Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.3R3-S1: Software Release Notification for JUNOS Software Version 18.3R3-S1

0

0

Article ID: TSB17709 TECHNICAL_BULLETINS Last Updated: 16 Jan 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, MX, EX, PTX, QFX, vMX, vRR, NFX, SRX, vSRX
Alert Description:
Junos Software Service Release version 18.3R3-S1 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.3R3-S1 is now available.

18.3R3-S1 - List of Open issues

PR Number Synopsis Category: EX2300/3400 platform
1452209 The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured
 
On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow.
PR Number Synopsis Category: QFX Multichassis Link Aggregrate
1454764 Flooding of ARP reply unicast packets for switch VRRP MAC address through every port in VLAN
 
A QFX switch may send out ARP reply unicast packets as a result of an ARP request sent for the device's VRRP MAC address.
PR Number Synopsis Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1463622 The cosmetic error messages of NTP time synchronization might be seen during device booting
 
In NTP with the boot-server scenario, when the router or switch boots, the NTP daemon will send a ntpdate request to poll the configured NTP boot-server to determine the local date and time. If the ntpdate is not be activated correctly while the device booting, the ntpdate might not work successfully. Then some cosmetic error messages of time synchronization might be seen, but there is no impact with time update since ntp daemon will update the time eventually.

18.3R3-S1 - List of Fixed issues

PR Number Synopsis Category: Software build tools (packaging, makefiles, et. al.)
1417345 The JSU package installation may fail
 
In a specific scenario, the JSU (Junos OS selective upgrade) package installation on a router which has JET (Juniper Extension Toolkit) package installed may fail due to "Operation not permitted" error. This issue does not impact service and traffic.
PR Number Synopsis Category: Engineering request for regressed image from System Test
1460087 Storage space limitation leads to image installation failure during Phone home on ex2300 and ex3400 platforms.
 
Storage space limitation leads to image installation failure during Phone home on ex2300 and ex3400 platforms.
PR Number Synopsis Category: L2NG RTG feature
1440574 MAC addresses learned on RTG may not be aged out after a Virtual-Chassis member rebooted
 
A "source" MAC entry does not age out after a VC member reboot. After a Virtual-Chassis (VC) member with aggregated interfaces rebooted, the kernel running on the routing-engine (RE) may install a "source" MAC entry as "remote" MAC entry. Hence, the MAC entry does not age out.
1461293 MAC addresses learned on RTG may not be aged out after aging time
 
MAC addresses learned on redundant trunk group (RTG) might not be aged out after aging time if the source interface is configured as RTG.
PR Number Synopsis Category: EX4300 Control Plane
1461434 ERP might not revert back to IDLE state after reload/reboot of multiple switches
 
On EX4300 platforms configured with ERP, after multiple devices reboot/restart at the same time, ERP might not revert back to the IDLE state. This issue might be seen in situations where the ERP node-id is not configured manually and after the restart, the default node-id (switch base MAC address) might get reset to 00:00:00:00:00:00, effectively causing multiple devices to have the same node-id.
PR Number Synopsis Category: EX4300 PFE
1448607 NSSU cause a traffic loss again after the backup to master transitions
 
In specific topology (VC uplink with VRRP and downlink client-side has a LAG), while doing NSSU on EX4300 VC, traffic loss might be observed again after the backup to master transitions.
1453025 The IRB traffic might get drop after mastership switchover
 
In the Virtual-Chassis scenario with mac-persistence-timer enabled, the IRB traffic might get drop after master switchover.
1470424 The switch might not be able to learn MAC address with dot1x and interface-mac-limit configured
 
On Junos platforms, if dot1x and interface-mac-limit are configured, when sending traffic continuously to the interfaces, the switch might not be able to learn MAC address. Hence traffic drop might be seen.
PR Number Synopsis Category: EX4300 Platform
1445626 The laser TX might be enabled while the interface is disabled
 
In ex4300 switches when 1G SFP is connected to 10G port, Auto-negotiation should be disabled (when enabled causes many issues like ARP, link down..) hence when AN is disabled somehow corrupting the TX_DISABLE field hence Laser Tx remain enabled when disabling and plug-out - plug-in.
PR Number Synopsis Category: Marvell based EX PFE L2
1474808 Continuous dcpfe error messages and eventd process hogged might be seen on EX2300 VC scenario
 
On EX2300 VC scenario, when host path packets are flooding through internal HG (higig) port, it might generate some dcpfe error messages which are harmless and eventd process hogged might also be seen. And it also might cause high CPU utilization which might affect protocol traffic.
PR Number Synopsis Category: Marvell based EX PFE L3
1462106 Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX-4600-EX-4300 VC
 
Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX-4600-EX-4300 VC
PR Number Synopsis Category: EX9200 Control Plane
1452738 The l2ald and eventd are hogging 100% after issued "clear ethernet-switching table"
 
The l2ald and eventd processes are hogging 100% after issued "clear ethernet-switching table" and also the continuous syslog errors "l2ald[18605]: L2ALD_IPC_MESSAGE_INVALID: Invalid message received (message type 0, subtype 0): null message" are observed.
PR Number Synopsis Category: EX2300/3400 CP
1458559 The correct VoIP VLAN information in LLDP-MED packets might not be sent after commit if dynamic VoIP VLAN assignment is used
 
If the dynamic assignment of VoIP VLAN is used, the switch might not send correct VoIP VLAN information in LLDP MED packets after any configuration change and commit.
PR Number Synopsis Category: EX2300/3400 PFE
1465526 [EX2300] FXPC Core is seen after mastership election based on user's priority
 
An FXPC core file is created when an EX2300 in a VC configuration is rebooted.
PR Number Synopsis Category: EX2300/3400 platform
1417839 EX3400 : "show chassis environment" repeats "OK" and "Failed" at short intervals
 
When the chassisd process receives incorrect values from LCMD for the RPM values, it changes the fan status to "Failed" from "Ok", and vice versa.
PR Number Synopsis Category: DC PFE QoS
1466770 Slow packet drops might be seen on QFX5000 platforms
 
The issue observed on QFX5000 platforms when there are any packets on the port before its buffer configuration is completed after the reboot. This issue is very rare and the window could be just few milli seconds.
PR Number Synopsis Category: QFX Multichassis Link Aggregrate
1465077 The traffic might be forwarded to wrong interfaces in MC-LAG scenario
 
On EX/QFX platforms with MultiChassis Link Aggregation Group (MC-LAG) configured, if the interface media of MC-LAG is changed from MultiProtocol Label Switching (MPLS) to Dense Wavelength Division Multiplexing (DWDM), the traffic might be forwarded to wrong interfaces and get dropped.
PR Number Synopsis Category: QFX Access control list
1379718 Host destined packets with filter log action might not reach to the routing engine if log/syslog is enabled.
 
On EX4300/EX4600/QFX Series switches except for QFX10k, if host destined packets (that is, the destination address belongs to the device) come from the interface with ingress filter of log/syslog action (for example, 'filter <> term <> then log/syslog'), such packets should not be dropped and reach the Routing Engine.
1429543 The traffic with destination UDP port 520 (RIP) or 521 (RIPng) gets dropped on QFX5000/EX4600 platforms
 
On QFX5000/EX4600 platforms, the received traffic will be dropped if the destination UDP port is 520/521 though the device runs pure layer 2 switching.
PR Number Synopsis Category: QFX PFE CoS
1432078 Shaping does not work after the reboot if "shaping-rate" is configured.
 
On QFX5110, QFX5100 and EX4600 platforms, if "shaping-rate" is configured, the shaping feature might not work after a reboot. The service might be impacted as the traffic cannot be rate limited.
1433252 The traffic is placed in network-control queue on extended port even if it comes in with different dscp marking
 
In Junos Fusion scenario, when traffic from aggregation device (AD) to satellite device (SD) is exported with different DSCP marking, it might be changed into network-control queue on extended port of SD.
PR Number Synopsis Category: QFX PFE L2
1437577 Physical layer and MAC/ARP learning might not work for copper base SFP-T on QFX5100/QFX5110/EX4600
 
On QFX5100/QFX5110/EX4600 platforms, if copper base SFP-T is used, it might not get up on physical layer and the MAC/ARP learning might not work if it gets up. The PR fixes both layer-1 and layer-2 issues in this scenario.
1462171 The LLDP function might fail when a Juniper device connects to a non-Juniper one
 
On EX/QFX platforms with STP disabled, the LLDP function might fail when a Juniper device connects to a non-Juniper one. In this scenario, the LLDP PDU with destination MAC 01:80:c2:00:00:00, which is one of the three reserved MAC addresses for LLDP in IEEE 802.1AB, will be ignored by Juniper LLDP process, and this causes the LLDP function failure. This issue has service impact.
1467763 The fxpc.core might be seen when committing the configuration all together, e.g., after the reboot
 
On EX2300/3400/4300/4600 and QFX Series switches except for QFX10k, if committing the configuration all together (e.g., after the reboot), the fxpc/PFE core dump might be found. In the Virtual Chassis scenario, the VC members might be splitted because the VC ports might not be created in time.
1469596 Ingress traffic might be blackholed if underlying interfaces flap in EVPN/VXLAN scenario
 
On QFX5000 platforms with Ethernet Virtual Private Network (EVPN) and Virtual Extensible LAN (VXLAN) scenario, if there is the underlying interface flaps for the core network side, all the ingress traffic might be backholed by the VXLAN Tunnel Endpoint (VTEP) due to this issue.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1367439 Invalid VRRP mastership election on QFX5110-VC peers
 
In some specific scenarios, the configuration of bpdu-block-on-edge might cause both QFX5110 to claim as VRRP masters.
1367439 Invalid VRRP mastership election on QFX5110-VC peers
 
In some specific scenarios, the configuration of bpdu-block-on-edge might cause both QFX5110 to claim as VRRP masters.
1455547 The coredump might occur during adding/removing EVPN Type-5 routing instance
 
On QFX platforms, the coredump might occur during adding/removing EVPN Type-5 routing instance. The EVPN route would be corrupted and traffic/service impact appears if hitting the issue.
1460688 The egress interface in PFE for some end-hosts may not be correct on the layer 3 gateway switch after it is rebooted
 
On edge-routed bridging (ERB) EVPN-VXLAN multihoming designs with QFX5110 and QFX5120 switches work as Layer 3 gateways, in some rare condition, when one of the switches acting as L3 gateway comes up after reboot, the egress interface in PFE for some end-host may not be updated to the correct next-hop interface in the hardware on that gateway. This issue cause traffic disruption for the affected end host
PR Number Synopsis Category: QFX PFE MPLS
1477301 The traffic may be lost over QFX5100 switch acting as a transit PHP node in the MPLS network
 
In the MPLS network, the packets may get dropped by egress node if the packets go through the QFX5100 switch acting as a transit PHP (penultimate-hop popping) node.
PR Number Synopsis Category: Accounting Profile
1452363 The pfed might crash and not be able to come up on the PTX or TVP platforms
 
The flow label statistics are retrieved periodically by pfed for PTX or TVP platforms, if the statistics reply becomes very big number, the pfed might crash hence affecting traffic.
PR Number Synopsis Category: ACX L2 related features
1461831 ACX platform LLDP neighbour not up on lag after software upgrade to 18.2R3-S1
 
In case of acx platform, if LLDP is configured on lag interfaces, it will not work.
PR Number Synopsis Category: ACX Interfaces IFD, IFL, vlans, and BRCM init
1284590 ACX5k MacDrainTimeOut and bcm_port_update failed: Internal error
 
On ACX5K, the buffer is corrupted on port 0 (*/*/0) and error message MACDRAINTIMEOUT and dcbcm_check_stuck_buffers are observed, which could eventually lead to port 0 (*/*/0) flapping.
1411015 The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx
 
The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx.
PR Number Synopsis Category: ACX GE, 10GE, PoE, IDT framers
1439384 interface on ACX1100 remains down when using SFP-1FE-FX (740-021487)
 
Interface with SFP-1FE-FX transceiver optic (740-021487) will not come UP on ACX routers.
PR Number Synopsis Category: MPC Fusion SW
1454595 The 100G Interfaces may not come up again after going down on MPC3E-NG
 
On MPC3E-NG cards with 100G interface in use, if the interface detects Loss of Lock (LOL) on the link without Loss of Signal (LOS), the interface will go down and may not come up again after the link is recovered.
PR Number Synopsis Category: a20a40 specific issue
1461487 A VM core might be observed if configuring a sampling rate of more than 65,535.
 
Configure the sampling rate more than 65535 may trigger vmcore on SRX5000 series platforms.
1465159 The AE interface cannot be configured on an SRX4600 device.
 
On SRX4600 platform, the Aggregated Ethernet (AE) interface cannot be configured for channelized port. The commit will fail for corresponding configuration. This issue has function impact.
PR Number Synopsis Category: common or misc area for SRX product
1430941 Unable to launch J-Web when the device is upgraded through USB image.
 
On SRX5000 series, when the device is upgraded through USB image, J-Web is not available and needs to be installed through "request system software add optional://jweb-srx".
1437098 LACP traffic is distributed evenly on ingress child links but not on egress links.
 
On SRX5k with SPC3 and SRX4600 platforms, the distribution of traffic over Link Aggregation (LAG) member ports does not take into account Layer 4 port information.
PR Number Synopsis Category: BBE Autoconfigured DVLAN related issues
1467468 L2 Wholesale not forwarding all client requests with stacked VLAN
 
In the Non-ANCP Based L2 Wholesale scenario, if more than one request packets from customer side encapsulated in dual-tagged VLAN arrive at PE device, only the first one of the packets which share the same outer VLAN gets forwarded, and the rest will fail.
PR Number Synopsis Category: BBE database related issues
1457284 UI_OPEN_TIMEDOUT: Timeout connecting to peer 'database-replication'
 
Syslog "timeout connecting to peer database-replication" is generated when command "show version detail" issued.
PR Number Synopsis Category: BBE interface related issues
1467125 The PPPoE subscribers get stuck due to the PPPoE inline keepalives don't work properly
 
In the PPPoE subscriber management environment, due to the PPPoE inline keepalives timeout events may get dropped by the RE (routing engine), the PPPoE subscribers get stuck. This issue may cause the PPPoE subscribers are unable to reconnect.
PR Number Synopsis Category: the replication daemon (repd) for Shared Memory-base
1461796 repd core dump during system boot up.
 
repd core dump during system boot up. This state is caused by cyclic dependency between repd daemon and other daemons.
PR Number Synopsis Category: BBE routing
1458369 The subscriber routes are not cleared from backup RE when session is aborted
 
On MX platforms with enhanced subscriber enabled, the subscriber routes might not be cleared from backup RE when session is aborted. The bbe-smgd memory leak might be seen on the backup RE and subscribers could not login after switchover.
PR Number Synopsis Category: MIBs related to BBE
1470664 SNMP interface-mib stops working for PPPoE clients
 
SNMP interface-mib stops working for PPPoE clients. In this scenario SNMP works fine for standard queries on the MX router, but for subscriber statistics always returns value of zero.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1432440 In BFD and GR enabled scenario, BFD DOWN packets are not being sent immediately after BFD failure
 
In both GR helper and GR restarter scenarios, BFD down packets are not immediately sent. It might cause an issue where BGP session down is notified before BFD DOWN.
PR Number Synopsis Category: Border Gateway Protocol
1423647 Route churn might be seen after changing maximum-prefixes configuration from value A to vlaue B
 
In BGP setup configured with VPN families (inet-vpn, inet6-vpn, l2vpn, evpn or mvpn), route churn might be seen after changing maximum-prefixes configuration from value A to value B, it causes rpd CPU usage to be hogged for about an hour.
1437837 The rpd process crash might be observed if leaking multi-pathed BGP routes from routing-instance to another routing table
 
This issue applies to Junos platforms with BGP multipath configured under a routing-instance and a RIB group is deployed to leak routes from that routing-instance to another routing table. "rpd" may restarts unexpectedly when performing multipath calculation operations for the secondary routes - (such as, removing the rib-groups/bouncing BGP neighbor under routing-instance.) The secondary routes refer to the second RIB in a RIB (Routing Information Base) group.
1442902 The CPU utilization on rpd spins at 100% once the same external BGP route is learned in different vrf tables
 
With "advertise-external" knob configured in BGP and "auto-export" knob configured in vrf, once the same external bgp route is learned in different vrf via the import policy, the CPU utilization on rpd will spin at 100% immediately.
1454198 The rpd scheduler slip for BGP GR might be up to 120s after the peer goes down
 
In BGP GR (graceful-restart) scenario (graceful-restart is configured for BGP or GR-helper mode is enabled by default), when high-scale routes get learnt from one peer, the rpd scheduler slip might be up to 120s after that BGP peer flaps.
1454951 The rpd process might crash when multipath is in use
 
If multipath is enabled, in some certain conditions, The rpd process might crash while secondary route resolution is running.
1461602 The rpd scheduler slips might be seen on RPKI route validation enabled BGP peering router in a scaled setup
 
In scaled BGP environment (e.g. global table ~3M routes or more) when there are a lot of (e.g 10k or more) more specific routes for a certain IPv4 or IPv6 prefix covered by some RV (route validation) record, a change in RV records database might lead to rpd (routing protocol daemon) scheduler slips, which could trigger routing protocol adjacency flap. The same could be triggered by executing "clear validation database" command or shortly after initial session RPKI (resource public key infrastructure) establishment event.
1472671 The rpd process might crash with BGP multipath and damping configured
 
On all Junos platforms running with Border Gateway Protocol (BGP), if both BGP multipath and BGP damping are configured, it might happen that, when the active route, for example r1, is withdrawn but it is not really deleted due to damping, then BGP might be unable to find its original gateway when the route r1 is relearned and becomes the best route again. It will lead to the rpd process crash.
PR Number Synopsis Category: Track PRs in BGP BMP area & is part of BGP inside RPD.
1466477 BGP Open messages with specific types of BGP Optional Capabilities causing BMP messages not been encoded correctly when sent to the BMP Collector.
 
The issue happens when a specific type of BGP optional capabilities are sent to the Juniper device during a BGP session establishment, resulting in BMP errounesly encoded later messages sent to the BMP collector. Problem only manifest itself when the BGP peer is using the 'allow' feature ( Also known as bgp listen/dynamic mode ).
PR Number Synopsis Category: BBE Remote Access Server
1460578 DHCPv6 subscribers might be stuck in a state after the authd process crash
 
On MX platform with DHCPv6 subscriber scenario, after the authd process crash happens, the subscribers might be stuck in a state and can not come online until restarting the jdhcpd and smid process. The authd process crash is a rare issue which might be caused by the system clock was adjusted in some manner.
PR Number Synopsis Category: Cassis pfe microcode software
1464820 MPC5E/6E might crash due to internal thread hogging the CPU
 
PR 1382182 (which is fixed in 16.2R3 17.1R3 17.3R3-S3 17.3R4 17.4R2-S3 17.4R3 18.1R3-S2 18.1R4 18.2R2 18.2X75-D40 18.3R2 18.4R1 19.1R1) introduced an improper code which could cause an internal thread to hog the CPU and eventually result in the MPC crash. It is a timing issue and affects MPC5E/6E.
PR Number Synopsis Category: MX Platform SW - FRU Management
1463169 MX2000 CB 19.44MHz clock failure is fatal, should trigger a CB switchover
 
Problem: CB clock failure does not switchover mastership. Master CB with faulty clock can't operate normally. Solution: Interrupt based CB clock failure detection and RE mastership switchover from faulty CB. Whenever CB 19.44MHz clock failure is detected by HW, it generates interrupt and handled by Chassis-control process. Chassis-control process interrupt handler does a RE switch if GRES is active and backup RE is ready to take over.
PR Number Synopsis Category: MX Platform SW - UI management
1453533 Alarm was not sent to syslog on MX10003 platform
 
On the MX10003 platform, the alarmd wont write the alarm messages to the syslog.
1457657 The chassisd process and all FPCs may restart after RE switchover
 
The chassisd process and all FPCs may restart after RE switchover if the knob "master-only" is enabled.
PR Number Synopsis Category: Class of Service
1472083 Unexpected traffic loss might be discovered in certain conditions under fusion scenario
 
On MX platform with enhanced queuing MPC under fusion scenario, EP (Extended Port) hosted on multiple CPs (Cascade Port) which are from different PFEs on the same FPC. Unexpected traffic loss might be observed if a CoS policy with the knob "rate-limit" is applied.
PR Number Synopsis Category: Class of service in forwarding daemon
1439401 The COS rewrite rule does not work for st0 interface
 
On NFX Series platforms, when a CoS rewrite rule is configured for the st0 interface, the CoS value will not take effect on the corresponding forwarding class. It causes CoS not to work as expected.
PR Number Synopsis Category: OpenSSH and related subsystems
1454177 SSH login might fail if a user account exists in both local database and RADIUS or TACACS+.
 
On SRX Series device, the SSH login from automation tools to the Junos device is not successful when using authentication method password (not 'keyboard-interactive'). If the username is configured both as a local user and also on a remote RADIUS or TACACS server, using the Juniper-Local-User-Name attribute pointing to a different local username.
PR Number Synopsis Category: Device Configuration Daemon
1457460 Mismatched MTU value causes the RLT interface to flap
 
In Redundant Logical Tunnel (RLT) with any dynamic protocols that rely on this interface scenario, when performing a "commit full" operation, which might cause the protocol to get flapping if MTU is configured at IFD level of the RLT. Due to the mismatch MTU value calculated by DCD and Kernel that triggers the IFD flapping, and then the protocols flapping.
1475634 Commit error is not thrown when member link is added to multiple aggregation group with different interface specific options
 
Commit error is not thrown when member link was added to multiple aggregation group with different interface specific options. When member interface added to bundle with both ether and gig-ether interface specific options, gig-ether option takes precedence over ether options.
PR Number Synopsis Category: Firewall Filter
1450928 The arp packets are getting dropped by PFE after chassis-control is restarted
 
The arp packets are getting dropped by PFE after chassis-control is restarted.
1452435 Commit error and dfwd coredump might be observed when applying a firewall filter with action "then traffic-class" or "then dscp"
 
Commit failure with error might be seen and the dfwd crashes when applying a firewall filter with action "then traffic-class" or "then dscp" to an interface.
1465093 On MX10008 and MX10016 routers policer bandwidth-limit cannot be set higher than 100g
 
MX10008 and MX10016's "policer bandwidth-limit" can not be set higher than 100G.
1466698 An output bandwidth-percent policer with logical-bandwidth-policer applied to an AE bundle along with an output-traffic-control-profile has incorrect effective policing rate
 
On MX platforms, for an AE bundle of at least two members hosted at two different FPCs, if the AE interface is with CoS output-traffic-control-profile of shaping-rate and with the output filter of policer with logical-bandwidth-policer and bandwidth-percent, the AE interface might have incorrect effective output policing rate.
1473093 Traffic might not be forwarded into the right queue but the default queue when VPLS traffic has three or more VLAN tags with VLAN priority 5
 
On the MX platform with MPC line card (except DPC line card) used, if an input firewall filter is configured at the ingress VPLS interface, the packet with a VLAN priority of 5 with three or more VLAN tags might be forwarded into the wrong queue. When this occurs, it might cause traffic loss due to congestion as all traffic is forwarded into the default queue.
PR Number Synopsis Category: dhcpd daemon
1471161 DHCP relay with forward-only might fail to send OFFER messages when DHCP client is terminated on logical tunnel interface
 
On all Junos platforms, when DHCP relay is configured with forward-only, and DHCP client is terminated on logical tunnel interface that multiple IFLs under this lt- interface have a same VLAN, DHCP relay might fail to send OFFER messages.
1474097 DHCP-server : radius given mask being reversed. Seems to me big/small endian conversion issue on PPC based REs
 
DHCP-server : radius given mask being reversed. Seems to me big/small endian conversion issue on PPC based REs. This is occurring because of big/small endian platform data format conversion.
PR Number Synopsis Category: CoS support on DNX
1470619 RED drop on interface even without any congestion
 
On DNX-based platforms such as an ACX5448 - when changing an interface configuration - such as from vlan-tagging to flexible-vlan-tagging 2-3 times - you may see persistent RED drops even when the interface does not experience congestion condition.
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1454180 Introduction of default inspection-limits to AppID to optimize CPU usage and improve resistance to evasive applications
 
AppID is significantly more resistant to evasive applications. It does this by introducing default inspection-limits which can be adjusted by using the new commands 'set services application-identification inspection-limit' and 'set services application-identification global-offload-byte-limit'.
1463159 A core file will be generated when perform an ISSU on SRX platforms
 
When APPID is enabled and perform an ISSU on SRX devices, it might cause traffic impact and generate core-dump file.
PR Number Synopsis Category: Ctrl Plane SW defects for Dvaita NPI (Node Virtualization)
1451215 Main chassisd thread at a JNS GNF could experience stalls upon GNF SNMP polling for hardware-related OIDs
 
- Chassisd main thread stalls could be seen at a JNS GNF upon GNF SNMP polling for HW-related OIDs (e.g. ones from jnxBoaAnatomy MIB). - If a GNF chassisd main thread stalls are ongoing and the GNF is restarted, then a service MGD process at the BSYS could start spinning at 100% CPU. This MGD process won't terminate by itself and will be consuming 100% CPU even when the GNF is back online.
PR Number Synopsis Category: Manageability SW defect for Dvaita NPI (Node Virtualization)
1429090 Dvaita JDM:The emitted XML is INVALID is thrown for show virtual-network-functions
 
Issue: XML output for the cli operational command 'show virtual-network-functions' is invalid as the xml data contains all the VNF info under single root tag 'vnf-instance' However this issue doesn't lead to any JDM functionality break. It can be considered as an issue only if this xml output is consumed by any XML parser and the parser doesn't expect the duplicate tags for multiple vnfs under a single root tag, but when it expects the each vnf information as a group.
PR Number Synopsis Category: JUNOS Dynamic Profile Configuration Infrastructure
1188434 UID may not release properly in some scenarious after service session deactivation
 
When same UID objects are used in both inet and inet6 services of the same subscriber session, deactivation the first session cause conditions which avoid releasing UID entry after deactivation second service session. This leads to having stale UID entry and can cause subscriber's connection problem in the future when UID pool would be completely exhausted. The probability of hitting the issue increases if amount subscriber to amount of unique services ratio is aproaching 1 (i.e. when almost every subscriber has a service with unique servie objects).
PR Number Synopsis Category: dynamic dcd prs
1470622 Executing commit might hang up due to stuck dcd process
 
When dynamic DHCP sessions are existing in the device, if multiple commits in parallel are performed, the commit might hang up.
PR Number Synopsis Category: Ethernet OAM (LFM)
1465608 Need two knobs for EOAM CFM interoperability between MX10003 and Ciena CPE
 
Customer need two knobs for EOAM CFM interoperability between MX10003 and Ciena CPE Two knobs: 1. primary-vid - this allows interop with Ciena CPE - which is used at evert tower site to est. EOAM CFM session 2. enhanced-cfm-mode - provides required scale needed for EOAM for CBH and METROE services
PR Number Synopsis Category: EX Chassis Interface Handling
1441035 The ports of the EX device might stay in up state even if the EX46XX/QFX51XX series device is rebooted
 
With DAC cable used between EX46XX/QFX51XX series device and EX device, during rebooting the EX46XX/QFX51XX series device, the ports on EX device might still stay up.
PR Number Synopsis Category: Express PFE CoS Features
1450265 CoS classification does not work on QFX10K
 
On QFX10K platforms, under the scale scenario more than 500 AE IFLs, if the classifier configuration frequent churns or link flaps, the CoS classification will not work on the impacted interfaces.
PR Number Synopsis Category: Express PFE FW Features
1426539 The host-bound traffic might be dropped after performing change configuration related to prefix-list
 
On PTX1K/10K, PTX3K/5K with FPC3 or QFX10K series, if the prefix entries configured in prefix-list exceeds the limit what the Packet Forwarding Engine (PFE) chipset supports, some unexpected behavior might be observed (e.g. the host-bound traffic drops) after performing change operation related to the prefix-list configuration (e.g. add a prefix to prefix-list which is associated with filter).
1462634 The sample/syslog/log action in output firewall filter with packet of size less than 128 might cause ASIC wedge (all packet loss) on PTX platforms
 
On PTX platforms, if output firewall filter is configured with sample/syslog/log action, the host interface might get wedged for packets with lengths 0-128 including Layer 3 headers.
PR Number Synopsis Category: Express PFE L3 Features
1430028 Reclassification policy applied on the route prefixes might not work on PTX platforms
 
On PTX platforms, when the protocol route prefixes received are configured with reclassification policy which based on community, it might be seen that traffic is not reclassified as expected.
PR Number Synopsis Category: Express PFE MPLS Features
1424553 LACP packet does not pass through l2circuit
 
LACP packet does not pass through l2circuit
PR Number Synopsis Category: Enhanced Broadband Edge support for firewall
1463420 The subscribers might not pass traffic after doing some changes to the dynamic-profiles filter
 
On MX platform, with enhanced subscriber enabled, if doing some changes to a dynamic-profiles filter, the subscribers built on the filter might no longer forward traffic.
PR Number Synopsis Category: PTX Express ASIC interface
1428307 Interface does not come up after interface flapping and FPC reboot
 
In PTX with FPC3-PTX and QSFP28 PIC, or MX platforms with EA/ZT-chip based line cards, one of the interfaces on them might not come up after an interface of peer device flapping in short intervals and then restart the local FPC. Due to the BCM8238x chip of Broadcom with a wrong re-timer leading to the local interface remain in "down" state.
PR Number Synopsis Category: Signature Database
1467561 When creating dynamic-attack-groups within IDP that contain many (30+) filters, the query would fail and the group would not be populated with any attacks.
 
When creating dynamic-attack-groups within IDP that contain many (30+) filters, the query might fail and the group would not be populated with any attacks.
PR Number Synopsis Category: Inline NAT PRs for defect & enhancement requests
1446267 The static route for NAT might never come up if switchover the service interface which has NAT and GR configuration
 
On MX platform, when switchover a service interface that has NAT and GR configuration, the static route for NAT might never come up.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1459692 In MC-LAG scenario traffic destined to VRRP virtual MAC gets dropped
 
When VRRP (virtual router redundancy protocol) is configured on MC-LAG (multichassis link aggregation groups), traffic destined to VRRP virtual MAC address might get dropped because the virtual MAC is not correctly programmed in PFE (packet forwarding engine).
PR Number Synopsis Category: Optical Transport Interface
1429279 After member interface flapping AE remains down on 5X100GE DWDM CFP2-ACO PIC.
 
On 5X100GE DWDM CFP2-ACO PIC on PTX series platforms, if any AE member interface flaps, the AE interface might stop receiving the LACP RX packets and fail to come up. It can be recovered by disabling/enabling the AE interface.
1467712 "MIC Error code: 0x1b0002" alarm might not be cleared for MIC on MPC5E when the voltage has returned to normal
 
The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC5.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1461677 In EVPN scenario memory Leak might be observed when proxy-macip-advertisement is configured
 
In EVPN scenario if "proxy-macip-advertisement" knob is configured, it might cause memory leak. Traffic would be impacted in case the memory leak is not stopped.
PR Number Synopsis Category: ISIS routing protocol
1455432 The rpd might crash continuously due to memory corruption in ISIS setup
 
With ISIS configured and in a very rare case, memory corruption may occur, this may cause rpd crash continuously.
PR Number Synopsis Category: jdhcpd daemon
1442222 The jdhcpd process might go into infinite loop and cause 100% CPU usage
 
When DHCP is configured, if subscribers are moved from one routing-instance to another or if the subscribe is deleted and re-added, the jdhcpd process might go into infinite loop and cause 100% CPU usage.
1459925 DHCP packet might not be processed correctly if DHCP option 82 is configured
 
In Dynamic Host Configuration Protocol (DHCP) scenario, an zero length sub-option of the option 82 in DHCP DISCOVER message might not be processed correctly causing other DHCP options from DHCP DISCOVER message to be mis-processed as well. This issue has service impact.
1465964 The ISSU might fail during subscriber inflight login is happening
 
On the MX platform with the DHCP subscriber scenario, if subscriber logging in is happening during the ISSU process, the ISSU failure might be observed.
PR Number Synopsis Category: Adresses ALG issues found in JSF
1474942 The flowd/srxpfe process might crash when an ALG creates gate with incorrect protocol value
 
On SRX chassis clusters, when an ALG creates gate with incorrect protocol value, the flowd/srxpfe process might crash on one node. This issue might happen in the situation that an ALG receives a corrupted RTO message on secondary node. It might affect the traffic.
PR Number Synopsis Category: Adresses NAT/NATLIB issues found in JSF
1471932 The flowd/srxpfe process might crash when traffic is processed by both ALGs and NAT
 
The flowd/srxpfe process might crash when traffic is processed by both ALGs and NAT.
PR Number Synopsis Category: To track issues related to jsf tcp proxy
1467351 The jbuf process usage may increase up to 99 percent after Junos OS upgrade.
 
The daemon jbuf usage may get a high level after Junos upgrade, resulting in jbuf warning logs and possible jbuf exhaustion, which might eventually cause traffic loss.
PR Number Synopsis Category: Flow Module
1458727 Optimizations were made to improve the connections-per-second performance of an SPC3.
 
Optimizations were made to improve the connections-per-second performance of SPC3
1462825 The tunnel packets might be dropped because gr0.0 or st0.0 interface is wrongly calculated after a GRE or VPN route change.
 
On SRX Series device, MTU is wrongly calculated in a gr0.0 or st0.0 interface after a GRE or VPN route change. If the command do-not-fragment is configured and the packet is bigger than the MTU, the packet might be dropped.
PR Number Synopsis Category: High Availability/NSRP/VRRP
1468441 IP monitoring might fail on the secondary node
 
IP-monitoring might stop working on secondary node when many instances of IP monitoring are configured on RG(redundancy group)/ RETH(Redundant Ethernet interface). If primary node goes down, failover will not happen which might cause traffic loss.
PR Number Synopsis Category: JSR Infrastructure
1450545 Traffic loss might occur when there are around 80,000 routes in FIB.
 
On SRX1500 platform, when there are around 800K routes in forwarding information base (FIB), traffic loss might occur and abnormal error messages of some CLI commands would appear due to lack of memory on packet forwarding engine (PFE). This issue has traffic impact.
PR Number Synopsis Category: interfaces and zones for junos js software
1452488 On SRX Series devices with chassis cluster, the control link remains up even though the control link is actually down.
 
On vSRX 3.0 deployed on Nutanix AHV, the revenue ports ge-0/0/x do not get created and hence the vSRX is unable to handle any traffic. This issue applies only to Junos OS Release 19.1 and later releases.
PR Number Synopsis Category: Firewall Policy
1453852 Security policies cannot sync between RE and PFE on SRX
 
On all SRX platforms, in a very rare condition, security policies do not be synchronized between RE and PFE. This issue might cause traffic loss.
1458639 The NSD process might get stuck and cause problems.
 
On all SRXs that have policy counter configured, there is a potential risk where the network-security daemon (NSD) on the RE could not communicate with its PFE counterpart (NSD-PFE) after either a HA failover, control link down, or PFE restart. At that point, it could no longer respond to network-security related commands and will not be able to complete coldsync for a newly joined node in HA environment.
1471621 Policy detail does not display policy statistics counter, even if policy count is enabled.
 
The count option in security policy is not working, "show security policies <> detail" will not print traffic statistics for policy.
PR Number Synopsis Category: IPSEC/IKE VPN
1405840 The IKE and IPsec configuration under groups is not supported.
 
On SRX5400, SRX5600, SRX5800 devices with SPC3, occasionally, if an IKE or IPSec configuration (under groups hierarchy) change is done for one IKE gateway, the tunnel may be cleared for unrelated IKE/IPSec gateway.
1461793 Traffic is not sent out through an IPsec VPN after update to Junos OS Release 18.2 or later.
 
The traffic is not sent out via IPsec VPN after update to 18.2 or above. After updating the Junos to 18.2 or above, SRX drops traffic which send from inside of Responder role device when only aggressive mode of policy based vpn. Because policy based VPN tunnel id is not added to NSP tunnel table, due to this tunnel-id lookup is failing and traffic is getting dropped.
PR Number Synopsis Category: issues related to RPD sensors including LSP
1449837 Changing the hostname will trigger lsp on -change notification, not an adjacency on-change notification. Also, currently ISIS is sending host-name instead of system-id in OC paths.
 
Currently ISIS is sending system host-name instead of system-id in OC paths in lsdb or Adjacency xpaths in periodic streaming and on-change notification.
PR Number Synopsis Category: Layer 2 Circuit issues
1464194 The l2circuit connections might be stuck in OL state after changing the l2circuit community and flapping the primary LSP path
 
In l2circuit scenario with community configured, when the community for l2circuit is changed from X to Y to go via a different LSP, the l2circuit connections might be stuck in "OL" state if there is a flap in the primary LSP path.
PR Number Synopsis Category: Layer 2 Control Module
1431355 The l2cpd process might crash and generate a core dump when interfaces are flapping
 
If there are any conditional groups in the system, the l2cpd process might crash and generate a core dump when interfaces are flapping and the lldp neighbors are available. It might cause the dot1x process to fail and all the ports have a short interruption at the time of process crash.
1450832 VLAN config change with l2ald restart might cause Kernel sync issues and impact forwarding
 
On all Junos platforms including MX, EX, QFX and SRX devices, VLAN config change with l2ald restart might cause Kernel sync issues and impact forwarding. The "show route forwarding table" may show dead BDs, MACs and the "show vlans extensive" may show the state as destroyed.
1469635 Memory leak on l2cpd process might lead to l2cpd crash
 
On all Junos platforms with l2cpd (Layer-2 control protocols) daemon, committing configuration changes which are processed by l2cpd (e.g., flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, family ethernet-switching) might cause marginally memory leak. Committing the l2cpd processed configuration changes in a successive manner might cause the memory resource exhaustion (Some operations have the same effect as the committing action, e.g., bouncing a vlan-tagged interface in a successive way). Eventually, it could result in the l2cpd process crash.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1468732 MAC address might not be learned on a new extended port after VMotion in Junos Fusion Data Center environment
 
In Junos Fusion Data Center environment, when a VM is moved from one satellite port to another using VMotion, MAC address of VM might not move to new satellite port in Aggregate Device's switching table.
PR Number Synopsis Category: Multiprotocol Label Switching
1379480 ISIS SRGB Block Allocation: Failure
 
On MX/PTX platforms , if customer Deactivate/Activate protocols isis OR change SR(Segment Routing) SRGB label range , then MPLS label manager will not free the old label range back to original Dynamic range immediately, so this will cause upper protocols IS-IS allocate Node-SID/Adj-SID label failure .
1465902 The device may use the local-computed path for the PCE-controlled LSPs after link/node failure
 
In a Path Computation Element Communication Protocol (PCEP) scenario where the link/node protection is enabled, the PCE-controlled LSPs may shift to the local-computed path after link/node failure upon path retry processing.
1469378 [QFX10002] Command "show mpls static-lsp | display xml" produces INVALID XML.
 
The "show mpls static-lsp | display xml" command produces INVALID XML when more than 100 static LSP are configured.
PR Number Synopsis Category: Multicast for L3VPNs
1460625 The rpd process might crash due to memory leak in "MVPN RPF Src PE" block
 
In NG-MVPN scenario with multiple multicast sources, the rpd process might crash due to memory leak in "MVPN RPF Src PE" block.
1469028 The rpd might crash when "link-protection" is added/deleted from LSP for MVPN ingress replication selective provider tunnel
 
In MVPN scenario with ingress replication selective provider tunnel used, if the knob "link-protection" is added/deleted from the LSP for MVPN, rpd crash might be seen. The reason is that when link-protection is deleted, the ingress tunnel is not deleted, and when link link-protection is added back, it tries to add same tunnel, hence the rpd asserts as same tunnel exists. Finally the rpd core might be seen.
PR Number Synopsis Category: Bugs related to ethernet interface on MX platform
1435221 Micro BFD session might flap upon inserting a QSFP to other port
 
Micro BFD session with timer configured with less than 3x500ms (such as 3x100ms) might flap upon inserting a QSFP to other port.
PR Number Synopsis Category: MX10K platform
1462065 "CHASSISD_SNMP_TRAP6: SNMP trap generated: Power Supply failed" when both DIP switches and power switch are turned off
 
On MX10008 there is a "Power Supply failed" SNMP trap generated for every power supply which has no feeds connected to it. This happens even if both DIP switches and the power switch on the Power Supply are turned off and no feeds are connected to the PEM.
PR Number Synopsis Category: Track veHostd, vmm-sdk issues on Mt Rainier RE
1448413 Process vehostd crashes without coredump and is not restarted
 
Automatic restart of vehostd might fail and the following Minor alarm is seen with 'show system alarms' or 'show chassis alarms'. VMHost RE 0 host vehostd Application failed or VMHost RE 1 host vehostd Application failed The process can be restarted manually in affected releases. After the fix of this PR, the process restart is handled properly.
PR Number Synopsis Category: Track Mt Rainier SPMB platform software issues
1460992 Hardware failure in CB2-PTX causes traffic interruption
 
In PTX 3000/5000 platforms with CB2-PTX (Control Board), there is an existence of an errata on a clock signal component manufactured by a third-party supplier, which might cause the Switch Processor Mezzanine Board (SPMB) and Switch Interface Boards (SIBs) failure, eventually, traffic will be interrupted.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1425608 The kernel crashes when removing mounted USB while a file is being copied to it
 
If you pulled out a USB from the system while files are being copied, the kernel will panic and the system will restart.
1442376 EX2300 platforms might stop forwarding traffic or responding to console
 
On EX2300/EX2300-C platforms, if Junos OS is with FreeBSD kernel version 11 with the build date on or after 2019-02-12, the switch might stop forwarding traffic or responding to console. A reboot is required to restore the service.
1450093 EX4300 : CLI config "on-disk-failure" is not supported
 
On an EX4300 switch, the CLI configuration "set chassis routing-engine on-disk-failure disk-failure-action (reboot | halt)" is not supported.
1454950 mgd error found during Junos 18.4R2.7 boot up and Junos did not work as expect
 
Packet Forwarding Engine sometimes does not come up after system reboot.Timeout is required to handle the fifo tx/rx error. Debug sysctls are been removed. Mutex been added to handle to race condition.
1469400 Member of virtual chassis might reboot because of lack of watchdog patting
 
In virtual-chassis scenario on EX3400, if watchdog pat did not happen within stipulated time, member (master or backup or linecard) of virtual chassis might reboot automatically with "0x2:watchdog" as reboots reason.
PR Number Synopsis Category: TCP/UDP transport layer
1449664 FPC might reboot with vmcore due to memory leak
 
On all Junos platforms, if the device is up for a long period (e.g. several weeks or months), there might be a slow memory leak happening in some error scenarios where an application tries to send some data on a stale TCP socket (e.g. short-lived TCP connections used by the mgd process), and this issue might lead to FPC reboot with vmcore files.
PR Number Synopsis Category: OSPF routing protocol
1444728 The rpd crash might be seen after configuring OSPF nssa area-range and summaries
 
In the scenario of running OSPF, if nssa area-range and summaries are configured, the rpd crash may occur and traffic may be lost.
1463535 Install all possible next-hops for OSPF network LSAs
 
For each network lsa, OSPF code fetches the first router lsa link and adds the only one candidate as route. Now the code is updated to fetch all the router lsa link, present in network lsa.
PR Number Synopsis Category: Issues related to PKI daemon
1474225 Certificate error while config validation during Junos upgrade
 
During Junos upgrade, config validation might fail with certificate error.
PR Number Synopsis Category: PTP related issues.
1408178 QFX5k : Transit traffic loss when one of LAG child interfaces deleted or deactivated
 
Traffic does not pass through LAG interface on QFX5k once deleted or deactivated one of child interfaces though LAG interface is UP state. At that time, invalid vlan tag will be added to traffic.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1453821 "show chassis led" shows wrong status
 
"show chassis led" status outputs may not proper along with some port status
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1423496 Ports may get incorrectly chanalized if they are 10G already and they are channelized to 10G again
 
On all junos platforms with channelizing ports on FPCs, if a 40G port which are channelized to 10G ports already (eg:xe-2/0/16:0) are being channelized to 10G again, they may get incorrectly channelized.
1440062 The EX4600/QFX5100 VC might not come up after replacing VC port fiber connection with DAC cable
 
On the EX4600/QFX5100 virtual chassis scenario, the VC may split after replacing VC port fiber connection with DAC cable.
1449406 CRC error might be seen on the VCPs of the QFX5100 VC
 
In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC.
1449406 CRC error might be seen on the VCPs of the QFX5100 VC
 
In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC.
1465302 The physical interface of AE (Aggregated Ethernet) might take time to come up after disable/enable
 
On Junos platforms, the physical interface of AE might come up after a long delay (4 mins) if there are millions of bgp routes learnt on the device. This delay is happening because PFE Manager thread is busy processing the routing updates from RE. These routing updates are the result of AE interface going down at the first step of disabling the interface.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1438143 BGP neighbourship might not come up if the MACsec feature is configured
 
On QFX10002/QFX10008/QFX10016 Series platforms with MACsec feature enabled, the BGP neighbourship might not be established.
1438143 BGP neighbourship might not come up if the MACsec feature is configured
 
On QFX10002/QFX10008/QFX10016 Series platforms with MACsec feature enabled, the BGP neighbourship might not be established.
1454527 Dcpfe should crash because usage of data is not NULL terminated on QFX5K
 
The dcpfe crash is due to usage of data which is not NULL terminated on QFX5K.
1457456 Over temperature SNMP trap messages are shown up after update even though the temperature are within the system thresholds
 
EX2300 and QFX series switches generate SNMP trap for high temperature after upgrading to any of the affected Junos software. This is due to a temperature threshold value being set incorrectly in the software, SNMP false trap related to temperature gets generated and results in "over temperature" logs.
1465183 PEM is not present spontaneously on QFX5210
 
On QFX5210 platforms, due to a firmware issue on the power supplies (PEMs) of the switch, the routing engine may spontaneously misread the status registers of a power supply. This produces erroneous messages of PEM not present. Although the power supply is present and can deliver power, the system may then deactivate the power supply believing it not to be present.
1466810 EPR iCRC errors in QFX10000 series platforms might cause protocols down
 
EPR iCRC errors in QFX10000 series platforms might cause protocols down. FPC will be in wedged state and will not pass traffic on that PFE if hitting this issue. EPR iCRC errors are normal and caused by transient hardware conditions. EPR iCRC errors are not expected to impact the protocols, and only one CRC failed packet will be dropped. But due to incorrect handling of this error, it affects protocols and causes FPC wedge.
1471216 The speed 10m might not be configured on the GE interface
 
On QFX5100 and EX4300 mixed-mode Virtual Chassis, the speed 10m might not be configured on the GE interface.
PR Number Synopsis Category: QFX platform optics related issues
1337340 On QFX5100 platforms, LR4 QSFP can take up to 15 min to come up after VC reboot
 
On QFX5100 platforms, LR4 QSFPs might take take longer to come up than others (up to 15 minutes). This is a intermittent occurrence.
1458363 Intermittent LAG interface flaps might be seen on QFX platforms
 
On QFX platforms with Link Aggregation Group (LAG) interface, if periodic "SFP diagnostic" is configured with short interval (e.g. test sfp periodic diagnostic-interval 3), the LAG interfaces might have intermittent flaps and therefore bring service impact due to this issue.
PR Number Synopsis Category: QFX PFE Class of Services
1468033 Ingress drops to be included at CLI from interface statistics and added to InDiscards
 
In QFX5000 platforms, as Ingress buffer drops (InDiscards) field is not presented the output of "show interfaces extensive x-x/x/x". This change added ingress buffer drops counters.
PR Number Synopsis Category: DHCP related Issues
1459499 JDI-_QFX5200_-REGRESSION-SWITCHING-QFX5200: dhcpv6 LDRA relay bounded count is not as expected after dchp configured
 
On qfx5k platforms dhcp6 security with LDRA option is not supported. When ldra is configured, ldra filter to punt packets to host path is conflicting with system default dhcpv6 relay filter, hence packets are not punted to host path.
PR Number Synopsis Category: Filters
1462594 The fxpc process might core-dump when changing MTU in a VXLAN scenario with firewall filters applied on QFX5K platforms
 
On the QFX5K VC/VCF platform with firewall filters applied on VXLAN enabled interface, the fxpc process might crash when changing MTU for the interface.
1464352 The dcpfe might crash when changing the firewall filter on QFX5K platforms
 
On QFX5K switches, when a firewall filter term is changed in scale conditions (such as, more than 2500 iRACL--ingress Routing ACL entries), the dcpfe might crash especially in make-before-break scenario. It might cause all interfaces in this FPC down.
PR Number Synopsis Category: for all ipv6 related issues
1459759 The fxpc process might crash due to several BGP IPV6 session flaps
 
On QFX5100 and EX4600 platforms, the fxpc (packet forwarding engine manager) process might crash when multiple BGP IPV6 sessions (for instance around 500) are flapped and then restored at the same time.
PR Number Synopsis Category: QFX L2 PFE
1474545 Continuous error log messages might be raised on QFX5K platforms in EVPN/VXLAN scenario
 
In EVPN-VXLAN scenario, when an SP style interface is configured both with native-vlan-id and LLDP on QFX5000 platforms, continuous log messages might be observed.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1412873 Part of routes could not be provided into PFE when both IPv4 and IPv6 are used.
 
On EX and QFX platform with both IPv4 and IPv6 used, in rare case, IPv6 routes loading process will be started even IPv4 routes loading process is not finished yet, which causes part of IPv6 routes could not be provided into PFE finally. The issue will also happen if IPv4 routes start to be loaded without IPv6 routes loading finished. At the end, traffic drop will happen due to the lack of routes in PFE.
1412873 Part of routes could not be provided into PFE when both IPv4 and IPv6 are used.
 
On EX and QFX platform with both IPv4 and IPv6 used, in rare case, IPv6 routes loading process will be started even IPv4 routes loading process is not finished yet, which causes part of IPv6 routes could not be provided into PFE finally. The issue will also happen if IPv4 routes start to be loaded without IPv6 routes loading finished. At the end, traffic drop will happen due to the lack of routes in PFE.
1456336 Link up delay and traffic drop might be seen on mixed SP L2/L3 and EP L2 type configs
 
This PR includes three issues. First one: When Layer3 IFL (logical interface) is configured first and then Layer2 IFL is configured, MAC move might not happen. Second one: On Vxlan setup with large number of child interfaces, link up delay is seen. Third one: In case of VLAN setup with Enterprise/Service Provider L2 and L3 type configs, when all the configs are done in single commit statement then the traffic might not be forwarded.
PR Number Synopsis Category: QFX MPLS PFE
1469998 If continuous interface flaps at ingress/egress of PE devices, IP routed packets might be looped on the MPLS PHP node
 
On QFX5K platform, when MPLS node-link-protection is configured on all nodes (PE and P device), the IP routed packets might be looped on the MPLS PHP node (P device) if continuous interface flaps at ingress/egress of PE devices.
PR Number Synopsis Category: QFX EVPN / VxLAN
1454804 The untagged hosts ARP/NS requests might not be resolved when it is connected on 'encapsulation ethernet-bridge' interface
 
On the QFX5120 platform, the ARP request/reply/NS/NA might not get resolved for an untagged packet coming on an interface with 'encapsulation ethernet-bridge' and when this interface is in a vxlan with 'encapsulate-inner-vlan' configuration.
1463939 JDI-RCT : QFX 5100 VC/VCF : Observing Error BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: while cleanup Evpan-VxLAN configs with Mini-PDT base configurations
 
On QFX5100, Error BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: may come while cleanup Evpn-VxLAN configs. These are harmless messages.
PR Number Synopsis Category: QFX VC Infrastructure
1465196 A 10G interface might not come up on QFX5100-48T switches or negotiate at speed 1G when connected with Broadcom 57800-T daughter card
 
On QFX5100-48T, the 10G interface might not come up or negotiate at the speed of 1G with Broadcom 10G 57800-T daughter card. In the issue state, speed will be set to 1G which might make the interface down and result in traffic impact.
PR Number Synopsis Category: QFX VCCP
1454343 Master FPC might come up in master state again after reboot instead of backup
 
In QFX5110-32Q VC with 100G VCP links, if the master switch with the lowest MAC address reboot, it might come up in the master state again instead of backup. This can have outage around ten minutes and packets loss.
PR Number Synopsis Category: KRT Queue issues within RPD
1438597 RPD might core during router boot up due to file pointer issue as there are two code paths that can close the file. We are attempting to close the file without validating the file pointer.
 
RPD might core during router boot up due to file pointer issue as there are two code paths that can close the file. We are attempting to close the file without validating the file pointer.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1441550 The rpd may crash or consume 100% of CPU after flapping routes
 
When flapping the existed flood nexthop type routes, it may cause rpd crash or consume 100% of CPU. This issue may cause routing protocols sessions/neighbors flap or traffic loss.
1460786 IPv6 Prefix might be hidden when received over IPv4 BGP session
 
When labeled-IPv6 and non-labeled IPV6 prefixes are received with the same protocol nexthop and the outgoing interface does not have MPLS family enabled, the IPv6 non-labeled route will be in inactive state and remains in hidden state.
PR Number Synopsis Category: RPD policy options
1453439 Routes resolution might be inconsistent if any route resolving over the multipath route
 
On all Junos platforms, any route resolving over the multipath routes, one scenario is BGP over BGP. After the metric value of any PNH (refers to the second PNH and using it to performing the second time next-hop resolving) changes, meanwhile, if the hash-selection changes happened, it might result in routes resolution inconsistency. Traffic drops could be observed if the packages are still forwarding to the old PNH (Protocol Next Hop). Any recursive resolving multipath scenario might trigger this issue.
1476530 Support for dynamic-tunnels on SRX-Series devices was mistakenly removed
 
Support for dynamic-tunnels on SRX-Series devices was mistakenly removed.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1412667 The L3VPN link protection doesn't work after flapping the CE facing interface
 
Provider Edge Link Protection in Layer 3 VPNs doesn't recover after flapped the CE facing interface.
1459384 The rpd memory leak might be observed on backup routing engine due to BGP flap
 
In a BGP scenario when certain routes are flapping frequently, it could lead to rpd memory leak on backup Routing Engine. The rpd might crash and restart once the rpd runs out of memory for certain junos releases.
PR Number Synopsis Category: multicast source distribution protocol
1454244 The rpd memory might leak in a certain MSDP scenario
 
In the Multicast Source Discovery Protocol (MSDP) scenario, where the router acts as both Rendezvous Point (RP) and First Hop Router (FHR), connecting to another RP in its AS with a logical loop topology, due to this special setup, it might cause a source-active (SA) message continuously to loop and eventually causes the rpd memory leak.
PR Number Synopsis Category: Resource Reservation Protocol
1471281 The rpd crash might be seen after doing some commit operations which could affect RSVP ingress routes
 
On all platforms with BGP PIC configured, if doing some commit operations where RSVP ingress routes are affected, the rpd crash might be seen.
PR Number Synopsis Category: IPSEC functionality on M/MX/T ser
1477483 On NATT scenario the IKE Version 2 IPsec tunnel might flap if the tunnel initiator is not behind NAT
 
On MX platforms with MS-MPC/MS-MIC card installed and NATT scenario, when the IPsec tunnel initiator is not behind NAT, it might cause IPsec tunnel flapping. It happens in IKEv2 scenario.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1459306 The traffic might be stuck on MS-MPC/MS-MIC with sessions receiving huge number of affinity packets
 
On MX platforms with MS-MPC/MS-MIC, if there are sessions receiving huge number of affinity packets (e.g. thousands of packets), the service interface might be brought down by the prolonged flow-control, and the mspmand process crash might happen. In this case, the traffic will be stuck due to this issue.
1467874 DNS-Sink holing: Crypto code can cause high CPU utilization
 
Crypto library shim memory utilization performance improvement by using data shim instead of control shim.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1460027 The PPTP doesn't work with destination NAT
 
On the MX platform, if the PPTP control connection is established with destination NAT (network address translation), it will be failed. This issue will cause the PPTP traffic loss.
PR Number Synopsis Category: SRX Argon module bugs
1455169 The SRX Series devices stops and generates several core files.
 
The SRX device generates a lot of core-dumps when AAMW(advanced-anti-malware) and user-firewall features are used.
1460619 The AAMWD process exceeds 85 percent RLIMIT_DATA limitation due to memory leak.
 
The "aamwd" process may exceed 85% RLIMIT_DATA limitation due to memory leak when there is a connection issue with the Sky ATP server.
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1465199 Static route through dl0.0 interface is not active.
 
On SRX320,SRX345 or SRX550m platforms with LTE Mini-PIM module installed, if configure a static route with the gateway IP address of d10 as next-hop and default route is configured, all traffic destined for the static route will fail to transmit to dl0 interface.
1468430 Tail drop on all ports is observed when any switch-side egress port gets congested.
 
On the SRX300 line of devices with Mini-PIM installed, tail-drop might happen on all ports when the serial egress port gets congested.
PR Number Synopsis Category: All PRs related to platform SRX5XX
1459037 SRX branches device might not be reachable when initiating offline command for PIC
 
For the SRX branches, the device might not be reachable when offline command is initiated for the PIC (request chassis fpc offline slot xx). It is related to the behaviour of broadcom SDK version 6.5.x.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1463015 An interface might get stuck in down state on certain MX platforms
 
The DFE tuning enabled interfaces on certain MX platform might get stuck in down state, if the remote interface sends invalid code to the local interface. Link might not come up even after the remote peer has begun sending a good signal.
PR Number Synopsis Category: Stout PF fabric (SFB2)
1461356 Traffic might be impacted because the fabric hardening is stuck
 
Fabric hardening (FH) is the process of controlling bandwidth degradation to prevent traffic black hole. When FH is processing, if SFB/SCB get failure, FH process will be stuck, which will get traffic lost.
PR Number Synopsis Category: MX10003/MX204 MPC defects tracking
1474231 QSA adapter Lane 0 port might be also brought down when disabling one of the other lanes
 
When QSA adapter is installed, the Lane 0 port might be also in down state when disabling one of the other lanes (1, 2 or 3) due to the chan number not entertained. It is not expected behaviour and it might affect service.
PR Number Synopsis Category: SRX-1RU HA SW defects
1474233 An unhealthy node might become primary in SRX4600 Chassis Cluster scenario
 
In the SRX4600 Chassis Cluster scenario, a node might become primary in a failover scenario. This can lead to packet drops.
PR Number Synopsis Category: SRX-1RU platfom datapath SW defects
1462610 Srxpfe/flowd process might crash if changing the sampling configuration
 
On all SRX platforms, if Jflow is configured and there is a sampling configuration change, the srxpfe/flowd process might crash. This is a corner issue. It might cause traffic loss.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1451559 In EVPN VXLAN scenario, sometimes host generated packets are getting dropped as hitting "reject route" in PFE
 
In EVPN VXLAN scenario, sometimes host generated packets are getting dropped as hitting "reject route" in PFE. For example, when you initiate the ICMP request sourced from EVPN instance's L3 GW irb address, the ICMP packet may not get out successfully in below scenario 1. control plane generated packet with overlay destination address (irb) belonging to one particular routing instance and the underlay (vtep) is on a different routing instance, This packet is inserted from control plane on the underlay's routing instance lookup which will fail leading to this control plane generated packet not go out. 2. When MPLS traffic engineering is enabled. The underlay vtep route in inet.0 will be labeled mpls route.
1467764 The Layer-2 traffic over ae interfaces sent from one member to another is corrupted on MX-VC setup
 
On MX-VC setup with bridge-domains configured, if ae interface is used within bridge-domain, and if the ingress ae and egress ae interface host in different VC members, the Layer-2 traffic over ae sent from one member to another is getting corrupted.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1381580 The unicast traffic from IRB interface towards LSI might be dropped due to Packet Forwarding Engine mismatching at egress processing.
 
On all Junos with Trio platforms, the unicast traffic might get dropped when it is passed from an Integrated Routing and Bridging (IRB) interface towards label switch interface (LSI) if the Aggregation Ethernet (AE) load balancing adaptive or per-packet is configured.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1464439 The CPU utilization on mgd daemon might be stuck at 100% after the netconf session is interrupted by flapping interface
 
If a netconf session is initiated over inband connection, the CPU utilization on mgd daemon might be stuck at 100% after the netconf session which is executing an RPC call for some commands gets interrupted by flapping interface. There is no impact observed to control-plane or forwarding-plane, the subsequent netconf session will continue to function.
PR Number Synopsis Category: PTX/QFX10002/8/16 specific software components
1459373 The error messages with "create_pseudos: unable to create interface device for pip0 (File exists)" might be seen after restarting chassisd
 
After chassisd restart (e.g. by 'restart chassis-control' cli command or otherwise) the logs are flooded with 'CHASSISD_IFDEV_CREATE_FAILURE: create_pseudos: unable to create interface device for pip0 (File exists)' messages every 2 seconds.
1471679 ARP suppression (default enabled) in EVPN not working on MX10008/MX10016 line cards
 
If MX10008 or MX10016 function as provider edge (PE) devices in an Ethernet VPN-MPLS (EVPN-MPLS) or Layer 3 VXLAN gateways in an Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) environment, ARP suppression is enabled by default, when the ARP expires on any the CPE's , it sends out an ARP REQ broadcast message , this should be suppressed by the PE(MX10008/MX10016). However, ARP broadcast received on MX10008/MX10016 seems to flooded.
PR Number Synopsis Category: PTX/QFX100002/8/16 platform software
1464119 FPC might restart during run time on PTX10K/QFX10K platforms
 
On PTX10K/QFX10K platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions.
PR Number Synopsis Category: VNID L2-forwarding on Trio
1461860 Traffic received from vtep gets dropped if the VNI value used for type-5 routes is greater than 65535
 
With EVPN-VXLAN on MX platforms, the packets received from vtep would be dropped by PFE (Packet Forwarding Engine) if the VNI value used for type-5 routes is exceeding 65535.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1446390 Continuous VRRP state transition (VRRP master/backup flaps) will be seen when one device drops VRRP packets
 
This issue is observed in one scenario when there are three VRRP routers say R1, R2 & R3, the VRRP priority on R1 is larger than R2 larger than R3, and a firewall filter on R3 interface input direction is configured to drop all VRRP packets. Then continuous VRRP state transition (VRRP master/backup flaps) would be seen. It might affect service.
PR Number Synopsis Category: VSRX platform software
1469978 vsrx2.0 - config-drive does not work as expected
 
Adding the license to the vSRX while it's getting spun through cloud-init fails. It would have to manually add it after the device has booted up.
Modification History:
First publication date 2020-01-16
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search