Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles17.4R2-S9: Software Release Notification for JUNOS Software Version 17.4R2-S9
| PR Number | Synopsis | Category: QFX VC/VCF NSSU |
|---|---|---|
| 1418889 | Traffic loss might be seen after NSSU operation |
On QFX-Series platforms, traffic loss might be seen after NSSU (Nonstop software upgrade) operation. In detail, during NSSU, when the backup restarts and comes back up, the vlan membership/IFBD (interface family bridge domain) of the non-aggregate interface is missing on new backup. It leads to the traffic loss. This issue is specific to non-LAG (link aggregation group) interface because the IFBD for LAG bundle is never deleted when the backup reboots. |
| PR Number | Synopsis | Category: QFX PFE L2 |
| 1354889 | Storm control configuration may be disabled for the interface |
When QFX5100 is initialized, in rare condition, if storm control is configured on the interface, it might not work as expected. The traffic levels will not be monitored and the unknown unicast packets will not be dropped. |
| 1354889 | Storm control configuration may be disabled for the interface |
When QFX5100 is initialized, in rare condition, if storm control is configured on the interface, it might not work as expected. The traffic levels will not be monitored and the unknown unicast packets will not be dropped. |
| 1389829 | Packets destined to 01:00:0c:cc:cc:cc are not forwarded on QFX10k |
On QFX10k platforms, L2 frame with DMAC 01:00:0c:cc:cc:cc (e.g., Cisco CDP, VTP, UDLD protocol packets) might be dropped and not transitted. |
| 1442310 | The operational status of the interface in HW and SW might be out of synchronization in EVPN setup with arp-proxy feature enabled |
In EVPN setup with arp-proxy feature enabled by default, the operational status of the interface in HW (Hardware) and SW (Software) might be out of synchronization after it flaps, hence the packets are received from HW even when interface status in SW is down. |
| PR Number | Synopsis | Category: QFX Analyzer, sflow |
| 1334711 | Ethernet frames with Ethernet type of 0x8922 might be modified at egress by QFX10K platforms |
On QFX10002, QFX10008 and QFX10016 Series platforms, all the Ethernet frames with Ethernet type of 0x8922 might be modified at the egress because it is an unknown Ethernet type. |
| PR Number | Synopsis | Category: Sflow on QFX 5100,5200, 5110 |
| 1449568 | Except one AE member link, the other links do not send out sFlow sample packets for ingress traffic |
The sFlow sample packets might stop on one aggregated ethernet member link if ingress sFlow is configured on the member link. This might cause inaccurate monitoring on the network traffic. |
| PR Number | Synopsis | Category: Accounting Profile |
| 1452363 | The pfed might crash and not be able to come up on the PTX or TVP platforms |
The flow label statistics are retrieved periodically by pfed for PTX or TVP platforms, if the statistics reply becomes very big number, the pfed might crash hence affecting traffic. |
| PR Number | Synopsis | Category: "agentd" software daemon |
| 1369129 | grpcd daemon might core during the link flaps |
grpcd daemon might core during the link flaps |
| PR Number | Synopsis | Category: These are new categories in the areas of PFE |
| 1460209 | Loop detection might not work on extended ports in Junos Fusion scenarios |
In Junos Fusion scenarios, if loop detection is enabled on extended ports, when a satellite device (SD) is rebooted, or when a satellite device is added or removed/re-added, the loop detection feature might not work. |
| PR Number | Synopsis | Category: Bi Directional Forwarding Detection (BFD) |
| 1420694 | The bfdd process might crash on old master RE during GRES |
On all Junos platforms running with scaled Bidirectional Forwarding Detection (BFD) sessions (e.g. 10K BFD inline sessions at 150ms interval), if the ppmd and bfdd processes are restarted on the master Routing Engine (RE), and the backup Routing Engine (RE) is not properly synchronized up after the restart, there might be multiple BFD sessions existing for the same address with only one of them up. In such an inconsistent status, if Graceful RE Switchover (GRES) is executed, the bfdd process might crash on the old master RE, and all the BFD sessions might not be able to come up on the new master RE. |
| 1432440 | In BFD and GR enabled scenario, BFD DOWN packets are not being sent immediately after BFD failure |
In both GR helper and GR restarter scenarios, BFD down packets are not immediately sent. It might cause an issue where BGP session down is notified before BFD DOWN. |
| 1448649 | JUNOS BFD sessions with authentication flaps after a certain time |
In the scenario where BFD session authentication is configured, after a certain period of time, BFD sessions flaps may be seen, this will cause the neighbor to be down. |
| PR Number | Synopsis | Category: Border Gateway Protocol |
| 1323306 | The BGP session might be stuck with high BGP OutQ value after GRES on both sides |
From 16.1 or above release, when both sides of a BGP session are doing NSR RE switchover simultaneously (double failures), depending on the configuration and scale, there is a chance the BGP session may stuck and BGP PDUs can't be exchanged. The permanently stuck OutQ are seen which is a typical symptom for this issue. This is because both sides are waiting for socket record boundary. Both sides are waiting to drain their partially written PDU. Due to this bug, neither side read at this state, leading to permanent stuck. |
| 1329921 | QFX-10002:Degradation seen while comparing RE Install/Delete time between 17.2R1.13 and 17.2X75-D90 Releases |
When cleaning up routes as the peer goes down, we observe a 30% degradation in time taken in 17.2X75D91 as compared to 17.2 release. |
| 1351639 | The rpd crashes in JunOS 16.1 or higher during BGP convergence |
In JunOS 16.1 or higher, during BGP convergence, the input/output thread constructing the outgoing BGP PDU and manipulating the path attributes before hand-off the data to the socket. If this PDU length is zero, it will trigger an assertion and routing-protocol demon is restarting. |
| 1366823 | Ukern memory leak and core crash in BGP environment |
Ukern memory leak and fpc core crash might be happened when device configured link-node protection with labeled-bgp. |
| 1382892 | The rpd might crash under a rare condition if GR helper mode is triggered |
When graceful restart is configured on the BGP peer device, if the peer device initiate new TCP connection when there is an existing TCP connection for the BGP session, send OPEN message and this new TCP connection also get torn down immediately after establishment/sending of OPEN message. The rpd might crash. |
| 1412538 | BGP might stuck in Idle state when the peer triggers a GR restart event |
When NSR (nonstop-routing) is enabled in local device and BGP GR (Graceful-Restart) is enabled in peer device, if the peer triggers a GR restart (it is usually caused by some failure in peer or the peer restarts rpd, etc), some BGP sessions might stuck in Idle state. The reason is that when the GR restart happens, the device is still doing the initial sync to the backup RE of the previous sessions, so some BGP sessions might stuck in Idle state because the router does not complete the process (the initial sync of the data set to the backup). |
| 1446861 | The rpd CPU utilization gets 100% due to incorrect path-selection |
On Junos platforms with BGP-PIC (protect core) and "add-path" enabled scenario, the rpd CPU utilization gets 100% due to incorrect path-selection. This issue may impact route update convergence or even cause routing protocols to flap. |
| 1454198 | The rpd scheduler slip for BGP GR might be up to 120s after the peer goes down |
In BGP GR (graceful-restart) scenario (graceful-restart is configured for BGP or GR-helper mode is enabled by default), when high-scale routes get learnt from one peer, the rpd scheduler slip might be up to 120s after that BGP peer flaps. |
| 1454951 | The rpd process might crash when multipath is in use |
If multipath is enabled, in some certain conditions, The rpd process might crash while secondary route resolution is running. |
| 1461602 | The rpd scheduler slips might be seen on RPKI route validation enabled BGP peering router in a scaled setup |
In scaled BGP environment (e.g. global table ~3M routes or more) when there are a lot of (e.g 10k or more) more specific routes for a certain IPv4 or IPv6 prefix covered by some RV (route validation) record, a change in RV records database might lead to rpd (routing protocol daemon) scheduler slips, which could trigger routing protocol adjacency flap. The same could be triggered by executing "clear validation database" command or shortly after initial session RPKI (resource public key infrastructure) establishment event. |
| 1472671 | The rpd process might crash with BGP multipath and damping configured |
On all Junos platforms running with Border Gateway Protocol (BGP), if both BGP multipath and BGP damping are configured, it might happen that, when the active route, for example r1, is withdrawn but it is not really deleted due to damping, then BGP might be unable to find its original gateway when the route r1 is relearned and becomes the best route again. It will lead to the rpd process crash. |
| PR Number | Synopsis | Category: BBE Remote Access Server |
| 1431614 | Subscriber filtering for General Authentication Services traceoptions will report debug messages for other users. |
Subscriber filtering for General Authentication Services traceoptions will report debug messages for other users. |
| PR Number | Synopsis | Category: Cassis pfe microcode software |
| 1459698 | Traffic blackholing upon interface flap after DRD auto-recovery |
An interface stops forwarding traffic when MX software triggers a "DRD reorder timeout recovery" event follows by an interface flap on the same XMCHIP. When the logic is triggered, you will see a "cmtfpc_xmchip_drd_reorder_id_timeout_callback" message in the PFE syslog messages. This issue affects XM based MPCs (3E 4E 5E 6E 2E-NG 3E-NG). |
| PR Number | Synopsis | Category: Virtual-chassis platform/chassisd infrastructure PRs for MX |
| 1391011 | Interim accounting updates might not be sent for subscribers after Junos OS selective update |
On MX/MXVC platforms enabled with enhanced subscriber management, if Graceful Routing Engine Switchover (GRES) and Nonstop active Routing (NSR) are disabled, when the chassisd process is going to restart (which is resulted from Junos Selective Update), the system will make the transition of Routing Engine (RE) mastership from master to standby before the chassisd process restart. Due to this issue, the new standby RE didn't reboot as expected, which causes the pfed process being passive for 15 minutes. During the 15 minutes, all the interim accounting update will not sent for all the subscribers who login during this time range. |
| PR Number | Synopsis | Category: MX Platform SW - UI management |
| 1453533 | Alarm was not sent to syslog on MX10003 platform |
On the MX10003 platform, the alarmd wont write the alarm messages to the syslog. |
| 1453533 | Alarm was not sent to syslog on MX10003 platform |
On the MX10003 platform, the alarmd wont write the alarm messages to the syslog. |
| 1457657 | The chassisd process and all FPCs may restart after RE switchover |
The chassisd process and all FPCs may restart after RE switchover if the knob "master-only" is enabled. |
| PR Number | Synopsis | Category: OpenSSH and related subsystems |
| 1454177 | SSH login might fail if a user account exists in both local database and RADIUS or TACACS+. |
On SRX Series device, the SSH login from automation tools to the Junos device is not successful when using authentication method password (not 'keyboard-interactive'). If the username is configured both as a local user and also on a remote RADIUS or TACACS server, using the Juniper-Local-User-Name attribute pointing to a different local username. |
| PR Number | Synopsis | Category: Firewall Filter |
| 1478964 | The filter may not be installed if the "policy-map xx" is present under it |
If the "policy-map xx" option is configured under "family mpls" for filters, then the filters may not take effect after committing. |
| PR Number | Synopsis | Category: dhcpd daemon |
| 1474097 | Subnet information might be corrupted if it is passed by a radius server |
On all Junos platforms with jdhcpd daemon, Junos is acting as a DHCPv4 local server with an external RADIUS server, if using DHCPv4 options to request subnet data from RADIUS server, the mask value which RADIUS server offered might be effectively reversed. It could cause the DHCPv4 client fails to get the correct subnet information. |
| PR Number | Synopsis | Category: Ethernet OAM (LFM) |
| 1396540 | V44-CFM: NPC crash @ rt_nh_install (rnh=0x618123d8, rnh_src=0x0, rt=< optimized out>, p_rtt=0x74f886c0) at ../../../../src/pfe/common/pfe-arch/trinity/applications/route/rt_nh.c:631 |
As part of the EOAM programming the LM counters are allocated. When an interface is deleted, the EOAM LM counters needs to be cleared. This is done as part of EOAM punt deletion. But there are scenarios where the prog punt delete processing is received, the IFL is deleted in ukern. In this case the EOAM NHs are cleared but the LM counters are not freed. this can cause memory leak in jnh. This issue is seen for a scaled config, repeated addition and deletion of the interface configs when EOAM config is present |
| 1465608 | The EOAM CFM primary-vid functionality doesn't work if the enhanced-cfm-mode is enabled |
On MX10003 platform, the EOAM (Ethernet Operations, Administration, and Maintenance) CFM (Connectivity Fault Management) primary-vid functionality doesn't work if the enhanced-cfm-mode is enabled. The issue impacts the CFM functionality. |
| PR Number | Synopsis | Category: EVPN control plane issues |
| 1394803 | The process rpd crash may be observed with EVPN type-3 route churn |
In an EVPN scenario, rpd may crash with EVPN type-3 route churn due to a race condition (Incorrect sequence of allocating and freeing memory for processing the updates between BGP and EVPN). |
| 1428581 | The CE interface IP address is missed in mac-ip-table of the EVPN database |
In the EVPN scenario, if a CE interface has more than one IP addresses, when one of the addresses is taken by another CE, that IP address might be missed in mac-ip-table of the EVPN database. This issue may impact traffic/host reachability. |
| PR Number | Synopsis | Category: EVPN Layer-2 Forwarding |
| 1427109 | The device may proxy the ARP Probe packets in an EVPN environment |
In an EVPN environment with "ARP suppression" - the default setting, ARP probe packets from a PC to perform Duplicate Address Detection (DAD) are injected back into the interface. This causes the PC to think that its IP address is already in use. |
| PR Number | Synopsis | Category: Express PFE FW Features |
| 1372957 | Packets might be dropped after deleting a filter from an interface |
On PTX and QFX10K platforms, when a same filter is applied on both input and output directions at same time, packets might be dropped after removing that filter. |
| 1432116 | The FPC might crash when a firewall filter is modified |
In QFX10K/PTX series platforms, if a firewall filter with multiple match conditions is configured on interfaces which are Up and the firewall filter is modified (either a new action is added or the condition is added/removed etc.), the FPC might crash and restart. It might affect the service/traffic. |
| 1433648 | Traffic drop might occur on PTX/QFX during filter change operation |
On PTX/QFX platforms, a firewall configuration change operation may not be done correctly within the PFE causing transit packets drops. |
| PR Number | Synopsis | Category: Express PFE L2 fwding Features |
| 1442587 | The PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb |
Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact. |
| PR Number | Synopsis | Category: Express PFE Services including JTI, TOE, HostPath, Sflow |
| 1346493 | On QFX10K platforms, syslog error messages might be seen in syslog after configuring multiple LAG interfaces under sFlow protocol |
On QFX10K platforms, syslog error messages might be seen after configuring multiples interfaces which includes LAG Interfaces under the protocol sFlow. Example of messages: Mar 13 12:04:24 host1 fpc0 expr_dfw_asic_action_update_sflow_sample_id:2578 dfw inst lookup failed IFD_EGRESS_IMPL_FILTER Mar 13 12:04:24 host1 fpc0 Sflow prds_sflow_add_sample_in_hw(442): Sample class (60): Implicit-filter binding set error Mar 13 12:04:24 host1 fpc0 Sflow prds_sflow_handle_int_event(927): Error(1000) while enabling sflow in hw for intf 560 |
| PR Number | Synopsis | Category: PTX Express ASIC interface |
| 1418425 | Traffic loss could be seen for duration of hold-time down timer when flapping an interface with hold-time down timer configured |
On PTX with FPC3 installed, traffic loss could be seen for duration of hold-time down timer when flapping an interface with hold-time down timer configured. |
| PR Number | Synopsis | Category: PTX Express ASIC platform |
| 1384435 | An enhancement of optimizing the report to the single bit error check |
Due to transient hardware condition, single-bit error (SBE) events are corrected and have no operational impact. Reporting of those events had been disabled to prevent alarms and possibly unnecessary hardware replacements. This change applies to all Platforms using Hybrid Memory Controller (HMC). |
| PR Number | Synopsis | Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip |
| 1401396 | rpd core @cmgr_if_route_exists_condition_init, ctx_handle_node, task_reconfigure_complete |
Core and RPD reboot will be seen when condition-manger policy is configured for routing table xxx and the same table is repeatedly deleted+readded. Not fixed in 19.2R1, will be fixed in 19.2R2. |
| PR Number | Synopsis | Category: Kernel software for AE/AS/Container |
| 1429917 | The AE interface does not come up after rebooting the FPC/device though the physical member link is up |
When a single FPC carries minimum 10 member links which belong to the same or different AE (Aggregate Ethernet) bundle, if one of the static AE bundle (LACP is not enabled) has disabled member link, this static AE interface does not come up after rebooting the FPC/device though it has physical member link with UP state. |
| PR Number | Synopsis | Category: Integrated Routing & Bridging (IRB) module |
| 1442121 | The packets originating from the IRB interface might be dropped in VPLS scenario |
In VPLS scenario on the PE router, The packets originating from the IRB interface might be dropped, which look up for the LSI resolved on LT interface. In the multihoming VPLS scenario, the connect of the IRB interfaces between the multiple VPLS PEs might be broken due to this issue, which might result in dual master VRRP. |
| PR Number | Synopsis | Category: ISIS routing protocol |
| 1432398 | The "show isis adjacency extensive" output is missing state transition details |
CLI command 'show isis adjacency extensive' output in text format is missing some details from the adjacency transition log. The output in XML format is still correct. |
| 1455432 | The rpd might crash continuously due to memory corruption in ISIS setup |
With ISIS configured and in a very rare case, memory corruption may occur, this may cause rpd crash continuously. |
| PR Number | Synopsis | Category: jdhcpd daemon |
| 1373807 | BOOTP packets might be dropped if BOOTP-support is not enabled at the global level |
If BOOTP-support is not enabled at the global level, Bootstrap Protocol (BOOTP) packets may be dropped while receiving them on an interface because there is a defect that the device only checks BOOTP-support at the global level. |
| 1435039 | DHCP request might get dropped in a DHCP relay scenario |
In DHCP relay scenario, if the device (DHCP relay) receives a request packet with option 50 where the requested IP address matches the IP address of an existing subscriber session, such request packet would be dropped. In such a case the subscriber may need more time to get IP address assigned. The subscriber may remain in this state until it's lease expires if it has previously bound with the address in the option 50. |
| 1475248 | Telemetry data for relay/bindings/binding-state-v4relay-binding and relay/bindings/binding-state-v4relay-bound is not correct |
The output for DHCPv4 relay/bindings/binding-state-v4relay-binding and relay/bindings/binding-state-v4relay-bound sensors is not correct. |
| PR Number | Synopsis | Category: Security platform jweb support |
| 1431298 | Junos OS: Path traversal vulnerability in J-Web |
A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. Refer to https://kb.juniper.net/JSA10985 for more information. |
| PR Number | Synopsis | Category: Key Management Daemon |
| 1421591 | IPsec tunnels flapping causes KMD memory leak |
KMD leaks memory when DEP (dynamic endpoints) or static IPsec tunnels are flapping or getting re-established. In a scaled scenario this eventually leads to KMD crash due to memory exhaustion. |
| 1477181 | The kmd might crash due to the incorrect IKE SA establishment after the remote peer's NAT mapping address has been changed |
On MX platforms with MS-MPC/MS-MIC, after the IPsec VPN tunnel is up, if the NATTed remote peer's IP address has been changed (e.g. NAT pool changed on peer), IKE SA might establish with an incorrect gateway, and kmd might crash frequently during this IKE SA IP migration. |
| PR Number | Synopsis | Category: Layer 2 Control Module |
| 1431355 | The l2cpd process might crash and generate a core dump when interfaces are flapping |
If there are any conditional groups in the system, the l2cpd process might crash and generate a core dump when interfaces are flapping and the lldp neighbors are available. It might cause the dot1x process to fail and all the ports have a short interruption at the time of process crash. |
| 1450832 | VLAN config change with l2ald restart might cause Kernel sync issues and impact forwarding |
On all Junos platforms including MX, EX, QFX and SRX devices, VLAN config change with l2ald restart might cause Kernel sync issues and impact forwarding. The "show route forwarding table" may show dead BDs, MACs and the "show vlans extensive" may show the state as destroyed. |
| 1469635 | Memory leak on l2cpd process might lead to l2cpd crash |
On all Junos platforms with l2cpd (Layer-2 control protocols) daemon, committing configuration changes which are processed by l2cpd (e.g., flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, family ethernet-switching) might cause marginally memory leak. Committing the l2cpd processed configuration changes in a successive manner might cause the memory resource exhaustion (Some operations have the same effect as the committing action, e.g., bouncing a vlan-tagged interface in a successive way). Eventually, it could result in the l2cpd process crash. |
| PR Number | Synopsis | Category: Label Distribution Protocol |
| 1428843 | The LDP might withdraw a label for an FEC once the IGP route is inactive in inet.0 |
If LDP is used without using egress-policy, when the route from other routing protocol is preferred over the IGP route in inet.0, e.g. BGP-LU route exported in inet.0, LDP might withdraw the FEC label hence causing LDP traffic to get lost. |
| 1432138 | MPLS ingress LSP's might not come up after disable/enable of MPLS |
Dynamically configured RSVP LSP's for LDP link protection might not come up after disabling/enabling protocol MPLS. |
| 1442135 | The LDP route and LDP output label are not showing in the inet.3 table and LDP database respectively if enable OSPF rib-group |
With ldp-tunneling enabled, if enable OSPF rib-group to import OSPF route from inet.0 to inet.3 table, LDP might stop advertising label mappings for routes with nexthop tunneled over RSVP LSP. |
| 1460292 | High CPU usage and rpd coredump might be observed if "ldp track-igp-metric" is configured and IGP metric is changed |
If "protocols ldp track-igp-metric" is configured, metric change of IGP route might cause high CPU usage and rpd coredump on the device. |
| PR Number | Synopsis | Category: Multiprotocol Label Switching |
| 1435014 | The P2MP LSP branch traffic might be dropped for a while when the Sender PE is doing switchover |
On a system with NSR enabled, if the RSVP P2MP LSP with multiple branches is used (NGMVPN is one of the typical scenarios), when bringing down one of the branches (for eg, bringing one of the receivers down -- one of the receivers withdraws interest), and then if doing switchover on ingress PE, some unexpected traffic drop might be seen for a while. The reason is that the withdraw P2MP branch will be deleted but backup RE could not update properly and the LSP is down on the backup RE. After switchover is done, there is no loss seen. |
| 1465902 | The device may use the local-computed path for the PCE-controlled LSPs after link/node failure |
In a Path Computation Element Communication Protocol (PCEP) scenario where the link/node protection is enabled, the PCE-controlled LSPs may shift to the local-computed path after link/node failure upon path retry processing. |
| PR Number | Synopsis | Category: Multicast for L3VPNs |
| 1442054 | Memory leak might happen if PIM messages received over an MDT (mt- interface) in Draft-Rosen MVPN scenario |
On all Junos platforms configured in the Draft-Rosen Multicast Virtual Private Network (MVPN) scenario, if Protocol Independent Multicast (PIM) messages are received over an Multicast Distribution Tree (MDT) tunnel logical interface (mt- interface), there might be memory leak which will lead to the rpd process crash. |
| PR Number | Synopsis | Category: Fabric Manager for MX |
| 1462686 | PICs on all FPC might go to offline state when restarting any FPC after GRES on MX10003 |
With 17.4R2/17.4R2-S2+ release, if any MX10003 FPC restart or is set to be offline after GRES, the other FPC might coredump and all PICs might get stuck at offline state. Release in 18.x and above are not affected. |
| PR Number | Synopsis | Category: MX104 Software - Chassis Daemon |
| 1393716 | JUNOS enhancement configuration knob to modify mcontrol watchdog timeout |
Junos CLI enhancement to configure mastership refresh timeout value 9 to 30 via the chassis CLI command 'set chassis redundancy mastership-refresh-timeout'. |
| PR Number | Synopsis | Category: OS IPv4/ARP/ICMPv4 |
| 1427842 | Packet drops, replication failure, or ksyncd crashes might be seen on the logical system of a Junos OS device after Routing Engine switchover. |
On all Junos platform, in some rare conditions, there might be packet drops, replication failures or ksyncd crashes on the logical system. This issue may appear at the time of Routing Engine switchover if the system is running for a long time and lot of configuration changes have been made over the time. |
| PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
| 1146891 | EX4300-48MP: 'set system ports console log-out-on-disconnect' does not work |
'set system ports console log-out-on-disconnect' does not work |
| 1439906 | FPC might reboot if jlock hog occurs on all Junos VM based platforms |
On all Junos VM based platforms, if jlock hog occurs, FPC might reboot with "kernel: jlock hog reported". |
| 1442376 | EX2300 platforms might stop forwarding traffic or responding to console |
On EX2300/EX2300-C platforms, if Junos OS is with FreeBSD kernel version 11 with the build date on or after 2019-02-12, the switch might stop forwarding traffic or responding to console. A reboot is required to restore the service. |
| 1454950 | mgd error found during Junos 18.4R2.7 boot up and Junos did not work as expect |
Packet Forwarding Engine sometimes does not come up after system reboot.Timeout is required to handle the fifo tx/rx error. Debug sysctls are been removed. Mutex been added to handle to race condition. |
| 1469400 | EX3400 might reboot because of lack of watchdog patting |
On EX3400, if watchdog pat did not happen within stipulated time and it might reboot automatically with "0x2:watchdog" as reboot reason. |
| PR Number | Synopsis | Category: IPv6/ND/ICMPv6 issues |
| 1443576 | Junos OS: Improper handling of specific IPv6 packets sent by clients eventually kernel crash (vmcore) the device. (CVE-2020-1603) |
Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. Refer to https://kb.juniper.net/JSA10982 for more information. |
| PR Number | Synopsis | Category: PFE Peer Infra |
| 1404368 | chassisd process becomes unresponsive causing line-cards disconnecting from the RE due to high CPU usage. The peer-proxy-thread was stuck in a tight loop causing high CPU |
During a major network churn event, the chassisd process may become unresponsive due to the ppt ( peer-proxy-thread) being in a tight loop. This leads to FPCs being disconnected and reboot. |
| 1448858 | Interface attributes might cause high CPU usage of dcd |
When the interface attributes are configured, this configuration might cause an error in the IRSD (IRSD syncing errors) and lead the CPU usage of dcd spike up. The convergence time of this interface will be impacted. |
| PR Number | Synopsis | Category: TCP/UDP transport layer |
| 1449664 | FPC might reboot with vmcore due to memory leak |
On all Junos platforms, if the device is up for a long period (e.g. several weeks or months), there might be a slow memory leak happening in some error scenarios where an application tries to send some data on a stale TCP socket (e.g. short-lived TCP connections used by the mgd process), and this issue might lead to FPC reboot with vmcore files. |
| PR Number | Synopsis | Category: OSPF routing protocol |
| 1445078 | The rpd might crash in OSPF scenario due to invalid memory access |
In Open Shortest Path First (OSPF) scenario, rpd might crash when trying to resolve the Forwarding Address (FA) from an OSPF LSA type 5/7. The issue is due to accessing memory bytes exceeding the valid size, and occurs in rare condition. |
| PR Number | Synopsis | Category: Path computation client daemon |
| 1337049 | Two PCRpts are being sent when reporting SR static LSP to PCE |
In PCEP scenario with local SR-LSP configured, duplicate PCReport will be sent to PCE when restart pccd-service. |
| PR Number | Synopsis | Category: Protocol Independant Multicast |
| 1427720 | Multicast traffic might be lost for around 30 seconds during RE switchover |
On MVPN supported platform with PIM enabled, when multiple lo0.* interfaces are configured with the same IP address, and lo0.0 belongs to master routing instance and all the other lo0.* interfaces belong to another routing instance, around 30 seconds multicast traffic loss might be seen during RE switchover. |
| 1433625 | PIM-SM join message might be delayed with MSDP enabled |
In PIM-SM, a router must send an explicit join message (*,G) to the upstream router before receiving traffic from a specific group. There's a possibility that no device needs to receive multicast traffic through the RP anymore, then the RP receives prune message(s) and prunes all downstream routers, after this the subsequent join message (*,G) will be intercepted by RP, due to this the RP won't send the join message towards the source until receives MSDP SA message. |
| PR Number | Synopsis | Category: Periodic Packet Management Daemon |
| 1448670 | The connection between ppmd(RE) and ppman(FPC) might get lost due to session timeout |
Under certain circumstances such as JUNOS VM freeze at the Routing Engine, ppmd to ppman connection might be closed if the session timeout is greater than 3 seconds in either direction. This might lead to flapping of distributed ppm protocol adjacency such as lacp/mBFD. |
| PR Number | Synopsis | Category: Interface related issues. Port up/down, stats, CMLC , serdes |
| 1427093 | CRC errors can be seen when other manufacturer device is connected to QFX10K with QSFP-100GBASE-LR4-T2 optics |
CRC errors might be seen when other manufacturer device is connected to QFX10000 on a 100-Gigabit link with QSFP-100GBASE-LR4-T2. Other manufacturer device report CRC errors and input errors on those 100-Gigabit links. The QFX10000 interfaces do not show any errors. It might cause packet loss. |
| 1431743 | The et interfaces might not come up on QFX10000-60S-6Q |
On QFX10000-60S-6Q, with Junos 17.2R1-S8 onwards/17.3R3-S5/17.3R3-S6/18.1R3-S5, the et interfaces might not come up. |
| PR Number | Synopsis | Category: QFX Control Plane Kernel related |
| 1393044 | sdk-vmmd causes a high write I/O in Virtual Chassis Linecard members and SSD lifetime might be shorten. |
In Virtual Chassis environment with Solid State Drive (SSD) installed on the Linecard side, the sdk-vmmd (app-engine-virtual-machine management service) should not try to establish the retry connection to SNMPD when it is running in line card because SNMP is not running in line cards members. A debug logging might be written to the SSD card frequently due to repetitive retry connection. Therefore, the SSD lifetime might be shorten due to the exceeded amount of read/write. Due to this issue, the SSD card failure might be observed. |
| PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
| 1422958 | QFX5100-48T 10G interface might be auto-negotiated at 1G speed instead of 10G |
QFX5100-48T 10G interface might be auto-negotiated at 1G speed instead of 10G after peer device reboot. This issue will cause link down and impact customer service. |
| PR Number | Synopsis | Category: KRT Queue issues within RPD |
| 1386475 | The rpd process might end up with stuck krt queue entries in a VRF scenario |
In rare cases, if using vrf configurations along with a static default route to em0 or fxp0, the interface flaps may result in rpd end up with krt queue stuck. |
| PR Number | Synopsis | Category: RPD Next-hop issues including indirect, CNH, and MCNH |
| 1441550 | The rpd may crash or consume 100% of CPU after flapping routes |
When flapping the existed flood nexthop type routes, it may cause rpd crash or consume 100% of CPU. This issue may cause routing protocols sessions/neighbors flap or traffic loss. |
| PR Number | Synopsis | Category: RPD policy options |
| 1453439 | Routes resolution might be inconsistent if any route resolving over the multipath route |
On all Junos platforms, any route resolving over the multipath routes, one scenario is BGP over BGP. After the metric value of any PNH (refers to the second PNH and using it to performing the second time next-hop resolving) changes, meanwhile, if the hash-selection changes happened, it might result in routes resolution inconsistency. Traffic drops could be observed if the packages are still forwarding to the old PNH (Protocol Next Hop). Any recursive resolving multipath scenario might trigger this issue. |
| PR Number | Synopsis | Category: RPM and TWAMP |
| 1333190 | [RIO NPI-TWAMP]: Test sessions packets are dropped on server when DF bit is set to 1 |
When TWAMP test session packets from TWAMP client are received by TWAMP server with DF bit set(1), TWAMP server is dropping the packets and TWAMP test session are not established. |
| PR Number | Synopsis | Category: IPSEC functionality on M/MX/T ser |
| 1477483 | On NATT scenario the IKE Version 2 IPsec tunnel might flap if the tunnel initiator is not behind NAT |
On MX platforms with MS-MPC/MS-MIC card installed and NATT scenario, when the IPsec tunnel initiator is not behind NAT, it might cause IPsec tunnel flapping. It happens in IKEv2 scenario. |
| PR Number | Synopsis | Category: AMS (aggregated MS interface) related issues for load balanc |
| 1414109 | The services load balance might not be effective for AMS if the hash key under the forwarding-options hierarchy is configured |
On all MX-Series platforms with services load balance hash key under forwarding-options is configured, the load balance might not be effective in next-hop for aggregated multi-services (AMS) system interface. |
| PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
| 1459306 | The traffic might be stuck on MS-MPC/MS-MIC with sessions receiving huge number of affinity packets |
On MX platforms with MS-MPC/MS-MIC, if there are sessions receiving huge number of affinity packets (e.g. thousands of packets), the service interface might be brought down by the prolonged flow-control, and the mspmand process crash might happen. In this case, the traffic will be stuck due to this issue. |
| PR Number | Synopsis | Category: MPC7/8/9 chassis issues |
| 1437855 | The chassisd might crash after enabling hash-key |
On all Junos platforms, if hash-key is enabled, packets might be dropped due to chassisd crash, including packets on other FPCs on which the hash-key is disabled. |
| PR Number | Synopsis | Category: MX10003/MX204 Platform SW - Chassisd s/w defects |
| 1409930 | On MX10003 platform, after removing the FPC from a slot, when a new FPC is plugged in, chassis was showing old serial for this new FPC. |
On MX10003 platform, after removing the FPC from a slot, when a new FPC is plugged in, not only chassis was showing old serial for this new FPC. Entire FPC ideeprom data was retained. So all the fields were showing old values. |
| PR Number | Synopsis | Category: MX10002 RCB/LC Diagnostics defects |
| 1405787 | Voltage read failed for rail LTC3887-EA1-VDD0V9R2-CH0 |
On an MX10003 and an MX10008, its i2c bus may experience congestion. Thus the software may not be able to communicate on the first try. This PR optimizes the retry logic and its reporting. |
| PR Number | Synopsis | Category: Trio pfe l3 forwarding issues |
| 1426727 | Some CFM and BFD sessions might flap while collecting MPLS statistics |
On Junos-based platform with MPLS and MPLS statistics enabled as well as a CFM or BFD, when CFM with continuity-check interval less than 1000ms (e.g. 100ms) or BFD with minimum-interval less than 1000ms (e.g. 100ms), during the periodic MPLS statistics collection if there are a large number of next-hops (several thousand) related to MPLS forwarding, the transmission of the periodic CFM or BFD protocol packet may be delayed. It may cause some CFM or BFD sessions to expire on the remote side of the session due to timeout, which can further result in traffic drop due to CFM/BFD flapping. |
| 1434980 | PFE memory leak might be seen if MLPPP links are flapped |
On all Trio-based platforms, MLPPP links flap continuously might result in PFE memory exhaustion. Furthermore, the PFE crash might be seen due to running out of memory. |
| PR Number | Synopsis | Category: Trio pfe mpls- lsps,rsvp,vpns- ccc, tcc software |
| 1439453 | The flow label is not pushed when "chained-composite-next-hop ingress l2ckt/l2vpn" is enabled |
On MX platforms, in MPLS (Multiprotocol Label Switching) l2ckt/l2vpn with FAT (Flow-Aware Transport of Pseudowires) Flow Labels scenario, the flow label is not pushed when "chained-composite-next-hop ingress l2ckt/l2vpn" is enabled. The issue results in load balance problem for the l2ckt/l2vpn service. |
| PR Number | Synopsis | Category: Configuration mgmt, ffp, load-action, commit processing |
| 1359602 | Scheduled boot for both REs might fail with special time format |
On all platforms, if executing scheduled boot for both RE with special time format, the command might not work, it might only boot the master RE. |
| PR Number | Synopsis | Category: UI Infrastructure - mgd, DAX API, DDL/ODL |
| 1464439 | The CPU utilization on mgd daemon might be stuck at 100% after the netconf session is interrupted by flapping interface |
If a netconf session is initiated over inband connection, the CPU utilization on mgd daemon might be stuck at 100% after the netconf session which is executing an RPC call for some commands gets interrupted by flapping interface. There is no impact observed to control-plane or forwarding-plane, the subsequent netconf session will continue to function. |
| PR Number | Synopsis | Category: PTX/QFX10002/8/16 specific software components |
| 1408204 | The link flaps occur when a 100g QSFP is inserted into PTX which LFM (Link-Fault Management) is configured |
When a 100g QSFP is inserted into FPC on PTX, all the other interfaces on that FPC and the other FPCs might flap, since these interfaces are configured the smaller "pdu-interval" value of LFM. |
| 1421075 | An interface may go to downstate on QFX10000/PTX10000 platform |
On QFX10000/PTX10000 platform, an interface may go to downstate along with "FPC hard errors" due to Management Data Input/Output (MDIO) timeout. This is a timing issue and may be seen in some situations like FPC restart, port-speed change, link up/down, optics plug-in/plug-out. |
| 1427883 | On QFX10k/PTX10k platforms certain interfaces might go to down state |
On QFX10k/PTX10k platforms, explicitly configured hold time value for certain interfaces might get reset to default value which lead to the related ports go down. |
| 1450263 | Interfaces might flap forever after deleting the interface disable configuration |
In a rare scenario, the interface might flap forever after disabling and enabling it more than once within 12 seconds. |
| PR Number | Synopsis | Category: Virtual Private LAN Services |
| 1295664 | LSI interface might not be created causing remote MACs not being learnt with error log of "RPD_KRT_Q_RETRIES: ifl iff add: Device busy" |
With VPLS being configured, after upgrade to 15.1/16.1/17.x releases, in some circumstances VPLS LSI interface are not correctly created, causing remote MACs not being learnt and L2 VPLS outage. The issue is not reproduced and the code change is not a fix but add a instrumentation using a hidden command 'show vpls ipc-history', which should be captured right away when the issue is seen on latest releases. show vpls ipc-history <<<<< show vpls connections show krt queue show route forwarding-table extensive /var/log/messages |
| 1428862 | VPLS neighbors might stay in down state after configuration changes in vlan-id |
On all Junos platforms with NSR enabled, under EVPN-VPLS scenario, the VPLS neighbors might stay in down state after configuration changes in vlan-id. |
Security Alerts and Vulnerabilities
Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search