Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles17.2R3-S3: Software Release Notification for JUNOS Software Version 17.2R3-S3
Junos Software service Release version 17.2R3-S3 is now available.
NOTE
PR1463859 introduces a software defect that causes a 10GE interface to flap continuously when configured with the WAN-PHY framing with the default "hold-down" timer (0). Once you upgrade a router to an affected software release, the interface may flap continuously. This is not applicable to an interface with the default framing - LAN-PHY. [TSB17782]
| PR Number | Synopsis | Category: Class of Service |
|---|---|---|
| 1359767 | Configuring host-outbound-traffic under class of service might cause certain devices to stop. |
When host-outbound-traffic is configured under class-of-service on an affected platform, a corruption of the TTP packets related to class-of-service marking on the PFE can cause the device to repeatedly crash. |
| PR Number | Synopsis | Category: JUNOS Network App Infrastructure (for ping, traceroute, etc) |
| 1463622 | The cosmetic error messages of NTP time synchronization might be seen during device booting |
In NTP with the boot-server scenario, when the router or switch boots, the NTP daemon will send a ntpdate request to poll the configured NTP boot-server to determine the local date and time. If the ntpdate is not be activated correctly while the device booting, the ntpdate might not work successfully. Then some cosmetic error messages of time synchronization might be seen, but there is no impact with time update since ntp daemon will update the time eventually. |
| PR Number | Synopsis | Category: EX9200 Control Plane |
|---|---|---|
| 1452738 | The l2ald and eventd are hogging 100% after issued "clear ethernet-switching table" |
The l2ald and eventd processes are hogging 100% after issued "clear ethernet-switching table" and also the continuous syslog errors "l2ald[18605]: L2ALD_IPC_MESSAGE_INVALID: Invalid message received (message type 0, subtype 0): null message" are observed. |
| PR Number | Synopsis | Category: DC PFE QoS |
| 1466770 | Slow packet drops might be seen on QFX5000 platforms |
The issue observed on QFX5000 platforms when there are any packets on the port before its buffer configuration is completed after the reboot. This issue is very rare and the window could be just few milli seconds. |
| PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
| 1308611 | The FPC might crash when implicit filter chaining is attached to an interface |
When implicit filter chaining (two or more implicit filters are attached to the same interface) is attached to an interface, in race condition, FPC might crash. For example, on the loopback interface, there is a default DDOS implicit filter exist, so add another implicit filter (e.g. attach a BFD session) to the loopback interface might trigger this issue. |
| PR Number | Synopsis | Category: ACX Interfaces IFD, IFL, vlans, and BRCM init |
| 1284590 | ACX5k MacDrainTimeOut and bcm_port_update failed: Internal error |
On ACX5K, the buffer is corrupted on port 0 (*/*/0) and error message MACDRAINTIMEOUT and dcbcm_check_stuck_buffers are observed, which could eventually lead to port 0 (*/*/0) flapping. |
| PR Number | Synopsis | Category: MPC Fusion SW |
| 1463859 | The MPC2E-NG/MPC3E-NG card with specific MIC might crash after a high rate of interface flaps |
If any MIC of MIC-3D-2XGE-XFP / MIC-3D-4XGE-XFP / MIC-3D-20GE-SFP-E / MIC-3D-20GE-SFP-EH / MIC-MACSEC-20GE is installed in MPC2E-NG/MPC3E-NG card, the Microkernel (uKern) might hog for CPU on Packet Forwarding Engine (PFE) when there is a high rate of interface flaps (~30/40 flaps per second). This will eventually trigger the MPC2E-NG/MPC3E-NG card crash with an NGMPC core file. Normally the excessive interface flapping won't happen frequently in real world and it may be caused due to external environment. This fix will reduce the impact and prevent the uKern hog when having such conditions. |
| PR Number | Synopsis | Category: BBE network stack related issues |
| 1432957 | Junos OS: MX Series: In BBE configurations, receipt of a specific MPLS or IPv6 packet causes a Denial of Service |
Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot. Please refer to https://kb.juniper.net/JSA10987 for more details. |
| PR Number | Synopsis | Category: Border Gateway Protocol |
| 1351639 | The rpd crashes in JunOS 16.1 or higher during BGP convergence |
In JunOS 16.1 or higher, during BGP convergence, the input/output thread constructing the outgoing BGP PDU and manipulating the path attributes before hand-off the data to the socket. If this PDU length is zero, it will trigger an assertion and routing-protocol demon is restarting. |
| 1382892 | The rpd might crash under a rare condition if GR helper mode is triggered |
When graceful restart is configured on the BGP peer device, if the peer device initiate new TCP connection when there is an existing TCP connection for the BGP session, send OPEN message and this new TCP connection also get torn down immediately after establishment/sending of OPEN message. The rpd might crash. |
| 1389379 | FPC might crash when BGP multipath is configured with protection |
When running with Border Gateway Protocol (BGP) multipath with protection configured, it is possible to encounter a situation where nexthops references are not properly decremented, thus causing the system to hold onto nexthops when they should be freed. This leads to a memory hog situation which eventually results in a Flexible PIC Concentrator (FPC) crash. |
| 1389557 | BGP IPv6 routes with IPv4 nexthop causes rpd crash |
When a BGP import policy changes IPv6 routes to have IPv4 nexthop, rpd might crash during route resolution. With the fix, changing route to have nexthop with different address family will not be allowed, if the route table does not have that resolution family configured. |
| 1398700 | The process rpd might crash in BGP setup with NSR enabled. |
The routing protocol daemon (rpd) may restart when BGP teardown a peer when the peer's "prefix-limit" is exceeded. This issue is applicable when the "non-stop-routing" feature is configured. |
| 1402255 | On the multi-access/broadcast network, third party BGP router might unexpectedly select RR router as next-hop to forward the IPv6 traffic. |
RFC 2545 has a limitation on third party next-hops where the next hop is propagated unchanged. Due to this limitation, BGP inet6 Route-Reflector router attaches the BGP neighbor's IPv6 global address and its own IPv6 link-local address as the next-hops while advertising the route to another BGP neighbor. This could introduce the forwarding issue on the BGP neighbor from other vendors if their device picks up the link-local address as next-hop. This would put the BGP RR router in the traffic forwarding path unexpectedly. This issue will not be seen on Juniper devices because IPv6 link-local address would not be selected as prefix's next hop. |
| 1454198 | The rpd scheduler slip for BGP GR might be up to 120s after the peer goes down |
In BGP GR (graceful-restart) scenario (graceful-restart is configured for BGP or GR-helper mode is enabled by default), when high-scale routes get learnt from one peer, the rpd scheduler slip might be up to 120s after that BGP peer flaps. |
| 1454951 | The rpd process might crash when multipath is in use |
If multipath is enabled, in some certain conditions, The rpd process might crash while secondary route resolution is running. |
| PR Number | Synopsis | Category: Class of Service |
| 1428144 | The host-inbound packets might be dropped if configuring host-outbound FC |
On all Junos platforms, if class-of-service host-outbound-traffic forwarding-class is configured and the FC (Forwarding Class) is with an implicit/explicit discard action in the firewall filter, the kernel might classify the host-inbound traffic to the same FC and being discarded. |
| PR Number | Synopsis | Category: L2NG Access Security feature |
| 1451688 | DHCP Snooping static binding not take effect after deleting and re-adding the entries |
From Junos OS release 14.1X53-D15/15.1R1 and above, due to a software defect, DHCP Snooping static binding may not take effect after deleting and re-adding the entries with commit. As a workaround, we can use "commit full" after the configuration changes. |
| PR Number | Synopsis | Category: QFX Control Plane VXLAN |
| 1258933 | EVPN-VXLAN QFX10k: jprds_dlu_alpha_add : 222 JPRDS_DLU_ALPHA KHT addition failed |
Error msg - JPRDS_DLT_ALPHA KHT- shows as failed, but the entries in HW are programmed correctly. This may cause confusion between working and non-working condition. |
| PR Number | Synopsis | Category: Firewall Filter |
| 1419438 | The firewall filter configuration change might not be applied after software upgrade to Junos release 16.1R1 or later |
On all Junos platforms which are upgraded to the release 16.1R1 or above, there is a small chance that the firewall filter compiled objects might not be synchronized between the primary and backup Routing Engines (REs), some dfwd error logs might be seen during committing firewall filter configuration change, and no new firewall filter could be applied anymore. It's a timing issue. |
| 1452435 | Commit error and dfwd coredump might be observed when applying a firewall filter with action "then traffic-class" or "then dscp" |
Commit failure with error might be seen and the dfwd crashes when applying a firewall filter with action "then traffic-class" or "then dscp" to an interface. |
| 1473093 | Traffic might not be forwarded into the right queue but the default queue when VPLS traffic has three or more VLAN tags with VLAN priority 5 |
On the MX platform with MPC line card (except DPC line card) used, if an input firewall filter is configured at the ingress VPLS interface, the packet with a VLAN priority of 5 with three or more VLAN tags might be forwarded into the wrong queue. When this occurs, it might cause traffic loss due to congestion as all traffic is forwarded into the default queue. |
| PR Number | Synopsis | Category: JUNOS Dynamic Profile Configuration Infrastructure |
| 1188434 | UID may not release properly in some scenarious after service session deactivation |
When same UID objects are used in both inet and inet6 services of the same subscriber session, deactivation the first session cause conditions which avoid releasing UID entry after deactivation second service session. This leads to having stale UID entry and can cause subscriber's connection problem in the future when UID pool would be completely exhausted. The probability of hitting the issue increases if amount subscriber to amount of unique services ratio is aproaching 1 (i.e. when almost every subscriber has a service with unique servie objects). |
| PR Number | Synopsis | Category: dynamic dcd prs |
| 1470622 | Executing commit might hang up due to stuck dcd process |
When dynamic DHCP sessions are existing in the device, if multiple commits in parallel are performed, the commit might hang up. |
| PR Number | Synopsis | Category: Ethernet OAM (LFM) |
| 1443353 | The cfmd process might crash after a restart on Junos 17.1R1 and above |
On MX platforms running Junos 17.1R1 and above, when enhanced-ip mode and CFM centralized mode ("no-aggregate-delegate-processing" konb is configured for CFM) are used , after a cfmd restart (e.g. device cold start/restart, RE switchover), the cfmd process might crash and could not run anymore. |
| PR Number | Synopsis | Category: Express PFE L3 Multicast |
| 1389569 | BFD flaps are seen on PTX or QFX10K platforms with inline BFD |
With inline-BFD configured on the PTX or QFX10000 platforms, BFD sessions might flap continuously. |
| PR Number | Synopsis | Category: PTX Express ASIC interface |
| 1412126 | PTX interface stays down after maintenance |
on PTX3000/PTX5000 linecard (QSFP28-100GBASE-LR4) interface may stay down after software upgrade. Issue is usually observed on links connected to another vendors equipment. |
| 1422535 | 4x10G interfaces on PTX3000/PTX5000 FPC type 3 might not come up after frequently flap for a large amount of time |
On PTX3000/PTX5000 platforms with FPC3, if remote-connected interface continuously flaps for a large amount of time, the 4x10G interfaces on FPC3 might get down and never come up. The probability of occurrence increases with the number of continuous flaps. |
| PR Number | Synopsis | Category: Optical Transport Interface |
| 1398301 | "MIC Error code: 0x1b0002" alarm might not be cleared for MIC on MPC6 when the voltage has returned to normal |
The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC6. |
| 1467712 | "MIC Error code: 0x1b0002" alarm might not be cleared for MIC on MPC5E when the voltage has returned to normal |
The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC5. |
| PR Number | Synopsis | Category: ISIS routing protocol |
| 1419800 | A memory leak in rpd might be seen if source packet routing is enabled for IS-IS protocol |
If source packet routing or segment routing is enabled for IS-IS protocol, a memory leak might happen in the routing protocol process (rpd). The rpd will crash and restart once the rpd runs out of memory. |
| PR Number | Synopsis | Category: jdhcpd daemon |
| 1442222 | The jdhcpd process might go into infinite loop and cause 100% CPU usage |
When DHCP is configured, if subscribers are moved from one routing-instance to another or if the subscribe is deleted and re-added, the jdhcpd process might go into infinite loop and cause 100% CPU usage. |
| 1449353 | Junos OS and Junos OS Evolved: Multiple vulnerabilities in JDHCPD allow for OS command injection and code execution of JDHCPD |
A device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process configured relay mode is vulnerable to multiple vulnerabilities which allow an attacker to send crafted packets who may arbitrarily execute commands as root on the target device, or who may take over the code execution of the JDHDCP process. Refer to https://kb.juniper.net/JSA10981 for more information. |
| PR Number | Synopsis | Category: Security platform jweb support |
| 1410401 | Junos OS: Session fixation vulnerability in J-Web (CVE-2019-0062) |
A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. Please refer to https://kb.juniper.net/JSA10961 for more information. |
| PR Number | Synopsis | Category: PFE infra to support jvision |
| 1468435 | Optics measurements might not be streamed for interfaces of a PIC over JTI |
When tunnel-services are configured on a PIC, the optics measurements that subscribed via gRPC might not be streamed. |
| PR Number | Synopsis | Category: Label Distribution Protocol |
| 1460292 | High CPU usage and rpd coredump might be observed if "ldp track-igp-metric" is configured and IGP metric is changed |
If "protocols ldp track-igp-metric" is configured, metric change of IGP route might cause high CPU usage and rpd coredump on the device. |
| PR Number | Synopsis | Category: PTX1000 platform |
| 1401507 | The TCP connection for external or internal might be dropped due to a kernel issue |
Due to a kernel issue, any TCP connection, either the external TCP carrying like BGP or internal TCP like the connection between ppmd in RE and ppman in PFE might be dropped. It will result in the relevant session going down. |
| PR Number | Synopsis | Category: Multiprotocol Label Switching |
| 1402382 | MPLS LSP traffic loss might be seen under rare conditions if CSPF is enabled |
When make-before-break (MBB) new instance signaling experiences error and before retry is finished, other triggers such as auto bandwidth adjustment timer expiration have to be blocked until MBB finishes. Once the MBB finishes instance switching, blocked trigger needs to be scheduled, but should only be triggered after optimize-adaptive-teardown timer expires. In the affected releases, the blocked trigger is scheduled immediately after instance switching without taking optimize-adaptive-teardown timer into account, it causes old instance to be torn down before whole system finishes changing routes using the new instance, this leads to traffic loss. |
| 1435014 | The P2MP LSP branch traffic might be dropped for a while when the Sender PE is doing switchover |
On a system with NSR enabled, if the RSVP P2MP LSP with multiple branches is used (NGMVPN is one of the typical scenarios), when bringing down one of the branches (for eg, bringing one of the receivers down -- one of the receivers withdraws interest), and then if doing switchover on ingress PE, some unexpected traffic drop might be seen for a while. The reason is that the withdraw P2MP branch will be deleted but backup RE could not update properly and the LSP is down on the backup RE. After switchover is done, there is no loss seen. |
| PR Number | Synopsis | Category: Track Mt Rainier RE platform software issues |
| 1399654 | The unexpected alarm might be shown on NG-RE |
unexpected alarm might be shown on NG-RE |
| PR Number | Synopsis | Category: Track Mt Rainier SPMB platform software issues |
| 1460992 | Hardware failure in CB2-PTX causes traffic interruption |
In PTX 3000/5000 platforms with CB2-PTX (Control Board), there is an existence of an errata on a clock signal component manufactured by a third-party supplier, which might cause the Switch Processor Mezzanine Board (SPMB) and Switch Interface Boards (SIBs) failure, eventually, traffic will be interrupted. |
| PR Number | Synopsis | Category: "ifstate" infrastructure |
| 1379657 | Protocol adjacency might flap and FPC might reboot if jlock hog happens. |
On all platforms and in scaling scenario, if doing some operations which causes jlock hog, the protocols adjacency might flap and all the FPCs might reboot. |
| 1404507 | The VMCore might be seen when there is an interface deletion |
In a very rare situation, The VMCore might be seen when there is an interface deletion/addition. |
| PR Number | Synopsis | Category: IPv6/ND/ICMPv6 issues |
| 1443576 | JSA10982 Junos OS: Improper handling of specific IPv6 packets sent by clients may cause client devices IPv6 traffic to be black holed, and eventually kernel crash (vmcore) the Junos device. (CVE-2020-1603) |
Improper handling of specific IPv6 packets sent by clients may cause client devices IPv6 traffic to be black holed. Additionally, these specific IPv6 packets improperly attempt to egress the RE and cause a memory leak to occur within the Juniper Networks Junos OS device. This memory leak eventually leads to a kernel crash (vmcore) creating a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA10982 for more information. |
| PR Number | Synopsis | Category: PFE Peer Infra |
| 1404368 | chassisd process becomes unresponsive causing line-cards disconnecting from the RE due to high CPU usage. The peer-proxy-thread was stuck in a tight loop causing high CPU |
During a major network churn event, the chassisd process may become unresponsive due to the ppt ( peer-proxy-thread) being in a tight loop. This leads to FPCs being disconnected and reboot. |
| PR Number | Synopsis | Category: OSPF routing protocol |
| 1444728 | The rpd crash might be seen after configuring OSPF nssa area-range and summaries |
In the scenario of running OSPF, if nssa area-range and summaries are configured, the rpd crash may occur and traffic may be lost. |
| PR Number | Synopsis | Category: QFX PFE Class of Services |
| 1468033 | Ingress drops to be included at CLI from interface statistics and added to InDiscards |
In QFX5000 platforms, as Ingress buffer drops (InDiscards) field is not presented the output of "show interfaces extensive x-x/x/x". This change added ingress buffer drops counters. |
| PR Number | Synopsis | Category: QFX L2 PFE |
| 1439073 | Interfaces configured with flexible-vlan-tagging might loss connectivity |
On QFX5000 series platform and related products (like ACX5K and EX4600), a port configured in service provider style (flexible-vlan-tagging) might lose connectivity over the native VLAN when additional tagged VLANs are added to it. The impact is that all the hosts' traffic over the designated native VLAN might be dropped. |
| PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
| 1377447 | Debug log message, "expr_nh_flabel_check_overwrite: Caller nh_id params", classified as Error Log when it should be LOG_INFO. |
Debug logs are printed as error logs in /var/log/messages. Debug log message, "expr_nh_flabel_check_overwrite: Caller nh_id params", classified as Error Log when it should be LOG_INFO |
| PR Number | Synopsis | Category: KRT Queue issues within RPD |
| 1402569 | JUNOS rpd core seen after couple of config rollback event from baseline config to pdt profile config |
JUNOS RPD core seen after multiple configuration rollback events from baseline config to configuration with large BGP+IGP configuration. In certain events, a change in import policy or resolution rib at the same time when BGP peer is shutting down can cause inconsistencies in Next-Hop entries, in causing RPD process coredump. |
| PR Number | Synopsis | Category: RPD Next-hop issues including indirect, CNH, and MCNH |
| 1441550 | The rpd may crash or consume 100% of CPU after flapping routes |
When flapping the existed flood nexthop type routes, it may cause rpd crash or consume 100% of CPU. This issue may cause routing protocols sessions/neighbors flap or traffic loss. |
| PR Number | Synopsis | Category: show route table commands, tracing, and syslog facilities |
| 1387050 | The rpd might crash when traceoptions are enabled |
When traceoptions are enabled with a lot of trace flags or 'flag all', the rpd might crash due to buffer overflow issue. This is a timing issue. |
| PR Number | Synopsis | Category: SNMP Infrastructure (snmpd, mib2d) |
| 1350826 | SNMP Traps not being sent by the new primary RE after RE mastership switchover |
Sometimes, the trap-source-address bind is getting delayed because the platform does not attach the respective IP to any of the interfaces on the router. But since trap is generated at the start before any configured trap source-address is not yet bound properly, this trap is not added into the throttle/destination trap queues. |
| 1392616 | The snmpd process might crash and cause a core dump |
The snmpd process leaks memory in the SNMPv3 query path and crashes. The issue is caused by a memory leak when the request PDU is dropped by SNMP when the snmp filter-duplicates configuration is enabled. Each request PDU has a structure pointer for the SNMPv3 security details. This is allocated when the PDU is created or cloned. But while dropping the duplicate requests, the corresponding structure is not freed, which causes the memory leak. |
| PR Number | Synopsis | Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP) |
| 1405423 | MX Series: Denial of Service vulnerability in MS-PIC component on MS-MIC or MS-MPC (CVE-2019-0065) |
On MX Series, when the SIP ALG is enabled, receipt of a certain malformed SIP packet may crash the MS-PIC component on MS-MIC or MS-MPC. Refer to https://kb.juniper.net/JSA10964 for more information. |
| PR Number | Synopsis | Category: MPC7/8/9 Interface Issues |
| 1463015 | An interface might get stuck in down state on certain MX platforms |
The DFE tuning enabled interfaces on certain MX platform might get stuck in down state, if the remote interface sends invalid code to the local interface. Link might not come up even after the remote peer has begun sending a good signal. |
| PR Number | Synopsis | Category: Stout PF fabric (SFB2) |
| 1461356 | Traffic might be impacted because the fabric hardening is stuck |
Fabric hardening (FH) is the process of controlling bandwidth degradation to prevent traffic null route. When FH is processing, if SFB/SCB get failure, FH process will be stuck, which will get traffic lost. |
| PR Number | Synopsis | Category: Trio pfe l3 forwarding issues |
| 1354225 | Trinity JNH memory leak when adding and removing unicast NH |
Junos MPC memory leak when adding and removing unicast Next-hops |
| 1381527 | Constant memory leak might lead to FPC memory exhaustion. |
On MX/EX9200 platforms, constant memory leak might occur on a Flexible PIC Concentrator (FPC). This might finally lead to memory exhaustion and the FPC might crash and generate a core file. |
| PR Number | Synopsis | Category: UI Infrastructure - mgd, DAX API, DDL/ODL |
| 1464439 | The CPU utilization on mgd daemon might be stuck at 100% after the netconf session is interrupted by flapping interface |
If a netconf session is initiated over inband connection, the CPU utilization on mgd daemon might be stuck at 100% after the netconf session which is executing an RPC call for some commands gets interrupted by flapping interface. There is no impact observed to control-plane or forwarding-plane, the subsequent netconf session will continue to function. |
| PR Number | Synopsis | Category: PTX/QFX100002/8/16 platform software |
| 1464119 | FPC might restart during run time on PTX10K/QFX10K platforms |
On PTX10K/QFX10K platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions. |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search