Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

17.2R3-S3: Software Release Notification for JUNOS Software Version 17.2R3-S3



Article ID: TSB17712 TECHNICAL_BULLETINS Last Updated: 27 Jan 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, VMX, VRR, Network Agent
Alert Description:
Junos Software Service Release version 17.2R3-S3 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts

Junos Software service Release version 17.2R3-S3 is now available.

17.2R3-S3 - List of Open issues

PR Number Synopsis Category: Class of Service
1359767 Configuring host-outbound-traffic under class of service might cause certain devices to stop.
When host-outbound-traffic is configured under class-of-service on an affected platform, a corruption of the TTP packets related to class-of-service marking on the PFE can cause the device to repeatedly crash.
PR Number Synopsis Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1463622 The cosmetic error messages of NTP time synchronization might be seen during device booting
In NTP with the boot-server scenario, when the router or switch boots, the NTP daemon will send a ntpdate request to poll the configured NTP boot-server to determine the local date and time. If the ntpdate is not be activated correctly while the device booting, the ntpdate might not work successfully. Then some cosmetic error messages of time synchronization might be seen, but there is no impact with time update since ntp daemon will update the time eventually.

17.2R3-S3 - List of Fixed issues

PR Number Synopsis Category: EX9200 Control Plane
1452738 The l2ald and eventd are hogging 100% after issued "clear ethernet-switching table"
The l2ald and eventd processes are hogging 100% after issued "clear ethernet-switching table" and also the continuous syslog errors "l2ald[18605]: L2ALD_IPC_MESSAGE_INVALID: Invalid message received (message type 0, subtype 0): null message" are observed.
PR Number Synopsis Category: DC PFE QoS
1466770 Slow packet drops might be seen on QFX5000 platforms
The issue observed on QFX5000 platforms when there are any packets on the port before its buffer configuration is completed after the reboot. This issue is very rare and the window could be just few milli seconds.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1308611 The FPC might crash when implicit filter chaining is attached to an interface
When implicit filter chaining (two or more implicit filters are attached to the same interface) is attached to an interface, in race condition, FPC might crash. For example, on the loopback interface, there is a default DDOS implicit filter exist, so add another implicit filter (e.g. attach a BFD session) to the loopback interface might trigger this issue.
PR Number Synopsis Category: ACX Interfaces IFD, IFL, vlans, and BRCM init
1284590 ACX5k MacDrainTimeOut and bcm_port_update failed: Internal error
On ACX5K, the buffer is corrupted on port 0 (*/*/0) and error message MACDRAINTIMEOUT and dcbcm_check_stuck_buffers are observed, which could eventually lead to port 0 (*/*/0) flapping.
PR Number Synopsis Category: MPC Fusion SW
1463859 The MPC2E-NG/MPC3E-NG card with specific MIC might crash after a high rate of interface flaps
If any MIC of MIC-3D-2XGE-XFP / MIC-3D-4XGE-XFP / MIC-3D-20GE-SFP-E / MIC-3D-20GE-SFP-EH / MIC-MACSEC-20GE is installed in MPC2E-NG/MPC3E-NG card, the Microkernel (uKern) might hog for CPU on Packet Forwarding Engine (PFE) when there is a high rate of interface flaps (~30/40 flaps per second). This will eventually trigger the MPC2E-NG/MPC3E-NG card crash with an NGMPC core file. Normally the excessive interface flapping won't happen frequently in real world and it may be caused due to external environment. This fix will reduce the impact and prevent the uKern hog when having such conditions.
PR Number Synopsis Category: BBE network stack related issues
1432957 Junos OS: MX Series: In BBE configurations, receipt of a specific MPLS or IPv6 packet causes a Denial of Service
Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot. Please refer to for more details.
PR Number Synopsis Category: Border Gateway Protocol
1351639 The rpd crashes in JunOS 16.1 or higher during BGP convergence
In JunOS 16.1 or higher, during BGP convergence, the input/output thread constructing the outgoing BGP PDU and manipulating the path attributes before hand-off the data to the socket. If this PDU length is zero, it will trigger an assertion and routing-protocol demon is restarting.
1382892 The rpd might crash under a rare condition if GR helper mode is triggered
When graceful restart is configured on the BGP peer device, if the peer device initiate new TCP connection when there is an existing TCP connection for the BGP session, send OPEN message and this new TCP connection also get torn down immediately after establishment/sending of OPEN message. The rpd might crash.
1389379 FPC might crash when BGP multipath is configured with protection
When running with Border Gateway Protocol (BGP) multipath with protection configured, it is possible to encounter a situation where nexthops references are not properly decremented, thus causing the system to hold onto nexthops when they should be freed. This leads to a memory hog situation which eventually results in a Flexible PIC Concentrator (FPC) crash.
1389557 BGP IPv6 routes with IPv4 nexthop causes rpd crash
When a BGP import policy changes IPv6 routes to have IPv4 nexthop, rpd might crash during route resolution. With the fix, changing route to have nexthop with different address family will not be allowed, if the route table does not have that resolution family configured.
1398700 The process rpd might crash in BGP setup with NSR enabled.
The routing protocol daemon (rpd) may restart when BGP teardown a peer when the peer's "prefix-limit" is exceeded. This issue is applicable when the "non-stop-routing" feature is configured.
1402255 On the multi-access/broadcast network, third party BGP router might unexpectedly select RR router as next-hop to forward the IPv6 traffic.
RFC 2545 has a limitation on third party next-hops where the next hop is propagated unchanged. Due to this limitation, BGP inet6 Route-Reflector router attaches the BGP neighbor's IPv6 global address and its own IPv6 link-local address as the next-hops while advertising the route to another BGP neighbor. This could introduce the forwarding issue on the BGP neighbor from other vendors if their device picks up the link-local address as next-hop. This would put the BGP RR router in the traffic forwarding path unexpectedly. This issue will not be seen on Juniper devices because IPv6 link-local address would not be selected as prefix's next hop.
1454198 The rpd scheduler slip for BGP GR might be up to 120s after the peer goes down
In BGP GR (graceful-restart) scenario (graceful-restart is configured for BGP or GR-helper mode is enabled by default), when high-scale routes get learnt from one peer, the rpd scheduler slip might be up to 120s after that BGP peer flaps.
1454951 The rpd process might crash when multipath is in use
If multipath is enabled, in some certain conditions, The rpd process might crash while secondary route resolution is running.
PR Number Synopsis Category: Class of Service
1428144 The host-inbound packets might be dropped if configuring host-outbound FC
On all Junos platforms, if class-of-service host-outbound-traffic forwarding-class is configured and the FC (Forwarding Class) is with an implicit/explicit discard action in the firewall filter, the kernel might classify the host-inbound traffic to the same FC and being discarded.
PR Number Synopsis Category: L2NG Access Security feature
1451688 DHCP Snooping static binding not take effect after deleting and re-adding the entries
From Junos OS release 14.1X53-D15/15.1R1 and above, due to a software defect, DHCP Snooping static binding may not take effect after deleting and re-adding the entries with commit. As a workaround, we can use "commit full" after the configuration changes.
PR Number Synopsis Category: QFX Control Plane VXLAN
1258933 EVPN-VXLAN QFX10k: jprds_dlu_alpha_add : 222 JPRDS_DLU_ALPHA KHT addition failed
Error msg - JPRDS_DLT_ALPHA KHT- shows as failed, but the entries in HW are programmed correctly. This may cause confusion between working and non-working condition.
PR Number Synopsis Category: Firewall Filter
1419438 The firewall filter configuration change might not be applied after software upgrade to Junos release 16.1R1 or later
On all Junos platforms which are upgraded to the release 16.1R1 or above, there is a small chance that the firewall filter compiled objects might not be synchronized between the master and backup Routing Engines (REs), some dfwd error logs might be seen during committing firewall filter configuration change, and no new firewall filter could be applied anymore. It's a timing issue.
1452435 Commit error and dfwd coredump might be observed when applying a firewall filter with action "then traffic-class" or "then dscp"
Commit failure with error might be seen and the dfwd crashes when applying a firewall filter with action "then traffic-class" or "then dscp" to an interface.
1473093 Traffic might not be forwarded into the right queue but the default queue when VPLS traffic has three or more VLAN tags with VLAN priority 5
On the MX platform with MPC line card (except DPC line card) used, if an input firewall filter is configured at the ingress VPLS interface, the packet with a VLAN priority of 5 with three or more VLAN tags might be forwarded into the wrong queue. When this occurs, it might cause traffic loss due to congestion as all traffic is forwarded into the default queue.
PR Number Synopsis Category: JUNOS Dynamic Profile Configuration Infrastructure
1188434 UID may not release properly in some scenarious after service session deactivation
When same UID objects are used in both inet and inet6 services of the same subscriber session, deactivation the first session cause conditions which avoid releasing UID entry after deactivation second service session. This leads to having stale UID entry and can cause subscriber's connection problem in the future when UID pool would be completely exhausted. The probability of hitting the issue increases if amount subscriber to amount of unique services ratio is aproaching 1 (i.e. when almost every subscriber has a service with unique servie objects).
PR Number Synopsis Category: dynamic dcd prs
1470622 Executing commit might hang up due to stuck dcd process
When dynamic DHCP sessions are existing in the device, if multiple commits in parallel are performed, the commit might hang up.
PR Number Synopsis Category: Ethernet OAM (LFM)
1443353 The cfmd process might crash after a restart on Junos 17.1R1 and above
On MX platforms running Junos 17.1R1 and above, when enhanced-ip mode and CFM centralized mode ("no-aggregate-delegate-processing" konb is configured for CFM) are used , after a cfmd restart (e.g. device cold start/restart, RE switchover), the cfmd process might crash and could not run anymore.
PR Number Synopsis Category: Express PFE L3 Multicast
1389569 BFD flaps are seen on PTX or QFX10K platforms with inline BFD
With inline-BFD configured on the PTX or QFX10000 platforms, BFD sessions might flap continuously.
PR Number Synopsis Category: PTX Express ASIC interface
1412126 PTX interface stays down after maintenance
on PTX3000/PTX5000 linecard (QSFP28-100GBASE-LR4) interface may stay down after software upgrade. Issue is usually observed on links connected to another vendors equipment.
1422535 4x10G interfaces on PTX3000/PTX5000 FPC type 3 might not come up after frequently flap for a large amount of time
On PTX3000/PTX5000 platforms with FPC3, if remote-connected interface continuously flaps for a large amount of time, the 4x10G interfaces on FPC3 might get down and never come up. The probability of occurrence increases with the number of continuous flaps.
PR Number Synopsis Category: Optical Transport Interface
1398301 "MIC Error code: 0x1b0002" alarm might not be cleared for MIC on MPC6 when the voltage has returned to normal
The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC6.
1467712 "MIC Error code: 0x1b0002" alarm might not be cleared for MIC on MPC5E when the voltage has returned to normal
The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC5.
PR Number Synopsis Category: ISIS routing protocol
1419800 A memory leak in rpd might be seen if source packet routing is enabled for IS-IS protocol
If source packet routing or segment routing is enabled for IS-IS protocol, a memory leak might happen in the routing protocol process (rpd). The rpd will crash and restart once the rpd runs out of memory.
PR Number Synopsis Category: jdhcpd daemon
1442222 The jdhcpd process might go into infinite loop and cause 100% CPU usage
When DHCP is configured, if subscribers are moved from one routing-instance to another or if the subscribe is deleted and re-added, the jdhcpd process might go into infinite loop and cause 100% CPU usage.
1449353 Junos OS and Junos OS Evolved: Multiple vulnerabilities in JDHCPD allow for OS command injection and code execution of JDHCPD
A device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process configured relay mode is vulnerable to multiple vulnerabilities which allow an attacker to send crafted packets who may arbitrarily execute commands as root on the target device, or who may take over the code execution of the JDHDCP process. Refer to for more information.
PR Number Synopsis Category: Security platform jweb support
1410401 Junos OS: Session fixation vulnerability in J-Web (CVE-2019-0062)
A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. Please refer to for more information.
PR Number Synopsis Category: PFE infra to support jvision
1468435 Optics measurements might not be streamed for interfaces of a PIC over JTI
When tunnel-services are configured on a PIC, the optics measurements that subscribed via gRPC might not be streamed.
PR Number Synopsis Category: Label Distribution Protocol
1460292 High CPU usage and rpd coredump might be observed if "ldp track-igp-metric" is configured and IGP metric is changed
If "protocols ldp track-igp-metric" is configured, metric change of IGP route might cause high CPU usage and rpd coredump on the device.
PR Number Synopsis Category: PTX1000 platform
1401507 The TCP connection for external or internal might be dropped due to a kernel issue
Due to a kernel issue, any TCP connection, either the external TCP carrying like BGP or internal TCP like the connection between ppmd in RE and ppman in PFE might be dropped. It will result in the relevant session going down.
PR Number Synopsis Category: Multiprotocol Label Switching
1402382 MPLS LSP traffic loss might be seen under rare conditions if CSPF is enabled
When make-before-break (MBB) new instance signaling experiences error and before retry is finished, other triggers such as auto bandwidth adjustment timer expiration have to be blocked until MBB finishes. Once the MBB finishes instance switching, blocked trigger needs to be scheduled, but should only be triggered after optimize-adaptive-teardown timer expires. In the affected releases, the blocked trigger is scheduled immediately after instance switching without taking optimize-adaptive-teardown timer into account, it causes old instance to be torn down before whole system finishes changing routes using the new instance, this leads to traffic loss.
1435014 The P2MP LSP branch traffic might be dropped for a while when the Sender PE is doing switchover
On a system with NSR enabled, if the RSVP P2MP LSP with multiple branches is used (NGMVPN is one of the typical scenarios), when bringing down one of the branches (for eg, bringing one of the receivers down -- one of the receivers withdraws interest), and then if doing switchover on ingress PE, some unexpected traffic drop might be seen for a while. The reason is that the withdraw P2MP branch will be deleted but backup RE could not update properly and the LSP is down on the backup RE. After switchover is done, there is no loss seen.
PR Number Synopsis Category: Track Mt Rainier RE platform software issues
1399654 The unexpected alarm might be shown on NG-RE
unexpected alarm might be shown on NG-RE
PR Number Synopsis Category: Track Mt Rainier SPMB platform software issues
1460992 Hardware failure in CB2-PTX causes traffic interruption
In PTX 3000/5000 platforms with CB2-PTX (Control Board), there is an existence of an errata on a clock signal component manufactured by a third-party supplier, which might cause the Switch Processor Mezzanine Board (SPMB) and Switch Interface Boards (SIBs) failure, eventually, traffic will be interrupted.
PR Number Synopsis Category: "ifstate" infrastructure
1379657 Protocol adjacency might flap and FPC might reboot if jlock hog happens.
On all platforms and in scaling scenario, if doing some operations which causes jlock hog, the protocols adjacency might flap and all the FPCs might reboot.
1404507 The VMCore might be seen when there is an interface deletion
In a very rare situation, The VMCore might be seen when there is an interface deletion/addition.
PR Number Synopsis Category: IPv6/ND/ICMPv6 issues
1443576 JSA10982 Junos OS: Improper handling of specific IPv6 packets sent by clients may cause client devices IPv6 traffic to be black holed, and eventually kernel crash (vmcore) the Junos device. (CVE-2020-1603)
Improper handling of specific IPv6 packets sent by clients may cause client devices IPv6 traffic to be black holed. Additionally, these specific IPv6 packets improperly attempt to egress the RE and cause a memory leak to occur within the Juniper Networks Junos OS device. This memory leak eventually leads to a kernel crash (vmcore) creating a Denial of Service (DoS) condition. Refer to for more information.
PR Number Synopsis Category: PFE Peer Infra
1404368 chassisd process becomes unresponsive causing line-cards disconnecting from the RE due to high CPU usage. The peer-proxy-thread was stuck in a tight loop causing high CPU
During a major network churn event, the chassisd process may become unresponsive due to the ppt ( peer-proxy-thread) being in a tight loop. This leads to FPCs being disconnected and reboot.
PR Number Synopsis Category: OSPF routing protocol
1444728 The rpd crash might be seen after configuring OSPF nssa area-range and summaries
In the scenario of running OSPF, if nssa area-range and summaries are configured, the rpd crash may occur and traffic may be lost.
PR Number Synopsis Category: QFX PFE Class of Services
1468033 Ingress drops to be included at CLI from interface statistics and added to InDiscards
In QFX5000 platforms, as Ingress buffer drops (InDiscards) field is not presented the output of "show interfaces extensive x-x/x/x". This change added ingress buffer drops counters.
PR Number Synopsis Category: QFX L2 PFE
1439073 Interfaces configured with flexible-vlan-tagging might loss connectivity
On QFX5000 series platform and related products (like ACX5K and EX4600), a port configured in service provider style (flexible-vlan-tagging) might lose connectivity over the native VLAN when additional tagged VLANs are added to it. The impact is that all the hosts' traffic over the designated native VLAN might be dropped.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1377447 Debug log message, "expr_nh_flabel_check_overwrite: Caller nh_id params", classified as Error Log when it should be LOG_INFO.
Debug logs are printed as error logs in /var/log/messages. Debug log message, "expr_nh_flabel_check_overwrite: Caller nh_id params", classified as Error Log when it should be LOG_INFO
PR Number Synopsis Category: KRT Queue issues within RPD
1402569 JUNOS rpd core seen after couple of config rollback event from baseline config to pdt profile config
JUNOS RPD core seen after multiple configuration rollback events from baseline config to configuration with large BGP+IGP configuration. In certain events, a change in import policy or resolution rib at the same time when BGP peer is shutting down can cause inconsistencies in Next-Hop entries, in causing RPD process coredump.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1441550 The rpd may crash or consume 100% of CPU after flapping routes
When flapping the existed flood nexthop type routes, it may cause rpd crash or consume 100% of CPU. This issue may cause routing protocols sessions/neighbors flap or traffic loss.
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1387050 The rpd might crash when traceoptions are enabled
When traceoptions are enabled with a lot of trace flags or 'flag all', the rpd might crash due to buffer overflow issue. This is a timing issue.
PR Number Synopsis Category: SNMP Infrastructure (snmpd, mib2d)
1350826 SNMP Traps not being sent by the new master RE after RE mastership switchover
Sometimes, the trap-source-address bind is getting delayed because the platform does not attach the respective IP to any of the interfaces on the router. But since trap is generated at the start before any configured trap source-address is not yet bound properly, this trap is not added into the throttle/destination trap queues.
1392616 The snmpd process might crash and cause a core dump
The snmpd process leaks memory in the SNMPv3 query path and crashes. The issue is caused by a memory leak when the request PDU is dropped by SNMP when the snmp filter-duplicates configuration is enabled. Each request PDU has a structure pointer for the SNMPv3 security details. This is allocated when the PDU is created or cloned. But while dropping the duplicate requests, the corresponding structure is not freed, which causes the memory leak.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1405423 MX Series: Denial of Service vulnerability in MS-PIC component on MS-MIC or MS-MPC (CVE-2019-0065)
On MX Series, when the SIP ALG is enabled, receipt of a certain malformed SIP packet may crash the MS-PIC component on MS-MIC or MS-MPC. Refer to for more information.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1463015 An interface might get stuck in down state on certain MX platforms
The DFE tuning enabled interfaces on certain MX platform might get stuck in down state, if the remote interface sends invalid code to the local interface. Link might not come up even after the remote peer has begun sending a good signal.
PR Number Synopsis Category: Stout PF fabric (SFB2)
1461356 Traffic might be impacted because the fabric hardening is stuck
Fabric hardening (FH) is the process of controlling bandwidth degradation to prevent traffic black hole. When FH is processing, if SFB/SCB get failure, FH process will be stuck, which will get traffic lost.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1354225 Trinity JNH memory leak when adding and removing unicast NH
Junos MPC memory leak when adding and removing unicast Next-hops
1381527 Constant memory leak might lead to FPC memory exhaustion.
On MX/EX9200 platforms, constant memory leak might occur on a Flexible PIC Concentrator (FPC). This might finally lead to memory exhaustion and the FPC might crash and generate a core file.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1464439 The CPU utilization on mgd daemon might be stuck at 100% after the netconf session is interrupted by flapping interface
If a netconf session is initiated over inband connection, the CPU utilization on mgd daemon might be stuck at 100% after the netconf session which is executing an RPC call for some commands gets interrupted by flapping interface. There is no impact observed to control-plane or forwarding-plane, the subsequent netconf session will continue to function.
PR Number Synopsis Category: PTX/QFX100002/8/16 platform software
1464119 FPC might restart during run time on PTX10K/QFX10K platforms
On PTX10K/QFX10K platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions.
Modification History:
First publication 2020-01-27
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search