Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.4R2-S3: Software Release Notification for JUNOS Software Version 18.4R2-S3

0

0

Article ID: TSB17703 TECHNICAL_BULLETINS Last Updated: 21 Aug 2020Version: 3.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, and VMX
Alert Description:
Junos Software Service Release version 18.4R2-S3 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.4R2-S3 is now available.

18.4R2-S3 - List of Fixed issues

PR Number Synopsis Category: EX4300 PFE
1427866 IPv6 traffic might be dropped when static /64 Ipv6 routes are configured
Product-Group=junos
On EX4300, when static /64 IPv6 route is configured and points to the interface where uRPF is configured, IPv6 packets which match the routes might be dropped.
PR Number Synopsis Category: EX2300/3400 CP
1447291 The Phone-Home Client upgrade might fail on EX devices
Product-Group=junos
On EX2300/EX3400/EX4300 Series devices with Phone-Home Client (PHC) feature configuration, the Phone-Home Client upgrade might fail because the phcd process is unable to get the device Serial Number.
PR Number Synopsis Category: EX2300/3400 PFE
1466423 The broadcast and multicast traffic might be dropped over IRB or LAG interface in QFX/EX VC scenario
Product-Group=junos
On QFX5000/EX2300/EX3400/EX4600 Virtual Chassis (VC) platforms, the broadcast and multicast traffic might get dropped over some of the Link Aggregation Group (LAG) or Integrated Routing and Bridging (IRB) interfaces. Due to this issue, all the routing protocols replying on broadcast/multicast traffic would not be able to setup neighbor sessions, for example, some of the Open Shortest Path First (OSPF) sessions might be stuck in "Init" state over LAG or IRB interfaces.
PR Number Synopsis Category: EX-Series VC Datapath
1426741 Junos OS: EX4300: Traffic from the network internal to the device (128.0.0.0) may be forwarded to egress interfaces (CVE-2020-1628)
Product-Group=junos
Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. Refer to https://kb.juniper.net/JSA11008 for more information.
PR Number Synopsis Category: DC PFE QoS
1466770 On the QFX5100 switch, slow packet drops might be observed when there are packets on the port before its buffer configuration is completed after the reboot. This issue is very rare and the window could be just few milliseconds.
Product-Group=junos
The issue observed on QFX5000 platforms when there are any packets on the port before its buffer configuration is completed after the reboot. This issue is very rare and the window could be just few milli seconds.
PR Number Synopsis Category: QFX PFE L2
1448488 The traffic leaving QFX5K and EX46 switches might not be properly load-balanced over AE interfaces
Product-Group=junos
On QFX5K and EX46 platforms, when an AE interface is used, the switches might not properly load-balance the transit traffic to this Layer 2 LAG link even for different MPLS labels (for MPLS traffic) or different VLAN tags. And configuring different 'forwarding-options enhanced-hash-key hash-mode' options or configuring the proper hash offset with "set forwarding-options enhanced-hash-key hash-parameters lag offset 0" also could not work. Due to this, it might cause traffic impact if the congested traffic is seen.
1462171 The LLDP function might fail when a device running Junos OS connects to a device that does not run Junos OS.
Product-Group=junos
On EX/QFX platforms with STP disabled, the LLDP function might fail when a Juniper device connects to a non-Juniper one. In this scenario, the LLDP PDU with destination MAC 01:80:c2:00:00:00, which is one of the three reserved MAC addresses for LLDP in IEEE 802.1AB, will be ignored by Juniper LLDP process, and this causes the LLDP function failure. This issue has service impact.
1467763 The fxpc.core might be seen when committing the configuration all together, e.g., after the reboot
Product-Group=junos
On EX2300/3400/4300/4600 and QFX Series switches except for QFX10k, if committing the configuration all together (e.g., after the reboot), the fxpc/PFE core dump might be found. In the Virtual Chassis scenario, the VC members might be splitted because the VC ports might not be created in time.
1469596 Ingress traffic might silently discard traffic if the underlying interfaces flap in the EVPN-VXLAN scenario.
Product-Group=junos
On QFX5000 platforms with Ethernet Virtual Private Network (EVPN) and Virtual Extensible LAN (VXLAN) scenario, if there is the underlying interface flaps for the core network side, all the ingress traffic might be backholed by the VXLAN Tunnel Endpoint (VTEP) due to this issue.
1474142 Traffic might get affected if the composite next-hop is enabled.
Product-Group=junos
On QFX5000 and EX4600 platforms with composite next hop enabled, traffic loss would occur when deleting leaked routes with composite next hop.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1444845 On the QFX5100 Virtual Chassiss, the CRC errors might be observed.
Product-Group=junos
In QFX5100 Virtual Chassis(VC) scenario, if the VC connections are disconnected for any reason, like rebooting the switch or pulling out the optical module, the CRC errors and packets loss might be seen when the VC connections resume working again. Due to the VCP ports are not getting initialized properly.
1455547 Core files might get generated during the addition or removal of the EVPN type-5 routing instance.
Product-Group=junos
On QFX platforms, the coredump might occur during adding/removing EVPN Type-5 routing instance. The EVPN route would be corrupted and traffic/service impact appears if hitting the issue.
1463092 When deleting IRB on the layer 3 gateway, IRB does not get removed from PFE and will blackhole traffic to IRB mac address
Product-Group=junos
On QFX5110/5120 platform as the layer 3 gateway, after deleting the configuration of interfaces irb, The IRB might not get removed from PFE and will blackhole traffic to the MAC address of the deleted IRB.
PR Number Synopsis Category: QFX PFE MPLS
1477301 The traffic might get lost over the QFX5100 switch acting as a transit PHP node in the MPLS network.
Product-Group=junos
In the MPLS network, the packets may get dropped by egress node if the packets go through the QFX5100 switch acting as a transit PHP (penultimate-hop popping) node.
PR Number Synopsis Category: Accounting Profile
1452363 PFED core files are seen and MIB2D is reported as slow peer due to a Packet Forwarding Engine accounting issue.
Product-Group=junos
The flow label statistics are retrieved periodically by pfed for PTX or TVP platforms, if the statistics reply becomes very big number, the pfed might crash hence affecting traffic.
PR Number Synopsis Category: MX Layer 2 Forwarding Module
1464778 Type 1 ESI/ or AD route are not generated locally on EVPN PE in all-active mode.
Product-Group=junos
In a scenario when the VGA on IRB is deactivated/activated/configuration commit at the same time on both PEs of a site, the type 1 ESI/AD route might not be generated locally.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1448649 Junos OS BFD sessions with authentication flaps occurs after sometime.
Product-Group=junos
In the scenario where BFD session authentication is configured, after a certain period of time, BFD sessions flaps may be seen, this will cause the neighbor to be down.
PR Number Synopsis Category: Border Gateway Protocol
1437837 The rpd might crash in case multipath is enabled, as BGP multipath teardown is called for secondary route even though secondary routes are considered for multipath.
Product-Group=junos
This issue applies to Junos platforms with BGP multipath configured under a routing-instance and a RIB group is deployed to leak routes from that routing-instance to another routing table. "rpd" may restarts unexpectedly when performing multipath calculation operations for the secondary routes - (such as, removing the rib-groups/bouncing BGP neighbor under routing-instance.) The secondary routes refer to the second RIB in a RIB (Routing Information Base) group.
1461602 The rpd scheduler slips might be seen on an RPKI route validation-enabled BGP peering router in a scaled setup.
Product-Group=junos
In scaled BGP environment (e.g. global table ~3M routes or more) when there are a lot of (e.g 10k or more) more specific routes for a certain IPv4 or IPv6 prefix covered by some RV (route validation) record, a change in RV records database might lead to rpd (routing protocol daemon) scheduler slips, which could trigger routing protocol adjacency flap. The same could be triggered by executing "clear validation database" command or shortly after initial session RPKI (resource public key infrastructure) establishment event.
PR Number Synopsis Category: Device Configuration Daemon
1445370 The VRRP IPv6 state might flap between init and idle states after configuring vlan-tagging
Product-Group=junos
On EX-series and QFX-series platforms with VRRP IPv6 deployment, the VRRP IPv6 state might flap between init and idle states after configuring vlan-tagging on the interface that the VRRP IPv6 is configured.
PR Number Synopsis Category: Ethernet OAM (LFM)
1465608 The EOAM CFM primary-vid functionality does not work if the enhanced-cfm-mode is enabled.
Product-Group=junos
On MX10003 platform, the EOAM (Ethernet Operations, Administration, and Maintenance) CFM (Connectivity Fault Management) primary-vid functionality doesn't work if the enhanced-cfm-mode is enabled. The issue impacts the CFM functionality.
PR Number Synopsis Category: EVPN control plane issues
1467309 Rpd might crash with EVPN-related configuration changes in static VXLAN to MPLS stitching scenario.
Product-Group=junos
In EVPN scenario without encapsulation type specified (the default EVPN encapsulation type is set to MPLS), if "vlan-id none" and "vni " is configured in EVPN instance, the rpd might crash after changing EVPN related configuration (such as set the encapsulation as vxlan or delete label-allocation scheme).
PR Number Synopsis Category: EX Chassis chassism/chassisd
1446363 Major alarm logs messages for temperature conditions at 56 degrees celsius.
Product-Group=junos
A major alarm might be generated once any sensor temperature is hit at 56 degrees celsius. This is incorrect behavior and can be resolved by upgrading version of code. **Note: Even though incorrect alarms are triggered, the chassis will still shut down gracefully when "fire shutdown" threshold is hit as seen in operational mode > show chassis temperature-thresholds.
PR Number Synopsis Category: Express PFE CoS Features
1455309 On the QFX10000 line of switches, the PFC feature does not work.
Product-Group=junos
On QFX10k series platforms, the PFC (Priority-based Flow Control) feature doesn't work as expected. The issue might lead to congestion as the flow is not controlled by the PFC.
PR Number Synopsis Category: Express PFE FW Features
1433648 Traffic drop might occur on PTX/QFX during filter change operation
Product-Group=junos
On PTX/QFX platforms, a firewall configuration change operation may not be done correctly within the PFE causing transit packets drops.
PR Number Synopsis Category: Express PFE including evpn, vxlan
1471465 When the VTEP source interface is configured in the multiple routing instances, there might be traffic loss.
Product-Group=junos
In VXLAN scenario on QFX10000 series platforms, when VTEP source interface is configured in multiple routing instances, the traffic loss might occur if one of such routing instances is deleted.
PR Number Synopsis Category: Express PFE L2 fwding Features
1405786 Ping over loopback might not work over TYPE 5 tunnel on QFX10000 platforms
Product-Group=junos
On QFX10000 platforms, in EVPN-VXLAN scenarios, ping between Spine to Spine loopback over TYPE 5 tunnel might not work.
PR Number Synopsis Category: PTX Express ASIC interface
1412126 On FPC P2 line card, interface might stay down after maintenance. The issue is observed on links connected to another vendors equipment.
Product-Group=junos
On PTX3000/PTX5000 linecard (QSFP28-100GBASE-LR4) interface may stay down after software upgrade. Issue is usually observed on links connected to another vendors equipment.
PR Number Synopsis Category: idp flow creation, deletion,notification, session mgr intfce
1444043 SNMP queries might cause commit or show command to fail due to IDP.
Product-Group=junos
On SRX Series devices, commit or show command for IDP might not work if SNMP queries are run when large-scale IDP is used.
PR Number Synopsis Category: Signature Database
1467208 Unable to update offline IDP signature in vsrx3.0 with 19.2R1
Product-Group=junos
IDP offline signature update is not allowed on vSRX platforms.
PR Number Synopsis Category: ISIS routing protocol
1455432 The rpd might crash continuously due to memory corruption in IS-IS setup.
Product-Group=junos
With ISIS configured and in a very rare case, memory corruption may occur, this may cause rpd crash continuously.
PR Number Synopsis Category: jdhcpd daemon
1449353 Junos OS and Junos OS Evolved: Multiple vulnerabilities in JDHCPD allow for OS command injection and code execution of JDHCPD
Product-Group=junos
A device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process configured relay mode is vulnerable to multiple vulnerabilities which allow an attacker to send crafted packets who may arbitrarily execute commands as root on the target device, or who may take over the code execution of the JDHCPD process. Refer to https://kb.juniper.net/JSA10981 for more information.
1458150 DHCP subscriber might not come online after the router reboots.
Product-Group=junos
On MX platform with DHCP subscriber scenario, the subscriber might not come online after the router is rebooted.
PR Number Synopsis Category: interfaces and zones for junos js software
1452488 On SRX Series devices with chassis cluster, the control link remains up even though the control link is actually down.
Product-Group=junos
On vSRX, vSRX 3.0, SRX1500, SRX4100, SRX4200 and SRX4600 platforms, the chassis cluster control link remains up even when the control link is actually down. The failover cannot be executed in this situation, and this issue has traffic or service impact.
PR Number Synopsis Category: Label Distribution Protocol
1451157 The LDP route timer resets when committing unrelated configuration changes.
Product-Group=junos
The LDP route timer is reset due to committing unrelated configuration changes. As usual, the "route timer reset" implies route churn, but LDP itself is not affected as there is no real nexthop change in the case of configuration commit with unrelated changes. However, protocols using the LDP route as protocol nexthop may be impacted.
PR Number Synopsis Category: Port-based link layer security services and protocols that a
1475089 MACsec traffic over L2circuit might not work on QFX10K/PTX10K/PTX1K platforms after upgrading from Junos 15.1 to higher versions
Product-Group=junos
After upgrading from Junos 15.1 to higher versions (before Junos 19.3), MACsec ethertype might not be programmed as known ethertype on QFX10K/PTX10K/PTX1K platforms, so when those platforms are configured as L2circuit tunnel termination, the inner payload (MACsec packets) could not be detected properly and outgoing packets are corrupted.
PR Number Synopsis Category: Multiprotocol Label Switching
1442495 LSI interface Layer 2 Virtual Chassis goes down on one router in VPLS domain through the MPLS path is still available in inet.3. Reason shows as mpls label out of range.
Product-Group=junos
When both primary and secondary standby paths are configured on a no-cspf label swtiched path (LSP), also both primary and secondary paths are both up only on detour, one or more transit nodes shared by primary path and secondary path in failure might cause the active path keep changing between primary and secondary paths. There is no traffic impact observed when this issue happens.
PR Number Synopsis Category: Bugs related to ethernet interface on MX platform
1436327 The default configuration does not create any logical interfaces and LLDP cannot discover the neighbor for those interfaces, which the logical interface is not configured explicitly in the Junos OS configuration.
Product-Group=junos
Default config doesn't create any IFLs and LLDP cannot discover neighbor for those interfaces which ifl is not configured explicitly in Junos configuration.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1425608 The kernel crashes during the removal of the mounted USB when a file is being copied to it.
Product-Group=junos
If you pulled out a USB storage device from the system while files are being copied, the kernel will panic and the system will restart.
1442376 EX2300 platforms might stop forwarding traffic or responding to console
Product-Group=junos
On EX2300/EX2300-C platforms, if Junos OS is with FreeBSD kernel version 11 with the build date on or after 2019-02-12, the switch might stop forwarding traffic or responding to console. A reboot is required to restore the service.
1454950 EX switches might not come up properly upon reboot
Product-Group=junos
EX switches might not come up properly upon reboot due to the date not been set up.
1469400 EX3400 might reboot because of lack of watchdog patting
Product-Group=junos
On EX3400, if watchdog pat did not happen within stipulated time and it might reboot automatically with "0x2:watchdog" as reboot reason.
PR Number Synopsis Category: OSPF routing protocol
1445078 The rpd might crash in OSPF scenario due to invalid memory access.
Product-Group=junos
In Open Shortest Path First (OSPF) scenario, rpd might crash when trying to resolve the Forwarding Address (FA) from an OSPF LSA type 5/7. The issue is due to accessing memory bytes exceeding the valid size, and occurs in rare condition.
PR Number Synopsis Category: PE based L3 software
1434567 IPv6 neighbor solicitation packets getting dropped on PTX
Product-Group=junos
In IPv6 scenario on PTX platforms (including PTX3K/5K with FPC3, PTX1K, PTX10K), when a parity error which is due to hardware error occurs on FPC, the neighbor solicitation (NS) packets might get dropped. It will cause IPv6 neighbor discovery failure, and no relevant alarms or logs are reported during the issue.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1344858 Junos OS: vMX: Default credentials supplied in configuration (CVE-2020-1615)
Product-Group=junos
The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. Refer to https://kb.juniper.net/JSA10998 for more information.
PR Number Synopsis Category: PTP related issues.
1471502 When PTP is configured in the hybrid mode, the Synchronous Ethernet frequency drifts.
Product-Group=junos
In Hybrid Mode with phase synchronization and frequency synchronization scenario, some frequency/phase changes may not be adjusted and PTP state can be stuck in acquiring state.
1474987 clksyncd generates core file after GRES.
Product-Group=junos
clksyncd crashed after GRES on the new master RE in the scenario where clksyncd was not running on the ex-master RE.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1426737 The dcpfe/PFE might not start on AS7816-64X and QFX5K TVP platform devices
Product-Group=junosvae
The dcpfe/PFE might not start on AS7816-64X and QFX5K TVP platform devices which results in all the interfaces going down.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1423496 Ports might get incorrectly channelized if they are already of 10-Gigabit Ethernet and they are channelized to 10-Gigabit Ethernet again.
Product-Group=junos
On all junos platforms with channelizing ports on FPCs, if a 40G port which are channelized to 10G ports already (eg:xe-2/0/16:0) are being channelized to 10G again, they may get incorrectly channelized.
1449406 CRC error might be seen on the VCPs of the QFX5100 Virtual Chassis.
Product-Group=junos
In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1446974 QFX5K:L3 IP route entries might not get programmed in the LPM table
Product-Group=junosvae
Due to software issues on a chipset vendor SDK on Juniper QFX series 5100, 5110, 5120, 5200 and 5210, L3 IP route entries might not get programmed in the LPM table and this will impact L3 traffic. The following messages will show up in the log messages: [Mon Dec 30 11:00:09.889 LOG: Err] brcm_rt_ip_uc_lpm_install:1328(LPM route change failed) Reason : Table full unit 0 [Mon Dec 30 11:00:09.889 LOG: Err] brcm_rt_ip_uc_entry_install:1186brcm_rt_ip_uc_entry_install Error: lpm ip route install failed vrf 1 ip 2404:5780:3::/48 nh-swidx 131083 nh-hwidx 200048
1466810 On the QFX10000 line of switches, the EPR iCRC errors might cause protocols to go down.
Product-Group=junos
EPR iCRC errors in QFX10000 series platforms might cause protocols down. FPC will be in wedged state and will not pass traffic on that PFE if hitting this issue. EPR iCRC errors are normal and caused by transient hardware conditions. EPR iCRC errors are not expected to impact the protocols, and only one CRC failed packet will be dropped. But due to incorrect handling of this error, it affects protocols and causes FPC wedge.
1475249 On the QFX5200 line of switches, the DAC cables are not being properly detected in the Packet Forwarding Engine in Junos OS Release 18.4R2-S2.4.
Product-Group=junos
The DAC Breakout cables such as "JNP-100G-2X50G-1M" were not categorized as dac_port variable which was causing the interface type to get defaulted to SR.
PR Number Synopsis Category: QFX access control list
1464883 Unable to attach a filter to an IRB interface when that filter contains an action to remark the DSCP value to a non-zero value
Product-Group=junos
When you try to apply a firewall filter that contains a "then dscp" action to a Layer 3 inet subinterface, you will get an error when trying to commit. Applying the same filter to an IRB interface succeeds as does applying the same filter to a Layer 3 subinterface on QFX5100-48S.
PR Number Synopsis Category: DHCP related Issues
1459499 The lightweight DHCPv6 relay agent functionality might be broken on QFX5K platforms
Product-Group=junos
On QFX5K platforms, the Lightweight DHCPv6 Relay Agent (LDRA) functionality might be broken. Due to this issue, when light-weight-dhcpv6-relay is configured under dhcp-security hirachy, dhcp-security ipv6 binding might be stuck at "WAIT" state and get cleared later.
PR Number Synopsis Category: Filters
1464352 The dcpfe might crash when changing the firewall filter on QFX5K platforms
Product-Group=junosvae
On QFX5K switches, when a firewall filter term is changed in scale conditions (such as, more than 2500 iRACL--ingress Routing ACL entries), the dcpfe might crash especially in make-before-break scenario. It might cause all interfaces in this FPC down.
PR Number Synopsis Category: for all ipv6 related issues
1459759 The fxpc process might crash due to several BGP IPV6 session flaps
Product-Group=junos
On QFX5100 and EX4600 platforms, the fxpc (packet forwarding engine manager) process might crash when multiple BGP IPV6 sessions (for instance around 500) are flapped and then restored at the same time.
PR Number Synopsis Category: QFX L2 PFE
1474545 On the QFX5000 line of switches in the EVPN-VXLAN scenario, continuous error log messages might be raised.
Product-Group=junos
In EVPN-VXLAN scenario, when an SP style interface is configured both with native-vlan-id and LLDP on QFX5000 platforms, continuous log messages might be observed.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1456336 Link up delay and traffic drop might be observed on the mixed SP Layer 2 or Layer 3, and EP Layer 2 type configurations.
Product-Group=junos
This PR includes three issues. First one: When Layer3 IFL (logical interface) is configured first and then Layer2 IFL is configured, MAC move might not happen. Second one: On Vxlan setup with large number of child interfaces, link up delay is seen. Third one: In case of VLAN setup with Enterprise/Service Provider L2 and L3 type configs, when all the configs are done in single commit statement then the traffic might not be forwarded.
PR Number Synopsis Category: QFX MPLS PFE
1469998 If continuous interface flap occur at ingress or egress of the PE devices, the IP routed packets might get looped on the MPLS PHP node.
Product-Group=junos
On QFX5K platform, when MPLS node-link-protection is configured on all nodes (PE and P device), the IP routed packets might be looped on the MPLS PHP node (P device) if continuous interface flaps at ingress/egress of PE devices.
PR Number Synopsis Category: QFX EVPN / VxLAN
1454804 The untagged hosts ARP/NS requests might not be resolved when it is connected on 'encapsulation ethernet-bridge' interface
Product-Group=junos
On the QFX5120 platform, the ARP request/reply/NS/NA might not get resolved for an untagged packet coming on an interface with 'encapsulation ethernet-bridge' and when this interface is in a vxlan with 'encapsulate-inner-vlan' configuration.
PR Number Synopsis Category: QFX VC Infrastructure
1433525 VC Mezz temp and QIC sensor get failure on QFX
Product-Group=junos
On QFX VC Mezz temp and QIC sensor get failure because displaying of temp sensor without data being set/fetched.
PR Number Synopsis Category: RPD policy options
1453439 Routes resolution might be inconsistent if any route resolving over the multipath route.
Product-Group=junos
On all Junos platforms, any route resolving over the multipath routes, one scenario is BGP over BGP. After the metric value of any PNH (refers to the second PNH and using it to perform the second time next-hop resolving) changes, meanwhile, if the hash-selection changes happened, it might result in routes resolution inconsistency. Traffic drops could be observed if the packages are still forwarding to the old PNH (Protocol Next Hop). Any recursive resolving multipath scenario might trigger this issue.
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1442542 EVENT UpDown interface logs are partially collected in syslog messages.
Product-Group=junos
When multiple interfaces UpDown event happens, a number of interfaces are not logged the event but partial logs are recorded in messages file.
PR Number Synopsis Category: Resource Reservation Protocol
1445994 Traffic might be silently dropped or discarded if two consecutive PLRs along the LSP performs local repair simultaneously under certain misconfigured conditions.
Product-Group=junos
In RSVP environment with link or node protection deployed, if two consecutive PLRs (point of local repair) along the LSP perform local repair simultaneously and if backup LSP signaling between the downstream PLR & MP (merge point) pair fails due to any reason, then the backup LSP signaling between the upstream PLR & MP pair also does not succeed. Then due to a software defect the upstream PLR does not correctly clean up the LSP state and continues to send traffic into the backup LSP, resulting in traffic blackhole at the downstream PLR.
1471281 The rpd crash might be seen after some commit operations, which might affect the RSVP ingress routes.
Product-Group=junos
On all platforms with BGP PIC configured, if doing some commit operations where RSVP ingress routes are affected, the rpd crash might be seen.
PR Number Synopsis Category: Issues related to control plane security
1470693 Junos OS: Multiple FreeBSD vulnerabilities fixed in Junos OS. (CVE-2018-6916, CVE-2018-6918)
Product-Group=junos
Multiple vulnerabilities have been resolved in Junos OS by updating third party software included with Junos OS or by fixing vulnerabilities found during internal testing. Refer to https://kb.juniper.net/JSA11016 for more information.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1459306 The traffic might be stuck on MS-MPC or MS-MIC with sessions receiving a huge number of affinity packets.
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC, if there are sessions receiving huge number of affinity packets (e.g. thousands of packets), the service interface might be brought down by the prolonged flow-control, and the mspmand process crash might happen. In this case, the traffic will be stuck due to this issue.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1463015 The EA WAN SerDes gets into a stuck state, leading to continuous "DFE tuning timeout' errors and link staying down.
Product-Group=junos
The interfaces on certain MX platforms might get stuck in a down state, if the remote interface sends invalid code to the local interface. Link might not come up even after the remote peer has begun sending a good signal.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1462325 On MX204, RADIUS interim accounting statistics are not populated.
Product-Group=junos
In PPPoE/DHCP Subscriber Access Networks, if RADIUS Accounting for Subscriber Access is configured, the accounting interval update message might not be populated by PFE ASIC due to the hardware limitation on MX204, the statistics of PPPoE/DHCP subscriber might not be sent to the RADIUS accounting server. Then PPPoE/DHCP subscribers might have incorrect stats values, the services (e.g. network management/client billing/auditing, and so on) related to these statistics collected by accounting might be impacted.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1466602 RT5 does not work properly and ip-prefix-routes are not reachable.
Product-Group=junos
On MX platforms with EVPN-VXLAN Tpye-5 tunnel used, when the VRF of Type-5 destination IP (toward host) is different from the default VRF (the tunnel end point in the underlay), Tpye-5 tunnel might not work properly, and ip-prefix-routes are not reachable.
PR Number Synopsis Category: Configuration management, ffp, load action
1426341 Switch may unable to commit baseline config after zeroize
Product-Group=junos
When the OpenConfig package is used (The OpenConfig package became part of image itself from 18.3, prior to 18.3 OpenConfig package is a seperate add-on package), the following switches (EX2200, EX3200, EX3300, EX3400, EX4200, EX4300, EX4500, EX4550, EX4600, QFX3000, QFX3100, QFX3500, QFX3600, QFX5100) may unable to commit baseline config after zeroize.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1427632 QFX5100-VCF - 'rollback' for uncommitted config takes 1 hour
Product-Group=junos
Performing "config# rollback 0" may takes a long time to complete.
1439805 When a group is applied at non-root level, updating commands inside the group does not update the hierarchies where they are applied.
Product-Group=junos
On all Junos platforms, if a group is applied at non-root level and later some knob from the group is deleted, then change bits are not set for the hierarchy where the group is applied.
PR Number Synopsis Category: VSRX platform software
1469978 vsrx2.0 - config-drive does not work as expected
Product-Group=junos
Adding the license to a vSRX instance while it is getting spun through cloud-init fails. You have to manually add the license after the device has booted up.
 

18.4R2-S3 - List of Known issues

PR Number Synopsis Category: EX4300 Layer 2 implementation
1464365 EX4300VC: Switch may drop Dot1x client TLS packet
Product-Group=junos
On EX4300 switches, when packets entering a port exceed a size of 144 bytes, they might get dropped in very few cases.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1367439 On the QFX5110 Virtual Chassis peers, invalid VRRP mastership election is observed.
Product-Group=junos
In some specific scenarios, the configuration of bpdu-block-on-edge might cause both QFX5110 to claim as VRRP masters.
1429504 Layer 3 IP route might not be installed in LPM forwarding table on QFX5000 platforms
Product-Group=junosvae
On QFX5000 platforms, when the host forwarding table is full and the host entries are installed in LPM forwarding table, or when lpm-profile with unicast-in-lpm option is used, the Layer 3 IP route might not be installed in LPM forwarding table if there are SER errors, hence there might be traffic impact. The issue is fixed in the following releases via PR1446974.
1440847 The bandwidth value of the DDOS-protection might cause the packets loss after the device reboot
Product-Group=junos
In the DDOS-protection scenario, when the aggregate bandwidth value (e.g value A) of protocols (l3mtu-fail/ttl/ip-opt/rsvp/ldp/bgp/unknown-l2mc/rip/ospf/stp/pvstp/lldp) is configured, this bandwidth value might be reset to the default value (e.g. value B) after the device reboot or PFE restart.
PR Number Synopsis Category: BBE Remote Access Server
1449064 Subscriber login fails when the PCRF server is unreachable.
Product-Group=junos
In Gx-Plus for Provisioning Subscribers scenario, when the PCRF (Policy and Charging Rules Function) server is unreachable or the diameter protocol is down, the subscriber login might fail to successfully establish a session or the subscribers might fail to bind a service policy by Gx-Plus after the PCRF Server connectivity is restored.
PR Number Synopsis Category: PTX Express ASIC interface
1428307 After you reboot the FPC, an interface comes up.
Product-Group=junos
In PTX with FPC3-PTX and QSFP28 PIC, or MX platforms with EA/ZT-chip based line cards, one of the interfaces on them might not come up after an interface of peer device flapping in short intervals and then restart the local FPC. Due to the BCM8238x chip of Broadcom with a wrong re-timer leading to the local interface remain in "down" state.
1453217 On PTX5000 and PTX3000 router with 15x100G and 96x10G PIC, the interface bcm8238 line side amplitude setting is incorrect and might cause optic reliability issues.
Product-Group=junos
On PTX5000 Router, the 100-Gbps interface might not come up after flapping due to optic reliability issues.
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1431033 Traceoptions file exceeds the configured file size limit as the file keeps on growing.
Product-Group=junos
With 64-bit rpd running and traceoptions configured e.g. for BGP or MPLS statistics etc., the trace files are not rotating/rolling over as per the configured file size limit and the logs continue to be written to a single file continuously.
PR Number Synopsis Category: Firewall Authentication
1475435 SRX Series: Unified Access Control (UAC) bypass vulnerability (CVE-2020-1637)
Product-Group=junos
A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy; Refer to https://kb.juniper.net/JSA11018 for more information.
PR Number Synopsis Category: Multiprotocol Label Switching
1282369 With nonstop active routing (NSR), when the rpd restarts on the master Routing Engine, the rpd on the backup Routing Engine might restart.
Product-Group=junos
With nonstop active routing (NSR), when the routing protocol process (rpd) restarts on the master Routing Engine, the rpd on the backup Routing Engine might restart.
1460283 The previously configured credibility preference is not considered by CSPF even though the configuration has been deleted or changed to prefer another protocol in the traffic engineering database.
Product-Group=junos
After configuring the credibility, the new credibility preference value will be stored internally and its not cleared or consider by the CSPF module, incase if the perviously configuration of "traffic-engineering credibility-protocol-preference" was deleted or if you configure "traffic-engineering credibility-protocol-preference" under another protocol (for example ISIS)
PR Number Synopsis Category: PTP related issues.
1471466 On the MX104 Series routers, the clksyncd crash might be observed when PTP over an aggregated Ethernet is configured.
Product-Group=junos
This issue is specific to feature PTP (Precision Time Protocol) over AE interface for MX104 platform. When PTP over AE is configured on MX104 platform, clksyncd process might crash and restart. It might cause partial service impact during the recovery and clksyncd restarts (about 2mins).
PR Number Synopsis Category: SW installation for all qfx platforms.
1345848 upgrade/downgrade from tvp to non-tvp is not supported.
Product-Group=junos
Downgrade from a TVP image to a non-TVP image is not supported. However, upgrade from a non-TVP image to a TVP image is supported.
PR Number Synopsis Category: QFX L2 PFE
1473521 The l2ald crash might be observed when around 16,000 VLAN-IDs share the same VXLAN tunnel and the Packet Forwarding Engine is rebooted.
Product-Group=junos
On EX, MX and QFX platform, l2ald might crash when around 16k VLAN-ID is sharing the same VxLAN tunnel and PFE is restarted. After this issue happened, MAC address table is not cleared and layer 2 transaction could work normally. In the end, traffic or service is not affected. This issue is not reproducible.
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1451474 Traffic forwarding on Q-in-Q port and VLAN tagging is not observed properly on R0.
Product-Group=junos
On SRX-branch platforms, if QinQ and native-vlan-id are configured, priority tagged packets (Priority tagged packets have their VLAN ID set to 0, and their priority code point bits might be configured with a CoS value.) would be dropped. Below is the detail. The newly added configuration "set interface input-native-vlan-push" is not supported by branch SRX. By default, input-native-vlan-push is disabled, which will cause untagged packets ingress from UNI (user-to-network) will not be added with inner tag on egressing out of NNI (network-to-network interface), and the priority only tagged packets ingress from UNI will be stripped of the priority tag when it egresses out of the UNI in the other end. Hence packets drop would be seen.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1440526 On MX Series, CPU might hang or interface might stop working on 100-Gigabit Ethernet port.
Product-Group=junos
On MX/EX/PTX, if particular 100G port is used, CPU might hang or interface might be stuck down on the 100G port. This issue may cause traffic disruption in the network.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1476786 The MX router acting as LNS does not get to program the PFE with l2tp services that causes forwarding issues for the l2tp subscribers.
Product-Group=junos
On the MX platforms working in an enhanced subscriber environment, if the "routing-service" knob is enabled under the dynamic-profile for the LNS subscribers, l2tp services may not be programmed properly in the PFE due to timing, which causes forwarding issue to the affected subscribers.
PR Number Synopsis Category: TRIO Interface based services
1465490 On MPC7, MPC8, and MPC9, WO packet error and FPC major alarm are observed when reassembling the small fragments.
Product-Group=junos
When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of small fragments requiring reassembly. Refer to https://kb.juniper.net/JSA11036 for more information.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
991081 The configuration change on Backup RE cannot be synchronized while deleting inactivated interfaces/routing-instances from master
Product-Group=junos
In the dual Routing Engine scenario, the backup Routing Engine does not sync up the configuration change while deleting an inactivated interface/routing-instances from the master. So after the operation, the inactivated interface/routing-instances still exists on the backup Routing Engine.
1431198 Error might occur when you use a script to load the configuration.
Product-Group=junos
Multiple deletion of a non-existing configuration statement produces errors through RPC load-configuration.
1452136 The mgd might crash when you use the replace pattern command.
Product-Group=junos
When you use the "replace pattern" command to replace the name in the apply-group, the mgd crashes.
1464439 If a NETCONF session is initiated over an inband connection, the CPU utilization on mgd daemon might be 100 percent after the NETCONF, which executes an RPC call for some commands and gets interrupted by flapping interface. There is no impact observed to the control plane or the forwarding plane, the subsequent NETCONF session continues to function.
Product-Group=junos
If a NETCONF session is initiated over an inband connection, the CPU utilization on mgd daemon might be 100 percent after the NETCONF, which executes an RPC call for some commands and gets interrupted by flapping interface. There is no impact observed to the control plane or the forwarding plane, the subsequent NETCONF session continues to function.
 
Modification History:

2020-08-21: Added "open" issues as this information was missing from the previous publication
2020-01-07: Removed duplicate entry for PR1449406.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search