Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles19.2R1-S2: Software Release Notification for JUNOS Software Version 19.2R1-S2
Junos Software service Release version 19.2R1-S2 is now available.
| PR Number | Synopsis | Category:Marvell based EX PFE L2 |
|---|---|---|
| 1463318 | The traffic dropped on EX4300-48MP device acting as a leaf in Layer 2 IP fabric EVPN VXLAN environment |
On EX4300-48MP device acting as a leaf in Layer 2 IP fabric EVPN VXLAN environment, the 100% traffic drop might be seen if unplug cable connected to the et interface and plug it back. |
| PR Number | Synopsis | Category:EX2300 & EX3400 VC |
| 1463635 | The VC function may be broken after upgrading on EX2300/EX3400 platforms |
On EX2300/EX3400 platforms, if the Direct Attach Copper (DAC) cable is used on a VC port and made by TE connectivity, the status of VC port may be detected as "Absent" after upgrading the device to 19.2+, as a result, the VC function may be broken. |
| PR Number | Synopsis | Category:QFX L3 data-plane/forwarding |
| 1443507 | IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present |
On all Junos platforms which are enabled with MultiChassis Link Aggregation Group (MC-LAG), if there are multiple Integrated Routing and Bridging (IRB) interfaces present, and the Inter Chassis Link (ICL) is also connected over an IRB interface, when both MC-LAG peers have not learnt link-local addresses and IPv6 ping is firstly initiated from the remote peer, the Neighbor Solicitation (NS) packet might take ICL path and couldn't get answered properly. |
| PR Number | Synopsis | Category:This is for Hw & Sw issues which are special for SPC3 car |
| 1429899 | Packet loss by FPGA backpressure on SPC3 |
On SRX5000 Series devices with an SPC3 card, sometimes very small amount of packet loss is observed. |
| PR Number | Synopsis | Category:accounting profile bugs |
| 1452363 | The pfed might crash and not be able to come up on the PTX or TVP platforms |
The flow label statistics are retrieved periodically by pfed for PTX or TVP platforms, if the statistics reply becomes very big number, the pfed might crash hence affecting traffic. |
| PR Number | Synopsis | Category:JUNOS kernel/ukernel changes for ACX |
| 1460391 | ACX5K: SNMP mib walk for jnxOperatingTemp not returning anything for FPC in new versions. |
ACX5K: SNMP mib walk for jnxOperatingTemp not returning anything for FPC in new versions. |
| PR Number | Synopsis | Category:Miscellaneous PFE on ACX |
| 1407098 | high CPU for fxpc processes with class-of-service changes on AE interfaces. |
high CPU for fxpc processes with class-of-service changes on AE interfaces. |
| PR Number | Synopsis | Category:"agentd" software daemon |
| 1401817 | The na-grpcd log file is not rotated and keeps growing until RE is out of disk space |
In JET/Telemetry scenario, the Telemetry log file is not rotated and keep growing until Routing Engine (RE) is out of disk space, this might cause unexpected impact of RE, and eventually lead to RE crash. The fix has now been provided to set max allowable size to 50M and once the file reaches its max size, it will get rotated and compressed. |
| 1427726 | When installing YANG package without "proxy-xml" knob, the cli environment could not working well |
In the normal YANG module code flow, it was not being checked if it is a xmlproxy YANG module. If installing the xmlproxy YANG package without the "proxy-xml" knob, CLI environment might not work as expected. |
| 1433378 | The gNMI 'set' RPC with 'replace' field does not work and the mgd-api crashes |
When gNMI 'set' RPC is executed from gNMI clients with 'replace' field, The mgd-api process crashes. All other fields with 'set' RPC work fine. Issue is only when 'replace' field exists in request. |
| PR Number | Synopsis | Category:MX Layer 2 Forwarding Module |
| 1459833 | False warning message seen on commit (commit check) "warning: vxlan-overlay-load-balance configuration for forwarding options has been changed....." after upgrade to 19.2R2-S1.4 |
After upgrading to 19.2R2-S1.4 below false-positive commit warning is seen even though there is no config change under 'forwarding-options vxlan-overlay-load-balance' # commit and-quit re0: [edit] 'forwarding-options' warning: vxlan-overlay-load-balance configuration for forwarding options has been changed. A system reboot is mandatory. Please reboot *ALL* routing engines NOW. Continuing without a reboot might result in unexpected system behavior. configuration check succeeds re1: configuration check succeeds commit complete re0: commit complete Exiting configuration mode |
| PR Number | Synopsis | Category:common or misc area for SRX product |
| 1437098 | LACP traffic distributed evenly on ingress child links but not on egress links |
On SRX5k with SPC3 and SRX4600 platforms, the distribution of traffic over Link Aggregation (LAG) member ports does not take into account layer 4 port information. |
| PR Number | Synopsis | Category:Border Gateway Protocol |
| 1351639 | The rpd crashes in JunOS 16.1 or higher during BGP convergence |
In JunOS 16.1 or higher, during BGP convergence, the input/output thread constructing the outgoing BGP PDU and manipulating the path attributes before hand-off the data to the socket. If this PDU length is zero, it will trigger an assertion and routing-protocol demon is restarting. |
| 1382892 | The rpd might crash under a rare condition if GR helper mode is triggered |
When graceful restart is configured on the BGP peer device, if the peer device initiate new TCP connection when there is an existing TCP connection for the BGP session, send OPEN message and this new TCP connection also get torn down immediately after establishment/sending of OPEN message. The rpd might crash. |
| 1412538 | BGP might stuck in Idle state when the peer triggers a GR restart event |
When NSR (nonstop-routing) is enabled in local device and BGP GR (Graceful-Restart) is enabled in peer device, if the peer triggers a GR restart (it is usually caused by some failure in peer or the peer restarts rpd, etc), some BGP sessions might stuck in Idle state. The reason is that when the GR restart happens, the device is still doing the initial sync to the backup RE of the previous sessions, so some BGP sessions might stuck in Idle state because the router does not complete the process (the initial sync of the data set to the backup). |
| PR Number | Synopsis | Category:MX Platform SW - FRU Management |
| 1442138 | The chassisd is unable to power off a faulty FPC after RE switchover which leading to chassisd restart loop |
In the MX router with a faulty (e.g. hardware error) FPC (Flexible PIC Concentrator) installed, performing RE (Routing Engine) switchover or restarting chassisd which may cause chassisd restart loop. This issue will cause traffic lose completely. |
| PR Number | Synopsis | Category:MX Platform SW - Mastership Module |
| 1424187 | The system does not reboot or halt as configuration when encountering the disk error |
When the system encounters disk error or halted system (ex. memory leak), the chassisd might go in hung state with the blow error messages even though "disk-failure-action reboot" or "disk-failure-action halt" is configured. |
| PR Number | Synopsis | Category:MX Platform SW - UI management |
| 1411062 | Slow SNMP response time on entityMIB might be seen in the fully loaded setup with many SFPs |
In the fully loaded setup with many SFPs, some SNMP queries might experience response delay due to higher priority daemons utilizing CPU resources. |
| PR Number | Synopsis | Category:Device Configuration Daemon |
| 1409535 | Unrelated AE interfaces might go down if committing configuration changes |
On all Junos platforms, if VRRP is running upon AE interfaces while committing any configuration changes related to AE interfaces, unrelated AE interfaces might go down. |
| PR Number | Synopsis | Category:L3 V4 V6 etc support for DNX |
| 1426734 | [ARP] RLI:39207:RIO-X:SKU ACX5448-D: 96K ARPs are getting populated but only 47K NH entries are present. So around 50% packet drop is observed. |
Due to BCM sdk design, EEDB hardware entry is not freed for unicast next-hop creation. This leads to resource leakage and is not allowing to higher scale. |
| PR Number | Synopsis | Category:EA chips SW |
| 1407506 | FPC crash and slow convergence upon HMC Fatal error condition when inline-jflow is used |
On MX platforms using MPC7E, MPC8E, MPC9E, MX10k-LC2101 or MX10003, when inline-jflow application is used, Fatal error on Hybrid Memory Cube (HMC) will perform "disable-pfe" action. Since Jflow records are hosted on the HMC memory partition, reading and writing to the HMC memory might trigger FPC crash and high FPC CPU utilization, causing slow convergence (adding/deleting routes or nexthops) for other PFEs on the same FPC carrier. |
| PR Number | Synopsis | Category:EA ucode SW issues |
| 1422464 | PFE wedge may be observed after performing the command "show forwarding-options load-balance ..." |
On MX platform, performing the command "show forwarding-options load-balance ..." may cause PFE wedge after some number of attempts (<200 in test), if the option "destination-address" of the command matches the default route with "discard" action, this is because a defect code causing internal flow errors is involved in that scenario. |
| PR Number | Synopsis | Category:Express PFE FW Features |
| 1433648 | Traffic drop might occur on PTX during filter change operation |
On PTX platforms, the device may fail to clean up old entries during filter change operation. Hence transit packets might get dropped on PFE. This is a timing issue. |
| PR Number | Synopsis | Category:Express PFE including evpn, vxlan |
| 1454603 | QFX10002-60c: EVPN-VXLAN: MAC+IP Count is shown as Zero |
EVPN-VXLAN: MAC+IP Count may be shown as Zero in the output of CLI show ethernet-switching global-information on Xellent (QFX10002-60c) |
| PR Number | Synopsis | Category:PTX Express ASIC interface |
| 1422535 | 4x10G interfaces on PTX3000/PTX5000 FPC type 3 might not come up after frequently flap for a large amount of time |
On PTX3000/PTX5000 platforms with FPC3, if remote-connected interface continuously flaps for a large amount of time, the 4x10G interfaces on FPC3 might get down and never come up. The probability of occurrence increases with the number of continuous flaps. |
| PR Number | Synopsis | Category:IDP policy |
| 1437569 | The flowd/srxpfe process crashes and generates a core dump |
On all SRX and vSRX platforms, the flowd/srxpfe process may crash and generate a core dump when upgrading the security package manually. |
| PR Number | Synopsis | Category:Kernel software for AE/AS/Container |
| 1445428 | Detached LACP member link gets LACP State as enabled in PFE when switchover because of device reboot |
If particular set of events happened the status for detached LACP link may get turned on in PFE which may later create traffic blackholing for transit traffic. |
| PR Number | Synopsis | Category:ISIS routing protocol |
| 1430581 | The next-hop of IPv6 route remains empty when a new ISIS link comes up |
In a scenario with ISIS running single spf (shortest-path-first) for IPv4 and IPv6, i.e. the multi-topology is not enabled, when a new ISIS link comes up, IFA (interface address) for IPv4 comes up quickly and the route is installed, but IFA for IPv6 is not up quickly due to DAD (Duplicate Address Detection) is enabled by default. Therefore, after spf calculation, the next-hop list for IPv6 remains empty for about 11 seconds, so, ISIS ends up with deleting the route. |
| 1455994 | Prefix SID conflict might be observed in ISIS |
In an ISIS segment routing scenario, prefix SID(Segment Identifier) might conflict for internal prefixes. When ISIS L2 to L1 route leaking policy is used after NSR(Nonstop active Routing), it is observed that the L1/L2 router appears to be leaking some prefixes twice, second time setting SID and all flags to 0 due to which all the SIDs have conflicting values as '0' which might cause traffic loss. |
| PR Number | Synopsis | Category:Flow Module |
| 1421497 | The after-NAT IP fragment packet might be dropped by firewall filter |
If firewall filter is configured on incoming interface that only allow pre-NAT IP packet, the after-NAT fragment packet might be dropped by firewall filter. |
| 1426090 | SRX5000 in Mixed-mode: Failed to clear sessions on SPC2 with error message "error: usp_ipc_client_recv_:ipc_pipe_read() failed read timed out after 5 second(s)" |
On the SRX5000 with SPC2 and RE3 mixed mode used, clearing sessions on SPC2 may fail. |
| 1433336 | VPN traffic fails after primary node reboot or power off |
On SRX platforms, IPSec tunnel is set up on chassis cluster, traffic pass through IPSec tunnel on the active node. IPSec traffic cannot pass through on backup node after reboot the active node. |
| PR Number | Synopsis | Category:JSR Application Services |
| 1460035 | srxpfe lcore-slave core dump |
Corrupted or Malformed HTTP long (over 64K bytes) message hits security policy which is attached on ICAP Redirect policy. Corrupted memory is freed. |
| PR Number | Synopsis | Category:IPSEC/IKE VPN |
| 1423821 | AVPN:Traffic Selector:IKEv2:SPC3/SPC2:Configuration-change:Old tunnel entries are also seen when new tunnel negotiation happens from peer device after change in ike gateway configuration at peer side. |
On SRX5k (SPC3/SPC2) series, when a duplicate user (same user with different ip address but same ike-id) comes in, in some cases, old ike sa entries don't get deleted right away. |
| 1431265 | SPC3:IPSEC: tunnel doesn't come up after changing configs from ipv4 to ipv6 tunnels in the script with "gateway lookup failed" error |
On SRX5000 Series devices with SPC3 card plugged in, sometimes VPN tunnel does not come up after changing configuration from IPv4 to IPv6 tunnels. |
| 1432434 | P1 config delete message is not sent on loading baseline config if there has been a prior change in vpn config |
The P2 object sharing from ikemd was always incrementing ref_count even for P2 modify/edit and this was causing problem while deleting the P2 followed by P1 object as ref_count was always +ve when checked even if all P2s are deleted. This was leading to undesirable consequences like iked core. |
| 1433424 | 19.2 IPsec VPN - ipsec sa in and out key sequence number update missing with cold-sync(secondary node reboot) |
In a chassis cluster, ESP or AH packet sequence number is not synchronized to the backup node after the backup node is rebooted. |
| 1433568 | IPsec VPN - Anti-replay: sequence number reset to zero while recovering SA after SPC3 or flowd crash/reboot |
There is a product limitation on SRX devices, when PFE reboots, the SA is re-installed from iked but the sequence numbers and anti-replay bitmap is not restored. These will be reset to 0. |
| 1443560 | The iked crashes on SRX5K with SPC3 when IPSec VPN/IKE is configured |
When IPsec VPN or IKE is configured on SRX5400, SRX5600, and SRX5800 platforms with SPC3, the IKE process stops and new IPsec VPN tunnel cannot be established until the IKE process is restored automatically. |
| 1449296 | Sometimes old SAs are not deleted after rekey and the number of IPSec tunnels shows up more than the configured tunnels |
On SRX5000 series with SPC3 card, sometimes old SAs are not deleted after rekey and the number of ipsec tunnels shows up more than the configured tunnels |
| 1455389 | The VPN flaps on the primary node after a reboot of the secondary node |
The VPN may flap on the primary node after a reboot of the secondary node when DPD is configured in the IPSec VPN. |
| PR Number | Synopsis | Category:Layer 2 Circuit issues |
| 1418870 | The rpd crash might be seen if l2circuit/local-switching connections flap continuously |
On all Junos platforms, if there are multiple interfaces configured under a single l2circuit/local-switching, and each of these interfaces has a description field configured under them, when l2circuit/local-switching connections flapping continuously, memory usage increment might happen, eventually, it will result in rpd crash because of running out of memory. |
| PR Number | Synopsis | Category:Layer2 forwarding on EX/NTF/PTX/QFX |
| 1445720 | The l2ald might crash when FPC is restarted |
On the restart of FPC, in some rare conditions the l2ald process crashes. The crash occurs when a line-card interface gets mapped to two internal indexes one of which is invalid and flood next-hop still includes the invalid index. The issue affects all the Junos platforms. |
| PR Number | Synopsis | Category:Multiprotocol Label Switching |
| 1427414 | MPLS LSP auto-bandwidth stats miscalculations may lead to high bandwidth reservation |
With auto-bandwidth configured for Resource Reservation Protocol (RSVP) Label Switched Path (LSP), when current stats collected are lower than previous values, the current stats is used to calculate rate and the rate can be skewed, hence large bandwidth might be wrongly reserved for the LSP. If there is no sufficient resources (e.g. bandwidth, alternative path) in the network, other LSPs might be torn down, or might not go up. |
| 1433857 | Restart Routing might cause RPD core while GRES and NSR enabled |
restart-routing command on Master RE might cause a core dump on Backup RE, while having GRES and NSR enabled. |
| PR Number | Synopsis | Category:Multi Protocol Label Switch OAM |
| 1436373 | The rpd might crash after executing 'ping mpls ldp' |
In LDP to BGP-LU stitching scenario, when BGP route goes down, MPLS ping is done before that route is pulled out of the routing table, the rpd will crash. |
| PR Number | Synopsis | Category:Track veHostd, vmm-sdk issues on Mt Rainier RE |
| 1448413 | vehostd Application failed Minor alarm |
Automatic restart of vehostd might fail and the following Minor alarm is seen with 'show system alarms' or 'show chassis alarms'. VMHost RE 0 host vehostd Application failed or VMHost RE 1 host vehostd Application failed The process can be restarted manually in affected releases. After the fix of this PR, the process restart is handled properly. |
| PR Number | Synopsis | Category:FreeBSD Kernel Infrastructure |
| 1425608 | The kernel crashes when removing mounted USB while a file is being copied to it |
If pulling out a USB storage device from the system while files are being copied, the kernel panics and the system restarts. |
| 1433224 | The operations on console might not work if the knob "system ports console log-out-on-disconnect" is configured |
With the knob "system ports console log-out-on-disconnect" configured, if executing some operations on console, the console operations might fail to work properly. |
| 1442376 | EX2300 platforms might stop forwarding traffic or responding to console |
On EX2300/EX2300-C platforms, if Junos software is with FreeBSD kernel version 11 with the build date on or after 2019-02-12, the switch may stop forwarding traffic or responding to console. Power cycle of switch would recover the issue. |
| PR Number | Synopsis | Category:"ifstate" infrastructure |
| 1437762 | The CPU utilization on a daemon might keep around 100% or backup RE might crash in race conditions |
The CPU utilization on a daemon might keep around 100% or backup RE might crash in race conditions (it may get hit or triggered at times by some churn in the system, no specific trigger). |
| PR Number | Synopsis | Category:Protocol Independant Multicast |
| 1434347 | Removing MVPN configuration from an vrf instance may result in rpd core as it is considered as a catastrophic change for routing daemon |
Removing MVPN configuration from an vrf instance may result in rpd core as it is considered as a catastrophic change for routing daemon. |
| PR Number | Synopsis | Category:Issues related to PKI daemon |
| 1465966 | Loading CA certificate causes the process pkid crash |
If a CA certificate includes CRL URL that doesn't has "/" separate URL from the "hostname:port" section, when SRX load it, pkid core dump might happen and any service rely on CA will be affected. |
| PR Number | Synopsis | Category:Periodic Packet Management Daemon |
| 1448670 | The connection between ppmd(RE) and ppman(FPC) might get lost due to session timeout |
Under certain circumstances such as JUNOS VM freeze at the Routing Engine, ppmd to ppman connection might be closed if the session timeout is greater than 3 seconds in either direction. This might lead to flapping of distributed ppm protocol adjacency such as lacp/mBFD. |
| PR Number | Synopsis | Category:PTP related issues. |
| 1453531 | PTP out of sync when HWDB is not accessible during initialization |
On all Junos platforms, due to a software defect, sometimes the HWDB (an internal database) might not accessible during initialization, causing the IEEE 1588 flood token not installed properly, which is leading to PTP synchronization issues in case of multi-line cards scenario. |
| PR Number | Synopsis | Category:Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI |
| 1426737 | The dcpfe/PFE might not start on AS7816-64X and QFX5K TVP platform devices |
The dcpfe/PFE might not start on AS7816-64X and QFX5K TVP platform devices which results in all the interfaces going down. |
| 1453821 | "show chassis led" shows wrong status |
"show chassis led" status outputs may not proper along with some port status |
| 1456742 | The laser from the 10G SFP+ interface is still on when the interface is disabled or the device is rebooted |
On the QFX5210 platform, the laser is still emitting from 10G SFP+ port even though the interface is disabled or the device is rebooted. It will cause the peer's interface is still up and might impact traffic. |
| 1456742 | The laser from the 10G SFP+ interface is still on when the interface is disabled or the device is rebooted |
On the QFX5210 platform, the laser is still emitting from 10G SFP+ port even though the interface is disabled or the device is rebooted. It will cause the peer's interface is still up and might impact traffic. |
| 1458514 | QFX5210 : LED does not light on port 64 and 65 after upgraded to 19.2R1. |
On QFX5210, physical LED does not light on port 64 and 65 though traffic is passing through. |
| PR Number | Synopsis | Category:QFX platform optics related issues |
| 1402127 | QSFP-100GBASE-SR4/LR4 might take a long time to come up after disabling interface or reboot |
On QFX5110 platform with QSFP-100GBASE-SR4/LR4 port used, after disabling an 100G port and then enable the port again, or reboot the device, there is a long time delay (5-15 minutes) before the ports come up. |
| PR Number | Synopsis | Category:QFX L3 data-plane/forwarding |
| 1452433 | There might be interface reachability issues on AS7816 |
On AS7816 devices loaded with Juniper NOS, the interface might not be reachable and the protocols (e.g. bgp, ospf etc) will not come up. The AS7816 device comes up with 1024 MAC addresses. The issue is due to the NOS is not able to read and interpret the MAC address on the interface. |
| PR Number | Synopsis | Category:RPD Next-hop issues including indirect, CNH, and MCNH |
| 1424819 | The rpd keeps crashing after changing configuration |
In the ECMP (Equal-Cost Multipath) environment with existing more than 8 multipath for a given route, changing configuration (e.g. delete routing protocol IGP or LSP) is trying to delete a software structure which was already corrupted sometime earlier due to memory corruption, and this may cause the rpd to keep crashing. This issue applies to all types of nexthops with multipath. |
| 1458595 | The rpd crash might be seen if BGP route is resolved over same prefix protocol next-hop in inet.3 table which has both RSVP and LDP routes |
In race condition, if BGP route is resolved over same prefix protocol next-hop in inet.3 table which has both RSVP and LDP routes, when the RSVP and LDP routes are flapping (firstly these routes are down and then up), the BGP route will be re-resolved, and then the rpd crash might be seen. |
| 1460786 | IPv6 Prefix might be hidden when received over IPv4 BGP session |
When labeled-IPv6 and non-labeled IPV6 prefixes are received with the same protocol nexthop and the outgoing interface does not have MPLS family enabled, the IPv6 non-labeled route will be in inactive state and remains in hidden state. |
| 1461980 | The rpd might crash after committing dynamic-tunnel-anchor-pfe knob |
On the MX platform, the rpd might crash if "dynamic-tunnel-anchor-pfe" is configured. |
| PR Number | Synopsis | Category:RPD route tables, resolver, routing instances, static routes |
| 1412667 | The L3VPN link protection doesn't work after flapping the CE facing interface |
Provider Edge Link Protection in Layer 3 VPNs doesn't recover after flapped the CE facing interface. |
| 1431227 | IPv6 aggregate routes are hidden |
IPv6 aggregate routes get hidden in the routing table until the rpd is restarted in some rare situations. |
| 1442952 | The rpd might crash with SRTE configuration change |
In BGP segment routing traffic engineering (SRTE) scenario, process rpd might crash when knob "extended-nexthop-color" is added or removed from the BGP configuration. |
| 1459384 | The rpd memory leak might be observed on backup routing engine due to BGP flap |
In a BGP scenario when certain routes are flapping frequently, it could lead to rpd memory leak on backup Routing Engine. The rpd might crash and restart once the rpd runs out of memory for certain junos releases. |
| PR Number | Synopsis | Category:jflow/monitoring services |
| 1414568 | The SRRD might crash when memory corruption occurs |
The SSRD (sampling Route-Record Daemon) process may restarts when it can not allocate memory. |
| 1439630 | Sampling might return incorrect ASN for BGP traffic |
In a BGP scenario with sampling enabled, incorrect ASN (autonomous system number) might be returned for the traffic originated from an internal prefix. This is because some AS paths and routes don't hold the latest information in the message buffers that srrd (sampling route-record daemon) uses to send to the clients. |
| PR Number | Synopsis | Category:SSL Proxy functionality on JUNOS |
| 1430277 | Memory issue due to SSL proxy whitelist or whitelist URL category. |
The SSL proxy config object is not released when a session is using a particular configuration object and an update is received for the same configuration object. The old configuration object should be released when the session closes which is not happening. |
| PR Number | Synopsis | Category:MPC7/8/9 chassis issues |
| 1437855 | The chassisd might crash after enabling hash-key |
On all Junos platforms, if hash-key is enabled under chassis, packets might be dropped due to chassisd crash, even packets on other FPCs which the hash-key is disabled. |
| PR Number | Synopsis | Category:Trio pfe stateless firewall software |
| 1442868 | Some duplicate flowtap filters are programmed after the restart of dynamic-flow-capture |
On MX platform with MPC10/MPC11, after restart of dynamic-flow-capture, duplicate flowtap filters are programmed. |
| 1442868 | Some duplicate flowtap filters are programmed after the restart of dynamic-flow-capture |
On MX platform with MPC10/MPC11, after restart of dynamic-flow-capture, duplicate flowtap filters are programmed. |
| PR Number | Synopsis | Category:Trio pfe l3 forwarding issues |
| 1432724 | Output traffic statistics may be incorrect with RE generated traffic |
Statistics of traffic generated by the Routing Engine on the MX platform is incorrect. The 'Output bytes' counter is off by 6 bytes per packet for outbound traffic going out of MPC1E/2E/3E/4E/5E/6E interfaces. The same issue is not seen on the TurboTx path with linux based FPCs - MPC7E/8E/9E and PTX FPC3 |
| PR Number | Synopsis | Category:Junos Automation, Commit/Op/Event and SLAX |
| 1445917 | Python op scripts executed as user "nobody" if started from NETCONF session, not as logged in user, resulting in failing PyEZ connection to the device. |
When executed over Junos CLI, Python op script is started as a separate process with the same user as the user which started the script.However, when the python op script is started from NETCONF session, the script started as a process from user "nobody". If the script is using PyEZ session to connect to the device and execute RPC commands, it will return the following error from Pyez: ConnectError(host: None, msg: user "nobody" does not have access privileges.). This is fixed by executing with the python op script with the same user as the user from the NETCONF session which invoked op script. This means that the behavior from CLI and NETCONF sessions are the same. |
| PR Number | Synopsis | Category:UI Infrastructure - mgd, DAX API, DDL/ODL |
| 1431198 | Error might be observed when using a script to load-configuration |
Multiple delete of a non existing config statements produces errors via rpc load-configuration. |
| 1445651 | Junos 19.2 group level use of wildcard <*> |
In Junos 19.2R1 the use of wildcard <*> is not an available option at the group level of the Junos CLI. This issue will be fixed in Junos 19.2R2 and releases going forward. |
| PR Number | Synopsis | Category:VSRX platform software |
| 1454553 | 19.3R1: vSRX3.0 does not support AWS c4.L |
vSRX3.0 in 19.3R1 cannot be launched on a VM with total memory less than 4G bytes. Since AWS C4.L has total 3.75G, vSRX3.0 in 19.3R1 release does not support C4.L. |
| PR Number | Synopsis | Category:ZT pfe firewall software |
| 1465153 | MPC10E may crash due to inconsistencies during firewall filter add/delete operations |
MPC10E may crash due to inconsistencies during firewall filter add/delete operations and result in traffic blackhole |
| 1465153 | MPC10E may crash due to inconsistencies during firewall filter add/delete operations |
MPC10E may crash due to inconsistencies during firewall filter add/delete operations and result in traffic blackhole |
Security Alerts and Vulnerabilities
Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search