Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles18.3R3-S1: Software Release Notification for JUNOS Software Version 18.3R3-S1
| PR Number | Synopsis | Category: EX2300/3400 platform |
|---|---|---|
| 1452209 | The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured |
On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow. |
| PR Number | Synopsis | Category: QFX Multichassis Link Aggregrate |
| 1454764 | Flooding of ARP reply unicast packets for switch VRRP MAC address through every port in VLAN |
A QFX switch may send out ARP reply unicast packets as a result of an ARP request sent for the device's VRRP MAC address. |
| PR Number | Synopsis | Category: JUNOS Network App Infrastructure (for ping, traceroute, etc) |
| 1463622 | The cosmetic error messages of NTP time synchronization might be seen during device booting |
In NTP with the boot-server scenario, when the router or switch boots, the NTP daemon will send a ntpdate request to poll the configured NTP boot-server to determine the local date and time. If the ntpdate is not be activated correctly while the device booting, the ntpdate might not work successfully. Then some cosmetic error messages of time synchronization might be seen, but there is no impact with time update since ntp daemon will update the time eventually. |
| PR Number | Synopsis | Category: Software build tools (packaging, makefiles, et. al.) |
|---|---|---|
| 1417345 | The JSU package installation may fail |
In a specific scenario, the JSU (Junos OS selective upgrade) package installation on a router which has JET (Juniper Extension Toolkit) package installed may fail due to "Operation not permitted" error. This issue does not impact service and traffic. |
| PR Number | Synopsis | Category: Engineering request for regressed image from System Test |
| 1460087 | Storage space limitation leads to image installation failure during Phone home on ex2300 and ex3400 platforms. |
Storage space limitation leads to image installation failure during Phone home on ex2300 and ex3400 platforms. |
| PR Number | Synopsis | Category: L2NG RTG feature |
| 1440574 | MAC addresses learned on RTG may not be aged out after a Virtual-Chassis member rebooted |
A "source" MAC entry does not age out after a VC member reboot. After a Virtual-Chassis (VC) member with aggregated interfaces rebooted, the kernel running on the routing-engine (RE) may install a "source" MAC entry as "remote" MAC entry. Hence, the MAC entry does not age out. |
| 1461293 | MAC addresses learned on RTG may not be aged out after aging time |
MAC addresses learned on redundant trunk group (RTG) might not be aged out after aging time if the source interface is configured as RTG. |
| PR Number | Synopsis | Category: EX4300 Control Plane |
| 1461434 | ERP might not revert back to IDLE state after reload/reboot of multiple switches |
On EX4300 platforms configured with ERP, after multiple devices reboot/restart at the same time, ERP might not revert back to the IDLE state. This issue might be seen in situations where the ERP node-id is not configured manually and after the restart, the default node-id (switch base MAC address) might get reset to 00:00:00:00:00:00, effectively causing multiple devices to have the same node-id. |
| PR Number | Synopsis | Category: EX4300 PFE |
| 1448607 | NSSU cause a traffic loss again after the backup to master transitions |
In specific topology (VC uplink with VRRP and downlink client-side has a LAG), while doing NSSU on EX4300 VC, traffic loss might be observed again after the backup to master transitions. |
| 1453025 | The IRB traffic might get drop after mastership switchover |
In the Virtual-Chassis scenario with mac-persistence-timer enabled, the IRB traffic might get drop after master switchover. |
| 1470424 | The switch might not be able to learn MAC address with dot1x and interface-mac-limit configured |
On Junos platforms, if dot1x and interface-mac-limit are configured, when sending traffic continuously to the interfaces, the switch might not be able to learn MAC address. Hence traffic drop might be seen. |
| PR Number | Synopsis | Category: EX4300 Platform |
| 1445626 | The laser TX might be enabled while the interface is disabled |
In ex4300 switches when 1G SFP is connected to 10G port, Auto-negotiation should be disabled (when enabled causes many issues like ARP, link down..) hence when AN is disabled somehow corrupting the TX_DISABLE field hence Laser Tx remain enabled when disabling and plug-out - plug-in. |
| PR Number | Synopsis | Category: Marvell based EX PFE L2 |
| 1474808 | Continuous dcpfe error messages and eventd process hogged might be seen on EX2300 VC scenario |
On EX2300 VC scenario, when host path packets are flooding through internal HG (higig) port, it might generate some dcpfe error messages which are harmless and eventd process hogged might also be seen. And it also might cause high CPU utilization which might affect protocol traffic. |
| PR Number | Synopsis | Category: Marvell based EX PFE L3 |
| 1462106 | Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX-4600-EX-4300 VC |
Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX-4600-EX-4300 VC |
| PR Number | Synopsis | Category: EX9200 Control Plane |
| 1452738 | The l2ald and eventd are hogging 100% after issued "clear ethernet-switching table" |
The l2ald and eventd processes are hogging 100% after issued "clear ethernet-switching table" and also the continuous syslog errors "l2ald[18605]: L2ALD_IPC_MESSAGE_INVALID: Invalid message received (message type 0, subtype 0): null message" are observed. |
| PR Number | Synopsis | Category: EX2300/3400 CP |
| 1458559 | The correct VoIP VLAN information in LLDP-MED packets might not be sent after commit if dynamic VoIP VLAN assignment is used |
If the dynamic assignment of VoIP VLAN is used, the switch might not send correct VoIP VLAN information in LLDP MED packets after any configuration change and commit. |
| PR Number | Synopsis | Category: EX2300/3400 PFE |
| 1465526 | [EX2300] FXPC Core is seen after mastership election based on user's priority |
An FXPC core file is created when an EX2300 in a VC configuration is rebooted. |
| PR Number | Synopsis | Category: EX2300/3400 platform |
| 1417839 | EX3400 : "show chassis environment" repeats "OK" and "Failed" at short intervals |
When the chassisd process receives incorrect values from LCMD for the RPM values, it changes the fan status to "Failed" from "Ok", and vice versa. |
| PR Number | Synopsis | Category: DC PFE QoS |
| 1466770 | Slow packet drops might be seen on QFX5000 platforms |
The issue observed on QFX5000 platforms when there are any packets on the port before its buffer configuration is completed after the reboot. This issue is very rare and the window could be just few milli seconds. |
| PR Number | Synopsis | Category: QFX Multichassis Link Aggregrate |
| 1465077 | The traffic might be forwarded to wrong interfaces in MC-LAG scenario |
On EX/QFX platforms with MultiChassis Link Aggregation Group (MC-LAG) configured, if the interface media of MC-LAG is changed from MultiProtocol Label Switching (MPLS) to Dense Wavelength Division Multiplexing (DWDM), the traffic might be forwarded to wrong interfaces and get dropped. |
| PR Number | Synopsis | Category: QFX Access control list |
| 1379718 | Host destined packets with filter log action might not reach to the routing engine if log/syslog is enabled. |
On EX4300/EX4600/QFX Series switches except for QFX10k, if host destined packets (that is, the destination address belongs to the device) come from the interface with ingress filter of log/syslog action (for example, 'filter <> term <> then log/syslog'), such packets should not be dropped and reach the Routing Engine. |
| 1429543 | The traffic with destination UDP port 520 (RIP) or 521 (RIPng) gets dropped on QFX5000/EX4600 platforms |
On QFX5000/EX4600 platforms, the received traffic will be dropped if the destination UDP port is 520/521 though the device runs pure layer 2 switching. |
| PR Number | Synopsis | Category: QFX PFE CoS |
| 1432078 | Shaping does not work after the reboot if "shaping-rate" is configured. |
On QFX5110, QFX5100 and EX4600 platforms, if "shaping-rate" is configured, the shaping feature might not work after a reboot. The service might be impacted as the traffic cannot be rate limited. |
| 1433252 | The traffic is placed in network-control queue on extended port even if it comes in with different dscp marking |
In Junos Fusion scenario, when traffic from aggregation device (AD) to satellite device (SD) is exported with different DSCP marking, it might be changed into network-control queue on extended port of SD. |
| PR Number | Synopsis | Category: QFX PFE L2 |
| 1437577 | Physical layer and MAC/ARP learning might not work for copper base SFP-T on QFX5100/QFX5110/EX4600 |
On QFX5100/QFX5110/EX4600 platforms, if copper base SFP-T is used, it might not get up on physical layer and the MAC/ARP learning might not work if it gets up. The PR fixes both layer-1 and layer-2 issues in this scenario. |
| 1462171 | The LLDP function might fail when a Juniper device connects to a non-Juniper one |
On EX/QFX platforms with STP disabled, the LLDP function might fail when a Juniper device connects to a non-Juniper one. In this scenario, the LLDP PDU with destination MAC 01:80:c2:00:00:00, which is one of the three reserved MAC addresses for LLDP in IEEE 802.1AB, will be ignored by Juniper LLDP process, and this causes the LLDP function failure. This issue has service impact. |
| 1467763 | The fxpc.core might be seen when committing the configuration all together, e.g., after the reboot |
On EX2300/3400/4300/4600 and QFX Series switches except for QFX10k, if committing the configuration all together (e.g., after the reboot), the fxpc/PFE core dump might be found. In the Virtual Chassis scenario, the VC members might be splitted because the VC ports might not be created in time. |
| 1469596 | Ingress traffic might be blackholed if underlying interfaces flap in EVPN/VXLAN scenario |
On QFX5000 platforms with Ethernet Virtual Private Network (EVPN) and Virtual Extensible LAN (VXLAN) scenario, if there is the underlying interface flaps for the core network side, all the ingress traffic might be backholed by the VXLAN Tunnel Endpoint (VTEP) due to this issue. |
| PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
| 1367439 | Invalid VRRP mastership election on QFX5110-VC peers |
In some specific scenarios, the configuration of bpdu-block-on-edge might cause both QFX5110 to claim as VRRP masters. |
| 1367439 | Invalid VRRP mastership election on QFX5110-VC peers |
In some specific scenarios, the configuration of bpdu-block-on-edge might cause both QFX5110 to claim as VRRP masters. |
| 1455547 | The coredump might occur during adding/removing EVPN Type-5 routing instance |
On QFX platforms, the coredump might occur during adding/removing EVPN Type-5 routing instance. The EVPN route would be corrupted and traffic/service impact appears if hitting the issue. |
| 1460688 | The egress interface in PFE for some end-hosts may not be correct on the layer 3 gateway switch after it is rebooted |
On edge-routed bridging (ERB) EVPN-VXLAN multihoming designs with QFX5110 and QFX5120 switches work as Layer 3 gateways, in some rare condition, when one of the switches acting as L3 gateway comes up after reboot, the egress interface in PFE for some end-host may not be updated to the correct next-hop interface in the hardware on that gateway. This issue cause traffic disruption for the affected end host |
| PR Number | Synopsis | Category: QFX PFE MPLS |
| 1477301 | The traffic may be lost over QFX5100 switch acting as a transit PHP node in the MPLS network |
In the MPLS network, the packets may get dropped by egress node if the packets go through the QFX5100 switch acting as a transit PHP (penultimate-hop popping) node. |
| PR Number | Synopsis | Category: Accounting Profile |
| 1452363 | The pfed might crash and not be able to come up on the PTX or TVP platforms |
The flow label statistics are retrieved periodically by pfed for PTX or TVP platforms, if the statistics reply becomes very big number, the pfed might crash hence affecting traffic. |
| PR Number | Synopsis | Category: ACX L2 related features |
| 1461831 | ACX platform LLDP neighbour not up on lag after software upgrade to 18.2R3-S1 |
In case of acx platform, if LLDP is configured on lag interfaces, it will not work. |
| PR Number | Synopsis | Category: ACX Interfaces IFD, IFL, vlans, and BRCM init |
| 1284590 | ACX5k MacDrainTimeOut and bcm_port_update failed: Internal error |
On ACX5K, the buffer is corrupted on port 0 (*/*/0) and error message MACDRAINTIMEOUT and dcbcm_check_stuck_buffers are observed, which could eventually lead to port 0 (*/*/0) flapping. |
| 1411015 | The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx |
The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx. |
| PR Number | Synopsis | Category: ACX GE, 10GE, PoE, IDT framers |
| 1439384 | interface on ACX1100 remains down when using SFP-1FE-FX (740-021487) |
Interface with SFP-1FE-FX transceiver optic (740-021487) will not come UP on ACX routers. |
| PR Number | Synopsis | Category: MPC Fusion SW |
| 1454595 | The 100G Interfaces may not come up again after going down on MPC3E-NG |
On MPC3E-NG cards with 100G interface in use, if the interface detects Loss of Lock (LOL) on the link without Loss of Signal (LOS), the interface will go down and may not come up again after the link is recovered. |
| PR Number | Synopsis | Category: a20a40 specific issue |
| 1461487 | A VM core might be observed if configuring a sampling rate of more than 65,535. |
Configure the sampling rate more than 65535 may trigger vmcore on SRX5000 series platforms. |
| 1465159 | The AE interface cannot be configured on an SRX4600 device. |
On SRX4600 platform, the Aggregated Ethernet (AE) interface cannot be configured for channelized port. The commit will fail for corresponding configuration. This issue has function impact. |
| PR Number | Synopsis | Category: common or misc area for SRX product |
| 1430941 | Unable to launch J-Web when the device is upgraded through USB image. |
On SRX5000 series, when the device is upgraded through USB image, J-Web is not available and needs to be installed through "request system software add optional://jweb-srx". |
| 1437098 | LACP traffic is distributed evenly on ingress child links but not on egress links. |
On SRX5k with SPC3 and SRX4600 platforms, the distribution of traffic over Link Aggregation (LAG) member ports does not take into account Layer 4 port information. |
| PR Number | Synopsis | Category: BBE Autoconfigured DVLAN related issues |
| 1467468 | L2 Wholesale not forwarding all client requests with stacked VLAN |
In the Non-ANCP Based L2 Wholesale scenario, if more than one request packets from customer side encapsulated in dual-tagged VLAN arrive at PE device, only the first one of the packets which share the same outer VLAN gets forwarded, and the rest will fail. |
| PR Number | Synopsis | Category: BBE database related issues |
| 1457284 | UI_OPEN_TIMEDOUT: Timeout connecting to peer 'database-replication' |
Syslog "timeout connecting to peer database-replication" is generated when command "show version detail" issued. |
| PR Number | Synopsis | Category: BBE interface related issues |
| 1467125 | The PPPoE subscribers get stuck due to the PPPoE inline keepalives don't work properly |
In the PPPoE subscriber management environment, due to the PPPoE inline keepalives timeout events may get dropped by the RE (routing engine), the PPPoE subscribers get stuck. This issue may cause the PPPoE subscribers are unable to reconnect. |
| PR Number | Synopsis | Category: the replication daemon (repd) for Shared Memory-base |
| 1461796 | repd core dump during system boot up. |
repd core dump during system boot up. This state is caused by cyclic dependency between repd daemon and other daemons. |
| PR Number | Synopsis | Category: BBE routing |
| 1458369 | The subscriber routes are not cleared from backup RE when session is aborted |
On MX platforms with enhanced subscriber enabled, the subscriber routes might not be cleared from backup RE when session is aborted. The bbe-smgd memory leak might be seen on the backup RE and subscribers could not login after switchover. |
| PR Number | Synopsis | Category: MIBs related to BBE |
| 1470664 | SNMP interface-mib stops working for PPPoE clients |
SNMP interface-mib stops working for PPPoE clients. In this scenario SNMP works fine for standard queries on the MX router, but for subscriber statistics always returns value of zero. |
| PR Number | Synopsis | Category: Bi Directional Forwarding Detection (BFD) |
| 1432440 | In BFD and GR enabled scenario, BFD DOWN packets are not being sent immediately after BFD failure |
In both GR helper and GR restarter scenarios, BFD down packets are not immediately sent. It might cause an issue where BGP session down is notified before BFD DOWN. |
| PR Number | Synopsis | Category: Border Gateway Protocol |
| 1423647 | Route churn might be seen after changing maximum-prefixes configuration from value A to vlaue B |
In BGP setup configured with VPN families (inet-vpn, inet6-vpn, l2vpn, evpn or mvpn), route churn might be seen after changing maximum-prefixes configuration from value A to value B, it causes rpd CPU usage to be hogged for about an hour. |
| 1437837 | The rpd process crash might be observed if leaking multi-pathed BGP routes from routing-instance to another routing table |
This issue applies to Junos platforms with BGP multipath configured under a routing-instance and a RIB group is deployed to leak routes from that routing-instance to another routing table. "rpd" may restarts unexpectedly when performing multipath calculation operations for the secondary routes - (such as, removing the rib-groups/bouncing BGP neighbor under routing-instance.) The secondary routes refer to the second RIB in a RIB (Routing Information Base) group. |
| 1442902 | The CPU utilization on rpd spins at 100% once the same external BGP route is learned in different vrf tables |
With "advertise-external" knob configured in BGP and "auto-export" knob configured in vrf, once the same external bgp route is learned in different vrf via the import policy, the CPU utilization on rpd will spin at 100% immediately. |
| 1454198 | The rpd scheduler slip for BGP GR might be up to 120s after the peer goes down |
In BGP GR (graceful-restart) scenario (graceful-restart is configured for BGP or GR-helper mode is enabled by default), when high-scale routes get learnt from one peer, the rpd scheduler slip might be up to 120s after that BGP peer flaps. |
| 1454951 | The rpd process might crash when multipath is in use |
If multipath is enabled, in some certain conditions, The rpd process might crash while secondary route resolution is running. |
| 1461602 | The rpd scheduler slips might be seen on RPKI route validation enabled BGP peering router in a scaled setup |
In scaled BGP environment (e.g. global table ~3M routes or more) when there are a lot of (e.g 10k or more) more specific routes for a certain IPv4 or IPv6 prefix covered by some RV (route validation) record, a change in RV records database might lead to rpd (routing protocol daemon) scheduler slips, which could trigger routing protocol adjacency flap. The same could be triggered by executing "clear validation database" command or shortly after initial session RPKI (resource public key infrastructure) establishment event. |
| 1472671 | The rpd process might crash with BGP multipath and damping configured |
On all Junos platforms running with Border Gateway Protocol (BGP), if both BGP multipath and BGP damping are configured, it might happen that, when the active route, for example r1, is withdrawn but it is not really deleted due to damping, then BGP might be unable to find its original gateway when the route r1 is relearned and becomes the best route again. It will lead to the rpd process crash. |
| PR Number | Synopsis | Category: Track PRs in BGP BMP area & is part of BGP inside RPD. |
| 1466477 | BGP Open messages with specific types of BGP Optional Capabilities causing BMP messages not been encoded correctly when sent to the BMP Collector. |
The issue happens when a specific type of BGP optional capabilities are sent to the Juniper device during a BGP session establishment, resulting in BMP errounesly encoded later messages sent to the BMP collector. Problem only manifest itself when the BGP peer is using the 'allow' feature ( Also known as bgp listen/dynamic mode ). |
| PR Number | Synopsis | Category: BBE Remote Access Server |
| 1460578 | DHCPv6 subscribers might be stuck in a state after the authd process crash |
On MX platform with DHCPv6 subscriber scenario, after the authd process crash happens, the subscribers might be stuck in a state and can not come online until restarting the jdhcpd and smid process. The authd process crash is a rare issue which might be caused by the system clock was adjusted in some manner. |
| PR Number | Synopsis | Category: Cassis pfe microcode software |
| 1464820 | MPC5E/6E might crash due to internal thread hogging the CPU |
PR 1382182 (which is fixed in 16.2R3 17.1R3 17.3R3-S3 17.3R4 17.4R2-S3 17.4R3 18.1R3-S2 18.1R4 18.2R2 18.2X75-D40 18.3R2 18.4R1 19.1R1) introduced an improper code which could cause an internal thread to hog the CPU and eventually result in the MPC crash. It is a timing issue and affects MPC5E/6E. |
| PR Number | Synopsis | Category: MX Platform SW - FRU Management |
| 1463169 | MX2000 CB 19.44MHz clock failure is fatal, should trigger a CB switchover |
Problem: CB clock failure does not switchover mastership. Master CB with faulty clock can't operate normally. Solution: Interrupt based CB clock failure detection and RE mastership switchover from faulty CB. Whenever CB 19.44MHz clock failure is detected by HW, it generates interrupt and handled by Chassis-control process. Chassis-control process interrupt handler does a RE switch if GRES is active and backup RE is ready to take over. |
| PR Number | Synopsis | Category: MX Platform SW - UI management |
| 1453533 | Alarm was not sent to syslog on MX10003 platform |
On the MX10003 platform, the alarmd wont write the alarm messages to the syslog. |
| 1457657 | The chassisd process and all FPCs may restart after RE switchover |
The chassisd process and all FPCs may restart after RE switchover if the knob "master-only" is enabled. |
| PR Number | Synopsis | Category: Class of Service |
| 1472083 | Unexpected traffic loss might be discovered in certain conditions under fusion scenario |
On MX platform with enhanced queuing MPC under fusion scenario, EP (Extended Port) hosted on multiple CPs (Cascade Port) which are from different PFEs on the same FPC. Unexpected traffic loss might be observed if a CoS policy with the knob "rate-limit" is applied. |
| PR Number | Synopsis | Category: Class of service in forwarding daemon |
| 1439401 | The COS rewrite rule does not work for st0 interface |
On NFX Series platforms, when a CoS rewrite rule is configured for the st0 interface, the CoS value will not take effect on the corresponding forwarding class. It causes CoS not to work as expected. |
| PR Number | Synopsis | Category: OpenSSH and related subsystems |
| 1454177 | SSH login might fail if a user account exists in both local database and RADIUS or TACACS+. |
On SRX Series device, the SSH login from automation tools to the Junos device is not successful when using authentication method password (not 'keyboard-interactive'). If the username is configured both as a local user and also on a remote RADIUS or TACACS server, using the Juniper-Local-User-Name attribute pointing to a different local username. |
| PR Number | Synopsis | Category: Device Configuration Daemon |
| 1457460 | Mismatched MTU value causes the RLT interface to flap |
In Redundant Logical Tunnel (RLT) with any dynamic protocols that rely on this interface scenario, when performing a "commit full" operation, which might cause the protocol to get flapping if MTU is configured at IFD level of the RLT. Due to the mismatch MTU value calculated by DCD and Kernel that triggers the IFD flapping, and then the protocols flapping. |
| 1475634 | Commit error is not thrown when member link is added to multiple aggregation group with different interface specific options |
Commit error is not thrown when member link was added to multiple aggregation group with different interface specific options. When member interface added to bundle with both ether and gig-ether interface specific options, gig-ether option takes precedence over ether options. |
| PR Number | Synopsis | Category: Firewall Filter |
| 1450928 | The arp packets are getting dropped by PFE after chassis-control is restarted |
The arp packets are getting dropped by PFE after chassis-control is restarted. |
| 1452435 | Commit error and dfwd coredump might be observed when applying a firewall filter with action "then traffic-class" or "then dscp" |
Commit failure with error might be seen and the dfwd crashes when applying a firewall filter with action "then traffic-class" or "then dscp" to an interface. |
| 1465093 | On MX10008 and MX10016 routers policer bandwidth-limit cannot be set higher than 100g |
MX10008 and MX10016's "policer bandwidth-limit" can not be set higher than 100G. |
| 1466698 | An output bandwidth-percent policer with logical-bandwidth-policer applied to an AE bundle along with an output-traffic-control-profile has incorrect effective policing rate |
On MX platforms, for an AE bundle of at least two members hosted at two different FPCs, if the AE interface is with CoS output-traffic-control-profile of shaping-rate and with the output filter of policer with logical-bandwidth-policer and bandwidth-percent, the AE interface might have incorrect effective output policing rate. |
| 1473093 | Traffic might not be forwarded into the right queue but the default queue when VPLS traffic has three or more VLAN tags with VLAN priority 5 |
On the MX platform with MPC line card (except DPC line card) used, if an input firewall filter is configured at the ingress VPLS interface, the packet with a VLAN priority of 5 with three or more VLAN tags might be forwarded into the wrong queue. When this occurs, it might cause traffic loss due to congestion as all traffic is forwarded into the default queue. |
| PR Number | Synopsis | Category: dhcpd daemon |
| 1471161 | DHCP relay with forward-only might fail to send OFFER messages when DHCP client is terminated on logical tunnel interface |
On all Junos platforms, when DHCP relay is configured with forward-only, and DHCP client is terminated on logical tunnel interface that multiple IFLs under this lt- interface have a same VLAN, DHCP relay might fail to send OFFER messages. |
| 1474097 | DHCP-server : radius given mask being reversed. Seems to me big/small endian conversion issue on PPC based REs |
DHCP-server : radius given mask being reversed. Seems to me big/small endian conversion issue on PPC based REs. This is occurring because of big/small endian platform data format conversion. |
| PR Number | Synopsis | Category: CoS support on DNX |
| 1470619 | RED drop on interface even without any congestion |
On DNX-based platforms such as an ACX5448 - when changing an interface configuration - such as from vlan-tagging to flexible-vlan-tagging 2-3 times - you may see persistent RED drops even when the interface does not experience congestion condition. |
| PR Number | Synopsis | Category: Covers Application classification workflows apart from custo |
| 1454180 | Introduction of default inspection-limits to AppID to optimize CPU usage and improve resistance to evasive applications |
AppID is significantly more resistant to evasive applications. It does this by introducing default inspection-limits which can be adjusted by using the new commands 'set services application-identification inspection-limit' and 'set services application-identification global-offload-byte-limit'. |
| 1463159 | A core file will be generated when perform an ISSU on SRX platforms |
When APPID is enabled and perform an ISSU on SRX devices, it might cause traffic impact and generate core-dump file. |
| PR Number | Synopsis | Category: Ctrl Plane SW defects for Dvaita NPI (Node Virtualization) |
| 1451215 | Main chassisd thread at a JNS GNF could experience stalls upon GNF SNMP polling for hardware-related OIDs |
- Chassisd main thread stalls could be seen at a JNS GNF upon GNF SNMP polling for HW-related OIDs (e.g. ones from jnxBoaAnatomy MIB). - If a GNF chassisd main thread stalls are ongoing and the GNF is restarted, then a service MGD process at the BSYS could start spinning at 100% CPU. This MGD process won't terminate by itself and will be consuming 100% CPU even when the GNF is back online. |
| PR Number | Synopsis | Category: Manageability SW defect for Dvaita NPI (Node Virtualization) |
| 1429090 | Dvaita JDM:The emitted XML is INVALID is thrown for show virtual-network-functions |
Issue: XML output for the cli operational command 'show virtual-network-functions' is invalid as the xml data contains all the VNF info under single root tag 'vnf-instance' However this issue doesn't lead to any JDM functionality break. It can be considered as an issue only if this xml output is consumed by any XML parser and the parser doesn't expect the duplicate tags for multiple vnfs under a single root tag, but when it expects the each vnf information as a group. |
| PR Number | Synopsis | Category: JUNOS Dynamic Profile Configuration Infrastructure |
| 1188434 | UID may not release properly in some scenarious after service session deactivation |
When same UID objects are used in both inet and inet6 services of the same subscriber session, deactivation the first session cause conditions which avoid releasing UID entry after deactivation second service session. This leads to having stale UID entry and can cause subscriber's connection problem in the future when UID pool would be completely exhausted. The probability of hitting the issue increases if amount subscriber to amount of unique services ratio is aproaching 1 (i.e. when almost every subscriber has a service with unique servie objects). |
| PR Number | Synopsis | Category: dynamic dcd prs |
| 1470622 | Executing commit might hang up due to stuck dcd process |
When dynamic DHCP sessions are existing in the device, if multiple commits in parallel are performed, the commit might hang up. |
| PR Number | Synopsis | Category: Ethernet OAM (LFM) |
| 1465608 | Need two knobs for EOAM CFM interoperability between MX10003 and Ciena CPE |
Customer need two knobs for EOAM CFM interoperability between MX10003 and Ciena CPE Two knobs: 1. primary-vid - this allows interop with Ciena CPE - which is used at evert tower site to est. EOAM CFM session 2. enhanced-cfm-mode - provides required scale needed for EOAM for CBH and METROE services |
| PR Number | Synopsis | Category: EX Chassis Interface Handling |
| 1441035 | The ports of the EX device might stay in up state even if the EX46XX/QFX51XX series device is rebooted |
With DAC cable used between EX46XX/QFX51XX series device and EX device, during rebooting the EX46XX/QFX51XX series device, the ports on EX device might still stay up. |
| PR Number | Synopsis | Category: Express PFE CoS Features |
| 1450265 | CoS classification does not work on QFX10K |
On QFX10K platforms, under the scale scenario more than 500 AE IFLs, if the classifier configuration frequent churns or link flaps, the CoS classification will not work on the impacted interfaces. |
| PR Number | Synopsis | Category: Express PFE FW Features |
| 1426539 | The host-bound traffic might be dropped after performing change configuration related to prefix-list |
On PTX1K/10K, PTX3K/5K with FPC3 or QFX10K series, if the prefix entries configured in prefix-list exceeds the limit what the Packet Forwarding Engine (PFE) chipset supports, some unexpected behavior might be observed (e.g. the host-bound traffic drops) after performing change operation related to the prefix-list configuration (e.g. add a prefix to prefix-list which is associated with filter). |
| 1462634 | The sample/syslog/log action in output firewall filter with packet of size less than 128 might cause ASIC wedge (all packet loss) on PTX platforms |
On PTX platforms, if output firewall filter is configured with sample/syslog/log action, the host interface might get wedged for packets with lengths 0-128 including Layer 3 headers. |
| PR Number | Synopsis | Category: Express PFE L3 Features |
| 1430028 | Reclassification policy applied on the route prefixes might not work on PTX platforms |
On PTX platforms, when the protocol route prefixes received are configured with reclassification policy which based on community, it might be seen that traffic is not reclassified as expected. |
| PR Number | Synopsis | Category: Express PFE MPLS Features |
| 1424553 | LACP packet does not pass through l2circuit |
LACP packet does not pass through l2circuit |
| PR Number | Synopsis | Category: Enhanced Broadband Edge support for firewall |
| 1463420 | The subscribers might not pass traffic after doing some changes to the dynamic-profiles filter |
On MX platform, with enhanced subscriber enabled, if doing some changes to a dynamic-profiles filter, the subscribers built on the filter might no longer forward traffic. |
| PR Number | Synopsis | Category: PTX Express ASIC interface |
| 1428307 | Interface does not come up after interface flapping and FPC reboot |
In PTX with FPC3-PTX and QSFP28 PIC, or MX platforms with EA/ZT-chip based line cards, one of the interfaces on them might not come up after an interface of peer device flapping in short intervals and then restart the local FPC. Due to the BCM8238x chip of Broadcom with a wrong re-timer leading to the local interface remain in "down" state. |
| PR Number | Synopsis | Category: Signature Database |
| 1467561 | When creating dynamic-attack-groups within IDP that contain many (30+) filters, the query would fail and the group would not be populated with any attacks. |
When creating dynamic-attack-groups within IDP that contain many (30+) filters, the query might fail and the group would not be populated with any attacks. |
| PR Number | Synopsis | Category: Inline NAT PRs for defect & enhancement requests |
| 1446267 | The static route for NAT might never come up if switchover the service interface which has NAT and GR configuration |
On MX platform, when switchover a service interface that has NAT and GR configuration, the static route for NAT might never come up. |
| PR Number | Synopsis | Category: Kernel software for AE/AS/Container |
| 1459692 | In MC-LAG scenario traffic destined to VRRP virtual MAC gets dropped |
When VRRP (virtual router redundancy protocol) is configured on MC-LAG (multichassis link aggregation groups), traffic destined to VRRP virtual MAC address might get dropped because the virtual MAC is not correctly programmed in PFE (packet forwarding engine). |
| PR Number | Synopsis | Category: Optical Transport Interface |
| 1429279 | After member interface flapping AE remains down on 5X100GE DWDM CFP2-ACO PIC. |
On 5X100GE DWDM CFP2-ACO PIC on PTX series platforms, if any AE member interface flaps, the AE interface might stop receiving the LACP RX packets and fail to come up. It can be recovered by disabling/enabling the AE interface. |
| 1467712 | "MIC Error code: 0x1b0002" alarm might not be cleared for MIC on MPC5E when the voltage has returned to normal |
The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC5. |
| PR Number | Synopsis | Category: Integrated Routing & Bridging (IRB) module |
| 1461677 | In EVPN scenario memory Leak might be observed when proxy-macip-advertisement is configured |
In EVPN scenario if "proxy-macip-advertisement" knob is configured, it might cause memory leak. Traffic would be impacted in case the memory leak is not stopped. |
| PR Number | Synopsis | Category: ISIS routing protocol |
| 1455432 | The rpd might crash continuously due to memory corruption in ISIS setup |
With ISIS configured and in a very rare case, memory corruption may occur, this may cause rpd crash continuously. |
| PR Number | Synopsis | Category: jdhcpd daemon |
| 1442222 | The jdhcpd process might go into infinite loop and cause 100% CPU usage |
When DHCP is configured, if subscribers are moved from one routing-instance to another or if the subscribe is deleted and re-added, the jdhcpd process might go into infinite loop and cause 100% CPU usage. |
| 1459925 | DHCP packet might not be processed correctly if DHCP option 82 is configured |
In Dynamic Host Configuration Protocol (DHCP) scenario, an zero length sub-option of the option 82 in DHCP DISCOVER message might not be processed correctly causing other DHCP options from DHCP DISCOVER message to be mis-processed as well. This issue has service impact. |
| 1465964 | The ISSU might fail during subscriber inflight login is happening |
On the MX platform with the DHCP subscriber scenario, if subscriber logging in is happening during the ISSU process, the ISSU failure might be observed. |
| PR Number | Synopsis | Category: Adresses ALG issues found in JSF |
| 1474942 | The flowd/srxpfe process might crash when an ALG creates gate with incorrect protocol value |
On SRX chassis clusters, when an ALG creates gate with incorrect protocol value, the flowd/srxpfe process might crash on one node. This issue might happen in the situation that an ALG receives a corrupted RTO message on secondary node. It might affect the traffic. |
| PR Number | Synopsis | Category: Adresses NAT/NATLIB issues found in JSF |
| 1471932 | The flowd/srxpfe process might crash when traffic is processed by both ALGs and NAT |
The flowd/srxpfe process might crash when traffic is processed by both ALGs and NAT. |
| PR Number | Synopsis | Category: To track issues related to jsf tcp proxy |
| 1467351 | The jbuf process usage may increase up to 99 percent after Junos OS upgrade. |
The daemon jbuf usage may get a high level after Junos upgrade, resulting in jbuf warning logs and possible jbuf exhaustion, which might eventually cause traffic loss. |
| PR Number | Synopsis | Category: Flow Module |
| 1458727 | Optimizations were made to improve the connections-per-second performance of an SPC3. |
Optimizations were made to improve the connections-per-second performance of SPC3 |
| 1462825 | The tunnel packets might be dropped because gr0.0 or st0.0 interface is wrongly calculated after a GRE or VPN route change. |
On SRX Series device, MTU is wrongly calculated in a gr0.0 or st0.0 interface after a GRE or VPN route change. If the command do-not-fragment is configured and the packet is bigger than the MTU, the packet might be dropped. |
| PR Number | Synopsis | Category: High Availability/NSRP/VRRP |
| 1468441 | IP monitoring might fail on the secondary node |
IP-monitoring might stop working on secondary node when many instances of IP monitoring are configured on RG(redundancy group)/ RETH(Redundant Ethernet interface). If primary node goes down, failover will not happen which might cause traffic loss. |
| PR Number | Synopsis | Category: JSR Infrastructure |
| 1450545 | Traffic loss might occur when there are around 80,000 routes in FIB. |
On SRX1500 platform, when there are around 800K routes in forwarding information base (FIB), traffic loss might occur and abnormal error messages of some CLI commands would appear due to lack of memory on packet forwarding engine (PFE). This issue has traffic impact. |
| PR Number | Synopsis | Category: interfaces and zones for junos js software |
| 1452488 | On SRX Series devices with chassis cluster, the control link remains up even though the control link is actually down. |
On vSRX 3.0 deployed on Nutanix AHV, the revenue ports ge-0/0/x do not get created and hence the vSRX is unable to handle any traffic. This issue applies only to Junos OS Release 19.1 and later releases. |
| PR Number | Synopsis | Category: Firewall Policy |
| 1453852 | Security policies cannot sync between RE and PFE on SRX |
On all SRX platforms, in a very rare condition, security policies do not be synchronized between RE and PFE. This issue might cause traffic loss. |
| 1458639 | The NSD process might get stuck and cause problems. |
On all SRXs that have policy counter configured, there is a potential risk where the network-security daemon (NSD) on the RE could not communicate with its PFE counterpart (NSD-PFE) after either a HA failover, control link down, or PFE restart. At that point, it could no longer respond to network-security related commands and will not be able to complete coldsync for a newly joined node in HA environment. |
| 1471621 | Policy detail does not display policy statistics counter, even if policy count is enabled. |
The count option in security policy is not working, "show security policies <> detail" will not print traffic statistics for policy. |
| PR Number | Synopsis | Category: IPSEC/IKE VPN |
| 1405840 | The IKE and IPsec configuration under groups is not supported. |
On SRX5400, SRX5600, SRX5800 devices with SPC3, occasionally, if an IKE or IPSec configuration (under groups hierarchy) change is done for one IKE gateway, the tunnel may be cleared for unrelated IKE/IPSec gateway. |
| 1461793 | Traffic is not sent out through an IPsec VPN after update to Junos OS Release 18.2 or later. |
The traffic is not sent out via IPsec VPN after update to 18.2 or above. After updating the Junos to 18.2 or above, SRX drops traffic which send from inside of Responder role device when only aggressive mode of policy based vpn. Because policy based VPN tunnel id is not added to NSP tunnel table, due to this tunnel-id lookup is failing and traffic is getting dropped. |
| PR Number | Synopsis | Category: issues related to RPD sensors including LSP |
| 1449837 | Changing the hostname will trigger lsp on -change notification, not an adjacency on-change notification. Also, currently ISIS is sending host-name instead of system-id in OC paths. |
Currently ISIS is sending system host-name instead of system-id in OC paths in lsdb or Adjacency xpaths in periodic streaming and on-change notification. |
| PR Number | Synopsis | Category: Layer 2 Circuit issues |
| 1464194 | The l2circuit connections might be stuck in OL state after changing the l2circuit community and flapping the primary LSP path |
In l2circuit scenario with community configured, when the community for l2circuit is changed from X to Y to go via a different LSP, the l2circuit connections might be stuck in "OL" state if there is a flap in the primary LSP path. |
| PR Number | Synopsis | Category: Layer 2 Control Module |
| 1431355 | The l2cpd process might crash and generate a core dump when interfaces are flapping |
If there are any conditional groups in the system, the l2cpd process might crash and generate a core dump when interfaces are flapping and the lldp neighbors are available. It might cause the dot1x process to fail and all the ports have a short interruption at the time of process crash. |
| 1450832 | VLAN config change with l2ald restart might cause Kernel sync issues and impact forwarding |
On all Junos platforms including MX, EX, QFX and SRX devices, VLAN config change with l2ald restart might cause Kernel sync issues and impact forwarding. The "show route forwarding table" may show dead BDs, MACs and the "show vlans extensive" may show the state as destroyed. |
| 1469635 | Memory leak on l2cpd process might lead to l2cpd crash |
On all Junos platforms with l2cpd (Layer-2 control protocols) daemon, committing configuration changes which are processed by l2cpd (e.g., flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, family ethernet-switching) might cause marginally memory leak. Committing the l2cpd processed configuration changes in a successive manner might cause the memory resource exhaustion (Some operations have the same effect as the committing action, e.g., bouncing a vlan-tagged interface in a successive way). Eventually, it could result in the l2cpd process crash. |
| PR Number | Synopsis | Category: Layer2 forwarding on EX/NTF/PTX/QFX |
| 1468732 | MAC address might not be learned on a new extended port after VMotion in Junos Fusion Data Center environment |
In Junos Fusion Data Center environment, when a VM is moved from one satellite port to another using VMotion, MAC address of VM might not move to new satellite port in Aggregate Device's switching table. |
| PR Number | Synopsis | Category: Multiprotocol Label Switching |
| 1379480 | ISIS SRGB Block Allocation: Failure |
On MX/PTX platforms , if customer Deactivate/Activate protocols isis OR change SR(Segment Routing) SRGB label range , then MPLS label manager will not free the old label range back to original Dynamic range immediately, so this will cause upper protocols IS-IS allocate Node-SID/Adj-SID label failure . |
| 1465902 | The device may use the local-computed path for the PCE-controlled LSPs after link/node failure |
In a Path Computation Element Communication Protocol (PCEP) scenario where the link/node protection is enabled, the PCE-controlled LSPs may shift to the local-computed path after link/node failure upon path retry processing. |
| 1469378 | [QFX10002] Command "show mpls static-lsp | display xml" produces INVALID XML. |
The "show mpls static-lsp | display xml" command produces INVALID XML when more than 100 static LSP are configured. |
| PR Number | Synopsis | Category: Multicast for L3VPNs |
| 1460625 | The rpd process might crash due to memory leak in "MVPN RPF Src PE" block |
In NG-MVPN scenario with multiple multicast sources, the rpd process might crash due to memory leak in "MVPN RPF Src PE" block. |
| 1469028 | The rpd might crash when "link-protection" is added/deleted from LSP for MVPN ingress replication selective provider tunnel |
In MVPN scenario with ingress replication selective provider tunnel used, if the knob "link-protection" is added/deleted from the LSP for MVPN, rpd crash might be seen. The reason is that when link-protection is deleted, the ingress tunnel is not deleted, and when link link-protection is added back, it tries to add same tunnel, hence the rpd asserts as same tunnel exists. Finally the rpd core might be seen. |
| PR Number | Synopsis | Category: Bugs related to ethernet interface on MX platform |
| 1435221 | Micro BFD session might flap upon inserting a QSFP to other port |
Micro BFD session with timer configured with less than 3x500ms (such as 3x100ms) might flap upon inserting a QSFP to other port. |
| PR Number | Synopsis | Category: MX10K platform |
| 1462065 | "CHASSISD_SNMP_TRAP6: SNMP trap generated: Power Supply failed" when both DIP switches and power switch are turned off |
On MX10008 there is a "Power Supply failed" SNMP trap generated for every power supply which has no feeds connected to it. This happens even if both DIP switches and the power switch on the Power Supply are turned off and no feeds are connected to the PEM. |
| PR Number | Synopsis | Category: Track veHostd, vmm-sdk issues on Mt Rainier RE |
| 1448413 | Process vehostd crashes without coredump and is not restarted |
Automatic restart of vehostd might fail and the following Minor alarm is seen with 'show system alarms' or 'show chassis alarms'. VMHost RE 0 host vehostd Application failed or VMHost RE 1 host vehostd Application failed The process can be restarted manually in affected releases. After the fix of this PR, the process restart is handled properly. |
| PR Number | Synopsis | Category: Track Mt Rainier SPMB platform software issues |
| 1460992 | Hardware failure in CB2-PTX causes traffic interruption |
In PTX 3000/5000 platforms with CB2-PTX (Control Board), there is an existence of an errata on a clock signal component manufactured by a third-party supplier, which might cause the Switch Processor Mezzanine Board (SPMB) and Switch Interface Boards (SIBs) failure, eventually, traffic will be interrupted. |
| PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
| 1425608 | The kernel crashes when removing mounted USB while a file is being copied to it |
If you pulled out a USB from the system while files are being copied, the kernel will panic and the system will restart. |
| 1442376 | EX2300 platforms might stop forwarding traffic or responding to console |
On EX2300/EX2300-C platforms, if Junos OS is with FreeBSD kernel version 11 with the build date on or after 2019-02-12, the switch might stop forwarding traffic or responding to console. A reboot is required to restore the service. |
| 1450093 | EX4300 : CLI config "on-disk-failure" is not supported |
On an EX4300 switch, the CLI configuration "set chassis routing-engine on-disk-failure disk-failure-action (reboot | halt)" is not supported. |
| 1454950 | mgd error found during Junos 18.4R2.7 boot up and Junos did not work as expect |
Packet Forwarding Engine sometimes does not come up after system reboot.Timeout is required to handle the fifo tx/rx error. Debug sysctls are been removed. Mutex been added to handle to race condition. |
| 1469400 | Member of virtual chassis might reboot because of lack of watchdog patting |
In virtual-chassis scenario on EX3400, if watchdog pat did not happen within stipulated time, member (master or backup or linecard) of virtual chassis might reboot automatically with "0x2:watchdog" as reboots reason. |
| PR Number | Synopsis | Category: TCP/UDP transport layer |
| 1449664 | FPC might reboot with vmcore due to memory leak |
On all Junos platforms, if the device is up for a long period (e.g. several weeks or months), there might be a slow memory leak happening in some error scenarios where an application tries to send some data on a stale TCP socket (e.g. short-lived TCP connections used by the mgd process), and this issue might lead to FPC reboot with vmcore files. |
| PR Number | Synopsis | Category: OSPF routing protocol |
| 1444728 | The rpd crash might be seen after configuring OSPF nssa area-range and summaries |
In the scenario of running OSPF, if nssa area-range and summaries are configured, the rpd crash may occur and traffic may be lost. |
| 1463535 | Install all possible next-hops for OSPF network LSAs |
For each network lsa, OSPF code fetches the first router lsa link and adds the only one candidate as route. Now the code is updated to fetch all the router lsa link, present in network lsa. |
| PR Number | Synopsis | Category: Issues related to PKI daemon |
| 1474225 | Certificate error while config validation during Junos upgrade |
During Junos upgrade, config validation might fail with certificate error. |
| PR Number | Synopsis | Category: PTP related issues. |
| 1408178 | QFX5k : Transit traffic loss when one of LAG child interfaces deleted or deactivated |
Traffic does not pass through LAG interface on QFX5k once deleted or deactivated one of child interfaces though LAG interface is UP state. At that time, invalid vlan tag will be added to traffic. |
| PR Number | Synopsis | Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI |
| 1453821 | "show chassis led" shows wrong status |
"show chassis led" status outputs may not proper along with some port status |
| PR Number | Synopsis | Category: Interface related issues. Port up/down, stats, CMLC , serdes |
| 1423496 | Ports may get incorrectly chanalized if they are 10G already and they are channelized to 10G again |
On all junos platforms with channelizing ports on FPCs, if a 40G port which are channelized to 10G ports already (eg:xe-2/0/16:0) are being channelized to 10G again, they may get incorrectly channelized. |
| 1440062 | The EX4600/QFX5100 VC might not come up after replacing VC port fiber connection with DAC cable |
On the EX4600/QFX5100 virtual chassis scenario, the VC may split after replacing VC port fiber connection with DAC cable. |
| 1449406 | CRC error might be seen on the VCPs of the QFX5100 VC |
In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC. |
| 1449406 | CRC error might be seen on the VCPs of the QFX5100 VC |
In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC. |
| 1465302 | The physical interface of AE (Aggregated Ethernet) might take time to come up after disable/enable |
On Junos platforms, the physical interface of AE might come up after a long delay (4 mins) if there are millions of bgp routes learnt on the device. This delay is happening because PFE Manager thread is busy processing the routing updates from RE. These routing updates are the result of AE interface going down at the first step of disabling the interface. |
| PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
| 1438143 | BGP neighbourship might not come up if the MACsec feature is configured |
On QFX10002/QFX10008/QFX10016 Series platforms with MACsec feature enabled, the BGP neighbourship might not be established. |
| 1438143 | BGP neighbourship might not come up if the MACsec feature is configured |
On QFX10002/QFX10008/QFX10016 Series platforms with MACsec feature enabled, the BGP neighbourship might not be established. |
| 1454527 | Dcpfe should crash because usage of data is not NULL terminated on QFX5K |
The dcpfe crash is due to usage of data which is not NULL terminated on QFX5K. |
| 1457456 | Over temperature SNMP trap messages are shown up after update even though the temperature are within the system thresholds |
EX2300 and QFX series switches generate SNMP trap for high temperature after upgrading to any of the affected Junos software. This is due to a temperature threshold value being set incorrectly in the software, SNMP false trap related to temperature gets generated and results in "over temperature" logs. |
| 1465183 | PEM is not present spontaneously on QFX5210 |
On QFX5210 platforms, due to a firmware issue on the power supplies (PEMs) of the switch, the routing engine may spontaneously misread the status registers of a power supply. This produces erroneous messages of PEM not present. Although the power supply is present and can deliver power, the system may then deactivate the power supply believing it not to be present. |
| 1466810 | EPR iCRC errors in QFX10000 series platforms might cause protocols down |
EPR iCRC errors in QFX10000 series platforms might cause protocols down. FPC will be in wedged state and will not pass traffic on that PFE if hitting this issue. EPR iCRC errors are normal and caused by transient hardware conditions. EPR iCRC errors are not expected to impact the protocols, and only one CRC failed packet will be dropped. But due to incorrect handling of this error, it affects protocols and causes FPC wedge. |
| 1471216 | The speed 10m might not be configured on the GE interface |
On QFX5100 and EX4300 mixed-mode Virtual Chassis, the speed 10m might not be configured on the GE interface. |
| PR Number | Synopsis | Category: QFX platform optics related issues |
| 1337340 | On QFX5100 platforms, LR4 QSFP can take up to 15 min to come up after VC reboot |
On QFX5100 platforms, LR4 QSFPs might take take longer to come up than others (up to 15 minutes). This is a intermittent occurrence. |
| 1458363 | Intermittent LAG interface flaps might be seen on QFX platforms |
On QFX platforms with Link Aggregation Group (LAG) interface, if periodic "SFP diagnostic" is configured with short interval (e.g. test sfp periodic diagnostic-interval 3), the LAG interfaces might have intermittent flaps and therefore bring service impact due to this issue. |
| PR Number | Synopsis | Category: QFX PFE Class of Services |
| 1468033 | Ingress drops to be included at CLI from interface statistics and added to InDiscards |
In QFX5000 platforms, as Ingress buffer drops (InDiscards) field is not presented the output of "show interfaces extensive x-x/x/x". This change added ingress buffer drops counters. |
| PR Number | Synopsis | Category: DHCP related Issues |
| 1459499 | JDI-_QFX5200_-REGRESSION-SWITCHING-QFX5200: dhcpv6 LDRA relay bounded count is not as expected after dchp configured |
On qfx5k platforms dhcp6 security with LDRA option is not supported. When ldra is configured, ldra filter to punt packets to host path is conflicting with system default dhcpv6 relay filter, hence packets are not punted to host path. |
| PR Number | Synopsis | Category: Filters |
| 1462594 | The fxpc process might core-dump when changing MTU in a VXLAN scenario with firewall filters applied on QFX5K platforms |
On the QFX5K VC/VCF platform with firewall filters applied on VXLAN enabled interface, the fxpc process might crash when changing MTU for the interface. |
| 1464352 | The dcpfe might crash when changing the firewall filter on QFX5K platforms |
On QFX5K switches, when a firewall filter term is changed in scale conditions (such as, more than 2500 iRACL--ingress Routing ACL entries), the dcpfe might crash especially in make-before-break scenario. It might cause all interfaces in this FPC down. |
| PR Number | Synopsis | Category: for all ipv6 related issues |
| 1459759 | The fxpc process might crash due to several BGP IPV6 session flaps |
On QFX5100 and EX4600 platforms, the fxpc (packet forwarding engine manager) process might crash when multiple BGP IPV6 sessions (for instance around 500) are flapped and then restored at the same time. |
| PR Number | Synopsis | Category: QFX L2 PFE |
| 1474545 | Continuous error log messages might be raised on QFX5K platforms in EVPN/VXLAN scenario |
In EVPN-VXLAN scenario, when an SP style interface is configured both with native-vlan-id and LLDP on QFX5000 platforms, continuous log messages might be observed. |
| PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
| 1412873 | Part of routes could not be provided into PFE when both IPv4 and IPv6 are used. |
On EX and QFX platform with both IPv4 and IPv6 used, in rare case, IPv6 routes loading process will be started even IPv4 routes loading process is not finished yet, which causes part of IPv6 routes could not be provided into PFE finally. The issue will also happen if IPv4 routes start to be loaded without IPv6 routes loading finished. At the end, traffic drop will happen due to the lack of routes in PFE. |
| 1412873 | Part of routes could not be provided into PFE when both IPv4 and IPv6 are used. |
On EX and QFX platform with both IPv4 and IPv6 used, in rare case, IPv6 routes loading process will be started even IPv4 routes loading process is not finished yet, which causes part of IPv6 routes could not be provided into PFE finally. The issue will also happen if IPv4 routes start to be loaded without IPv6 routes loading finished. At the end, traffic drop will happen due to the lack of routes in PFE. |
| 1456336 | Link up delay and traffic drop might be seen on mixed SP L2/L3 and EP L2 type configs |
This PR includes three issues. First one: When Layer3 IFL (logical interface) is configured first and then Layer2 IFL is configured, MAC move might not happen. Second one: On Vxlan setup with large number of child interfaces, link up delay is seen. Third one: In case of VLAN setup with Enterprise/Service Provider L2 and L3 type configs, when all the configs are done in single commit statement then the traffic might not be forwarded. |
| PR Number | Synopsis | Category: QFX MPLS PFE |
| 1469998 | If continuous interface flaps at ingress/egress of PE devices, IP routed packets might be looped on the MPLS PHP node |
On QFX5K platform, when MPLS node-link-protection is configured on all nodes (PE and P device), the IP routed packets might be looped on the MPLS PHP node (P device) if continuous interface flaps at ingress/egress of PE devices. |
| PR Number | Synopsis | Category: QFX EVPN / VxLAN |
| 1454804 | The untagged hosts ARP/NS requests might not be resolved when it is connected on 'encapsulation ethernet-bridge' interface |
On the QFX5120 platform, the ARP request/reply/NS/NA might not get resolved for an untagged packet coming on an interface with 'encapsulation ethernet-bridge' and when this interface is in a vxlan with 'encapsulate-inner-vlan' configuration. |
| 1463939 | JDI-RCT : QFX 5100 VC/VCF : Observing Error BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: while cleanup Evpan-VxLAN configs with Mini-PDT base configurations |
On QFX5100, Error BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: may come while cleanup Evpn-VxLAN configs. These are harmless messages. |
| PR Number | Synopsis | Category: QFX VC Infrastructure |
| 1465196 | A 10G interface might not come up on QFX5100-48T switches or negotiate at speed 1G when connected with Broadcom 57800-T daughter card |
On QFX5100-48T, the 10G interface might not come up or negotiate at the speed of 1G with Broadcom 10G 57800-T daughter card. In the issue state, speed will be set to 1G which might make the interface down and result in traffic impact. |
| PR Number | Synopsis | Category: QFX VCCP |
| 1454343 | Master FPC might come up in master state again after reboot instead of backup |
In QFX5110-32Q VC with 100G VCP links, if the master switch with the lowest MAC address reboot, it might come up in the master state again instead of backup. This can have outage around ten minutes and packets loss. |
| PR Number | Synopsis | Category: KRT Queue issues within RPD |
| 1438597 | RPD might core during router boot up due to file pointer issue as there are two code paths that can close the file. We are attempting to close the file without validating the file pointer. |
RPD might core during router boot up due to file pointer issue as there are two code paths that can close the file. We are attempting to close the file without validating the file pointer. |
| PR Number | Synopsis | Category: RPD Next-hop issues including indirect, CNH, and MCNH |
| 1441550 | The rpd may crash or consume 100% of CPU after flapping routes |
When flapping the existed flood nexthop type routes, it may cause rpd crash or consume 100% of CPU. This issue may cause routing protocols sessions/neighbors flap or traffic loss. |
| 1460786 | IPv6 Prefix might be hidden when received over IPv4 BGP session |
When labeled-IPv6 and non-labeled IPV6 prefixes are received with the same protocol nexthop and the outgoing interface does not have MPLS family enabled, the IPv6 non-labeled route will be in inactive state and remains in hidden state. |
| PR Number | Synopsis | Category: RPD policy options |
| 1453439 | Routes resolution might be inconsistent if any route resolving over the multipath route |
On all Junos platforms, any route resolving over the multipath routes, one scenario is BGP over BGP. After the metric value of any PNH (refers to the second PNH and using it to performing the second time next-hop resolving) changes, meanwhile, if the hash-selection changes happened, it might result in routes resolution inconsistency. Traffic drops could be observed if the packages are still forwarding to the old PNH (Protocol Next Hop). Any recursive resolving multipath scenario might trigger this issue. |
| 1476530 | Support for dynamic-tunnels on SRX-Series devices was mistakenly removed |
Support for dynamic-tunnels on SRX-Series devices was mistakenly removed. |
| PR Number | Synopsis | Category: RPD route tables, resolver, routing instances, static routes |
| 1412667 | The L3VPN link protection doesn't work after flapping the CE facing interface |
Provider Edge Link Protection in Layer 3 VPNs doesn't recover after flapped the CE facing interface. |
| 1459384 | The rpd memory leak might be observed on backup routing engine due to BGP flap |
In a BGP scenario when certain routes are flapping frequently, it could lead to rpd memory leak on backup Routing Engine. The rpd might crash and restart once the rpd runs out of memory for certain junos releases. |
| PR Number | Synopsis | Category: multicast source distribution protocol |
| 1454244 | The rpd memory might leak in a certain MSDP scenario |
In the Multicast Source Discovery Protocol (MSDP) scenario, where the router acts as both Rendezvous Point (RP) and First Hop Router (FHR), connecting to another RP in its AS with a logical loop topology, due to this special setup, it might cause a source-active (SA) message continuously to loop and eventually causes the rpd memory leak. |
| PR Number | Synopsis | Category: Resource Reservation Protocol |
| 1471281 | The rpd crash might be seen after doing some commit operations which could affect RSVP ingress routes |
On all platforms with BGP PIC configured, if doing some commit operations where RSVP ingress routes are affected, the rpd crash might be seen. |
| PR Number | Synopsis | Category: IPSEC functionality on M/MX/T ser |
| 1477483 | On NATT scenario the IKE Version 2 IPsec tunnel might flap if the tunnel initiator is not behind NAT |
On MX platforms with MS-MPC/MS-MIC card installed and NATT scenario, when the IPsec tunnel initiator is not behind NAT, it might cause IPsec tunnel flapping. It happens in IKEv2 scenario. |
| PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
| 1459306 | The traffic might be stuck on MS-MPC/MS-MIC with sessions receiving huge number of affinity packets |
On MX platforms with MS-MPC/MS-MIC, if there are sessions receiving huge number of affinity packets (e.g. thousands of packets), the service interface might be brought down by the prolonged flow-control, and the mspmand process crash might happen. In this case, the traffic will be stuck due to this issue. |
| 1467874 | DNS-Sink holing: Crypto code can cause high CPU utilization |
Crypto library shim memory utilization performance improvement by using data shim instead of control shim. |
| PR Number | Synopsis | Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP) |
| 1460027 | The PPTP doesn't work with destination NAT |
On the MX platform, if the PPTP control connection is established with destination NAT (network address translation), it will be failed. This issue will cause the PPTP traffic loss. |
| PR Number | Synopsis | Category: SRX Argon module bugs |
| 1455169 | The SRX Series devices stops and generates several core files. |
The SRX device generates a lot of core-dumps when AAMW(advanced-anti-malware) and user-firewall features are used. |
| 1460619 | The AAMWD process exceeds 85 percent RLIMIT_DATA limitation due to memory leak. |
The "aamwd" process may exceed 85% RLIMIT_DATA limitation due to memory leak when there is a connection issue with the Sky ATP server. |
| PR Number | Synopsis | Category: platform related PRs on SRX branch platforms |
| 1465199 | Static route through dl0.0 interface is not active. |
On SRX320,SRX345 or SRX550m platforms with LTE Mini-PIM module installed, if configure a static route with the gateway IP address of d10 as next-hop and default route is configured, all traffic destined for the static route will fail to transmit to dl0 interface. |
| 1468430 | Tail drop on all ports is observed when any switch-side egress port gets congested. |
On the SRX300 line of devices with Mini-PIM installed, tail-drop might happen on all ports when the serial egress port gets congested. |
| PR Number | Synopsis | Category: All PRs related to platform SRX5XX |
| 1459037 | SRX branches device might not be reachable when initiating offline command for PIC |
For the SRX branches, the device might not be reachable when offline command is initiated for the PIC (request chassis fpc offline slot xx). It is related to the behaviour of broadcom SDK version 6.5.x. |
| PR Number | Synopsis | Category: MPC7/8/9 Interface Issues |
| 1463015 | An interface might get stuck in down state on certain MX platforms |
The DFE tuning enabled interfaces on certain MX platform might get stuck in down state, if the remote interface sends invalid code to the local interface. Link might not come up even after the remote peer has begun sending a good signal. |
| PR Number | Synopsis | Category: Stout PF fabric (SFB2) |
| 1461356 | Traffic might be impacted because the fabric hardening is stuck |
Fabric hardening (FH) is the process of controlling bandwidth degradation to prevent traffic black hole. When FH is processing, if SFB/SCB get failure, FH process will be stuck, which will get traffic lost. |
| PR Number | Synopsis | Category: MX10003/MX204 MPC defects tracking |
| 1474231 | QSA adapter Lane 0 port might be also brought down when disabling one of the other lanes |
When QSA adapter is installed, the Lane 0 port might be also in down state when disabling one of the other lanes (1, 2 or 3) due to the chan number not entertained. It is not expected behaviour and it might affect service. |
| PR Number | Synopsis | Category: SRX-1RU HA SW defects |
| 1474233 | An unhealthy node might become primary in SRX4600 Chassis Cluster scenario |
In the SRX4600 Chassis Cluster scenario, a node might become primary in a failover scenario. This can lead to packet drops. |
| PR Number | Synopsis | Category: SRX-1RU platfom datapath SW defects |
| 1462610 | Srxpfe/flowd process might crash if changing the sampling configuration |
On all SRX platforms, if Jflow is configured and there is a sampling configuration change, the srxpfe/flowd process might crash. This is a corner issue. It might cause traffic loss. |
| PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
| 1451559 | In EVPN VXLAN scenario, sometimes host generated packets are getting dropped as hitting "reject route" in PFE |
In EVPN VXLAN scenario, sometimes host generated packets are getting dropped as hitting "reject route" in PFE. For example, when you initiate the ICMP request sourced from EVPN instance's L3 GW irb address, the ICMP packet may not get out successfully in below scenario 1. control plane generated packet with overlay destination address (irb) belonging to one particular routing instance and the underlay (vtep) is on a different routing instance, This packet is inserted from control plane on the underlay's routing instance lookup which will fail leading to this control plane generated packet not go out. 2. When MPLS traffic engineering is enabled. The underlay vtep route in inet.0 will be labeled mpls route. |
| 1467764 | The Layer-2 traffic over ae interfaces sent from one member to another is corrupted on MX-VC setup |
On MX-VC setup with bridge-domains configured, if ae interface is used within bridge-domain, and if the ingress ae and egress ae interface host in different VC members, the Layer-2 traffic over ae sent from one member to another is getting corrupted. |
| PR Number | Synopsis | Category: Trio pfe l3 forwarding issues |
| 1381580 | The unicast traffic from IRB interface towards LSI might be dropped due to Packet Forwarding Engine mismatching at egress processing. |
On all Junos with Trio platforms, the unicast traffic might get dropped when it is passed from an Integrated Routing and Bridging (IRB) interface towards label switch interface (LSI) if the Aggregation Ethernet (AE) load balancing adaptive or per-packet is configured. |
| PR Number | Synopsis | Category: UI Infrastructure - mgd, DAX API, DDL/ODL |
| 1464439 | The CPU utilization on mgd daemon might be stuck at 100% after the netconf session is interrupted by flapping interface |
If a netconf session is initiated over inband connection, the CPU utilization on mgd daemon might be stuck at 100% after the netconf session which is executing an RPC call for some commands gets interrupted by flapping interface. There is no impact observed to control-plane or forwarding-plane, the subsequent netconf session will continue to function. |
| PR Number | Synopsis | Category: PTX/QFX10002/8/16 specific software components |
| 1459373 | The error messages with "create_pseudos: unable to create interface device for pip0 (File exists)" might be seen after restarting chassisd |
After chassisd restart (e.g. by 'restart chassis-control' cli command or otherwise) the logs are flooded with 'CHASSISD_IFDEV_CREATE_FAILURE: create_pseudos: unable to create interface device for pip0 (File exists)' messages every 2 seconds. |
| 1471679 | ARP suppression (default enabled) in EVPN not working on MX10008/MX10016 line cards |
If MX10008 or MX10016 function as provider edge (PE) devices in an Ethernet VPN-MPLS (EVPN-MPLS) or Layer 3 VXLAN gateways in an Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) environment, ARP suppression is enabled by default, when the ARP expires on any the CPE's , it sends out an ARP REQ broadcast message , this should be suppressed by the PE(MX10008/MX10016). However, ARP broadcast received on MX10008/MX10016 seems to flooded. |
| PR Number | Synopsis | Category: PTX/QFX100002/8/16 platform software |
| 1464119 | FPC might restart during run time on PTX10K/QFX10K platforms |
On PTX10K/QFX10K platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions. |
| PR Number | Synopsis | Category: VNID L2-forwarding on Trio |
| 1461860 | Traffic received from vtep gets dropped if the VNI value used for type-5 routes is greater than 65535 |
With EVPN-VXLAN on MX platforms, the packets received from vtep would be dropped by PFE (Packet Forwarding Engine) if the VNI value used for type-5 routes is exceeding 65535. |
| PR Number | Synopsis | Category: Virtual Router Redundancy Protocol |
| 1446390 | Continuous VRRP state transition (VRRP master/backup flaps) will be seen when one device drops VRRP packets |
This issue is observed in one scenario when there are three VRRP routers say R1, R2 & R3, the VRRP priority on R1 is larger than R2 larger than R3, and a firewall filter on R3 interface input direction is configured to drop all VRRP packets. Then continuous VRRP state transition (VRRP master/backup flaps) would be seen. It might affect service. |
| PR Number | Synopsis | Category: VSRX platform software |
| 1469978 | vsrx2.0 - config-drive does not work as expected |
Adding the license to the vSRX while it's getting spun through cloud-init fails. It would have to manually add it after the device has booted up. |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search