Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles19.2R1-S4: Software Release Notification for JUNOS Software Version 19.2R1-S4
Junos Software service Release version 19.2R1-S4 is now available.
19.2R1-S4 - List of Fixed issues| PR Number | Synopsis | Category: EX2300/3400 platform |
|---|---|---|
| 1477165 | EX3400 me0 interface might remain down Product-Group=junos |
The me0 interface of EX3400 does not come up when connected to 100m speed interface. |
| PR Number | Synopsis | Category: Border Gateway Protocol |
| 1396344 | Processing a large scale as-path regex will cause the flap of the route protocols Product-Group=junos |
When 'as-path-group' is configured under BGP, if a configuration with a large scale as-path regex is committed, the route protocols flap might be seen. |
| 1466734 | The configured BGP damping policy might not take effect after BGP is disabled and then enabled followed by "commit" Product-Group=junos |
The configured BGP damping policy might not take effect when BGP is disabled and then enabled followed by a "commit" CLI, only the default damping policy is in effect. However, if the BGP is disabled and enabled followed by a "commit full" CLI then both default damping and configured damping policy are both in effect. |
| 1473351 | Removing cluster from BGP group might cause prolonged convergence time Product-Group=junos |
Cluster removal from BGP group might lead to a state where each subsequent change to BGP configuration will trigger import policy reevaluation causing prolonged convergence time of several minutes. This might result in a traffic loss. |
| 1481589 | The rpd process might crash with BGP multipath and route withdraw occasionally Product-Group=junos |
In BGP multipath scenario on all Junos platforms, if original active/best BGP multipath routes got flapped occasionally, some routes, which are changed from best routes to alternative now, are removed from the BGP multipath route list, but its multipath flag are not cleared, due to some temporarily incorrect route reorder in BGP. And when the currently active route got withdrawn for some reason, and the original best routes again become the best routes then rpd might hit an assert and crash. |
| 1487691 | High CPU utilization might be observed when the outgoing BGP updates are sending slowly Product-Group=junos |
On all Junos platforms with the BGP routing protocols, the rpd process might go into a high CPU utilization causing slow network convergence. If a BGP peer is receiving and processing BGP updates slowly, this may cause the BGP output queue of the sending BGP peer to be full. When the queue is full it causes high CPU utilization of the BGP IO thread (bgpio, it is part of the rpd daemon) on the sending BGP peer. This defect could cause network-wide slow BGP network convergence. (See also https://kb.juniper.net/TSB17725) |
| PR Number | Synopsis | Category: Cassis pfe microcode software |
| 1459698 | Traffic blackholing upon interface flap after DRD auto-recovery Product-Group=junos |
An interface stops forwarding traffic when MX software triggers a "DRD reorder timeout recovery" event follows by an interface flap on the same XMCHIP. When the logic is triggered, you will see a "cmtfpc_xmchip_drd_reorder_id_timeout_callback" message in the PFE syslog messages. This issue affects XM based MPCs (3E 4E 5E 6E 2E-NG 3E-NG). |
| PR Number | Synopsis | Category: OpenSSH and related subsystems |
| 1454177 | SSH login might fail if a user account exists in both local database and RADIUS or TACACS+ Product-Group=junos |
SSH login from an automation tool to the Junos device might not be successful if the username is configured both as a local user and on remote RADIUS/TACACS server, and using authentication method 'password'. |
| PR Number | Synopsis | Category: Firewall Filter |
| 1466698 | An output bandwidth-percent policer with logical-bandwidth-policer applied to an AE bundle along with an output-traffic-control-profile has incorrect effective policing rate Product-Group=junos |
On MX platforms, for an AE bundle of at least two members hosted at two different FPCs, if the AE interface is with CoS output-traffic-control-profile of shaping-rate and with the output filter of policer with logical-bandwidth-policer and bandwidth-percent, the AE interface might have incorrect effective output policing rate. |
| PR Number | Synopsis | Category: Express PFE FW Features |
| 1432116 | The FPC might crash when a firewall filter is modified Product-Group=junos |
In QFX10K/PTX series platforms, if a firewall filter with multiple match conditions is configured on interfaces which are Up and the firewall filter is modified (either a new action is added or the condition is added/removed etc.), the FPC might crash and restart. It might affect the service/traffic. |
| 1462634 | The sample/syslog/log action in output firewall filter with packet of size less than 128 might cause ASIC wedge (all packet loss) on PTX platforms Product-Group=junos |
On PTX platforms, if output firewall filter is configured with sample/syslog/log action, the host interface might get wedged for packets with lengths 0-128 including Layer 3 headers. |
| PR Number | Synopsis | Category: PTX Express ASIC interface |
| 1412126 | PTX interface stays down after maintenance Product-Group=junos |
On PTX3000/PTX5000 linecard (QSFP28-100GBASE-LR4) interface may stay down after software upgrade. Issue is usually observed on links connected to another vendors equipment. |
| PR Number | Synopsis | Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip |
| 1418192 | The rpd process may crash if restarting the rpd or deactivating "logical-system" Product-Group=junos |
The rpd process might generate a core file when the user intentionally restarts the rpd or deactivates logical-system. |
| PR Number | Synopsis | Category: Kernel software for AE/AS/Container |
| 1441772 | On PTX/QFX AE outgoing traffic might be dropped after changes are made to AE Product-Group=junos |
On PE-chip based PTX/QFX platforms (including PTX1K/3K/5K/10K series, QFX10K series), if CoS IEEE-802.1 rewrite rule is configured and bound to the AE interface, traffic going out the AE interface might get dropped after changes are made to AE, due to nexthop install failure on ingress PFEs. |
| PR Number | Synopsis | Category: ISIS routing protocol |
| 1455432 | The rpd might crash continuously due to memory corruption in ISIS setup Product-Group=junos |
With ISIS configured and in a very rare case, memory corruption may occur, this may cause rpd crash continuously. |
| PR Number | Synopsis | Category: ISSU related issues for MMx |
| 1476505 | Dark window size is more than expected, lost 31.0872721524375 seconds of traffic Product-Group=junos |
In MX2K chassis with multiple line cards (XM and EA based) and SFB2 fabric, we may see a longer traffic drops in the order of 30 seconds depending on the number of line-cards in the chassis |
| PR Number | Synopsis | Category: PFE infra to support jvision |
| 1456275 | Queue data might be missing from path '/interfaces/interface/state' Product-Group=junos |
On subscribing to '/interfaces/interface/state/' it might get subscribed to '/junos/system/linecard/interface/traffic/' internally, instead of '/junos/system/linecard/interface/queue/' which might impact traffic. |
| PR Number | Synopsis | Category: Layer 2 Control Module |
| 1469635 | Memory leak on l2cpd process might lead to l2cpd crash Product-Group=junos |
On all Junos platforms with l2cpd (Layer-2 control protocols) daemon, committing configuration changes which are processed by l2cpd (e.g., flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, family ethernet-switching) might cause marginally memory leak. Committing the l2cpd processed configuration changes in a successive manner might cause the memory resource exhaustion (Some operations have the same effect as the committing action, e.g., bouncing a vlan-tagged interface in a successive way). Eventually, it could result in the l2cpd process crash. |
| PR Number | Synopsis | Category: lldp sw on MX platform |
| 1460347 | Multiple leaf's and prefixe's missing when LLDP neighbor added after the streaming started at global level Product-Group=junos |
Many attributes are not notified as part of LLDP on-change event when a new neighbor is learnt |
| PR Number | Synopsis | Category: mc-ae interface |
| 1447693 | The l2ald might fail to update composite NH Product-Group=junos |
This is a timing issue where the l2ald receive underlay NH from rpd as part of LSI IFF ADD (VPLS core NH) and creates flood NH. Due to a flap at local IFL or core (VPLS etc.), the l2ald receives multiple LSI IFF Add and Delete in some order. In some sequence where rpd delete underlay NH from Kernel Forwarding table but the l2ald still create flood NH with this underlay NH, because IFF delete is yet to be received at the l2ald, so l2ald might fail to update Composite NH. This is generic L2 issue and can happen without mc-ae. |
| PR Number | Synopsis | Category: Multiprotocol Label Switching |
| 1457681 | The rpd crash may be observed with traceoption enabled in MPLS Product-Group=junos |
On all Junos platforms, If the traceoption is enabled in MPLS and SNMP polling is going on, and during route lookup match a given route which one is neither router next-hop nor chain next-hop, then rpd crash may be observed. The rpd crash may cause all the routing protocols adjacencies to be reestablished. |
| PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
| 1439906 | FPC might reboot if jlock hog occurs on all Junos VM based platforms Product-Group=junos |
On a JUNOS VM using TSC clocking from the host system, "jlock hog" messages may be seen. This may lead to FPCs reboot. |
| PR Number | Synopsis | Category: IPv6/ND/ICMPv6 issues |
| 1439844 | DHCPv6 relay binding is not up when integrated routing and bridging(IRB) interface enabling DHCPv6 Snooping and Neighbor Discovery Inspection (NDI) simultaneously on EX9200 Product-Group=junos |
In DHCPv6 relay scenario, when DHCPv6 snooping and NDI enable simultaneously on IRB interface on EX9200, DHCPv6 relay binding is not up. |
| PR Number | Synopsis | Category: Kernel socket data replication issues for protocols that use |
| 1472519 | The kernel may crash and vmcore may be observed after configuration change is committed Product-Group=junos |
On all Junos platforms, after committing the configuration change (e.g. removal of protocols like mpls, isis, ldp from the interfaces), then the kernel may crash and vmcore may be observed. This issue also may cause protocol adjacency failure. |
| PR Number | Synopsis | Category: OSPF routing protocol |
| 1452118 | The TI-LFA backup path for adj-sid is broken in OSPF Product-Group=junos |
The TI-LFA (Topology-Independent Loop-Free Alternate) backup path for adj-sid is broken in OSPF where the shortest path to the node opposite the adj-sid is not the one hop path over the interface indicated by the adj-sid. If the backup path is broken when the primary path fails, it will cause traffic loss. |
| PR Number | Synopsis | Category: PE based L3 software |
| 1434567 | IPv6 neighbor solicitation packets getting dropped on PTX Product-Group=junos |
In IPv6 scenario on PTX platforms (including PTX3K/5K with FPC3, PTX1K, PTX10K), when a parity error which is due to hardware error occurs on FPC, the neighbor solicitation (NS) packets might get dropped. It will cause IPv6 neighbor discovery failure, and no relevant alarms or logs are reported during the issue. |
| PR Number | Synopsis | Category: Interface related issues. Port up/down, stats, CMLC , serdes |
| 1465302 | The physical interface of AE (Aggregated Ethernet) might take time to come up after disable/enable Product-Group=junos |
On Junos platforms, the physical interface of AE might come up after a long delay (4 mins) if there are millions of bgp routes learnt on the device. This delay is happening because PFE Manager thread is busy processing the routing updates from RE. These routing updates are the result of AE interface going down at the first step of disabling the interface. |
| 1480480 | The remaining interface may be still in downstate even the number of channelized interfaces is no more than 5 Product-Group=junos |
On the QFX5210-64C platforms, after reverting the number of channelized interfaces less than 6 per pipe, the remaining interfaces of the pipe may have a chance to be still in downstate, the expected behaviour is the port to be up automatically after the above changes. |
| 1480480 | The remaining interface may be still in downstate even the number of channelized interfaces is no more than 5 Product-Group=junosvae |
On the QFX5210-64C platforms, after reverting the number of channelized interfaces less than 6 per pipe, the remaining interfaces of the pipe may have a chance to be still in downstate, the expected behaviour is the port to be up automatically after the above changes. |
| PR Number | Synopsis | Category: QFX PFE Class of Services |
| 1476829 | QFX Platforms are exhibiting invalid PFE PG counter pairs to copy, src 0xfffff80, dst 0 Product-Group=junos |
On QFX Series Switches the following logs might be displayed as a result of polling class of service related SNMP OIDs. These messages might eventually lead to interface counters not being populated properly. There is no other impact from these messages. Nov 19 07:00:07 switch kernel: et-0/0/33: invalid PFE PG counter pairs to copy, src 0xfffff8012285d720, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/36: invalid PFE PG counter pairs to copy, src 0xfffff800076df570, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/37: invalid PFE PG counter pairs to copy, src 0xfffff8012285d750, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/40: invalid PFE PG counter pairs to copy, src 0xfffff800076df480, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/44: invalid PFE PG counter pairs to copy, src 0xfffff800255374e0, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/45: invalid PFE PG counter pairs to copy, src 0xfffff800076df420, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/46: invalid PFE PG counter pairs to copy, src 0xfffff800076de390, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/47: invalid PFE PG counter pairs to copy, src 0xfffff800076df210, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/48: invalid PFE PG counter pairs to copy, src 0xfffff800076dff30, dst 0 |
| PR Number | Synopsis | Category: RPD Next-hop issues including indirect, CNH, and MCNH |
| 1441438 | For a route received via EBGP the AIGP value may not be considered as expected Product-Group=junos |
This issue is related to BGP AIGP (accumulated IGP) feature. Normally, with AIGP enabled, BGP can select paths based on IGP metrics. This enables BGP to choose the shortest path between two nodes, even though the nodes might be in different ASs. But in some scenario where the same route is received from both IBGP and EBGP (the AIGP attribute is carried), the nexthop received over EBGP might not be resolved using the AIGP value. It means during the best-route selections, if the devices have to do tie-break in AIGP step then it may not work as expected. Thus the traffic might not go through the expected path. |
| 1441550 | The rpd may crash or consume 100% of CPU after flapping routes Product-Group=junos |
When flapping the existed flood nexthop type routes, it may cause rpd crash or consume 100% of CPU. This issue may cause routing protocols sessions/neighbors flap or traffic loss. |
| PR Number | Synopsis | Category: RPD policy options |
| 1433615 | Policy matching RD changes next-hop of the routes which do not carry RD Product-Group=junos |
If a policy-option with only conditions "from route-distinguisher" and "then next-hop a.b.c.d" is applied to BGP, the next hop for routes in the inet.0 might be set to this next hop a.b.c.d, even though these routes do not carry any route-distinguisher value (l3vpn.inet.0 is unaffected). |
| PR Number | Synopsis | Category: RPD route tables, resolver, routing instances, static routes |
| 1471968 | The rpd might crash when both instance-import and instance-export policies containing "as-path-prepend" action Product-Group=junos |
On all Junos platforms, when an internally route-leaking between routing-instances using instance-import and instance-export policies and both policies containing "as-path-prepend" actions, if this as-path is referred by some route, the rpd might crash after these route change/delete (e.g. clearing bgp neighborship, changing BGP/policy config, etc.). |
| PR Number | Synopsis | Category: Resource Reservation Protocol |
| 1445994 | Traffic blackhole likely if two consecutive PLRs along the LSP perform local repair simultaneously under certain mis-configured conditions Product-Group=junos |
In RSVP environment with link or node protection deployed, if two consecutive PLRs (point of local repair) along the LSP perform local repair simultaneously and if backup LSP signaling between the downstream PLR & MP (merge point) pair fails due to any reason, then the backup LSP signaling between the upstream PLR & MP pair also does not succeed. Then due to a software defect the upstream PLR does not correctly clean up the LSP state and continues to send traffic into the backup LSP, resulting in traffic blackhole at the downstream PLR. |
| 1476773 | RSVP LSPs might not come up in scaled network with very high number of LSPs if NSR is used on transit router Product-Group=junos |
If NSR is enabled on transit router with scaled RSVP LSPs, RESV message might not be sent from transit router because the path messages replication on master RE does not complete in time. Hence RSVP LSPs might not come up with traffic impact. |
| PR Number | Synopsis | Category: RPD API infrastructure |
| 1481953 | The rpd may crash when executing "show route protocol l2-learned-host-routing" or "show route protocol rift" CLI command on a router Product-Group=junos |
On all Junos platforms, executing the CLI command of "show route protocol l2-learned-host-routing" or "show route protocol rift" on a router may cause the rpd crash if there is an active route in bgp.rtarget.0 routing table. |
| PR Number | Synopsis | Category: RPM and TWAMP |
| 1434740 | TWAMP session keep pending state when co-operate with non-Juniper device Product-Group=junos |
When Juniper device co-operate with non-Juniper device on TWAMP feature, two sides will keep pending state because of different timeout format. |
| PR Number | Synopsis | Category: PTX5000 Platform including chassisd, RE, CB, power management |
| 1471178 | A PTX5K SIB3 might fail to come up in slot 0 and/or slot 8 when RE1 is master. Product-Group=junos |
A PTX5K SIB3 might fail to come up in slot 0 and/or slot 8 when RE1 is master. |
| PR Number | Synopsis | Category: All PRs related to platform SRX5XX |
| 1459037 | SRX branches device might not be reachable when initiating offline command for PIC Product-Group=junos |
For the SRX branches, the device might not be reachable when offline command is initiated for the PIC (request chassis fpc offline slot xx). It is related to the behaviour of broadcom SDK version 6.5.x. |
| PR Number | Synopsis | Category: Trio pfe l3 forwarding issues |
| 1426727 | Some CFM and BFD sessions might flap while collecting MPLS statistics Product-Group=junos |
On Junos-based platform with MPLS and MPLS statistics enabled as well as a CFM or BFD, when CFM with continuity-check interval less than 1000ms (e.g. 100ms) or BFD with minimum-interval less than 1000ms (e.g. 100ms), during the periodic MPLS statistics collection if there are a large number of next-hops (several thousand) related to MPLS forwarding, the transmission of the periodic CFM or BFD protocol packet may be delayed. It may cause some CFM or BFD sessions to expire on the remote side of the session due to timeout, which can further result in traffic drop due to CFM/BFD flapping. |
| PR Number | Synopsis | Category: Trio pfe microcode software |
| 1409626 | LACP DDOS policer is incorrectly triggered by other protocols traffic on all EX92XX/T4000 and MX platforms Product-Group=junos |
DDOS policer for LLDP/MVRP/Provider MVRP/dot1X is incorrectly identified as LACP DDOS violation on EX92xx/T4000 and MX series platforms. Issue can appear whenever there is an overflow of traffic from any of these protocols and triggers DDOS for LACP rather than the actual protocol. |
| PR Number | Synopsis | Category: Authentication, Authorization, Accounting, PAM (RADIUS/tacplus) |
| 1478959 | SSH login may hang and the TACAS plus server closes the connection without sending any authentication failure response Product-Group=junos |
On all Junos platforms, the SSH login session may hang if Junos device is sending an authentication request to the TACACS plus server with an incorrect secret and the TACAS plus server closes the connection without sending any authentication response. |
| PR Number | Synopsis | Category: Junos Automation, Commit/Op/Event and SLAX |
| 1461021 | Modifying the REST configuration might cause the system to become unresponsive Product-Group=junos |
When Representational State Transfer (REST) service configuration is modified, for example the REST service is configured and then deleted for multiple times, the system might become unresponsive, even to SSH and console. This issue has service impact. |
| PR Number | Synopsis | Category: UI Infrastructure - mgd, DAX API, DDL/ODL |
| 1464439 | The CPU utilization on mgd daemon might be stuck at 100% after the netconf session is interrupted by flapping interface Product-Group=junos |
If a netconf session is initiated over inband connection, the CPU utilization on mgd daemon might be stuck at 100% after the netconf session which is executing an RPC call for some commands gets interrupted by flapping interface. There is no impact observed to control-plane or forwarding-plane, the subsequent netconf session will continue to function. |
| PR Number | Synopsis | Category: PTX/QFX100002/8/16 platform software |
| 1464119 | FPC might restart during run time on PTX10K/QFX10K platforms Product-Group=junos |
On PTX10K/QFX10K platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions. |
Security Alerts and Vulnerabilities
Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search