will be observed even though only one CRC (Cyclic Redundancy Check) error is encountered in a poll period. |
| PR Number | Synopsis | Category:QFX Control Plane Kernel related PR Descriptions |
| 1063645 | [SIRT]Certain QFX and EX Series devices are vulnerable to 'Etherleak' memory disclosure in Ethernet padding data (CVE-2017-2304) |
Certain QFX and EX Series devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak' and often detected as CVE-2003-0001. Refer to JSA10773 for more information. |
| PR Number | Synopsis | Category:QFX platform optics related issues PR Descriptions |
| 1337340 | On QFX5100 platforms, LR4 QSFP can take up to 15 min to come up after VC reboot |
On QFX5100 platforms, LR4 QSFPs might take take longer to come up than others (up to 15 minutes). This is a intermittent occurrence. |
| 1402127 | QSFP-100GBASE-SR4/LR4 might take a long time to come up after disabling interface or reboot |
On QFX5110 platform with QSFP-100GBASE-SR4/LR4 port used, after disabling an 100G port and then enable the port again, or reboot the device, there is a long time delay (5-15 minutes) before the ports come up. |
| PR Number | Synopsis | Category:QFX PFE Class of Services PR Descriptions |
| 1442522 | Flow control does not work as expected on 100G interface of QFX5110 |
On 100G interface of QFX5110, flow control does not work as expected. As a result, QFX5110 may stop transferring traffic when receiving a pause frame on flow control disabled interface or flow control does not work though enabling it. |
| 1445960 | CoS classifier might not work as expected |
On QFX5000 Series platforms(except for the QFX5100) in the VxLAN scenario, the traffic is not classified properly on the UNI interface which has multiple VLANs configured. |
| 1453512 | The classifier configuration doesn't get applied to the interface in an EVPN/VXLAN environment |
On QFX5100/QFX5110/QFX5120/QFX5200/QFX5210 Series platforms with an EVPN/VXLAN scenario, the classifier might not be applied to the interface successfully and all traffic flows in the best-effort queue. |
| PR Number | Synopsis | Category:QFX L2 PFE PR Descriptions |
| 1437295 | The FPC might crash if both the AE boundle flapping on local device and the configuration change on peer device occur at the same time |
On QFX platforms, the FPC might crash if both the AE (Aggregate Ethernet) boundle flapping on local device and the configuration change on peer device which can cause the interface down occur at the same time. |
| 1439073 | Interfaces configured with flexible-vlan-tagging might loss connectivity |
On QFX5000 series platform and related products (like ACX5K and EX4600), a port configured in service provider style (flexible-vlan-tagging) might lose connectivity over the native VLAN when additional tagged VLANs are added to it. The impact is that all the hosts' traffic over the designated native VLAN might be dropped. |
| PR Number | Synopsis | Category:All issues related to L3 data-plane/forwarding PR Descriptions |
| 1406242 | QFX5200/5100 might not be able to send out control plane traffic to the peering device |
On all QFX5200/5100 platforms, the router might not be able to send out control plane traffic to the peering device along with "Failed to allocate 16384 DMA memory" messages. All the routing protocols running over the affected interfaces will be down due to this issue, and therefore it impacts the service. |
| 1406242 | QFX5200/5100 might not be able to send out control plane traffic to the peering device |
On all QFX5200/5100 platforms, the router might not be able to send out control plane traffic to the peering device along with "Failed to allocate 16384 DMA memory" messages. All the routing protocols running over the affected interfaces will be down due to this issue, and therefore it impacts the service. |
| 1451032 | Tunneling encapsulated packets are dropped on L3VPN MPLS PE-CE interface |
On QFX5120/EX4650 Series switches (function as PE devices), all the L3 tunneling (e.g. IP in IP, GRE, VXLAN) packets are hitting the wrong routing table while receiving the encapsulated packets on the L3VPN MPLS PE-CE interface. This can result in a black hole issue. |
| 1458206 | Dual Tag Q-in-Q not working with EVPN-VXLAN |
In EVPN-VXLAN with retaining S-VLAN Tags and C-VLAN tags scenario, both S-VLAN and C-VLAN tags are treated as the data of a packet when it is transported. when a dual-tagged ARP packet arrives at ingress PE, the device could only recognize either untagged ARP packet or single tag ARP packet, and if it is not, the device will assume that it is not an ARP packet. Since ARP resolution fails, all subsequent communication will not happen. |
| PR Number | Synopsis | Category:RPD Interfaces related issues PR Descriptions |
| 1460181 | The "forwarding" option is missed in routing-instance type |
On PTX10008/PTX10016/QFX10008/QFX10016 Series platforms, the "forwarding" option for routing-instance type configuration is missed, it might impact the function related to this configuration. For example, FBF won't work because of the missing configuration. |
| 1460181 | The "forwarding" option is missed in routing-instance type |
On PTX10008/PTX10016/QFX10008/QFX10016 Series platforms, the "forwarding" option for routing-instance type configuration is missed, it might impact the function related to this configuration. For example, FBF won't work because of the missing configuration. |
| PR Number | Synopsis | Category:RPD Next-hop issues including indirect, CNH, and MCNH PR Descriptions |
| 1401322 | The traffic might be always taking the backup path though primary path is available in BGP-PIC scenario |
In BGP-PIC case, if a route R1, resolves on top of multipath-route R2, where R2 has primary and backup indirect-nexthops, it will be better if backup leg is not used for resolution of R1. There is no impact on any existing CLI commands. Backup path should be never used when primary path is available. |
| 1424819 | The rpd keeps crashing after changing configuration |
In the ECMP (Equal-Cost Multipath) environment with existing more than 8 multipath for a given route, changing configuration (e.g. delete routing protocol IGP or LSP) is trying to delete a software structure which was already corrupted sometime earlier due to memory corruption, and this may cause the rpd to keep crashing. This issue applies to all types of nexthops with multipath. |
| 1430244 | "Protect core" configured router may send "ipfix" sampling packets with wrong next-hop information |
A "protect core" configuration router may send out "ipfix" information with an incorrect "next-hop" value - "0.0.0.0" - when the router receives the router from iBGP neighbors and eBGP neighbors with the same local-preference value. |
| PR Number | Synopsis | Category:security-intelligence feature on SRX PR Descriptions |
| 1424287 | 19.2DCB:SRX-RIAD:vSRX3.0:SKYATP: Dynamic IP entries are not rendered with CLI "show security dynamic-address category-name Whitelist feed-name whitelist" |
"show security dynamic-address category-name Whitelist feed-name whitelist" is not working show security dynamic-address category-name feed-name command is not working |
| PR Number | Synopsis | Category:MX10003/MX204 MPC defects tracking PR Descriptions |
| 1445508 | The 1G interface on MX204 might stay down after the device is rebooted |
On MX204 platform, the interface with the parameter "speed 1g" configured might stay down after the device is rebooted. This is a timing issue. |
| PR Number | Synopsis | Category:sync-e related issues. PR Descriptions |
| 1439025 | Incorrect values in JUNIPER-TIMING-NOTFNS-MIB |
There were incorrect values in JUNIPER-TIMING-NOTFNS-MIB table (.1.3.6.1.4.1.2636.3.75.1). |
| 1453436 | Incorrect output in 'show snmp mib walk jnxTimingNotfnsMIB.3' |
The values displayed in the output of 'show snmp mib walk jnxTimingNotfnsMIB.3' are not correct. This MIB table is responsible for Timing feature defect/event notification. |
| PR Number | Synopsis | Category:Issues related to broadband edge apps (PPP, DHCP) on Trio ch PR Descriptions |
| 1446546 | Accurate statistics may not include packets forwarded during the last two seconds before subscriber termination |
In a subscriber-management environment, Accounting-Stop packets may not include packets forwarded during the last two seconds of the subscriber session. |
| PR Number | Synopsis | Category:Trio pfe stateless firewall software PR Descriptions |
| 1357531 | A nested filter used by multiple filters in the same filter list causes FPCs continuous crash |
In filter list (input-list/output-list) scenario, when the filters in the same filter list refer to a same nested filter, the FPC might crash continuously. The issue results in traffic loss during FPC crash and reboot. |
| PR Number | Synopsis | Category:Configuration mgmt, ffp, load-action, commit processing PR Descriptions |
| 1410322 | The configuration database might not be unlocked automatically if the related user session is disconnected during the commit operation in progress |
Configuration database can remain locked after the ssh session is halted. |
| PR Number | Synopsis | Category:V44 Aggregation Device Platforms PR Descriptions |
| 1412781 | Junos fusion / v44 / Incorrect power values for extended optical ports |
On junos fusion setup there is no support to read rx power values considering internal calibration. Hence low rx power values are read across satellite node interfaces. This stands addressed through revised SNOS image. SNOS images carrying fix : 3.5R1.4 and 3.2R4.8 Issue would not be seen on JUNOS compatible with these images. |
| PR Number | Synopsis | Category:VMHOST platforms software PR Descriptions |
| 1436201 | ifHCInOctets counter on AE interface going to ZERO value when snmp mib walk execute. |
Customer found ifHCInOctets counter on AE interface going to ZERO when snmp gets those value via both CLI and remote snmp get commands. |
| PR Number | Synopsis | Category:VNID L2-forwarding on Trio PR Descriptions |
| 1461860 | Traffic received from vtep gets dropped if the VNI value used for type-5 routes is greater than 65535 |
With EVPN-VXLAN on MX platforms, the packets received from vtep would be dropped by PFE (Packet Forwarding Engine) if the VNI value used for type-5 routes is exceeding 65535. |
| PR Number | Synopsis | Category:Virtual Private LAN Services PR Descriptions |
| 1428862 | VPLS neighbors might stay in down state after configuration changes in vlan-id |
On all Junos platforms with NSR enabled, under EVPN-VPLS scenario, the VPLS neighbors might stay in down state after configuration changes in vlan-id. |
Security Alerts and Vulnerabilities
Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search