Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

17.3R3-S7: Software Release Notification for JUNOS Software Version 17.3R3-S7

0

0

Article ID: TSB17702 TECHNICAL_BULLETINS Last Updated: 06 Jan 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, VRR, and VMX
Alert Description:
Junos Software Service Release version 17.3R3-S7 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 17.3R3-S7 is now available.

17.3R3-S7 - List of Open issues

PR Number Synopsis Category:QFX Multichassis Link Aggregrate
1454764 Flooding of ARP reply unicast packets for switch VRRP MAC address through every port in VLAN
 
A QFX switch may send out ARP reply unicast packets as a result of an ARP request sent for the device's VRRP MAC address.
PR Number Synopsis Category:Express PFE Services including JTI, TOE, HostPath, Jflow
1423761 The Jflow export might fail when channelization is configured on FPC QFX10000-30C
 
When channelization is configured on FPC QFX10000-30C (ULC-30Q28) while J-Flow (J-Flow v9 or v10) is configured on this board, the J-Flow export might fail. The issue results in loss of sample flow.


17.3R3-S7 - List of Fixed issues

PR Number Synopsis Category:EX4300 Control Plane
1461434 ERP might not revert back to IDLE state after reload/reboot of multiple switches
 
On EX4300 platforms configured with ERP, after multiple devices reboot/restart at the same time, ERP might not revert back to the IDLE state. This issue might be seen in situations where the ERP node-id is not configured manually and after the restart, the default node-id (switch base MAC address) might get reset to 00:00:00:00:00:00, effectively causing multiple devices to have the same node-id.
PR Number Synopsis Category:EX9200 Control Plane
1452738 The l2ald and eventd are hogging 100% after issued "clear ethernet-switching table"
 
The l2ald and eventd processes are hogging 100% after issued "clear ethernet-switching table" and also the continuous syslog errors "l2ald[18605]: L2ALD_IPC_MESSAGE_INVALID: Invalid message received (message type 0, subtype 0): null message" are observed.
PR Number Synopsis Category:DC PFE QoS
1466770 Slow packet drops might be seen on QFX5000 platforms
 
The issue observed on QFX5000 platforms when there are any packets on the port before its buffer configuration is completed after the reboot. This issue is very rare and the window could be just few milli seconds.
PR Number Synopsis Category:QFX Multichassis Link Aggregrate
1465077 The traffic might be forwarded to wrong interfaces in MC-LAG scenario
 
On EX/QFX platforms with MultiChassis Link Aggregation Group (MC-LAG) configured, if the interface media of MC-LAG is changed from MultiProtocol Label Switching (MPLS) to Dense Wavelength Division Multiplexing (DWDM), the traffic might be forwarded to wrong interfaces and get dropped.
PR Number Synopsis Category:QFX Access control list
1379718 Host destined packets with filter log action might not reach to the routing engine if log/syslog is enabled.
 
On EX4300/EX4600/QFX Series switches except for QFX10k, if host destined packets (that is, the destination address belongs to the device) come from the interface with ingress filter of log/syslog action (for example, 'filter <> term <> then log/syslog'), such packets should not be dropped and reach the Routing Engine.
1429543 The traffic with destination UDP port 520 (RIP) or 521 (RIPng) gets dropped on QFX5000/EX4600 platforms
 
On QFX5000/EX4600 platforms, the received traffic will be dropped if the destination UDP port is 520/521 though the device runs pure layer 2 swithcing.
PR Number Synopsis Category:QFX PFE L2
1437577 Physical layer and MAC/ARP learning might not work for copper base SFP-T on QFX5100/QFX5110/EX4600
 
On QFX5100/QFX5110/EX4600 platforms, if copper base SFP-T is used, it might not get up on physical layer and the MAC/ARP learning might not work if it gets up. The PR fixes both layer-1 and layer-2 issues in this scenario.
1453430 In VC scenario traffic drop might be seen when one VC member reboots and rejoins the VC
 
On QFX5K or EX4600 VC (Virtual-Chassis) scenario, when VSTP is enabled and one AE interface is used, if one member reboots and rejoins the VC, some packets drop might be seen.
PR Number Synopsis Category:QFX L3 data-plane/forwarding
1422324 The same traffic flow might be forwarded to different ECMP next-hops on QFX5K platforms
 
On QFX5K platforms, when MPLS traffic with the same inner IP flow (same 5-tuples) landing via different physical ports and MPLS label is terminated on this device, and the inner IP flow will be forwared by ECMP next-hop, the same flow might select different next-hops. The traffic impact will depend on how the egress interfaces are connected to peer devices: 1. If all egress interfaces are connected to a same device, it will not impact traffic. 2. If all egress interfaces are connected to different devices, it might cause asymmetric routing or packets disorder.
PR Number Synopsis Category:Accounting Profile
1452363 The pfed might crash and not be able to come up on the PTX or TVP platforms
 
The flow label statistics are retrieved periodically by pfed for PTX or TVP platforms, if the statistics reply becomes very big number, the pfed might crash hence affecting traffic.
PR Number Synopsis Category:ACX Interfaces IFD, IFL, vlans, and BRCM init
1284590 ACX5k MacDrainTimeOut and bcm_port_update failed: Internal error
 
On ACX5K, the buffer is corrupted on port 0 (*/*/0) and error message MACDRAINTIMEOUT and dcbcm_check_stuck_buffers are observed, which could eventually lead to port 0 (*/*/0) flapping.
1382166 Host bound traffic might be affected and lt interface can go down in ACX
 
Host bound traffic might be affected and lt interface can go down in ACX
1392261 On ACX-Series platforms the 'forwarding-option dhcp-relay forward-only' knob stops working and the DHCP packets are dropped.
 
In the scenario where ACX platforms work as the DHCP-relay, if the knob 'forwarding-option dhcp-relay forward-only' is configured, the DHCP-relay process cannot work normally because the DHCP packets from the server are dropped. It might cause the DHCP client could not get the IP address and service failure.
PR Number Synopsis Category:MPC Fusion SW
1454595 The 100G Interfaces may not come up again after going down on MPC3E-NG
 
On MPC3E-NG cards with 100G interface in use, if the interface detects Loss of Lock (LOL) on the link without Loss of Signal (LOS), the interface will go down and may not come up again after the link is recovered.
PR Number Synopsis Category:BBE database related issues
1396470 The subscriber bindings might not be successful on QFX/EX platforms
 
On QFX/EX Series platforms, the DHCP/PPP subscribers might fail to bind. The reason is that when installing new software images, it shared memory (created by previously running image) might not to be cleared out. The issue will persist until the previous values in shared memory are removed and the daemons affected by the data in shared memory may continue core/crash and thus they will not be able to function properly.
PR Number Synopsis Category:BBE routing
1458369 The subscriber routes are not cleared from backup RE when session is aborted
 
On MX platforms with enhanced subscriber enabled, the subscriber routes might not be cleared from backup RE when session is aborted. The bbe-smgd memory leak might be seen on the backup RE and subscribers could not login after switchover.
PR Number Synopsis Category:Bi Directional Forwarding Detection (BFD)
1420694 The bfdd process might crash on old master RE during GRES
 
On all Junos platforms running with scaled Bidirectional Forwarding Detection (BFD) sessions (e.g. 10K BFD inline sessions at 150ms interval), if the ppmd and bfdd processes are restarted on the master Routing Engine (RE), however, the backup Routing Engine (RE) is not properly synchronized up after the restart, there might be multiple BFD sessions existing for the same address with only one of them up. In such an inconsistent status, if Graceful RE Switchover (GRES) is executed, the bfdd process might crash on the old master RE, and all the BFD sessions might not be able to come up on the new master RE.
PR Number Synopsis Category:Border Gateway Protocol
1351639 The rpd crashes in JunOS 16.1 or higher during BGP convergence
 
In JunOS 16.1 or higher, during BGP convergence, the input/output thread constructing the outgoing BGP PDU and manipulating the path attributes before hand-off the data to the socket. If this PDU length is zero, it will trigger an assertion and routing-protocol demon is restarting.
1366823 Ukern memory leak and core crash in BGP environment
 
Ukern memory leak and fpc core crash might be happened when device configured link-node protection with labeled-bgp.
1371045 TCP sessions might be taken down during RE switchover
 
On MX10K platforms enabled with Graceful Routing Engine Switchover (GRES) and Non Stop Routing (NSR), if the router runs with Transmission Control Protocol (TCP) based routing protocol (e.g. Border Gateway Protocol, BGP), and establishes TCP sessions with the remote peers, the execution of RE switchover might cause few TCP sessions being taken down and re-connected. Due to this issue, the TCP session re-connection will impact the related routing protocol session and therefore impact the traffic. This is a timing issue.
1454198 The rpd scheduler slip for BGP GR might be up to 120s after the peer goes down
 
In BGP GR (graceful-restart) scenario (graceful-restart is configured for BGP or GR-helper mode is enabled by default), when high-scale routes get learnt from one peer, the rpd scheduler slip might be up to 120s after that BGP peer flaps.
1454951 Rpd might crash when multipath is in use
 
If multipath is enabled, in some certain conditions, the rpd core might be seen while secondary route resolution.
PR Number Synopsis Category:MX Platform SW - FRU Management
1358874 The "show chassis fpc" might show "Bad Voltage" for FPC powered off by configuration or CLI command after the command "show chassis environment fpc" is executed
 
When a FPC (or an incompatible one) is powered off by configuration or CLI command and the command "show chassis environment fpc" is issued, the status of the FPC will change to "---Bad Voltage---" under "show chassis fpc".
1375242 SFB and PDM/PSU related information is missing in jnxBoxAnatomy MIB on high end MX Series routers (MX2010/2020).
 
SFB and PDM/PSU related info is missing in jnxBoxAnatomy MIB on high end MX routers (MX2010/2020).
1387130 On MX2000 platforms, backup CB's chassis environment status keeps 'Testing' after backup CB becomes online by removal/insert operation
 
This issue is seen only after backup CB removal/insertion operation. Backup CB normal reboot does not show the same issue. After insertion of backup CB, temperature sensor status bit for the CB is not getting updated. Hence the status always shows up as 'Testing'.
PR Number Synopsis Category:MX Platform SW - Mastership Module
1417966 The BGP session might flap after RE switchover
 
On MX platforms enabled with Graceful Routing Engine Switchover (GRES) and NonStop Routing (NSR), in a rare case, BGP peers might flap after the execution of RE mastership switchover or due to BGP flap in backup routing-engine.
PR Number Synopsis Category:Class of Service
1408817 Traffic drop occurs when deleting MPLS family or disabling interface which has non-default EXP rewrite rules
 
The non-VPN packets might be dropped when deleting family MPLS or disabling interface which has non-default EXP rewrite-rules. This is due to a cos-rewrite mask programming issue in Packet Forwarding Engine (PFE).
PR Number Synopsis Category:L2NG Access Security feature
1451688 DHCP Snooping static binding not take effect after deleting and re-adding the entries
 
From Junos OS release 14.1X53-D15/15.1R1 and above, due to a software defect, DHCP Snooping static binding may not take effect after deleting and re-adding the entries with commit. As a workaround, we can use "commit full" after the configuration changes.
PR Number Synopsis Category:Device Configuration Daemon
1389206 All DPCs might crash while adding or deleting a logical interface from the aggregated Ethernet bundle.
 
On MX240/MX480/MX960 platforms with a scaling number of prefixes (for about 700k prefixes) learned over a logical interface of the Aggregated Ethernet (AE) bundle, if a new logical interface is added or deleted from the AE bundle, the DPCs might get busy with CPU spiking to 100% and ultimately get crash.
PR Number Synopsis Category:Firewall Filter
1419438 The firewall filter configuration change might not be applied after software upgrade to Junos release 16.1R1 or later
 
On all Junos platforms which are upgraded to the release 16.1R1 or above, there is a small chance that the firewall filter compiled objects might not be synchronized between the master and backup Routing Engines (REs), some dfwd error logs might be seen during committing firewall filter configuration change, and no new firewall filter could be applied anymore. It's a timing issue.
1466698 An output bandwidth-percent policer with logical-bandwidth-policer applied to an AE bundle along with an output-traffic-control-profile has incorrect effective policing rate
 
On MX platforms, for an AE bundle of at least two members hosted at two different FPCs, if the AE interface is with CoS output-traffic-control-profile of shaping-rate and with the output filter of policer with logical-bandwidth-policer and bandwidth-percent, the AE interface might have incorrect effective output policing rate.
PR Number Synopsis Category:JUNOS Dynamic Profile Configuration Infrastructure
1188434 UID may not release properly in some scenarious after service session deactivation
 
When same UID objects are used in both inet and inet6 services of the same subscriber session, deactivation the first session cause conditions which avoid releasing UID entry after deactivation second service session. This leads to having stale UID entry and can cause subscriber's connection problem in the future when UID pool would be completely exhausted. The probability of hitting the issue increases if amount subscriber to amount of unique services ratio is aproaching 1 (i.e. when almost every subscriber has a service with unique servie objects).
PR Number Synopsis Category:Ethernet OAM (LFM)
1347250 When in hadrware-assited-pm-mode and pm config is scale, deativate eth-oam can lead to fpc crash
 
When eth-oam is deactivated with scale PM config (under hardware-assited-pm-mode), the FPC can become unstable and can lead to FPC core. Memory leak might also happen on receiving CFM LLM packets without CFM being configured.
PR Number Synopsis Category:EVPN control plane issues
1415450 Traffic drop might be seen due to VXLAN Encapsulation nexthop (VENH) not installed correctly during BGP flapping
 
On EVPN-VXLAN scenario, during BGP flapping, the NH (next-hop) towards a VTEP (Virtual Tunnel End Point) might not be programmed properly, so if the traffic (especially inter-VNI traffic) destination is hashed via this Leaf/VTEP node, traffic loss might be seen. The reason is that due to BGP flap, the 'route delete and route add request to rpd' might get compressed which results in VXLAN DB not getting updated with right unicast NH to stitch it with VENH (VXLAN Encapsulation nexthop). So VENH will not have unicast NH to forward the traffic.
PR Number Synopsis Category:EVPN Layer-2 Forwarding
1396597 A few minutes of traffic loss might be observed during recovery from link failure
 
On EVPN-VXLAN Multi-homing environment, when interface state is changed, a few minutes traffic loss might be observed during recovery from link failure. It happens in this configuration scenario where large (such as, a few hundreds) sub-interface style configurations and ESI are configured in one IFD (Pysical interface), then any change in the IFL (Logical interface) might result in programming all IFLs which share the same ESI, and then multiple updates would be sent to the kernel. At last the l2ald (Layer 2 Address Learning Daemon) would be very busy and it causes a few minutes delay programming of flooding for VTEP interface, and during this period the traffic would be dropped.
PR Number Synopsis Category:Express PFE L2 fwding Features
1446291 On QFX10K platforms removing EVPN-VXLAN L3 Gateway on the IRB interface from spine switches might cause black holing of traffic
 
On QFX10000 platforms and EVPN-VXLAN (spine-leaf) scenario, the QFX10000 spine switches are configured with VXLAN Layer3 gateway (utilizing the virtual-gateway) on an IRB interface, if enabling and then subsequently remove the VXLAN L3 gateway on this IRB interface on one or some of these spine switches, traffic drop might be observed. If all virtual-gateways are configured with an unique v4 or v6 mac-address, this issue would not happen. This is also the workaround.
PR Number Synopsis Category:PTX Express ASIC interface
1418425 Traffic loss could be seen for duration of hold-time down timer when flapping an interface with hold-time down timer configured
 
On PTX with FPC3 installed, traffic loss could be seen for duration of hold-time down timer when flapping an interface with hold-time down timer configured.
PR Number Synopsis Category:Inline NAT PRs for defect & enhancement requests
1446267 The static route for NAT might never come up if switchover the service interface which has NAT and GR configuration
 
On MX platform, when switchover a service interface that has NAT and GR configuration, the static route for NAT might never come up.
PR Number Synopsis Category:Kernel software for AE/AS/Container
1390367 Traffic destined to VRRP VIP gets dropped as filter is not updated to related logical interface
 
On MX platform with enhanced-ip and VRRP configured, if remove/add a child link from AE bundles, traffic destined to VRRP VIP might be dropped.
1459692 In MC-LAG scenario traffic destined to VRRP virtual MAC gets dropped
 
When VRRP (virtual router redundancy protocol) is configured on MC-LAG (multichassis link aggregation groups), traffic destined to VRRP virtual MAC address might get dropped because the virtual MAC is not correctly programmed in PFE (packet forwarding engine).
PR Number Synopsis Category:Optical Transport Interface
1398301 "MIC Error code: 0x1b0002" alarm might not be cleared for MIC on MPC6 when the voltage has returned to normal
 
The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC6.
1467712 "MIC Error code: 0x1b0002" alarm might not be cleared for MIC on MPC5E when the voltage has returned to normal
 
The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC5.
PR Number Synopsis Category:ISIS routing protocol
1419800 A memory leak in rpd might be seen if source packet routing is enabled for IS-IS protocol
 
If source packet routing or segment routing is enabled for IS-IS protocol, a memory leak might happen in the routing protocol process (rpd). The rpd will crash and restart once the rpd runs out of memory.
PR Number Synopsis Category:ISSU related issues for MMx
1408558 The MPC line cards might crash when performing ISSU to Junos OS Release 19.1R1 or later
 
On MX with MPC1/1E/2/2E/3E/4E linecards installed, the MPC might crash when performing ISSU to 19.1R1 or above release.
PR Number Synopsis Category:jdhcpd daemon
1429456 The DHCP DECLINE packets are not forwarded to DHCP server when forward-only is set within dhcp-reply
 
If forward-only is set within dhcp-reply in Juniper device as a DHCP relay agent, the DHCP DECLINE packets which are broadcasted from DHCP client are dropped and not forwarded to DHCP server.
1442222 The jdhcpd process might go into infinite loop and cause 100% CPU usage
 
When DHCP is configured, if subscribers are moved from one routing-instance to another or if the subscribe is deleted and re-added, the jdhcpd process might go into infinite loop and cause 100% CPU usage.
PR Number Synopsis Category:Layer 2 Control Module
1450832 VLAN config change with l2ald restart might cause Kernel sync issues and impact forwarding
 
On all Junos platforms including MX, EX, QFX and SRX devices, VLAN config change with l2ald restart might cause Kernel sync issues and impact forwarding. The "show route forwarding table" may show dead BDs, MACs and the "show vlans extensive" may show the state as destroyed.
1469635 Memory leak on l2cpd process might lead to l2cpd crash
 
On all Junos platforms with l2cpd (Layer-2 control protocols) daemon, committing configuration changes which are processed by l2cpd (e.g., flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, family ethernet-switching) might cause marginally memory leak. Committing the l2cpd processed configuration changes in a successive manner might cause the memory resource exhaustion (Some operations have the same effect as the committing action, e.g., bouncing a vlan-tagged interface in a successive way). Eventually, it could result in the l2cpd process crash.
PR Number Synopsis Category:Label Distribution Protocol
1436119 Traffic loss might be seen after LDP session flaps rapidly
 
On MX/PTX platforms under BGP scenario with LDP is enabled, if the knob "ecmp-fast-reroute"/"protect core" is configured, after the LDP session rapidly flaps and converges without any label change, traffic loss might be seen.
1460292 High CPU usage and rpd coredump might be observed if "ldp track-igp-metric" is configured and IGP metric is changed
 
If "protocols ldp track-igp-metric" is configured, metric change of IGP route might cause high CPU usage and rpd coredump on the device.
PR Number Synopsis Category:Multiprotocol Label Switching
1405033 Scaled MPLS labels might cause slow labels allocation and high CPU utilization
 
On Junos platforms with scaled MPLS labels used, when the system is already running with high load, inefficient labels allocation might cause even higher CPU utilization at 100 percent for hours. The issue might affect traffic.
PR Number Synopsis Category:Track Mt Rainier RE platform software issues
1399654 The unexpected alarm might be shown on NG-RE
 
unexpected alarm might be shown on NG-RE
PR Number Synopsis Category:OS IPv4/ARP/ICMPv4
1372875 kernel and ksyncd core files are generated after dual CB flap at rt_nhfind_params: rt_nhfind() found an nh different from that onmaster 30326.
 
A scaled gnf may dump live kernel cores, as well as a ksysncd core on the BU RE, when recovering from a BSYS reboot (or a disconnection and reattachment of all 4 external control board connections).
PR Number Synopsis Category:"ifstate" infrastructure
1404507 In a very rare situation Router can crash with VMCore when there is a IFL deletion
 
In a very rare situation Router can crash with VMCore when there is a IFL deletion/addition
PR Number Synopsis Category:JUNOS Network App Infrastructure (for ping, traceroute, etc)
1396335 When using ifconfig utility to bring down the PS logical interface, its Admin status is not going down as expected.
 
When ifconfig utility is used to bring down any PS interface IFL ,its Admin status is not going down. This is unexpected behavior for PS IFLs. At the same time, PS IFDs behave correctly when ifconfig utility is used to bring them down.
PR Number Synopsis Category:OSPF routing protocol
1444728 The rpd crash might be seen after configuring OSPF nssa area-range and summaries
 
In the scenario of running OSPF, if nssa area-range and summaries are configured, the rpd crash may occur and traffic may be lost.
PR Number Synopsis Category:Issues related to PKI daemon
1419515 Junos OS: PKI key pairs are exported with insecure file permissions (CVE-2019-0073)
 
The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them.
PR Number Synopsis Category:PTP related issues.
1408178 QFX5k : Transit traffic loss when one of LAG child interfaces deleted or deactivated
 
Traffic does not pass through LAG interface on QFX5k once deleted or deactivated one of child interfaces though LAG interface is UP state. At that time, invalid vlan tag will be added to traffic.
PR Number Synopsis Category:Interface related issues. Port up/down, stats, CMLC , serdes
1399878 SFP-LX10 does not work on QFX5110
 
On QFX5110 platforms, from Junos 17.3 onwards, the interfaces with SFP-LX10 transceivers and auto-negotiation enabled(default configuration) might be down.
1431743 The et interfaces might not come up on QFX10000-60S-6Q
 
On QFX10000-60S-6Q, with Junos 17.2R1-S8 onwards/17.3R3-S5/17.3R3-S6/18.1R3-S5, the et interfaces might not come up.
1440062 The EX4600/QFX5100 VC might not come up after replacing VC port fiber connection with DAC cable
 
On the EX4600/QFX5100 virtual chassis scenario, the VC may split after replacing VC port fiber connection with DAC cable.
1449406 CRC error might be seen on the VCPs of the QFX5100 VC
 
In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC.
1449406 CRC error might be seen on the VCPs of the QFX5100 VC
 
In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC.
PR Number Synopsis Category:QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1466810 EPR iCRC errors in QFX10000 series platforms might cause protocols down
 
EPR iCRC errors in QFX10000 series platforms might cause protocols down. FPC will be in wedged state and will not pass traffic on that PFE if hitting this issue. EPR iCRC errors are normal and caused by transient hardware conditions. EPR iCRC errors are not expected to impact the protocols, and only one CRC failed packet will be dropped. But due to incorrect handling of this error, it affects protocols and causes FPC wedge.
PR Number Synopsis Category:QFX platform optics related issues
1458363 Intermittent LAG interface flaps might be seen on QFX platforms
 
On QFX platforms with Link Aggregation Group (LAG) interface, if periodic "SFP diagnostic" is configured with short interval (e.g. test sfp periodic diagnostic-interval 3), the LAG interfaces might have intermittent flaps and therefore bring service impact due to this issue.
PR Number Synopsis Category:QFX PFE Class of Services
1468033 Ingress drops to be included at CLI from interface statistics and added to InDiscards
 
In QFX5000 platforms, as Ingress buffer drops (InDiscards) field is not presented the output of "show interfaces extensive x-x/x/x". This change added ingress buffer drops counters.
PR Number Synopsis Category:for all ipv6 related issues
1459759 The fxpc process might crash due to several BGP IPV6 session flaps
 
On QFX5100 and EX4600 platforms, the fxpc (packet forwarding engine manager) process might crash when multiple BGP IPV6 sessions (for instance around 500) are flapped and then restored at the same time.
PR Number Synopsis Category:QFX L3 data-plane/forwarding
1377447 Debug log message, "expr_nh_flabel_check_overwrite: Caller nh_id params", classified as Error Log when it should be LOG_INFO.
 
Debug logs are printed as error logs in /var/log/messages. Debug log message, "expr_nh_flabel_check_overwrite: Caller nh_id params", classified as Error Log when it should be LOG_INFO
PR Number Synopsis Category:QFX VC Infrastructure
1465196 A 10G interface might not come up on QFX5100-48T switches or negotiate at speed 1G when connected with Broadcom 57800-T daughter card
 
On QFX5100-48T, the 10G interface might not come up or negotiate at the speed of 1G with Broadcom 10G 57800-T daughter card. In the issue state, speed will be set to 1G which might make the interface down and result in traffic impact.
PR Number Synopsis Category:KRT Queue issues within RPD
1383426 The log of "RPD_KRT_Q_RETRIES: list nexthop ADD: No such file or directory" might be continuously shown after the rpd restart
 
When reading back next-hops from the kernel, the rpd could set an incorrect flag on the next-hop, which could potentially affect next-hop installation for composite next-hops.
PR Number Synopsis Category:RPD Next-hop issues including indirect, CNH, and MCNH
1441550 The rpd may crash or consume 100% of CPU after flapping routes
 
When flapping the existed flood nexthop type routes, it may cause rpd crash or consume 100% of CPU. This issue may cause routing protocols sessions/neighbors flap or traffic loss.
PR Number Synopsis Category:Resource Reservation Protocol
1471281 The rpd crash might be seen after doing some commit operations which could affect RSVP ingress routes
 
On all platforms with BGP PIC configured, if doing some commit operations where RSVP ingress routes are affected, the rpd crash might be seen.
PR Number Synopsis Category:IPSEC functionality on M/MX/T ser
1417170 Some IPsec tunnels might fail to pass traffic after GRES on MX platform
 
On all MX platforms running with IP security (IPsec) scenario, if Graceful Routing Engine Switchover (GRES) is executed, and some IPsec Security Associations (SAs) are going to reach the hard life time expiry just before the GRES, the new master RE might not delete the expired IPsec SA pair entry from the kernel. Due to this issue, some IPsec tunnels might have traffic drop or ping failure after the IPsec SA re-key.
PR Number Synopsis Category:Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1396785 The MS-MPC might core when mspmand receives a non-syn packet of TCP
 
On MX Series platforms and when MS-MPC line card is used, if the ms/ams-interface is not configured and mspmand (Multiservices PIC management daemon) receives a non-synchronized packet of TCP, the MS-MPC might crash due to some NULL pointer issues of the global configuration variable.
1459306 The traffic might be stuck on MS-MPC/MS-MIC with sessions receiving huge number of affinity packets
 
On MX platforms with MS-MPC/MS-MIC, if there are sessions receiving huge number of affinity packets (e.g. thousands of packets), the service interface might be brought down by the prolonged flow-control, and the mspmand process crash might happen. In this case, the traffic will be stuck due to this issue.
PR Number Synopsis Category:SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1446931 NAT service-set in certain scale might fail to get programmed
 
In NAT/stateful-firewall scenario using service PIC on MX platforms, the service-set might fail to get programmed after configuration commit if the configuration scale is in particular range hitting the issue.
PR Number Synopsis Category:MPC7/8/9 chassis issues
1352138 Some unexpected information might be seen for an offline FPC by executing the command of "show chassis environment"
 
On MX204/MX10003, or MX with MPC7E/MPC8E/MPC9E platform, if one FPC/MPC is offline, then execute the command of "show chassis environment" still shows invalid sensor values of the off-lined FPC.
PR Number Synopsis Category:MPC7/8/9 Interface Issues
1440526 CPU might hang or interface might be stuck down on particular 100G port on MX/EX/PTX
 
On MX/EX/PTX, if particular 100G port is used, CPU might hang or interface might be stuck down on the 100G port. This issue may cause traffic disruption in the network.
PR Number Synopsis Category:MX10002 Platform SW - Platform s/w defects
1426120 MPC reboot or RE mastership switchover might occur on MX204/MX10003
 
On MX204/MX10003, if there's high rate of fragmented traffic received on em3 interface, em3 watchdog timeout might occur. It could cause MPC reboot or RE mastership switchover.
1426120 MPC reboot or RE mastership switchover might occur on MX204/MX10003
 
On MX204/MX10003, if there's high rate of fragmented traffic received on em3 interface, em3 watchdog timeout might occur. It could cause MPC reboot or RE mastership switchover.
PR Number Synopsis Category:Trio LU, IX, QX, MQ chip drivers, ucode & related SW
1301924 "cassis_alloc_index_pool_create:" message
 
The logs like "cassis_alloc_index_pool_create: SVC NH 0x00b00000[0] poolsize 0x000fffc0 is not a multiple of blk_sz 0x00001000." The logs are cosmetic, no service impact.
PR Number Synopsis Category:Trio pfe qos software
1357965 When forwarding-class-accounting statement is enabled on an interface, inside of a routing-instance of instance-type vrf, aggregate input forwarding-class statistics do not increment (egress statistics work fine).
 
When forwarding-class-accounting knob is enabled, on an interface, inside of a routing-instance of instance-type vrf, aggregate input forwarding-class statistics do not increment (egress statistics work fine).
PR Number Synopsis Category:Trio pfe bridging, learning, stp, oam, irb software
1467764 The Layer-2 traffic over ae interfaces sent from one member to another is corrupted on MX-VC setup
 
On MX-VC setup with bridge-domains configured, if ae interface is used within bridge-domain, and if the ingress ae and egress ae interface host in different VC members, the Layer-2 traffic over ae sent from one member to another is getting corrupted.
PR Number Synopsis Category:Trio pfe l3 forwarding issues
1354225 Trinity JNH memory leak when adding and removing unicast NH
 
Junos MPC memory leak when adding and removing unicast Next-hops
PR Number Synopsis Category:Trio pfe, vpls, mesh group software
1406807 In a Layer 2 domain, there might be unexpected flooding of unicast traffic at every 32-40 seconds interval towards all local CE-facing interface.
 
In a Layer2 domain (e.g. bridge-domain, VPLS), unexpected flooding of unicast traffic might be seen towards all local CE-facing interface if the FPC on the primary LSP is offline and the backup path PFE starts carrying the traffic.
PR Number Synopsis Category:Junos Automation, Commit/Op/Event and SLAX
1436773 The /var/db/scripts directory might be deleted after executing "request system zeroize"
 
On all platforms which support ZTP (Zero Touch Provisioning), the /var/db/scripts directory might get deleted after executing "request system zeroize", and it won't be recreated automatically.
PR Number Synopsis Category:UI Infrastructure - mgd, DAX API, DDL/ODL
1423229 While commiting huge configuration, customer is seeing the error "error: mustd trace init failed"
 
"error: mustd trace init failed" during configuration commit.
PR Number Synopsis Category:PFE on Satellite Device
1458930 ARP Request packet might be dropped at egress SD when ingress and egress ECID is same
 
On QFX10000 series platform with Junos Fusion scenario - ARP Request packets might be dropped at egress SD. When ARP packet goes to host on one SD and goes over to host connected to same port number on another SD (the ingress and egress ECID is same), traffic between host connected to same port number on ingress and egress SDs might be affected. ARP Request packet might be dropped at egress SD.
Modification History:
First publication date 2020-01-06
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search