Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

17.4R2-S9: Software Release Notification for JUNOS Software Version 17.4R2-S9

0

0

Article ID: TSB17722 TECHNICAL_BULLETINS Last Updated: 14 Feb 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, Network Agent
Alert Description:
Junos Software Service Release version 17.4R2-S9 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

17.4R2-S9 - List of Fixed issues

PR Number Synopsis Category: QFX VC/VCF NSSU
1418889 Traffic loss might be seen after NSSU operation
 
On QFX-Series platforms, traffic loss might be seen after NSSU (Nonstop software upgrade) operation. In detail, during NSSU, when the backup restarts and comes back up, the vlan membership/IFBD (interface family bridge domain) of the non-aggregate interface is missing on new backup. It leads to the traffic loss. This issue is specific to non-LAG (link aggregation group) interface because the IFBD for LAG bundle is never deleted when the backup reboots.
PR Number Synopsis Category: QFX PFE L2
1354889 Storm control configuration may be disabled for the interface
 
When QFX5100 is initialized, in rare condition, if storm control is configured on the interface, it might not work as expected. The traffic levels will not be monitored and the unknown unicast packets will not be dropped.
1354889 Storm control configuration may be disabled for the interface
 
When QFX5100 is initialized, in rare condition, if storm control is configured on the interface, it might not work as expected. The traffic levels will not be monitored and the unknown unicast packets will not be dropped.
1389829 Packets destined to 01:00:0c:cc:cc:cc are not forwarded on QFX10k
 
On QFX10k platforms, L2 frame with DMAC 01:00:0c:cc:cc:cc (e.g., Cisco CDP, VTP, UDLD protocol packets) might be dropped and not transitted.
1442310 The operational status of the interface in HW and SW might be out of synchronization in EVPN setup with arp-proxy feature enabled
 
In EVPN setup with arp-proxy feature enabled by default, the operational status of the interface in HW (Hardware) and SW (Software) might be out of synchronization after it flaps, hence the packets are received from HW even when interface status in SW is down.
PR Number Synopsis Category: QFX Analyzer, sflow
1334711 Ethernet frames with Ethernet type of 0x8922 might be modified at egress by QFX10K platforms
 
On QFX10002, QFX10008 and QFX10016 Series platforms, all the Ethernet frames with Ethernet type of 0x8922 might be modified at the egress because it is an unknown Ethernet type.
PR Number Synopsis Category: Sflow on QFX 5100,5200, 5110
1449568 Except one AE member link, the other links do not send out sFlow sample packets for ingress traffic
 
The sFlow sample packets might stop on one aggregated ethernet member link if ingress sFlow is configured on the member link. This might cause inaccurate monitoring on the network traffic.
PR Number Synopsis Category: Accounting Profile
1452363 The pfed might crash and not be able to come up on the PTX or TVP platforms
 
The flow label statistics are retrieved periodically by pfed for PTX or TVP platforms, if the statistics reply becomes very big number, the pfed might crash hence affecting traffic.
PR Number Synopsis Category: "agentd" software daemon
1369129 grpcd daemon might core during the link flaps
 
grpcd daemon might core during the link flaps
PR Number Synopsis Category: These are new categories in the areas of PFE
1460209 Loop detection might not work on extended ports in Junos Fusion scenarios
 
In Junos Fusion scenarios, if loop detection is enabled on extended ports, when a satellite device (SD) is rebooted, or when a satellite device is added or removed/re-added, the loop detection feature might not work.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1420694 The bfdd process might crash on old master RE during GRES
 
On all Junos platforms running with scaled Bidirectional Forwarding Detection (BFD) sessions (e.g. 10K BFD inline sessions at 150ms interval), if the ppmd and bfdd processes are restarted on the master Routing Engine (RE), and the backup Routing Engine (RE) is not properly synchronized up after the restart, there might be multiple BFD sessions existing for the same address with only one of them up. In such an inconsistent status, if Graceful RE Switchover (GRES) is executed, the bfdd process might crash on the old master RE, and all the BFD sessions might not be able to come up on the new master RE.
1432440 In BFD and GR enabled scenario, BFD DOWN packets are not being sent immediately after BFD failure
 
In both GR helper and GR restarter scenarios, BFD down packets are not immediately sent. It might cause an issue where BGP session down is notified before BFD DOWN.
1448649 JUNOS BFD sessions with authentication flaps after a certain time
 
In the scenario where BFD session authentication is configured, after a certain period of time, BFD sessions flaps may be seen, this will cause the neighbor to be down.
PR Number Synopsis Category: Border Gateway Protocol
1323306 The BGP session might be stuck with high BGP OutQ value after GRES on both sides
 
From 16.1 or above release, when both sides of a BGP session are doing NSR RE switchover simultaneously (double failures), depending on the configuration and scale, there is a chance the BGP session may stuck and BGP PDUs can't be exchanged. The permanently stuck OutQ are seen which is a typical symptom for this issue. This is because both sides are waiting for socket record boundary. Both sides are waiting to drain their partially written PDU. Due to this bug, neither side read at this state, leading to permanent stuck.
1329921 QFX-10002:Degradation seen while comparing RE Install/Delete time between 17.2R1.13 and 17.2X75-D90 Releases
 
When cleaning up routes as the peer goes down, we observe a 30% degradation in time taken in 17.2X75D91 as compared to 17.2 release.
1351639 The rpd crashes in JunOS 16.1 or higher during BGP convergence
 
In JunOS 16.1 or higher, during BGP convergence, the input/output thread constructing the outgoing BGP PDU and manipulating the path attributes before hand-off the data to the socket. If this PDU length is zero, it will trigger an assertion and routing-protocol demon is restarting.
1366823 Ukern memory leak and core crash in BGP environment
 
Ukern memory leak and fpc core crash might be happened when device configured link-node protection with labeled-bgp.
1382892 The rpd might crash under a rare condition if GR helper mode is triggered
 
When graceful restart is configured on the BGP peer device, if the peer device initiate new TCP connection when there is an existing TCP connection for the BGP session, send OPEN message and this new TCP connection also get torn down immediately after establishment/sending of OPEN message. The rpd might crash.
1412538 BGP might stuck in Idle state when the peer triggers a GR restart event
 
When NSR (nonstop-routing) is enabled in local device and BGP GR (Graceful-Restart) is enabled in peer device, if the peer triggers a GR restart (it is usually caused by some failure in peer or the peer restarts rpd, etc), some BGP sessions might stuck in Idle state. The reason is that when the GR restart happens, the device is still doing the initial sync to the backup RE of the previous sessions, so some BGP sessions might stuck in Idle state because the router does not complete the process (the initial sync of the data set to the backup).
1446861 The rpd CPU utilization gets 100% due to incorrect path-selection
 
On Junos platforms with BGP-PIC (protect core) and "add-path" enabled scenario, the rpd CPU utilization gets 100% due to incorrect path-selection. This issue may impact route update convergence or even cause routing protocols to flap.
1454198 The rpd scheduler slip for BGP GR might be up to 120s after the peer goes down
 
In BGP GR (graceful-restart) scenario (graceful-restart is configured for BGP or GR-helper mode is enabled by default), when high-scale routes get learnt from one peer, the rpd scheduler slip might be up to 120s after that BGP peer flaps.
1454951 The rpd process might crash when multipath is in use
 
If multipath is enabled, in some certain conditions, The rpd process might crash while secondary route resolution is running.
1461602 The rpd scheduler slips might be seen on RPKI route validation enabled BGP peering router in a scaled setup
 
In scaled BGP environment (e.g. global table ~3M routes or more) when there are a lot of (e.g 10k or more) more specific routes for a certain IPv4 or IPv6 prefix covered by some RV (route validation) record, a change in RV records database might lead to rpd (routing protocol daemon) scheduler slips, which could trigger routing protocol adjacency flap. The same could be triggered by executing "clear validation database" command or shortly after initial session RPKI (resource public key infrastructure) establishment event.
1472671 The rpd process might crash with BGP multipath and damping configured
 
On all Junos platforms running with Border Gateway Protocol (BGP), if both BGP multipath and BGP damping are configured, it might happen that, when the active route, for example r1, is withdrawn but it is not really deleted due to damping, then BGP might be unable to find its original gateway when the route r1 is relearned and becomes the best route again. It will lead to the rpd process crash.
PR Number Synopsis Category: BBE Remote Access Server
1431614 Subscriber filtering for General Authentication Services traceoptions will report debug messages for other users.
 
Subscriber filtering for General Authentication Services traceoptions will report debug messages for other users.
PR Number Synopsis Category: Cassis pfe microcode software
1459698 Traffic blackholing upon interface flap after DRD auto-recovery
 
An interface stops forwarding traffic when MX software triggers a "DRD reorder timeout recovery" event follows by an interface flap on the same XMCHIP. When the logic is triggered, you will see a "cmtfpc_xmchip_drd_reorder_id_timeout_callback" message in the PFE syslog messages. This issue affects XM based MPCs (3E 4E 5E 6E 2E-NG 3E-NG).
PR Number Synopsis Category: Virtual-chassis platform/chassisd infrastructure PRs for MX
1391011 Interim accounting updates might not be sent for subscribers after Junos OS selective update
 
On MX/MXVC platforms enabled with enhanced subscriber management, if Graceful Routing Engine Switchover (GRES) and Nonstop active Routing (NSR) are disabled, when the chassisd process is going to restart (which is resulted from Junos Selective Update), the system will make the transition of Routing Engine (RE) mastership from master to standby before the chassisd process restart. Due to this issue, the new standby RE didn't reboot as expected, which causes the pfed process being passive for 15 minutes. During the 15 minutes, all the interim accounting update will not sent for all the subscribers who login during this time range.
PR Number Synopsis Category: MX Platform SW - UI management
1453533 Alarm was not sent to syslog on MX10003 platform
 
On the MX10003 platform, the alarmd wont write the alarm messages to the syslog.
1453533 Alarm was not sent to syslog on MX10003 platform
 
On the MX10003 platform, the alarmd wont write the alarm messages to the syslog.
1457657 The chassisd process and all FPCs may restart after RE switchover
 
The chassisd process and all FPCs may restart after RE switchover if the knob "master-only" is enabled.
PR Number Synopsis Category: OpenSSH and related subsystems
1454177 SSH login might fail if a user account exists in both local database and RADIUS or TACACS+.
 
On SRX Series device, the SSH login from automation tools to the Junos device is not successful when using authentication method password (not 'keyboard-interactive'). If the username is configured both as a local user and also on a remote RADIUS or TACACS server, using the Juniper-Local-User-Name attribute pointing to a different local username.
PR Number Synopsis Category: Firewall Filter
1478964 The filter may not be installed if the "policy-map xx" is present under it
 
If the "policy-map xx" option is configured under "family mpls" for filters, then the filters may not take effect after committing.
PR Number Synopsis Category: dhcpd daemon
1474097 Subnet information might be corrupted if it is passed by a radius server
 
On all Junos platforms with jdhcpd daemon, Junos is acting as a DHCPv4 local server with an external RADIUS server, if using DHCPv4 options to request subnet data from RADIUS server, the mask value which RADIUS server offered might be effectively reversed. It could cause the DHCPv4 client fails to get the correct subnet information.
PR Number Synopsis Category: Ethernet OAM (LFM)
1396540 V44-CFM: NPC crash @ rt_nh_install (rnh=0x618123d8, rnh_src=0x0, rt=< optimized out>, p_rtt=0x74f886c0) at ../../../../src/pfe/common/pfe-arch/trinity/applications/route/rt_nh.c:631
 
As part of the EOAM programming the LM counters are allocated. When an interface is deleted, the EOAM LM counters needs to be cleared. This is done as part of EOAM punt deletion. But there are scenarios where the prog punt delete processing is received, the IFL is deleted in ukern. In this case the EOAM NHs are cleared but the LM counters are not freed. this can cause memory leak in jnh. This issue is seen for a scaled config, repeated addition and deletion of the interface configs when EOAM config is present
1465608 The EOAM CFM primary-vid functionality doesn't work if the enhanced-cfm-mode is enabled
 
On MX10003 platform, the EOAM (Ethernet Operations, Administration, and Maintenance) CFM (Connectivity Fault Management) primary-vid functionality doesn't work if the enhanced-cfm-mode is enabled. The issue impacts the CFM functionality.
PR Number Synopsis Category: EVPN control plane issues
1394803 The process rpd crash may be observed with EVPN type-3 route churn
 
In an EVPN scenario, rpd may crash with EVPN type-3 route churn due to a race condition (Incorrect sequence of allocating and freeing memory for processing the updates between BGP and EVPN).
1428581 The CE interface IP address is missed in mac-ip-table of the EVPN database
 
In the EVPN scenario, if a CE interface has more than one IP addresses, when one of the addresses is taken by another CE, that IP address might be missed in mac-ip-table of the EVPN database. This issue may impact traffic/host reachability.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1427109 The device may proxy the ARP Probe packets in an EVPN environment
 
In an EVPN environment with "ARP suppression" - the default setting, ARP probe packets from a PC to perform Duplicate Address Detection (DAD) are injected back into the interface. This causes the PC to think that its IP address is already in use.
PR Number Synopsis Category: Express PFE FW Features
1372957 Packets might be dropped after deleting a filter from an interface
 
On PTX and QFX10K platforms, when a same filter is applied on both input and output directions at same time, packets might be dropped after removing that filter.
1432116 The FPC might crash when a firewall filter is modified
 
In QFX10K/PTX series platforms, if a firewall filter with multiple match conditions is configured on interfaces which are Up and the firewall filter is modified (either a new action is added or the condition is added/removed etc.), the FPC might crash and restart. It might affect the service/traffic.
1433648 Traffic drop might occur on PTX/QFX during filter change operation
 
On PTX/QFX platforms, a firewall configuration change operation may not be done correctly within the PFE causing transit packets drops.
PR Number Synopsis Category: Express PFE L2 fwding Features
1442587 The PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb
 
Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact.
PR Number Synopsis Category: Express PFE Services including JTI, TOE, HostPath, Sflow
1346493 On QFX10K platforms, syslog error messages might be seen in syslog after configuring multiple LAG interfaces under sFlow protocol
 
On QFX10K platforms, syslog error messages might be seen after configuring multiples interfaces which includes LAG Interfaces under the protocol sFlow. Example of messages: Mar 13 12:04:24 host1 fpc0 expr_dfw_asic_action_update_sflow_sample_id:2578 dfw inst lookup failed IFD_EGRESS_IMPL_FILTER Mar 13 12:04:24 host1 fpc0 Sflow prds_sflow_add_sample_in_hw(442): Sample class (60): Implicit-filter binding set error Mar 13 12:04:24 host1 fpc0 Sflow prds_sflow_handle_int_event(927): Error(1000) while enabling sflow in hw for intf 560
PR Number Synopsis Category: PTX Express ASIC interface
1418425 Traffic loss could be seen for duration of hold-time down timer when flapping an interface with hold-time down timer configured
 
On PTX with FPC3 installed, traffic loss could be seen for duration of hold-time down timer when flapping an interface with hold-time down timer configured.
PR Number Synopsis Category: PTX Express ASIC platform
1384435 An enhancement of optimizing the report to the single bit error check
 
Due to transient hardware condition, single-bit error (SBE) events are corrected and have no operational impact. Reporting of those events had been disabled to prevent alarms and possibly unnecessary hardware replacements. This change applies to all Platforms using Hybrid Memory Controller (HMC).
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1401396 rpd core @cmgr_if_route_exists_condition_init, ctx_handle_node, task_reconfigure_complete
 
Core and RPD reboot will be seen when condition-manger policy is configured for routing table xxx and the same table is repeatedly deleted+readded. Not fixed in 19.2R1, will be fixed in 19.2R2.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1429917 The AE interface does not come up after rebooting the FPC/device though the physical member link is up
 
When a single FPC carries minimum 10 member links which belong to the same or different AE (Aggregate Ethernet) bundle, if one of the static AE bundle (LACP is not enabled) has disabled member link, this static AE interface does not come up after rebooting the FPC/device though it has physical member link with UP state.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1442121 The packets originating from the IRB interface might be dropped in VPLS scenario
 
In VPLS scenario on the PE router, The packets originating from the IRB interface might be dropped, which look up for the LSI resolved on LT interface. In the multihoming VPLS scenario, the connect of the IRB interfaces between the multiple VPLS PEs might be broken due to this issue, which might result in dual master VRRP.
PR Number Synopsis Category: ISIS routing protocol
1432398 The "show isis adjacency extensive" output is missing state transition details
 
CLI command 'show isis adjacency extensive' output in text format is missing some details from the adjacency transition log. The output in XML format is still correct.
1455432 The rpd might crash continuously due to memory corruption in ISIS setup
 
With ISIS configured and in a very rare case, memory corruption may occur, this may cause rpd crash continuously.
PR Number Synopsis Category: jdhcpd daemon
1373807 BOOTP packets might be dropped if BOOTP-support is not enabled at the global level
 
If BOOTP-support is not enabled at the global level, Bootstrap Protocol (BOOTP) packets may be dropped while receiving them on an interface because there is a defect that the device only checks BOOTP-support at the global level.
1435039 DHCP request might get dropped in a DHCP relay scenario
 
In DHCP relay scenario, if the device (DHCP relay) receives a request packet with option 50 where the requested IP address matches the IP address of an existing subscriber session, such request packet would be dropped. In such a case the subscriber may need more time to get IP address assigned. The subscriber may remain in this state until it's lease expires if it has previously bound with the address in the option 50.
1475248 Telemetry data for relay/bindings/binding-state-v4relay-binding and relay/bindings/binding-state-v4relay-bound is not correct
 
The output for DHCPv4 relay/bindings/binding-state-v4relay-binding and relay/bindings/binding-state-v4relay-bound sensors is not correct.
PR Number Synopsis Category: Security platform jweb support
1431298 Junos OS: Path traversal vulnerability in J-Web
 
A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. Refer to https://kb.juniper.net/JSA10985 for more information.
PR Number Synopsis Category: Key Management Daemon
1421591 IPsec tunnels flapping causes KMD memory leak
 
KMD leaks memory when DEP (dynamic endpoints) or static IPsec tunnels are flapping or getting re-established. In a scaled scenario this eventually leads to KMD crash due to memory exhaustion.
1477181 The kmd might crash due to the incorrect IKE SA establishment after the remote peer's NAT mapping address has been changed
 
On MX platforms with MS-MPC/MS-MIC, after the IPsec VPN tunnel is up, if the NATTed remote peer's IP address has been changed (e.g. NAT pool changed on peer), IKE SA might establish with an incorrect gateway, and kmd might crash frequently during this IKE SA IP migration.
PR Number Synopsis Category: Layer 2 Control Module
1431355 The l2cpd process might crash and generate a core dump when interfaces are flapping
 
If there are any conditional groups in the system, the l2cpd process might crash and generate a core dump when interfaces are flapping and the lldp neighbors are available. It might cause the dot1x process to fail and all the ports have a short interruption at the time of process crash.
1450832 VLAN config change with l2ald restart might cause Kernel sync issues and impact forwarding
 
On all Junos platforms including MX, EX, QFX and SRX devices, VLAN config change with l2ald restart might cause Kernel sync issues and impact forwarding. The "show route forwarding table" may show dead BDs, MACs and the "show vlans extensive" may show the state as destroyed.
1469635 Memory leak on l2cpd process might lead to l2cpd crash
 
On all Junos platforms with l2cpd (Layer-2 control protocols) daemon, committing configuration changes which are processed by l2cpd (e.g., flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, family ethernet-switching) might cause marginally memory leak. Committing the l2cpd processed configuration changes in a successive manner might cause the memory resource exhaustion (Some operations have the same effect as the committing action, e.g., bouncing a vlan-tagged interface in a successive way). Eventually, it could result in the l2cpd process crash.
PR Number Synopsis Category: Label Distribution Protocol
1428843 The LDP might withdraw a label for an FEC once the IGP route is inactive in inet.0
 
If LDP is used without using egress-policy, when the route from other routing protocol is preferred over the IGP route in inet.0, e.g. BGP-LU route exported in inet.0, LDP might withdraw the FEC label hence causing LDP traffic to get lost.
1432138 MPLS ingress LSP's might not come up after disable/enable of MPLS
 
Dynamically configured RSVP LSP's for LDP link protection might not come up after disabling/enabling protocol MPLS.
1442135 The LDP route and LDP output label are not showing in the inet.3 table and LDP database respectively if enable OSPF rib-group
 
With ldp-tunneling enabled, if enable OSPF rib-group to import OSPF route from inet.0 to inet.3 table, LDP might stop advertising label mappings for routes with nexthop tunneled over RSVP LSP.
1460292 High CPU usage and rpd coredump might be observed if "ldp track-igp-metric" is configured and IGP metric is changed
 
If "protocols ldp track-igp-metric" is configured, metric change of IGP route might cause high CPU usage and rpd coredump on the device.
PR Number Synopsis Category: Multiprotocol Label Switching
1435014 The P2MP LSP branch traffic might be dropped for a while when the Sender PE is doing switchover
 
On a system with NSR enabled, if the RSVP P2MP LSP with multiple branches is used (NGMVPN is one of the typical scenarios), when bringing down one of the branches (for eg, bringing one of the receivers down -- one of the receivers withdraws interest), and then if doing switchover on ingress PE, some unexpected traffic drop might be seen for a while. The reason is that the withdraw P2MP branch will be deleted but backup RE could not update properly and the LSP is down on the backup RE. After switchover is done, there is no loss seen.
1465902 The device may use the local-computed path for the PCE-controlled LSPs after link/node failure
 
In a Path Computation Element Communication Protocol (PCEP) scenario where the link/node protection is enabled, the PCE-controlled LSPs may shift to the local-computed path after link/node failure upon path retry processing.
PR Number Synopsis Category: Multicast for L3VPNs
1442054 Memory leak might happen if PIM messages received over an MDT (mt- interface) in Draft-Rosen MVPN scenario
 
On all Junos platforms configured in the Draft-Rosen Multicast Virtual Private Network (MVPN) scenario, if Protocol Independent Multicast (PIM) messages are received over an Multicast Distribution Tree (MDT) tunnel logical interface (mt- interface), there might be memory leak which will lead to the rpd process crash.
PR Number Synopsis Category: Fabric Manager for MX
1462686 PICs on all FPC might go to offline state when restarting any FPC after GRES on MX10003
 
With 17.4R2/17.4R2-S2+ release, if any MX10003 FPC restart or is set to be offline after GRES, the other FPC might coredump and all PICs might get stuck at offline state. Release in 18.x and above are not affected.
PR Number Synopsis Category: MX104 Software - Chassis Daemon
1393716 JUNOS enhancement configuration knob to modify mcontrol watchdog timeout
 
Junos CLI enhancement to configure mastership refresh timeout value 9 to 30 via the chassis CLI command 'set chassis redundancy mastership-refresh-timeout'.
PR Number Synopsis Category: OS IPv4/ARP/ICMPv4
1427842 Packet drops, replication failure, or ksyncd crashes might be seen on the logical system of a Junos OS device after Routing Engine switchover.
 
On all Junos platform, in some rare conditions, there might be packet drops, replication failures or ksyncd crashes on the logical system. This issue may appear at the time of Routing Engine switchover if the system is running for a long time and lot of configuration changes have been made over the time.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1146891 EX4300-48MP: 'set system ports console log-out-on-disconnect' does not work
 
'set system ports console log-out-on-disconnect' does not work
1439906 FPC might reboot if jlock hog occurs on all Junos VM based platforms
 
On all Junos VM based platforms, if jlock hog occurs, FPC might reboot with "kernel: jlock hog reported".
1442376 EX2300 platforms might stop forwarding traffic or responding to console
 
On EX2300/EX2300-C platforms, if Junos OS is with FreeBSD kernel version 11 with the build date on or after 2019-02-12, the switch might stop forwarding traffic or responding to console. A reboot is required to restore the service.
1454950 mgd error found during Junos 18.4R2.7 boot up and Junos did not work as expect
 
Packet Forwarding Engine sometimes does not come up after system reboot.Timeout is required to handle the fifo tx/rx error. Debug sysctls are been removed. Mutex been added to handle to race condition.
1469400 EX3400 might reboot because of lack of watchdog patting
 
On EX3400, if watchdog pat did not happen within stipulated time and it might reboot automatically with "0x2:watchdog" as reboot reason.
PR Number Synopsis Category: IPv6/ND/ICMPv6 issues
1443576 Junos OS: Improper handling of specific IPv6 packets sent by clients eventually kernel crash (vmcore) the device. (CVE-2020-1603)
 
Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. Refer to https://kb.juniper.net/JSA10982 for more information.
PR Number Synopsis Category: PFE Peer Infra
1404368 chassisd process becomes unresponsive causing line-cards disconnecting from the RE due to high CPU usage. The peer-proxy-thread was stuck in a tight loop causing high CPU
 
During a major network churn event, the chassisd process may become unresponsive due to the ppt ( peer-proxy-thread) being in a tight loop. This leads to FPCs being disconnected and reboot.
1448858 Interface attributes might cause high CPU usage of dcd
 
When the interface attributes are configured, this configuration might cause an error in the IRSD (IRSD syncing errors) and lead the CPU usage of dcd spike up. The convergence time of this interface will be impacted.
PR Number Synopsis Category: TCP/UDP transport layer
1449664 FPC might reboot with vmcore due to memory leak
 
On all Junos platforms, if the device is up for a long period (e.g. several weeks or months), there might be a slow memory leak happening in some error scenarios where an application tries to send some data on a stale TCP socket (e.g. short-lived TCP connections used by the mgd process), and this issue might lead to FPC reboot with vmcore files.
PR Number Synopsis Category: OSPF routing protocol
1445078 The rpd might crash in OSPF scenario due to invalid memory access
 
In Open Shortest Path First (OSPF) scenario, rpd might crash when trying to resolve the Forwarding Address (FA) from an OSPF LSA type 5/7. The issue is due to accessing memory bytes exceeding the valid size, and occurs in rare condition.
PR Number Synopsis Category: Path computation client daemon
1337049 Two PCRpts are being sent when reporting SR static LSP to PCE
 
In PCEP scenario with local SR-LSP configured, duplicate PCReport will be sent to PCE when restart pccd-service.
PR Number Synopsis Category: Protocol Independant Multicast
1427720 Multicast traffic might be lost for around 30 seconds during RE switchover
 
On MVPN supported platform with PIM enabled, when multiple lo0.* interfaces are configured with the same IP address, and lo0.0 belongs to master routing instance and all the other lo0.* interfaces belong to another routing instance, around 30 seconds multicast traffic loss might be seen during RE switchover.
1433625 PIM-SM join message might be delayed with MSDP enabled
 
In PIM-SM, a router must send an explicit join message (*,G) to the upstream router before receiving traffic from a specific group. There's a possibility that no device needs to receive multicast traffic through the RP anymore, then the RP receives prune message(s) and prunes all downstream routers, after this the subsequent join message (*,G) will be intercepted by RP, due to this the RP won't send the join message towards the source until receives MSDP SA message.
PR Number Synopsis Category: Periodic Packet Management Daemon
1448670 The connection between ppmd(RE) and ppman(FPC) might get lost due to session timeout
 
Under certain circumstances such as JUNOS VM freeze at the Routing Engine, ppmd to ppman connection might be closed if the session timeout is greater than 3 seconds in either direction. This might lead to flapping of distributed ppm protocol adjacency such as lacp/mBFD.
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1427093 CRC errors can be seen when other manufacturer device is connected to QFX10K with QSFP-100GBASE-LR4-T2 optics
 
CRC errors might be seen when other manufacturer device is connected to QFX10000 on a 100-Gigabit link with QSFP-100GBASE-LR4-T2. Other manufacturer device report CRC errors and input errors on those 100-Gigabit links. The QFX10000 interfaces do not show any errors. It might cause packet loss.
1431743 The et interfaces might not come up on QFX10000-60S-6Q
 
On QFX10000-60S-6Q, with Junos 17.2R1-S8 onwards/17.3R3-S5/17.3R3-S6/18.1R3-S5, the et interfaces might not come up.
PR Number Synopsis Category: QFX Control Plane Kernel related
1393044 sdk-vmmd causes a high write I/O in Virtual Chassis Linecard members and SSD lifetime might be shorten.
 
In Virtual Chassis environment with Solid State Drive (SSD) installed on the Linecard side, the sdk-vmmd (app-engine-virtual-machine management service) should not try to establish the retry connection to SNMPD when it is running in line card because SNMP is not running in line cards members. A debug logging might be written to the SSD card frequently due to repetitive retry connection. Therefore, the SSD lifetime might be shorten due to the exceeded amount of read/write. Due to this issue, the SSD card failure might be observed.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1422958 QFX5100-48T 10G interface might be auto-negotiated at 1G speed instead of 10G
 
QFX5100-48T 10G interface might be auto-negotiated at 1G speed instead of 10G after peer device reboot. This issue will cause link down and impact customer service.
PR Number Synopsis Category: KRT Queue issues within RPD
1386475 The rpd process might end up with stuck krt queue entries in a VRF scenario
 
In rare cases, if using vrf configurations along with a static default route to em0 or fxp0, the interface flaps may result in rpd end up with krt queue stuck.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1441550 The rpd may crash or consume 100% of CPU after flapping routes
 
When flapping the existed flood nexthop type routes, it may cause rpd crash or consume 100% of CPU. This issue may cause routing protocols sessions/neighbors flap or traffic loss.
PR Number Synopsis Category: RPD policy options
1453439 Routes resolution might be inconsistent if any route resolving over the multipath route
 
On all Junos platforms, any route resolving over the multipath routes, one scenario is BGP over BGP. After the metric value of any PNH (refers to the second PNH and using it to performing the second time next-hop resolving) changes, meanwhile, if the hash-selection changes happened, it might result in routes resolution inconsistency. Traffic drops could be observed if the packages are still forwarding to the old PNH (Protocol Next Hop). Any recursive resolving multipath scenario might trigger this issue.
PR Number Synopsis Category: RPM and TWAMP
1333190 [RIO NPI-TWAMP]: Test sessions packets are dropped on server when DF bit is set to 1
 
When TWAMP test session packets from TWAMP client are received by TWAMP server with DF bit set(1), TWAMP server is dropping the packets and TWAMP test session are not established.
PR Number Synopsis Category: IPSEC functionality on M/MX/T ser
1477483 On NATT scenario the IKE Version 2 IPsec tunnel might flap if the tunnel initiator is not behind NAT
 
On MX platforms with MS-MPC/MS-MIC card installed and NATT scenario, when the IPsec tunnel initiator is not behind NAT, it might cause IPsec tunnel flapping. It happens in IKEv2 scenario.
PR Number Synopsis Category: AMS (aggregated MS interface) related issues for load balanc
1414109 The services load balance might not be effective for AMS if the hash key under the forwarding-options hierarchy is configured
 
On all MX-Series platforms with services load balance hash key under forwarding-options is configured, the load balance might not be effective in next-hop for aggregated multi-services (AMS) system interface.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1459306 The traffic might be stuck on MS-MPC/MS-MIC with sessions receiving huge number of affinity packets
 
On MX platforms with MS-MPC/MS-MIC, if there are sessions receiving huge number of affinity packets (e.g. thousands of packets), the service interface might be brought down by the prolonged flow-control, and the mspmand process crash might happen. In this case, the traffic will be stuck due to this issue.
PR Number Synopsis Category: MPC7/8/9 chassis issues
1437855 The chassisd might crash after enabling hash-key
 
On all Junos platforms, if hash-key is enabled, packets might be dropped due to chassisd crash, including packets on other FPCs on which the hash-key is disabled.
PR Number Synopsis Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1409930 On MX10003 platform, after removing the FPC from a slot, when a new FPC is plugged in, chassis was showing old serial for this new FPC.
 
On MX10003 platform, after removing the FPC from a slot, when a new FPC is plugged in, not only chassis was showing old serial for this new FPC. Entire FPC ideeprom data was retained. So all the fields were showing old values.
PR Number Synopsis Category: MX10002 RCB/LC Diagnostics defects
1405787 Voltage read failed for rail LTC3887-EA1-VDD0V9R2-CH0
 
On an MX10003 and an MX10008, its i2c bus may experience congestion. Thus the software may not be able to communicate on the first try. This PR optimizes the retry logic and its reporting.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1426727 Some CFM and BFD sessions might flap while collecting MPLS statistics
 
On Junos-based platform with MPLS and MPLS statistics enabled as well as a CFM or BFD, when CFM with continuity-check interval less than 1000ms (e.g. 100ms) or BFD with minimum-interval less than 1000ms (e.g. 100ms), during the periodic MPLS statistics collection if there are a large number of next-hops (several thousand) related to MPLS forwarding, the transmission of the periodic CFM or BFD protocol packet may be delayed. It may cause some CFM or BFD sessions to expire on the remote side of the session due to timeout, which can further result in traffic drop due to CFM/BFD flapping.
1434980 PFE memory leak might be seen if MLPPP links are flapped
 
On all Trio-based platforms, MLPPP links flap continuously might result in PFE memory exhaustion. Furthermore, the PFE crash might be seen due to running out of memory.
PR Number Synopsis Category: Trio pfe mpls- lsps,rsvp,vpns- ccc, tcc software
1439453 The flow label is not pushed when "chained-composite-next-hop ingress l2ckt/l2vpn" is enabled
 
On MX platforms, in MPLS (Multiprotocol Label Switching) l2ckt/l2vpn with FAT (Flow-Aware Transport of Pseudowires) Flow Labels scenario, the flow label is not pushed when "chained-composite-next-hop ingress l2ckt/l2vpn" is enabled. The issue results in load balance problem for the l2ckt/l2vpn service.
PR Number Synopsis Category: Configuration mgmt, ffp, load-action, commit processing
1359602 Scheduled boot for both REs might fail with special time format
 
On all platforms, if executing scheduled boot for both RE with special time format, the command might not work, it might only boot the master RE.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1464439 The CPU utilization on mgd daemon might be stuck at 100% after the netconf session is interrupted by flapping interface
 
If a netconf session is initiated over inband connection, the CPU utilization on mgd daemon might be stuck at 100% after the netconf session which is executing an RPC call for some commands gets interrupted by flapping interface. There is no impact observed to control-plane or forwarding-plane, the subsequent netconf session will continue to function.
PR Number Synopsis Category: PTX/QFX10002/8/16 specific software components
1408204 The link flaps occur when a 100g QSFP is inserted into PTX which LFM (Link-Fault Management) is configured
 
When a 100g QSFP is inserted into FPC on PTX, all the other interfaces on that FPC and the other FPCs might flap, since these interfaces are configured the smaller "pdu-interval" value of LFM.
1421075 An interface may go to downstate on QFX10000/PTX10000 platform
 
On QFX10000/PTX10000 platform, an interface may go to downstate along with "FPC hard errors" due to Management Data Input/Output (MDIO) timeout. This is a timing issue and may be seen in some situations like FPC restart, port-speed change, link up/down, optics plug-in/plug-out.
1427883 On QFX10k/PTX10k platforms certain interfaces might go to down state
 
On QFX10k/PTX10k platforms, explicitly configured hold time value for certain interfaces might get reset to default value which lead to the related ports go down.
1450263 Interfaces might flap forever after deleting the interface disable configuration
 
In a rare scenario, the interface might flap forever after disabling and enabling it more than once within 12 seconds.
PR Number Synopsis Category: Virtual Private LAN Services
1295664 LSI interface might not be created causing remote MACs not being learnt with error log of "RPD_KRT_Q_RETRIES: ifl iff add: Device busy"
 
With VPLS being configured, after upgrade to 15.1/16.1/17.x releases, in some circumstances VPLS LSI interface are not correctly created, causing remote MACs not being learnt and L2 VPLS outage. The issue is not reproduced and the code change is not a fix but add a instrumentation using a hidden command 'show vpls ipc-history', which should be captured right away when the issue is seen on latest releases. show vpls ipc-history <<<<< show vpls connections show krt queue show route forwarding-table extensive /var/log/messages
1428862 VPLS neighbors might stay in down state after configuration changes in vlan-id
 
On all Junos platforms with NSR enabled, under EVPN-VPLS scenario, the VPLS neighbors might stay in down state after configuration changes in vlan-id.
Modification History:
First publication date 2020-02-07
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search