18.4R2-S3: Software Release Notification for JUNOS Software Version 18.4R2-S3

Junos Software service Release version 18.4R2-S3 is now available.

18.4R2-S3 - List of Fixed issues

PR Number	Synopsis	Category: EX4300 PFE
1427866	IPv6 traffic might be dropped when static /64 Ipv6 routes are configured Product-Group=junos	On EX4300, when static /64 IPv6 route is configured and points to the interface where uRPF is configured, IPv6 packets which match the routes might be dropped.
PR Number	Synopsis	Category: EX2300/3400 CP
1447291	The Phone-Home Client upgrade might fail on EX devices Product-Group=junos	On EX2300/EX3400/EX4300 Series devices with Phone-Home Client (PHC) feature configuration, the Phone-Home Client upgrade might fail because the phcd process is unable to get the device Serial Number.
PR Number	Synopsis	Category: EX2300/3400 PFE
1466423	The broadcast and multicast traffic might be dropped over IRB or LAG interface in QFX/EX VC scenario Product-Group=junos	On QFX5000/EX2300/EX3400/EX4600 Virtual Chassis (VC) platforms, the broadcast and multicast traffic might get dropped over some of the Link Aggregation Group (LAG) or Integrated Routing and Bridging (IRB) interfaces. Due to this issue, all the routing protocols replying on broadcast/multicast traffic would not be able to setup neighbor sessions, for example, some of the Open Shortest Path First (OSPF) sessions might be stuck in "Init" state over LAG or IRB interfaces.
PR Number	Synopsis	Category: EX-Series VC Datapath
1426741	Junos OS: EX4300: Traffic from the network internal to the device (128.0.0.0) may be forwarded to egress interfaces (CVE-2020-1628) Product-Group=junos	Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. Refer to https://kb.juniper.net/JSA11008 for more information.
PR Number	Synopsis	Category: DC PFE QoS
1466770	On the QFX5100 switch, slow packet drops might be observed when there are packets on the port before its buffer configuration is completed after the reboot. This issue is very rare and the window could be just few milliseconds. Product-Group=junos	The issue observed on QFX5000 platforms when there are any packets on the port before its buffer configuration is completed after the reboot. This issue is very rare and the window could be just few milli seconds.
PR Number	Synopsis	Category: QFX PFE L2
1448488	The traffic leaving QFX5K and EX46 switches might not be properly load-balanced over AE interfaces Product-Group=junos	On QFX5K and EX46 platforms, when an AE interface is used, the switches might not properly load-balance the transit traffic to this Layer 2 LAG link even for different MPLS labels (for MPLS traffic) or different VLAN tags. And configuring different 'forwarding-options enhanced-hash-key hash-mode' options or configuring the proper hash offset with "set forwarding-options enhanced-hash-key hash-parameters lag offset 0" also could not work. Due to this, it might cause traffic impact if the congested traffic is seen.
1462171	The LLDP function might fail when a device running Junos OS connects to a device that does not run Junos OS. Product-Group=junos	On EX/QFX platforms with STP disabled, the LLDP function might fail when a Juniper device connects to a non-Juniper one. In this scenario, the LLDP PDU with destination MAC 01:80:c2:00:00:00, which is one of the three reserved MAC addresses for LLDP in IEEE 802.1AB, will be ignored by Juniper LLDP process, and this causes the LLDP function failure. This issue has service impact.
1467763	The fxpc.core might be seen when committing the configuration all together, e.g., after the reboot Product-Group=junos	On EX2300/3400/4300/4600 and QFX Series switches except for QFX10k, if committing the configuration all together (e.g., after the reboot), the fxpc/PFE core dump might be found. In the Virtual Chassis scenario, the VC members might be splitted because the VC ports might not be created in time.
1469596	Ingress traffic might silently discard traffic if the underlying interfaces flap in the EVPN-VXLAN scenario. Product-Group=junos	On QFX5000 platforms with Ethernet Virtual Private Network (EVPN) and Virtual Extensible LAN (VXLAN) scenario, if there is the underlying interface flaps for the core network side, all the ingress traffic might be backholed by the VXLAN Tunnel Endpoint (VTEP) due to this issue.
1474142	Traffic might get affected if the composite next-hop is enabled. Product-Group=junos	On QFX5000 and EX4600 platforms with composite next hop enabled, traffic loss would occur when deleting leaked routes with composite next hop.
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1444845	On the QFX5100 Virtual Chassiss, the CRC errors might be observed. Product-Group=junos	In QFX5100 Virtual Chassis(VC) scenario, if the VC connections are disconnected for any reason, like rebooting the switch or pulling out the optical module, the CRC errors and packets loss might be seen when the VC connections resume working again. Due to the VCP ports are not getting initialized properly.
1455547	Core files might get generated during the addition or removal of the EVPN type-5 routing instance. Product-Group=junos	On QFX platforms, the coredump might occur during adding/removing EVPN Type-5 routing instance. The EVPN route would be corrupted and traffic/service impact appears if hitting the issue.
1463092	When deleting IRB on the layer 3 gateway, IRB does not get removed from PFE and will blackhole traffic to IRB mac address Product-Group=junos	On QFX5110/5120 platform as the layer 3 gateway, after deleting the configuration of interfaces irb, The IRB might not get removed from PFE and will blackhole traffic to the MAC address of the deleted IRB.
PR Number	Synopsis	Category: QFX PFE MPLS
1477301	The traffic might get lost over the QFX5100 switch acting as a transit PHP node in the MPLS network. Product-Group=junos	In the MPLS network, the packets may get dropped by egress node if the packets go through the QFX5100 switch acting as a transit PHP (penultimate-hop popping) node.
PR Number	Synopsis	Category: Accounting Profile
1452363	PFED core files are seen and MIB2D is reported as slow peer due to a Packet Forwarding Engine accounting issue. Product-Group=junos	The flow label statistics are retrieved periodically by pfed for PTX or TVP platforms, if the statistics reply becomes very big number, the pfed might crash hence affecting traffic.
PR Number	Synopsis	Category: MX Layer 2 Forwarding Module
1464778	Type 1 ESI/ or AD route are not generated locally on EVPN PE in all-active mode. Product-Group=junos	In a scenario when the VGA on IRB is deactivated/activated/configuration commit at the same time on both PEs of a site, the type 1 ESI/AD route might not be generated locally.
PR Number	Synopsis	Category: Bi Directional Forwarding Detection (BFD)
1448649	Junos OS BFD sessions with authentication flaps occurs after sometime. Product-Group=junos	In the scenario where BFD session authentication is configured, after a certain period of time, BFD sessions flaps may be seen, this will cause the neighbor to be down.
PR Number	Synopsis	Category: Border Gateway Protocol
1437837	The rpd might crash in case multipath is enabled, as BGP multipath teardown is called for secondary route even though secondary routes are considered for multipath. Product-Group=junos	This issue applies to Junos platforms with BGP multipath configured under a routing-instance and a RIB group is deployed to leak routes from that routing-instance to another routing table. "rpd" may restarts unexpectedly when performing multipath calculation operations for the secondary routes - (such as, removing the rib-groups/bouncing BGP neighbor under routing-instance.) The secondary routes refer to the second RIB in a RIB (Routing Information Base) group.
1461602	The rpd scheduler slips might be seen on an RPKI route validation-enabled BGP peering router in a scaled setup. Product-Group=junos	In scaled BGP environment (e.g. global table ~3M routes or more) when there are a lot of (e.g 10k or more) more specific routes for a certain IPv4 or IPv6 prefix covered by some RV (route validation) record, a change in RV records database might lead to rpd (routing protocol daemon) scheduler slips, which could trigger routing protocol adjacency flap. The same could be triggered by executing "clear validation database" command or shortly after initial session RPKI (resource public key infrastructure) establishment event.
PR Number	Synopsis	Category: Device Configuration Daemon
1445370	The VRRP IPv6 state might flap between init and idle states after configuring vlan-tagging Product-Group=junos	On EX-series and QFX-series platforms with VRRP IPv6 deployment, the VRRP IPv6 state might flap between init and idle states after configuring vlan-tagging on the interface that the VRRP IPv6 is configured.
PR Number	Synopsis	Category: Ethernet OAM (LFM)
1465608	The EOAM CFM primary-vid functionality does not work if the enhanced-cfm-mode is enabled. Product-Group=junos	On MX10003 platform, the EOAM (Ethernet Operations, Administration, and Maintenance) CFM (Connectivity Fault Management) primary-vid functionality doesn't work if the enhanced-cfm-mode is enabled. The issue impacts the CFM functionality.
PR Number	Synopsis	Category: EVPN control plane issues
1467309	Rpd might crash with EVPN-related configuration changes in static VXLAN to MPLS stitching scenario. Product-Group=junos	In EVPN scenario without encapsulation type specified (the default EVPN encapsulation type is set to MPLS), if "vlan-id none" and "vni " is configured in EVPN instance, the rpd might crash after changing EVPN related configuration (such as set the encapsulation as vxlan or delete label-allocation scheme).
PR Number	Synopsis	Category: EX Chassis chassism/chassisd
1446363	Major alarm logs messages for temperature conditions at 56 degrees celsius. Product-Group=junos	A major alarm might be generated once any sensor temperature is hit at 56 degrees celsius. This is incorrect behavior and can be resolved by upgrading version of code. **Note: Even though incorrect alarms are triggered, the chassis will still shut down gracefully when "fire shutdown" threshold is hit as seen in operational mode > show chassis temperature-thresholds.
PR Number	Synopsis	Category: Express PFE CoS Features
1455309	On the QFX10000 line of switches, the PFC feature does not work. Product-Group=junos	On QFX10k series platforms, the PFC (Priority-based Flow Control) feature doesn't work as expected. The issue might lead to congestion as the flow is not controlled by the PFC.
PR Number	Synopsis	Category: Express PFE FW Features
1433648	Traffic drop might occur on PTX/QFX during filter change operation Product-Group=junos	On PTX/QFX platforms, a firewall configuration change operation may not be done correctly within the PFE causing transit packets drops.
PR Number	Synopsis	Category: Express PFE including evpn, vxlan
1471465	When the VTEP source interface is configured in the multiple routing instances, there might be traffic loss. Product-Group=junos	In VXLAN scenario on QFX10000 series platforms, when VTEP source interface is configured in multiple routing instances, the traffic loss might occur if one of such routing instances is deleted.
PR Number	Synopsis	Category: Express PFE L2 fwding Features
1405786	Ping over loopback might not work over TYPE 5 tunnel on QFX10000 platforms Product-Group=junos	On QFX10000 platforms, in EVPN-VXLAN scenarios, ping between Spine to Spine loopback over TYPE 5 tunnel might not work.
PR Number	Synopsis	Category: PTX Express ASIC interface
1412126	On FPC P2 line card, interface might stay down after maintenance. The issue is observed on links connected to another vendors equipment. Product-Group=junos	On PTX3000/PTX5000 linecard (QSFP28-100GBASE-LR4) interface may stay down after software upgrade. Issue is usually observed on links connected to another vendors equipment.
PR Number	Synopsis	Category: idp flow creation, deletion,notification, session mgr intfce
1444043	SNMP queries might cause commit or show command to fail due to IDP. Product-Group=junos	On SRX Series devices, commit or show command for IDP might not work if SNMP queries are run when large-scale IDP is used.
PR Number	Synopsis	Category: Signature Database
1467208	Unable to update offline IDP signature in vsrx3.0 with 19.2R1 Product-Group=junos	IDP offline signature update is not allowed on vSRX platforms.
PR Number	Synopsis	Category: ISIS routing protocol
1455432	The rpd might crash continuously due to memory corruption in IS-IS setup. Product-Group=junos	With ISIS configured and in a very rare case, memory corruption may occur, this may cause rpd crash continuously.
PR Number	Synopsis	Category: jdhcpd daemon
1449353	Junos OS and Junos OS Evolved: Multiple vulnerabilities in JDHCPD allow for OS command injection and code execution of JDHCPD Product-Group=junos	A device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process configured relay mode is vulnerable to multiple vulnerabilities which allow an attacker to send crafted packets who may arbitrarily execute commands as root on the target device, or who may take over the code execution of the JDHCPD process. Refer to https://kb.juniper.net/JSA10981 for more information.
1458150	DHCP subscriber might not come online after the router reboots. Product-Group=junos	On MX platform with DHCP subscriber scenario, the subscriber might not come online after the router is rebooted.
PR Number	Synopsis	Category: interfaces and zones for junos js software
1452488	On SRX Series devices with chassis cluster, the control link remains up even though the control link is actually down. Product-Group=junos	On vSRX, vSRX 3.0, SRX1500, SRX4100, SRX4200 and SRX4600 platforms, the chassis cluster control link remains up even when the control link is actually down. The failover cannot be executed in this situation, and this issue has traffic or service impact.
PR Number	Synopsis	Category: Label Distribution Protocol
1451157	The LDP route timer resets when committing unrelated configuration changes. Product-Group=junos	The LDP route timer is reset due to committing unrelated configuration changes. As usual, the "route timer reset" implies route churn, but LDP itself is not affected as there is no real nexthop change in the case of configuration commit with unrelated changes. However, protocols using the LDP route as protocol nexthop may be impacted.
PR Number	Synopsis	Category: Port-based link layer security services and protocols that a
1475089	MACsec traffic over L2circuit might not work on QFX10K/PTX10K/PTX1K platforms after upgrading from Junos 15.1 to higher versions Product-Group=junos	After upgrading from Junos 15.1 to higher versions (before Junos 19.3), MACsec ethertype might not be programmed as known ethertype on QFX10K/PTX10K/PTX1K platforms, so when those platforms are configured as L2circuit tunnel termination, the inner payload (MACsec packets) could not be detected properly and outgoing packets are corrupted.
PR Number	Synopsis	Category: Multiprotocol Label Switching
1442495	LSI interface Layer 2 Virtual Chassis goes down on one router in VPLS domain through the MPLS path is still available in inet.3. Reason shows as mpls label out of range. Product-Group=junos	When both primary and secondary standby paths are configured on a no-cspf label swtiched path (LSP), also both primary and secondary paths are both up only on detour, one or more transit nodes shared by primary path and secondary path in failure might cause the active path keep changing between primary and secondary paths. There is no traffic impact observed when this issue happens.
PR Number	Synopsis	Category: Bugs related to ethernet interface on MX platform
1436327	The default configuration does not create any logical interfaces and LLDP cannot discover the neighbor for those interfaces, which the logical interface is not configured explicitly in the Junos OS configuration. Product-Group=junos	Default config doesn't create any IFLs and LLDP cannot discover neighbor for those interfaces which ifl is not configured explicitly in Junos configuration.
PR Number	Synopsis	Category: FreeBSD Kernel Infrastructure
1425608	The kernel crashes during the removal of the mounted USB when a file is being copied to it. Product-Group=junos	If you pulled out a USB storage device from the system while files are being copied, the kernel will panic and the system will restart.
1442376	EX2300 platforms might stop forwarding traffic or responding to console Product-Group=junos	On EX2300/EX2300-C platforms, if Junos OS is with FreeBSD kernel version 11 with the build date on or after 2019-02-12, the switch might stop forwarding traffic or responding to console. A reboot is required to restore the service.
1454950	EX switches might not come up properly upon reboot Product-Group=junos	EX switches might not come up properly upon reboot due to the date not been set up.
1469400	EX3400 might reboot because of lack of watchdog patting Product-Group=junos	On EX3400, if watchdog pat did not happen within stipulated time and it might reboot automatically with "0x2:watchdog" as reboot reason.
PR Number	Synopsis	Category: OSPF routing protocol
1445078	The rpd might crash in OSPF scenario due to invalid memory access. Product-Group=junos	In Open Shortest Path First (OSPF) scenario, rpd might crash when trying to resolve the Forwarding Address (FA) from an OSPF LSA type 5/7. The issue is due to accessing memory bytes exceeding the valid size, and occurs in rare condition.
PR Number	Synopsis	Category: PE based L3 software
1434567	IPv6 neighbor solicitation packets getting dropped on PTX Product-Group=junos	In IPv6 scenario on PTX platforms (including PTX3K/5K with FPC3, PTX1K, PTX10K), when a parity error which is due to hardware error occurs on FPC, the neighbor solicitation (NS) packets might get dropped. It will cause IPv6 neighbor discovery failure, and no relevant alarms or logs are reported during the issue.
PR Number	Synopsis	Category: vMX Platform Infrastructure related issue tracking
1344858	Junos OS: vMX: Default credentials supplied in configuration (CVE-2020-1615) Product-Group=junos	The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. Refer to https://kb.juniper.net/JSA10998 for more information.
PR Number	Synopsis	Category: PTP related issues.
1471502	When PTP is configured in the hybrid mode, the Synchronous Ethernet frequency drifts. Product-Group=junos	In Hybrid Mode with phase synchronization and frequency synchronization scenario, some frequency/phase changes may not be adjusted and PTP state can be stuck in acquiring state.
1474987	clksyncd generates core file after GRES. Product-Group=junos	clksyncd crashed after GRES on the new master RE in the scenario where clksyncd was not running on the ex-master RE.
PR Number	Synopsis	Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1426737	The dcpfe/PFE might not start on AS7816-64X and QFX5K TVP platform devices Product-Group=junosvae	The dcpfe/PFE might not start on AS7816-64X and QFX5K TVP platform devices which results in all the interfaces going down.
PR Number	Synopsis	Category: Interface related issues. Port up/down, stats, CMLC , serdes
1423496	Ports might get incorrectly channelized if they are already of 10-Gigabit Ethernet and they are channelized to 10-Gigabit Ethernet again. Product-Group=junos	On all junos platforms with channelizing ports on FPCs, if a 40G port which are channelized to 10G ports already (eg:xe-2/0/16:0) are being channelized to 10G again, they may get incorrectly channelized.
1449406	CRC error might be seen on the VCPs of the QFX5100 Virtual Chassis. Product-Group=junos	In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC.
PR Number	Synopsis	Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1446974	QFX5K:L3 IP route entries might not get programmed in the LPM table Product-Group=junosvae	Due to software issues on a chipset vendor SDK on Juniper QFX series 5100, 5110, 5120, 5200 and 5210, L3 IP route entries might not get programmed in the LPM table and this will impact L3 traffic. The following messages will show up in the log messages: [Mon Dec 30 11:00:09.889 LOG: Err] brcm_rt_ip_uc_lpm_install:1328(LPM route change failed) Reason : Table full unit 0 [Mon Dec 30 11:00:09.889 LOG: Err] brcm_rt_ip_uc_entry_install:1186brcm_rt_ip_uc_entry_install Error: lpm ip route install failed vrf 1 ip 2404:5780:3::/48 nh-swidx 131083 nh-hwidx 200048
1466810	On the QFX10000 line of switches, the EPR iCRC errors might cause protocols to go down. Product-Group=junos	EPR iCRC errors in QFX10000 series platforms might cause protocols down. FPC will be in wedged state and will not pass traffic on that PFE if hitting this issue. EPR iCRC errors are normal and caused by transient hardware conditions. EPR iCRC errors are not expected to impact the protocols, and only one CRC failed packet will be dropped. But due to incorrect handling of this error, it affects protocols and causes FPC wedge.
1475249	On the QFX5200 line of switches, the DAC cables are not being properly detected in the Packet Forwarding Engine in Junos OS Release 18.4R2-S2.4. Product-Group=junos	The DAC Breakout cables such as "JNP-100G-2X50G-1M" were not categorized as dac_port variable which was causing the interface type to get defaulted to SR.
PR Number	Synopsis	Category: QFX access control list
1464883	Unable to attach a filter to an IRB interface when that filter contains an action to remark the DSCP value to a non-zero value Product-Group=junos	When you try to apply a firewall filter that contains a "then dscp" action to a Layer 3 inet subinterface, you will get an error when trying to commit. Applying the same filter to an IRB interface succeeds as does applying the same filter to a Layer 3 subinterface on QFX5100-48S.
PR Number	Synopsis	Category: DHCP related Issues
1459499	The lightweight DHCPv6 relay agent functionality might be broken on QFX5K platforms Product-Group=junos	On QFX5K platforms, the Lightweight DHCPv6 Relay Agent (LDRA) functionality might be broken. Due to this issue, when light-weight-dhcpv6-relay is configured under dhcp-security hirachy, dhcp-security ipv6 binding might be stuck at "WAIT" state and get cleared later.
PR Number	Synopsis	Category: Filters
1464352	The dcpfe might crash when changing the firewall filter on QFX5K platforms Product-Group=junosvae	On QFX5K switches, when a firewall filter term is changed in scale conditions (such as, more than 2500 iRACL--ingress Routing ACL entries), the dcpfe might crash especially in make-before-break scenario. It might cause all interfaces in this FPC down.
PR Number	Synopsis	Category: for all ipv6 related issues
1459759	The fxpc process might crash due to several BGP IPV6 session flaps Product-Group=junos	On QFX5100 and EX4600 platforms, the fxpc (packet forwarding engine manager) process might crash when multiple BGP IPV6 sessions (for instance around 500) are flapped and then restored at the same time.
PR Number	Synopsis	Category: QFX L2 PFE
1474545	On the QFX5000 line of switches in the EVPN-VXLAN scenario, continuous error log messages might be raised. Product-Group=junos	In EVPN-VXLAN scenario, when an SP style interface is configured both with native-vlan-id and LLDP on QFX5000 platforms, continuous log messages might be observed.
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1456336	Link up delay and traffic drop might be observed on the mixed SP Layer 2 or Layer 3, and EP Layer 2 type configurations. Product-Group=junos	This PR includes three issues. First one: When Layer3 IFL (logical interface) is configured first and then Layer2 IFL is configured, MAC move might not happen. Second one: On Vxlan setup with large number of child interfaces, link up delay is seen. Third one: In case of VLAN setup with Enterprise/Service Provider L2 and L3 type configs, when all the configs are done in single commit statement then the traffic might not be forwarded.
PR Number	Synopsis	Category: QFX MPLS PFE
1469998	If continuous interface flap occur at ingress or egress of the PE devices, the IP routed packets might get looped on the MPLS PHP node. Product-Group=junos	On QFX5K platform, when MPLS node-link-protection is configured on all nodes (PE and P device), the IP routed packets might be looped on the MPLS PHP node (P device) if continuous interface flaps at ingress/egress of PE devices.
PR Number	Synopsis	Category: QFX EVPN / VxLAN
1454804	The untagged hosts ARP/NS requests might not be resolved when it is connected on 'encapsulation ethernet-bridge' interface Product-Group=junos	On the QFX5120 platform, the ARP request/reply/NS/NA might not get resolved for an untagged packet coming on an interface with 'encapsulation ethernet-bridge' and when this interface is in a vxlan with 'encapsulate-inner-vlan' configuration.
PR Number	Synopsis	Category: QFX VC Infrastructure
1433525	VC Mezz temp and QIC sensor get failure on QFX Product-Group=junos	On QFX VC Mezz temp and QIC sensor get failure because displaying of temp sensor without data being set/fetched.
PR Number	Synopsis	Category: RPD policy options
1453439	Routes resolution might be inconsistent if any route resolving over the multipath route. Product-Group=junos	On all Junos platforms, any route resolving over the multipath routes, one scenario is BGP over BGP. After the metric value of any PNH (refers to the second PNH and using it to perform the second time next-hop resolving) changes, meanwhile, if the hash-selection changes happened, it might result in routes resolution inconsistency. Traffic drops could be observed if the packages are still forwarding to the old PNH (Protocol Next Hop). Any recursive resolving multipath scenario might trigger this issue.
PR Number	Synopsis	Category: show route table commands, tracing, and syslog facilities
1442542	EVENT UpDown interface logs are partially collected in syslog messages. Product-Group=junos	When multiple interfaces UpDown event happens, a number of interfaces are not logged the event but partial logs are recorded in messages file.
PR Number	Synopsis	Category: Resource Reservation Protocol
1445994	Traffic might be silently dropped or discarded if two consecutive PLRs along the LSP performs local repair simultaneously under certain misconfigured conditions. Product-Group=junos	In RSVP environment with link or node protection deployed, if two consecutive PLRs (point of local repair) along the LSP perform local repair simultaneously and if backup LSP signaling between the downstream PLR & MP (merge point) pair fails due to any reason, then the backup LSP signaling between the upstream PLR & MP pair also does not succeed. Then due to a software defect the upstream PLR does not correctly clean up the LSP state and continues to send traffic into the backup LSP, resulting in traffic blackhole at the downstream PLR.
1471281	The rpd crash might be seen after some commit operations, which might affect the RSVP ingress routes. Product-Group=junos	On all platforms with BGP PIC configured, if doing some commit operations where RSVP ingress routes are affected, the rpd crash might be seen.
PR Number	Synopsis	Category: Issues related to control plane security
1470693	Junos OS: Multiple FreeBSD vulnerabilities fixed in Junos OS. (CVE-2018-6916, CVE-2018-6918) Product-Group=junos	Multiple vulnerabilities have been resolved in Junos OS by updating third party software included with Junos OS or by fixing vulnerabilities found during internal testing. Refer to https://kb.juniper.net/JSA11016 for more information.
PR Number	Synopsis	Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1459306	The traffic might be stuck on MS-MPC or MS-MIC with sessions receiving a huge number of affinity packets. Product-Group=junos	On MX platforms with MS-MPC/MS-MIC, if there are sessions receiving huge number of affinity packets (e.g. thousands of packets), the service interface might be brought down by the prolonged flow-control, and the mspmand process crash might happen. In this case, the traffic will be stuck due to this issue.
PR Number	Synopsis	Category: MPC7/8/9 Interface Issues
1463015	The EA WAN SerDes gets into a stuck state, leading to continuous "DFE tuning timeout' errors and link staying down. Product-Group=junos	The interfaces on certain MX platforms might get stuck in a down state, if the remote interface sends invalid code to the local interface. Link might not come up even after the remote peer has begun sending a good signal.
PR Number	Synopsis	Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1462325	On MX204, RADIUS interim accounting statistics are not populated. Product-Group=junos	In PPPoE/DHCP Subscriber Access Networks, if RADIUS Accounting for Subscriber Access is configured, the accounting interval update message might not be populated by PFE ASIC due to the hardware limitation on MX204, the statistics of PPPoE/DHCP subscriber might not be sent to the RADIUS accounting server. Then PPPoE/DHCP subscribers might have incorrect stats values, the services (e.g. network management/client billing/auditing, and so on) related to these statistics collected by accounting might be impacted.
PR Number	Synopsis	Category: Trio pfe bridging, learning, stp, oam, irb software
1466602	RT5 does not work properly and ip-prefix-routes are not reachable. Product-Group=junos	On MX platforms with EVPN-VXLAN Tpye-5 tunnel used, when the VRF of Type-5 destination IP (toward host) is different from the default VRF (the tunnel end point in the underlay), Tpye-5 tunnel might not work properly, and ip-prefix-routes are not reachable.
PR Number	Synopsis	Category: Configuration management, ffp, load action
1426341	Switch may unable to commit baseline config after zeroize Product-Group=junos	When the OpenConfig package is used (The OpenConfig package became part of image itself from 18.3, prior to 18.3 OpenConfig package is a seperate add-on package), the following switches (EX2200, EX3200, EX3300, EX3400, EX4200, EX4300, EX4500, EX4550, EX4600, QFX3000, QFX3100, QFX3500, QFX3600, QFX5100) may unable to commit baseline config after zeroize.
PR Number	Synopsis	Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1427632	QFX5100-VCF - 'rollback' for uncommitted config takes 1 hour Product-Group=junos	Performing "config# rollback 0" may takes a long time to complete.
1439805	When a group is applied at non-root level, updating commands inside the group does not update the hierarchies where they are applied. Product-Group=junos	On all Junos platforms, if a group is applied at non-root level and later some knob from the group is deleted, then change bits are not set for the hierarchy where the group is applied.
PR Number	Synopsis	Category: VSRX platform software
1469978	vsrx2.0 - config-drive does not work as expected Product-Group=junos	Adding the license to a vSRX instance while it is getting spun through cloud-init fails. You have to manually add the license after the device has booted up.

18.4R2-S3 - List of Known issues

PR Number	Synopsis	Category: EX4300 Layer 2 implementation
1464365	EX4300VC: Switch may drop Dot1x client TLS packet Product-Group=junos	On EX4300 switches, when packets entering a port exceed a size of 144 bytes, they might get dropped in very few cases.
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1367439	On the QFX5110 Virtual Chassis peers, invalid VRRP mastership election is observed. Product-Group=junos	In some specific scenarios, the configuration of bpdu-block-on-edge might cause both QFX5110 to claim as VRRP masters.
1429504	Layer 3 IP route might not be installed in LPM forwarding table on QFX5000 platforms Product-Group=junosvae	On QFX5000 platforms, when the host forwarding table is full and the host entries are installed in LPM forwarding table, or when lpm-profile with unicast-in-lpm option is used, the Layer 3 IP route might not be installed in LPM forwarding table if there are SER errors, hence there might be traffic impact. The issue is fixed in the following releases via PR1446974.
1440847	The bandwidth value of the DDOS-protection might cause the packets loss after the device reboot Product-Group=junos	In the DDOS-protection scenario, when the aggregate bandwidth value (e.g value A) of protocols (l3mtu-fail/ttl/ip-opt/rsvp/ldp/bgp/unknown-l2mc/rip/ospf/stp/pvstp/lldp) is configured, this bandwidth value might be reset to the default value (e.g. value B) after the device reboot or PFE restart.
PR Number	Synopsis	Category: BBE Remote Access Server
1449064	Subscriber login fails when the PCRF server is unreachable. Product-Group=junos	In Gx-Plus for Provisioning Subscribers scenario, when the PCRF (Policy and Charging Rules Function) server is unreachable or the diameter protocol is down, the subscriber login might fail to successfully establish a session or the subscribers might fail to bind a service policy by Gx-Plus after the PCRF Server connectivity is restored.
PR Number	Synopsis	Category: PTX Express ASIC interface
1428307	After you reboot the FPC, an interface comes up. Product-Group=junos	In PTX with FPC3-PTX and QSFP28 PIC, or MX platforms with EA/ZT-chip based line cards, one of the interfaces on them might not come up after an interface of peer device flapping in short intervals and then restart the local FPC. Due to the BCM8238x chip of Broadcom with a wrong re-timer leading to the local interface remain in "down" state.
1453217	On PTX5000 and PTX3000 router with 15x100G and 96x10G PIC, the interface bcm8238 line side amplitude setting is incorrect and might cause optic reliability issues. Product-Group=junos	On PTX5000 Router, the 100-Gbps interface might not come up after flapping due to optic reliability issues.
PR Number	Synopsis	Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1431033	Traceoptions file exceeds the configured file size limit as the file keeps on growing. Product-Group=junos	With 64-bit rpd running and traceoptions configured e.g. for BGP or MPLS statistics etc., the trace files are not rotating/rolling over as per the configured file size limit and the logs continue to be written to a single file continuously.
PR Number	Synopsis	Category: Firewall Authentication
1475435	SRX Series: Unified Access Control (UAC) bypass vulnerability (CVE-2020-1637) Product-Group=junos	A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy; Refer to https://kb.juniper.net/JSA11018 for more information.
PR Number	Synopsis	Category: Multiprotocol Label Switching
1282369	With nonstop active routing (NSR), when the rpd restarts on the master Routing Engine, the rpd on the backup Routing Engine might restart. Product-Group=junos	With nonstop active routing (NSR), when the routing protocol process (rpd) restarts on the master Routing Engine, the rpd on the backup Routing Engine might restart.
1460283	The previously configured credibility preference is not considered by CSPF even though the configuration has been deleted or changed to prefer another protocol in the traffic engineering database. Product-Group=junos	After configuring the credibility, the new credibility preference value will be stored internally and its not cleared or consider by the CSPF module, incase if the perviously configuration of "traffic-engineering credibility-protocol-preference" was deleted or if you configure "traffic-engineering credibility-protocol-preference" under another protocol (for example ISIS)
PR Number	Synopsis	Category: PTP related issues.
1471466	On the MX104 Series routers, the clksyncd crash might be observed when PTP over an aggregated Ethernet is configured. Product-Group=junos	This issue is specific to feature PTP (Precision Time Protocol) over AE interface for MX104 platform. When PTP over AE is configured on MX104 platform, clksyncd process might crash and restart. It might cause partial service impact during the recovery and clksyncd restarts (about 2mins).
PR Number	Synopsis	Category: SW installation for all qfx platforms.
1345848	upgrade/downgrade from tvp to non-tvp is not supported. Product-Group=junos	Downgrade from a TVP image to a non-TVP image is not supported. However, upgrade from a non-TVP image to a TVP image is supported.
PR Number	Synopsis	Category: QFX L2 PFE
1473521	The l2ald crash might be observed when around 16,000 VLAN-IDs share the same VXLAN tunnel and the Packet Forwarding Engine is rebooted. Product-Group=junos	On EX, MX and QFX platform, l2ald might crash when around 16k VLAN-ID is sharing the same VxLAN tunnel and PFE is restarted. After this issue happened, MAC address table is not cleared and layer 2 transaction could work normally. In the end, traffic or service is not affected. This issue is not reproducible.
PR Number	Synopsis	Category: platform related PRs on SRX branch platforms
1451474	Traffic forwarding on Q-in-Q port and VLAN tagging is not observed properly on R0. Product-Group=junos	On SRX-branch platforms, if QinQ and native-vlan-id are configured, priority tagged packets (Priority tagged packets have their VLAN ID set to 0, and their priority code point bits might be configured with a CoS value.) would be dropped. Below is the detail. The newly added configuration "set interface input-native-vlan-push" is not supported by branch SRX. By default, input-native-vlan-push is disabled, which will cause untagged packets ingress from UNI (user-to-network) will not be added with inner tag on egressing out of NNI (network-to-network interface), and the priority only tagged packets ingress from UNI will be stripped of the priority tag when it egresses out of the UNI in the other end. Hence packets drop would be seen.
PR Number	Synopsis	Category: MPC7/8/9 Interface Issues
1440526	On MX Series, CPU might hang or interface might stop working on 100-Gigabit Ethernet port. Product-Group=junos	On MX/EX/PTX, if particular 100G port is used, CPU might hang or interface might be stuck down on the 100G port. This issue may cause traffic disruption in the network.
PR Number	Synopsis	Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1476786	The MX router acting as LNS does not get to program the PFE with l2tp services that causes forwarding issues for the l2tp subscribers. Product-Group=junos	On the MX platforms working in an enhanced subscriber environment, if the "routing-service" knob is enabled under the dynamic-profile for the LNS subscribers, l2tp services may not be programmed properly in the PFE due to timing, which causes forwarding issue to the affected subscribers.
PR Number	Synopsis	Category: TRIO Interface based services
1465490	On MPC7, MPC8, and MPC9, WO packet error and FPC major alarm are observed when reassembling the small fragments. Product-Group=junos	When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of small fragments requiring reassembly. Refer to https://kb.juniper.net/JSA11036 for more information.
PR Number	Synopsis	Category: UI Infrastructure - mgd, DAX API, DDL/ODL
991081	The configuration change on Backup RE cannot be synchronized while deleting inactivated interfaces/routing-instances from master Product-Group=junos	In the dual Routing Engine scenario, the backup Routing Engine does not sync up the configuration change while deleting an inactivated interface/routing-instances from the master. So after the operation, the inactivated interface/routing-instances still exists on the backup Routing Engine.
1431198	Error might occur when you use a script to load the configuration. Product-Group=junos	Multiple deletion of a non-existing configuration statement produces errors through RPC load-configuration.
1452136	The mgd might crash when you use the replace pattern command. Product-Group=junos	When you use the "replace pattern" command to replace the name in the apply-group, the mgd crashes.
1464439	If a NETCONF session is initiated over an inband connection, the CPU utilization on mgd daemon might be 100 percent after the NETCONF, which executes an RPC call for some commands and gets interrupted by flapping interface. There is no impact observed to the control plane or the forwarding plane, the subsequent NETCONF session continues to function. Product-Group=junos	If a NETCONF session is initiated over an inband connection, the CPU utilization on mgd daemon might be 100 percent after the NETCONF, which executes an RPC call for some commands and gets interrupted by flapping interface. There is no impact observed to the control plane or the forwarding plane, the subsequent NETCONF session continues to function.

Knowledge Base

18.4R2-S3 - List of Fixed issues

18.4R2-S3 - List of Known issues