Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles17.4R3-S1: Software Release Notification for JUNOS Software Version 17.4R3-S1
Junos Software service Release version 17.4R3-S1 is now available.
PR Number | Synopsis | Category: Software build tools (packaging, makefiles, et. al.) |
---|---|---|
1454144 | ACX SDK upgrade from 5.10 to 6.5.16 Product-Group=junos |
SDK upgrade from 5.10 to 6.5.16 is done in this release for the following ACX platforms: ACX1000, ACX1100, ACX2000, ACX2100, ACX4000, and ACX500. |
PR Number | Synopsis | Category: EX9200 Platform |
1467459 | The MAC move message may have an incorrect "from" interface when MAC moves rapidly Product-Group=junos |
On the EX2300/3400/4300/4600/9200 platform, in some cases, if MAC moves rapidly, traffic might be impacted and the MAC move message might have an incorrect "from" interface. |
PR Number | Synopsis | Category: EX2300/3400 PFE |
1448071 | Unicast arp requests are not replied with no-arp-trap option. Product-Group=junos |
When unicast arp request is received by EX3400/QFX5100 switch and it is configured with "set switch-options no-arp-trap option", the arp request may not be replied. This has been fixed and unicast ARP request will be replied even with "set switch-options no-arp-trap option" configuration. |
PR Number | Synopsis | Category: EX2300/3400 platform |
1477165 | EX3400 me0 interface might remain down Product-Group=junos |
The me0 interface of EX3400 does not come up when connected to 100m speed interface. |
PR Number | Synopsis | Category: Platform-side analytics for QFX |
1456282 | Telemetry traffic might not be sent out when telemetry server is reachable through different routing-instance Product-Group=junos |
On QFX Series switches (except for QFX10000) with Jvision enabled, the telemetry traffic might be locally dropped when the egress interface to the telemetry server is a part of non-default routing-instance. |
PR Number | Synopsis | Category: QFX Access control list |
1476708 | ARP packets are always sent to CPU regardless of whether the storm-control is activated Product-Group=junos |
On QFX5K platforms with VXLAN or VLAN scenario, ARP packets are not rate limited by the storm-control settings as the ARP packets will be copied to CPU by VLAN register settings and can be only rate limited by the CPU Queues rate-limit settings (ARP DDOS Queues). |
PR Number | Synopsis | Category: QFX PFE L2 |
1462171 | The LLDP function might fail when a Juniper device connects to a non-Juniper one Product-Group=junos |
On EX/QFX platforms with STP disabled, the LLDP function might fail when a Juniper device connects to a non-Juniper one. In this scenario, the LLDP PDU with destination MAC 01:80:c2:00:00:00, which is one of the three reserved MAC addresses for LLDP in IEEE 802.1AB, will be ignored by Juniper LLDP process, and this causes the LLDP function failure. This issue has service impact. |
PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
1437943 | The IPv4 fragmented packets might be broken if PTP transparent clock is configured Product-Group=junos |
When Precision Time Protocol (PTP) transparent clock is enabled, PTP adds the residence time to the Correction Field of the PTP packets as they pass through the device. On QFX5K platforms with PTP transparent clock enabled, the IPv4 fragmented packets of UDP datagram might be broken by PTP in some rare scenario, and the corrupted packets will be discarded by system. This issue has traffic impact. |
1460791 | JDI-RCT : QFX 5100 VC/VCF : Observing Error brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) after ISSU with Mini-PDT base configurations Product-Group=junos |
"multicast stats related errors like " brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running)" will be observed during ISSU and these messages are harmless and does not affect multicast functionality". |
PR Number | Synopsis | Category: QFX PFE MPLS |
1477301 | The traffic may be lost over QFX5100 switch acting as a transit PHP node in the MPLS network Product-Group=junos |
In the MPLS network, the packets may get dropped by egress node if the packets go through the QFX5100 switch acting as a transit PHP (penultimate-hop popping) node. |
PR Number | Synopsis | Category: CoS support on ACX |
1455722 | ACX5048 snmp polling will stalled after the link flap/ sfp replacement and ACX_COS_HALP(acx_cos_gport_sched_set_strict_priority:987): Failed to detach logs will be seen Product-Group=junos |
When inserting a SFP, the lowest ifd index available is assigned to the new interface created. During this sfp attach, an ifd-halp entry is also created in cos table for the interface. When SFPs are swapped and SFPs get their IFD index assigned interchanged as that of their old IFDs, issue is observed. As per PFE, the bcm port for the interface remains the same while IFD alone changes when removed and inserted. Hence while creating an ifd-entry for the interface in cos table, it is checked for any old entry still present for same bcm port. But the check done to validate for any old entry is improper. It does not check whether the old ifd index present is still for same bcm port. Due to this check missing, a valid ifd-entry of some other interface is getting deleted in cos table. Introduced the additional validation to ensure the old ifd index of the interface is still for same bcm port. Deleting of old ifd-entry is done only if bcm port of current entry and old ifd entry are same. Also added in existing debug message to display the ifd index which is getting deleted. |
PR Number | Synopsis | Category: MPC Fusion SW |
1454595 | The 100G Interfaces may not come up again after going down on MPC3E-NG Product-Group=junos |
On MPC3E-NG cards with 100G interface in use, if the interface detects Loss of Lock (LOL) on the link without Loss of Signal (LOS), the interface will go down and may not come up again after the link is recovered. |
PR Number | Synopsis | Category: a2a10 specific issue |
1471524 | The flowd and srxpfe process might stop immediately after you commit the jflowv9 configuration or after you upgrade Junos OS to affected releases. Product-Group=junos |
On all SRX platforms, if Jflow v9 is configured on the device, the flowd/srxpfe daemon might crash when committing the configuration or after upgrading to affected releases. It might show as a hung state for the device or the device will crash. Affected Releases are 12.3X48-D80 to D95 and 15.1X49-D160 to D200. |
PR Number | Synopsis | Category: These are new categories in the areas of PFE |
1460209 | Loop detection might not work on extended ports in Junos Fusion scenarios Product-Group=junos |
In Junos Fusion scenarios, if loop detection is enabled on extended ports, when a satellite device (SD) is rebooted, or when a satellite device is added or removed/re-added, the loop detection feature might not work. |
PR Number | Synopsis | Category: Border Gateway Protocol |
1473351 | Removing cluster from BGP group might cause prolonged convergence time Product-Group=junos |
Cluster removal from BGP group might lead to a state where each subsequent change to BGP configuration will trigger import policy reevaluation causing prolonged convergence time of several minutes. This might result in a traffic loss. |
1487691 | High CPU utilization might be observed when the outgoing BGP updates are sending slowly Product-Group=junos |
On all Junos platforms with the BGP routing protocols, the rpd process might go into a high CPU utilization causing slow network convergence. If a BGP peer is receiving and processing BGP updates slowly, this may cause the BGP output queue of the sending BGP peer to be full. When the queue is full it causes high CPU utilization of the BGP IO thread (bgpio, it is part of the rpd daemon) on the sending BGP peer. This defect could cause network-wide slow BGP network convergence. (See also https://kb.juniper.net/TSB17725) |
PR Number | Synopsis | Category: BBE Remote Access Server |
1431614 | Subscriber filtering for General Authentication Services traceoptions will report debug messages for other users. Product-Group=junos |
Subscriber filtering for General Authentication Services traceoptions will report debug messages for other users. |
PR Number | Synopsis | Category: Captive Portal, Content Delivery Daemon, and Service Plugin |
1445382 | The cpcdd process might crash continuously if the captive-portal-content-delivery service is activated for dual-stack PPPoE/DHCPv6 subscriber. Basically issue can occur when multiple add request for same subscriber and same IFL. Product-Group=junos |
On MX platforms running with subscriber-management enabled, if the single client connection of Point-to-Point Protocol over Ethernet (PPPoE) dual-stacked with Dynamic Host Configuration Protocol version 6 (DHCPv6) is established, and then the captive-portal-content-delivery (CPCD) service is activated for both PPPoE and DHCPv6 sessions, the cpcdd process might crash continuously and stop working due to this issue. Basically issue can occur when multiple add request for same subscriber and same IFL. |
PR Number | Synopsis | Category: Cassis pfe microcode software |
1380566 | FPC Errors might be seen in subscriber scenario Product-Group=junos |
In subscriber scenario, if the"service-accounting-deferred" is configured on dynamic-profile, and there is multicast to a large number of destinations on the same physical port, the FPC Errors might be seen. |
PR Number | Synopsis | Category: MX Platform SW - UI management |
1457657 | The chassisd process and all FPCs may restart after RE switchover Product-Group=junos |
The chassisd process and all FPCs may restart after RE switchover if the knob "master-only" is enabled. |
PR Number | Synopsis | Category: L2NG Access Security feature |
1478375 | The process dhcpd may crash in a Junos Fusion environment Product-Group=junos |
On EX92XX platforms with the DHCP snooping configured, if a peer receives DHCPv6 packets from the server without the "client-id" option present, and it is syncing packets to the other side at that time, then the process dhcpd crash may be observed. |
PR Number | Synopsis | Category: Device Configuration Daemon |
1430966 | EX92 unexpected "duplicate VLAN-ID" commit error Product-Group=junos |
A problem with configuration parsing related to vlan-list overlapped between units on the same interface There was a redundant call for the vlan-id checking function called when vlan-id-list is configured. There was a condition present to avoid this redundant call which was broken as part of the PR-1238128 fix. PR 1430966 and PR-1238128 are fixed now. |
1445370 | The VRRP IPv6 state might flap between init and idle states after configuring vlan-tagging Product-Group=junos |
On EX-series and QFX-series platforms with VRRP IPv6 deployment, the VRRP IPv6 state might flap between init and idle states after configuring vlan-tagging on the interface that the VRRP IPv6 is configured. |
PR Number | Synopsis | Category: Firewall Filter |
1478964 | The filter may not be installed if the "policy-map xx" is present under it Product-Group=junos |
If the "policy-map xx" option is configured under "family mpls" for filters, then the filters may not take effect after committing. |
PR Number | Synopsis | Category: dhcpd daemon |
1471161 | DHCP relay with forward-only might fail to send OFFER messages when DHCP client is terminated on logical tunnel interface Product-Group=junos |
On all Junos platforms, when DHCP relay is configured with forward-only, and DHCP client is terminated on logical tunnel interface that multiple IFLs under this lt- interface have a same VLAN, DHCP relay might fail to send OFFER messages. |
PR Number | Synopsis | Category: dynamic dcd prs |
1470622 | Executing commit might hang up due to stuck dcd process Product-Group=junos |
When dynamic DHCP sessions are existing in the device, if multiple commits in parallel are performed, the commit might hang up. |
PR Number | Synopsis | Category: Ethernet OAM (LFM) |
1396540 | V44-CFM: NPC crash @ rt_nh_install (rnh=0x618123d8, rnh_src=0x0, rt=< optimized out>, p_rtt=0x74f886c0) at ../../../../src/pfe/common/pfe-arch/trinity/applications/route/rt_nh.c:631 Product-Group=junos |
As part of the EOAM programming the LM counters are allocated. When an interface is deleted, the EOAM LM counters needs to be cleared. This is done as part of EOAM punt deletion. But there are scenarios where the prog punt delete processing is received, the IFL is deleted in ukern. In this case the EOAM NHs are cleared but the LM counters are not freed. this can cause memory leak in jnh. This issue is seen for a scaled config, repeated addition and deletion of the interface configs when EOAM config is present |
PR Number | Synopsis | Category: EVPN control plane issues |
1394803 | The process rpd crash may be observed with EVPN type-3 route churn Product-Group=junos |
In an EVPN scenario, rpd may crash with EVPN type-3 route churn due to a race condition (Incorrect sequence of allocating and freeing memory for processing the updates between BGP and EVPN). |
1485377 | The ARP entry is gone from kernel after adding and deleting the virtual-gateway-address Product-Group=junos |
On MX/QFX10002/QFX10008/QFX10016 devices within an EVPN-MPLS active-active multi-homing mode, when adding and deleting the virtual-gateway-address, the ARP entry to CE might disappear from the kernel. |
PR Number | Synopsis | Category: EX Chassis chassism/chassisd |
1446363 | Major alarm log messages for temperature conditions at 56 degrees Celsius Product-Group=junos |
A major alarm might be generated once any sensor temperature is hit at 56 degrees celsius. This is incorrect behavior and can be resolved by upgrading version of code. **Note: Even though incorrect alarms are triggered, the chassis will still shut down gracefully when "fire shutdown" threshold is hit as seen in operational mode > show chassis temperature-thresholds. |
PR Number | Synopsis | Category: Express PFE FW Features |
1433648 | Traffic drop might occur on PTX/QFX during filter change operation Product-Group=junos |
On PTX/QFX platforms, a firewall configuration change operation may not be done correctly within the PFE causing transit packets drops. |
1462634 | The sample/syslog/log action in output firewall filter with packet of size less than 128 might cause ASIC wedge (all packet loss) on PTX platforms Product-Group=junos |
On PTX platforms, if output firewall filter is configured with sample/syslog/log action, the host interface might get wedged for packets with lengths 0-128 including Layer 3 headers. |
1470385 | Incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands Product-Group=junos |
On PTX1000/PTX3000/PTX5000/PTX10000/PTX9000/QFX10000, sending hostpath traffic and check the ddos statistics might lead to incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands |
PR Number | Synopsis | Category: Express PFE Services including JTI, TOE, HostPath, Sflow |
1346493 | On QFX10K platforms, syslog error messages might be seen in syslog after configuring multiple LAG interfaces under sFlow protocol Product-Group=junos |
On QFX10K platforms, syslog error messages might be seen after configuring multiples interfaces which includes LAG Interfaces under the protocol sFlow. Example of messages: Mar 13 12:04:24 host1 fpc0 expr_dfw_asic_action_update_sflow_sample_id:2578 dfw inst lookup failed IFD_EGRESS_IMPL_FILTER Mar 13 12:04:24 host1 fpc0 Sflow prds_sflow_add_sample_in_hw(442): Sample class (60): Implicit-filter binding set error Mar 13 12:04:24 host1 fpc0 Sflow prds_sflow_handle_int_event(927): Error(1000) while enabling sflow in hw for intf 560 |
PR Number | Synopsis | Category: PTX Express ASIC interface |
1412126 | PTX interface stays down after maintenance Product-Group=junos |
On PTX3000/PTX5000 linecard (QSFP28-100GBASE-LR4) interface may stay down after software upgrade. Issue is usually observed on links connected to another vendors equipment. |
PR Number | Synopsis | Category: Optical Transport Interface |
1467712 | "MIC Error code: 0x1b0002" alarm might not be cleared for MIC on MPC5E when the voltage has returned to normal Product-Group=junos |
The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC5. |
PR Number | Synopsis | Category: ISIS routing protocol |
1432398 | The "show isis adjacency extensive" output is missing state transition details Product-Group=junos |
CLI command 'show isis adjacency extensive' output in text format is missing some details from the adjacency transition log. The output in XML format is still correct. |
PR Number | Synopsis | Category: Adresses ALG issues found in JSF |
1462984 | The H323 call with NAT64 cannot be established on the SRX5000 line of devices. Product-Group=junos |
On SRX5000 platforms, the H323 call with NAT enabled cannot be established when the H323 GK (Gatekeeper) works in direct mode. |
1474942 | The flowd or srxpfe process might stop when an ALG creates a gate with an incorrect protocol value. Product-Group=junos |
On SRX chassis clusters, when an ALG creates gate with incorrect protocol value, the flowd/srxpfe process might crash on one node. This issue might happen in the situation that an ALG receives a corrupted RTO message on secondary node. It might affect the traffic. |
PR Number | Synopsis | Category: Firewall Authentication |
1475435 | SRX Series: Unified Access Control (UAC) bypass vulnerability (CVE-2020-1637) Product-Group=junos |
A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy; Refer to https://kb.juniper.net/JSA11018 for more information. |
PR Number | Synopsis | Category: JSR Infrastructure |
1445791 | The show security flow session command fails with error messages when SRX4100 or SRX4200 has around 1 million routing entries in FIB Product-Group=junosvae |
On SRX4100/SRX4200 platforms, once 1 million Routing Information Base (RIB)/Forwarding Information Base (FIB) routes entries are present on the device, an error might be returned after issuing "show security flow session" or other Command-Line Interface (CLI) which requires the information from Packet Forwarding Engine (PFE). |
1450545 | Traffic loss might occur when there are around 80,000 routes in the FIB. Product-Group=junosvae |
On SRX1500 platform, when there are around 800K routes in forwarding information base (FIB), traffic loss might occur and abnormal error messages of some CLI commands would appear due to lack of memory on packet forwarding engine (PFE). This issue has traffic impact. |
PR Number | Synopsis | Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS) |
1429797 | Extended Ukern thread(PFEBM task) priority to support BBE performance tuning Product-Group=junos |
Original PFEBM task, which is system-critical for internal network performance/resilience, was running a medium priority; Can see tnp queue errrors by 'show pfebm all' on VCP-bearing FPC when high rate of punt traffic (like ARPs or BGP route updates, etc.) which go through VC links. It needs to run at high priority to assure timely packet handling. |
PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
1146891 | The knob of "set system ports console log-out-on-disconnect" may not work Product-Group=junos |
"set system ports console log-out-on-disconnect" does not work. |
1439906 | FPC might reboot if jlock hog occurs on all Junos VM based platforms Product-Group=junos |
On a JUNOS VM using TSC clocking from the host system, "jlock hog" messages may be seen. This may lead to FPCs reboot. |
1454950 | EX switches might not come up properly upon reboot Product-Group=junos |
EX switches might not come up properly upon reboot due to the date not been set up. |
1469400 | EX3400 might reboot because of lack of watchdog patting Product-Group=junos |
On EX3400, if watchdog pat did not happen within stipulated time and it might reboot automatically with "0x2:watchdog" as reboot reason. |
PR Number | Synopsis | Category: Kernel MPLS / Tag / P2MP Infrastructure |
1478806 | Kernel crash and device restart might happen Product-Group=junos |
In a corner case on Junos platform, where the family ccc is configured along with any other existing family within the same interface, like inet, inet6, etc. (basically, Junos never allows to do so, but somehow a customer did it ). And if the family ccc is deleted from the interface, which might cause kernel crash and the device reboot automatically, so all the traffic will be interrupted. |
PR Number | Synopsis | Category: Kernel socket data replication issues for protocols that use |
1472519 | The kernel may crash and vmcore may be observed after configuration change is committed Product-Group=junos |
On all Junos platforms, after committing the configuration change (e.g. removal of protocols like mpls, isis, ldp from the interfaces), then the kernel may crash and vmcore may be observed. This issue also may cause protocol adjacency failure. |
PR Number | Synopsis | Category: TCP/UDP transport layer |
1449664 | FPC might reboot with vmcore due to memory leak Product-Group=junos |
On all Junos platforms, if the device is up for a long period (e.g. several weeks or months), there might be a slow memory leak happening in some error scenarios where an application tries to send some data on a stale TCP socket (e.g. short-lived TCP connections used by the mgd process), and this issue might lead to FPC reboot with vmcore files. |
PR Number | Synopsis | Category: PTX Broadway based PFE MPLS-LSPs RSVP VPNs tcc ccc software |
1484255 | FPC might crash when dealing with invalid next-hops Product-Group=junos |
On PTX3000/PTX5000 platform with some specific FPCs, if the weights of links are set to an invalid value on an AE bundle interface or unilist (an unilist next-hop composed of several unicast next-hops), the FPC crash might be observed. It is a rare issue and the FPC will try to reload to resolve this problem. Traffic loss might be seen before the FPC completes the reload period. |
PR Number | Synopsis | Category: PTP related issues. |
1461031 | The PTP function may hog kernel CPU for a long time Product-Group=junos |
If the PTP function is configured, the process ppmd may be starved due to the defect that PTP function hog kernel CPU for a long time (>100ms), which can cause the "keep-alive" of the corresponding functions timeout such as ppmd based functions - LFM, BFD. |
PR Number | Synopsis | Category: Interface related issues. Port up/down, stats, CMLC , serdes |
1449406 | CRC error might be seen on the VCPs of the QFX5100 VC Product-Group=junosvae |
In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC. |
1449406 | CRC error might be seen on the VCPs of the QFX5100 VC Product-Group=junos |
In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC. |
PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
1471216 | The speed 10m might not be configured on the GE interface Product-Group=junos |
On QFX5100 and EX4300 mixed-mode Virtual Chassis, the speed 10m might not be configured on the GE interface. |
PR Number | Synopsis | Category: FIP snooping, FIP |
1325408 | Syslog message ERROR l2cpd[X]: ppmlite_var_init: iri instance = 36736 Product-Group=junos |
The error message "ppmlite_var_init: iri instance = 36736" is harmless and gets trigger whenever interface-speed is changed. |
PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
1406242 | QFX5200/5100 might not be able to send out control plane traffic to the peering device Product-Group=junos |
On all QFX5200/5100 platforms, the router might not be able to send out control plane traffic to the peering device along with "Failed to allocate 16384 DMA memory" messages. All the routing protocols running over the affected interfaces will be down due to this issue, and therefore it impacts the service. |
1406242 | QFX5200/5100 might not be able to send out control plane traffic to the peering device Product-Group=junosvae |
On all QFX5200/5100 platforms, the router might not be able to send out control plane traffic to the peering device along with "Failed to allocate 16384 DMA memory" messages. All the routing protocols running over the affected interfaces will be down due to this issue, and therefore it impacts the service. |
PR Number | Synopsis | Category: show route table commands, tracing, and syslog facilities |
1421076 | RPD crash might occur when changing prefix list address from IPv4 to IPv6 Product-Group=junos |
RPD crash might occur when changing prefix list address from IPv4 to IPv6 Configure IPv4 prefix-list: set policy-options prefix-list PREFIX_LIST 10.0.0.0/24 Configure a policy that has "then next policy" term: set policy-options policy-statement POLICY term PREF from prefix-list PREFIX_LIST set policy-options policy-statement POLICY term PREF then next policy set policy-options policy-statement POLICY term END then reject commit Note: If a terminating action is used for term PREF (such as "then accept"/"then reject") the core does not appear. Change prefix-list using "replace-pattern" [edit policy-options prefix-list PREFIX_LIST] replace pattern 10.0.0.0/24 with 2001:10::/64 commit RPD crash occurs |
PR Number | Synopsis | Category: Resource Reservation Protocol |
1476773 | RSVP LSPs might not come up in scaled network with very high number of LSPs if NSR is used on transit router Product-Group=junos |
If NSR is enabled on transit router with scaled RSVP LSPs, RESV message might not be sent from transit router because the path messages replication on master RE does not complete in time. Hence RSVP LSPs might not come up with traffic impact. |
PR Number | Synopsis | Category: RPM and TWAMP |
1333190 | [RIO NPI-TWAMP]: Test sessions packets are dropped on server when DF bit is set to 1 Product-Group=junos |
When TWAMP test session packets from TWAMP client are received by TWAMP server with DF bit set(1), TWAMP server is dropping the packets and TWAMP test session are not established. |
PR Number | Synopsis | Category: IPSEC functionality on M/MX/T ser |
1477483 | On NATT scenario the IKE Version 2 IPsec tunnel might flap if the tunnel initiator is not behind NAT Product-Group=junos |
On MX platforms with MS-MPC/MS-MIC card installed and NATT scenario, when the IPsec tunnel initiator is not behind NAT, it might cause IPsec tunnel flapping. It happens in IKEv2 scenario. |
1480692 | After kmd restart IPsec SA comes up but traffic fails for some time in certain scenarios Product-Group=junos |
On IPsec tunnel scenario with NAT-T (NAT traversal) used, when restarting kmd process, traffic blackhole might be seen even though the IPsec SAs are up. For reprogramming of these SAs, restart of the SAs would resolve the issue. |
PR Number | Synopsis | Category: SNMP Infrastructure (snmpd, mib2d) |
1392616 | The snmpd process might crash and cause a core dump Product-Group=junos |
The snmpd process leaks memory in snmpv3 query path and crashes. The issue is caused by a memory leak when the request PDU is dropped by SNMP when the snmp filter-duplicates configuration is enabled. Each request PDU has a structure pointer for the SNMPv3 security details. This is allocated when the PDU is created or cloned. But while dropping the duplicate requests, the corresponding structure is not freed, which causes the memory leak. |
PR Number | Synopsis | Category: SRX Argon module bugs |
1446481 | There is no active connection with SKY ATP server Product-Group=junosvae |
On vSRX, SRX1500, SRX4100, and SRX4200 platforms, due to a system API issue, the service plane is unable to establish a connection to SKY ATP Cloud. |
PR Number | Synopsis | Category: platform related PRs on SRX branch platforms |
1451474 | Priority tagged packets might be dropped with QinQ and native-vlan-id configuration on SRX branches platforms Product-Group=junos |
On SRX-branch platforms, if QinQ and native-vlan-id are configured, priority tagged packets (Priority tagged packets have their VLAN ID set to 0, and their priority code point bits might be configured with a CoS value.) would be dropped. Below is the detail. The newly added configuration "set interface input-native-vlan-push" is not supported by branch SRX. By default, input-native-vlan-push is disabled, which will cause untagged packets ingress from UNI (user-to-network) will not be added with inner tag on egressing out of NNI (network-to-network interface), and the priority only tagged packets ingress from UNI will be stripped of the priority tag when it egresses out of the UNI in the other end. Hence packets drop would be seen. |
1468430 | Tail drop on all ports is observed when any switch-side egress port gets congested. Product-Group=junos |
On the SRX300 line of devices with Mini-PIM installed, tail-drop might happen on all ports when the serial egress port gets congested. |
PR Number | Synopsis | Category: MPC7/8/9 Interface Issues |
1463015 | The EA WAN SerDes gets into a stuck state, leading to continuous DFE tuning timeout errors and link staying down. Product-Group=junos |
The interfaces on certain MX platforms might get stuck in a down state, if the remote interface sends invalid code to the local interface. Link might not come up even after the remote peer has begun sending a good signal. |
PR Number | Synopsis | Category: MX10002 RCB/LC Diagnostics defects |
1405787 | Voltage read failed for rail LTC3887-EA1-VDD0V9R2-CH0 Product-Group=junos |
On an MX10003 and an MX10008, its i2c bus may experience congestion. Thus the software may not be able to communicate on the first try. This PR optimizes the retry logic and its reporting. |
PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
1468663 | JNH memory leaks might be seen after CFM session flap for LSI/VT interfaces Product-Group=junos |
JNH memory leak may be seen when CFM session over the VPLS LSI interface/VT interface flaps if mip-half-function is used. |
PR Number | Synopsis | Category: PTX/QFX100002/8/16 platform software |
1464119 | FPC might restart during run time on PTX10K/QFX10K platforms Product-Group=junosvae |
On PTX10K/QFX10K platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions. |
PR Number | Synopsis | Category: Virtual Router Redundancy Protocol |
1450652 | Dual VRRP mastership might be seen after RE switchover ungracefully Product-Group=junos |
When VRRP works in distributed mode (ie. delegate-processing is enabled under VRRP) with more than 250 VRRP sessions, dual VRRP mastership might be observed after RE switchover ungracefully (e.g. master RE failure). |
PR Number | Synopsis | Category: EX9200 Platform |
---|---|---|
1377840 | EX9208 - Few XE interfaces are going down with error "if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error" |
On an EX9208 switch, few xe-interfaces are going down with the error message "if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error". |
PR Number | Synopsis | Category: QFX Access control list |
1429543 | The traffic with destination UDP port 520 (RIP) or 521 (RIPng) gets dropped on QFX5000/EX4600 platforms |
On QFX5000/EX4600 platforms, the received traffic will be dropped if the destination UDP port is 520/521 though the device runs pure layer 2 switching. |
PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
1459329 | OSPF stuck at Exchange state for lag interfaces in a QFX5100-EX4300 mixed VC setup whose child members belong to EX4300 after Rebooting VC. |
OSPF stuck at Exchange state for lag interfaces in a QFX5100-EX4300 mixed VC setup whose child members belong to EX4300 after Rebooting VC. |
PR Number | Synopsis | Category: Accounting Profile |
1458143 | A problem with statistics on some interfaces of a router may be observed after FPC or PIC reboot |
In some rare scenarios upon FPC or PIC reboot, the pfed (packet forwarding engine daemon) database may not get updated with the correct location_id for some physical interfaces (IFDs), then a problem with statistics on some interfaces of a router may be observed. If this issue happens in the subscriber management environment, and depending on the radius server configuration, it may cause the subscribers to get disconnected by the radius server because of the radius server can not receive the proper statistics update for the subscribers from the pfed. |
PR Number | Synopsis | Category: ACX Interfaces IFD, IFL, vlans, and BRCM init |
1435648 | JDI ACCESS REGRESSION:Protocols:Forwarding when using non-existing SSM map source address in IGMPv3 instead of pruning. |
Protocols get forwarded when using non-existing SSM map source address in IGMPv3 instead of pruning. This is a day 1 design issue which needs to be redesigned. The impact is more, But definitely this needs some soaking time in DCB before it gets ported in previous versions. So it will be fixed in DCB first. Discussion on this issue will be done after we have some bandwidth from our high priority issues. But it looks like we can't commit before 20.2. |
PR Number | Synopsis | Category: BBE interface related issues |
1480154 | commit check is needed for vlan-overlap configuration |
commit check is needed for vlan-overlap config |
PR Number | Synopsis | Category: Bi Directional Forwarding Detection (BFD) |
1354409 | AE interface and BFD session remain down after interface disable/enable |
With Bidirectional Forwarding Detection (BFD) configured on an aggregated Ethernet interface, if you disable/enable the aggregated Ethernet interface, then that interface and the BFD session might not come up. |
PR Number | Synopsis | Category: Border Gateway Protocol |
1265504 | BGP MIBv2 enterprise MIB objects for InetAddress types not properly generating OIDs |
When generating SNMP traps or notifications for BGP events from the jnxBgpM2 MIB, Junos OS does not emit objects of type InetAddress with the expected length field. This will cause compliant SNMP tools to be able to parse the contents of those objects properly. In particular, the length field for the InetAddress OBJECT-TYPE is omitted. Using the set protocols bgp snmp-options emit-inet-address-length-in-oid command causes these objects to emit in a compliant fashion. Given the length of time that this error has been in place, it was decided to leave the existing non-compliant behavior in place to avoid breaking tools that had accommodated the existing behavior as the default. |
1351639 | The rpd crashes in JunOS 16.1 or higher during BGP convergence |
In JunOS 16.1 or higher, during BGP convergence, the input/output thread constructing the outgoing BGP PDU and manipulating the path attributes before hand-off the data to the socket. If this PDU length is zero, it will trigger an assertion and routing-protocol demon is restarting. |
1414021 | The rpd gets stuck in a loop while doing the multipath calculation which leads to the high CPU usage |
In BGP with the indirect next-hop scenario, if uRPF is enabled, and then enable BGP multipath, a background job loop might be formed and the CPU utilization of rpd process might be stuck at 100%. |
1414121 | QFX5100 : BGP v4/v6 convergence & RIB install/delete time degraded in 19.1R1/19.2R1/19.3R1/19.4R1 |
BGP IPv4 or IPv6 convergence and RIB install/delete time is degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1. |
1456260 | Packets drop and CPU spike on RE might be seen in certain conditions if "labeled-unicast protection" is enabled for a CsC-VRF Peer |
On all Junos platforms under CsC (Carrier Supporting Carrier) scenario, PE link protection (labeled-unicast protection) is enabled, after one of the redundant links between CsC-CE flap or RSVP-TE LSP re-route from the primary path happens, it might result in slow convergence issue. Packets drop and CPU spike on the routing engine might be seen during this period. |
PR Number | Synopsis | Category: BBE Remote Access Server |
1402653 | The subscribers might need to take login retry in the scenario with high usage of the address pool |
On all Junos platforms running in subscriber scenario with address pool configured, if the address pool has high usage so that only few addresses are free to allocate, when there are subscribers logout and login, the released address by one subscriber might get re-used and allocated to the other subscriber very soon. Due to this issue, syslog error messages might be seen, and the affected subscriber might need to take retry for login. |
1449064 | Subscribers login fails when PCRF server is unreachable |
In Gx-Plus for Provisioning Subscribers scenario, when the PCRF (Policy and Charging Rules Function) server is unreachable or the diameter protocol is down, the subscriber login might fail to successfully establish a session or the subscribers might fail to bind a service policy by Gx-Plus after the PCRF Server connectivity is restored. |
PR Number | Synopsis | Category: Cassis pfe microcode software |
1459698 | Traffic blackholing upon interface flap after DRD auto-recovery |
An interface stops forwarding traffic when MX software triggers a "DRD reorder timeout recovery" event follows by an interface flap on the same XMCHIP. When the logic is triggered, you will see a "cmtfpc_xmchip_drd_reorder_id_timeout_callback" message in the PFE syslog messages. This issue affects XM based MPCs (3E 4E 5E 6E 2E-NG 3E-NG). |
PR Number | Synopsis | Category: MX Platform SW - UI management |
1453533 | Alarm was not sent to syslog on MX10003 platform |
On the MX10003 platform, the alarmd wont write the alarm messages to the syslog. |
PR Number | Synopsis | Category: Firewall Filter |
1473093 | Traffic might not be forwarded into the right queue but the default queue when VPLS traffic has three or more VLAN tags with VLAN priority 5 |
On the MX platform with MPC line card (except DPC line card) used, if an input firewall filter is configured at the ingress VPLS interface, the packet with a VLAN priority of 5 with three or more VLAN tags might be forwarded into the wrong queue. When this occurs, it might cause traffic loss due to congestion as all traffic is forwarded into the default queue. |
PR Number | Synopsis | Category: Covers Application classification workflows apart from custo |
1455465 | The traffic loss might occur when application service is configured |
On vSRX3.0 platform, the traffic loss might occur when application service is configured. |
1463159 | A core file will be generated when perform an ISSU on SRX platforms |
When APPID is enabled and perform an ISSU on SRX devices, it might cause traffic impact and generate core-dump file. |
PR Number | Synopsis | Category: Express PFE FW Features |
1432116 | The FPC might crash when a firewall filter is modified |
In QFX10K/PTX series platforms, if a firewall filter with multiple match conditions is configured on interfaces which are Up and the firewall filter is modified (either a new action is added or the condition is added/removed etc.), the FPC might crash and restart. It might affect the service/traffic. |
PR Number | Synopsis | Category: PTX Express ASIC platform |
1384435 | An enhancement of optimizing the report to the single bit error check |
Due to transient hardware condition, single-bit error (SBE) events are corrected and have no operational impact. Reporting of those events had been disabled to prevent alarms and possibly unnecessary hardware replacements. This change applies to all Platforms using Hybrid Memory Controller (HMC). |
PR Number | Synopsis | Category: idp flow creation, deletion,notification, session mgr intfce |
1444043 | SNMP queries may cause commit or show command to fail due to IDP |
On the SRX platform, commit or show command for IDP might not work if keeping run SNMP queries when large-scale IDP is used. |
PR Number | Synopsis | Category: Kernel software for AE/AS/Container |
1423707 | Traffic is dropped after FPC reboot with aggregated Ethernet member links deactivated by remote device |
On JUNOS routers and switches with Link Aggregation Control Protocol (LACP) enabled, deactivating a remote Aggregate Ethernet (AE) member link will make the local member link move to LACP Detached state. The Detached link will be invalidated from the PFE AE-Forwarding table as expected. However, if the device is rebooted with this state, all the member links will be enabled in PFE AE-Forwarding table irrespective of LACP states and result in traffic drop. |
1442080 | [subscriber_services/trinity-pfe-bbe] [core] pfe core during Starting Upgrade for FRUs in backup RE before Switchover 18.4R2 inflgiht ISSU |
During ISSU, PFE core may be seen in the setup having dynamic pppoe subscribers stacked on a static ps ifl. This is because, when the ps ifl is removed (due to catastrophic change after switchover), PFE finds that there are pppoe subscribers still stacked on ps and crashing. |
1474300 | A newly added LAG member interface might forward traffic even though its micro BFD session is down |
On all Junos platforms, if a static Link Aggregate Group (LAG) is configured, and Bidirectional Forwarding Detection (BFD) is enabled on the LAG which is also called as micro BFD, a newly added member link might start to forward traffic immediately when the configuration change commits even though its micro BFD session is still down, for example, add a new member interface only on single end, and the remote member interface is disabled or not added. Therefore, traffic loss might be seen due to this issue. |
PR Number | Synopsis | Category: Adresses ALG issues found in JSF |
1444068 | Packet's IP header have DF flag might be dropped by SRX ALG after payload-NAT |
On SRX platforms with ALG enabled, when ALG has done the payload-NAT, packet size maybe bigger than outgoing interface's MTU. If the packet's IP header has DF (Don't Fragment) flag, this packet cannot be sent out. |
PR Number | Synopsis | Category: Firewall Authentication |
1457570 | The same source IP sessions are cleared when the IP entry is removed from the UAC table. |
When uac entry is removed, all sessions which has the erased IP on uac are cleared regardless of uac-policy. |
PR Number | Synopsis | Category: Flow Module |
1458578 | The security flow traceoptions fills in with RTSP ALG-related information. |
security flow traceoptions file fills-in with RTSP ALG related information (once RTSP traffic is processed by SRX) despite configured traceoptions packet-filter does not match the traffic. It is display issue in troubleshooting. |
1462825 | The tunnel packets might be dropped because gr0.0 or st0.0 interface is wrongly calculated after a GRE or VPN route change. |
On SRX Series device, MTU is wrongly calculated in a gr0.0 or st0.0 interface after a GRE or VPN route change. If the command do-not-fragment is configured and the packet is bigger than the MTU, the packet might be dropped. |
PR Number | Synopsis | Category: Key Management Daemon |
1434521 | The kmd process might crash when DPD timeout for some IKEv2 SAs happens |
If IPsec with IKEv2 (Internet Key Exchange Version 2) used and multiple IPsec peers are established behind the same NAT (Network Address Translation), the kmd (Key Manager Daemon) process may crash if DPD (Dead Peer Detection) timeout for some IKEv2 SAs (Security Association) of these peers happens. The issue may result in IPSec traffic loss. |
PR Number | Synopsis | Category: Label Distribution Protocol |
1289860 | LDP egress policy not advertising label for inet.3 BGP labeled-unicast route |
On 16.1 onwards releases, if LDP egress policy is used for inet.3 Border Gateway Protocol (BGP) labeled-unicast route, the route lable might not be installed in Label Distribution Protocol (LDP) database. |
PR Number | Synopsis | Category: Multiprotocol Label Switching |
1435019 | The rpd will crash continuously if RSVP LSP link/node protection is configured |
On PPC platforms (PowerPC CPU based platforms), the rpd will crash continuously if RSVP (Resource Reservation Protocol) LSP (Label-switched Path) link/node protection is configured. Traffic loss might be seen during the rpd crash. |
1460283 | Pervious configured credibility preference it is not considered by CSPF despite the configuration is deleted or changed to prefer another protocol in TED |
After configuring the credibility, the new credibility preference value will be stored internally and its not cleared or consider by the CSPF module, incase if the perviously configuration of "traffic-engineering credibility-protocol-preference" was deleted or if you configure "traffic-engineering credibility-protocol-preference" under another protocol (for example ISIS) |
PR Number | Synopsis | Category: Multicast for L3VPNs |
1460625 | The rpd process might crash due to memory leak in "MVPN RPF Src PE" block |
In NG-MVPN scenario with multiple multicast sources, the rpd process might crash due to memory leak in "MVPN RPF Src PE" block. |
PR Number | Synopsis | Category: OS IPv4/ARP/ICMPv4 |
1442815 | ARP resolution might fail after ARP HOLD NHs are added and deleted continuously |
ARP (Address Resolution Protocol) address resolution might fail after ARP HOLD NHs (next-hop) are getting added and deleted from ARP entries continuously. |
PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
1463802 | The scheduled tasks might not be executed if "cron" daemon goes down without restart automatically |
The service utility "cron" runs in the background and regularly checks /etc/crontab for tasks to execute and searches /var/cron/tabs for custom crontab files. These files are used to schedule tasks which "cron" runs at the specified times. "cron" daemon is started during boot. If for some reason, the "cron" process exits, the scheduled tasks will not be executed. "cron" was not restarted automatically and had to be started manually. |
PR Number | Synopsis | Category: Issues related to PKI daemon |
1465966 | Loading CA certificate causes pkid core file to be generated. |
If a CA certificate includes CRL URL that doesn't have "/" to separate URL from the "hostname:port" section, when SRX loads it, pkid crash might happen and any service relies on CA will be affected, because the URL in CRL that is used to verify the validation of certificate will not work, that may cause security risk. |
PR Number | Synopsis | Category: vMX Platform Infrastructure related issue tracking |
1343170 | The vFPC might get absent resulting in the total loss of traffic |
On the MX150 platform, the vFPC (virtual Flexible PIC Concentrator) might get absent and the l2cpd and chassisd might crash. Hence all the traffic is discarded. |
PR Number | Synopsis | Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI |
1446540 | ZTP goes on forever when system has 18.1 or previous release and upgrading to 18.2 or later release, vice versa |
Platforms: QFX 10002, QFX10008, QFX10016 When upgrading these systems from 18.1 or previous release to 18.2 or later releases , a minor error is reported. But upgrade/downgrade goes through fine. One side effect of this error is that, if upgrade or downgrade is happening as part of ZTP, then ZTP fails. ZTP keeps on upgrading (or downgrading) forever and ZTP never completes. |
PR Number | Synopsis | Category: SW installation for all qfx platforms. |
1345848 | upgrade/downgrade from tvp to non-tvp is not supported. |
Downgrade from TVP image to non-tvp image is not supported. Upgrade from non-tvp to TVP is supported. |
1482593 | TIM: software rollback failed (17.4R3.16 tvp image to 18.4R2-S3 tvp image) |
software rollback failed (17.4R3.16 tvp image to 18.4R2-S3 tvp image) |
PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
1409448 | The 10G fiber interfaces might flap frequently when they are connected to other vendor's switch |
When QFX5100 and other vendor's switch are connected via 10G fiber link, flaps may happen sometimes. |
1466810 | EPR iCRC errors in QFX10000 series platforms might cause protocols down |
EPR iCRC errors in QFX10000 series platforms might cause protocols down. FPC will be in wedged state and will not pass traffic on that PFE if hitting this issue. EPR iCRC errors are normal and caused by transient hardware conditions. EPR iCRC errors are not expected to impact the protocols, and only one CRC failed packet will be dropped. But due to incorrect handling of this error, it affects protocols and causes FPC wedge. |
1482245 | TIM:errors seen in log during upgrade from 17.4R2 (nontvp) to 18.4R2 (tvp) |
following erros are observed during upgrade. Jan 10 01:56:59.618 st-fcoe-24q-03 chassisd[7246]: CHASSISD_SNMP_TRAP10: SNMP trap generated: redundancy switchover (jnxRedundancyContentsIndex 9, jnxRedundancyL1Index 1, jnxRedundancyL2Index 0, jnxRedundancyL3Index 0, jnxRedundancyDescr Routing Engine 0, jnxRedundancyConfig 2, jnxRedundancyState 1, jnxRedundancySwitchoverCount 1, jnxRedundancySwitchoverTime 10129, jnxRedundancySwitchoverReason 4) Jan 10 01:57:12.764 st-fcoe-24q-03 rpd[7279]: : krt_evpn_df_role_ifftlv_send ifftlv send failed with error: ENOENT -- Item not found (No such file or directory) Jan 10 01:57:12.764 st-fcoe-24q-03 rpd[7279]: : krt_evpn_df_role_ifftlv_send ifftlv send failed with error: ENOENT -- Item not found (No such file or directory) Jan 10 01:57:12.764 st-fcoe-24q-03 rpd[7279]: : krt_evpn_df_role_ifftlv_send ifftlv send failed with error: ENOENT -- Item not found (No such file or directory) Jan 10 01:57:12.764 st-fcoe-24q-03 rpd[7279]: : krt_evpn_df_role_ifftlv_send ifftlv send failed with error: ENOENT -- Item not found (No such file or directory) Jan 10 01:57:17.775 st-fcoe-24q-03 fpc0 CMQFX: Error requesting SET BOOLEAN, illegal setting 66 Jan 10 01:57:17.779 st-fcoe-24q-03 fpc0 CMQFX: Error requesting SET BOOLEAN, illegal setting 90 Jan 10 01:57:17.784 st-fcoe-24q-03 fpc0 CMQFX: Error requesting SET BOOLEAN, illegal setting 67 Jan 10 01:58:01.649 st-fcoe-24q-03 fpc0 IFRT: ifl 1 family add error (2) from handlers Jan 10 01:58:01.901 st-fcoe-24q-03 fpc0 IFRT: ifl 2 family add error (2) from handlers Jan 10 01:58:02.524 st-fcoe-24q-03 fpc0 CMQFX: cm_qfx_pfe_resync_done: FPC PFE resync_done fpc 0 sent; err:0 Jan 10 01:59:07.536 st-fcoe-24q-03 vhclient.9557.daemon: Error: /dev/sdb: unrecognised disk label :error[0] |
PR Number | Synopsis | Category: QFX L2 PFE |
1414213 | QFX5K: EVPN / VxLAN: Mutlicast NH limit is 4K |
In QFX5K, multicast next hop limit is 4K. so based on the configuration, if there are more than 4K multicast NHs getting created, some of NHs won't be installed and you may see traffic drop for those groups. |
PR Number | Synopsis | Category: QFX MPLS PFE |
1474935 | L2circuit might fail to communicate via VLAN 2 on QFX5K platforms |
On QFX5K platforms acting as L2circuit PE (tunnel terminating node), if VLAN 2 is used for L2circuit communication with CE node, the VLAN 2 packets might be dropped on PE. |
PR Number | Synopsis | Category: QFX VC Infrastructure |
1414492 | VC Ports using DAC may not establish link on QFX5200 |
On QFX5200, when virtual-chassis is configured, if the QSFP configured as VCP is removed and then inserted, VC Ports using direct attach copper (DAC) may not establish link. |
PR Number | Synopsis | Category: rosen-6 and rosen-7 mvpn bugs |
1405887 | The CLI command "show pim mdt data-mdt-limit instance " with family option might cause CPU usage of rpd high |
In draft-rosen MVPN scenario with data-mdt, if performing the CLI command "show pim mdt data-mdt-limit instance ", The output might go in loop and the rpd process might use high CPU. |
PR Number | Synopsis | Category: KRT Queue issues within RPD |
1388119 | During link flap, kernel veto messages are seen and traffic is being blackholed |
In JUNOS 16.1/later releases, when the quick interface "down/up" happens, IGP and BGP protocols perform RIB route-change, in some sceanrios we may observe rt_pfe_veto messages in syslog, due to slow PFE consumption, kernel will throttle RPD by sending ENOBUFS. In order to avoid this scenario we can configure in JUNOS the following values to the Kernel Routing Table IO: set routing-options krt-io-options work-queue-length high-threshold 250 set routing-options krt-io-options work-queue-length low-threshold 200 set routing-options krt-io-options tx-bulk-count 10 Important Notes: The above commands require RPD restart to take effect. When the "interface down" happens, IGP and BGP protocols perform RIB route-change. The IGP change is placed into a high priority queue and the exterior route change is placed into a low priority queue. For 64-bit systems, RPD workqueue size is 10000 and bulk count is 30. As a result, the head of line blocking for the IGP route change could potentially be up to 300000 rtsock requests, which causes the delay in FIB convergence for that particular prefix when the interface comes up immediately after interface down. |
PR Number | Synopsis | Category: RPD Next-hop issues including indirect, CNH, and MCNH |
1406070 | The rpd might crash or duplicated routes might be seen if doing configuration change with BGP multipath and flapping routes |
On all platforms, if doing configuration change (with BGP multipath) and flapping the IGP/LDP/RSVP routes simultaneously, the rpd crash or duplicated routes might be seen. |
1439317 | Packet drop might be seen on ACX platform when chained composite nexthop is enabled for L3VPN |
On ACX platform, packet drop might be noticed at PFE (Packet forwarding Engine) if chain composite for L3VPN is enabled in PE-PE directly connected scenario for those destinations that points to chain composite. The issue is seen when RPD ends up creating route pointing to chain composite instead of indirect nexthop for PE-PE directly connected. |
PR Number | Synopsis | Category: IPSEC functionality on M/MX/T ser |
1354757 | Newly provisioned IPsec tunnel could not forward traffic |
Newly provisioned IPsec tunnel may not forward traffic. This issue gets triggered in certain specific condition wherein the RE daemon(kmd) processes the Outside MS-IFL UP event followed by Inside MS-IFL UP event. Normally, kmd receives Inside MS-IFL UP event followed by Outside MS-IFL UP event and this is one of the main reason that this issue is very hard to reproduce. |
PR Number | Synopsis | Category: SNMP Infrastructure (snmpd, mib2d) |
1473288 | snmp trap coldStart agent-address becomes 0.0.0.0 |
agent-address on snmp trap coldStart might not be expected as configured |
PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
1102367 | MS-MIC, MS-MPC might generate coredump upon receiving fragmented traffic |
On MX Series routers where MS-MIC or MS-MPC is inserted, certain combinations of fragmented packets might lead to an MS-MIC or MS-MPC coredump. |
PR Number | Synopsis | Category: Stout PF fabric (SFB2) |
1461356 | Traffic might be impacted because the fabric hardening is stuck |
Fabric hardening (FH) is the process of controlling bandwidth degradation to prevent traffic black hole. When FH is processing, if SFB/SCB get failure, FH process will be stuck, which will get traffic lost. |
PR Number | Synopsis | Category: Stout cards (MPC7, MPC8, MPC9) microkernel issues |
1417362 | IFD bounces on MPC7 might lead to memory exhaustion that can eventually trigger the restart of the line card |
IFD bounces on MPC7 might lead to memory exhaustion that can eventually trigger the restart of the line card. |
PR Number | Synopsis | Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch |
1476786 | Traffic loss may be observed to the LNS subscribers in case the "routing-service" knob is enabled under the dynamic-profile |
On the MX platforms working in an enhanced subscriber environment, if the "routing-service" knob is enabled under the dynamic-profile for the LNS subscribers, l2tp services may not be programmed properly in the PFE due to timing, which causes forwarding issue to the affected subscribers. |
PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
1412457 | Ethernet MAC addresses may not be learnt after performing the "clear bridge mac table" |
An LU-base MPC may not learn Ethernet MAC address after the "clear bridge mac table" command is issued. Examples of LU-based MPC are the MPC2/3/4 and MPC-3D-16XGE |
PR Number | Synopsis | Category: Trio pfe l3 forwarding issues |
1427377 | PDT CUC-1398: NGMVPN traffic will not converge back after deactivate/activate of the routing-instance on receiver PE |
NGMVPN traffic will not converge back after deactivate/activate of the routing-instance on receiver PE as the traffic is reaching to the physical interface but not to the rvt interface. |
PR Number | Synopsis | Category: PTX/QFX10002/8/16 specific software components |
1409585 | The port at FPC(e.g. JNP10K-LC1101) might fail to come up |
On rare occasions, the port at FPC(e.g. JNP10K-LC1101) might fail to come up due to the retimer initialization failure upon the FPC reboot/OIR and a QSFP OIR. |
PR Number | Synopsis | Category: PTX/QFX100002/8/16 platform software |
1464119 | FPC might restart during run time on PTX10K/QFX10K platforms |
On PTX10K/QFX10K platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions. |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search