Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles18.2R3-S2: Software Release Notification for JUNOS Software Version 18.2R3-S2
Junos Software service Release version 18.2R3-S2 is now available.
| PR Number | Synopsis | Category:QFX PFE L2 |
|---|---|---|
| 1455161 | Unequal LAG hashing might happen on QFX devices |
On QFX5100/QFX5110/QFX5120/QFX5200/QFX5210 Series platforms with load-balance configuration, the uneven traffic distribution might be seen on the link aggregation group (LAG) interfaces. |
| PR Number | Synopsis | Category:Class of service in forwarding daemon |
| 1439401 | The COS rewrite rule does not work for st0 interface |
On NFX platforms, when COS rewrite rule is configured for st0 interface, the COS value will not take effect on corresponding forwarding class. It causes the COS not to work as expected. This issue has traffic impact. |
| PR Number | Synopsis | Category:EX Chassis Interface Handling |
| 1441035 | The ports of the EX device might stay in up state even if the EX46XX/QFX51XX series device is rebooted |
With DAC cable used between EX46XX/QFX51XX series device and EX device, during rebooting the EX46XX/QFX51XX series device, the ports on EX device might still stay up. |
| PR Number | Synopsis | Category:Optical Transport Interface |
| 1429279 | After member interface flapping AE remains down on 5X100GE DWDM CFP2-ACO PIC |
On 5X100GE DWDM CFP2-ACO PIC on PTX series platforms, if any AE member interface flaps, the AE interface might stop receiving the LACP RX packets and fail to come up. It can be recovered by disabling/enabling the AE interface. |
| PR Number | Synopsis | Category:Multicast Routing |
| 1443713 | PIM (S,G) joins can cause MSDP to incorrectly announce source active messages in some cases |
In the event of a network running: 1) a first-hop PIM router also being a rendez-vous point (RP); and 2) anycast RP in conjunction with MSDP; and 3) any-source multicast; and 4) a PIM last-hop router sending an (S,G) join when there is no traffic in the network matching the source and group, the first-hop RP will incorrectly send MSDP source-active messages to other MSDP peers. In other cases such as when the RP is not the first-hop PIM router, the traffic source needs to originate packets before the RP would originate MSDP source-active messages. |
| PR Number | Synopsis | Category:Track veHostd, vmm-sdk issues on Mt Rainier RE |
| 1448413 | vehostd Application failed Minor alarm |
Automatic restart of vehostd might fail and the following Minor alarm is seen with 'show system alarms' or 'show chassis alarms'. VMHost RE 0 host vehostd Application failed or VMHost RE 1 host vehostd Application failed The process can be restarted manually in affected releases. After the fix of this PR, the process restart is handled properly. |
| PR Number | Synopsis | Category:RPD route tables, resolver, routing instances, static routes |
| 1459384 | The rpd memory leak might be observed on backup routing engine due to BGP flap |
In a BGP scenario when certain routes are flapping frequently, it could lead to rpd memory leak on backup Routing Engine. The rpd might crash and restart once the rpd runs out of memory for certain junos releases. |
| PR Number | Synopsis | Category:Engineering request for regressed image from System Test |
|---|---|---|
| 1460087 | Storage space limitation leads to image installation failure during Phone home on ex2300 and ex3400 platforms. |
Storage space limitation leads to image installation failure during Phone home on ex2300 and ex3400 platforms. |
| PR Number | Synopsis | Category:L2NG RTG feature |
| 1440574 | MAC addresses learned on RTG may not be aged out after a Virtual-Chassis member rebooted |
There is a sequence issue when Virtual-Chassis(VC) member rebooted in aggregated interface. After reboot VC member, Routing Engine(RE) kernel inject mac entry to FPC that rebooted. Because of the sequence issue, RE added mac entry, originally source mac entry, to FPC as remote mac entry. And mac entry is never be aged out because it is remote entry. |
| PR Number | Synopsis | Category:EX4300 PFE |
| 1436642 | The FPC/pfex crash may be observed due to DMA buffer leaking |
On EX2300/EX3400/EX4300/EX4600 platforms, DMA buffer leaking may be hit once the next-hop of received traffics is not resolved and eventually to cause an FPC/pfex crash if the DMA buffer runs exhaustion. |
| PR Number | Synopsis | Category:EX4300 Virtual Chassis |
| 1449206 | Current MAC address might change when deleting one of the multiple L3 interfaces |
Current MAC address might change when deleting one of the multiple L3 interfaces and it has traffic impact when this issue occurs. |
| PR Number | Synopsis | Category:EX2300 & EX3400 PFE |
| 1423310 | IPv6 multicast traffic received on one VC member might be dropped when egressing on other VC member if MLD snooping is enabled |
With MLD snooping enabled, IPv6 multicast traffic might be dropped on Virtual Chassis (VC) if ingress and egress interfaces are on different VC members. |
| 1446844 | The traffic might be dropped when a firewall filter rule uses 'then vlan' as the action in a VC scenario |
If a firewall filter is configured with the action 'then vlan' in a VC scenario on some specific platforms (e.g., EX2300/EX3400/EX4600/QFX5100...), some of the traffic which matches that filter might be dropped. |
| 1448071 | Unicast arp requests are not replied with no-arp-trap option. |
When unicast arp request is received by EX3400/QFX5100 switch and it is configured with "set switch-options no-arp-trap option", the arp request may not be replied. This has been fixed and unicast ARP request will be replied even with "set switch-options no-arp-trap option" configuration. |
| PR Number | Synopsis | Category:EX2300 & EX3400 platform |
| 1428627 | The phone-home feature does not work because the date is wrong |
If an EX2300 or EX3400 device is kept powered off for a long time, when powering it on, the time is set incorrectly either to epoch or to a time in future. This can cause failure of phone-home zero touch provisioning since it relies on certificates to set up secure connection to the phone-home server. |
| 1452209 | On EX3400 with half duplex mode on 10M or 100M speed at medium traffic egress traffic flow may stop on the port and MAC Pause frames will be incrementing on Receive direction |
On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow. |
| PR Number | Synopsis | Category:EX2300 & EX3400 VC |
| 1422507 | The interface on failed member FPC of EX2300/EX3400 virtual-chassis may stay up 120 seconds |
On EX2300/EX3400 virtual-chassis setup, the interface on failed member FPC retains as up state for 120 seconds. This issue will cause traffic loss of about 120 seconds. |
| PR Number | Synopsis | Category:QFX Access control list |
| 1441444 | QFX5210: Firewall Filter DSCP Action Modifier does not work when Firewall Filter is mapped to IRB |
When applying a firewall filter, which has a modifier to change the DSCP value of a packet, to an IRB interface, the action modifier has no effect. |
| PR Number | Synopsis | Category:QFX PFE CoS |
| 1449645 | Qfx10008: FPC0 cored after running the pfe command "show cos sched-usage" |
Without this fix, the PFE cli "show cos sched-usage" will restart QFX10008's forwarding plane |
| 1452013 | "show cos scheds-per-pfe" and "show cos pfe-scheduler-ifds" pfe commands will restart forwarding planes on QFX10008 switches |
Without this fix, "show cos scheds-per-pfe" and "show cos pfe-scheduler-ifds" PFE cli will cause the forwarding plan to restart on QFX10008 switches. See also PR1449645 |
| PR Number | Synopsis | Category:QFX PFE L2 |
| 1453430 | In VC scenario traffic drop might be seen when one VC member reboots and rejoins the VC |
On QFX5K or EX4600 VC (Virtual-Chassis) scenario, when VSTP is enabled and one AE interface is used, if one member reboots and rejoins the VC, some packets drop might be seen. |
| 1467763 | The fxpc.core might be seen when committing the configuration all together, e.g., after the reboot |
On EX2300/3400/4300/4600 and QFX Series switches except for QFX10k, if committing the configuration all together (e.g., after the reboot), the fxpc/PFE core dump might be found. In the Virtual Chassis scenario, the VC members might be splitted because the VC ports might not be created in time. |
| PR Number | Synopsis | Category:QFX L3 data-plane/forwarding |
| 1432023 | The fxpc core might be seen during the reboot of device on QFX5100/EX4600 switches. |
On QFX5100/EX4600 switches due to Bad Chip ID, an fxpc core can be seen during the device reboot. This is due to a transient error related to a chip where vendor tries to get the chip ID and it results in improper info. |
| 1441402 | Traffic might be dropped after the QinQ enabled interface is flapped or a change is made to the vlan-id-list |
On QFX5K/EX4600 with SP (Service Provider) style VLAN configuration (in this method, each VLAN-ID is locally significant to a physical interface), if interface-mac-limit/mac-table-size is configured (i.e. software MAC learning is enabled) and the scale of MAC addresses on the box is more than 2000, traffic might be dropped after QinQ enabled interface is flapped or a change is made to the vlan-id-list. |
| 1451217 | MPLS LDP may still use stale MAC of the neighbor even the LDP neighbor's MAC changes |
On EX/QFX/ACX platforms, when there is MAC change for LDP neighbor and IP remains the same, ARP update is proper but MPLS LDP may still use the stale MAC of the neighbor. If there is any application/service such as MP-BGP using LDP as next-hop, all transit traffic pointing to the stale MAC will be dropped. |
| 1457725 | The IGMP snooping on QFX5110/QFX5129 leaf devices might cause multicast packets to be looped in case of multihomed scenario |
In an EVPN/VXLAN multihomed environment with QFX5110/QFX5120 acting as leaf devices, if the IGMP snooping is used, IGMP snooping might override the local bias filters on Designated Forwarder (DF) and Non-Designated Forwarder (NDF) devices, and forwards the packets causing multicast packets loops. |
| 1460688 | The egress interface in PFE for some end-hosts may not be correct on the layer 3 gateway switch after it is rebooted |
On edge-routed bridging (ERB) EVPN-VXLAN multihoming designs with QFX5110 and QFX5120 switches work as Layer 3 gateways, in some rare condition, when one of the switches acting as L3 gateway comes up after reboot, the egress interface in PFE for some end-host may not be updated to the correct next-hop interface in the hardware on that gateway. This issue cause traffic disruption for the affected end host |
| PR Number | Synopsis | Category:This is for Hw & Sw issues which are special for SPC3 car |
| 1429899 | Packet loss by FPGA backpressure on SPC3 |
On SRX5000 Series devices with an SPC3 card, sometimes very small amount of packet loss is observed. |
| PR Number | Synopsis | Category:accounting profile bugs |
| 1446762 | [MX204] Input/Output counters of AE bundle/member links configured on non-default logical systems are not updated |
On MX204, Input/Output counters of AE bundle and its member links defined in non-default logical systems are not updated. |
| 1452363 | The pfed might crash and not be able to come up on the PTX or TVP platforms |
The flow label statistics are retrieved periodically by pfed for PTX or TVP platforms, if the statistics reply becomes very big number, the pfed might crash hence affecting traffic. |
| PR Number | Synopsis | Category:ACX L2 related features |
| 1461831 | ACX platform LLDP neighbour not up on lag after software upgrade to 18.2R3-S1 |
In case of acx platform, if LLDP is configured on lag interfaces, it will not work. |
| PR Number | Synopsis | Category:Interfaces IFD, IFL, vlans, etc and Brcm init for ACX |
| 1411015 | The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx |
The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx. |
| PR Number | Synopsis | Category:access node control protocol daemon |
| 1453826 | The ANCP interface-set QoS adjusts may not be processed |
In the MX subscriber management scenario, partial ANCP (access node control protocol) interface-set QoS adjusts may not be processed when configuring protocol ANCP for subscriber management. This issue may cause subscriber's QoS attributes are not expected to CoS (class of service) policy. |
| 1453837 | DT_BNG: ANCP subscriber information is lost after daemon restart |
Cosmetic issue that affects only CLI. Radius, L2tp etc. are unaffected. CLI issue is seen after ANCP restart and before ANCP neighbor is re-established and port-ups are received. Under normal working conditions, after ANCP restart, the port-ups should be received right away and the CLI issue will be never seen. |
| PR Number | Synopsis | Category:a20a40 specific issue |
| 1465159 | The AE interface cannot be configured on SRX4600 |
On SRX4600 platform, the Aggregated Ethernet (AE) interface cannot be configured for channelized port. The commit will fail for corresponding configuration. This issue has function impact. |
| PR Number | Synopsis | Category:common or misc area for SRX product |
| 1437098 | LACP traffic distributed evenly on ingress child links but not on egress links |
On SRX5k with SPC3 and SRX4600 platforms, the distribution of traffic over Link Aggregation (LAG) member ports does not take into account layer 4 port information. |
| PR Number | Synopsis | Category:srx5k service offloading related PR |
| 1436421 | On an SRX4600 device, core file generation might be observed and SPM might be in present state. |
On SRX4600 devices, in rare cases, FPC0 and/or FPC1 may stay in Present state at boot and never come Online or may move to Present state during operation. When this occurs, J-Ukernel crashes and multiple chassis alarms may be observed. The reason is that the power chip doesn`t produce the right voltage. The fix is to set the right voltage (through upgrading the Jfirmware version). It would affect the traffic. |
| 1436421 | On an SRX4600 device, core file generation might be observed and SPM might be in present state. |
On SRX4600 devices, in rare cases, FPC0 and/or FPC1 may stay in Present state at boot and never come Online or may move to Present state during operation. When this occurs, J-Ukernel crashes and multiple chassis alarms may be observed. The reason is that the power chip doesn`t produce the right voltage. The fix is to set the right voltage (through upgrading the Jfirmware version). It would affect the traffic. |
| PR Number | Synopsis | Category:Junos Fusion Infrastructure |
| 1447873 | Reachability issue of the host connected to the SD might be affected in Junos Fusion Enterprise environment with EX9200 series devices as AD |
In a Junos Fusion Enterprise environment, when traffic originates from a peer device connected to the aggregation device and the ICL is a LAG, there might be a reachability issue if the cascade port is disabled and traffic has to flow through the ICL LAG to reach the satellite device. As a workaround, use single interface as the ICL instead of a LAG. |
| PR Number | Synopsis | Category:BBE interface related issues |
| 1438621 | Subscriber flows might not be synchronized between AE members on MX-VC platforms |
On MX-VC platforms with large scale subscriber setup (subscriber scale exceeds or approximates to recommended limit), when back-to-back commit operations (within 2 minutes) are performed to delete and re-add an AE member interface, GENCFG errors might be observed while publishing subscriber flows. This results in subscriber flows not synchronize between AE members and subscriber traffic will be affected. |
| PR Number | Synopsis | Category:Subscriber Management routing |
| 1439905 | The bbe-smgd core dumps is seen after restarted |
In subscriber scenario, if restart the bbe-smgd when routes are being deleted, the bbe-smgd might crash and all the subscribers can be affected. |
| 1458369 | The subscriber routes are not cleared from backup RE when session is aborted |
On MX platforms with enhanced subscriber enabled, the subscriber routes might not be cleared from backup RE when session is aborted. The bbe-smgd memory leak might be seen on the backup RE and subscribers could not login after switchover. |
| PR Number | Synopsis | Category:Border Gateway Protocol |
| 1351639 | The rpd crashes in JunOS 16.1 or higher during BGP convergence |
In JunOS 16.1 or higher, during BGP convergence, the input/output thread constructing the outgoing BGP PDU and manipulating the path attributes before hand-off the data to the socket. If this PDU length is zero, it will trigger an assertion and routing-protocol demon is restarting. |
| 1423647 | Route churn might be seen after changing maximum-prefixes configuration from value A to vlaue B |
In BGP setup configured with VPN families (inet-vpn, inet6-vpn, l2vpn, evpn or mvpn), route churn might be seen after changing maximum-prefixes configuration from value A to value B, it causes rpd CPU usage to be hogged for about an hour. |
| PR Number | Synopsis | Category:Subscriber Management Remote Access Server |
| 1460578 | DHCPv6 subscribers might be stuck in a state after the authd process crash |
On MX platform with DHCPv6 subscriber scenario, after the authd process crash happens, the subscribers might be stuck in a state and can not come online until restarting the jdhcpd and smid process. The authd process crash is a rare issue which might be caused by the system clock was adjusted in some manner. |
| PR Number | Synopsis | Category:MX Platform SW - Mastership Module |
| 1424187 | The system does not reboot or halt as configuration when encountering the disk error |
When the system encounters disk error or halted system (ex. memory leak), the chassisd might go in hung state with the blow error messages even though "disk-failure-action reboot" or "disk-failure-action halt" is configured. |
| PR Number | Synopsis | Category:L2NG Access Security feature |
| 1451688 | DHCP Snooping static binding not take effect after deleting and re-adding the entries |
From Junos OS release 14.1X53-D15/15.1R1 and above, due to a software defect, DHCP Snooping static binding may not take effect after deleting and re-adding the entries with commit. As a workaround, we can use "commit full" after the configuration changes. |
| PR Number | Synopsis | Category:QFX Control Plane VXLAN |
| 1441047 | The specific source-ports of UDP packet are dropped on EVPN/VXLAN setup |
On QFX5120 EVPN/VXLAN scenario, in a rare condition, the specific source-ports of UDP packets (41070 or 52870) are wrongly hitting wrong internal VXLAN implicit filter (system level and unable to configure), causing these two kinds of UDP packet loss/service degradation on UDP service. |
| 1441047 | The specific source-ports of UDP packet are dropped on EVPN/VXLAN setup |
On QFX5120 EVPN/VXLAN scenario, in a rare condition, the specific source-ports of UDP packets (41070 or 52870) are wrongly hitting wrong internal VXLAN implicit filter (system level and unable to configure), causing these two kinds of UDP packet loss/service degradation on UDP service. |
| 1453865 | JDI-RCT: EVPN-VXLAN NON-COLLAPSED:ARP will get resolved on QFX5100 for Vxlan having vlan-id of 2 |
When there is a vxlan with vlan -id of 2 on a QFX5100, ARP will not get resolved. |
| PR Number | Synopsis | Category:QFX xSTP Control Plane related |
| 1443489 | Non-Designated port is not moving to backup Port role |
After converging VSTP, if there is a VSTP configuration change and then BPDU might not be flooded because of which port role might be in incorrect state in the adjacent switches. There is no loop created in the network. |
| 1453505 | Config change in VLAN all option might affect the per-VLAN configuration |
The VLAN specific parameters might not be used if configuring VLAN all option and VLAN specific config. |
| PR Number | Synopsis | Category:Device Configuration Daemon |
| 1445370 | VRRP-V6 state is flapping with init and idle states after configuring vlan-tagging |
VRRP-V6 state is flapping with init and idle states after configuring vlan-tagging |
| PR Number | Synopsis | Category:Firewall Filter |
| 1465093 | On MX10008 and MX10016 routers policer bandwidth-limit cannot be set higher than 100g |
|
| PR Number | Synopsis | Category:Ethernet OAM (LFM) |
| 1425804 | Upgrade from pre 17.4R1 release results in cfmd coredump |
On MX/ACX series, in CFM ethernet OAM scenario, after the upgrade from 17.4 onwards, the cfmd coredump might be seen after committing configuration on CFM (connectivity-fault-management). |
| PR Number | Synopsis | Category:EVPN control plane issues |
| 1461677 | In EVPN scenario memory Leak might be observed when proxy-macip-advertisement is configured |
In EVPN scenario if "proxy-macip-advertisement" knob is configured, it might cause memory leak. Traffic would be impacted in case the memory leak is not stopped. |
| PR Number | Synopsis | Category:EVPN Layer-2 Forwarding |
| 1435306 | Asynchronous between ARP table and Ethernet switching table happens if EVPN ESI link flap multiple times |
There are 2 issues in this PR. Issue 1: On QFX5000 platform, if EVPN Ethernet Segment Identifier (ESI) link flaps multiple times, ARP entry points to incorrect IFL (RVTEP or AE IFL), so that asynchronous between ARP table and ethernet switching table happens. Issue 2: On all junos platform, if EVPN ESI link flaps multiple times, ARP entry is not cleaned up and remain in only one of the PE programmed incorrectly( ESI is configured in EVPN multihoming scenario), so that asynchronous between ARP table and ethernet switching table happens. |
| 1455973 | Instance type is changed from VPLS to EVPN and this results in packet loss |
In VPLS to EVPN migration scenario, when the routing-instance type is changed from VPLS to EVPN, short-lived loss of traffic is seen. |
| 1459830 | ARP request/NS might be sent back to the local segment by DF router |
Under EVPN multihoming mode, if ARP Request or Neighbor Solicitation (NS) message encapsulated in Dual Tagged VLAN arrives at the DF(designated forwarder) which may send it back to the local segment as it was, that might cause a loop and at last, overwhelms the device. Note: It will not happen with normal broadcast traffic. BDF(backup designated forwarder)does not have this behavior. |
| PR Number | Synopsis | Category:Express PFE L2 fwding Features |
| 1407347 | No inner vlan tag is added even with "input-vlan-map push" configured on QFX10000 platforms |
On QFX10002/10008/10016 platforms working in Layer 2 serivce provider scenario, if "input-vlan-map push" is configured, the device might send packets which is not added with inner vlan tags, in this case, the packets will be dropped by the peer receiver which expects double-tagged packets. |
| PR Number | Synopsis | Category:SRX1500 platform software |
| 1431380 | Packet Forwarding Engine crashes might be seen on SRX1500 platform. |
PFE crashes might be seen on SRX1500 platform when the secondary node gets power-off on chassis cluster. A core file will be generated and there will be temporary traffic interruption. |
| 1431380 | Packet Forwarding Engine crashes might be seen on SRX1500 platform. |
PFE crashes might be seen on SRX1500 platform when the secondary node gets power-off on chassis cluster. A core file will be generated and there will be temporary traffic interruption. |
| PR Number | Synopsis | Category:Interface Information Display |
| 1439440 | Mgd processes increase as the mgd processes are not closed properly |
On SRX platforms, sometimes the mgd processes are not properly closed. As a consequence, many mgd instances are unnecessarily left running. |
| PR Number | Synopsis | Category:Kernel software for AE/AS/Container |
| 1459692 | In MC-LAG scenario traffic destined to VRRP virtual MAC gets dropped |
When VRRP (virtual router redundancy protocol) is configured on MC-LAG (multichassis link aggregation groups), traffic destined to VRRP virtual MAC address might get dropped because the virtual MAC is not correctly programmed in PFE (packet forwarding engine). |
| PR Number | Synopsis | Category:SFP GE |
| 1453919 | The severity level log might be flooded when the QSFP-100GE-DWDM2 is inserted |
When the QSFP-100GE-DWDM2 is inserted on the device, the harmless severity level log might be flooded periodically by this optic transceiver. There is no impact on this issue. |
| PR Number | Synopsis | Category:Integrated Routing & Bridging (IRB) module |
| 1440696 | DHCP offer packets towards IRB over LT interface getting dropped in DHCP relay enviroment |
In DHCP relay enviroment, the DHCP offer packets from server might get dropped towards IRB (Integrated Routing and Bridging) over LT (Logical Tunnel) interface. |
| PR Number | Synopsis | Category:ISIS routing protocol |
| 1455994 | Prefix SID conflict might be observed in ISIS |
In an ISIS segment routing scenario, prefix SID(Segment Identifier) might conflict for internal prefixes. When ISIS L2 to L1 route leaking policy is used after NSR(Nonstop active Routing), it is observed that the L1/L2 router appears to be leaking some prefixes twice, second time setting SID and all flags to 0 due to which all the SIDs have conflicting values as '0' which might cause traffic loss. |
| PR Number | Synopsis | Category:jdhcpd daemon |
| 1435039 | DHCP request may get dropped in DHCP relay scenario |
In DHCP relay scenario, if the device (DHCP relay) receives a request packet with option 50 where the requested IP address matches the IP address of an existing subscriber session, such request packet would be dropped. In such a case the subscriber may need more time to get IP address assigned. The subscriber may remain in this state until it's lease expires if it has previously bound with the address in the option 50. |
| 1464267 | The repd process is not working in Junos releases 18.2R3-S1 and 18.2R2-S5 on some low-end Junos platforms |
In Junos releases 18.2R3-S1 and 18.2R2-S5, on some low-end Junos platforms which have only 4G RAM (Random Access Memory ) memory or smaller (e.g. all low-end SRX), the repd process is not working. The issue results in the subscriber services like DHCP (Dynamic Host Configuration Protocol), authentication can't be synchronized to the standby RE (Routing engine). In this case, if upgrade/GRES (Graceful Routing Engine Switchover) is performed, the synchronization between the REs via the repd process fails, which results in subscriber services like DHCP, authentication can't work on the new RE after the upgrade/GRES. There is no restoration for the repd process. However, the service affected by the repd synchronization can be recovered by restart the service or reboot the device. |
| PR Number | Synopsis | Category:JFlow bug tracker for SRX platforms |
| 1446996 | The jflow version 5 stops working after changing input rate value. |
The jflow version 5 stops working after changing "input rate" value. No sampling packet will be generated when this issue occurs. The issue will restore after system reboot. |
| PR Number | Synopsis | Category:Application aware Quality-of-Service |
| 1446080 | The flowd process core files might be seen when the traffic hits AppQoS policy. |
On SRX platforms, when the traffic matches a rule that triggers AppQoS policy and this policy type is Unified Security Policies ('match dynamic-application' is used), in rare case, the flowd core dump might be seen. It might cause that the device stops forwarding traffic. |
| PR Number | Synopsis | Category:Firewall Authentication |
| 1457570 | The same source-ip sessions are cleared when the IP entry is removed from uac table |
When uac entry is removed, all sessions which has the erased ip on uac are cleared regardless of uac-policy. |
| PR Number | Synopsis | Category:Flow Module |
| 1421497 | The after-NAT IP fragment packet might be dropped by firewall filter |
If firewall filter is configured on incoming interface that only allow pre-NAT IP packet, the after-NAT fragment packet might be dropped by firewall filter. |
| 1426090 | SRX5000 in Mixed-mode: Failed to clear sessions on SPC2 with error message "error: usp_ipc_client_recv_:ipc_pipe_read() failed read timed out after 5 second(s)" |
On the SRX5000 with SPC2 and RE3 mixed mode used, clearing sessions on SPC2 may fail. |
| 1434757 | Intermittent packets drop might be observed if IPsec is configured. |
On all SRX platforms with Junos 18.2R1 onwards, if IPsec VPN is configured, intermittent packets drop might be seen. |
| 1458727 | Optimizations were made to improve the connections-per-second performance of SPC3 |
Optimizations were made to improve the connections-per-second performance of SPC3 |
| PR Number | Synopsis | Category:JSR Infrastructure |
| 1445791 | The show security flow session command fails with error messages when SRX4100 or SRX4200 has around 1 million routing entries in FIB. |
On SRX4100/SRX4200 platforms, once 1 million Routing Information Base (RIB)/Forwarding Information Base (FIB) routes entries are present on the device, an error might be returned after issuing "show security flow session" or other Command-Line Interface (CLI) which requires the information from Packet Forwarding Engine (PFE). |
| PR Number | Synopsis | Category:interfaces and zones for junos js software |
| 1452488 | SRX Chassis Cluster control link remains up even though the control link is actually down |
On SRX1500/4100/4200/4600 and vSRX2.0/3.0 platforms, the Chassis Cluster (HA, High Availability) control link remains up even though the control link is actually down. The failover cannot be executed in this situation and this issue has traffic/service impact. |
| PR Number | Synopsis | Category:all logging related bugs on srx platforms |
| 1435352 | The rtlogd daemons on HA RE nodes go into deadlock status |
The rtlogd daemons on the two RE HA nodes go into deadlock status when rtlogd on both nodes are busy with sending data to each other in the single thread context. |
| PR Number | Synopsis | Category:Firewall Policy |
| 1419983 | The NSD process might stop due to a memory corruption issue |
The NSD process might stop due to a memory corruption issue. As a result, security-related configurations cannot be committed on SRX Series device and core files are generated. |
| 1458639 | The nsd process may get stuck and cause problems |
On all SRXs that have policy counter configured, there is a potential risk where the network-security daemon (NSD) on the RE could not communicate with its PFE counterpart (NSD-PFE) after either a HA failover, control link down, or PFE restart. At that point, it could no longer respond to network-security related commands and will not be able to complete coldsync for a newly joined node in HA environment. |
| PR Number | Synopsis | Category:IPSEC/IKE VPN |
| 1444730 | The IPsec VPN traffic drop might be seen on SRX Series platforms with NAT-T scenario. |
On SRX platforms, when NATT (NAT-Traversal) is used for an IPsec VPN tunnel, the traffic through the tunnel may stop forwarding after a rekey. |
| 1446078 | IPSec tunnels with distribution profile configuration will be renegotiated after perform RG0 failover on SRX5K with SPC3 |
On SRX5400, SRX5600 or SRX5800 with SPC3, when IPSec tunnels are set up with distribution profile configuration and chassis cluster is configured, the tunnels will be renegotiated after perform RG0 failover. There will be traffic interruption until it is restored automatically. |
| 1449296 | Sometimes old SAs are not deleted after rekey and the number of IPSec tunnels shows up more than the configured tunnels |
On SRX5000 series with SPC3 card, sometimes old SAs are not deleted after rekey and the number of ipsec tunnels shows up more than the configured tunnels |
| 1456301 | IPSec VPN tunnels are losing routes for traffic selector randomly while tunnel is still up, causing traffic loss of these IPSec VPN tunnels. |
Randomly in IKEv1 mode, IPSec VPN tunnels are getting disconnected with the other router being the peer node. Due to this, the traffic selector routes are getting deleted and causing traffic complete loss of these VPN tunnels. Adding static routes can help to avoid traffic loss, while at the same time, the affected tunnels will still flap. |
| PR Number | Synopsis | Category:Security platform jweb support |
| 1410401 | Junos OS: Session fixation vulnerability in J-Web (CVE-2019-0062) |
A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. Please refer to https://kb.juniper.net/JSA10961 for more information. |
| 1446990 | The idle-timeout for J-Web access doesn't work properly. |
The default idle-timeout value for J-Web access is 30 minutes. |
| 1448541 | J-Web fails to display the traffic log in event mode when stream mode host is configured |
On SRX Series devices, configure event mode logging for displaying the traffic log in J-Web. But when a stream mode host is configured under security/log, J-Web is no longer able to display the traffic log. |
| 1461599 | Editing Destination-NAT rule in J-Web introduces a non-configured routing-instance field |
When a new Destination-NAT pool is added, the routing-instance field does not need to be filled. But, when the same pool is edited and no changes have been added, the routing-instance is auto-populated and needs a commit, which is not expected. This happens only via GUI. |
| PR Number | Synopsis | Category:Layer 2 Circuit issues |
| 1418870 | The rpd crash might be seen if l2circuit/local-switching connections flap continuously |
On all Junos platforms, if there are multiple interfaces configured under a single l2circuit/local-switching, and each of these interfaces has a description field configured under them, when l2circuit/local-switching connections flapping continuously, memory usage increment might happen, eventually, it will result in rpd crash because of running out of memory. |
| PR Number | Synopsis | Category:Layer 2 Control Module |
| 1450832 | VLAN config change with l2ald restart might cause Kernel sync issues and impact forwarding |
On all Junos platforms including MX, EX, QFX and SRX devices, VLAN config change with l2ald restart might cause Kernel sync issues and impact forwarding. The "show route forwarding table" may show dead BDs, MACs and the "show vlans extensive" may show the state as destroyed. |
| 1469635 | Memory leak on l2cpd process might lead to l2cpd crash |
On all Junos platforms with l2cpd (Layer-2 control protocols) daemon, committing configuration changes which are processed by l2cpd (e.g., flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, family ethernet-switching) might cause marginally memory leak. Committing the l2cpd processed configuration changes in a successive manner might cause the memory resource exhaustion (Some operations have the same effect as the committing action, e.g., bouncing a vlan-tagged interface in a successive way). Eventually, it could result in the l2cpd process crash. |
| PR Number | Synopsis | Category:Label Distribution Protocol |
| 1451157 | The LDP route timer is reset when committing unrelated configuration changes |
The LDP route timer is reset due to committing unrelated configuration changes. As usual, the "route timer reset" implies route churn, but LDP itself is not affected as there is no real nexthop change in the case of configuration commit with unrelated changes. However, protocols using the LDP route as protocol nexthop may be impacted. |
| 1460292 | High CPU usage and rpd coredump might be observed if "ldp track-igp-metric" is configured and IGP metric is changed |
If "protocols ldp track-igp-metric" is configured, metric change of IGP route might cause high CPU usage and rpd coredump on the device. |
| PR Number | Synopsis | Category:Multiprotocol Label Switching |
| 1433287 | SRLG entry shows Uknown after removing it from configuration in show mpls lsp extensive output or show mpls srlg. Shows Unknown-0xXX (XX will vary) |
After deleting srlg from an interface under (protocols -> mpls or routing-options -> srlg, Unkown-0xXX (XX will vary) can be seen in the output of show mpls srlg and under show mpls lsp extensive for previously configured LSPs. No known impact due to these Unknown entries. |
| PR Number | Synopsis | Category:Multicast Routing |
| 1457228 | Few seconds of traffic drop might be seen on the existing receivers when another receiver joins/leaves |
With "protocol igmp-snooping" configured, if some receiver joins/leaves a group, few seconds of traffic drop might be seen on the existing receivers. |
| PR Number | Synopsis | Category:Fabric Manager for MX |
| 1451958 | [MX] Error dropped packets seen on MQ/XM based MPC cards though there is no traffic flowing through the system |
After fixing PR 1338647, Error dropped packets are seen on MQ/XM based MPC cards, though there is no traffic flowing through the system. |
| PR Number | Synopsis | Category:SW PRs related to Vale Edge (MX10K) development |
| 1451011 | JNP10K-LC2101 FPC generates "Voltage Tolerance Exceeded" major alarm for EACHIP 2V5 sensors |
Alarm "FPC X Voltage Tolerance Exceeded" and got cleared after ~ 20second for FPC model "JNP10K-LC2101". Alarm is raised for EA_chip_2v5 sensors as voltage readings are reported as out of tolerance. The issue is due to incorrect reading of voltage level, there shall be no impact expected from this issue. %DAEMON-4: Alarm set: CB color=RED, class=CHASSIS, reason=FPC 0 Voltage Tolerance Exceeded %DAEMON-4: Receive FX craftd set alarm message: color: 1 class: 100 object: 143 slot: 0 silent: 0 short_reason=FPC 0 Voltage Failure long_reason=FPC 0 Voltage Tolerance Exceeded id=1946157199 reason=1946157056 %DAEMON-4: Major alarm set, FPC 0 Voltage Tolerance Exceeded Following error might be seen in host logs: fpc_volt_read:1183 Volt tolerance failure Address: 0x35 Segment: 0x10 Sensor Name: EA0_2V5 ratio = 0.317200 fpc_volt_read:1183 Volt tolerance failure Address: 0x35 Segment: 0x10 Sensor Name: EA0_2V5 ratio = 0.317200 |
| 1462065 | "CHASSISD_SNMP_TRAP6: SNMP trap generated: Power Supply failed" when both DIP switches and power switch are turned off |
On MX10008 there is a "Power Supply failed" SNMP trap generated for every power supply which has no feeds connected to it. This happens even if both DIP switches and the power switch on the Power Supply are turned off and no feeds are connected to the PEM. |
| PR Number | Synopsis | Category:FreeBSD Kernel Infrastructure |
| 1433224 | The operations on console might not work if the knob "system ports console log-out-on-disconnect" is configured |
With the knob "system ports console log-out-on-disconnect" configured, if executing some operations on console, the console operations might fail to work properly. |
| 1442376 | EX2300 platforms might stop forwarding traffic or responding to console |
On EX2300/EX2300-C platforms, if Junos software is with FreeBSD kernel version 11 with the build date on or after 2019-02-12, the switch may stop forwarding traffic or responding to console. Power cycle of switch would recover the issue. |
| 1456668 | Certain EX-series platforms might generate vmcore by panic and reboot |
Certain EX-series platforms might generate vmcore by panic and gets reset. This is a rare case since it occurs only when JFE (Junos FreeBSD Extension) statistic- too_long_complete is incremented. user@host> show system core-dumps no-forwarding -rw-r--r-- 1 root wheel 283194368 DDMMYYY /var/crash/vmcore.direct |
| PR Number | Synopsis | Category:IPv6/ND/ICMPv6 issues |
| 1455893 | Device chooses incorrect source address for locally originated IPv6 packets in routing-instance when destination address is reachable via static route with next-table knob |
The source address for IPv6 packets is calculated incorrectly if the destination IPv6 address covered by a static route with the "next-table" configuration option. |
| PR Number | Synopsis | Category:PFE Peer Infra |
| 1448858 | Interface attributes might cause high CPU usage of dcd |
When the interface attributes are configured, this configuration might cause an error in the IRSD (IRSD syncing errors) and lead the CPU usage of dcd spike up. The convergence time of this interface will be impacted. |
| PR Number | Synopsis | Category:OSPF routing protocol |
| 1432615 | Per-Prefix LFA might not work as expected where the last hop needs to be protected on the penultimate node |
On all Junos platforms working as the source node (e.g. node S) where Per-Prefix Loop Free Alternate (PP-LFA) is configured for Open Shortest Path First (OSPF) routing protocol, if the destination prefix is learned from two originator nodes (e.g. node E and node F) with different costs, and both originator nodes E and F are directly connected with the source node S, PP-LFA might not work as expected in such scenario where the last hop needs to be protected on the penultimate hop. Due to this issue, an improper backup nexthop might be selected which couldn't handle node failure case and micro-loop might be seen. |
| 1459080 | The rpd might crash when OSPF router-id gets changed for NSSA with area-range configured |
The rpd crash might be observed due to modification of router-id in OSPF NSSA with area-range configured. |
| PR Number | Synopsis | Category:Used for tracking OVSDB software issues and features |
| 1382522 | New CLI knob to enable copying of Open vSwitch Database (OVSDB) to RAM on Virtual Chassis backup RE instead of SSD |
In Open vSwitch Database (OVSDB) environment with Solid State Drive (SSD) installed on the backup RE side, master RE copies /var/db/ovsdatabase to backup RE whenever ovsdatabase is updated and the backup RE writes the whole ovsdatabase file to the SSD card. SSD endurance is based on the number of write/erase cycles a flash block. You may want to use RAM instead of SSD. Introduce a new CLI knob to enable copying of database to RAM on backup RE (instead of SSD). This knob can be enabled only on QFX5K platforms. >>set protocols ovsdb copy-ovsdatabase-to-backup-ram >> The knob would be disabled by default. If the new knob is enabled, VGD (Virtual-Tunnel-End-Point-Management Daemon) will copy /var/db/ovsdatabase from master to backup RAM file partitions when OVSdatabase file changed. When backup RE becomes master RE (Ex: switch-over) and if new knob is enabled, then the file will be copied from RAM to /var/db/ovsdatabase in SSD. |
| 1452149 | Vgd core might happen when tunnel getting deleted twice |
If OVSDB is enabled on the device, in a rare case, vgd (VTEP gateway daemon) core might be seen when a tunnel is getting deleted twice. It may cause OVSDB to not work properly. |
| PR Number | Synopsis | Category:Provider Backbone (PBB) EVPN PFE functionality on MX |
| 1453203 | The bridge mac-table age timer does not expire for rbeb interfaces |
On MX-Series platforms with PBB-EVPN environment, the bridge mac-table age timer might not expire for rbeb interfaces when the MAC table reaches its aging time. |
| PR Number | Synopsis | Category:pfe forwarding daemon |
| 1448161 | LACP cannot work with the encapsulation flexible-ethernet-services configuration. |
On branch SRX platforms, if 'encapsulation flexible-ethernet-services' is configured with LACP protocol on an AE interface, the AE interface does not work properly. |
| PR Number | Synopsis | Category:Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI |
| 1426737 | The dcpfe/PFE might not start on AS7816-64X and QFX5K TVP platform devices |
The dcpfe/PFE might not start on AS7816-64X and QFX5K TVP platform devices which results in all the interfaces going down. |
| 1453821 | "show chassis led" shows wrong status |
"show chassis led" status outputs may not proper along with some port status |
| PR Number | Synopsis | Category:Interface related issues. Port up/down, stats, CMLC , serdes |
| 1423496 | Ports may get incorrectly chanalized if they are 10G already and they are channelized to 10G again |
On all junos platforms with channelizing ports on FPCs, if a 40G port which are channelized to 10G ports already (eg:xe-2/0/16:0) are being channelized to 10G again, they may get incorrectly channelized. |
| PR Number | Synopsis | Category:QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
| 1457456 | Over temperature SNMP trap messages are shown up after update even though the temperature are within the system thresholds |
EX2300 and QFX series switches generate SNMP trap for high temperature after upgrading to any of the affected Junos software. This is due to a temperature threshold value being set incorrectly in the software, SNMP false trap related to temperature gets generated and results in "over temperature" logs. |
| PR Number | Synopsis | Category:QFX platform optics related issues |
| 1337340 | On QFX5100 platforms, LR4 QSFP can take up to 15 min to come up after VC reboot |
On QFX5100 platforms, LR4 QSFPs might take take longer to come up than others (up to 15 minutes). This is a intermittent occurrence. |
| 1402127 | QSFP-100GBASE-SR4/LR4 might take a long time to come up after disabling interface or reboot |
On QFX5110 platform with QSFP-100GBASE-SR4/LR4 port used, after disabling an 100G port and then enable the port again, or reboot the device, there is a long time delay (5-15 minutes) before the ports come up. |
| PR Number | Synopsis | Category:QFX PFE Class of Services |
| 1445960 | CoS classifier might not work as expected |
On QFX5000 Series platforms(except for the QFX5100) in the VxLAN scenario, the traffic is not classified properly on the UNI interface which has multiple VLANs configured. |
| 1453512 | The classifier configuration doesn't get applied to the interface in an EVPN/VXLAN environment |
On QFX5100/QFX5110/QFX5120/QFX5200/QFX5210 Series platforms with an EVPN/VXLAN scenario, the classifier might not be applied to the interface successfully and all traffic flows in the best-effort queue. |
| PR Number | Synopsis | Category:QFX L2 PFE |
| 1437295 | The FPC might crash if both the AE bundle flapping on local device and the configuration change on peer device occur at the same time |
On QFX platforms, the FPC might crash if both the AE (Aggregate Ethernet) bundle flapping on local device and the configuration change on peer device which can cause the interface down occur at the same time. |
| 1439268 | LACP MUX state struck in "Attached" after disabling peer active members when link protection is enabled on local along with force-up. |
When lacp is configured with link protection and force-up on local, and peer is configured with link protection, disabling the active member on peer device causes LACP MUX state to be stuck in attached state. Issue is not seen if link protection is not configured on the peer device. The feature where link protection and force-up is configured on local and link protection is configured on peer is not qualified. It is mention in release note, so that it can be documented. |
| PR Number | Synopsis | Category:QFX L3 data-plane/forwarding |
| 1452433 | There might be interface reachability issues on AS7816 |
On AS7816 devices loaded with Juniper NOS, the interface might not be reachable and the protocols (e.g. bgp, ospf etc) will not come up. The AS7816 device comes up with 1024 MAC addresses. The issue is due to the NOS is not able to read and interpret the MAC address on the interface. |
| PR Number | Synopsis | Category:QFX EVPN / VxLAN |
| 1441690 | The L3 communication might break on an interface which is configured with flexible-ethernet-services |
On QFX5100/5200 switches when an interface is configured for both L2 and L3 units with flexible-ethernet-services encapsulation, L3 communication breaks and ARP resolution is affected if the hardware token used by L3 unit is same as a VLAN allowed over VxLAN on the L2 unit. This hardware token is randomly generated. |
| PR Number | Synopsis | Category:RPD Interfaces related issues |
| 1460181 | The "forwarding" option is missed in routing-instance type |
On PTX10008/PTX10016/QFX10008/QFX10016 Series platforms, the "forwarding" option for routing-instance type configuration is missed, it might impact the function related to this configuration. For example, FBF won't work because of the missing configuration. |
| 1460181 | The "forwarding" option is missed in routing-instance type |
On PTX10008/PTX10016/QFX10008/QFX10016 Series platforms, the "forwarding" option for routing-instance type configuration is missed, it might impact the function related to this configuration. For example, FBF won't work because of the missing configuration. |
| PR Number | Synopsis | Category:RPD Next-hop issues including indirect, CNH, and MCNH |
| 1406070 | The rpd might crash or duplicated routes might be seen if doing configuration change with BGP multipath and flapping routes |
On all platforms, if doing configuration change (with BGP multipath) and flapping the IGP/LDP/RSVP routes simultaneously, the rpd crash or duplicated routes might be seen. |
| 1424819 | The rpd keeps crashing after changing configuration |
In the ECMP (Equal-Cost Multipath) environment with existing more than 8 multipath for a given route, changing configuration (e.g. delete routing protocol IGP or LSP) is trying to delete a software structure which was already corrupted sometime earlier due to memory corruption, and this may cause the rpd to keep crashing. This issue applies to all types of nexthops with multipath. |
| PR Number | Synopsis | Category:RPD policy options |
| 1450123 | The rib-group might not process the exported route correctly |
The rib-group with a policy that matches route next-hop can fail to add the route to the secondary routing table when matched route next-hop is changed to another one and then referred back again after some time. This issue has traffic impact as the exported route will lose in the secondary routing table. |
| PR Number | Synopsis | Category:RPD route tables, resolver, routing instances, static routes |
| 1442952 | The rpd might crash with SRTE configuration change |
In BGP segment routing traffic engineering (SRTE) scenario, process rpd might crash when knob "extended-nexthop-color" is added or removed from the BGP configuration. |
| PR Number | Synopsis | Category:show route table commands, tracing, and syslog facilities |
| 1449305 | EX3400 -- IPv6 routes received via BGP don't show correct age time |
On EX3400 platform, IPv6 routes received via BGP routing protocol might show an age time of '00:00:00' when displayed using the CLI command "show route" |
| PR Number | Synopsis | Category:Resource Reservation Protocol |
| 1445994 | Traffic blackhole likely if two consecutive PLRs along the LSP perform local repair simultaneously under certain mis-configured conditions |
In RSVP environment with link or node protection deployed, if two consecutive PLRs (point of local repair) along the LSP perform local repair simultaneously and if backup LSP signaling between the downstream PLR & MP (merge point) pair fails due to any reason, then the backup LSP signaling between the upstream PLR & MP pair also does not succeed. Then due to a software defect the upstream PLR does not correctly clean up the LSP state and continues to send traffic into the backup LSP, resulting in traffic blackhole at the downstream PLR. |
| PR Number | Synopsis | Category:SFW, CGNAT on MS-MIC/MS-MPC (XLP) |
| 1446931 | NAT service-set in certain scale might fail to get programmed |
In NAT/stateful-firewall scenario using service PIC on MX platforms, the service-set might fail to get programmed after configuration commit if the configuration scale is in particular range hitting the issue. |
| 1460027 | The PPTP doesn't work with destination NAT |
On the MX platform, if the PPTP control connection is established with destination NAT (network address translation), it will be failed. This issue will cause the PPTP traffic loss. |
| PR Number | Synopsis | Category:SRX Argon module bugs |
| 1460619 | The aamwd process exceeds 85% RLIMIT_DATA limitation due to memory leak |
The "aamwd" process may exceed 85% RLIMIT_DATA limitation due to memory leak when there is a connection issue with the Sky ATP server. |
| PR Number | Synopsis | Category:platform related PRs on SRX branch platforms |
| 1440194 | The flowd process stops on SRX550 or SRX300 line of devices when SFP module is plugged in. |
When SFP module is plugged in SRX550,SRX300,SRX320,SRX340 or SRX345 series devices, the flowd process crashes on SRX device. |
| 1449728 | Junos OS upgrade fails when partition option is used. |
Branch SRX device fails to upgrade Junos image when partition option is used. |
| 1451860 | The rpd process might crash and restart with an rpd core file created when committing the configuration |
On SRX300/320/340/345 Series platforms, when the protocol (BGP/ISIS/OSPF) authentication-Key, Master system-password, and TPM password is configured, the rpd process might crash during committing the configuration on the device. |
| PR Number | Synopsis | Category:Stout cards (MPC7, MPC8, MPC9) microkernel issues |
| 1453871 | The FPC might crash when the severity of error is modified |
If the severity of the error on FPC is modified through the Uniform resource identifier (URI) format, after committing the modification, the FPC which is applied to this configuration might crash. |
| PR Number | Synopsis | Category:MX10002 Platform SW - Platform s/w defects |
| 1426120 | MPC reboot or RE mastership switchover might occur on MX204/MX10003 |
On MX204/MX10003, if there's high rate of fragmented traffic received on em3 interface, em3 watchdog timeout might occur. It could cause MPC reboot or RE mastership switchover. |
| 1426120 | MPC reboot or RE mastership switchover might occur on MX204/MX10003 |
On MX204/MX10003, if there's high rate of fragmented traffic received on em3 interface, em3 watchdog timeout might occur. It could cause MPC reboot or RE mastership switchover. |
| PR Number | Synopsis | Category:MX10003/MX204 MPC defects tracking |
| 1445508 | The 1G interface on MX204 might stay down after the device is rebooted |
On MX204 platform, the interface with the parameter "speed 1g" configured might stay down after the device is rebooted. This is a timing issue. |
| PR Number | Synopsis | Category:SRX-1RU infrastructure SW defects |
| 1408172 | The show security flow session command fails with error messages when SRX4600 has over a million routing entries. |
"show security flow session" command fails with error msg when SRX4600 has over million routing entries. |
| PR Number | Synopsis | Category:Trio LU, IX, QX, MQ chip drivers, ucode & related SW |
| 1449427 | On certain MPC line cards cm errors need to be reclassified |
Cm errors on certain MPC line cards are classified as major which should be minor/non-fatal. If these errors are generated, it might get projected as a bad hardware condition and therefore trigger PFE disable action. |
| PR Number | Synopsis | Category:Issues related to broadband edge apps (PPP, DHCP) on Trio ch |
| 1442527 | In "enhanced-ip" or "enhanced-ethernet" mode with DCU (destination-class-usage) accounting enabled, MS-DPC may drop all traffic that should egress via ae interface |
On MX platform with "enhanced-ip" or "enhanced-ethernet" mode enabled, if the ae interface is configured with DCU accounting, MS-DPC might drop all traffic that should go out via the interface. |
| PR Number | Synopsis | Category:Trio pfe stateless firewall software |
| 1409879 | FPC crash may be observed with scaled subscribers login attempts |
In a subscriber management environment with scaled subscribers login such as 200k PPPoE subscribers, FPC crash may be observed. |
| 1453649 | The RE originated IPv6 packets might be dropped when interface-group rule is configured under IPv6 filter |
On all Junos platforms, when IPv6 filter with an "interface-group" rule is applied in output interface, the RE (Routing Engine) originated IPv6 packets might be matched the filter term. In case of a discard action is configured in the rule, IPv6 packets get dropped due to performing it. |
| PR Number | Synopsis | Category:Trio pfe bridging, learning, stp, oam, irb software |
| 1434933 | Traffic from the same physical interface can not be forwarded |
In EVPN-MPLS scenario, if EVPN works at a logical interface while the ESI configured under the physical interface which the logical interface belongs, and if there are some other Layer 3 services (non-EVPN) using logical interfaces under the physical interface, then the traffic from any of these logical interfaces may not reach each other. Due to the ESI's split-horizon covers all logical interfaces of the physical interface, regardless whether the logical interface is used for EVPN. |
| 1451559 | In EVPN VXLAN scenario, sometimes host generated packets are getting dropped as hitting "reject route" in PFE |
In EVPN VXLAN scenario, sometimes host generated packets are getting dropped as hitting "reject route" in PFE. For example, when you initiate the ICMP request sourced from EVPN instance's L3 GW irb address, the ICMP packet may not get out successfully in below scenario 1. control plane generated packet with overlay destination address (irb) belonging to one particular routing instance and the underlay (vtep) is on a different routing instance, This packet is inserted from control plane on the underlay's routing instance lookup which will fail leading to this control plane generated packet not go out. 2. When MPLS traffic engineering is enabled. The underlay vtep route in inet.0 will be labeled mpls route. |
| PR Number | Synopsis | Category:Web-Management UI |
| 1454150 | Problem with access to J-web after update from 18.2R2 to 18.2R3 junos version. |
Problem with access to J-web after update from 18.2R2 to 18.2R3 junos version, causing incorrect permissions in the php session dir. |
| PR Number | Synopsis | Category:PTX/QFX10002/8/16 specific software components |
| 1450090 | "Power supplies" LED on the status panel stays green while one or more PEMs have FAULT LED turned on |
"Power supplies" LED on the status panel stays green while one or more PEMs have FAULT LED turned on due to expected feed missing |
| 1452604 | PLL errors might be seen after FPC reboot or restart |
On MX10008/MX10016 platforms, when FPC reboot or restart by any means, PLL_CMERROR_MPC_LMK04906_WAN_LD and PLL_CMERROR_MPC_LMK04906_WAN_LOS errors might be seen shortly after the FPC comes back online. |
| 1459373 | The error messages with "create_pseudos: unable to create interface device for pip0 (File exists)" might be seen after restarting chassisd |
After chassisd restart (e.g. by 'restart chassis-control' cli command or otherwise) the logs are flooded with 'CHASSISD_IFDEV_CREATE_FAILURE: create_pseudos: unable to create interface device for pip0 (File exists)' messages every 2 seconds. |
| PR Number | Synopsis | Category:VMHOST platforms software |
| 1453783 | FB Hardening: "rngd: read error" is seen in daemon.log after system is idle for some time |
Passing of /dev/random to guest is causing fpc to enter unstable state when host entropy drops below 200, especially when it reaches close to '0'So, removing the pass through of virtio random feature to guest for now until proper fix is available. |
| PR Number | Synopsis | Category:VNID L2-forwarding on Trio |
| 1461860 | Traffic received from vtep gets dropped if the VNI value used for type-5 routes is greater than 65535 |
With EVPN-VXLAN on MX platforms, the packets received from vtep would be dropped by PFE (Packet Forwarding Engine) if the VNI value used for type-5 routes is exceeding 65535. |
| PR Number | Synopsis | Category:Virtual Private LAN Services |
| 1428862 | VPLS neighbors might stay in down state after configuration changes in vlan-id |
On all Junos platforms with NSR enabled, under EVPN-VPLS scenario, the VPLS neighbors might stay in down state after configuration changes in vlan-id. |
| PR Number | Synopsis | Category:Virtual Router Redundancy Protocol |
| 1432361 | VRRP mastership might flap when the tracked route is deleted or the tracked interface goes down |
This is a timing issue, in VRRP scenario, if the tracked route is deleted or the tracked interface goes down, the priority of the current master is changed at once and this triggers a mastership switchover. At this time, there's a possibility that an advertisement packet with old priority is received because of timer expiration, which leads to the mastership of VRRP switch again. |
| 1450652 | Dual VRRP mastership might be seen after RE switchover ungracefully |
When VRRP works in distributed mode (ie. delegate-processing is enabled under VRRP) with more than 250 VRRP sessions, dual VRRP mastership might be observed after RE switchover ungracefully (e.g. master RE failure). |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search