Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles17.3R3-S7: Software Release Notification for JUNOS Software Version 17.3R3-S7
Junos Software service Release version 17.3R3-S7 is now available.
| PR Number | Synopsis | Category:QFX Multichassis Link Aggregrate |
|---|---|---|
| 1454764 | Flooding of ARP reply unicast packets for switch VRRP MAC address through every port in VLAN |
A QFX switch may send out ARP reply unicast packets as a result of an ARP request sent for the device's VRRP MAC address. |
| PR Number | Synopsis | Category:Express PFE Services including JTI, TOE, HostPath, Jflow |
| 1423761 | The Jflow export might fail when channelization is configured on FPC QFX10000-30C |
When channelization is configured on FPC QFX10000-30C (ULC-30Q28) while J-Flow (J-Flow v9 or v10) is configured on this board, the J-Flow export might fail. The issue results in loss of sample flow. |
| PR Number | Synopsis | Category:EX4300 Control Plane |
|---|---|---|
| 1461434 | ERP might not revert back to IDLE state after reload/reboot of multiple switches |
On EX4300 platforms configured with ERP, after multiple devices reboot/restart at the same time, ERP might not revert back to the IDLE state. This issue might be seen in situations where the ERP node-id is not configured manually and after the restart, the default node-id (switch base MAC address) might get reset to 00:00:00:00:00:00, effectively causing multiple devices to have the same node-id. |
| PR Number | Synopsis | Category:EX9200 Control Plane |
| 1452738 | The l2ald and eventd are hogging 100% after issued "clear ethernet-switching table" |
The l2ald and eventd processes are hogging 100% after issued "clear ethernet-switching table" and also the continuous syslog errors "l2ald[18605]: L2ALD_IPC_MESSAGE_INVALID: Invalid message received (message type 0, subtype 0): null message" are observed. |
| PR Number | Synopsis | Category:DC PFE QoS |
| 1466770 | Slow packet drops might be seen on QFX5000 platforms |
The issue observed on QFX5000 platforms when there are any packets on the port before its buffer configuration is completed after the reboot. This issue is very rare and the window could be just few milli seconds. |
| PR Number | Synopsis | Category:QFX Multichassis Link Aggregrate |
| 1465077 | The traffic might be forwarded to wrong interfaces in MC-LAG scenario |
On EX/QFX platforms with MultiChassis Link Aggregation Group (MC-LAG) configured, if the interface media of MC-LAG is changed from MultiProtocol Label Switching (MPLS) to Dense Wavelength Division Multiplexing (DWDM), the traffic might be forwarded to wrong interfaces and get dropped. |
| PR Number | Synopsis | Category:QFX Access control list |
| 1379718 | Host destined packets with filter log action might not reach to the routing engine if log/syslog is enabled. |
On EX4300/EX4600/QFX Series switches except for QFX10k, if host destined packets (that is, the destination address belongs to the device) come from the interface with ingress filter of log/syslog action (for example, 'filter <> term <> then log/syslog'), such packets should not be dropped and reach the Routing Engine. |
| 1429543 | The traffic with destination UDP port 520 (RIP) or 521 (RIPng) gets dropped on QFX5000/EX4600 platforms |
On QFX5000/EX4600 platforms, the received traffic will be dropped if the destination UDP port is 520/521 though the device runs pure layer 2 swithcing. |
| PR Number | Synopsis | Category:QFX PFE L2 |
| 1437577 | Physical layer and MAC/ARP learning might not work for copper base SFP-T on QFX5100/QFX5110/EX4600 |
On QFX5100/QFX5110/EX4600 platforms, if copper base SFP-T is used, it might not get up on physical layer and the MAC/ARP learning might not work if it gets up. The PR fixes both layer-1 and layer-2 issues in this scenario. |
| 1453430 | In VC scenario traffic drop might be seen when one VC member reboots and rejoins the VC |
On QFX5K or EX4600 VC (Virtual-Chassis) scenario, when VSTP is enabled and one AE interface is used, if one member reboots and rejoins the VC, some packets drop might be seen. |
| PR Number | Synopsis | Category:QFX L3 data-plane/forwarding |
| 1422324 | The same traffic flow might be forwarded to different ECMP next-hops on QFX5K platforms |
On QFX5K platforms, when MPLS traffic with the same inner IP flow (same 5-tuples) landing via different physical ports and MPLS label is terminated on this device, and the inner IP flow will be forwared by ECMP next-hop, the same flow might select different next-hops. The traffic impact will depend on how the egress interfaces are connected to peer devices: 1. If all egress interfaces are connected to a same device, it will not impact traffic. 2. If all egress interfaces are connected to different devices, it might cause asymmetric routing or packets disorder. |
| PR Number | Synopsis | Category:Accounting Profile |
| 1452363 | The pfed might crash and not be able to come up on the PTX or TVP platforms |
The flow label statistics are retrieved periodically by pfed for PTX or TVP platforms, if the statistics reply becomes very big number, the pfed might crash hence affecting traffic. |
| PR Number | Synopsis | Category:ACX Interfaces IFD, IFL, vlans, and BRCM init |
| 1284590 | ACX5k MacDrainTimeOut and bcm_port_update failed: Internal error |
On ACX5K, the buffer is corrupted on port 0 (*/*/0) and error message MACDRAINTIMEOUT and dcbcm_check_stuck_buffers are observed, which could eventually lead to port 0 (*/*/0) flapping. |
| 1382166 | Host bound traffic might be affected and lt interface can go down in ACX |
Host bound traffic might be affected and lt interface can go down in ACX |
| 1392261 | On ACX-Series platforms the 'forwarding-option dhcp-relay forward-only' knob stops working and the DHCP packets are dropped. |
In the scenario where ACX platforms work as the DHCP-relay, if the knob 'forwarding-option dhcp-relay forward-only' is configured, the DHCP-relay process cannot work normally because the DHCP packets from the server are dropped. It might cause the DHCP client could not get the IP address and service failure. |
| PR Number | Synopsis | Category:MPC Fusion SW |
| 1454595 | The 100G Interfaces may not come up again after going down on MPC3E-NG |
On MPC3E-NG cards with 100G interface in use, if the interface detects Loss of Lock (LOL) on the link without Loss of Signal (LOS), the interface will go down and may not come up again after the link is recovered. |
| PR Number | Synopsis | Category:BBE database related issues |
| 1396470 | The subscriber bindings might not be successful on QFX/EX platforms |
On QFX/EX Series platforms, the DHCP/PPP subscribers might fail to bind. The reason is that when installing new software images, it shared memory (created by previously running image) might not to be cleared out. The issue will persist until the previous values in shared memory are removed and the daemons affected by the data in shared memory may continue core/crash and thus they will not be able to function properly. |
| PR Number | Synopsis | Category:BBE routing |
| 1458369 | The subscriber routes are not cleared from backup RE when session is aborted |
On MX platforms with enhanced subscriber enabled, the subscriber routes might not be cleared from backup RE when session is aborted. The bbe-smgd memory leak might be seen on the backup RE and subscribers could not login after switchover. |
| PR Number | Synopsis | Category:Bi Directional Forwarding Detection (BFD) |
| 1420694 | The bfdd process might crash on old master RE during GRES |
On all Junos platforms running with scaled Bidirectional Forwarding Detection (BFD) sessions (e.g. 10K BFD inline sessions at 150ms interval), if the ppmd and bfdd processes are restarted on the master Routing Engine (RE), however, the backup Routing Engine (RE) is not properly synchronized up after the restart, there might be multiple BFD sessions existing for the same address with only one of them up. In such an inconsistent status, if Graceful RE Switchover (GRES) is executed, the bfdd process might crash on the old master RE, and all the BFD sessions might not be able to come up on the new master RE. |
| PR Number | Synopsis | Category:Border Gateway Protocol |
| 1351639 | The rpd crashes in JunOS 16.1 or higher during BGP convergence |
In JunOS 16.1 or higher, during BGP convergence, the input/output thread constructing the outgoing BGP PDU and manipulating the path attributes before hand-off the data to the socket. If this PDU length is zero, it will trigger an assertion and routing-protocol demon is restarting. |
| 1366823 | Ukern memory leak and core crash in BGP environment |
Ukern memory leak and fpc core crash might be happened when device configured link-node protection with labeled-bgp. |
| 1371045 | TCP sessions might be taken down during RE switchover |
On MX10K platforms enabled with Graceful Routing Engine Switchover (GRES) and Non Stop Routing (NSR), if the router runs with Transmission Control Protocol (TCP) based routing protocol (e.g. Border Gateway Protocol, BGP), and establishes TCP sessions with the remote peers, the execution of RE switchover might cause few TCP sessions being taken down and re-connected. Due to this issue, the TCP session re-connection will impact the related routing protocol session and therefore impact the traffic. This is a timing issue. |
| 1454198 | The rpd scheduler slip for BGP GR might be up to 120s after the peer goes down |
In BGP GR (graceful-restart) scenario (graceful-restart is configured for BGP or GR-helper mode is enabled by default), when high-scale routes get learnt from one peer, the rpd scheduler slip might be up to 120s after that BGP peer flaps. |
| 1454951 | Rpd might crash when multipath is in use |
If multipath is enabled, in some certain conditions, the rpd core might be seen while secondary route resolution. |
| PR Number | Synopsis | Category:MX Platform SW - FRU Management |
| 1358874 | The "show chassis fpc" might show "Bad Voltage" for FPC powered off by configuration or CLI command after the command "show chassis environment fpc" is executed |
When a FPC (or an incompatible one) is powered off by configuration or CLI command and the command "show chassis environment fpc" is issued, the status of the FPC will change to "---Bad Voltage---" under "show chassis fpc". |
| 1375242 | SFB and PDM/PSU related information is missing in jnxBoxAnatomy MIB on high end MX Series routers (MX2010/2020). |
SFB and PDM/PSU related info is missing in jnxBoxAnatomy MIB on high end MX routers (MX2010/2020). |
| 1387130 | On MX2000 platforms, backup CB's chassis environment status keeps 'Testing' after backup CB becomes online by removal/insert operation |
This issue is seen only after backup CB removal/insertion operation. Backup CB normal reboot does not show the same issue. After insertion of backup CB, temperature sensor status bit for the CB is not getting updated. Hence the status always shows up as 'Testing'. |
| PR Number | Synopsis | Category:MX Platform SW - Mastership Module |
| 1417966 | The BGP session might flap after RE switchover |
On MX platforms enabled with Graceful Routing Engine Switchover (GRES) and NonStop Routing (NSR), in a rare case, BGP peers might flap after the execution of RE mastership switchover or due to BGP flap in backup routing-engine. |
| PR Number | Synopsis | Category:Class of Service |
| 1408817 | Traffic drop occurs when deleting MPLS family or disabling interface which has non-default EXP rewrite rules |
The non-VPN packets might be dropped when deleting family MPLS or disabling interface which has non-default EXP rewrite-rules. This is due to a cos-rewrite mask programming issue in Packet Forwarding Engine (PFE). |
| PR Number | Synopsis | Category:L2NG Access Security feature |
| 1451688 | DHCP Snooping static binding not take effect after deleting and re-adding the entries |
From Junos OS release 14.1X53-D15/15.1R1 and above, due to a software defect, DHCP Snooping static binding may not take effect after deleting and re-adding the entries with commit. As a workaround, we can use "commit full" after the configuration changes. |
| PR Number | Synopsis | Category:Device Configuration Daemon |
| 1389206 | All DPCs might crash while adding or deleting a logical interface from the aggregated Ethernet bundle. |
On MX240/MX480/MX960 platforms with a scaling number of prefixes (for about 700k prefixes) learned over a logical interface of the Aggregated Ethernet (AE) bundle, if a new logical interface is added or deleted from the AE bundle, the DPCs might get busy with CPU spiking to 100% and ultimately get crash. |
| PR Number | Synopsis | Category:Firewall Filter |
| 1419438 | The firewall filter configuration change might not be applied after software upgrade to Junos release 16.1R1 or later |
On all Junos platforms which are upgraded to the release 16.1R1 or above, there is a small chance that the firewall filter compiled objects might not be synchronized between the master and backup Routing Engines (REs), some dfwd error logs might be seen during committing firewall filter configuration change, and no new firewall filter could be applied anymore. It's a timing issue. |
| 1466698 | An output bandwidth-percent policer with logical-bandwidth-policer applied to an AE bundle along with an output-traffic-control-profile has incorrect effective policing rate |
On MX platforms, for an AE bundle of at least two members hosted at two different FPCs, if the AE interface is with CoS output-traffic-control-profile of shaping-rate and with the output filter of policer with logical-bandwidth-policer and bandwidth-percent, the AE interface might have incorrect effective output policing rate. |
| PR Number | Synopsis | Category:JUNOS Dynamic Profile Configuration Infrastructure |
| 1188434 | UID may not release properly in some scenarious after service session deactivation |
When same UID objects are used in both inet and inet6 services of the same subscriber session, deactivation the first session cause conditions which avoid releasing UID entry after deactivation second service session. This leads to having stale UID entry and can cause subscriber's connection problem in the future when UID pool would be completely exhausted. The probability of hitting the issue increases if amount subscriber to amount of unique services ratio is aproaching 1 (i.e. when almost every subscriber has a service with unique servie objects). |
| PR Number | Synopsis | Category:Ethernet OAM (LFM) |
| 1347250 | When in hadrware-assited-pm-mode and pm config is scale, deativate eth-oam can lead to fpc crash |
When eth-oam is deactivated with scale PM config (under hardware-assited-pm-mode), the FPC can become unstable and can lead to FPC core. Memory leak might also happen on receiving CFM LLM packets without CFM being configured. |
| PR Number | Synopsis | Category:EVPN control plane issues |
| 1415450 | Traffic drop might be seen due to VXLAN Encapsulation nexthop (VENH) not installed correctly during BGP flapping |
On EVPN-VXLAN scenario, during BGP flapping, the NH (next-hop) towards a VTEP (Virtual Tunnel End Point) might not be programmed properly, so if the traffic (especially inter-VNI traffic) destination is hashed via this Leaf/VTEP node, traffic loss might be seen. The reason is that due to BGP flap, the 'route delete and route add request to rpd' might get compressed which results in VXLAN DB not getting updated with right unicast NH to stitch it with VENH (VXLAN Encapsulation nexthop). So VENH will not have unicast NH to forward the traffic. |
| PR Number | Synopsis | Category:EVPN Layer-2 Forwarding |
| 1396597 | A few minutes of traffic loss might be observed during recovery from link failure |
On EVPN-VXLAN Multi-homing environment, when interface state is changed, a few minutes traffic loss might be observed during recovery from link failure. It happens in this configuration scenario where large (such as, a few hundreds) sub-interface style configurations and ESI are configured in one IFD (Pysical interface), then any change in the IFL (Logical interface) might result in programming all IFLs which share the same ESI, and then multiple updates would be sent to the kernel. At last the l2ald (Layer 2 Address Learning Daemon) would be very busy and it causes a few minutes delay programming of flooding for VTEP interface, and during this period the traffic would be dropped. |
| PR Number | Synopsis | Category:Express PFE L2 fwding Features |
| 1446291 | On QFX10K platforms removing EVPN-VXLAN L3 Gateway on the IRB interface from spine switches might cause black holing of traffic |
On QFX10000 platforms and EVPN-VXLAN (spine-leaf) scenario, the QFX10000 spine switches are configured with VXLAN Layer3 gateway (utilizing the virtual-gateway) on an IRB interface, if enabling and then subsequently remove the VXLAN L3 gateway on this IRB interface on one or some of these spine switches, traffic drop might be observed. If all virtual-gateways are configured with an unique v4 or v6 mac-address, this issue would not happen. This is also the workaround. |
| PR Number | Synopsis | Category:PTX Express ASIC interface |
| 1418425 | Traffic loss could be seen for duration of hold-time down timer when flapping an interface with hold-time down timer configured |
On PTX with FPC3 installed, traffic loss could be seen for duration of hold-time down timer when flapping an interface with hold-time down timer configured. |
| PR Number | Synopsis | Category:Inline NAT PRs for defect & enhancement requests |
| 1446267 | The static route for NAT might never come up if switchover the service interface which has NAT and GR configuration |
On MX platform, when switchover a service interface that has NAT and GR configuration, the static route for NAT might never come up. |
| PR Number | Synopsis | Category:Kernel software for AE/AS/Container |
| 1390367 | Traffic destined to VRRP VIP gets dropped as filter is not updated to related logical interface |
On MX platform with enhanced-ip and VRRP configured, if remove/add a child link from AE bundles, traffic destined to VRRP VIP might be dropped. |
| 1459692 | In MC-LAG scenario traffic destined to VRRP virtual MAC gets dropped |
When VRRP (virtual router redundancy protocol) is configured on MC-LAG (multichassis link aggregation groups), traffic destined to VRRP virtual MAC address might get dropped because the virtual MAC is not correctly programmed in PFE (packet forwarding engine). |
| PR Number | Synopsis | Category:Optical Transport Interface |
| 1398301 | "MIC Error code: 0x1b0002" alarm might not be cleared for MIC on MPC6 when the voltage has returned to normal |
The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC6. |
| 1467712 | "MIC Error code: 0x1b0002" alarm might not be cleared for MIC on MPC5E when the voltage has returned to normal |
The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC5. |
| PR Number | Synopsis | Category:ISIS routing protocol |
| 1419800 | A memory leak in rpd might be seen if source packet routing is enabled for IS-IS protocol |
If source packet routing or segment routing is enabled for IS-IS protocol, a memory leak might happen in the routing protocol process (rpd). The rpd will crash and restart once the rpd runs out of memory. |
| PR Number | Synopsis | Category:ISSU related issues for MMx |
| 1408558 | The MPC line cards might crash when performing ISSU to Junos OS Release 19.1R1 or later |
On MX with MPC1/1E/2/2E/3E/4E linecards installed, the MPC might crash when performing ISSU to 19.1R1 or above release. |
| PR Number | Synopsis | Category:jdhcpd daemon |
| 1429456 | The DHCP DECLINE packets are not forwarded to DHCP server when forward-only is set within dhcp-reply |
If forward-only is set within dhcp-reply in Juniper device as a DHCP relay agent, the DHCP DECLINE packets which are broadcasted from DHCP client are dropped and not forwarded to DHCP server. |
| 1442222 | The jdhcpd process might go into infinite loop and cause 100% CPU usage |
When DHCP is configured, if subscribers are moved from one routing-instance to another or if the subscribe is deleted and re-added, the jdhcpd process might go into infinite loop and cause 100% CPU usage. |
| PR Number | Synopsis | Category:Layer 2 Control Module |
| 1450832 | VLAN config change with l2ald restart might cause Kernel sync issues and impact forwarding |
On all Junos platforms including MX, EX, QFX and SRX devices, VLAN config change with l2ald restart might cause Kernel sync issues and impact forwarding. The "show route forwarding table" may show dead BDs, MACs and the "show vlans extensive" may show the state as destroyed. |
| 1469635 | Memory leak on l2cpd process might lead to l2cpd crash |
On all Junos platforms with l2cpd (Layer-2 control protocols) daemon, committing configuration changes which are processed by l2cpd (e.g., flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, family ethernet-switching) might cause marginally memory leak. Committing the l2cpd processed configuration changes in a successive manner might cause the memory resource exhaustion (Some operations have the same effect as the committing action, e.g., bouncing a vlan-tagged interface in a successive way). Eventually, it could result in the l2cpd process crash. |
| PR Number | Synopsis | Category:Label Distribution Protocol |
| 1436119 | Traffic loss might be seen after LDP session flaps rapidly |
On MX/PTX platforms under BGP scenario with LDP is enabled, if the knob "ecmp-fast-reroute"/"protect core" is configured, after the LDP session rapidly flaps and converges without any label change, traffic loss might be seen. |
| 1460292 | High CPU usage and rpd coredump might be observed if "ldp track-igp-metric" is configured and IGP metric is changed |
If "protocols ldp track-igp-metric" is configured, metric change of IGP route might cause high CPU usage and rpd coredump on the device. |
| PR Number | Synopsis | Category:Multiprotocol Label Switching |
| 1405033 | Scaled MPLS labels might cause slow labels allocation and high CPU utilization |
On Junos platforms with scaled MPLS labels used, when the system is already running with high load, inefficient labels allocation might cause even higher CPU utilization at 100 percent for hours. The issue might affect traffic. |
| PR Number | Synopsis | Category:Track Mt Rainier RE platform software issues |
| 1399654 | The unexpected alarm might be shown on NG-RE |
unexpected alarm might be shown on NG-RE |
| PR Number | Synopsis | Category:OS IPv4/ARP/ICMPv4 |
| 1372875 | kernel and ksyncd core files are generated after dual CB flap at rt_nhfind_params: rt_nhfind() found an nh different from that onmaster 30326. |
A scaled gnf may dump live kernel cores, as well as a ksysncd core on the BU RE, when recovering from a BSYS reboot (or a disconnection and reattachment of all 4 external control board connections). |
| PR Number | Synopsis | Category:"ifstate" infrastructure |
| 1404507 | In a very rare situation Router can crash with VMCore when there is a IFL deletion |
In a very rare situation Router can crash with VMCore when there is a IFL deletion/addition |
| PR Number | Synopsis | Category:JUNOS Network App Infrastructure (for ping, traceroute, etc) |
| 1396335 | When using ifconfig utility to bring down the PS logical interface, its Admin status is not going down as expected. |
When ifconfig utility is used to bring down any PS interface IFL ,its Admin status is not going down. This is unexpected behavior for PS IFLs. At the same time, PS IFDs behave correctly when ifconfig utility is used to bring them down. |
| PR Number | Synopsis | Category:OSPF routing protocol |
| 1444728 | The rpd crash might be seen after configuring OSPF nssa area-range and summaries |
In the scenario of running OSPF, if nssa area-range and summaries are configured, the rpd crash may occur and traffic may be lost. |
| PR Number | Synopsis | Category:Issues related to PKI daemon |
| 1419515 | Junos OS: PKI key pairs are exported with insecure file permissions (CVE-2019-0073) |
The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. |
| PR Number | Synopsis | Category:PTP related issues. |
| 1408178 | QFX5k : Transit traffic loss when one of LAG child interfaces deleted or deactivated |
Traffic does not pass through LAG interface on QFX5k once deleted or deactivated one of child interfaces though LAG interface is UP state. At that time, invalid vlan tag will be added to traffic. |
| PR Number | Synopsis | Category:Interface related issues. Port up/down, stats, CMLC , serdes |
| 1399878 | SFP-LX10 does not work on QFX5110 |
On QFX5110 platforms, from Junos 17.3 onwards, the interfaces with SFP-LX10 transceivers and auto-negotiation enabled(default configuration) might be down. |
| 1431743 | The et interfaces might not come up on QFX10000-60S-6Q |
On QFX10000-60S-6Q, with Junos 17.2R1-S8 onwards/17.3R3-S5/17.3R3-S6/18.1R3-S5, the et interfaces might not come up. |
| 1440062 | The EX4600/QFX5100 VC might not come up after replacing VC port fiber connection with DAC cable |
On the EX4600/QFX5100 virtual chassis scenario, the VC may split after replacing VC port fiber connection with DAC cable. |
| 1449406 | CRC error might be seen on the VCPs of the QFX5100 VC |
In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC. |
| 1449406 | CRC error might be seen on the VCPs of the QFX5100 VC |
In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC. |
| PR Number | Synopsis | Category:QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
| 1466810 | EPR iCRC errors in QFX10000 series platforms might cause protocols down |
EPR iCRC errors in QFX10000 series platforms might cause protocols down. FPC will be in wedged state and will not pass traffic on that PFE if hitting this issue. EPR iCRC errors are normal and caused by transient hardware conditions. EPR iCRC errors are not expected to impact the protocols, and only one CRC failed packet will be dropped. But due to incorrect handling of this error, it affects protocols and causes FPC wedge. |
| PR Number | Synopsis | Category:QFX platform optics related issues |
| 1458363 | Intermittent LAG interface flaps might be seen on QFX platforms |
On QFX platforms with Link Aggregation Group (LAG) interface, if periodic "SFP diagnostic" is configured with short interval (e.g. test sfp periodic diagnostic-interval 3), the LAG interfaces might have intermittent flaps and therefore bring service impact due to this issue. |
| PR Number | Synopsis | Category:QFX PFE Class of Services |
| 1468033 | Ingress drops to be included at CLI from interface statistics and added to InDiscards |
In QFX5000 platforms, as Ingress buffer drops (InDiscards) field is not presented the output of "show interfaces extensive x-x/x/x". This change added ingress buffer drops counters. |
| PR Number | Synopsis | Category:for all ipv6 related issues |
| 1459759 | The fxpc process might crash due to several BGP IPV6 session flaps |
On QFX5100 and EX4600 platforms, the fxpc (packet forwarding engine manager) process might crash when multiple BGP IPV6 sessions (for instance around 500) are flapped and then restored at the same time. |
| PR Number | Synopsis | Category:QFX L3 data-plane/forwarding |
| 1377447 | Debug log message, "expr_nh_flabel_check_overwrite: Caller nh_id params", classified as Error Log when it should be LOG_INFO. |
Debug logs are printed as error logs in /var/log/messages. Debug log message, "expr_nh_flabel_check_overwrite: Caller nh_id params", classified as Error Log when it should be LOG_INFO |
| PR Number | Synopsis | Category:QFX VC Infrastructure |
| 1465196 | A 10G interface might not come up on QFX5100-48T switches or negotiate at speed 1G when connected with Broadcom 57800-T daughter card |
On QFX5100-48T, the 10G interface might not come up or negotiate at the speed of 1G with Broadcom 10G 57800-T daughter card. In the issue state, speed will be set to 1G which might make the interface down and result in traffic impact. |
| PR Number | Synopsis | Category:KRT Queue issues within RPD |
| 1383426 | The log of "RPD_KRT_Q_RETRIES: list nexthop ADD: No such file or directory" might be continuously shown after the rpd restart |
When reading back next-hops from the kernel, the rpd could set an incorrect flag on the next-hop, which could potentially affect next-hop installation for composite next-hops. |
| PR Number | Synopsis | Category:RPD Next-hop issues including indirect, CNH, and MCNH |
| 1441550 | The rpd may crash or consume 100% of CPU after flapping routes |
When flapping the existed flood nexthop type routes, it may cause rpd crash or consume 100% of CPU. This issue may cause routing protocols sessions/neighbors flap or traffic loss. |
| PR Number | Synopsis | Category:Resource Reservation Protocol |
| 1471281 | The rpd crash might be seen after doing some commit operations which could affect RSVP ingress routes |
On all platforms with BGP PIC configured, if doing some commit operations where RSVP ingress routes are affected, the rpd crash might be seen. |
| PR Number | Synopsis | Category:IPSEC functionality on M/MX/T ser |
| 1417170 | Some IPsec tunnels might fail to pass traffic after GRES on MX platform |
On all MX platforms running with IP security (IPsec) scenario, if Graceful Routing Engine Switchover (GRES) is executed, and some IPsec Security Associations (SAs) are going to reach the hard life time expiry just before the GRES, the new master RE might not delete the expired IPsec SA pair entry from the kernel. Due to this issue, some IPsec tunnels might have traffic drop or ping failure after the IPsec SA re-key. |
| PR Number | Synopsis | Category:Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
| 1396785 | The MS-MPC might core when mspmand receives a non-syn packet of TCP |
On MX Series platforms and when MS-MPC line card is used, if the ms/ams-interface is not configured and mspmand (Multiservices PIC management daemon) receives a non-synchronized packet of TCP, the MS-MPC might crash due to some NULL pointer issues of the global configuration variable. |
| 1459306 | The traffic might be stuck on MS-MPC/MS-MIC with sessions receiving huge number of affinity packets |
On MX platforms with MS-MPC/MS-MIC, if there are sessions receiving huge number of affinity packets (e.g. thousands of packets), the service interface might be brought down by the prolonged flow-control, and the mspmand process crash might happen. In this case, the traffic will be stuck due to this issue. |
| PR Number | Synopsis | Category:SFW, CGNAT on MS-MIC/MS-MPC (XLP) |
| 1446931 | NAT service-set in certain scale might fail to get programmed |
In NAT/stateful-firewall scenario using service PIC on MX platforms, the service-set might fail to get programmed after configuration commit if the configuration scale is in particular range hitting the issue. |
| PR Number | Synopsis | Category:MPC7/8/9 chassis issues |
| 1352138 | Some unexpected information might be seen for an offline FPC by executing the command of "show chassis environment" |
On MX204/MX10003, or MX with MPC7E/MPC8E/MPC9E platform, if one FPC/MPC is offline, then execute the command of "show chassis environment" still shows invalid sensor values of the off-lined FPC. |
| PR Number | Synopsis | Category:MPC7/8/9 Interface Issues |
| 1440526 | CPU might hang or interface might be stuck down on particular 100G port on MX/EX/PTX |
On MX/EX/PTX, if particular 100G port is used, CPU might hang or interface might be stuck down on the 100G port. This issue may cause traffic disruption in the network. |
| PR Number | Synopsis | Category:MX10002 Platform SW - Platform s/w defects |
| 1426120 | MPC reboot or RE mastership switchover might occur on MX204/MX10003 |
On MX204/MX10003, if there's high rate of fragmented traffic received on em3 interface, em3 watchdog timeout might occur. It could cause MPC reboot or RE mastership switchover. |
| 1426120 | MPC reboot or RE mastership switchover might occur on MX204/MX10003 |
On MX204/MX10003, if there's high rate of fragmented traffic received on em3 interface, em3 watchdog timeout might occur. It could cause MPC reboot or RE mastership switchover. |
| PR Number | Synopsis | Category:Trio LU, IX, QX, MQ chip drivers, ucode & related SW |
| 1301924 | "cassis_alloc_index_pool_create:" message |
The logs like "cassis_alloc_index_pool_create: SVC NH 0x00b00000[0] poolsize 0x000fffc0 is not a multiple of blk_sz 0x00001000." The logs are cosmetic, no service impact. |
| PR Number | Synopsis | Category:Trio pfe qos software |
| 1357965 | When forwarding-class-accounting statement is enabled on an interface, inside of a routing-instance of instance-type vrf, aggregate input forwarding-class statistics do not increment (egress statistics work fine). |
When forwarding-class-accounting knob is enabled, on an interface, inside of a routing-instance of instance-type vrf, aggregate input forwarding-class statistics do not increment (egress statistics work fine). |
| PR Number | Synopsis | Category:Trio pfe bridging, learning, stp, oam, irb software |
| 1467764 | The Layer-2 traffic over ae interfaces sent from one member to another is corrupted on MX-VC setup |
On MX-VC setup with bridge-domains configured, if ae interface is used within bridge-domain, and if the ingress ae and egress ae interface host in different VC members, the Layer-2 traffic over ae sent from one member to another is getting corrupted. |
| PR Number | Synopsis | Category:Trio pfe l3 forwarding issues |
| 1354225 | Trinity JNH memory leak when adding and removing unicast NH |
Junos MPC memory leak when adding and removing unicast Next-hops |
| PR Number | Synopsis | Category:Trio pfe, vpls, mesh group software |
| 1406807 | In a Layer 2 domain, there might be unexpected flooding of unicast traffic at every 32-40 seconds interval towards all local CE-facing interface. |
In a Layer2 domain (e.g. bridge-domain, VPLS), unexpected flooding of unicast traffic might be seen towards all local CE-facing interface if the FPC on the primary LSP is offline and the backup path PFE starts carrying the traffic. |
| PR Number | Synopsis | Category:Junos Automation, Commit/Op/Event and SLAX |
| 1436773 | The /var/db/scripts directory might be deleted after executing "request system zeroize" |
On all platforms which support ZTP (Zero Touch Provisioning), the /var/db/scripts directory might get deleted after executing "request system zeroize", and it won't be recreated automatically. |
| PR Number | Synopsis | Category:UI Infrastructure - mgd, DAX API, DDL/ODL |
| 1423229 | While commiting huge configuration, customer is seeing the error "error: mustd trace init failed" |
"error: mustd trace init failed" during configuration commit. |
| PR Number | Synopsis | Category:PFE on Satellite Device |
| 1458930 | ARP Request packet might be dropped at egress SD when ingress and egress ECID is same |
On QFX10000 series platform with Junos Fusion scenario - ARP Request packets might be dropped at egress SD. When ARP packet goes to host on one SD and goes over to host connected to same port number on another SD (the ingress and egress ECID is same), traffic between host connected to same port number on ingress and egress SDs might be affected. ARP Request packet might be dropped at egress SD. |
Security Alerts and Vulnerabilities
Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search