Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles18.4R2-S3: Software Release Notification for JUNOS Software Version 18.4R2-S3
Junos Software service Release version 18.4R2-S3 is now available.
PR Number | Synopsis | Category: EX4300 PFE |
---|---|---|
1427866 | IPv6 traffic might be dropped when static /64 Ipv6 routes are configured Product-Group=junos |
On EX4300, when static /64 IPv6 route is configured and points to the interface where uRPF is configured, IPv6 packets which match the routes might be dropped. |
PR Number | Synopsis | Category: EX2300/3400 CP |
1447291 | The Phone-Home Client upgrade might fail on EX devices Product-Group=junos |
On EX2300/EX3400/EX4300 Series devices with Phone-Home Client (PHC) feature configuration, the Phone-Home Client upgrade might fail because the phcd process is unable to get the device Serial Number. |
PR Number | Synopsis | Category: EX2300/3400 PFE |
1466423 | The broadcast and multicast traffic might be dropped over IRB or LAG interface in QFX/EX VC scenario Product-Group=junos |
On QFX5000/EX2300/EX3400/EX4600 Virtual Chassis (VC) platforms, the broadcast and multicast traffic might get dropped over some of the Link Aggregation Group (LAG) or Integrated Routing and Bridging (IRB) interfaces. Due to this issue, all the routing protocols replying on broadcast/multicast traffic would not be able to setup neighbor sessions, for example, some of the Open Shortest Path First (OSPF) sessions might be stuck in "Init" state over LAG or IRB interfaces. |
PR Number | Synopsis | Category: EX-Series VC Datapath |
1426741 | Junos OS: EX4300: Traffic from the network internal to the device (128.0.0.0) may be forwarded to egress interfaces (CVE-2020-1628) Product-Group=junos |
Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. Refer to https://kb.juniper.net/JSA11008 for more information. |
PR Number | Synopsis | Category: DC PFE QoS |
1466770 | On the QFX5100 switch, slow packet drops might be observed when there are packets on the port before its buffer configuration is completed after the reboot. This issue is very rare and the window could be just few milliseconds. Product-Group=junos |
The issue observed on QFX5000 platforms when there are any packets on the port before its buffer configuration is completed after the reboot. This issue is very rare and the window could be just few milli seconds. |
PR Number | Synopsis | Category: QFX PFE L2 |
1448488 | The traffic leaving QFX5K and EX46 switches might not be properly load-balanced over AE interfaces Product-Group=junos |
On QFX5K and EX46 platforms, when an AE interface is used, the switches might not properly load-balance the transit traffic to this Layer 2 LAG link even for different MPLS labels (for MPLS traffic) or different VLAN tags. And configuring different 'forwarding-options enhanced-hash-key hash-mode' options or configuring the proper hash offset with "set forwarding-options enhanced-hash-key hash-parameters lag offset 0" also could not work. Due to this, it might cause traffic impact if the congested traffic is seen. |
1462171 | The LLDP function might fail when a device running Junos OS connects to a device that does not run Junos OS. Product-Group=junos |
On EX/QFX platforms with STP disabled, the LLDP function might fail when a Juniper device connects to a non-Juniper one. In this scenario, the LLDP PDU with destination MAC 01:80:c2:00:00:00, which is one of the three reserved MAC addresses for LLDP in IEEE 802.1AB, will be ignored by Juniper LLDP process, and this causes the LLDP function failure. This issue has service impact. |
1467763 | The fxpc.core might be seen when committing the configuration all together, e.g., after the reboot Product-Group=junos |
On EX2300/3400/4300/4600 and QFX Series switches except for QFX10k, if committing the configuration all together (e.g., after the reboot), the fxpc/PFE core dump might be found. In the Virtual Chassis scenario, the VC members might be splitted because the VC ports might not be created in time. |
1469596 | Ingress traffic might silently discard traffic if the underlying interfaces flap in the EVPN-VXLAN scenario. Product-Group=junos |
On QFX5000 platforms with Ethernet Virtual Private Network (EVPN) and Virtual Extensible LAN (VXLAN) scenario, if there is the underlying interface flaps for the core network side, all the ingress traffic might be backholed by the VXLAN Tunnel Endpoint (VTEP) due to this issue. |
1474142 | Traffic might get affected if the composite next-hop is enabled. Product-Group=junos |
On QFX5000 and EX4600 platforms with composite next hop enabled, traffic loss would occur when deleting leaked routes with composite next hop. |
PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
1444845 | On the QFX5100 Virtual Chassiss, the CRC errors might be observed. Product-Group=junos |
In QFX5100 Virtual Chassis(VC) scenario, if the VC connections are disconnected for any reason, like rebooting the switch or pulling out the optical module, the CRC errors and packets loss might be seen when the VC connections resume working again. Due to the VCP ports are not getting initialized properly. |
1455547 | Core files might get generated during the addition or removal of the EVPN type-5 routing instance. Product-Group=junos |
On QFX platforms, the coredump might occur during adding/removing EVPN Type-5 routing instance. The EVPN route would be corrupted and traffic/service impact appears if hitting the issue. |
1463092 | When deleting IRB on the layer 3 gateway, IRB does not get removed from PFE and will blackhole traffic to IRB mac address Product-Group=junos |
On QFX5110/5120 platform as the layer 3 gateway, after deleting the configuration of interfaces irb, The IRB might not get removed from PFE and will blackhole traffic to the MAC address of the deleted IRB. |
PR Number | Synopsis | Category: QFX PFE MPLS |
1477301 | The traffic might get lost over the QFX5100 switch acting as a transit PHP node in the MPLS network. Product-Group=junos |
In the MPLS network, the packets may get dropped by egress node if the packets go through the QFX5100 switch acting as a transit PHP (penultimate-hop popping) node. |
PR Number | Synopsis | Category: Accounting Profile |
1452363 | PFED core files are seen and MIB2D is reported as slow peer due to a Packet Forwarding Engine accounting issue. Product-Group=junos |
The flow label statistics are retrieved periodically by pfed for PTX or TVP platforms, if the statistics reply becomes very big number, the pfed might crash hence affecting traffic. |
PR Number | Synopsis | Category: MX Layer 2 Forwarding Module |
1464778 | Type 1 ESI/ or AD route are not generated locally on EVPN PE in all-active mode. Product-Group=junos |
In a scenario when the VGA on IRB is deactivated/activated/configuration commit at the same time on both PEs of a site, the type 1 ESI/AD route might not be generated locally. |
PR Number | Synopsis | Category: Bi Directional Forwarding Detection (BFD) |
1448649 | Junos OS BFD sessions with authentication flaps occurs after sometime. Product-Group=junos |
In the scenario where BFD session authentication is configured, after a certain period of time, BFD sessions flaps may be seen, this will cause the neighbor to be down. |
PR Number | Synopsis | Category: Border Gateway Protocol |
1437837 | The rpd might crash in case multipath is enabled, as BGP multipath teardown is called for secondary route even though secondary routes are considered for multipath. Product-Group=junos |
This issue applies to Junos platforms with BGP multipath configured under a routing-instance and a RIB group is deployed to leak routes from that routing-instance to another routing table. "rpd" may restarts unexpectedly when performing multipath calculation operations for the secondary routes - (such as, removing the rib-groups/bouncing BGP neighbor under routing-instance.) The secondary routes refer to the second RIB in a RIB (Routing Information Base) group. |
1461602 | The rpd scheduler slips might be seen on an RPKI route validation-enabled BGP peering router in a scaled setup. Product-Group=junos |
In scaled BGP environment (e.g. global table ~3M routes or more) when there are a lot of (e.g 10k or more) more specific routes for a certain IPv4 or IPv6 prefix covered by some RV (route validation) record, a change in RV records database might lead to rpd (routing protocol daemon) scheduler slips, which could trigger routing protocol adjacency flap. The same could be triggered by executing "clear validation database" command or shortly after initial session RPKI (resource public key infrastructure) establishment event. |
PR Number | Synopsis | Category: Device Configuration Daemon |
1445370 | The VRRP IPv6 state might flap between init and idle states after configuring vlan-tagging Product-Group=junos |
On EX-series and QFX-series platforms with VRRP IPv6 deployment, the VRRP IPv6 state might flap between init and idle states after configuring vlan-tagging on the interface that the VRRP IPv6 is configured. |
PR Number | Synopsis | Category: Ethernet OAM (LFM) |
1465608 | The EOAM CFM primary-vid functionality does not work if the enhanced-cfm-mode is enabled. Product-Group=junos |
On MX10003 platform, the EOAM (Ethernet Operations, Administration, and Maintenance) CFM (Connectivity Fault Management) primary-vid functionality doesn't work if the enhanced-cfm-mode is enabled. The issue impacts the CFM functionality. |
PR Number | Synopsis | Category: EVPN control plane issues |
1467309 | Rpd might crash with EVPN-related configuration changes in static VXLAN to MPLS stitching scenario. Product-Group=junos |
In EVPN scenario without encapsulation type specified (the default EVPN encapsulation type is set to MPLS), if "vlan-id none" and "vni " is configured in EVPN instance, the rpd might crash after changing EVPN related configuration (such as set the encapsulation as vxlan or delete label-allocation scheme). |
PR Number | Synopsis | Category: EX Chassis chassism/chassisd |
1446363 | Major alarm logs messages for temperature conditions at 56 degrees celsius. Product-Group=junos |
A major alarm might be generated once any sensor temperature is hit at 56 degrees celsius. This is incorrect behavior and can be resolved by upgrading version of code. **Note: Even though incorrect alarms are triggered, the chassis will still shut down gracefully when "fire shutdown" threshold is hit as seen in operational mode > show chassis temperature-thresholds. |
PR Number | Synopsis | Category: Express PFE CoS Features |
1455309 | On the QFX10000 line of switches, the PFC feature does not work. Product-Group=junos |
On QFX10k series platforms, the PFC (Priority-based Flow Control) feature doesn't work as expected. The issue might lead to congestion as the flow is not controlled by the PFC. |
PR Number | Synopsis | Category: Express PFE FW Features |
1433648 | Traffic drop might occur on PTX/QFX during filter change operation Product-Group=junos |
On PTX/QFX platforms, a firewall configuration change operation may not be done correctly within the PFE causing transit packets drops. |
PR Number | Synopsis | Category: Express PFE including evpn, vxlan |
1471465 | When the VTEP source interface is configured in the multiple routing instances, there might be traffic loss. Product-Group=junos |
In VXLAN scenario on QFX10000 series platforms, when VTEP source interface is configured in multiple routing instances, the traffic loss might occur if one of such routing instances is deleted. |
PR Number | Synopsis | Category: Express PFE L2 fwding Features |
1405786 | Ping over loopback might not work over TYPE 5 tunnel on QFX10000 platforms Product-Group=junos |
On QFX10000 platforms, in EVPN-VXLAN scenarios, ping between Spine to Spine loopback over TYPE 5 tunnel might not work. |
PR Number | Synopsis | Category: PTX Express ASIC interface |
1412126 | On FPC P2 line card, interface might stay down after maintenance. The issue is observed on links connected to another vendors equipment. Product-Group=junos |
On PTX3000/PTX5000 linecard (QSFP28-100GBASE-LR4) interface may stay down after software upgrade. Issue is usually observed on links connected to another vendors equipment. |
PR Number | Synopsis | Category: idp flow creation, deletion,notification, session mgr intfce |
1444043 | SNMP queries might cause commit or show command to fail due to IDP. Product-Group=junos |
On SRX Series devices, commit or show command for IDP might not work if SNMP queries are run when large-scale IDP is used. |
PR Number | Synopsis | Category: Signature Database |
1467208 | Unable to update offline IDP signature in vsrx3.0 with 19.2R1 Product-Group=junos |
IDP offline signature update is not allowed on vSRX platforms. |
PR Number | Synopsis | Category: ISIS routing protocol |
1455432 | The rpd might crash continuously due to memory corruption in IS-IS setup. Product-Group=junos |
With ISIS configured and in a very rare case, memory corruption may occur, this may cause rpd crash continuously. |
PR Number | Synopsis | Category: jdhcpd daemon |
1449353 | Junos OS and Junos OS Evolved: Multiple vulnerabilities in JDHCPD allow for OS command injection and code execution of JDHCPD Product-Group=junos |
A device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process configured relay mode is vulnerable to multiple vulnerabilities which allow an attacker to send crafted packets who may arbitrarily execute commands as root on the target device, or who may take over the code execution of the JDHCPD process. Refer to https://kb.juniper.net/JSA10981 for more information. |
1458150 | DHCP subscriber might not come online after the router reboots. Product-Group=junos |
On MX platform with DHCP subscriber scenario, the subscriber might not come online after the router is rebooted. |
PR Number | Synopsis | Category: interfaces and zones for junos js software |
1452488 | On SRX Series devices with chassis cluster, the control link remains up even though the control link is actually down. Product-Group=junos |
On vSRX, vSRX 3.0, SRX1500, SRX4100, SRX4200 and SRX4600 platforms, the chassis cluster control link remains up even when the control link is actually down. The failover cannot be executed in this situation, and this issue has traffic or service impact. |
PR Number | Synopsis | Category: Label Distribution Protocol |
1451157 | The LDP route timer resets when committing unrelated configuration changes. Product-Group=junos |
The LDP route timer is reset due to committing unrelated configuration changes. As usual, the "route timer reset" implies route churn, but LDP itself is not affected as there is no real nexthop change in the case of configuration commit with unrelated changes. However, protocols using the LDP route as protocol nexthop may be impacted. |
PR Number | Synopsis | Category: Port-based link layer security services and protocols that a |
1475089 | MACsec traffic over L2circuit might not work on QFX10K/PTX10K/PTX1K platforms after upgrading from Junos 15.1 to higher versions Product-Group=junos |
After upgrading from Junos 15.1 to higher versions (before Junos 19.3), MACsec ethertype might not be programmed as known ethertype on QFX10K/PTX10K/PTX1K platforms, so when those platforms are configured as L2circuit tunnel termination, the inner payload (MACsec packets) could not be detected properly and outgoing packets are corrupted. |
PR Number | Synopsis | Category: Multiprotocol Label Switching |
1442495 | LSI interface Layer 2 Virtual Chassis goes down on one router in VPLS domain through the MPLS path is still available in inet.3. Reason shows as mpls label out of range. Product-Group=junos |
When both primary and secondary standby paths are configured on a no-cspf label swtiched path (LSP), also both primary and secondary paths are both up only on detour, one or more transit nodes shared by primary path and secondary path in failure might cause the active path keep changing between primary and secondary paths. There is no traffic impact observed when this issue happens. |
PR Number | Synopsis | Category: Bugs related to ethernet interface on MX platform |
1436327 | The default configuration does not create any logical interfaces and LLDP cannot discover the neighbor for those interfaces, which the logical interface is not configured explicitly in the Junos OS configuration. Product-Group=junos |
Default config doesn't create any IFLs and LLDP cannot discover neighbor for those interfaces which ifl is not configured explicitly in Junos configuration. |
PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
1425608 | The kernel crashes during the removal of the mounted USB when a file is being copied to it. Product-Group=junos |
If you pulled out a USB storage device from the system while files are being copied, the kernel will panic and the system will restart. |
1442376 | EX2300 platforms might stop forwarding traffic or responding to console Product-Group=junos |
On EX2300/EX2300-C platforms, if Junos OS is with FreeBSD kernel version 11 with the build date on or after 2019-02-12, the switch might stop forwarding traffic or responding to console. A reboot is required to restore the service. |
1454950 | EX switches might not come up properly upon reboot Product-Group=junos |
EX switches might not come up properly upon reboot due to the date not been set up. |
1469400 | EX3400 might reboot because of lack of watchdog patting Product-Group=junos |
On EX3400, if watchdog pat did not happen within stipulated time and it might reboot automatically with "0x2:watchdog" as reboot reason. |
PR Number | Synopsis | Category: OSPF routing protocol |
1445078 | The rpd might crash in OSPF scenario due to invalid memory access. Product-Group=junos |
In Open Shortest Path First (OSPF) scenario, rpd might crash when trying to resolve the Forwarding Address (FA) from an OSPF LSA type 5/7. The issue is due to accessing memory bytes exceeding the valid size, and occurs in rare condition. |
PR Number | Synopsis | Category: PE based L3 software |
1434567 | IPv6 neighbor solicitation packets getting dropped on PTX Product-Group=junos |
In IPv6 scenario on PTX platforms (including PTX3K/5K with FPC3, PTX1K, PTX10K), when a parity error which is due to hardware error occurs on FPC, the neighbor solicitation (NS) packets might get dropped. It will cause IPv6 neighbor discovery failure, and no relevant alarms or logs are reported during the issue. |
PR Number | Synopsis | Category: vMX Platform Infrastructure related issue tracking |
1344858 | Junos OS: vMX: Default credentials supplied in configuration (CVE-2020-1615) Product-Group=junos |
The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. Refer to https://kb.juniper.net/JSA10998 for more information. |
PR Number | Synopsis | Category: PTP related issues. |
1471502 | When PTP is configured in the hybrid mode, the Synchronous Ethernet frequency drifts. Product-Group=junos |
In Hybrid Mode with phase synchronization and frequency synchronization scenario, some frequency/phase changes may not be adjusted and PTP state can be stuck in acquiring state. |
1474987 | clksyncd generates core file after GRES. Product-Group=junos |
clksyncd crashed after GRES on the new master RE in the scenario where clksyncd was not running on the ex-master RE. |
PR Number | Synopsis | Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI |
1426737 | The dcpfe/PFE might not start on AS7816-64X and QFX5K TVP platform devices Product-Group=junosvae |
The dcpfe/PFE might not start on AS7816-64X and QFX5K TVP platform devices which results in all the interfaces going down. |
PR Number | Synopsis | Category: Interface related issues. Port up/down, stats, CMLC , serdes |
1423496 | Ports might get incorrectly channelized if they are already of 10-Gigabit Ethernet and they are channelized to 10-Gigabit Ethernet again. Product-Group=junos |
On all junos platforms with channelizing ports on FPCs, if a 40G port which are channelized to 10G ports already (eg:xe-2/0/16:0) are being channelized to 10G again, they may get incorrectly channelized. |
1449406 | CRC error might be seen on the VCPs of the QFX5100 Virtual Chassis. Product-Group=junos |
In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC. |
PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
1446974 | QFX5K:L3 IP route entries might not get programmed in the LPM table Product-Group=junosvae |
Due to software issues on a chipset vendor SDK on Juniper QFX series 5100, 5110, 5120, 5200 and 5210, L3 IP route entries might not get programmed in the LPM table and this will impact L3 traffic. The following messages will show up in the log messages: [Mon Dec 30 11:00:09.889 LOG: Err] brcm_rt_ip_uc_lpm_install:1328(LPM route change failed) Reason : Table full unit 0 [Mon Dec 30 11:00:09.889 LOG: Err] brcm_rt_ip_uc_entry_install:1186brcm_rt_ip_uc_entry_install Error: lpm ip route install failed vrf 1 ip 2404:5780:3::/48 nh-swidx 131083 nh-hwidx 200048 |
1466810 | On the QFX10000 line of switches, the EPR iCRC errors might cause protocols to go down. Product-Group=junos |
EPR iCRC errors in QFX10000 series platforms might cause protocols down. FPC will be in wedged state and will not pass traffic on that PFE if hitting this issue. EPR iCRC errors are normal and caused by transient hardware conditions. EPR iCRC errors are not expected to impact the protocols, and only one CRC failed packet will be dropped. But due to incorrect handling of this error, it affects protocols and causes FPC wedge. |
1475249 | On the QFX5200 line of switches, the DAC cables are not being properly detected in the Packet Forwarding Engine in Junos OS Release 18.4R2-S2.4. Product-Group=junos |
The DAC Breakout cables such as "JNP-100G-2X50G-1M" were not categorized as dac_port variable which was causing the interface type to get defaulted to SR. |
PR Number | Synopsis | Category: QFX access control list |
1464883 | Unable to attach a filter to an IRB interface when that filter contains an action to remark the DSCP value to a non-zero value Product-Group=junos |
When you try to apply a firewall filter that contains a "then dscp" action to a Layer 3 inet subinterface, you will get an error when trying to commit. Applying the same filter to an IRB interface succeeds as does applying the same filter to a Layer 3 subinterface on QFX5100-48S. |
PR Number | Synopsis | Category: DHCP related Issues |
1459499 | The lightweight DHCPv6 relay agent functionality might be broken on QFX5K platforms Product-Group=junos |
On QFX5K platforms, the Lightweight DHCPv6 Relay Agent (LDRA) functionality might be broken. Due to this issue, when light-weight-dhcpv6-relay is configured under dhcp-security hirachy, dhcp-security ipv6 binding might be stuck at "WAIT" state and get cleared later. |
PR Number | Synopsis | Category: Filters |
1464352 | The dcpfe might crash when changing the firewall filter on QFX5K platforms Product-Group=junosvae |
On QFX5K switches, when a firewall filter term is changed in scale conditions (such as, more than 2500 iRACL--ingress Routing ACL entries), the dcpfe might crash especially in make-before-break scenario. It might cause all interfaces in this FPC down. |
PR Number | Synopsis | Category: for all ipv6 related issues |
1459759 | The fxpc process might crash due to several BGP IPV6 session flaps Product-Group=junos |
On QFX5100 and EX4600 platforms, the fxpc (packet forwarding engine manager) process might crash when multiple BGP IPV6 sessions (for instance around 500) are flapped and then restored at the same time. |
PR Number | Synopsis | Category: QFX L2 PFE |
1474545 | On the QFX5000 line of switches in the EVPN-VXLAN scenario, continuous error log messages might be raised. Product-Group=junos |
In EVPN-VXLAN scenario, when an SP style interface is configured both with native-vlan-id and LLDP on QFX5000 platforms, continuous log messages might be observed. |
PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
1456336 | Link up delay and traffic drop might be observed on the mixed SP Layer 2 or Layer 3, and EP Layer 2 type configurations. Product-Group=junos |
This PR includes three issues. First one: When Layer3 IFL (logical interface) is configured first and then Layer2 IFL is configured, MAC move might not happen. Second one: On Vxlan setup with large number of child interfaces, link up delay is seen. Third one: In case of VLAN setup with Enterprise/Service Provider L2 and L3 type configs, when all the configs are done in single commit statement then the traffic might not be forwarded. |
PR Number | Synopsis | Category: QFX MPLS PFE |
1469998 | If continuous interface flap occur at ingress or egress of the PE devices, the IP routed packets might get looped on the MPLS PHP node. Product-Group=junos |
On QFX5K platform, when MPLS node-link-protection is configured on all nodes (PE and P device), the IP routed packets might be looped on the MPLS PHP node (P device) if continuous interface flaps at ingress/egress of PE devices. |
PR Number | Synopsis | Category: QFX EVPN / VxLAN |
1454804 | The untagged hosts ARP/NS requests might not be resolved when it is connected on 'encapsulation ethernet-bridge' interface Product-Group=junos |
On the QFX5120 platform, the ARP request/reply/NS/NA might not get resolved for an untagged packet coming on an interface with 'encapsulation ethernet-bridge' and when this interface is in a vxlan with 'encapsulate-inner-vlan' configuration. |
PR Number | Synopsis | Category: QFX VC Infrastructure |
1433525 | VC Mezz temp and QIC sensor get failure on QFX Product-Group=junos |
On QFX VC Mezz temp and QIC sensor get failure because displaying of temp sensor without data being set/fetched. |
PR Number | Synopsis | Category: RPD policy options |
1453439 | Routes resolution might be inconsistent if any route resolving over the multipath route. Product-Group=junos |
On all Junos platforms, any route resolving over the multipath routes, one scenario is BGP over BGP. After the metric value of any PNH (refers to the second PNH and using it to perform the second time next-hop resolving) changes, meanwhile, if the hash-selection changes happened, it might result in routes resolution inconsistency. Traffic drops could be observed if the packages are still forwarding to the old PNH (Protocol Next Hop). Any recursive resolving multipath scenario might trigger this issue. |
PR Number | Synopsis | Category: show route table commands, tracing, and syslog facilities |
1442542 | EVENT UpDown interface logs are partially collected in syslog messages. Product-Group=junos |
When multiple interfaces UpDown event happens, a number of interfaces are not logged the event but partial logs are recorded in messages file. |
PR Number | Synopsis | Category: Resource Reservation Protocol |
1445994 | Traffic might be silently dropped or discarded if two consecutive PLRs along the LSP performs local repair simultaneously under certain misconfigured conditions. Product-Group=junos |
In RSVP environment with link or node protection deployed, if two consecutive PLRs (point of local repair) along the LSP perform local repair simultaneously and if backup LSP signaling between the downstream PLR & MP (merge point) pair fails due to any reason, then the backup LSP signaling between the upstream PLR & MP pair also does not succeed. Then due to a software defect the upstream PLR does not correctly clean up the LSP state and continues to send traffic into the backup LSP, resulting in traffic blackhole at the downstream PLR. |
1471281 | The rpd crash might be seen after some commit operations, which might affect the RSVP ingress routes. Product-Group=junos |
On all platforms with BGP PIC configured, if doing some commit operations where RSVP ingress routes are affected, the rpd crash might be seen. |
PR Number | Synopsis | Category: Issues related to control plane security |
1470693 | Junos OS: Multiple FreeBSD vulnerabilities fixed in Junos OS. (CVE-2018-6916, CVE-2018-6918) Product-Group=junos |
Multiple vulnerabilities have been resolved in Junos OS by updating third party software included with Junos OS or by fixing vulnerabilities found during internal testing. Refer to https://kb.juniper.net/JSA11016 for more information. |
PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
1459306 | The traffic might be stuck on MS-MPC or MS-MIC with sessions receiving a huge number of affinity packets. Product-Group=junos |
On MX platforms with MS-MPC/MS-MIC, if there are sessions receiving huge number of affinity packets (e.g. thousands of packets), the service interface might be brought down by the prolonged flow-control, and the mspmand process crash might happen. In this case, the traffic will be stuck due to this issue. |
PR Number | Synopsis | Category: MPC7/8/9 Interface Issues |
1463015 | The EA WAN SerDes gets into a stuck state, leading to continuous "DFE tuning timeout' errors and link staying down. Product-Group=junos |
The interfaces on certain MX platforms might get stuck in a down state, if the remote interface sends invalid code to the local interface. Link might not come up even after the remote peer has begun sending a good signal. |
PR Number | Synopsis | Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch |
1462325 | On MX204, RADIUS interim accounting statistics are not populated. Product-Group=junos |
In PPPoE/DHCP Subscriber Access Networks, if RADIUS Accounting for Subscriber Access is configured, the accounting interval update message might not be populated by PFE ASIC due to the hardware limitation on MX204, the statistics of PPPoE/DHCP subscriber might not be sent to the RADIUS accounting server. Then PPPoE/DHCP subscribers might have incorrect stats values, the services (e.g. network management/client billing/auditing, and so on) related to these statistics collected by accounting might be impacted. |
PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
1466602 | RT5 does not work properly and ip-prefix-routes are not reachable. Product-Group=junos |
On MX platforms with EVPN-VXLAN Tpye-5 tunnel used, when the VRF of Type-5 destination IP (toward host) is different from the default VRF (the tunnel end point in the underlay), Tpye-5 tunnel might not work properly, and ip-prefix-routes are not reachable. |
PR Number | Synopsis | Category: Configuration management, ffp, load action |
1426341 | Switch may unable to commit baseline config after zeroize Product-Group=junos |
When the OpenConfig package is used (The OpenConfig package became part of image itself from 18.3, prior to 18.3 OpenConfig package is a seperate add-on package), the following switches (EX2200, EX3200, EX3300, EX3400, EX4200, EX4300, EX4500, EX4550, EX4600, QFX3000, QFX3100, QFX3500, QFX3600, QFX5100) may unable to commit baseline config after zeroize. |
PR Number | Synopsis | Category: UI Infrastructure - mgd, DAX API, DDL/ODL |
1427632 | QFX5100-VCF - 'rollback' for uncommitted config takes 1 hour Product-Group=junos |
Performing "config# rollback 0" may takes a long time to complete. |
1439805 | When a group is applied at non-root level, updating commands inside the group does not update the hierarchies where they are applied. Product-Group=junos |
On all Junos platforms, if a group is applied at non-root level and later some knob from the group is deleted, then change bits are not set for the hierarchy where the group is applied. |
PR Number | Synopsis | Category: VSRX platform software |
1469978 | vsrx2.0 - config-drive does not work as expected Product-Group=junos |
Adding the license to a vSRX instance while it is getting spun through cloud-init fails. You have to manually add the license after the device has booted up. |
PR Number | Synopsis | Category: EX4300 Layer 2 implementation |
---|---|---|
1464365 | EX4300VC: Switch may drop Dot1x client TLS packet Product-Group=junos |
On EX4300 switches, when packets entering a port exceed a size of 144 bytes, they might get dropped in very few cases. |
PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
1367439 | On the QFX5110 Virtual Chassis peers, invalid VRRP mastership election is observed. Product-Group=junos |
In some specific scenarios, the configuration of bpdu-block-on-edge might cause both QFX5110 to claim as VRRP masters. |
1429504 | Layer 3 IP route might not be installed in LPM forwarding table on QFX5000 platforms Product-Group=junosvae |
On QFX5000 platforms, when the host forwarding table is full and the host entries are installed in LPM forwarding table, or when lpm-profile with unicast-in-lpm option is used, the Layer 3 IP route might not be installed in LPM forwarding table if there are SER errors, hence there might be traffic impact. The issue is fixed in the following releases via PR1446974. |
1440847 | The bandwidth value of the DDOS-protection might cause the packets loss after the device reboot Product-Group=junos |
In the DDOS-protection scenario, when the aggregate bandwidth value (e.g value A) of protocols (l3mtu-fail/ttl/ip-opt/rsvp/ldp/bgp/unknown-l2mc/rip/ospf/stp/pvstp/lldp) is configured, this bandwidth value might be reset to the default value (e.g. value B) after the device reboot or PFE restart. |
PR Number | Synopsis | Category: BBE Remote Access Server |
1449064 | Subscriber login fails when the PCRF server is unreachable. Product-Group=junos |
In Gx-Plus for Provisioning Subscribers scenario, when the PCRF (Policy and Charging Rules Function) server is unreachable or the diameter protocol is down, the subscriber login might fail to successfully establish a session or the subscribers might fail to bind a service policy by Gx-Plus after the PCRF Server connectivity is restored. |
PR Number | Synopsis | Category: PTX Express ASIC interface |
1428307 | After you reboot the FPC, an interface comes up. Product-Group=junos |
In PTX with FPC3-PTX and QSFP28 PIC, or MX platforms with EA/ZT-chip based line cards, one of the interfaces on them might not come up after an interface of peer device flapping in short intervals and then restart the local FPC. Due to the BCM8238x chip of Broadcom with a wrong re-timer leading to the local interface remain in "down" state. |
1453217 | On PTX5000 and PTX3000 router with 15x100G and 96x10G PIC, the interface bcm8238 line side amplitude setting is incorrect and might cause optic reliability issues. Product-Group=junos |
On PTX5000 Router, the 100-Gbps interface might not come up after flapping due to optic reliability issues. |
PR Number | Synopsis | Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip |
1431033 | Traceoptions file exceeds the configured file size limit as the file keeps on growing. Product-Group=junos |
With 64-bit rpd running and traceoptions configured e.g. for BGP or MPLS statistics etc., the trace files are not rotating/rolling over as per the configured file size limit and the logs continue to be written to a single file continuously. |
PR Number | Synopsis | Category: Firewall Authentication |
1475435 | SRX Series: Unified Access Control (UAC) bypass vulnerability (CVE-2020-1637) Product-Group=junos |
A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy; Refer to https://kb.juniper.net/JSA11018 for more information. |
PR Number | Synopsis | Category: Multiprotocol Label Switching |
1282369 | With nonstop active routing (NSR), when the rpd restarts on the master Routing Engine, the rpd on the backup Routing Engine might restart. Product-Group=junos |
With nonstop active routing (NSR), when the routing protocol process (rpd) restarts on the master Routing Engine, the rpd on the backup Routing Engine might restart. |
1460283 | The previously configured credibility preference is not considered by CSPF even though the configuration has been deleted or changed to prefer another protocol in the traffic engineering database. Product-Group=junos |
After configuring the credibility, the new credibility preference value will be stored internally and its not cleared or consider by the CSPF module, incase if the perviously configuration of "traffic-engineering credibility-protocol-preference" was deleted or if you configure "traffic-engineering credibility-protocol-preference" under another protocol (for example ISIS) |
PR Number | Synopsis | Category: PTP related issues. |
1471466 | On the MX104 Series routers, the clksyncd crash might be observed when PTP over an aggregated Ethernet is configured. Product-Group=junos |
This issue is specific to feature PTP (Precision Time Protocol) over AE interface for MX104 platform. When PTP over AE is configured on MX104 platform, clksyncd process might crash and restart. It might cause partial service impact during the recovery and clksyncd restarts (about 2mins). |
PR Number | Synopsis | Category: SW installation for all qfx platforms. |
1345848 | upgrade/downgrade from tvp to non-tvp is not supported. Product-Group=junos |
Downgrade from a TVP image to a non-TVP image is not supported. However, upgrade from a non-TVP image to a TVP image is supported. |
PR Number | Synopsis | Category: QFX L2 PFE |
1473521 | The l2ald crash might be observed when around 16,000 VLAN-IDs share the same VXLAN tunnel and the Packet Forwarding Engine is rebooted. Product-Group=junos |
On EX, MX and QFX platform, l2ald might crash when around 16k VLAN-ID is sharing the same VxLAN tunnel and PFE is restarted. After this issue happened, MAC address table is not cleared and layer 2 transaction could work normally. In the end, traffic or service is not affected. This issue is not reproducible. |
PR Number | Synopsis | Category: platform related PRs on SRX branch platforms |
1451474 | Traffic forwarding on Q-in-Q port and VLAN tagging is not observed properly on R0. Product-Group=junos |
On SRX-branch platforms, if QinQ and native-vlan-id are configured, priority tagged packets (Priority tagged packets have their VLAN ID set to 0, and their priority code point bits might be configured with a CoS value.) would be dropped. Below is the detail. The newly added configuration "set interface input-native-vlan-push" is not supported by branch SRX. By default, input-native-vlan-push is disabled, which will cause untagged packets ingress from UNI (user-to-network) will not be added with inner tag on egressing out of NNI (network-to-network interface), and the priority only tagged packets ingress from UNI will be stripped of the priority tag when it egresses out of the UNI in the other end. Hence packets drop would be seen. |
PR Number | Synopsis | Category: MPC7/8/9 Interface Issues |
1440526 | On MX Series, CPU might hang or interface might stop working on 100-Gigabit Ethernet port. Product-Group=junos |
On MX/EX/PTX, if particular 100G port is used, CPU might hang or interface might be stuck down on the 100G port. This issue may cause traffic disruption in the network. |
PR Number | Synopsis | Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch |
1476786 | The MX router acting as LNS does not get to program the PFE with l2tp services that causes forwarding issues for the l2tp subscribers. Product-Group=junos |
On the MX platforms working in an enhanced subscriber environment, if the "routing-service" knob is enabled under the dynamic-profile for the LNS subscribers, l2tp services may not be programmed properly in the PFE due to timing, which causes forwarding issue to the affected subscribers. |
PR Number | Synopsis | Category: TRIO Interface based services |
1465490 | On MPC7, MPC8, and MPC9, WO packet error and FPC major alarm are observed when reassembling the small fragments. Product-Group=junos |
When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of small fragments requiring reassembly. Refer to https://kb.juniper.net/JSA11036 for more information. |
PR Number | Synopsis | Category: UI Infrastructure - mgd, DAX API, DDL/ODL |
991081 | The configuration change on Backup RE cannot be synchronized while deleting inactivated interfaces/routing-instances from master Product-Group=junos |
In the dual Routing Engine scenario, the backup Routing Engine does not sync up the configuration change while deleting an inactivated interface/routing-instances from the master. So after the operation, the inactivated interface/routing-instances still exists on the backup Routing Engine. |
1431198 | Error might occur when you use a script to load the configuration. Product-Group=junos |
Multiple deletion of a non-existing configuration statement produces errors through RPC load-configuration. |
1452136 | The mgd might crash when you use the replace pattern command. Product-Group=junos |
When you use the "replace pattern" command to replace the name in the apply-group, the mgd crashes. |
1464439 | If a NETCONF session is initiated over an inband connection, the CPU utilization on mgd daemon might be 100 percent after the NETCONF, which executes an RPC call for some commands and gets interrupted by flapping interface. There is no impact observed to the control plane or the forwarding plane, the subsequent NETCONF session continues to function. Product-Group=junos |
If a NETCONF session is initiated over an inband connection, the CPU utilization on mgd daemon might be 100 percent after the NETCONF, which executes an RPC call for some commands and gets interrupted by flapping interface. There is no impact observed to the control plane or the forwarding plane, the subsequent NETCONF session continues to function. |
2020-08-21: Added "open" issues as this information was missing from the previous publication
2020-01-07: Removed duplicate entry for PR1449406.
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search