Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles18.4R1-S5: Software Release Notification for JUNOS Software Version 18.4R1-S5
| PR Number | Synopsis | Category:QFX L3 data-plane/forwarding |
|---|---|---|
| 1367439 | Invalid VRRP mastership election on QFX5110-VC peers |
Both QFX5110, used as VRRP peers, in some specific scenarios involving configuration of bpdu-block-on-edge might claim to be VRRP masters. |
| PR Number | Synopsis | Category:EX2300 & EX3400 platform |
|---|---|---|
| 1351757 | On EX3400 when me0 ports are connected between 2 EX3400 switches the link does not come up. |
On Ex3400 when me0 ports are connected between 2 EX3400 switches, the link does not come up. The link comes up when me0 is connected to network port. |
| PR Number | Synopsis | Category:QFX Access control list |
| 1429543 | The traffic with destination UDP port 520 (RIP) or 521 (RIPng) gets dropped on QFX5000/EX4600 platforms |
On QFX5000/EX4600 platforms, the received traffic will be dropped if the destination UDP port is 520/521 though the device runs pure layer 2 swithcing. |
| PR Number | Synopsis | Category:QFX PFE CoS |
| 1433252 | The traffic is placed in network-control queue on extended port even if it comes in with different dscp marking |
In Junos Fusion scenario, when traffic from AD (aggregation device) to SD (satellite device) is exported with different dscp marking, it might be changed into network-control queue on extended port of SD. |
| PR Number | Synopsis | Category:QFX PFE L2 |
| 1437577 | Physical layer and MAC/ARP learning might not work for copper base SFP-T on QFX5100/QFX5110/EX4600 |
On QFX5100/QFX5110/EX4600 platforms, if copper base SFP-T is used, it might not get up on physical layer and the MAC/ARP learning might not work if it gets up. The PR fixes both layer-1 and layer-2 issues in this scenario. |
| 1467763 | The fxpc.core might be seen when committing the configuration all together, e.g., after the reboot |
On EX2300/3400/4300/4600 and QFX Series switches except for QFX10k, if committing the configuration all together (e.g., after the reboot), the fxpc/PFE core dump might be found. In the Virtual Chassis scenario, the VC members might be splitted because the VC ports might not be created in time. |
| PR Number | Synopsis | Category:QFX L3 data-plane/forwarding |
| 1460688 | The egress interface in PFE for some end-hosts may not be correct on the layer 3 gateway switch after it is rebooted |
On edge-routed bridging (ERB) EVPN-VXLAN multihoming designs with QFX5110 and QFX5120 switches work as Layer 3 gateways, in some rare condition, when one of the switches acting as L3 gateway comes up after reboot, the egress interface in PFE for some end-host may not be updated to the correct next-hop interface in the hardware on that gateway. This issue cause traffic disruption for the affected end host |
| PR Number | Synopsis | Category:JUNOS kernel/ukernel changes for ACX |
| 1385855 | On ACX led on GE interface goes down when speed 10M is added |
ACX led on GE interface goes down when speed 10M is added |
| PR Number | Synopsis | Category:Interfaces IFD, IFL, vlans, etc and BRCM init for ACX |
| 1427362 | The FPC/fxpc crash may be observed on ACX platforms |
In a rare condition, due to a timing issue, the FPC/fxpc may crash if the AE interface flaps, such as deactivating/activating the AE interface. |
| PR Number | Synopsis | Category:MPLS for ACX |
| 1435791 | In ACX platforms, no-vrf-propagate-ttl may not work after activate or deactivate of COS configuration |
No-vrf-propagate-ttl may not work after activate or deactivate of COS configuration in acx |
| PR Number | Synopsis | Category:common or misc area for SRX product |
| 1430941 | Unable to launch J-Web , when the device is upgraded through USB image |
On SRX5000 series, when the device is upgraded through USB image, J-Web is not available and needs to be installed through "request system software add optional://jweb-srx". |
| PR Number | Synopsis | Category:Border Gateway Protocol |
| 1351639 | The rpd crashes in JunOS 16.1 or higher during BGP convergence |
In JunOS 16.1 or higher, during BGP convergence, the input/output thread constructing the outgoing BGP PDU and manipulating the path attributes before hand-off the data to the socket. If this PDU length is zero, it will trigger an assertion and routing-protocol demon is restarting. |
| PR Number | Synopsis | Category:CoS support on DNX Platforms |
| 1443466 | RED drops might be seen after link flaps or CoS configuration changes |
On an ACX5448 box, link flaps or CoS configuration changes (specific to temporal value changes) might result in traffic drop on all interfaces and recorded as RED drops. |
| 1470619 | RED drop on interface, no congestion |
On DNX-based platforms such as an ACX5448 - when changing an interface configuration - such as from vlan-tagging to flexible-vlan-tagging 2-3 times - you may see persistent RED drops even when the interface does not experience congestion condition. |
| PR Number | Synopsis | Category: DNX platform interface |
| 1434900 | ACX5448 might malfunction in encapsulating small packets if egress link is 40G/100G |
On ACX5448, if egress link is 40G/100G, small size packets are encapsulated improperly and causing remote interface drops the packets as runts. |
| PR Number | Synopsis | Category:L3 V4 V6 etc support for DNX |
| 1426734 | [ARP] RLI:39207:RIO-X:SKU ACX5448-D: 96K ARPs are getting populated but only 47K NH entries are present. So around 50% packet drop is observed. |
Due to BCM sdk design, EEDB hardware entry is not freed for unicast next-hop creation. This leads to resource leakage and is not allowing to higher scale. |
| PR Number | Synopsis | Category:Miscellaneous PFE on DNX |
| 1422544 | slow copy image speed to ACX5448 |
copy images from WAN interface to RE of ACX5448 takes long time |
| PR Number | Synopsis | Category:Libjtask for RPD tasks, scheduler, timers, memory, and slip |
| 1431033 | Traceoptions file is exceeding configured file size limit and the file keeps on growing |
With 64-bit RPD running and traceoptions configured e.g. for BGP or MPLS statistics etc., the trace files are not rotating/rolling over as per the configured file size limit and the logs continue to be written to a single file continuously. |
| PR Number | Synopsis | Category:Kernel software for AE/AS/Container |
| 1412215 | On a trunk interface native-vlan-id causes packet drop on EX4300/3400 |
Whenever the native vlan config is done along with flexible-vlan tagging, the changes related native vlan are not taking effect in PFE. |
| PR Number | Synopsis | Category:Juniper Device Manager VM Mgmt and infrastructure function |
| 1463963 | nfx-2 :- JDM is not allowing to spin up VM if VNF name contains with word jdm |
VNF name will be allowed jdm as a substring (case insensitive) but vnf name should not be equal to jdm (case insensitive). In other words, jdm123, abcJDM, abcJDM123 are valid VNF names but jdm, JDM,Jdm, JDm are not valid VNF names |
| PR Number | Synopsis | Category:Flow Module |
| 1417510 | Junos OS: SRX Series: Denial of Service vulnerability in flowd due to multicast packets (CVE-2019-0068) |
The SRX flowd process, responsible for packet forwarding, may crash and restart when processing a specific multicast packet ; Refer to https://kb.juniper.net/JSA10968 for more information. |
| PR Number | Synopsis | Category:Security platform jweb support |
| 1410401 | Junos OS: Session fixation vulnerability in J-Web (CVE-2019-0062) |
A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. Please refer to https://kb.juniper.net/JSA10961 for more information. |
| PR Number | Synopsis | Category:Multiprotocol Label Switching |
| 1427414 | MPLS LSP auto-bandwidth statistics miscalculations might lead to high bandwidth reservation. |
With auto-bandwidth configured for Resource Reservation Protocol (RSVP) Label Switched Path (LSP), when current stats collected are lower than previous values, the current stats is used to calculate rate and the rate can be skewed, hence large bandwidth might be wrongly reserved for the LSP. If there is no sufficient resources (e.g. bandwidth, alternative path) in the network, other LSPs might be torn down, or might not go up. |
| PR Number | Synopsis | Category:Multicast Routing |
| 1468737 | The mcsnoopd crash might be seen if one BD/VLAN is configured as part of EVPN and it has any multicast router interfaces (static/dynamic) |
In all Junos platforms where EVPN SMET is supported, the mcsnoopd process might crash if a snooping enabled BD/VLAN which has mrouter port(s) is configured as part of EVPN as extended VLAN/VNI. |
| PR Number | Synopsis | Category:SW PRs related to Vale Edge (MX10K) development |
| 1451011 | JNP10K-LC2101 FPC generates "Voltage Tolerance Exceeded" major alarm for EACHIP 2V5 sensors |
Alarm "FPC X Voltage Tolerance Exceeded" and got cleared after ~ 20second for FPC model "JNP10K-LC2101". Alarm is raised for EA_chip_2v5 sensors as voltage readings are reported as out of tolerance. The issue is due to incorrect reading of voltage level, there shall be no impact expected from this issue. %DAEMON-4: Alarm set: CB color=RED, class=CHASSIS, reason=FPC 0 Voltage Tolerance Exceeded %DAEMON-4: Receive FX craftd set alarm message: color: 1 class: 100 object: 143 slot: 0 silent: 0 short_reason=FPC 0 Voltage Failure long_reason=FPC 0 Voltage Tolerance Exceeded id=1946157199 reason=1946157056 %DAEMON-4: Major alarm set, FPC 0 Voltage Tolerance Exceeded Following error might be seen in host logs: fpc_volt_read:1183 Volt tolerance failure Address: 0x35 Segment: 0x10 Sensor Name: EA0_2V5 ratio = 0.317200 fpc_volt_read:1183 Volt tolerance failure Address: 0x35 Segment: 0x10 Sensor Name: EA0_2V5 ratio = 0.317200 |
| PR Number | Synopsis | Category:FreeBSD Kernel Infrastructure |
| 1425608 | The kernel crashes when removing mounted USB while a file is being copied to it |
If you pulled out a USB from the system while files are being copied, the kernel will panic and the system will restart. |
| 1439189 | The recovery snapshot cannot be created after system zeroize |
On EX2300/3400 platforms, the recovery snapshot might not be able to be created after a system zeroize. This is due to certain hardware space limitation over time where there is not enough space to save full snapshot. |
| 1442376 | EX2300 platforms might stop forwarding traffic or responding to console |
On EX2300/EX2300-C platforms, if Junos software is with FreeBSD kernel version 11 with the build date on or after 2019-02-12, the switch may stop forwarding traffic or responding to console. Power cycle of switch would recover the issue. |
| 1445151 | The RE might go to amnesiac mode if there is an older os-package package on an upgraded box |
On all Junos platforms, if there is an older os-package package exist on an upgraded device, the RE might go to amnesiac mode after a reboot. The os-package is essential when toggling back and forth between 15.1 release and a later release. |
| 1454950 | mgd error found during Junos 18.4R2.7 boot up and Junos did not work as expect |
PFE sometimes does not come up after system reboot .Timeout is required to handle the fifo tx/rx error. Debug sysctls are been removed. Mutex been added to handle to race condition. |
| 1469400 | Member of virtual chassis might reboot because of lack of watchdog patting |
In virtual-chassis scenario on EX3400, if watchdog pat did not happen within stipulated time, member (master or backup or linecard) of virtual chassis might reboot automatically with "0x2:watchdog" as reboots reason. |
| PR Number | Synopsis | Category:PTP related issues. |
| 1408178 | QFX5k : Transit traffic loss when one of LAG child interfaces deleted or deactivated |
Traffic does not pass through LAG interface on QFX5k once deleted or deactivated one of child interfaces though LAG interface is UP state. At that time, invalid vlan tag will be added to traffic. |
| PR Number | Synopsis | Category:QFX Control Plane Kernel related |
| 1457414 | The PFE process might crash after RE (routing-engine) switchover on QFX10K platforms |
On QFX10K platforms, the PFE process might crash after routing engine (RE) switchover if the device has GRE(Generic Routing Encapsulation) or p2p interface configuration. The issue is due to the internal tokens allocated for GRE or p2p interfaces on master RE are not sent to backup RE. Since these tokens are not available on backup RE, there will be issues post GRES (Graceful Routing Engine Switchover) as the new master will end up creating same tokens as the old master. These tokens are already received by PFE from old master, the PFE will reject the new tokens and may panic. |
| PR Number | Synopsis | Category:QFX platform optics related issues |
| 1430115 | Interface on QFX does not come up after the transceiver is replaced with one having different speed |
On QFX series platforms, interface may not come up when the transceiver is replaced with another transceiver which has different speed. |
| PR Number | Synopsis | Category:Filters |
| 1464352 | The dcpfe might crash when changing the firewall filter on QFX5K platforms |
On QFX5K switches, when a firewall filter term is changed in scale conditions (such as, more than 2500 iRACL--ingress Routing ACL entries), the dcpfe might crash especially in make-before-break scenario. It might cause all interfaces in this FPC down. |
| PR Number | Synopsis | Category:KRT Queue issues within RPD |
| 1406822 | Traffic impact might be seen if auto-bandwidth is configured for RSVP LSPs |
With auto-bandwidth configured for Resource Reservation Protocol (RSVP) Label Switched Path (LSP), when timeout occurs during LSP statistics query, large bandwidth might be wrongly reserved for the LSP. If there is no sufficient resources (e.g. bandwidth, alternative path) in the network, other LSPs might be torn down, or might not go up. |
| PR Number | Synopsis | Category:show route table commands, tracing, and syslog facilities |
| 1442542 | EVENT UpDown interface logs are partially collected in syslog messages |
When multiple interfaces UpDown event happens, a number of interfaces are not logged the event but partial logs are recorded in messages file. |
| PR Number | Synopsis | Category:Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
| 1358019 | Traffic might be blocked on MX with MS-MPC/MS-MIC |
On MX Series platforms with MS-MPC or MS-MIC, if a large sum of similar packets (for example, thousands of packets) are received, because of the flaw in the method to process these packets, data/management path was completely blocked and dead locked. Eventually, traffic might be blocked. |
| PR Number | Synopsis | Category:MX10003/MX204 Platform SW - Chassisd s/w defects |
| 1422679 | The allocation of MAC address may fall out of the MAC address pool on MX204 platform |
On an MX204 platform, the allocation of MAC address for the second PIC in the FPC may fall out of the MAC address pool, which may further cause a MAC conflict in the network. |
| PR Number | Synopsis | Category:SRX-1RU platfom chassisd SW defects |
| 1453154 | The fxp0 interface might redirect unicast packets on SRX4600 platforms |
When the fxp0 interface receives unicast packets(ICMP/TCP/UDP) which destination is NOT itself, the fxp0 interface might process unicast packets and unicast traffic will be dropped on revenue port. |
| PR Number | Synopsis | Category:Junos Automation, Commit/Op/Event and SLAX |
| 1449987 | REST API process will get non-responsive when a number of request coming with a high rate |
When several continuous HTTP requests are received via REST API, the REST service might get non-responsive. |
| PR Number | Synopsis | Category:Configuration management, ffp, load action |
| 1407848 | The "show configuration" and "rollback compare" commands causing high CPU |
If scaled config of interfaces and filters are configured, the CPU usage hits 100% for a few seconds while running "show configuration" or "show system rollback compare " commands. |
| PR Number | Synopsis | Category:Junos Fusion Aggregation Device Platforms |
| 1412781 | Junos fusion / v44 / Incorrect power values for extended optical ports |
On Junos Fusion setup there is no support to read rx power values considering internal calibration. Hence low rx power values are read across satellite node interfaces. This stands addressed through revised SNOS image. SNOS images carrying fix : 3.5R1.4 and 3.2R4.8 Issue would not be seen on JUNOS compatible with these images. |
Security Alerts and Vulnerabilities
Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search