Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.2R3-S2: Software Release Notification for JUNOS Software Version 18.2R3-S2

0

0

Article ID: TSB17690 TECHNICAL_BULLETINS Last Updated: 05 Dec 2019Version: 3.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, MX, EX, PTX, QFX, vMX, vRR, NFX, SRX, vSRX
Alert Description:
Junos Software Service Release version 18.2R3-S2 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.2R3-S2 is now available.

18.2R3-S2 - List of Open issues

PR Number Synopsis Category:QFX PFE L2
1455161 Unequal LAG hashing might happen on QFX devices
 
On QFX5100/QFX5110/QFX5120/QFX5200/QFX5210 Series platforms with load-balance configuration, the uneven traffic distribution might be seen on the link aggregation group (LAG) interfaces.
PR Number Synopsis Category:Class of service in forwarding daemon
1439401 The COS rewrite rule does not work for st0 interface
 
On NFX platforms, when COS rewrite rule is configured for st0 interface, the COS value will not take effect on corresponding forwarding class. It causes the COS not to work as expected. This issue has traffic impact.
PR Number Synopsis Category:EX Chassis Interface Handling
1441035 The ports of the EX device might stay in up state even if the EX46XX/QFX51XX series device is rebooted
 
With DAC cable used between EX46XX/QFX51XX series device and EX device, during rebooting the EX46XX/QFX51XX series device, the ports on EX device might still stay up.
PR Number Synopsis Category:Optical Transport Interface
1429279 After member interface flapping AE remains down on 5X100GE DWDM CFP2-ACO PIC
 
On 5X100GE DWDM CFP2-ACO PIC on PTX series platforms, if any AE member interface flaps, the AE interface might stop receiving the LACP RX packets and fail to come up. It can be recovered by disabling/enabling the AE interface.
PR Number Synopsis Category:Multicast Routing
1443713 PIM (S,G) joins can cause MSDP to incorrectly announce source active messages in some cases
 
In the event of a network running: 1) a first-hop PIM router also being a rendez-vous point (RP); and 2) anycast RP in conjunction with MSDP; and 3) any-source multicast; and 4) a PIM last-hop router sending an (S,G) join when there is no traffic in the network matching the source and group, the first-hop RP will incorrectly send MSDP source-active messages to other MSDP peers. In other cases such as when the RP is not the first-hop PIM router, the traffic source needs to originate packets before the RP would originate MSDP source-active messages.
PR Number Synopsis Category:Track veHostd, vmm-sdk issues on Mt Rainier RE
1448413 vehostd Application failed Minor alarm
 
Automatic restart of vehostd might fail and the following Minor alarm is seen with 'show system alarms' or 'show chassis alarms'. VMHost RE 0 host vehostd Application failed or VMHost RE 1 host vehostd Application failed The process can be restarted manually in affected releases. After the fix of this PR, the process restart is handled properly.
PR Number Synopsis Category:RPD route tables, resolver, routing instances, static routes
1459384 The rpd memory leak might be observed on backup routing engine due to BGP flap
 
In a BGP scenario when certain routes are flapping frequently, it could lead to rpd memory leak on backup Routing Engine. The rpd might crash and restart once the rpd runs out of memory for certain junos releases.
 

18.2R3-S2 - List of Fixed issues

PR Number Synopsis Category:Engineering request for regressed image from System Test
1460087 Storage space limitation leads to image installation failure during Phone home on ex2300 and ex3400 platforms.
 
Storage space limitation leads to image installation failure during Phone home on ex2300 and ex3400 platforms.
PR Number Synopsis Category:L2NG RTG feature
1440574 MAC addresses learned on RTG may not be aged out after a Virtual-Chassis member rebooted
 
There is a sequence issue when Virtual-Chassis(VC) member rebooted in aggregated interface. After reboot VC member, Routing Engine(RE) kernel inject mac entry to FPC that rebooted. Because of the sequence issue, RE added mac entry, originally source mac entry, to FPC as remote mac entry. And mac entry is never be aged out because it is remote entry.
PR Number Synopsis Category:EX4300 PFE
1436642 The FPC/pfex crash may be observed due to DMA buffer leaking
 
On EX2300/EX3400/EX4300/EX4600 platforms, DMA buffer leaking may be hit once the next-hop of received traffics is not resolved and eventually to cause an FPC/pfex crash if the DMA buffer runs exhaustion.
PR Number Synopsis Category:EX4300 Virtual Chassis
1449206 Current MAC address might change when deleting one of the multiple L3 interfaces
 
Current MAC address might change when deleting one of the multiple L3 interfaces and it has traffic impact when this issue occurs.
PR Number Synopsis Category:EX2300 & EX3400 PFE
1423310 IPv6 multicast traffic received on one VC member might be dropped when egressing on other VC member if MLD snooping is enabled
 
With MLD snooping enabled, IPv6 multicast traffic might be dropped on Virtual Chassis (VC) if ingress and egress interfaces are on different VC members.
1446844 The traffic might be dropped when a firewall filter rule uses 'then vlan' as the action in a VC scenario
 
If a firewall filter is configured with the action 'then vlan' in a VC scenario on some specific platforms (e.g., EX2300/EX3400/EX4600/QFX5100...), some of the traffic which matches that filter might be dropped.
1448071 Unicast arp requests are not replied with no-arp-trap option.
 
When unicast arp request is received by EX3400/QFX5100 switch and it is configured with "set switch-options no-arp-trap option", the arp request may not be replied. This has been fixed and unicast ARP request will be replied even with "set switch-options no-arp-trap option" configuration.
PR Number Synopsis Category:EX2300 & EX3400 platform
1428627 The phone-home feature does not work because the date is wrong
 
If an EX2300 or EX3400 device is kept powered off for a long time, when powering it on, the time is set incorrectly either to epoch or to a time in future. This can cause failure of phone-home zero touch provisioning since it relies on certificates to set up secure connection to the phone-home server.
1452209 On EX3400 with half duplex mode on 10M or 100M speed at medium traffic egress traffic flow may stop on the port and MAC Pause frames will be incrementing on Receive direction
 
On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow.
PR Number Synopsis Category:EX2300 & EX3400 VC
1422507 The interface on failed member FPC of EX2300/EX3400 virtual-chassis may stay up 120 seconds
 
On EX2300/EX3400 virtual-chassis setup, the interface on failed member FPC retains as up state for 120 seconds. This issue will cause traffic loss of about 120 seconds.
PR Number Synopsis Category:QFX Access control list
1441444 QFX5210: Firewall Filter DSCP Action Modifier does not work when Firewall Filter is mapped to IRB
 
When applying a firewall filter, which has a modifier to change the DSCP value of a packet, to an IRB interface, the action modifier has no effect.
PR Number Synopsis Category:QFX PFE CoS
1449645 Qfx10008: FPC0 cored after running the pfe command "show cos sched-usage"
 
Without this fix, the PFE cli "show cos sched-usage" will restart QFX10008's forwarding plane
1452013 "show cos scheds-per-pfe" and "show cos pfe-scheduler-ifds" pfe commands will restart forwarding planes on QFX10008 switches
 
Without this fix, "show cos scheds-per-pfe" and "show cos pfe-scheduler-ifds" PFE cli will cause the forwarding plan to restart on QFX10008 switches. See also PR1449645
PR Number Synopsis Category:QFX PFE L2
1453430 In VC scenario traffic drop might be seen when one VC member reboots and rejoins the VC
 
On QFX5K or EX4600 VC (Virtual-Chassis) scenario, when VSTP is enabled and one AE interface is used, if one member reboots and rejoins the VC, some packets drop might be seen.
1467763 The fxpc.core might be seen when committing the configuration all together, e.g., after the reboot
 
On EX2300/3400/4300/4600 and QFX Series switches except for QFX10k, if committing the configuration all together (e.g., after the reboot), the fxpc/PFE core dump might be found. In the Virtual Chassis scenario, the VC members might be splitted because the VC ports might not be created in time.
PR Number Synopsis Category:QFX L3 data-plane/forwarding
1432023 The fxpc core might be seen during the reboot of device on QFX5100/EX4600 switches.
 
On QFX5100/EX4600 switches due to Bad Chip ID, an fxpc core can be seen during the device reboot. This is due to a transient error related to a chip where vendor tries to get the chip ID and it results in improper info.
1441402 Traffic might be dropped after the QinQ enabled interface is flapped or a change is made to the vlan-id-list
 
On QFX5K/EX4600 with SP (Service Provider) style VLAN configuration (in this method, each VLAN-ID is locally significant to a physical interface), if interface-mac-limit/mac-table-size is configured (i.e. software MAC learning is enabled) and the scale of MAC addresses on the box is more than 2000, traffic might be dropped after QinQ enabled interface is flapped or a change is made to the vlan-id-list.
1451217 MPLS LDP may still use stale MAC of the neighbor even the LDP neighbor's MAC changes
 
On EX/QFX/ACX platforms, when there is MAC change for LDP neighbor and IP remains the same, ARP update is proper but MPLS LDP may still use the stale MAC of the neighbor. If there is any application/service such as MP-BGP using LDP as next-hop, all transit traffic pointing to the stale MAC will be dropped.
1457725 The IGMP snooping on QFX5110/QFX5129 leaf devices might cause multicast packets to be looped in case of multihomed scenario
 
In an EVPN/VXLAN multihomed environment with QFX5110/QFX5120 acting as leaf devices, if the IGMP snooping is used, IGMP snooping might override the local bias filters on Designated Forwarder (DF) and Non-Designated Forwarder (NDF) devices, and forwards the packets causing multicast packets loops.
1460688 The egress interface in PFE for some end-hosts may not be correct on the layer 3 gateway switch after it is rebooted
 
On edge-routed bridging (ERB) EVPN-VXLAN multihoming designs with QFX5110 and QFX5120 switches work as Layer 3 gateways, in some rare condition, when one of the switches acting as L3 gateway comes up after reboot, the egress interface in PFE for some end-host may not be updated to the correct next-hop interface in the hardware on that gateway. This issue cause traffic disruption for the affected end host
PR Number Synopsis Category:This is for Hw & Sw issues which are special for SPC3 car
1429899 Packet loss by FPGA backpressure on SPC3
 
On SRX5000 Series devices with an SPC3 card, sometimes very small amount of packet loss is observed.
PR Number Synopsis Category:accounting profile bugs
1446762 [MX204] Input/Output counters of AE bundle/member links configured on non-default logical systems are not updated
 
On MX204, Input/Output counters of AE bundle and its member links defined in non-default logical systems are not updated.
1452363 The pfed might crash and not be able to come up on the PTX or TVP platforms
 
The flow label statistics are retrieved periodically by pfed for PTX or TVP platforms, if the statistics reply becomes very big number, the pfed might crash hence affecting traffic.
PR Number Synopsis Category:ACX L2 related features
1461831 ACX platform LLDP neighbour not up on lag after software upgrade to 18.2R3-S1
 
In case of acx platform, if LLDP is configured on lag interfaces, it will not work.
PR Number Synopsis Category:Interfaces IFD, IFL, vlans, etc and Brcm init for ACX
1411015 The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx
 
The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx.
PR Number Synopsis Category:access node control protocol daemon
1453826 The ANCP interface-set QoS adjusts may not be processed
 
In the MX subscriber management scenario, partial ANCP (access node control protocol) interface-set QoS adjusts may not be processed when configuring protocol ANCP for subscriber management. This issue may cause subscriber's QoS attributes are not expected to CoS (class of service) policy.
1453837 DT_BNG: ANCP subscriber information is lost after daemon restart
 
Cosmetic issue that affects only CLI. Radius, L2tp etc. are unaffected. CLI issue is seen after ANCP restart and before ANCP neighbor is re-established and port-ups are received. Under normal working conditions, after ANCP restart, the port-ups should be received right away and the CLI issue will be never seen.
PR Number Synopsis Category:a20a40 specific issue
1465159 The AE interface cannot be configured on SRX4600
 
On SRX4600 platform, the Aggregated Ethernet (AE) interface cannot be configured for channelized port. The commit will fail for corresponding configuration. This issue has function impact.
PR Number Synopsis Category:common or misc area for SRX product
1437098 LACP traffic distributed evenly on ingress child links but not on egress links
 
On SRX5k with SPC3 and SRX4600 platforms, the distribution of traffic over Link Aggregation (LAG) member ports does not take into account layer 4 port information.
PR Number Synopsis Category:srx5k service offloading related PR
1436421 On an SRX4600 device, core file generation might be observed and SPM might be in present state.
 
On SRX4600 devices, in rare cases, FPC0 and/or FPC1 may stay in Present state at boot and never come Online or may move to Present state during operation. When this occurs, J-Ukernel crashes and multiple chassis alarms may be observed. The reason is that the power chip doesn`t produce the right voltage. The fix is to set the right voltage (through upgrading the Jfirmware version). It would affect the traffic.
1436421 On an SRX4600 device, core file generation might be observed and SPM might be in present state.
 
On SRX4600 devices, in rare cases, FPC0 and/or FPC1 may stay in Present state at boot and never come Online or may move to Present state during operation. When this occurs, J-Ukernel crashes and multiple chassis alarms may be observed. The reason is that the power chip doesn`t produce the right voltage. The fix is to set the right voltage (through upgrading the Jfirmware version). It would affect the traffic.
PR Number Synopsis Category:Junos Fusion Infrastructure
1447873 Reachability issue of the host connected to the SD might be affected in Junos Fusion Enterprise environment with EX9200 series devices as AD
 
In a Junos Fusion Enterprise environment, when traffic originates from a peer device connected to the aggregation device and the ICL is a LAG, there might be a reachability issue if the cascade port is disabled and traffic has to flow through the ICL LAG to reach the satellite device. As a workaround, use single interface as the ICL instead of a LAG.
PR Number Synopsis Category:BBE interface related issues
1438621 Subscriber flows might not be synchronized between AE members on MX-VC platforms
 
On MX-VC platforms with large scale subscriber setup (subscriber scale exceeds or approximates to recommended limit), when back-to-back commit operations (within 2 minutes) are performed to delete and re-add an AE member interface, GENCFG errors might be observed while publishing subscriber flows. This results in subscriber flows not synchronize between AE members and subscriber traffic will be affected.
PR Number Synopsis Category:Subscriber Management routing
1439905 The bbe-smgd core dumps is seen after restarted
 
In subscriber scenario, if restart the bbe-smgd when routes are being deleted, the bbe-smgd might crash and all the subscribers can be affected.
1458369 The subscriber routes are not cleared from backup RE when session is aborted
 
On MX platforms with enhanced subscriber enabled, the subscriber routes might not be cleared from backup RE when session is aborted. The bbe-smgd memory leak might be seen on the backup RE and subscribers could not login after switchover.
PR Number Synopsis Category:Border Gateway Protocol
1351639 The rpd crashes in JunOS 16.1 or higher during BGP convergence
 
In JunOS 16.1 or higher, during BGP convergence, the input/output thread constructing the outgoing BGP PDU and manipulating the path attributes before hand-off the data to the socket. If this PDU length is zero, it will trigger an assertion and routing-protocol demon is restarting.
1423647 Route churn might be seen after changing maximum-prefixes configuration from value A to vlaue B
 
In BGP setup configured with VPN families (inet-vpn, inet6-vpn, l2vpn, evpn or mvpn), route churn might be seen after changing maximum-prefixes configuration from value A to value B, it causes rpd CPU usage to be hogged for about an hour.
PR Number Synopsis Category:Subscriber Management Remote Access Server
1460578 DHCPv6 subscribers might be stuck in a state after the authd process crash
 
On MX platform with DHCPv6 subscriber scenario, after the authd process crash happens, the subscribers might be stuck in a state and can not come online until restarting the jdhcpd and smid process. The authd process crash is a rare issue which might be caused by the system clock was adjusted in some manner.
PR Number Synopsis Category:MX Platform SW - Mastership Module
1424187 The system does not reboot or halt as configuration when encountering the disk error
 
When the system encounters disk error or halted system (ex. memory leak), the chassisd might go in hung state with the blow error messages even though "disk-failure-action reboot" or "disk-failure-action halt" is configured.
PR Number Synopsis Category:L2NG Access Security feature
1451688 DHCP Snooping static binding not take effect after deleting and re-adding the entries
 
From Junos OS release 14.1X53-D15/15.1R1 and above, due to a software defect, DHCP Snooping static binding may not take effect after deleting and re-adding the entries with commit. As a workaround, we can use "commit full" after the configuration changes.
PR Number Synopsis Category:QFX Control Plane VXLAN
1441047 The specific source-ports of UDP packet are dropped on EVPN/VXLAN setup
 
On QFX5120 EVPN/VXLAN scenario, in a rare condition, the specific source-ports of UDP packets (41070 or 52870) are wrongly hitting wrong internal VXLAN implicit filter (system level and unable to configure), causing these two kinds of UDP packet loss/service degradation on UDP service.
1441047 The specific source-ports of UDP packet are dropped on EVPN/VXLAN setup
 
On QFX5120 EVPN/VXLAN scenario, in a rare condition, the specific source-ports of UDP packets (41070 or 52870) are wrongly hitting wrong internal VXLAN implicit filter (system level and unable to configure), causing these two kinds of UDP packet loss/service degradation on UDP service.
1453865 JDI-RCT: EVPN-VXLAN NON-COLLAPSED:ARP will get resolved on QFX5100 for Vxlan having vlan-id of 2
 
When there is a vxlan with vlan -id of 2 on a QFX5100, ARP will not get resolved.
PR Number Synopsis Category:QFX xSTP Control Plane related
1443489 Non-Designated port is not moving to backup Port role
 
After converging VSTP, if there is a VSTP configuration change and then BPDU might not be flooded because of which port role might be in incorrect state in the adjacent switches. There is no loop created in the network.
1453505 Config change in VLAN all option might affect the per-VLAN configuration
 
The VLAN specific parameters might not be used if configuring VLAN all option and VLAN specific config.
PR Number Synopsis Category:Device Configuration Daemon
1445370 VRRP-V6 state is flapping with init and idle states after configuring vlan-tagging
 
VRRP-V6 state is flapping with init and idle states after configuring vlan-tagging
PR Number Synopsis Category:Firewall Filter
1465093 On MX10008 and MX10016 routers policer bandwidth-limit cannot be set higher than 100g
 
 
PR Number Synopsis Category:Ethernet OAM (LFM)
1425804 Upgrade from pre 17.4R1 release results in cfmd coredump
 
On MX/ACX series, in CFM ethernet OAM scenario, after the upgrade from 17.4 onwards, the cfmd coredump might be seen after committing configuration on CFM (connectivity-fault-management).
PR Number Synopsis Category:EVPN control plane issues
1461677 In EVPN scenario memory Leak might be observed when proxy-macip-advertisement is configured
 
In EVPN scenario if "proxy-macip-advertisement" knob is configured, it might cause memory leak. Traffic would be impacted in case the memory leak is not stopped.
PR Number Synopsis Category:EVPN Layer-2 Forwarding
1435306 Asynchronous between ARP table and Ethernet switching table happens if EVPN ESI link flap multiple times
 
There are 2 issues in this PR. Issue 1: On QFX5000 platform, if EVPN Ethernet Segment Identifier (ESI) link flaps multiple times, ARP entry points to incorrect IFL (RVTEP or AE IFL), so that asynchronous between ARP table and ethernet switching table happens. Issue 2: On all junos platform, if EVPN ESI link flaps multiple times, ARP entry is not cleaned up and remain in only one of the PE programmed incorrectly( ESI is configured in EVPN multihoming scenario), so that asynchronous between ARP table and ethernet switching table happens.
1455973 Instance type is changed from VPLS to EVPN and this results in packet loss
 
In VPLS to EVPN migration scenario, when the routing-instance type is changed from VPLS to EVPN, short-lived loss of traffic is seen.
1459830 ARP request/NS might be sent back to the local segment by DF router
 
Under EVPN multihoming mode, if ARP Request or Neighbor Solicitation (NS) message encapsulated in Dual Tagged VLAN arrives at the DF(designated forwarder) which may send it back to the local segment as it was, that might cause a loop and at last, overwhelms the device. Note: It will not happen with normal broadcast traffic. BDF(backup designated forwarder)does not have this behavior.
PR Number Synopsis Category:Express PFE L2 fwding Features
1407347 No inner vlan tag is added even with "input-vlan-map push" configured on QFX10000 platforms
 
On QFX10002/10008/10016 platforms working in Layer 2 serivce provider scenario, if "input-vlan-map push" is configured, the device might send packets which is not added with inner vlan tags, in this case, the packets will be dropped by the peer receiver which expects double-tagged packets.
PR Number Synopsis Category:SRX1500 platform software
1431380 Packet Forwarding Engine crashes might be seen on SRX1500 platform.
 
PFE crashes might be seen on SRX1500 platform when the secondary node gets power-off on chassis cluster. A core file will be generated and there will be temporary traffic interruption.
1431380 Packet Forwarding Engine crashes might be seen on SRX1500 platform.
 
PFE crashes might be seen on SRX1500 platform when the secondary node gets power-off on chassis cluster. A core file will be generated and there will be temporary traffic interruption.
PR Number Synopsis Category:Interface Information Display
1439440 Mgd processes increase as the mgd processes are not closed properly
 
On SRX platforms, sometimes the mgd processes are not properly closed. As a consequence, many mgd instances are unnecessarily left running.
PR Number Synopsis Category:Kernel software for AE/AS/Container
1459692 In MC-LAG scenario traffic destined to VRRP virtual MAC gets dropped
 
When VRRP (virtual router redundancy protocol) is configured on MC-LAG (multichassis link aggregation groups), traffic destined to VRRP virtual MAC address might get dropped because the virtual MAC is not correctly programmed in PFE (packet forwarding engine).
PR Number Synopsis Category:SFP GE
1453919 The severity level log might be flooded when the QSFP-100GE-DWDM2 is inserted
 
When the QSFP-100GE-DWDM2 is inserted on the device, the harmless severity level log might be flooded periodically by this optic transceiver. There is no impact on this issue.
PR Number Synopsis Category:Integrated Routing & Bridging (IRB) module
1440696 DHCP offer packets towards IRB over LT interface getting dropped in DHCP relay enviroment
 
In DHCP relay enviroment, the DHCP offer packets from server might get dropped towards IRB (Integrated Routing and Bridging) over LT (Logical Tunnel) interface.
PR Number Synopsis Category:ISIS routing protocol
1455994 Prefix SID conflict might be observed in ISIS
 
In an ISIS segment routing scenario, prefix SID(Segment Identifier) might conflict for internal prefixes. When ISIS L2 to L1 route leaking policy is used after NSR(Nonstop active Routing), it is observed that the L1/L2 router appears to be leaking some prefixes twice, second time setting SID and all flags to 0 due to which all the SIDs have conflicting values as '0' which might cause traffic loss.
PR Number Synopsis Category:jdhcpd daemon
1435039 DHCP request may get dropped in DHCP relay scenario
 
In DHCP relay scenario, if the device (DHCP relay) receives a request packet with option 50 where the requested IP address matches the IP address of an existing subscriber session, such request packet would be dropped. In such a case the subscriber may need more time to get IP address assigned. The subscriber may remain in this state until it's lease expires if it has previously bound with the address in the option 50.
1464267 The repd process is not working in Junos releases 18.2R3-S1 and 18.2R2-S5 on some low-end Junos platforms
 
In Junos releases 18.2R3-S1 and 18.2R2-S5, on some low-end Junos platforms which have only 4G RAM (Random Access Memory ) memory or smaller (e.g. all low-end SRX), the repd process is not working. The issue results in the subscriber services like DHCP (Dynamic Host Configuration Protocol), authentication can't be synchronized to the standby RE (Routing engine). In this case, if upgrade/GRES (Graceful Routing Engine Switchover) is performed, the synchronization between the REs via the repd process fails, which results in subscriber services like DHCP, authentication can't work on the new RE after the upgrade/GRES. There is no restoration for the repd process. However, the service affected by the repd synchronization can be recovered by restart the service or reboot the device.
PR Number Synopsis Category:JFlow bug tracker for SRX platforms
1446996 The jflow version 5 stops working after changing input rate value.
 
The jflow version 5 stops working after changing "input rate" value. No sampling packet will be generated when this issue occurs. The issue will restore after system reboot.
PR Number Synopsis Category:Application aware Quality-of-Service
1446080 The flowd process core files might be seen when the traffic hits AppQoS policy.
 
On SRX platforms, when the traffic matches a rule that triggers AppQoS policy and this policy type is Unified Security Policies ('match dynamic-application' is used), in rare case, the flowd core dump might be seen. It might cause that the device stops forwarding traffic.
PR Number Synopsis Category:Firewall Authentication
1457570 The same source-ip sessions are cleared when the IP entry is removed from uac table
 
When uac entry is removed, all sessions which has the erased ip on uac are cleared regardless of uac-policy.
PR Number Synopsis Category:Flow Module
1421497 The after-NAT IP fragment packet might be dropped by firewall filter
 
If firewall filter is configured on incoming interface that only allow pre-NAT IP packet, the after-NAT fragment packet might be dropped by firewall filter.
1426090 SRX5000 in Mixed-mode: Failed to clear sessions on SPC2 with error message "error: usp_ipc_client_recv_:ipc_pipe_read() failed read timed out after 5 second(s)"
 
On the SRX5000 with SPC2 and RE3 mixed mode used, clearing sessions on SPC2 may fail.
1434757 Intermittent packets drop might be observed if IPsec is configured.
 
On all SRX platforms with Junos 18.2R1 onwards, if IPsec VPN is configured, intermittent packets drop might be seen.
1458727 Optimizations were made to improve the connections-per-second performance of SPC3
 
Optimizations were made to improve the connections-per-second performance of SPC3
PR Number Synopsis Category:JSR Infrastructure
1445791 The show security flow session command fails with error messages when SRX4100 or SRX4200 has around 1 million routing entries in FIB.
 
On SRX4100/SRX4200 platforms, once 1 million Routing Information Base (RIB)/Forwarding Information Base (FIB) routes entries are present on the device, an error might be returned after issuing "show security flow session" or other Command-Line Interface (CLI) which requires the information from Packet Forwarding Engine (PFE).
PR Number Synopsis Category:interfaces and zones for junos js software
1452488 SRX Chassis Cluster control link remains up even though the control link is actually down
 
On SRX1500/4100/4200/4600 and vSRX2.0/3.0 platforms, the Chassis Cluster (HA, High Availability) control link remains up even though the control link is actually down. The failover cannot be executed in this situation and this issue has traffic/service impact.
PR Number Synopsis Category:all logging related bugs on srx platforms
1435352 The rtlogd daemons on HA RE nodes go into deadlock status
 
The rtlogd daemons on the two RE HA nodes go into deadlock status when rtlogd on both nodes are busy with sending data to each other in the single thread context.
PR Number Synopsis Category:Firewall Policy
1419983 The NSD process might stop due to a memory corruption issue
 
The NSD process might stop due to a memory corruption issue. As a result, security-related configurations cannot be committed on SRX Series device and core files are generated.
1458639 The nsd process may get stuck and cause problems
 
On all SRXs that have policy counter configured, there is a potential risk where the network-security daemon (NSD) on the RE could not communicate with its PFE counterpart (NSD-PFE) after either a HA failover, control link down, or PFE restart. At that point, it could no longer respond to network-security related commands and will not be able to complete coldsync for a newly joined node in HA environment.
PR Number Synopsis Category:IPSEC/IKE VPN
1444730 The IPsec VPN traffic drop might be seen on SRX Series platforms with NAT-T scenario.
 
On SRX platforms, when NATT (NAT-Traversal) is used for an IPsec VPN tunnel, the traffic through the tunnel may stop forwarding after a rekey.
1446078 IPSec tunnels with distribution profile configuration will be renegotiated after perform RG0 failover on SRX5K with SPC3
 
On SRX5400, SRX5600 or SRX5800 with SPC3, when IPSec tunnels are set up with distribution profile configuration and chassis cluster is configured, the tunnels will be renegotiated after perform RG0 failover. There will be traffic interruption until it is restored automatically.
1449296 Sometimes old SAs are not deleted after rekey and the number of IPSec tunnels shows up more than the configured tunnels
 
On SRX5000 series with SPC3 card, sometimes old SAs are not deleted after rekey and the number of ipsec tunnels shows up more than the configured tunnels
1456301 IPSec VPN tunnels are losing routes for traffic selector randomly while tunnel is still up, causing traffic loss of these IPSec VPN tunnels.
 
Randomly in IKEv1 mode, IPSec VPN tunnels are getting disconnected with the other router being the peer node. Due to this, the traffic selector routes are getting deleted and causing traffic complete loss of these VPN tunnels. Adding static routes can help to avoid traffic loss, while at the same time, the affected tunnels will still flap.
PR Number Synopsis Category:Security platform jweb support
1410401 Junos OS: Session fixation vulnerability in J-Web (CVE-2019-0062)
 
A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. Please refer to https://kb.juniper.net/JSA10961 for more information.
1446990 The idle-timeout for J-Web access doesn't work properly.
 
The default idle-timeout value for J-Web access is 30 minutes.
1448541 J-Web fails to display the traffic log in event mode when stream mode host is configured
 
On SRX Series devices, configure event mode logging for displaying the traffic log in J-Web. But when a stream mode host is configured under security/log, J-Web is no longer able to display the traffic log.
1461599 Editing Destination-NAT rule in J-Web introduces a non-configured routing-instance field
 
When a new Destination-NAT pool is added, the routing-instance field does not need to be filled. But, when the same pool is edited and no changes have been added, the routing-instance is auto-populated and needs a commit, which is not expected. This happens only via GUI.
PR Number Synopsis Category:Layer 2 Circuit issues
1418870 The rpd crash might be seen if l2circuit/local-switching connections flap continuously
 
On all Junos platforms, if there are multiple interfaces configured under a single l2circuit/local-switching, and each of these interfaces has a description field configured under them, when l2circuit/local-switching connections flapping continuously, memory usage increment might happen, eventually, it will result in rpd crash because of running out of memory.
PR Number Synopsis Category:Layer 2 Control Module
1450832 VLAN config change with l2ald restart might cause Kernel sync issues and impact forwarding
 
On all Junos platforms including MX, EX, QFX and SRX devices, VLAN config change with l2ald restart might cause Kernel sync issues and impact forwarding. The "show route forwarding table" may show dead BDs, MACs and the "show vlans extensive" may show the state as destroyed.
1469635 Memory leak on l2cpd process might lead to l2cpd crash
 
On all Junos platforms with l2cpd (Layer-2 control protocols) daemon, committing configuration changes which are processed by l2cpd (e.g., flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, family ethernet-switching) might cause marginally memory leak. Committing the l2cpd processed configuration changes in a successive manner might cause the memory resource exhaustion (Some operations have the same effect as the committing action, e.g., bouncing a vlan-tagged interface in a successive way). Eventually, it could result in the l2cpd process crash.
PR Number Synopsis Category:Label Distribution Protocol
1451157 The LDP route timer is reset when committing unrelated configuration changes
 
The LDP route timer is reset due to committing unrelated configuration changes. As usual, the "route timer reset" implies route churn, but LDP itself is not affected as there is no real nexthop change in the case of configuration commit with unrelated changes. However, protocols using the LDP route as protocol nexthop may be impacted.
1460292 High CPU usage and rpd coredump might be observed if "ldp track-igp-metric" is configured and IGP metric is changed
 
If "protocols ldp track-igp-metric" is configured, metric change of IGP route might cause high CPU usage and rpd coredump on the device.
PR Number Synopsis Category:Multiprotocol Label Switching
1433287 SRLG entry shows Uknown after removing it from configuration in show mpls lsp extensive output or show mpls srlg. Shows Unknown-0xXX (XX will vary)
 
After deleting srlg from an interface under (protocols -> mpls or routing-options -> srlg, Unkown-0xXX (XX will vary) can be seen in the output of show mpls srlg and under show mpls lsp extensive for previously configured LSPs. No known impact due to these Unknown entries.
PR Number Synopsis Category:Multicast Routing
1457228 Few seconds of traffic drop might be seen on the existing receivers when another receiver joins/leaves
 
With "protocol igmp-snooping" configured, if some receiver joins/leaves a group, few seconds of traffic drop might be seen on the existing receivers.
PR Number Synopsis Category:Fabric Manager for MX
1451958 [MX] Error dropped packets seen on MQ/XM based MPC cards though there is no traffic flowing through the system
 
After fixing PR 1338647, Error dropped packets are seen on MQ/XM based MPC cards, though there is no traffic flowing through the system.
PR Number Synopsis Category:SW PRs related to Vale Edge (MX10K) development
1451011 JNP10K-LC2101 FPC generates "Voltage Tolerance Exceeded" major alarm for EACHIP 2V5 sensors
 
Alarm "FPC X Voltage Tolerance Exceeded" and got cleared after ~ 20second for FPC model "JNP10K-LC2101". Alarm is raised for EA_chip_2v5 sensors as voltage readings are reported as out of tolerance. The issue is due to incorrect reading of voltage level, there shall be no impact expected from this issue. %DAEMON-4: Alarm set: CB color=RED, class=CHASSIS, reason=FPC 0 Voltage Tolerance Exceeded %DAEMON-4: Receive FX craftd set alarm message: color: 1 class: 100 object: 143 slot: 0 silent: 0 short_reason=FPC 0 Voltage Failure long_reason=FPC 0 Voltage Tolerance Exceeded id=1946157199 reason=1946157056 %DAEMON-4: Major alarm set, FPC 0 Voltage Tolerance Exceeded Following error might be seen in host logs: fpc_volt_read:1183 Volt tolerance failure Address: 0x35 Segment: 0x10 Sensor Name: EA0_2V5 ratio = 0.317200 fpc_volt_read:1183 Volt tolerance failure Address: 0x35 Segment: 0x10 Sensor Name: EA0_2V5 ratio = 0.317200
1462065 "CHASSISD_SNMP_TRAP6: SNMP trap generated: Power Supply failed" when both DIP switches and power switch are turned off
 
On MX10008 there is a "Power Supply failed" SNMP trap generated for every power supply which has no feeds connected to it. This happens even if both DIP switches and the power switch on the Power Supply are turned off and no feeds are connected to the PEM.
PR Number Synopsis Category:FreeBSD Kernel Infrastructure
1433224 The operations on console might not work if the knob "system ports console log-out-on-disconnect" is configured
 
With the knob "system ports console log-out-on-disconnect" configured, if executing some operations on console, the console operations might fail to work properly.
1442376 EX2300 platforms might stop forwarding traffic or responding to console
 
On EX2300/EX2300-C platforms, if Junos software is with FreeBSD kernel version 11 with the build date on or after 2019-02-12, the switch may stop forwarding traffic or responding to console. Power cycle of switch would recover the issue.
1456668 Certain EX-series platforms might generate vmcore by panic and reboot
 
Certain EX-series platforms might generate vmcore by panic and gets reset. This is a rare case since it occurs only when JFE (Junos FreeBSD Extension) statistic- too_long_complete is incremented. user@host> show system core-dumps no-forwarding -rw-r--r-- 1 root wheel 283194368 DDMMYYY /var/crash/vmcore.direct
PR Number Synopsis Category:IPv6/ND/ICMPv6 issues
1455893 Device chooses incorrect source address for locally originated IPv6 packets in routing-instance when destination address is reachable via static route with next-table knob
 
The source address for IPv6 packets is calculated incorrectly if the destination IPv6 address covered by a static route with the "next-table" configuration option.
PR Number Synopsis Category:PFE Peer Infra
1448858 Interface attributes might cause high CPU usage of dcd
 
When the interface attributes are configured, this configuration might cause an error in the IRSD (IRSD syncing errors) and lead the CPU usage of dcd spike up. The convergence time of this interface will be impacted.
PR Number Synopsis Category:OSPF routing protocol
1432615 Per-Prefix LFA might not work as expected where the last hop needs to be protected on the penultimate node
 
On all Junos platforms working as the source node (e.g. node S) where Per-Prefix Loop Free Alternate (PP-LFA) is configured for Open Shortest Path First (OSPF) routing protocol, if the destination prefix is learned from two originator nodes (e.g. node E and node F) with different costs, and both originator nodes E and F are directly connected with the source node S, PP-LFA might not work as expected in such scenario where the last hop needs to be protected on the penultimate hop. Due to this issue, an improper backup nexthop might be selected which couldn't handle node failure case and micro-loop might be seen.
1459080 The rpd might crash when OSPF router-id gets changed for NSSA with area-range configured
 
The rpd crash might be observed due to modification of router-id in OSPF NSSA with area-range configured.
PR Number Synopsis Category:Used for tracking OVSDB software issues and features
1382522 New CLI knob to enable copying of Open vSwitch Database (OVSDB) to RAM on Virtual Chassis backup RE instead of SSD
 
In Open vSwitch Database (OVSDB) environment with Solid State Drive (SSD) installed on the backup RE side, master RE copies /var/db/ovsdatabase to backup RE whenever ovsdatabase is updated and the backup RE writes the whole ovsdatabase file to the SSD card. SSD endurance is based on the number of write/erase cycles a flash block. You may want to use RAM instead of SSD. Introduce a new CLI knob to enable copying of database to RAM on backup RE (instead of SSD). This knob can be enabled only on QFX5K platforms. >>set protocols ovsdb copy-ovsdatabase-to-backup-ram >> The knob would be disabled by default. If the new knob is enabled, VGD (Virtual-Tunnel-End-Point-Management Daemon) will copy /var/db/ovsdatabase from master to backup RAM file partitions when OVSdatabase file changed. When backup RE becomes master RE (Ex: switch-over) and if new knob is enabled, then the file will be copied from RAM to /var/db/ovsdatabase in SSD.
1452149 Vgd core might happen when tunnel getting deleted twice
 
If OVSDB is enabled on the device, in a rare case, vgd (VTEP gateway daemon) core might be seen when a tunnel is getting deleted twice. It may cause OVSDB to not work properly.
PR Number Synopsis Category:Provider Backbone (PBB) EVPN PFE functionality on MX
1453203 The bridge mac-table age timer does not expire for rbeb interfaces
 
On MX-Series platforms with PBB-EVPN environment, the bridge mac-table age timer might not expire for rbeb interfaces when the MAC table reaches its aging time.
PR Number Synopsis Category:pfe forwarding daemon
1448161 LACP cannot work with the encapsulation flexible-ethernet-services configuration.
 
On branch SRX platforms, if 'encapsulation flexible-ethernet-services' is configured with LACP protocol on an AE interface, the AE interface does not work properly.
PR Number Synopsis Category:Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1426737 The dcpfe/PFE might not start on AS7816-64X and QFX5K TVP platform devices
 
The dcpfe/PFE might not start on AS7816-64X and QFX5K TVP platform devices which results in all the interfaces going down.
1453821 "show chassis led" shows wrong status
 
"show chassis led" status outputs may not proper along with some port status
PR Number Synopsis Category:Interface related issues. Port up/down, stats, CMLC , serdes
1423496 Ports may get incorrectly chanalized if they are 10G already and they are channelized to 10G again
 
On all junos platforms with channelizing ports on FPCs, if a 40G port which are channelized to 10G ports already (eg:xe-2/0/16:0) are being channelized to 10G again, they may get incorrectly channelized.
PR Number Synopsis Category:QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1457456 Over temperature SNMP trap messages are shown up after update even though the temperature are within the system thresholds
 
EX2300 and QFX series switches generate SNMP trap for high temperature after upgrading to any of the affected Junos software. This is due to a temperature threshold value being set incorrectly in the software, SNMP false trap related to temperature gets generated and results in "over temperature" logs.
PR Number Synopsis Category:QFX platform optics related issues
1337340 On QFX5100 platforms, LR4 QSFP can take up to 15 min to come up after VC reboot
 
On QFX5100 platforms, LR4 QSFPs might take take longer to come up than others (up to 15 minutes). This is a intermittent occurrence.
1402127 QSFP-100GBASE-SR4/LR4 might take a long time to come up after disabling interface or reboot
 
On QFX5110 platform with QSFP-100GBASE-SR4/LR4 port used, after disabling an 100G port and then enable the port again, or reboot the device, there is a long time delay (5-15 minutes) before the ports come up.
PR Number Synopsis Category:QFX PFE Class of Services
1445960 CoS classifier might not work as expected
 
On QFX5000 Series platforms(except for the QFX5100) in the VxLAN scenario, the traffic is not classified properly on the UNI interface which has multiple VLANs configured.
1453512 The classifier configuration doesn't get applied to the interface in an EVPN/VXLAN environment
 
On QFX5100/QFX5110/QFX5120/QFX5200/QFX5210 Series platforms with an EVPN/VXLAN scenario, the classifier might not be applied to the interface successfully and all traffic flows in the best-effort queue.
PR Number Synopsis Category:QFX L2 PFE
1437295 The FPC might crash if both the AE bundle flapping on local device and the configuration change on peer device occur at the same time
 
On QFX platforms, the FPC might crash if both the AE (Aggregate Ethernet) bundle flapping on local device and the configuration change on peer device which can cause the interface down occur at the same time.
1439268 LACP MUX state struck in "Attached" after disabling peer active members when link protection is enabled on local along with force-up.
 
When lacp is configured with link protection and force-up on local, and peer is configured with link protection, disabling the active member on peer device causes LACP MUX state to be stuck in attached state. Issue is not seen if link protection is not configured on the peer device. The feature where link protection and force-up is configured on local and link protection is configured on peer is not qualified. It is mention in release note, so that it can be documented.
PR Number Synopsis Category:QFX L3 data-plane/forwarding
1452433 There might be interface reachability issues on AS7816
 
On AS7816 devices loaded with Juniper NOS, the interface might not be reachable and the protocols (e.g. bgp, ospf etc) will not come up. The AS7816 device comes up with 1024 MAC addresses. The issue is due to the NOS is not able to read and interpret the MAC address on the interface.
PR Number Synopsis Category:QFX EVPN / VxLAN
1441690 The L3 communication might break on an interface which is configured with flexible-ethernet-services
 
On QFX5100/5200 switches when an interface is configured for both L2 and L3 units with flexible-ethernet-services encapsulation, L3 communication breaks and ARP resolution is affected if the hardware token used by L3 unit is same as a VLAN allowed over VxLAN on the L2 unit. This hardware token is randomly generated.
PR Number Synopsis Category:RPD Interfaces related issues
1460181 The "forwarding" option is missed in routing-instance type
 
On PTX10008/PTX10016/QFX10008/QFX10016 Series platforms, the "forwarding" option for routing-instance type configuration is missed, it might impact the function related to this configuration. For example, FBF won't work because of the missing configuration.
1460181 The "forwarding" option is missed in routing-instance type
 
On PTX10008/PTX10016/QFX10008/QFX10016 Series platforms, the "forwarding" option for routing-instance type configuration is missed, it might impact the function related to this configuration. For example, FBF won't work because of the missing configuration.
PR Number Synopsis Category:RPD Next-hop issues including indirect, CNH, and MCNH
1406070 The rpd might crash or duplicated routes might be seen if doing configuration change with BGP multipath and flapping routes
 
On all platforms, if doing configuration change (with BGP multipath) and flapping the IGP/LDP/RSVP routes simultaneously, the rpd crash or duplicated routes might be seen.
1424819 The rpd keeps crashing after changing configuration
 
In the ECMP (Equal-Cost Multipath) environment with existing more than 8 multipath for a given route, changing configuration (e.g. delete routing protocol IGP or LSP) is trying to delete a software structure which was already corrupted sometime earlier due to memory corruption, and this may cause the rpd to keep crashing. This issue applies to all types of nexthops with multipath.
PR Number Synopsis Category:RPD policy options
1450123 The rib-group might not process the exported route correctly
 
The rib-group with a policy that matches route next-hop can fail to add the route to the secondary routing table when matched route next-hop is changed to another one and then referred back again after some time. This issue has traffic impact as the exported route will lose in the secondary routing table.
PR Number Synopsis Category:RPD route tables, resolver, routing instances, static routes
1442952 The rpd might crash with SRTE configuration change
 
In BGP segment routing traffic engineering (SRTE) scenario, process rpd might crash when knob "extended-nexthop-color" is added or removed from the BGP configuration.
PR Number Synopsis Category:show route table commands, tracing, and syslog facilities
1449305 EX3400 -- IPv6 routes received via BGP don't show correct age time
 
On EX3400 platform, IPv6 routes received via BGP routing protocol might show an age time of '00:00:00' when displayed using the CLI command "show route"
PR Number Synopsis Category:Resource Reservation Protocol
1445994 Traffic blackhole likely if two consecutive PLRs along the LSP perform local repair simultaneously under certain mis-configured conditions
 
In RSVP environment with link or node protection deployed, if two consecutive PLRs (point of local repair) along the LSP perform local repair simultaneously and if backup LSP signaling between the downstream PLR & MP (merge point) pair fails due to any reason, then the backup LSP signaling between the upstream PLR & MP pair also does not succeed. Then due to a software defect the upstream PLR does not correctly clean up the LSP state and continues to send traffic into the backup LSP, resulting in traffic blackhole at the downstream PLR.
PR Number Synopsis Category:SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1446931 NAT service-set in certain scale might fail to get programmed
 
In NAT/stateful-firewall scenario using service PIC on MX platforms, the service-set might fail to get programmed after configuration commit if the configuration scale is in particular range hitting the issue.
1460027 The PPTP doesn't work with destination NAT
 
On the MX platform, if the PPTP control connection is established with destination NAT (network address translation), it will be failed. This issue will cause the PPTP traffic loss.
PR Number Synopsis Category:SRX Argon module bugs
1460619 The aamwd process exceeds 85% RLIMIT_DATA limitation due to memory leak
 
The "aamwd" process may exceed 85% RLIMIT_DATA limitation due to memory leak when there is a connection issue with the Sky ATP server.
PR Number Synopsis Category:platform related PRs on SRX branch platforms
1440194 The flowd process stops on SRX550 or SRX300 line of devices when SFP module is plugged in.
 
When SFP module is plugged in SRX550,SRX300,SRX320,SRX340 or SRX345 series devices, the flowd process crashes on SRX device.
1449728 Junos OS upgrade fails when partition option is used.
 
Branch SRX device fails to upgrade Junos image when partition option is used.
1451860 The rpd process might crash and restart with an rpd core file created when committing the configuration
 
On SRX300/320/340/345 Series platforms, when the protocol (BGP/ISIS/OSPF) authentication-Key, Master system-password, and TPM password is configured, the rpd process might crash during committing the configuration on the device.
PR Number Synopsis Category:Stout cards (MPC7, MPC8, MPC9) microkernel issues
1453871 The FPC might crash when the severity of error is modified
 
If the severity of the error on FPC is modified through the Uniform resource identifier (URI) format, after committing the modification, the FPC which is applied to this configuration might crash.
PR Number Synopsis Category:MX10002 Platform SW - Platform s/w defects
1426120 MPC reboot or RE mastership switchover might occur on MX204/MX10003
 
On MX204/MX10003, if there's high rate of fragmented traffic received on em3 interface, em3 watchdog timeout might occur. It could cause MPC reboot or RE mastership switchover.
1426120 MPC reboot or RE mastership switchover might occur on MX204/MX10003
 
On MX204/MX10003, if there's high rate of fragmented traffic received on em3 interface, em3 watchdog timeout might occur. It could cause MPC reboot or RE mastership switchover.
PR Number Synopsis Category:MX10003/MX204 MPC defects tracking
1445508 The 1G interface on MX204 might stay down after the device is rebooted
 
On MX204 platform, the interface with the parameter "speed 1g" configured might stay down after the device is rebooted. This is a timing issue.
PR Number Synopsis Category:SRX-1RU infrastructure SW defects
1408172 The show security flow session command fails with error messages when SRX4600 has over a million routing entries.
 
"show security flow session" command fails with error msg when SRX4600 has over million routing entries.
PR Number Synopsis Category:Trio LU, IX, QX, MQ chip drivers, ucode & related SW
1449427 On certain MPC line cards cm errors need to be reclassified
 
Cm errors on certain MPC line cards are classified as major which should be minor/non-fatal. If these errors are generated, it might get projected as a bad hardware condition and therefore trigger PFE disable action.
PR Number Synopsis Category:Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1442527 In "enhanced-ip" or "enhanced-ethernet" mode with DCU (destination-class-usage) accounting enabled, MS-DPC may drop all traffic that should egress via ae interface
 
On MX platform with "enhanced-ip" or "enhanced-ethernet" mode enabled, if the ae interface is configured with DCU accounting, MS-DPC might drop all traffic that should go out via the interface.
PR Number Synopsis Category:Trio pfe stateless firewall software
1409879 FPC crash may be observed with scaled subscribers login attempts
 
In a subscriber management environment with scaled subscribers login such as 200k PPPoE subscribers, FPC crash may be observed.
1453649 The RE originated IPv6 packets might be dropped when interface-group rule is configured under IPv6 filter
 
On all Junos platforms, when IPv6 filter with an "interface-group" rule is applied in output interface, the RE (Routing Engine) originated IPv6 packets might be matched the filter term. In case of a discard action is configured in the rule, IPv6 packets get dropped due to performing it.
PR Number Synopsis Category:Trio pfe bridging, learning, stp, oam, irb software
1434933 Traffic from the same physical interface can not be forwarded
 
In EVPN-MPLS scenario, if EVPN works at a logical interface while the ESI configured under the physical interface which the logical interface belongs, and if there are some other Layer 3 services (non-EVPN) using logical interfaces under the physical interface, then the traffic from any of these logical interfaces may not reach each other. Due to the ESI's split-horizon covers all logical interfaces of the physical interface, regardless whether the logical interface is used for EVPN.
1451559 In EVPN VXLAN scenario, sometimes host generated packets are getting dropped as hitting "reject route" in PFE
 
In EVPN VXLAN scenario, sometimes host generated packets are getting dropped as hitting "reject route" in PFE. For example, when you initiate the ICMP request sourced from EVPN instance's L3 GW irb address, the ICMP packet may not get out successfully in below scenario 1. control plane generated packet with overlay destination address (irb) belonging to one particular routing instance and the underlay (vtep) is on a different routing instance, This packet is inserted from control plane on the underlay's routing instance lookup which will fail leading to this control plane generated packet not go out. 2. When MPLS traffic engineering is enabled. The underlay vtep route in inet.0 will be labeled mpls route.
PR Number Synopsis Category:Web-Management UI
1454150 Problem with access to J-web after update from 18.2R2 to 18.2R3 junos version.
 
Problem with access to J-web after update from 18.2R2 to 18.2R3 junos version, causing incorrect permissions in the php session dir.
PR Number Synopsis Category:PTX/QFX10002/8/16 specific software components
1450090 "Power supplies" LED on the status panel stays green while one or more PEMs have FAULT LED turned on
 
"Power supplies" LED on the status panel stays green while one or more PEMs have FAULT LED turned on due to expected feed missing
1452604 PLL errors might be seen after FPC reboot or restart
 
On MX10008/MX10016 platforms, when FPC reboot or restart by any means, PLL_CMERROR_MPC_LMK04906_WAN_LD and PLL_CMERROR_MPC_LMK04906_WAN_LOS errors might be seen shortly after the FPC comes back online.
1459373 The error messages with "create_pseudos: unable to create interface device for pip0 (File exists)" might be seen after restarting chassisd
 
After chassisd restart (e.g. by 'restart chassis-control' cli command or otherwise) the logs are flooded with 'CHASSISD_IFDEV_CREATE_FAILURE: create_pseudos: unable to create interface device for pip0 (File exists)' messages every 2 seconds.
PR Number Synopsis Category:VMHOST platforms software
1453783 FB Hardening: "rngd: read error" is seen in daemon.log after system is idle for some time
 
Passing of /dev/random to guest is causing fpc to enter unstable state when host entropy drops below 200, especially when it reaches close to '0'So, removing the pass through of virtio random feature to guest for now until proper fix is available.
PR Number Synopsis Category:VNID L2-forwarding on Trio
1461860 Traffic received from vtep gets dropped if the VNI value used for type-5 routes is greater than 65535
 
With EVPN-VXLAN on MX platforms, the packets received from vtep would be dropped by PFE (Packet Forwarding Engine) if the VNI value used for type-5 routes is exceeding 65535.
PR Number Synopsis Category:Virtual Private LAN Services
1428862 VPLS neighbors might stay in down state after configuration changes in vlan-id
 
On all Junos platforms with NSR enabled, under EVPN-VPLS scenario, the VPLS neighbors might stay in down state after configuration changes in vlan-id.
PR Number Synopsis Category:Virtual Router Redundancy Protocol
1432361 VRRP mastership might flap when the tracked route is deleted or the tracked interface goes down
 
This is a timing issue, in VRRP scenario, if the tracked route is deleted or the tracked interface goes down, the priority of the current master is changed at once and this triggers a mastership switchover. At this time, there's a possibility that an advertisement packet with old priority is received because of timer expiration, which leads to the mastership of VRRP switch again.
1450652 Dual VRRP mastership might be seen after RE switchover ungracefully
 
When VRRP works in distributed mode (ie. delegate-processing is enabled under VRRP) with more than 250 VRRP sessions, dual VRRP mastership might be observed after RE switchover ungracefully (e.g. master RE failure).
Modification History:
Updated 2019-12-04 due to formatting issue
First publication date 2019-12-01
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search