Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles18.2R3-S3: Software Release Notification for JUNOS Software Version 18.2R3-S3
Junos Software service Release version 18.2R3-S3 is now available.
NOTE
PR1463859 introduces a software defect that causes a 10GE interface to flap continuously when configured with the WAN-PHY framing with the default "hold-down" timer (0). Once you upgrade a router to an affected software release, the interface may flap continuously. This is not applicable to an interface with the default framing - LAN-PHY. [TSB17782]
PR Number | Synopsis | Category: Software build tools (packaging, makefiles, et. al.) |
---|---|---|
1417345 | The JSU package installation may fail Product-Group=junos |
In a specific scenario, the JSU (Junos OS selective upgrade) package installation on a router which has JET (Juniper Extension Toolkit) package installed may fail due to "Operation not permitted" error. This issue does not impact service and traffic. |
PR Number | Synopsis | Category: LLDP |
1464553 | The LLDP packets might get discarded on all Junos platforms Product-Group=junos |
On all Junos platforms, the LLDP packet received from any other vendor might get discarded. The issue is seen when there are two location-id in the same packet and the Junos device considers the LLDP packet as duplicate and discards it. This might result in the PoE phone not coming up or neighborship information not getting exchanged. |
PR Number | Synopsis | Category: L2NG RTG feature |
1461293 | MAC addresses learned on RTG may not be aged out after aging time Product-Group=junos |
MAC addresses learned on redundant trunk group (RTG) might not be aged out after aging time if the source interface is configured as RTG. |
PR Number | Synopsis | Category: EX4300 Control Plane |
1461434 | ERP might not revert back to IDLE state after reload/reboot of multiple switches Product-Group=junos |
On EX4300 platforms configured with ERP, after multiple devices reboot/restart at the same time, ERP might not revert back to the IDLE state. This issue might be seen in situations where the ERP node-id is not configured manually and after the restart, the default node-id (switch base MAC address) might get reset to 00:00:00:00:00:00, effectively causing multiple devices to have the same node-id. |
PR Number | Synopsis | Category: EX4300 PFE |
1448607 | NSSU cause a traffic loss again after the backup to master transitions Product-Group=junos |
In specific topology (VC uplink with VRRP and downlink client-side has a LAG), while doing NSSU on EX4300 VC, traffic loss might be observed again after the backup to master transitions. |
1470424 | The switch might not be able to learn MAC address with dot1x and interface-mac-limit configured Product-Group=junos |
On Junos platforms, if dot1x and interface-mac-limit are configured, when sending traffic continuously to the interfaces, the switch might not be able to learn MAC address. Hence traffic drop might be seen. |
1491348 | The traffic destined to VRRP VIP might be dropped after the IRB interface is disabled on the initial VRRP master Product-Group=junos |
On the EX4300 virtual-chassis scenario, the traffic destined to the VRRP Virtual IP Address (VIP) might be dropped on the Virtual-Chassis if the VRRP IRB interface is disabled on the initial VRRP master. For details, please refer to the following topology and problem description. Topology: +------------------virtual-chassis VC2---+ | | irb.1001 | +----------+ +----------+ | 192.168.1.3 | | sw3 +------------+ sw4 | | | +----------+ +----------+ | | |ae0 | irb.1001 +--------+-------------------------------+ VRRP VIP | 192.168.1.1 | |--------+ae1001----virtual-chassis VC1---+ | +----------+ +----------+ | irb.1001 | | sw1 +------------+ sw2 | | 192.168.1.2 | +------+---+ +----------+ | | | | +-----------------------------------------+ |0/0/20 | + SW 5 192.168.1.254 SW1 and SW2 are configured in VC1 SW3 and SW4 are configured in VC2 IRB.1001 with VRRP is configured on VC1 and VC2 IRB.1001, IP 192.168.1.3 and VRRP VIP 192.168.1.1 is on VC2 IRB.1001, IP 192.168.1.2 and VRRP VIP 192.168.1.1 is on VC1 VC1 is VRRP master Problem description: When the IRB.1001 is deactivated on VC1, traffic from SW5 ( 192.168.1.254) to VRRP VIP 192.168.1.1 (now active on VC2) is dropped on VC1. |
PR Number | Synopsis | Category: EX4300 Platform |
1445626 | The laser TX might be enabled while the interface is disabled Product-Group=junos |
In ex4300 switches when 1G SFP is connected to 10G port, Auto-negotiation should be disabled (when enabled causes many issues like ARP, link down..) hence when AN is disabled somehow corrupting the TX_DISABLE field hence Laser Tx remain enabled when disabling and plug-out - plug-in. |
PR Number | Synopsis | Category: Marvell based EX PFE L2 |
1474808 | Continuous dcpfe error messages and eventd process hogged might be seen on EX2300 VC scenario Product-Group=junos |
On EX2300 VC scenario, when host path packets are flooding through internal HG (higig) port, it might generate some dcpfe error messages which are harmless and eventd process hogged might also be seen. And it also might cause high CPU utilization which might affect protocol traffic. |
PR Number | Synopsis | Category: Marvell based EX PFE L3 |
1462106 | Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX-4600-EX-4300 VC Product-Group=junos |
Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX-4600-EX-4300 VC |
PR Number | Synopsis | Category: EX9200 Control Plane |
1452738 | The l2ald and eventd are hogging 100% after issued "clear ethernet-switching table" Product-Group=junos |
The l2ald and eventd processes are hogging 100% after issued "clear ethernet-switching table" and also the continuous syslog errors "l2ald[18605]: L2ALD_IPC_MESSAGE_INVALID: Invalid message received (message type 0, subtype 0): null message" are observed. |
PR Number | Synopsis | Category: EX9200 Platform |
1467459 | The MAC move message may have an incorrect "from" interface when MAC moves rapidly Product-Group=junos |
On the EX2300/3400/4300/4600/9200 platform, in some cases, if MAC moves rapidly, traffic might be impacted and the MAC move message might have an incorrect "from" interface. |
PR Number | Synopsis | Category: EX2300/3400 CP |
1458559 | The correct VoIP VLAN information in LLDP-MED packets might not be sent after commit if dynamic VoIP VLAN assignment is used Product-Group=junos |
If the dynamic assignment of VoIP VLAN is used, the switch might not send correct VoIP VLAN information in LLDP MED packets after any configuration change and commit. |
PR Number | Synopsis | Category: EX2300/3400 PFE |
1465526 | The fxpc might crash after mastership election on EX2300 and EX3400 platform Product-Group=junos |
On EX2300 and EX3400 platforms under virtual chassis(VC) scenario, fxpc might crash during mastership switchover process. |
1466423 | The broadcast and multicast traffic might be dropped over IRB or LAG interface in QFX/EX VC scenario Product-Group=junos |
On QFX5000/EX2300/EX3400/EX4600 Virtual Chassis (VC) platforms, the broadcast and multicast traffic might get dropped over some of the Link Aggregation Group (LAG) or Integrated Routing and Bridging (IRB) interfaces. Due to this issue, all the routing protocols replying on broadcast/multicast traffic would not be able to setup neighbor sessions, for example, some of the Open Shortest Path First (OSPF) sessions might be stuck in "Init" state over LAG or IRB interfaces. |
PR Number | Synopsis | Category: EX2300/3400 platform |
1361025 | On EX2300MP platforms, the fan count is wrong in jnxFruName,jnxFilledDescr and jnxContainersCount.4 Product-Group=junos |
On EX2300MP platforms, a wrong number of FAN count is shown in for jnxContainersCount. It shows 4 instead of 3. There is no functionality impact. |
1452209 | The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured Product-Group=junos |
On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow. |
1452209 | The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured Product-Group=junosvae |
On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow. |
1467707 | FPCs might get disconnected from EX3400 VC briefly after reboot/upgrade Product-Group=junos |
On EX3400 Virtual Chassis, during reboot or upgrade, because of a high CPU load in slow path of fxpc, TCP keep alive message is not sent. Hence, it is observed that sometimes a few Virtual Chassis members might get disconnected from the Virtual Chassis briefly and join back in 3-6 minutes. |
1469750 | Traffic loss might be observed between SFP-T connected interfaces on EX3400 platforms Product-Group=junosvae |
On EX3400 switches, traffic (Receive) loss might be seen when SFP-T is connected between interfaces. |
1471931 | EX3400 is advertising only 100m when configured the speed 100m with autoneg enabled Product-Group=junos |
With Auto-negotiation enabled EX3400 will advertise only 100m whenever we configure the speed 100m |
1477165 | EX3400 me0 interface might remain down Product-Group=junos |
The me0 interface of EX3400 does not come up when connected to 100m speed interface. |
PR Number | Synopsis | Category: DC PFE QoS |
1466770 | Slow packet drops might be seen on QFX5000 platforms Product-Group=junos |
The issue observed on QFX5000 platforms when there are any packets on the port before its buffer configuration is completed after the reboot. This issue is very rare and the window could be just few milli seconds. |
PR Number | Synopsis | Category: DHCP related Issues |
1467182 | [dhcp] [DHCP_RELAY]- JDI-_DHCP_-REGRESSION-SWITCHING:: DHCPvX ACK Messages did not receive response to Broadcast INFORM packets with 19.1R2.3 Product-Group=junos |
Few of DHCPvX INFORM Messages, specific to particular VLAN are not receiving any ACK from server. |
PR Number | Synopsis | Category: QFX Multichassis Link Aggregrate |
1465077 | The traffic might be forwarded to wrong interfaces in MC-LAG scenario Product-Group=junos |
On EX/QFX platforms with MultiChassis Link Aggregation Group (MC-LAG) configured, if the interface media of MC-LAG is changed from MultiProtocol Label Switching (MPLS) to Dense Wavelength Division Multiplexing (DWDM), the traffic might be forwarded to wrong interfaces and get dropped. |
PR Number | Synopsis | Category: QFX Access control list |
1379718 | Host destined packets with filter log action might not reach to the RE if log/syslog is enabled Product-Group=junos |
On EX4300/EX4600/QFX Series switches except for QFX10k, if host destined packets (that is, the destination address belongs to the device) come from the interface with ingress filter of log/syslog action (for example, 'filter <> term <> then log/syslog'), such packets should not be dropped and reach the Routing Engine. |
1476708 | ARP packets are always sent to CPU regardless of whether the storm-control is activated Product-Group=junos |
On QFX5K platforms with VXLAN or VLAN scenario, ARP packets are not rate limited by the storm-control settings as the ARP packets will be copied to CPU by VLAN register settings and can be only rate limited by the CPU Queues rate-limit settings (ARP DDOS Queues). |
PR Number | Synopsis | Category: QFX PFE CoS |
1432078 | Shaping does not work after the reboot if "shaping-rate" is configured Product-Group=junos |
On QFX5110, QFX5100 and EX4600 platforms, if "shaping-rate" is configured, the shaping feature might not work after a reboot. The service might be impacted as the traffic cannot be rate limited. |
PR Number | Synopsis | Category: QFX PFE L2 |
1421672 | Packet loss might be seen when one of the Spine switch fails or reboots Product-Group=junos |
On QFX5K/AS7816 series switches, a brief packet loss might be seen when one of the spine switch fails or reboots in a VxLAN setup as it takes time to update all the VTEPs to new next-hop towards the other Spine switch. This happens due to the Fast Reroute capability not being present for VxLAN technology. |
1431262 | ERPS (Ethernet Ring Protection Switching) nodes might not converge to IDLE state after failure recovery or reboot Product-Group=junos |
In ERPS topologies where EX/QFX platform switches are used, after failure recovery or reboot, some nodes might not converge to IDLE state and their interfaces might remain in discarding state. It is expected to have single STP (Spanning Tree Protocol) instance getting mapped to STG (Spanning Tree Group) however, in problematic state two STP instances get created, resulting in two STG and cause traffic loss. |
1437577 | Physical layer and MAC/ARP learning might not work for copper base SFP-T on QFX5100/QFX5110/EX4600 Product-Group=junos |
On QFX5100/QFX5110/EX4600 platforms, if copper base SFP-T is used, it might not get up on physical layer and the MAC/ARP learning might not work if it gets up. The PR fixes both layer-1 and layer-2 issues in this scenario. |
1467466 | Few MAC addresses might be missing from MAC table in software on QFX5k platform. Product-Group=junos |
On QFX5k platform, if Packet Forwarding Engine process is restarted manually or device reboot occurs, some MAC address(es) might not be seen on software MAC table but MAC address will be present in hardware table. |
1467763 | The fxpc.core might be seen when committing the configuration all together, e.g., after the reboot Product-Group=junos |
On EX2300/3400/4300/4600 and QFX Series switches except for QFX10k, if committing the configuration all together (e.g., after the reboot), the fxpc/PFE core dump might be found. In the Virtual Chassis scenario, the VC members might be splitted because the VC ports might not be created in time. |
1469596 | Ingress traffic might be blackholed if underlying interfaces flap in EVPN/VXLAN scenario Product-Group=junos |
On QFX5000 platforms with Ethernet Virtual Private Network (EVPN) and Virtual Extensible LAN (VXLAN) scenario, if there is the underlying interface flaps for the core network side, all the ingress traffic might be backholed by the VXLAN Tunnel Endpoint (VTEP) due to this issue. |
PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
1367439 | Invalid VRRP mastership election on QFX5110-VC peers Product-Group=junosvae |
In some specific scenarios, the configuration of bpdu-block-on-edge might cause both QFX5110 to claim as VRRP masters. |
1367439 | Invalid VRRP mastership election on QFX5110-VC peers Product-Group=junos |
In some specific scenarios, the configuration of bpdu-block-on-edge might cause both QFX5110 to claim as VRRP masters. |
1455547 | The coredump might occur during adding/removing EVPN Type-5 routing instance Product-Group=junos |
On QFX platforms, the coredump might occur during adding/removing EVPN Type-5 routing instance. The EVPN route would be corrupted and traffic/service impact appears if hitting the issue. |
1460791 | JDI-RCT : QFX 5100 VC/VCF : Observing Error brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) after ISSU with Mini-PDT base configurations Product-Group=junos |
"multicast stats related errors like " brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running)" will be observed during ISSU and these messages are harmless and does not affect multicast functionality". |
PR Number | Synopsis | Category: QFX PFE MPLS |
1475395 | Traffic blackhole might be seen on PE when CE sends traffic to PE and the destination is resolved with two LSPs through one upstream interface Product-Group=junos |
On QFX5K platforms with Layer3 VPN scenario, when CE sends traffic to PE and the destination is resolved with two LSPs through one upstream interface, the traffic blackhole might be seen on PE. It happens in ECMP scenario. |
1477301 | The traffic may be lost over QFX5100 switch acting as a transit PHP node in the MPLS network Product-Group=junos |
In the MPLS network, the packets may get dropped by egress node if the packets go through the QFX5100 switch acting as a transit PHP (penultimate-hop popping) node. |
PR Number | Synopsis | Category: SPC3 HW and SW Issues |
1429899 | Packet loss is caused by FPGA back pressure on SPC3. Product-Group=junos |
On SRX5000 Series devices with an SPC3 card, sometimes very small amount of packet loss is observed. |
PR Number | Synopsis | Category: SRX Macsec bug tracking |
1474674 | Packet drop might be observed on the SRX300 line of devices when adding or removing an interface from MACsec. Product-Group=junos |
On SRX3xx platforms, when adding/removing an interface from MACsec (e.g. enables/deactivates an interface under security macsec heirarchy), and that interface is configured with non-default properties of speed/mtu/autonegotiation/duplixity, packets drop might be observed on that interface. |
PR Number | Synopsis | Category: CoS support on ACX |
1455722 | ACX5048 snmp polling will stalled after the link flap/ sfp replacement and ACX_COS_HALP(acx_cos_gport_sched_set_strict_priority:987): Failed to detach logs will be seen Product-Group=junos |
When inserting a SFP, the lowest ifd index available is assigned to the new interface created. During this sfp attach, an ifd-halp entry is also created in cos table for the interface. When SFPs are swapped and SFPs get their IFD index assigned interchanged as that of their old IFDs, issue is observed. As per PFE, the bcm port for the interface remains the same while IFD alone changes when removed and inserted. Hence while creating an ifd-entry for the interface in cos table, it is checked for any old entry still present for same bcm port. But the check done to validate for any old entry is improper. It does not check whether the old ifd index present is still for same bcm port. Due to this check missing, a valid ifd-entry of some other interface is getting deleted in cos table. Introduced the additional validation to ensure the old ifd index of the interface is still for same bcm port. Deleting of old ifd-entry is done only if bcm port of current entry and old ifd entry are same. Also added in existing debug message to display the ifd index which is getting deleted. |
PR Number | Synopsis | Category: ACX Interfaces IFD, IFL, vlans, and BRCM init |
1284590 | ACX5k MacDrainTimeOut and bcm_port_update failed: Internal error Product-Group=junos |
On ACX5K, the buffer is corrupted on port 0 (*/*/0) and error message MACDRAINTIMEOUT and dcbcm_check_stuck_buffers are observed, which could eventually lead to port 0 (*/*/0) flapping. |
1411015 | The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx Product-Group=junos |
The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx. |
PR Number | Synopsis | Category: ACX MPLS |
1449681 | l2circuit with a "backup-neighbor" (hot-standby) configured may stop forwarding traffic after failovers Product-Group=junos |
On ACX platforms, if the "backup-neighbor" is configured with the "hot-standby" parameter, then l2circuit may stop passing traffic if the master path is down and back up again (l2circuit switchovers from the master path to the backup path, then moves back from the backup path to the master path) |
PR Number | Synopsis | Category: ACX GE, 10GE, PoE, IDT framers |
1439384 | interface on ACX1100 remains down when using SFP-1FE-FX (740-021487) Product-Group=junos |
Interface with SFP-1FE-FX transceiver optic (740-021487) will not come UP on ACX routers. |
PR Number | Synopsis | Category: MPC Fusion SW |
1454595 | The 100G Interfaces may not come up again after going down on MPC3E-NG Product-Group=junos |
On MPC3E-NG cards with 100G interface in use, if the interface detects Loss of Lock (LOL) on the link without Loss of Signal (LOS), the interface will go down and may not come up again after the link is recovered. |
1463859 | The MPC2E-NG/MPC3E-NG card with specific MIC might crash after a high rate of interface flaps Product-Group=junos |
If any MIC of MIC-3D-2XGE-XFP / MIC-3D-4XGE-XFP / MIC-3D-20GE-SFP-E / MIC-3D-20GE-SFP-EH / MIC-MACSEC-20GE is installed in MPC2E-NG/MPC3E-NG card, the Microkernel (uKern) might hog for CPU on Packet Forwarding Engine (PFE) when there is a high rate of interface flaps (~30/40 flaps per second). This will eventually trigger the MPC2E-NG/MPC3E-NG card crash with an NGMPC core file. Normally the excessive interface flapping won't happen frequently in real world and it may be caused due to external environment. This fix will reduce the impact and prevent the uKern hog when having such conditions. |
PR Number | Synopsis | Category: A15 specific issue |
1439744 | The SPC card might stop on the SRX5000 line of devices. Product-Group=junos |
On the SRX5400,SRX5600 or SRX5800 platforms with SPC2, the SPC could go into a hung state without processing any traffic. |
PR Number | Synopsis | Category: a20a40 specific issue |
1479255 | The RGx might fail over after RG0 failover in a rare case. Product-Group=junos |
On the SRX5000 platforms with SPC3 in use, the RGx (x>0) failover may be observed followed by RG0 failover, this is a timing issue and due to unexpected "hardware timeout" detected by RGx after RG0 failover. |
PR Number | Synopsis | Category: srx5k service offloading related PR |
1436421 | On an SRX4600 device, core file generation might be observed and SPM might be in present state. Product-Group=junos |
On SRX4600 devices, in rare cases, FPC0 and/or FPC1 may stay in Present state at boot and never come Online or may move to Present state during operation. When this occurs, J-Ukernel crashes and multiple chassis alarms may be observed. The reason is that the power chip doesn`t produce the right voltage. The fix is to set the right voltage (through upgrading the Jfirmware version). It would affect the traffic. |
PR Number | Synopsis | Category: These are new categories in the areas of PFE |
1460209 | Loop detection might not work on extended ports in Junos Fusion scenarios Product-Group=junos |
In Junos Fusion scenarios, if loop detection is enabled on extended ports, when a satellite device (SD) is rebooted, or when a satellite device is added or removed/re-added, the loop detection feature might not work. |
PR Number | Synopsis | Category: BBE Autoconfigured DVLAN related issues |
1467468 | L2 Wholesale not forwarding all client requests with stacked VLAN Product-Group=junos |
In the Non-ANCP Based L2 Wholesale scenario, if more than one request packets from customer side encapsulated in dual-tagged VLAN arrive at PE device, only the first one of the packets which share the same outer VLAN gets forwarded, and the rest will fail. |
PR Number | Synopsis | Category: BBE database related issues |
1457284 | UI_OPEN_TIMEDOUT: Timeout connecting to peer 'database-replication' Product-Group=junos |
Syslog "timeout connecting to peer database-replication" is generated when command "show version detail" issued. |
PR Number | Synopsis | Category: BBE interface related issues |
1467125 | The PPPoE subscribers get stuck due to the PPPoE inline keepalives don't work properly Product-Group=junos |
In the PPPoE subscriber management environment, due to the PPPoE inline keepalives timeout events may get dropped by the RE (routing engine), the PPPoE subscribers get stuck. This issue may cause the PPPoE subscribers are unable to reconnect. |
PR Number | Synopsis | Category: MIBs related to BBE |
1470664 | SNMP interface-mib stops working for PPPoE clients Product-Group=junos |
SNMP interface-mib stops working for PPPoE clients. In this scenario SNMP works fine for standard queries on the MX router, but for subscriber statistics always returns value of zero. |
PR Number | Synopsis | Category: Bi Directional Forwarding Detection (BFD) |
1432440 | In BFD and GR enabled scenario, BFD DOWN packets are not being sent immediately after BFD failure Product-Group=junos |
In both GR helper and GR restarter scenarios, BFD down packets are not immediately sent. It might cause an issue where BGP session down is notified before BFD DOWN. |
1448649 | JUNOS BFD sessions with authentication flaps after a certain time Product-Group=junos |
In the scenario where BFD session authentication is configured, after a certain period of time, BFD sessions flaps may be seen, this will cause the neighbor to be down. |
1470603 | The BFD client session might flap when removing BFD configuration from the peer end (from other vendor) of the BFD session Product-Group=junos |
Currently, when a BFD packet with session state set to "AdminDown" is received by Juniper Device, the Juniper device will check both the session state and the diagnostic code in the packet. If the session state is "AdminDown" and the diagnostic code is 7 (which means "diag AdminDown"), the BFD session will be set to "Down" and the BFD client (i.e. the service which is protected by BFD) will be notified with "AdminDown" and the BFD client session will not flap. But if the BFD packet with session state set to "AdminDown" along with diagnostic code other than 7 is received, the BFD client will be notified with "Down" and the BFD client session will flap. |
PR Number | Synopsis | Category: Border Gateway Protocol |
1382892 | The rpd might crash under a rare condition if GR helper mode is triggered Product-Group=junos |
When graceful restart is configured on the BGP peer device, if the peer device initiate new TCP connection when there is an existing TCP connection for the BGP session, send OPEN message and this new TCP connection also get torn down immediately after establishment/sending of OPEN message. The rpd might crash. |
1412538 | BGP might stuck in Idle state when the peer triggers a GR restart event Product-Group=junos |
When NSR (nonstop-routing) is enabled in local device and BGP GR (Graceful-Restart) is enabled in peer device, if the peer triggers a GR restart (it is usually caused by some failure in peer or the peer restarts rpd, etc), some BGP sessions might stuck in Idle state. The reason is that when the GR restart happens, the device is still doing the initial sync to the backup RE of the previous sessions, so some BGP sessions might stuck in Idle state because the router does not complete the process (the initial sync of the data set to the backup). |
1414121 | QFX5100 : BGP v4/v6 convergence & RIB install/delete time degraded in 19.1R1/19.2R1/19.3R1/19.4R1 Product-Group=junos |
BGP IPv4 or IPv6 convergence and RIB install/delete time is degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1. |
1454198 | The rpd scheduler slip for BGP GR might be up to 120s after the peer goes down Product-Group=junos |
In BGP GR (graceful-restart) scenario (graceful-restart is configured for BGP or GR-helper mode is enabled by default), when high-scale routes get learnt from one peer, the rpd scheduler slip might be up to 120s after that BGP peer flaps. |
1454951 | The rpd process might crash when multipath is in use Product-Group=junos |
If multipath is enabled, in some certain conditions, the rpd process might crash while secondary route resolution is running. |
1461602 | The rpd scheduler slips might be seen on RPKI route validation enabled BGP peering router in a scaled setup Product-Group=junos |
In scaled BGP environment (e.g. global table ~3M routes or more) when there are a lot of (e.g 10k or more) more specific routes for a certain IPv4 or IPv6 prefix covered by some RV (route validation) record, a change in RV records database might lead to rpd (routing protocol daemon) scheduler slips, which could trigger routing protocol adjacency flap. The same could be triggered by executing "clear validation database" command or shortly after initial session RPKI (resource public key infrastructure) establishment event. |
1472671 | The rpd process might crash with BGP multipath and damping configured Product-Group=junos |
On all Junos platforms running with Border Gateway Protocol (BGP), if both BGP multipath and BGP damping are configured, it might happen that, when the active route, for example r1, is withdrawn but it is not really deleted due to damping, then BGP might be unable to find its original gateway when the route r1 is relearned and becomes the best route again. It will lead to the rpd process crash. |
1473351 | Removing cluster from BGP group might cause prolonged convergence time Product-Group=junos |
Cluster removal from BGP group might lead to a state where each subsequent change to BGP configuration will trigger import policy reevaluation causing prolonged convergence time of several minutes. This might result in a traffic loss. |
1487691 | High CPU utilization might be observed when the outgoing BGP updates are sending slowly Product-Group=junos |
On all Junos platforms with the BGP routing protocols, the rpd process might go into a high CPU utilization causing slow network convergence. If a BGP peer is receiving and processing BGP updates slowly, this may cause the BGP output queue of the sending BGP peer to be full. When the queue is full it causes high CPU utilization of the BGP IO thread (bgpio, it is part of the rpd daemon) on the sending BGP peer. This defect could cause network-wide slow BGP network convergence. (See also https://kb.juniper.net/TSB17725) |
PR Number | Synopsis | Category: BBE Remote Access Server |
1431614 | Subscriber filtering for General Authentication Services traceoptions will report debug messages for other users. Product-Group=junos |
Subscriber filtering for General Authentication Services traceoptions will report debug messages for other users. |
1479697 | The CoA request may not be processed if it includes "proxy-state" attribute Product-Group=junos |
In a subscriber management environment, the CoA requests (such as deactivating/activating subscribers) sent from Radius server will fail if the "proxy-state" attribute is present. This attribute is still unsupported but will now be ignored if it's present in CoA requests. |
PR Number | Synopsis | Category: Cassis pfe microcode software |
1464820 | MPC5E/6E might crash due to internal thread hogging the CPU Product-Group=junos |
PR 1382182 (which is fixed in 16.2R3 17.1R3 17.3R3-S3 17.3R4 17.4R2-S3 17.4R3 18.1R3-S2 18.1R4 18.2R2 18.2X75-D40 18.3R2 18.4R1 19.1R1) introduced an improper code which could cause an internal thread to hog the CPU and eventually result in the MPC crash. It is a timing issue and affects MPC5E/6E. |
PR Number | Synopsis | Category: MX Platform SW - UI management |
1453533 | Alarm was not sent to syslog on MX10003 platform Product-Group=junos |
On the MX10003 platform, the alarmd wont write the alarm messages to the syslog. |
1453533 | Alarm was not sent to syslog on MX10003 platform Product-Group=junosvae |
On the MX10003 platform, the alarmd wont write the alarm messages to the syslog. |
1457657 | The chassisd process and all FPCs may restart after RE switchover Product-Group=junos |
The chassisd process and all FPCs may restart after RE switchover if the knob "master-only" is enabled. |
PR Number | Synopsis | Category: Class of Service |
1475508 | MX10008/MX100016 might generate cosd core after executing "commit/commit check" if "policy-map" configuration is set Product-Group=junos |
On MX10008 and MX10016 platforms, the cosd crash might be seen after executing "commit/commit check" if "policy-map" configuration is set. |
PR Number | Synopsis | Category: L2NG Access Security feature |
1478375 | The process dhcpd may crash in a Junos Fusion environment Product-Group=junos |
On EX92XX platforms with the DHCP snooping configured, if a peer receives DHCPv6 packets from the server without the "client-id" option present, and it is syncing packets to the other side at that time, then the process dhcpd crash may be observed. |
PR Number | Synopsis | Category: OpenSSH and related subsystems |
1454177 | SSH login might fail if a user account exists in both local database and RADIUS or TACACS+. Product-Group=junos |
SSH login from an automation tool to the Junos device might not be successful if the username is configured both as a local user and on remote RADIUS/TACACS server, and using authentication method 'password'. |
PR Number | Synopsis | Category: Device Configuration Daemon |
1475634 | Commit error is not thrown when member link is added to multiple aggregation group with different interface specific options Product-Group=junos |
Commit error is not thrown when member link was added to multiple aggregation group with different interface specific options. When member interface added to bundle with both ether and gig-ether interface specific options, gig-ether option takes precedence over ether options. |
PR Number | Synopsis | Category: Firewall Filter |
1452435 | Commit error and dfwd coredump might be observed when applying a firewall filter with action "then traffic-class" or "then dscp" Product-Group=junos |
Commit failure with error might be seen and the dfwd crashes when applying a firewall filter with action "then traffic-class" or "then dscp" to an interface. |
1465093 | On MX10008 and MX10016 routers policer bandwidth-limit cannot be set higher than 100g Product-Group=junos |
MX10008 and MX10016's "policer bandwidth-limit" can not be set higher than 100G. |
1466698 | An output bandwidth-percent policer with logical-bandwidth-policer applied to an AE bundle along with an output-traffic-control-profile has incorrect effective policing rate Product-Group=junos |
On MX platforms, for an AE bundle of at least two members hosted at two different FPCs, if the AE interface is with CoS output-traffic-control-profile of shaping-rate and with the output filter of policer with logical-bandwidth-policer and bandwidth-percent, the AE interface might have incorrect effective output policing rate. |
1473093 | Traffic might not be forwarded into the right queue but the default queue when VPLS traffic has three or more VLAN tags with VLAN priority 5 Product-Group=junos |
On the MX platform with MPC line card (except DPC line card) used, if an input firewall filter is configured at the ingress VPLS interface, the packet with a VLAN priority of 5 with three or more VLAN tags might be forwarded into the wrong queue. When this occurs, it might cause traffic loss due to congestion as all traffic is forwarded into the default queue. |
1478964 | The filter may not be installed if the "policy-map xx" is present under it Product-Group=junos |
If the "policy-map xx" option is configured under "family mpls" for filters, then the filters may not take effect after committing. |
PR Number | Synopsis | Category: dhcpd daemon |
1471161 | DHCP relay with forward-only might fail to send OFFER messages when DHCP client is terminated on logical tunnel interface Product-Group=junos |
On all Junos platforms, when DHCP relay is configured with forward-only, and DHCP client is terminated on logical tunnel interface that multiple IFLs under this lt- interface have a same VLAN, DHCP relay might fail to send OFFER messages. |
1474097 | Subnet information might be corrupted if it is passed by a radius server Product-Group=junos |
On all Junos platforms with jdhcpd daemon, Junos is acting as a DHCPv4 local server with an external RADIUS server, if using DHCPv4 options to request subnet data from RADIUS server, the mask value which RADIUS server offered might be effectively reversed. It could cause the DHCPv4 client fails to get the correct subnet information. |
PR Number | Synopsis | Category: Covers Application classification workflows apart from custo |
1454180 | Introduction of default inspection limits for application identification to optimize CPU usage and improve resistance to evasive applications. Product-Group=junos |
AppID is significantly more resistant to evasive applications. It does this by introducing default inspection-limits which can be adjusted by using the new commands 'set services application-identification inspection-limit' and 'set services application-identification global-offload-byte-limit'. |
1463159 | A core file might be generated when you perform an ISSU on SRX Series devices. Product-Group=junos |
When APPID is enabled and perform an ISSU on SRX devices, it might cause traffic impact and generate core-dump file. |
1479684 | Recent changes to JDPI's classification mechanism caused a considerable performance regression (more than 30 percent). Product-Group=junos |
Recent changes to JDPI's classification mechanism caused a considerable performance regression (30%+). |
PR Number | Synopsis | Category: JUNOS Dynamic Profile Configuration Infrastructure |
1188434 | UID may not release properly in some scenarious after service session deactivation Product-Group=junos |
When same UID objects are used in both inet and inet6 services of the same subscriber session, deactivation the first session cause conditions which avoid releasing UID entry after deactivation second service session. This leads to having stale UID entry and can cause subscriber's connection problem in the future when UID pool would be completely exhausted. The probability of hitting the issue increases if amount subscriber to amount of unique services ratio is aproaching 1 (i.e. when almost every subscriber has a service with unique servie objects). |
PR Number | Synopsis | Category: dynamic dcd prs |
1470622 | Executing commit might hang up due to stuck dcd process Product-Group=junos |
When dynamic DHCP sessions are existing in the device, if multiple commits in parallel are performed, the commit might hang up. |
PR Number | Synopsis | Category: Ethernet OAM (LFM) |
1396540 | V44-CFM: NPC crash @ rt_nh_install (rnh=0x618123d8, rnh_src=0x0, rt=< optimized out>, p_rtt=0x74f886c0) at ../../../../src/pfe/common/pfe-arch/trinity/applications/route/rt_nh.c:631 Product-Group=junos |
As part of the EOAM programming the LM counters are allocated. When an interface is deleted, the EOAM LM counters needs to be cleared. This is done as part of EOAM punt deletion. But there are scenarios where the prog punt delete processing is received, the IFL is deleted in ukern. In this case the EOAM NHs are cleared but the LM counters are not freed. this can cause memory leak in jnh. This issue is seen for a scaled config, repeated addition and deletion of the interface configs when EOAM config is present |
1465608 | The EOAM CFM primary-vid functionality doesn't work if the enhanced-cfm-mode is enabled Product-Group=junos |
On MX10003 platform, the EOAM (Ethernet Operations, Administration, and Maintenance) CFM (Connectivity Fault Management) primary-vid functionality doesn't work if the enhanced-cfm-mode is enabled. The issue impacts the CFM functionality. |
PR Number | Synopsis | Category: EVPN control plane issues |
1467309 | The rpd might crash after changing EVPN related configuration Product-Group=junos |
In EVPN scenario without encapsulation type specified (the default EVPN encapsulation type is set to MPLS), if "vlan-id none" and "vni " is configured in EVPN instance, the rpd might crash after changing EVPN related configuration (such as set the encapsulation as vxlan or delete label-allocation scheme). |
PR Number | Synopsis | Category: EX Chassis Interface Handling |
1441035 | The EX ports might stay in up state even if the EX46XX/QFX51XX series device is rebooted Product-Group=junos |
With DAC cable used between EX46XX/QFX51XX series device and EX device, during rebooting the EX46XX/QFX51XX series device, the ports on EX device might still stay up. |
PR Number | Synopsis | Category: Issues related to EX MACsec |
1469663 | Traffic loss might be seen with framing errors or runts if MACsec is configured on EX4600/QFX5100 platforms Product-Group=junos |
On EX4600/QFX5100 platforms with Media Access Control Security (MACsec) configured, if there is traffic flowing through the MACsec enabled link, increasing framing errors or runts statistics might be seen in the output of "show interfaces extensive <>" for the affected interface. Traffic loss might also happen due to this issue. |
PR Number | Synopsis | Category: Express PFE CoS Features |
1450265 | CoS classification does not work on QFX10K Product-Group=junos |
On QFX10K platforms, under the scale scenario more than 500 AE IFLs, if the classifier configuration frequent churns or link flaps, the CoS classification will not work on the impacted interfaces. |
PR Number | Synopsis | Category: Express PFE FW Features |
1448778 | Egress sampling for sflow might stop working for more than 8 interfaces on PTX platforms Product-Group=junos |
On PTX platforms, if sflow is configured on more than 8 interfaces, egress sampling might stop working due to this issue. |
1462634 | The sample/syslog/log action in output firewall filter with packet of size less than 128 might cause ASIC wedge (all packet loss) on PTX platforms Product-Group=junos |
On PTX platforms, if output firewall filter is configured with sample/syslog/log action, the host interface might get wedged for packets with lengths 0-128 including Layer 3 headers. |
1470385 | Incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands Product-Group=junos |
On PTX1000/PTX3000/PTX5000/PTX10000/PTX9000/QFX10000, sending hostpath traffic and check the ddos statistics might lead to incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands |
PR Number | Synopsis | Category: Express PFE Services including JTI, TOE, HostPath, Jflow |
1445585 | Receipt of a malformed packet for J-Flow sampling might create a FPC process core. Product-Group=junos |
Receipt of a malformed packet for J-Flow sampling might create a FPC process core. |
PR Number | Synopsis | Category: Express PFE L2 fwding Features |
1442587 | The PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb Product-Group=junos |
Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact. |
1446291 | On QFX10K platforms removing EVPN-VXLAN L3 Gateway on the IRB interface from spine switches might cause black holing of traffic Product-Group=junos |
On QFX10000 platforms and EVPN-VXLAN (spine-leaf) scenario, the QFX10000 spine switches are configured with VXLAN Layer3 gateway (utilizing the virtual-gateway) on an IRB interface, if enabling and then subsequently remove the VXLAN L3 gateway on this IRB interface on one or some of these spine switches, traffic drop might be observed. If all virtual-gateways are configured with an unique v4 or v6 mac-address, this issue would not happen. This is also the workaround. |
PR Number | Synopsis | Category: Enhanced Broadband Edge support for firewall |
1463420 | The subscribers might not pass traffic after doing some changes to the dynamic-profiles filter Product-Group=junos |
On MX platform, with enhanced subscriber enabled, if doing some changes to a dynamic-profiles filter, the subscribers built on the filter might no longer forward traffic. |
PR Number | Synopsis | Category: SRX1500 platform software |
1452137 | Hardware failure is seen on both nodes in show chassis cluster status. Product-Group=junosvae |
On the SRX1500 and SRX4xxx platforms, the management interface fxp0 down triggers a major alarm and cause hardware monitoring in jsrpd. |
PR Number | Synopsis | Category: PTX Express ASIC interface |
1412126 | PTX interface stays down after maintenance Product-Group=junos |
On PTX3000/PTX5000 linecard (QSFP28-100GBASE-LR4) interface may stay down after software upgrade. Issue is usually observed on links connected to another vendors equipment. |
PR Number | Synopsis | Category: idp flow creation, deletion,notification, session mgr intfce |
1444043 | SNMP queries might cause commit or show command to fail due to IDP. Product-Group=junos |
On SRX Series devices, commit or show command for IDP might not work if SNMP queries are run when large-scale IDP is used. |
PR Number | Synopsis | Category: IDP policy |
1420787 | NSD fails to push security zone to the Packet Forwarding Engine after reboot, if there is an active IDP rule configured with FQDN. Product-Group=junos |
NSD fails to push security zone to PFE after reboot, if there is active IDP rule configured with FQDN |
PR Number | Synopsis | Category: Signature Database |
1466283 | Updating the IDP security package offline might fail in SRX Series devices. Product-Group=junos |
Rogue .gz files in /var/tmp/sec-download/ might fail offline secpack update. |
PR Number | Synopsis | Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip |
1463368 | JDI-RCT:ACX/AMX:MemLeak:Backport jemalloc profiling CLI support to all releases where jemalloc is present. Product-Group=junos |
Backport jemalloc profiling CLI support to all releases where jemalloc is present. |
PR Number | Synopsis | Category: Inline NAT PRs for defect & enhancement requests |
1446267 | The static route for NAT might never come up if switchover the service interface which has NAT and GR configuration Product-Group=junos |
On MX platform, when switchover a service interface that has NAT and GR configuration, the static route for NAT might never come up. |
PR Number | Synopsis | Category: Kernel software for AE/AS/Container |
1474300 | A newly added LAG member interface might forward traffic even though its micro BFD session is down Product-Group=junos |
On all Junos platforms, if a static Link Aggregate Group (LAG) is configured, and Bidirectional Forwarding Detection (BFD) is enabled on the LAG which is also called as micro BFD, a newly added member link might start to forward traffic immediately when the configuration change commits even though its micro BFD session is still down, for example, add a new member interface only on single end, and the remote member interface is disabled or not added. Therefore, traffic loss might be seen due to this issue. |
PR Number | Synopsis | Category: Optical Transport Interface |
1467712 | "MIC Error code: 0x1b0002" alarm might not be cleared for MIC on MPC5E when the voltage has returned to normal Product-Group=junos |
The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC5. |
PR Number | Synopsis | Category: Integrated Routing & Bridging (IRB) module |
1484964 | VLAN creation failure might be seen on QFX-series platforms with scaled VLAN and L3 configuration Product-Group=junos |
On QFX platforms with scaled VLAN and L3-interface configuration setup, when the VLANs are deleted and added back quickly, the newer VLANs might not get created successfully. |
PR Number | Synopsis | Category: ISIS routing protocol |
1455432 | The rpd might crash continuously due to memory corruption in ISIS setup Product-Group=junos |
With ISIS configured and in a very rare case, memory corruption may occur, this may cause rpd crash continuously. |
PR Number | Synopsis | Category: jdhcpd daemon |
1442222 | The jdhcpd process might go into infinite loop and cause 100% CPU usage Product-Group=junos |
When DHCP is configured, if subscribers are moved from one routing-instance to another or if the subscribe is deleted and re-added, the jdhcpd process might go into infinite loop and cause 100% CPU usage. |
1459925 | DHCP packet might not be processed correctly if DHCP option 82 is configured Product-Group=junos |
In Dynamic Host Configuration Protocol (DHCP) scenario, an zero length sub-option of the option 82 in DHCP DISCOVER message might not be processed correctly causing other DHCP options from DHCP DISCOVER message to be mis-processed as well. This issue has service impact. |
1464267 | The repd process is not working in Junos releases 18.2R3-S1 and 18.2R2-S5 on some low-end Junos platforms Product-Group=junos |
In Junos releases 18.2R3-S1 and 18.2R2-S5, on some low-end Junos platforms which have only 4G RAM (Random Access Memory ) memory or smaller (e.g. all low-end SRX), the repd process is not working. The issue results in the subscriber services like DHCP (Dynamic Host Configuration Protocol), authentication can't be synchronized to the standby RE (Routing engine). In this case, if upgrade/GRES (Graceful Routing Engine Switchover) is performed, the synchronization between the REs via the repd process fails, which results in subscriber services like DHCP, authentication can't work on the new RE after the upgrade/GRES. There is no restoration for the repd process. However, the service affected by the repd synchronization can be recovered by restart the service or reboot the device. |
1465964 | The ISSU might fail during subscriber inflight login is happening Product-Group=junos |
On the MX platform with the DHCP subscriber scenario, if subscriber logging in is happening during the ISSU process, the ISSU failure might be observed. |
PR Number | Synopsis | Category: Adresses ALG issues found in JSF |
1474942 | The flowd or srxpfe process might stop when an ALG creates a gate with an incorrect protocol value. Product-Group=junos |
On SRX chassis clusters, when an ALG creates gate with incorrect protocol value, the flowd/srxpfe process might crash on one node. This issue might happen in the situation that an ALG receives a corrupted RTO message on secondary node. It might affect the traffic. |
1483834 | FTPS traffic might get dropped on SRX/MX platforms if FTP ALG is used Product-Group=junos |
On SRX/MX platforms with FTP ALG enabled, if there are more than one FTPS connection between a pair of FTP client and server, the closure of one connection might cause other connections between that pair of FTP client and server to be affected, hence there might be traffic impact. It is a rare timing issue. |
PR Number | Synopsis | Category: Adresses NAT/NATLIB issues found in JSF |
1471932 | The flowd or srxpfe process might stop when traffic is processed by both ALGs and NAT. Product-Group=junos |
The flowd or srxpfe process might stop when traffic is processed by both ALGs and NAT. |
PR Number | Synopsis | Category: To track issues related to jsf tcp proxy |
1467351 | The jbuf process usage might increase up to 99 percent after Junos OS upgrade. Product-Group=junos |
An SRX's jbuf usage may become higher after a Junos upgrade, resulting in warning logs and possible jbuf exhaustion. This may lead to traffic loss. |
PR Number | Synopsis | Category: Firewall Authentication |
1457570 | The same source IP sessions are cleared when the IP entry is removed from the UAC table. Product-Group=junos |
Same-source IP sessions are cleared when the IP entry is removed from the UAC table. |
PR Number | Synopsis | Category: Flow Module |
1462825 | The tunnel packets might be dropped because gr0.0 or st0.0 interface is wrongly calculated after a GRE or VPN route change Product-Group=junos |
On SRX Series device, MTU is wrongly calculated in a gr0.0 or st0.0 interface after a GRE or VPN route change. If the command do-not-fragment is configured and the packet is bigger than the MTU, the packet might be dropped. |
PR Number | Synopsis | Category: High Availability/NSRP/VRRP |
1468441 | IP monitoring might fail on the secondary node. Product-Group=junos |
IP-monitoring might stop working on secondary node when many instances of IP monitoring are configured on RG(redundancy group)/ RETH(Redundant Ethernet interface). If primary node goes down, failover will not happen which might cause traffic loss. |
PR Number | Synopsis | Category: JSR Infrastructure |
1450545 | Traffic loss might occur when there are around 80,000 routes in FIB. Product-Group=junosvae |
On SRX1500 platform, when there are around 800K routes in forwarding information base (FIB), traffic loss might occur and abnormal error messages of some CLI commands would appear due to lack of memory on packet forwarding engine (PFE). This issue has traffic impact. |
PR Number | Synopsis | Category: Firewall Network Address Translation |
1443345 | On SRX5000 line of devices with SPC3 card, when using source NAT, under high traffic load, a small fraction of TCP-SYN packets may be dropped due to the source NAT port failing to be allocated. Also, the NAT pool resources may leak over time. Product-Group=junos |
In SRX5K cluster environment, when using source NAT, after RG1 failover, a small fraction of TCP-SYN packets might be dropped due to the source NAT ports failing to be allocated, and the NAT pool resource may leak over time. If all NAT pool resource leaked, new NAT session cannot be installed. |
1457904 | Packet loss is observed when multiple source NAT pools and rules are configured Product-Group=junos |
On the SRX5000 platforms with SPC2 installed, the device may experience packet loss or a flowd coredump when multiple source NAT pools and rules are configured. |
1479824 | Issuing the show security nat source paired-address command might return an error. Product-Group=junos |
On the SRX series platforms with source NAT configuration, issuing the command "show security nat source paired-address ..." may return an error, which is not expected. It's a corner case, and not reproduced all the time. |
PR Number | Synopsis | Category: Firewall Policy |
1453852 | Security policies cannot synchronize between Routing Engine and Packet Forwarding Engine on SRX Series devices. Product-Group=junos |
On all SRX platforms, in a very rare condition, security policies do not be synchronized between RE and PFE. This issue might cause traffic loss. |
1471621 | The count option in security policy does not take effect even if the policy count is enabled. Product-Group=junos |
On SRX Series devices that have a security policy counter deployed, the count option in the security policy might not work. As a result, issuing show security policies <> detail might not print traffic statistics for the security policy. |
PR Number | Synopsis | Category: IPSEC/IKE VPN |
1405840 | The IKE and IPsec configuration under groups is not supported. Product-Group=junos |
On SRX5400, SRX5600, SRX5800 devices with SPC3, occasionally, if an IKE or IPSec configuration (under groups hierarchy) change is done for one IKE gateway, the tunnel may be cleared for unrelated IKE/IPSec gateway. |
1421905 | The VPN tunnel might flap when IKE and IPsec rekey happen simultaneously. Product-Group=junos |
The VPN tunnel might flap in a corner case scenario (when IKE and IPsec rekey happen simultaneously). |
1423821 | Old tunnel entries might be observed in the output of show security IPsec or IKE SA. Product-Group=junos |
On SRX and MX platforms, old tunnel entries might be observed in the output of show security IKE/IPSEC security-associations after the IKE gateway configuration changes and new SA session is established. There is minor impact as old tunnel entries are getting deleted after 1-2 mins interval. No impact on traffic. |
1433343 | IPSec rekey trigger does not work when sequence number gets exhausted on SRX5K platforms with SPC3/SPC2 Product-Group=junos |
On SRX5400, SRX5600 or SRX5800 with SPC3/SPC2, if traffic goes through an IPSec tunnel and sequence number gets exhausted in packets, it does not trigger IPSec rekey to generate new SA. IPSec traffic might be dropped due to anti replay window mismatch. |
PR Number | Synopsis | Category: Security platform jweb support |
1464110 | IPv6 address objects containing a,b,c,d,e can't be configured via J-Web Product-Group=junos |
When configuring IPv6 address objects under Configure>Security>Objects>Zone Addresses>Addresses/Address-sets via J-web, address objects containing a,b,c,d,e can't be configured. The issue might impact IPv6 service deployment. Please configure address objects containing a,b,c,d,e via CLI command to avoid this issue. |
PR Number | Synopsis | Category: issues related to RPD sensors including LSP |
1449837 | Changing the hostname will trigger lsp on -change notification, not an adjacency on-change notification. Also, currently ISIS is sending host-name instead of system-id in OC paths. Product-Group=junos |
Currently ISIS is sending system host-name instead of system-id in OC paths in lsdb or Adjacency xpaths in periodic streaming and on-change notification. |
PR Number | Synopsis | Category: Layer 2 Circuit issues |
1464194 | The l2circuit connections might be stuck in OL state after changing the l2circuit community and flapping the primary LSP path Product-Group=junos |
In l2circuit scenario with community configured, when the community for l2circuit is changed from X to Y to go via a different LSP, the l2circuit connections might be stuck in "OL" state if there is a flap in the primary LSP path. |
PR Number | Synopsis | Category: Layer 2 Control Module |
1469635 | Memory leak on l2cpd process might lead to l2cpd crash Product-Group=junos |
On all Junos platforms with l2cpd (Layer-2 control protocols) daemon, committing configuration changes which are processed by l2cpd (e.g., flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, family ethernet-switching) might cause marginally memory leak. Committing the l2cpd processed configuration changes in a successive manner might cause the memory resource exhaustion (Some operations have the same effect as the committing action, e.g., bouncing a vlan-tagged interface in a successive way). Eventually, it could result in the l2cpd process crash. |
1473610 | ERP might not come up properly when MSTP and ERP are enabled on the same interface Product-Group=junos |
When both MSTP and ERP are enabled on the same interface, then ERP will not come up properly. |
PR Number | Synopsis | Category: Layer2 forwarding on EX/NTF/PTX/QFX |
1468732 | MAC address might not be learned on a new extended port after VMotion in Junos Fusion Data Center environment. Product-Group=junos |
In Junos Fusion Data Center environment, when a VM is moved from one satellite port to another using VMotion, MAC address of VM might not move to new satellite port in Aggregate Device's switching table. |
1484468 | Packet loss might be observed after device rebooted or l2ald restarted in EVPN-MPLS scenario Product-Group=junos |
In EVPN-MPLS scenario, if the core-facing interface (mpls interface) and the CE-facing interface are on different PEs, and the traffic from core is not continuous and DMAC (Dynamic MAC) ages out, due to an incorrect flood next-hop programming across different PFEs, packet loss might be observed after device rebooted or l2ald restarted. |
PR Number | Synopsis | Category: L2TP service related issues |
1472775 | MX L2tp LTS fails to forward the agentCircuitId and agentRemoteId AVP towards the LNS Product-Group=junos |
MX L2tp LTS fails to forward the agentCircuitId and agentRemoteId AVP received from the LAC towards the LNS. |
PR Number | Synopsis | Category: Label Distribution Protocol |
1428843 | The LDP might withdraw a label for an FEC once the IGP route is inactive in inet.0 Product-Group=junos |
If LDP is used without using egress-policy, when the route from other routing protocol is preferred over the IGP route in inet.0, e.g. BGP-LU route exported in inet.0, LDP might withdraw the FEC label hence causing LDP traffic to get lost. |
PR Number | Synopsis | Category: mc-ae interface |
1447693 | The l2ald might fail to update composite NH Product-Group=junos |
This is a timing issue where the l2ald receive underlay NH from rpd as part of LSI IFF ADD (VPLS core NH) and creates flood NH. Due to a flap at local IFL or core (VPLS etc.), the l2ald receives multiple LSI IFF Add and Delete in some order. In some sequence where rpd delete underlay NH from Kernel Forwarding table but the l2ald still create flood NH with this underlay NH, because IFF delete is yet to be received at the l2ald, so l2ald might fail to update Composite NH. This is generic L2 issue and can happen without mc-ae. |
PR Number | Synopsis | Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS) |
1429797 | Extended Ukern thread(PFEBM task) priority to support BBE performance tuning Product-Group=junos |
Original PFEBM task, which is system-critical for internal network performance/resilience, was running a medium priority; Can see tnp queue errrors by 'show pfebm all' on VCP-bearing FPC when high rate of punt traffic (like ARPs or BGP route updates, etc.) which go through VC links. It needs to run at high priority to assure timely packet handling. |
PR Number | Synopsis | Category: Multiprotocol Label Switching |
1445024 | The rpd memory leak might be seen when the inter-domain RSVP LSP is in down state Product-Group=junos |
In inter-domain RSVP (Resource Reservation Protocol) LSP (Label-switched Path) scenario, the rpd memory leak might be seen when the CSPF (Constrained Shortest Path First) tries to recompute the path for the "down" LSP which is due to no route or ERO is incorrectly configured. The issue might lead to rpd crash when the rpd is out of memory and results in traffic loss. |
1465902 | The device may use the local-computed path for the PCE-controlled LSPs after link/node failure Product-Group=junos |
In a Path Computation Element Communication Protocol (PCEP) scenario where the link/node protection is enabled, the PCE-controlled LSPs may shift to the local-computed path after link/node failure upon path retry processing. |
PR Number | Synopsis | Category: Multicast Routing |
1443713 | PIM (S,G) joins can cause MSDP to incorrectly announce source active messages in some cases Product-Group=junos |
In the event of a network running: 1) a first-hop PIM router also being a rendez-vous point (RP); and 2) anycast RP in conjunction with MSDP; and 3) any-source multicast; and 4) a PIM last-hop router sending an (S,G) join when there is no traffic in the network matching the source and group, the first-hop RP will incorrectly send MSDP source-active messages to other MSDP peers. In other cases such as when the RP is not the first-hop PIM router, the traffic source needs to originate packets before the RP would originate MSDP source-active messages. |
1470183 | The mcsnoopd might crash when the STP moves the mrouter port to the blocked state Product-Group=junos |
On ACX, EX, QFX, NFX and SRX platform, when IGMP snooping is enabled and a logical interface (IFL) of mrouter port is in blocked state by Spanning Tree protocol (STP), removal of the IFL might get stuck in Kernel routing table (KRT), which causes mscnoopd crash. Traffic loss will happen during mscnoopd self-restart. |
PR Number | Synopsis | Category: Multicast for L3VPNs |
1442054 | Memory leak might happen if PIM messages received over an MDT (mt- interface) in Draft-Rosen MVPN scenario Product-Group=junos |
On all Junos platforms configured in the Draft-Rosen Multicast Virtual Private Network (MVPN) scenario, if Protocol Independent Multicast (PIM) messages are received over an Multicast Distribution Tree (MDT) tunnel logical interface (mt- interface), there might be memory leak which will lead to the rpd process crash. |
1469028 | The rpd might crash when "link-protection" is added/deleted from LSP for MVPN ingress replication selective provider tunnel Product-Group=junos |
In MVPN scenario with ingress replication selective provider tunnel used, if the knob "link-protection" is added/deleted from the LSP for MVPN, rpd crash might be seen. The reason is that when link-protection is deleted, the ingress tunnel is not deleted, and when link link-protection is added back, it tries to add same tunnel, hence the rpd asserts as same tunnel exists. Finally the rpd core might be seen. |
PR Number | Synopsis | Category: Track Mt Rainier SPMB platform software issues |
1460992 | Hardware failure in CB2-PTX causes traffic interruption Product-Group=junos |
In PTX 3000/5000 platforms with CB2-PTX (Control Board), there is an existence of an errata on a clock signal component manufactured by a third-party supplier, which might cause the Switch Processor Mezzanine Board (SPMB) and Switch Interface Boards (SIBs) failure, eventually, traffic will be interrupted. |
PR Number | Synopsis | Category: build tools |
1290089 | jcrypto syslog help package and events are not packaged even when errmsg is compiled Product-Group=junos |
jcrypto syslog help package and events are not packaged even when errmsg is compiled properly. Several of the KMD help syslog entries are missing |
PR Number | Synopsis | Category: FreeBSD Kernel Infrastructure |
1427233 | The duplex status of management interface might not be updated in the output of show command Product-Group=junos |
On all Junos platforms that are upgraded to Junos OS Release 15.1 onward, when the duplex setting is changed on the management interface (for example, fxp0/em0), the duplex status of the management interface might not be updated in the output of the "show interface <>". |
1442376 | EX2300 platforms might stop forwarding traffic or responding to console Product-Group=junos |
On EX2300/EX2300-C platforms, if Junos OS is with FreeBSD kernel version 11 with the build date on or after 2019-02-12, the switch might stop forwarding traffic or responding to console. A reboot is required to restore the service. |
1450093 | EX4300 : CLI config "on-disk-failure" is not supported Product-Group=junos |
On an EX4300 switch, the CLI configuration "set chassis routing-engine on-disk-failure disk-failure-action (reboot | halt)" is not supported. |
1454950 | EX switches might not come up properly upon reboot Product-Group=junos |
EX switches might not come up properly upon reboot due to the date not been set up. |
1469400 | EX3400 might reboot because of lack of watchdog patting Product-Group=junos |
On EX3400, if watchdog pat did not happen within stipulated time and it might reboot automatically with "0x2:watchdog" as reboot reason. |
PR Number | Synopsis | Category: Kernel MPLS / Tag / P2MP Infrastructure |
1478806 | Kernel crash and device restart might happen Product-Group=junos |
In a corner case on Junos platform, where the family ccc is configured along with any other existing family within the same interface, like inet, inet6, etc. (basically, Junos never allows to do so, but somehow a customer did it ). And if the family ccc is deleted from the interface, which might cause kernel crash and the device reboot automatically, so all the traffic will be interrupted. |
PR Number | Synopsis | Category: Kernel socket data replication issues for protocols that use |
1472519 | The kernel may crash and vmcore may be observed after configuration change is committed Product-Group=junos |
On all Junos platforms, after committing the configuration change (e.g. removal of protocols like mpls, isis, ldp from the interfaces), then the kernel may crash and vmcore may be observed. This issue also may cause protocol adjacency failure. |
PR Number | Synopsis | Category: TCP/UDP transport layer |
1449664 | FPC might reboot with vmcore due to memory leak Product-Group=junos |
On all Junos platforms, if the device is up for a long period (e.g. several weeks or months), there might be a slow memory leak happening in some error scenarios where an application tries to send some data on a stale TCP socket (e.g. short-lived TCP connections used by the mgd process), and this issue might lead to FPC reboot with vmcore files. |
PR Number | Synopsis | Category: OSPF routing protocol |
1444728 | The rpd crash might be seen after configuring OSPF nssa area-range and summaries Product-Group=junos |
In the scenario of running OSPF, if nssa area-range and summaries are configured, the rpd crash may occur and traffic may be lost. |
1463535 | Install all possible next-hops for OSPF network LSAs Product-Group=junos |
For each network lsa, OSPF code fetches the first router lsa link and adds the only one candidate as route. Now the code is updated to fetch all the router lsa link, present in network lsa. |
PR Number | Synopsis | Category: PTX Broadway based PFE MPLS-LSPs RSVP VPNs tcc ccc software |
1484255 | FPC might crash when dealing with invalid next-hops Product-Group=junos |
On PTX3000/PTX5000 platform with some specific FPCs, if the weights of links are set to an invalid value on an AE bundle interface or unilist (an unilist next-hop composed of several unicast next-hops), the FPC crash might be observed. It is a rare issue and the FPC will try to reload to resolve this problem. Traffic loss might be seen before the FPC completes the reload period. |
PR Number | Synopsis | Category: Periodic Packet Management Daemon |
1448670 | The connection between ppmd (RE) and ppman (FPC) might get lost due to session timeout Product-Group=junos |
Under certain circumstances such as JUNOS VM freeze at the Routing Engine, ppmd to ppman connection might be closed if the session timeout is greater than 3 seconds in either direction. This might lead to flapping of distributed ppm protocol adjacency such as lacp/mBFD. |
PR Number | Synopsis | Category: PTP related issues. |
1408178 | QFX5k : Transit traffic loss when one of LAG child interfaces deleted or deactivated Product-Group=junos |
Traffic does not pass through LAG interface on QFX5k once deleted or deactivated one of child interfaces though LAG interface is UP state. At that time, invalid vlan tag will be added to traffic. |
PR Number | Synopsis | Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI |
1462582 | "entPhysicalTable" MIB is not fetching expected data on QFX10002-72Q / 36Q platforms Product-Group=junos |
"entPhysicalTable" MIB is not fetching expected data on QFX10002-72Q / 36Q platforms |
1462582 | "entPhysicalTable" MIB is not fetching expected data on QFX10002-72Q / 36Q platforms Product-Group=junosvae |
"entPhysicalTable" MIB is not fetching expected data on QFX10002-72Q / 36Q platforms |
PR Number | Synopsis | Category: Interface related issues. Port up/down, stats, CMLC , serdes |
1440062 | The EX4600/QFX5100 VC might not come up after replacing VC port fiber connection with DAC cable Product-Group=junos |
On the EX4600/QFX5100 virtual chassis scenario, the VC may split after replacing VC port fiber connection with DAC cable. |
1449406 | CRC error might be seen on the VCPs of the QFX5100 VC Product-Group=junos |
In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC. |
1449406 | CRC error might be seen on the VCPs of the QFX5100 VC Product-Group=junosvae |
In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC. |
1465302 | The physical interface of AE (Aggregated Ethernet) might take time to come up after disable/enable Product-Group=junos |
On Junos platforms, the physical interface of AE might come up after a long delay (4 mins) if there are millions of bgp routes learnt on the device. This delay is happening because PFE Manager thread is busy processing the routing updates from RE. These routing updates are the result of AE interface going down at the first step of disabling the interface. |
PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
1409448 | The 10G fiber interfaces might flap frequently when they are connected to other vendor's switch Product-Group=junos |
When QFX5100 and other vendor's switch are connected via 10G fiber link, flaps may happen sometimes. |
1419732 | "show interface" indicates "Media type: Fiber" on QFX5100-48T running "QFX 5e Series" image Product-Group=junos |
"show interface" indicates "Media type: Fiber" on QFX5100-48T running "QFX 5e Series" image. This is a display issue. Physical interface: xe-0/0/0, Enabled, Physical link is Down Interface index: 650, SNMP ifIndex: 515 Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Link-mode: Auto, Speed: Auto, BPDU Error: None, Loop Detect PDU Error: None, Ethernet-Switching Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Auto-negotiation: Disabled, Remote fault: Offline, Media type: Fiber <<<<<< Here!! Should be "Copper" Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x4000 Link flags : None |
1454527 | Dcpfe should crash because usage of data is not NULL terminated on QFX5K Product-Group=junosvae |
The dcpfe crash is due to usage of data which is not NULL terminated on QFX5K. |
1457456 | Over temperature SNMP trap messages are shown up after update even though the temperature are within the system thresholds Product-Group=junos |
EX2300 and QFX series switches generate SNMP trap for high temperature after upgrading to any of the affected Junos software. This is due to a temperature threshold value being set incorrectly in the software, SNMP false trap related to temperature gets generated and results in "over temperature" logs. |
1465183 | PEM is not present spontaneously on QFX5210 Product-Group=junosvae |
On QFX5210 platforms, due to a firmware issue on the power supplies (PEMs) of the switch, the routing engine may spontaneously misread the status registers of a power supply. This produces erroneous messages of PEM not present. Although the power supply is present and can deliver power, the system may then deactivate the power supply believing it not to be present. |
1466810 | EPR iCRC errors in QFX10000 series platforms might cause protocols down Product-Group=junos |
EPR iCRC errors in QFX10000 series platforms might cause protocols down. FPC will be in wedged state and will not pass traffic on that PFE if hitting this issue. EPR iCRC errors are normal and caused by transient hardware conditions. EPR iCRC errors are not expected to impact the protocols, and only one CRC failed packet will be dropped. But due to incorrect handling of this error, it affects protocols and causes FPC wedge. |
1471216 | The speed 10m might not be configured on the GE interface Product-Group=junos |
On QFX5100 and EX4300 mixed-mode Virtual Chassis, the speed 10m might not be configured on the GE interface. |
PR Number | Synopsis | Category: QFX platform optics related issues |
1457266 | QFX5110 QSFP-100GBASE-SR4 made by Avago cannot linkup Product-Group=junos |
On QFX5110, interface on QSFP-100GBASE-SR4 whose Xcvr vendor is Avago on the QFX side cannot linkup, FEC errors might be seen on the other side. |
PR Number | Synopsis | Category: QFX access control list |
1464883 | QFX5100-24Q: not able to apply dscp rewrite to firewall filter to a Layer 3 subinterface (e.g. xe-0/0/0.100) Product-Group=junos |
When you try to apply a firewall filter that contains a "then dscp" action to a Layer 3 inet subinterface, you will get an error when trying to commit. Applying the same filter to an IRB interface succeeds as does applying the same filter to a Layer 3 subinterface on QFX5100-48S. |
PR Number | Synopsis | Category: QFX PFE Class of Services |
1468033 | Ingress drops to be included at CLI from interface statistics and added to InDiscards Product-Group=junos |
In QFX5000 platforms, as Ingress buffer drops (InDiscards) field is not presented the output of "show interfaces extensive x-x/x/x". This change added ingress buffer drops counters. |
PR Number | Synopsis | Category: DHCP related Issues |
1459499 | The lightweight DHCPv6 relay agent functionality might be broken on QFX5K platforms Product-Group=junos |
On QFX5K platforms, the Lightweight DHCPv6 Relay Agent (LDRA) functionality might be broken. Due to this issue, when light-weight-dhcpv6-relay is configured under dhcp-security hirachy, dhcp-security ipv6 binding might be stuck at "WAIT" state and get cleared later. |
PR Number | Synopsis | Category: Filters |
1462594 | The fxpc process might core-dump when changing MTU in a VXLAN scenario with firewall filters applied on QFX5K platforms Product-Group=junos |
On the QFX5K VC/VCF platform with firewall filters applied on VXLAN enabled interface, the fxpc process might crash when changing MTU for the interface. |
1480776 | ARP request packets for unknown host might get dropped in remote PE in EVPN-VXLAN scenario Product-Group=junos |
In EVPN-VXLAN environment, when local CE sends ARP request packets for unknown host, the packets will hit firewall-host queue in remote PE. It might trigger DDoS protection policer violations for firewall-host queue hence the ARP request packets might get dropped. |
PR Number | Synopsis | Category: for all ipv6 related issues |
1459759 | The fxpc process might crash due to several BGP IPV6 session flaps Product-Group=junos |
On QFX5100 and EX4600 platforms, the fxpc (packet forwarding engine manager) process might crash when multiple BGP IPV6 sessions (for instance around 500) are flapped and then restored at the same time. |
PR Number | Synopsis | Category: QFX L2 PFE |
1473685 | The RIPv2 packets forwarded across a L2circuit connection might be dropped Product-Group=junos |
When RIPv2 routes are received on a QFX5100/EX4600 platforms, either to or from an L2 circuit connection, such packets are not propagated. This includes directed unicast RIPv2 packets. |
1474545 | Continuous error log messages might be raised on QFX5K platforms in EVPN/VXLAN scenario Product-Group=junos |
In EVPN-VXLAN scenario, when an SP style interface is configured both with native-vlan-id and LLDP on QFX5000 platforms, continuous log messages might be observed. |
PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
1456336 | Link up delay and traffic drop might be seen on mixed SP L2/L3 and EP L2 type configs Product-Group=junos |
This PR includes three issues. First one: When Layer3 IFL (logical interface) is configured first and then Layer2 IFL is configured, MAC move might not happen. Second one: On Vxlan setup with large number of child interfaces, link up delay is seen. Third one: In case of VLAN setup with Enterprise/Service Provider L2 and L3 type configs, when all the configs are done in single commit statement then the traffic might not be forwarded. |
PR Number | Synopsis | Category: QFX MPLS PFE |
1469998 | If continuous interface flaps at ingress/egress of PE devices, IP routed packets might be looped on the MPLS PHP node Product-Group=junos |
On QFX5K platform, when MPLS node-link-protection is configured on all nodes (PE and P device), the IP routed packets might be looped on the MPLS PHP node (P device) if continuous interface flaps at ingress/egress of PE devices. |
1474935 | L2circuit might fail to communicate via VLAN 2 on QFX5K platforms Product-Group=junos |
On QFX5K platforms acting as L2circuit PE (tunnel terminating node), if VLAN 2 is used for L2circuit communication with CE node, the VLAN 2 packets might be dropped on PE. |
PR Number | Synopsis | Category: QFX EVPN / VxLAN |
1463939 | JDI-RCT : QFX 5100 VC/VCF : Observing Error BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: while cleanup Evpan-VxLAN configs with Mini-PDT base configurations Product-Group=junos |
On QFX5100, Error BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: may come while cleanup Evpn-VxLAN configs. These are harmless messages. |
PR Number | Synopsis | Category: QFX VC Infrastructure |
1465196 | A 10G interface might not come up on QFX5100-48T switches or negotiate at speed 1G when connected with Broadcom 57800-T daughter card Product-Group=junos |
On QFX5100-48T, the 10G interface might not come up or negotiate at the speed of 1G with Broadcom 10G 57800-T daughter card. In the issue state, speed will be set to 1G which might make the interface down and result in traffic impact. |
1478905 | The default VC MAC persistence timer is incorrectly set to 20 seconds instead of 20 minutes Product-Group=junos |
In QFX5200-32C, QFX5110 VC (Virtual Chassis) scenario, the default VC MAC (Media Access Control) persistence timer is incorrectly set to 20 seconds instead of 20 minutes. If the master VC member is rebooted, the new master member starts using its own MAC address as the system's MAC base address after only 20 seconds instead of 20 minutes. This results in issues like OSPF (Open Shortest Path First) stuck in "init" state after the master VC member reboot. |
PR Number | Synopsis | Category: QFX VCCP |
1454343 | Master FPC might come up in master state again after reboot instead of backup Product-Group=junos |
In QFX5110-32Q VC with 100G VCP links, if the master switch with the lowest MAC address reboot, it might come up in the master state again instead of backup. This can have outage around ten minutes and packets loss. |
PR Number | Synopsis | Category: Routing Information Protocol |
1485009 | The rpd crashes if the same neighbor is set in different RIP groups Product-Group=junos |
If the same neighbor is configured under different RIP groups, the commit check fails to capture this invalid configuration and commit can be done successfully. However the rpd will crash. |
PR Number | Synopsis | Category: rosen-6 and rosen-7 mvpn bugs |
1405887 | The CLI command "show pim mdt data-mdt-limit instance " with family option might cause CPU usage of rpd high Product-Group=junos |
In draft-rosen MVPN scenario with data-mdt, if performing the CLI command "show pim mdt data-mdt-limit instance ", The output might go in loop and the rpd process might use high CPU. |
PR Number | Synopsis | Category: KRT Queue issues within RPD |
1402569 | JUNOS rpd core seen after couple of config rollback event from baseline config to pdt profile config Product-Group=junos |
JUNOS RPD core seen after multiple configuration rollback events from baseline config to configuration with large BGP+IGP configuration. In certain events, a change in import policy or resolution rib at the same time when BGP peer is shutting down can cause inconsistencies in Next-Hop entries, in causing RPD process coredump. |
PR Number | Synopsis | Category: RPD Next-hop issues including indirect, CNH, and MCNH |
1441550 | The rpd may crash or consume 100% of CPU after flapping routes Product-Group=junos |
When flapping the existed flood nexthop type routes, it may cause rpd crash or consume 100% of CPU. This issue may cause routing protocols sessions/neighbors flap or traffic loss. |
PR Number | Synopsis | Category: RPD policy options |
1453439 | Routes resolution might be inconsistent if any route resolving over the multipath route Product-Group=junos |
On all Junos platforms, any route resolving over the multipath routes, one scenario is BGP over BGP. After the metric value of any PNH (refers to the second PNH and using it to performing the second time next-hop resolving) changes, meanwhile, if the hash-selection changes happened, it might result in routes resolution inconsistency. Traffic drops could be observed if the packages are still forwarding to the old PNH (Protocol Next Hop). Any recursive resolving multipath scenario might trigger this issue. |
1476530 | Support for dynamic tunnels on SRX Series devices was mistakenly removed. Product-Group=junos |
Support for dynamic-tunnels on SRX-Series devices was mistakenly removed. |
PR Number | Synopsis | Category: RPD route tables, resolver, routing instances, static routes |
1459384 | The rpd memory leak might be observed on backup routing engine due to BGP flap Product-Group=junos |
In a BGP scenario when certain routes are flapping frequently, it could lead to rpd memory leak on backup Routing Engine. The rpd might crash and restart once the rpd runs out of memory for certain junos releases. |
PR Number | Synopsis | Category: show route table commands, tracing, and syslog facilities |
1421076 | RPD crash might occur when changing prefix list address from IPv4 to IPv6 Product-Group=junos |
RPD crash might occur when changing prefix list address from IPv4 to IPv6 Configure IPv4 prefix-list: set policy-options prefix-list PREFIX_LIST 10.0.0.0/24 Configure a policy that has "then next policy" term: set policy-options policy-statement POLICY term PREF from prefix-list PREFIX_LIST set policy-options policy-statement POLICY term PREF then next policy set policy-options policy-statement POLICY term END then reject commit Note: If a terminating action is used for term PREF (such as "then accept"/"then reject") the core does not appear. Change prefix-list using "replace-pattern" [edit policy-options prefix-list PREFIX_LIST] replace pattern 10.0.0.0/24 with 2001:10::/64 commit RPD crash occurs |
1442542 | EVENT UpDown interface logs are partially collected in syslog messages Product-Group=junos |
When multiple interfaces UpDown event happens, a number of interfaces are not logged the event but partial logs are recorded in messages file. |
PR Number | Synopsis | Category: multicast source distribution protocol |
1454244 | The rpd memory might leak in a certain MSDP scenario Product-Group=junos |
In the Multicast Source Discovery Protocol (MSDP) scenario, where the router acts as both Rendezvous Point (RP) and First Hop Router (FHR), connecting to another RP in its AS with a logical loop topology, due to this special setup, it might cause a source-active (SA) message continuously to loop and eventually causes the rpd memory leak. |
PR Number | Synopsis | Category: Resource Reservation Protocol |
1359087 | The FPC might be stuck in 'Ready' state after applying a configuration change that will remove RSVP and trigger FPC restart Product-Group=junos |
When 'tunnel-services' is configured under 'chassis fpc <> pic <>', the vt-x/y/z physical interface (IFD) is created for the corresponding FPC. If 'protocols rsvp' is configured, RSVP will create a default vt-x/y/z.u logical interface (IFL) under the corresponding vt-x/y/z IFD. After applying a configuration change that will remove RSVP and trigger FPC restart, the vt-x/y/z.u IFL is not cleaned up due to a code issue. Hence the corresponding vt-x/y/z IFD cannot be cleaned up during the corresponding FPC coming up. The IFD cleaning keeps retrying which cause the corresponding FPC to be stuck in 'Ready' state. |
1471281 | The rpd crash might be seen after doing some commit operations which could affect RSVP ingress routes Product-Group=junos |
On all platforms with BGP PIC configured, if doing some commit operations where RSVP ingress routes are affected, the rpd crash might be seen. |
1476773 | RSVP LSPs might not come up in scaled network with very high number of LSPs if NSR is used on transit router Product-Group=junos |
If NSR is enabled on transit router with scaled RSVP LSPs, RESV message might not be sent from transit router because the path messages replication on master RE does not complete in time. Hence RSVP LSPs might not come up with traffic impact. |
PR Number | Synopsis | Category: IPSEC functionality on M/MX/T ser |
1477483 | On NATT scenario the IKE Version 2 IPsec tunnel might flap if the tunnel initiator is not behind NAT Product-Group=junos |
On MX platforms with MS-MPC/MS-MIC card installed and NATT scenario, when the IPsec tunnel initiator is not behind NAT, it might cause IPsec tunnel flapping. It happens in IKEv2 scenario. |
PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
1459306 | The traffic might be stuck on MS-MPC/MS-MIC with sessions receiving huge number of affinity packets Product-Group=junos |
On MX platforms with MS-MPC/MS-MIC, if there are sessions receiving huge number of affinity packets (e.g. thousands of packets), the service interface might be brought down by the prolonged flow-control, and the mspmand process crash might happen. In this case, the traffic will be stuck due to this issue. |
PR Number | Synopsis | Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP) |
1425405 | The mspmand process might crash and restart with a mspmand core file created after doing a commit change to deactivate and activate service-set Product-Group=junos |
On MX-Series platforms with NAT pool PBA (Port Block Allocation) configuration, the mspmand process might crash and restart with a mspmand core file created if a NAT pool PBA configuration is changed. The impact is that it might cause a service traffic loss. |
PR Number | Synopsis | Category: SRX Argon module bugs |
1455169 | The SRX Series devices stop and generate several core files. Product-Group=junos |
The SRX device generates a lot of core-dumps when AAMW(advanced-anti-malware) and user-firewall features are used. |
PR Number | Synopsis | Category: platform related PRs on SRX branch platforms |
1430403 | Certain interfaces may drop all unicast traffic when LTE PIM is used. Product-Group=junos |
On SRX Series devices with LTE PIM card installed, after committing configuration changes for an interface, certain interfaces may go to problematic state, which results in all unicast traffic loss. |
1465199 | Static route through dl0.0 interface is not active. Product-Group=junos |
On SRX320,SRX345 or SRX550m platforms with LTE Mini-PIM module installed, if configure a static route with the gateway IP address of d10 as next-hop and default route is configured, all traffic destined for the static route will fail to transmit to dl0 interface. |
1468430 | Tail drop on all ports is observed when any switch-side egress port gets congested. Product-Group=junos |
On the SRX300 line of devices with Mini-PIM installed, tail-drop might happen on all ports when the serial egress port gets congested. |
PR Number | Synopsis | Category: MPC7/8/9 chassis issues |
1437855 | The chassisd might crash after enabling hash-key Product-Group=junos |
On all Junos platforms, if hash-key is enabled, packets might be dropped due to chassisd crash, including packets on other FPCs on which the hash-key is disabled. |
PR Number | Synopsis | Category: MPC7/8/9 Interface Issues |
1463015 | An interface might get stuck in down state on certain MX platforms Product-Group=junos |
The interfaces on certain MX platforms might get stuck in a down state, if the remote interface sends invalid code to the local interface. Link might not come up even after the remote peer has begun sending a good signal. |
PR Number | Synopsis | Category: SRX-1RU HA SW defects |
1474233 | An unhealthy node might become primary in SRX4600 devices with chassis cluster scenario. Product-Group=junos |
In the SRX4600 Chassis Cluster scenario, a node might become primary in a failover scenario. This can lead to packet drops. |
PR Number | Synopsis | Category: SRX-1RU platfom datapath SW defects |
1462610 | The srxpfe or flowd process might stop if the sampling configuration is changed. Product-Group=junos |
On all SRX platforms, if Jflow is configured and there is a sampling configuration change, the srxpfe/flowd process might crash. This is a corner issue. It might cause traffic loss. |
PR Number | Synopsis | Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch |
1397628 | The PPPoE subscribers are unable to reconnect after FPC reboot Product-Group=junos |
In the scale subscribers management environment, the PPP inline keepalives don't work after all the AE (Aggregate Ethernet) member link line cards reboot. This issue may cause the PPPoE subscribers are unable to reconnect. |
1476786 | Traffic loss may be observed to the LNS subscribers in case the "routing-service" knob is enabled under the dynamic-profile Product-Group=junos |
On the MX platforms working in an enhanced subscriber environment, if the "routing-service" knob is enabled under the dynamic-profile for the LNS subscribers, l2tp services may not be programmed properly in the PFE due to timing, which causes forwarding issue to the affected subscribers. |
PR Number | Synopsis | Category: Trio pfe bridging, learning, stp, oam, irb software |
1468663 | JNH memory leaks might be seen after CFM session flap for LSI/VT interfaces Product-Group=junos |
JNH memory leak may be seen when CFM session over the VPLS LSI interface/VT interface flaps if mip-half-function is used. |
PR Number | Synopsis | Category: Trio pfe l3 forwarding issues |
1434980 | PFE memory leak might be seen if MLPPP links are flapped Product-Group=junos |
On all Trio-based platforms, MLPPP links flap continuously might result in PFE memory exhaustion. Furthermore, the PFE crash might be seen due to running out of memory. |
1444186 | GRE packets which are larger than MTU get dropped on MX204 platforms when sampling is enabled on the egress interface Product-Group=junos |
On MX204 platforms, if GRE packet length exceeds MTU of gr interface and the egress interface is configured with sampling, it might cause GRE packet to be dropped because the reassembled packet's checksum is incorrect. |
PR Number | Synopsis | Category: Trio pfe multicast software |
1478981 | The convergence time for MVPN fast upstream failover might be more than 50ms Product-Group=junos |
On MX platforms which act as Next Generation Mulicast Virtual Private Network (NG-MVPN) Provider Edge (PE) routers, if the hot-root-standby and sender-based-rpf features are configured to enable MVPN fast upstream failover, once the primary multicast flow rate falls below the configured "mvpn hot-root-standby min-rate rate" threshold, the egress PE router is supposed to take switchover action from the primary flows to the backup ones, and the covergence time should be within 50 milliseconds. Due to this issue, the covergence time might be more than 50ms and reach up to several seconds (e.g. 2~3s) in a highly scaled scenario (e.g. the number of the multicast groups undergoing the switchover simultaneously is greater than 250 groups). This will result in more traffic loss than expected. |
PR Number | Synopsis | Category: Junos Automation, Commit/Op/Event and SLAX |
1461021 | Modifying the REST configuration might cause the system to become unresponsive. Product-Group=junos |
When Representational State Transfer (REST) service configuration is modified, for example the REST service is configured and then deleted for multiple times, the system might become unresponsive, even to SSH and console. This issue has service impact. |
PR Number | Synopsis | Category: Configuration management, ffp, load action |
1426341 | Switch may unable to commit baseline config after zeroize Product-Group=junos |
When the OpenConfig package is used (The OpenConfig package became part of image itself from 18.3, prior to 18.3 OpenConfig package is a seperate add-on package), the following switches (EX2200, EX3200, EX3300, EX3400, EX4200, EX4300, EX4500, EX4550, EX4600, QFX3000, QFX3100, QFX3500, QFX3600, QFX5100) may unable to commit baseline config after zeroize. |
PR Number | Synopsis | Category: Configuration mgmt, ffp, load-action, commit processing |
1410322 | The configuration database might not be unlocked automatically if the related user session is disconnected during the commit operation in progress Product-Group=junos |
Configuration database can remain locked after the SSH session is halted. |
PR Number | Synopsis | Category: UI Infrastructure - mgd, DAX API, DDL/ODL |
1464439 | The CPU utilization on mgd daemon might be stuck at 100% after the netconf session is interrupted by flapping interface Product-Group=junos |
If a netconf session is initiated over inband connection, the CPU utilization on mgd daemon might be stuck at 100% after the netconf session which is executing an RPC call for some commands gets interrupted by flapping interface. There is no impact observed to control-plane or forwarding-plane, the subsequent netconf session will continue to function. |
1480348 | TFTP installation from loader prompt may not succeed on the EX series devices Product-Group=junos |
On the EX series platforms with 17.1R1 onwards, software installation from loader prompt may not succeed by using TFTP. |
PR Number | Synopsis | Category: PTX/QFX10002/8/16 specific software components |
1471679 | ARP suppression (default enabled) in EVPN not working on MX10008/MX10016 line cards Product-Group=junosvae |
If MX10008 or MX10016 function as provider edge (PE) devices in an Ethernet VPN-MPLS (EVPN-MPLS) or Layer 3 VXLAN gateways in an Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) environment, ARP suppression is enabled by default, when the ARP expires on any the CPE's , it sends out an ARP REQ broadcast message , this should be suppressed by the PE(MX10008/MX10016). However, ARP broadcast received on MX10008/MX10016 seems to flooded. |
1475871 | Traffic loss might be seen as backup RE takes around 20 seconds to acquire mastership Product-Group=junos |
On the MX10008/10016 platforms, when GRES and NSR are configured, backup RE will take about 20 seconds to acquire mastership after kernel crash on master RE. Due to this long switching time, traffic loss might be seen. Normal RE mastership switchovers are not affected by this issue. |
PR Number | Synopsis | Category: PTX/QFX100002/8/16 platform software |
1464119 | FPC might restart during run time on PTX10K/QFX10K platforms Product-Group=junos |
On PTX10K/QFX10K platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions. |
PR Number | Synopsis | Category: Virtual Router Redundancy Protocol |
1454895 | The VRRP traffic loss is longer than one second for some backup groups after performing GRES Product-Group=junos |
On all Junos OS platforms, configuring VRRP over the AE interface whose member physical interfaces belong to different PFE (packet forwarding engine), some backup VRRP groups traffic loss are observed longer than one second after performing GRES (graceful Routing Engine switchover). As the expectation is that the outage is subsecond. |
PR Number | Synopsis | Category: VSRX platform software |
1469978 | vsrx2.0 - config-drive does not work as expected Product-Group=junos |
Adding the license to the vSRX while it's getting spun through cloud-init fails. It would have to manually add it after the device has booted up. |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search