ACX, MX, EX, PTX, QFX, vMX, vRR, NFX, SRX, vSRX

Download Junos Software Service Release:

1. Go to Junos Platforms - Download Software page
2. Input your product in the "Find a Product" search box
3. From the Type/OS drop-down menu, select Junos SR
4. From the Version drop-down menu, select your version
5. Click the Software tab
6. Select the Install Package as need and follow the prompts

Junos Software service Release version 18.2R3-S3 is now available.

NOTE

PR1463859 introduces a software defect that causes a 10GE interface to flap continuously when configured with the WAN-PHY framing with the default "hold-down" timer (0). Once you upgrade a router to an affected software release, the interface may flap continuously. This is not applicable to an interface with the default framing - LAN-PHY. [TSB17782]

18.2R3-S3 - List of Fixed issues

PR Number	Synopsis	Category: Software build tools (packaging, makefiles, et. al.)
1417345	The JSU package installation may fail Product-Group=junos	In a specific scenario, the JSU (Junos OS selective upgrade) package installation on a router which has JET (Juniper Extension Toolkit) package installed may fail due to "Operation not permitted" error. This issue does not impact service and traffic.
PR Number	Synopsis	Category: LLDP
1464553	The LLDP packets might get discarded on all Junos platforms Product-Group=junos	On all Junos platforms, the LLDP packet received from any other vendor might get discarded. The issue is seen when there are two location-id in the same packet and the Junos device considers the LLDP packet as duplicate and discards it. This might result in the PoE phone not coming up or neighborship information not getting exchanged.
PR Number	Synopsis	Category: L2NG RTG feature
1461293	MAC addresses learned on RTG may not be aged out after aging time Product-Group=junos	MAC addresses learned on redundant trunk group (RTG) might not be aged out after aging time if the source interface is configured as RTG.
PR Number	Synopsis	Category: EX4300 Control Plane
1461434	ERP might not revert back to IDLE state after reload/reboot of multiple switches Product-Group=junos	On EX4300 platforms configured with ERP, after multiple devices reboot/restart at the same time, ERP might not revert back to the IDLE state. This issue might be seen in situations where the ERP node-id is not configured manually and after the restart, the default node-id (switch base MAC address) might get reset to 00:00:00:00:00:00, effectively causing multiple devices to have the same node-id.
PR Number	Synopsis	Category: EX4300 PFE
1448607	NSSU cause a traffic loss again after the backup to master transitions Product-Group=junos	In specific topology (VC uplink with VRRP and downlink client-side has a LAG), while doing NSSU on EX4300 VC, traffic loss might be observed again after the backup to master transitions.
1470424	The switch might not be able to learn MAC address with dot1x and interface-mac-limit configured Product-Group=junos	On Junos platforms, if dot1x and interface-mac-limit are configured, when sending traffic continuously to the interfaces, the switch might not be able to learn MAC address. Hence traffic drop might be seen.
1491348	The traffic destined to VRRP VIP might be dropped after the IRB interface is disabled on the initial VRRP master Product-Group=junos	On the EX4300 virtual-chassis scenario, the traffic destined to the VRRP Virtual IP Address (VIP) might be dropped on the Virtual-Chassis if the VRRP IRB interface is disabled on the initial VRRP master. For details, please refer to the following topology and problem description. Topology: +------------------virtual-chassis VC2---+ | | irb.1001 | +----------+ +----------+ | 192.168.1.3 | | sw3 +------------+ sw4 | | | +----------+ +----------+ | | |ae0 | irb.1001 +--------+-------------------------------+ VRRP VIP | 192.168.1.1 | |--------+ae1001----virtual-chassis VC1---+ | +----------+ +----------+ | irb.1001 | | sw1 +------------+ sw2 | | 192.168.1.2 | +------+---+ +----------+ | | | | +-----------------------------------------+ |0/0/20 | + SW 5 192.168.1.254 SW1 and SW2 are configured in VC1 SW3 and SW4 are configured in VC2 IRB.1001 with VRRP is configured on VC1 and VC2 IRB.1001, IP 192.168.1.3 and VRRP VIP 192.168.1.1 is on VC2 IRB.1001, IP 192.168.1.2 and VRRP VIP 192.168.1.1 is on VC1 VC1 is VRRP master Problem description: When the IRB.1001 is deactivated on VC1, traffic from SW5 ( 192.168.1.254) to VRRP VIP 192.168.1.1 (now active on VC2) is dropped on VC1.
PR Number	Synopsis	Category: EX4300 Platform
1445626	The laser TX might be enabled while the interface is disabled Product-Group=junos	In ex4300 switches when 1G SFP is connected to 10G port, Auto-negotiation should be disabled (when enabled causes many issues like ARP, link down..) hence when AN is disabled somehow corrupting the TX_DISABLE field hence Laser Tx remain enabled when disabling and plug-out - plug-in.
PR Number	Synopsis	Category: Marvell based EX PFE L2
1474808	Continuous dcpfe error messages and eventd process hogged might be seen on EX2300 VC scenario Product-Group=junos	On EX2300 VC scenario, when host path packets are flooding through internal HG (higig) port, it might generate some dcpfe error messages which are harmless and eventd process hogged might also be seen. And it also might cause high CPU utilization which might affect protocol traffic.
PR Number	Synopsis	Category: Marvell based EX PFE L3
1462106	Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX-4600-EX-4300 VC Product-Group=junos	Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX-4600-EX-4300 VC
PR Number	Synopsis	Category: EX9200 Control Plane
1452738	The l2ald and eventd are hogging 100% after issued "clear ethernet-switching table" Product-Group=junos	The l2ald and eventd processes are hogging 100% after issued "clear ethernet-switching table" and also the continuous syslog errors "l2ald[18605]: L2ALD_IPC_MESSAGE_INVALID: Invalid message received (message type 0, subtype 0): null message" are observed.
PR Number	Synopsis	Category: EX9200 Platform
1467459	The MAC move message may have an incorrect "from" interface when MAC moves rapidly Product-Group=junos	On the EX2300/3400/4300/4600/9200 platform, in some cases, if MAC moves rapidly, traffic might be impacted and the MAC move message might have an incorrect "from" interface.
PR Number	Synopsis	Category: EX2300/3400 CP
1458559	The correct VoIP VLAN information in LLDP-MED packets might not be sent after commit if dynamic VoIP VLAN assignment is used Product-Group=junos	If the dynamic assignment of VoIP VLAN is used, the switch might not send correct VoIP VLAN information in LLDP MED packets after any configuration change and commit.
PR Number	Synopsis	Category: EX2300/3400 PFE
1465526	The fxpc might crash after mastership election on EX2300 and EX3400 platform Product-Group=junos	On EX2300 and EX3400 platforms under virtual chassis(VC) scenario, fxpc might crash during mastership switchover process.
1466423	The broadcast and multicast traffic might be dropped over IRB or LAG interface in QFX/EX VC scenario Product-Group=junos	On QFX5000/EX2300/EX3400/EX4600 Virtual Chassis (VC) platforms, the broadcast and multicast traffic might get dropped over some of the Link Aggregation Group (LAG) or Integrated Routing and Bridging (IRB) interfaces. Due to this issue, all the routing protocols replying on broadcast/multicast traffic would not be able to setup neighbor sessions, for example, some of the Open Shortest Path First (OSPF) sessions might be stuck in "Init" state over LAG or IRB interfaces.
PR Number	Synopsis	Category: EX2300/3400 platform
1361025	On EX2300MP platforms, the fan count is wrong in jnxFruName,jnxFilledDescr and jnxContainersCount.4 Product-Group=junos	On EX2300MP platforms, a wrong number of FAN count is shown in for jnxContainersCount. It shows 4 instead of 3. There is no functionality impact.
1452209	The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured Product-Group=junos	On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow.
1452209	The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured Product-Group=junosvae	On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow.
1467707	FPCs might get disconnected from EX3400 VC briefly after reboot/upgrade Product-Group=junos	On EX3400 Virtual Chassis, during reboot or upgrade, because of a high CPU load in slow path of fxpc, TCP keep alive message is not sent. Hence, it is observed that sometimes a few Virtual Chassis members might get disconnected from the Virtual Chassis briefly and join back in 3-6 minutes.
1469750	Traffic loss might be observed between SFP-T connected interfaces on EX3400 platforms Product-Group=junosvae	On EX3400 switches, traffic (Receive) loss might be seen when SFP-T is connected between interfaces.
1471931	EX3400 is advertising only 100m when configured the speed 100m with autoneg enabled Product-Group=junos	With Auto-negotiation enabled EX3400 will advertise only 100m whenever we configure the speed 100m
1477165	EX3400 me0 interface might remain down Product-Group=junos	The me0 interface of EX3400 does not come up when connected to 100m speed interface.
PR Number	Synopsis	Category: DC PFE QoS
1466770	Slow packet drops might be seen on QFX5000 platforms Product-Group=junos	The issue observed on QFX5000 platforms when there are any packets on the port before its buffer configuration is completed after the reboot. This issue is very rare and the window could be just few milli seconds.
PR Number	Synopsis	Category: DHCP related Issues
1467182	[dhcp] [DHCP_RELAY]- JDI-_DHCP_-REGRESSION-SWITCHING:: DHCPvX ACK Messages did not receive response to Broadcast INFORM packets with 19.1R2.3 Product-Group=junos	Few of DHCPvX INFORM Messages, specific to particular VLAN are not receiving any ACK from server.
PR Number	Synopsis	Category: QFX Multichassis Link Aggregrate
1465077	The traffic might be forwarded to wrong interfaces in MC-LAG scenario Product-Group=junos	On EX/QFX platforms with MultiChassis Link Aggregation Group (MC-LAG) configured, if the interface media of MC-LAG is changed from MultiProtocol Label Switching (MPLS) to Dense Wavelength Division Multiplexing (DWDM), the traffic might be forwarded to wrong interfaces and get dropped.
PR Number	Synopsis	Category: QFX Access control list
1379718	Host destined packets with filter log action might not reach to the RE if log/syslog is enabled Product-Group=junos	On EX4300/EX4600/QFX Series switches except for QFX10k, if host destined packets (that is, the destination address belongs to the device) come from the interface with ingress filter of log/syslog action (for example, 'filter <> term <> then log/syslog'), such packets should not be dropped and reach the Routing Engine.
1476708	ARP packets are always sent to CPU regardless of whether the storm-control is activated Product-Group=junos	On QFX5K platforms with VXLAN or VLAN scenario, ARP packets are not rate limited by the storm-control settings as the ARP packets will be copied to CPU by VLAN register settings and can be only rate limited by the CPU Queues rate-limit settings (ARP DDOS Queues).
PR Number	Synopsis	Category: QFX PFE CoS
1432078	Shaping does not work after the reboot if "shaping-rate" is configured Product-Group=junos	On QFX5110, QFX5100 and EX4600 platforms, if "shaping-rate" is configured, the shaping feature might not work after a reboot. The service might be impacted as the traffic cannot be rate limited.
PR Number	Synopsis	Category: QFX PFE L2
1421672	Packet loss might be seen when one of the Spine switch fails or reboots Product-Group=junos	On QFX5K/AS7816 series switches, a brief packet loss might be seen when one of the spine switch fails or reboots in a VxLAN setup as it takes time to update all the VTEPs to new next-hop towards the other Spine switch. This happens due to the Fast Reroute capability not being present for VxLAN technology.
1431262	ERPS (Ethernet Ring Protection Switching) nodes might not converge to IDLE state after failure recovery or reboot Product-Group=junos	In ERPS topologies where EX/QFX platform switches are used, after failure recovery or reboot, some nodes might not converge to IDLE state and their interfaces might remain in discarding state. It is expected to have single STP (Spanning Tree Protocol) instance getting mapped to STG (Spanning Tree Group) however, in problematic state two STP instances get created, resulting in two STG and cause traffic loss.
1437577	Physical layer and MAC/ARP learning might not work for copper base SFP-T on QFX5100/QFX5110/EX4600 Product-Group=junos	On QFX5100/QFX5110/EX4600 platforms, if copper base SFP-T is used, it might not get up on physical layer and the MAC/ARP learning might not work if it gets up. The PR fixes both layer-1 and layer-2 issues in this scenario.
1467466	Few MAC addresses might be missing from MAC table in software on QFX5k platform. Product-Group=junos	On QFX5k platform, if Packet Forwarding Engine process is restarted manually or device reboot occurs, some MAC address(es) might not be seen on software MAC table but MAC address will be present in hardware table.
1467763	The fxpc.core might be seen when committing the configuration all together, e.g., after the reboot Product-Group=junos	On EX2300/3400/4300/4600 and QFX Series switches except for QFX10k, if committing the configuration all together (e.g., after the reboot), the fxpc/PFE core dump might be found. In the Virtual Chassis scenario, the VC members might be splitted because the VC ports might not be created in time.
1469596	Ingress traffic might be blackholed if underlying interfaces flap in EVPN/VXLAN scenario Product-Group=junos	On QFX5000 platforms with Ethernet Virtual Private Network (EVPN) and Virtual Extensible LAN (VXLAN) scenario, if there is the underlying interface flaps for the core network side, all the ingress traffic might be backholed by the VXLAN Tunnel Endpoint (VTEP) due to this issue.
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1367439	Invalid VRRP mastership election on QFX5110-VC peers Product-Group=junosvae	In some specific scenarios, the configuration of bpdu-block-on-edge might cause both QFX5110 to claim as VRRP masters.
1367439	Invalid VRRP mastership election on QFX5110-VC peers Product-Group=junos	In some specific scenarios, the configuration of bpdu-block-on-edge might cause both QFX5110 to claim as VRRP masters.
1455547	The coredump might occur during adding/removing EVPN Type-5 routing instance Product-Group=junos	On QFX platforms, the coredump might occur during adding/removing EVPN Type-5 routing instance. The EVPN route would be corrupted and traffic/service impact appears if hitting the issue.
1460791	JDI-RCT : QFX 5100 VC/VCF : Observing Error brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) after ISSU with Mini-PDT base configurations Product-Group=junos	"multicast stats related errors like " brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running)" will be observed during ISSU and these messages are harmless and does not affect multicast functionality".
PR Number	Synopsis	Category: QFX PFE MPLS
1475395	Traffic blackhole might be seen on PE when CE sends traffic to PE and the destination is resolved with two LSPs through one upstream interface Product-Group=junos	On QFX5K platforms with Layer3 VPN scenario, when CE sends traffic to PE and the destination is resolved with two LSPs through one upstream interface, the traffic blackhole might be seen on PE. It happens in ECMP scenario.
1477301	The traffic may be lost over QFX5100 switch acting as a transit PHP node in the MPLS network Product-Group=junos	In the MPLS network, the packets may get dropped by egress node if the packets go through the QFX5100 switch acting as a transit PHP (penultimate-hop popping) node.
PR Number	Synopsis	Category: SPC3 HW and SW Issues
1429899	Packet loss is caused by FPGA back pressure on SPC3. Product-Group=junos	On SRX5000 Series devices with an SPC3 card, sometimes very small amount of packet loss is observed.
PR Number	Synopsis	Category: SRX Macsec bug tracking
1474674	Packet drop might be observed on the SRX300 line of devices when adding or removing an interface from MACsec. Product-Group=junos	On SRX3xx platforms, when adding/removing an interface from MACsec (e.g. enables/deactivates an interface under security macsec heirarchy), and that interface is configured with non-default properties of speed/mtu/autonegotiation/duplixity, packets drop might be observed on that interface.
PR Number	Synopsis	Category: CoS support on ACX
1455722	ACX5048 snmp polling will stalled after the link flap/ sfp replacement and ACX_COS_HALP(acx_cos_gport_sched_set_strict_priority:987): Failed to detach logs will be seen Product-Group=junos	When inserting a SFP, the lowest ifd index available is assigned to the new interface created. During this sfp attach, an ifd-halp entry is also created in cos table for the interface. When SFPs are swapped and SFPs get their IFD index assigned interchanged as that of their old IFDs, issue is observed. As per PFE, the bcm port for the interface remains the same while IFD alone changes when removed and inserted. Hence while creating an ifd-entry for the interface in cos table, it is checked for any old entry still present for same bcm port. But the check done to validate for any old entry is improper. It does not check whether the old ifd index present is still for same bcm port. Due to this check missing, a valid ifd-entry of some other interface is getting deleted in cos table. Introduced the additional validation to ensure the old ifd index of the interface is still for same bcm port. Deleting of old ifd-entry is done only if bcm port of current entry and old ifd entry are same. Also added in existing debug message to display the ifd index which is getting deleted.
PR Number	Synopsis	Category: ACX Interfaces IFD, IFL, vlans, and BRCM init
1284590	ACX5k MacDrainTimeOut and bcm_port_update failed: Internal error Product-Group=junos	On ACX5K, the buffer is corrupted on port 0 (*/*/0) and error message MACDRAINTIMEOUT and dcbcm_check_stuck_buffers are observed, which could eventually lead to port 0 (*/*/0) flapping.
1411015	The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx Product-Group=junos	The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx.
PR Number	Synopsis	Category: ACX MPLS
1449681	l2circuit with a "backup-neighbor" (hot-standby) configured may stop forwarding traffic after failovers Product-Group=junos	On ACX platforms, if the "backup-neighbor" is configured with the "hot-standby" parameter, then l2circuit may stop passing traffic if the master path is down and back up again (l2circuit switchovers from the master path to the backup path, then moves back from the backup path to the master path)
PR Number	Synopsis	Category: ACX GE, 10GE, PoE, IDT framers
1439384	interface on ACX1100 remains down when using SFP-1FE-FX (740-021487) Product-Group=junos	Interface with SFP-1FE-FX transceiver optic (740-021487) will not come UP on ACX routers.
PR Number	Synopsis	Category: MPC Fusion SW
1454595	The 100G Interfaces may not come up again after going down on MPC3E-NG Product-Group=junos	On MPC3E-NG cards with 100G interface in use, if the interface detects Loss of Lock (LOL) on the link without Loss of Signal (LOS), the interface will go down and may not come up again after the link is recovered.
1463859	The MPC2E-NG/MPC3E-NG card with specific MIC might crash after a high rate of interface flaps Product-Group=junos	If any MIC of MIC-3D-2XGE-XFP / MIC-3D-4XGE-XFP / MIC-3D-20GE-SFP-E / MIC-3D-20GE-SFP-EH / MIC-MACSEC-20GE is installed in MPC2E-NG/MPC3E-NG card, the Microkernel (uKern) might hog for CPU on Packet Forwarding Engine (PFE) when there is a high rate of interface flaps (~30/40 flaps per second). This will eventually trigger the MPC2E-NG/MPC3E-NG card crash with an NGMPC core file. Normally the excessive interface flapping won't happen frequently in real world and it may be caused due to external environment. This fix will reduce the impact and prevent the uKern hog when having such conditions.
PR Number	Synopsis	Category: A15 specific issue
1439744	The SPC card might stop on the SRX5000 line of devices. Product-Group=junos	On the SRX5400,SRX5600 or SRX5800 platforms with SPC2, the SPC could go into a hung state without processing any traffic.
PR Number	Synopsis	Category: a20a40 specific issue
1479255	The RGx might fail over after RG0 failover in a rare case. Product-Group=junos	On the SRX5000 platforms with SPC3 in use, the RGx (x>0) failover may be observed followed by RG0 failover, this is a timing issue and due to unexpected "hardware timeout" detected by RGx after RG0 failover.
PR Number	Synopsis	Category: srx5k service offloading related PR
1436421	On an SRX4600 device, core file generation might be observed and SPM might be in present state. Product-Group=junos	On SRX4600 devices, in rare cases, FPC0 and/or FPC1 may stay in Present state at boot and never come Online or may move to Present state during operation. When this occurs, J-Ukernel crashes and multiple chassis alarms may be observed. The reason is that the power chip doesn`t produce the right voltage. The fix is to set the right voltage (through upgrading the Jfirmware version). It would affect the traffic.
PR Number	Synopsis	Category: These are new categories in the areas of PFE
1460209	Loop detection might not work on extended ports in Junos Fusion scenarios Product-Group=junos	In Junos Fusion scenarios, if loop detection is enabled on extended ports, when a satellite device (SD) is rebooted, or when a satellite device is added or removed/re-added, the loop detection feature might not work.
PR Number	Synopsis	Category: BBE Autoconfigured DVLAN related issues
1467468	L2 Wholesale not forwarding all client requests with stacked VLAN Product-Group=junos	In the Non-ANCP Based L2 Wholesale scenario, if more than one request packets from customer side encapsulated in dual-tagged VLAN arrive at PE device, only the first one of the packets which share the same outer VLAN gets forwarded, and the rest will fail.
PR Number	Synopsis	Category: BBE database related issues
1457284	UI_OPEN_TIMEDOUT: Timeout connecting to peer 'database-replication' Product-Group=junos	Syslog "timeout connecting to peer database-replication" is generated when command "show version detail" issued.
PR Number	Synopsis	Category: BBE interface related issues
1467125	The PPPoE subscribers get stuck due to the PPPoE inline keepalives don't work properly Product-Group=junos	In the PPPoE subscriber management environment, due to the PPPoE inline keepalives timeout events may get dropped by the RE (routing engine), the PPPoE subscribers get stuck. This issue may cause the PPPoE subscribers are unable to reconnect.
PR Number	Synopsis	Category: MIBs related to BBE
1470664	SNMP interface-mib stops working for PPPoE clients Product-Group=junos	SNMP interface-mib stops working for PPPoE clients. In this scenario SNMP works fine for standard queries on the MX router, but for subscriber statistics always returns value of zero.
PR Number	Synopsis	Category: Bi Directional Forwarding Detection (BFD)
1432440	In BFD and GR enabled scenario, BFD DOWN packets are not being sent immediately after BFD failure Product-Group=junos	In both GR helper and GR restarter scenarios, BFD down packets are not immediately sent. It might cause an issue where BGP session down is notified before BFD DOWN.
1448649	JUNOS BFD sessions with authentication flaps after a certain time Product-Group=junos	In the scenario where BFD session authentication is configured, after a certain period of time, BFD sessions flaps may be seen, this will cause the neighbor to be down.
1470603	The BFD client session might flap when removing BFD configuration from the peer end (from other vendor) of the BFD session Product-Group=junos	Currently, when a BFD packet with session state set to "AdminDown" is received by Juniper Device, the Juniper device will check both the session state and the diagnostic code in the packet. If the session state is "AdminDown" and the diagnostic code is 7 (which means "diag AdminDown"), the BFD session will be set to "Down" and the BFD client (i.e. the service which is protected by BFD) will be notified with "AdminDown" and the BFD client session will not flap. But if the BFD packet with session state set to "AdminDown" along with diagnostic code other than 7 is received, the BFD client will be notified with "Down" and the BFD client session will flap.
PR Number	Synopsis	Category: Border Gateway Protocol
1382892	The rpd might crash under a rare condition if GR helper mode is triggered Product-Group=junos	When graceful restart is configured on the BGP peer device, if the peer device initiate new TCP connection when there is an existing TCP connection for the BGP session, send OPEN message and this new TCP connection also get torn down immediately after establishment/sending of OPEN message. The rpd might crash.
1412538	BGP might stuck in Idle state when the peer triggers a GR restart event Product-Group=junos	When NSR (nonstop-routing) is enabled in local device and BGP GR (Graceful-Restart) is enabled in peer device, if the peer triggers a GR restart (it is usually caused by some failure in peer or the peer restarts rpd, etc), some BGP sessions might stuck in Idle state. The reason is that when the GR restart happens, the device is still doing the initial sync to the backup RE of the previous sessions, so some BGP sessions might stuck in Idle state because the router does not complete the process (the initial sync of the data set to the backup).
1414121	QFX5100 : BGP v4/v6 convergence & RIB install/delete time degraded in 19.1R1/19.2R1/19.3R1/19.4R1 Product-Group=junos	BGP IPv4 or IPv6 convergence and RIB install/delete time is degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1.
1454198	The rpd scheduler slip for BGP GR might be up to 120s after the peer goes down Product-Group=junos	In BGP GR (graceful-restart) scenario (graceful-restart is configured for BGP or GR-helper mode is enabled by default), when high-scale routes get learnt from one peer, the rpd scheduler slip might be up to 120s after that BGP peer flaps.
1454951	The rpd process might crash when multipath is in use Product-Group=junos	If multipath is enabled, in some certain conditions, the rpd process might crash while secondary route resolution is running.
1461602	The rpd scheduler slips might be seen on RPKI route validation enabled BGP peering router in a scaled setup Product-Group=junos	In scaled BGP environment (e.g. global table ~3M routes or more) when there are a lot of (e.g 10k or more) more specific routes for a certain IPv4 or IPv6 prefix covered by some RV (route validation) record, a change in RV records database might lead to rpd (routing protocol daemon) scheduler slips, which could trigger routing protocol adjacency flap. The same could be triggered by executing "clear validation database" command or shortly after initial session RPKI (resource public key infrastructure) establishment event.
1472671	The rpd process might crash with BGP multipath and damping configured Product-Group=junos	On all Junos platforms running with Border Gateway Protocol (BGP), if both BGP multipath and BGP damping are configured, it might happen that, when the active route, for example r1, is withdrawn but it is not really deleted due to damping, then BGP might be unable to find its original gateway when the route r1 is relearned and becomes the best route again. It will lead to the rpd process crash.
1473351	Removing cluster from BGP group might cause prolonged convergence time Product-Group=junos	Cluster removal from BGP group might lead to a state where each subsequent change to BGP configuration will trigger import policy reevaluation causing prolonged convergence time of several minutes. This might result in a traffic loss.
1487691	High CPU utilization might be observed when the outgoing BGP updates are sending slowly Product-Group=junos	On all Junos platforms with the BGP routing protocols, the rpd process might go into a high CPU utilization causing slow network convergence. If a BGP peer is receiving and processing BGP updates slowly, this may cause the BGP output queue of the sending BGP peer to be full. When the queue is full it causes high CPU utilization of the BGP IO thread (bgpio, it is part of the rpd daemon) on the sending BGP peer. This defect could cause network-wide slow BGP network convergence. (See also https://kb.juniper.net/TSB17725)
PR Number	Synopsis	Category: BBE Remote Access Server
1431614	Subscriber filtering for General Authentication Services traceoptions will report debug messages for other users. Product-Group=junos	Subscriber filtering for General Authentication Services traceoptions will report debug messages for other users.
1479697	The CoA request may not be processed if it includes "proxy-state" attribute Product-Group=junos	In a subscriber management environment, the CoA requests (such as deactivating/activating subscribers) sent from Radius server will fail if the "proxy-state" attribute is present. This attribute is still unsupported but will now be ignored if it's present in CoA requests.
PR Number	Synopsis	Category: Cassis pfe microcode software
1464820	MPC5E/6E might crash due to internal thread hogging the CPU Product-Group=junos	PR 1382182 (which is fixed in 16.2R3 17.1R3 17.3R3-S3 17.3R4 17.4R2-S3 17.4R3 18.1R3-S2 18.1R4 18.2R2 18.2X75-D40 18.3R2 18.4R1 19.1R1) introduced an improper code which could cause an internal thread to hog the CPU and eventually result in the MPC crash. It is a timing issue and affects MPC5E/6E.
PR Number	Synopsis	Category: MX Platform SW - UI management
1453533	Alarm was not sent to syslog on MX10003 platform Product-Group=junos	On the MX10003 platform, the alarmd wont write the alarm messages to the syslog.
1453533	Alarm was not sent to syslog on MX10003 platform Product-Group=junosvae	On the MX10003 platform, the alarmd wont write the alarm messages to the syslog.
1457657	The chassisd process and all FPCs may restart after RE switchover Product-Group=junos	The chassisd process and all FPCs may restart after RE switchover if the knob "master-only" is enabled.
PR Number	Synopsis	Category: Class of Service
1475508	MX10008/MX100016 might generate cosd core after executing "commit/commit check" if "policy-map" configuration is set Product-Group=junos	On MX10008 and MX10016 platforms, the cosd crash might be seen after executing "commit/commit check" if "policy-map" configuration is set.
PR Number	Synopsis	Category: L2NG Access Security feature
1478375	The process dhcpd may crash in a Junos Fusion environment Product-Group=junos	On EX92XX platforms with the DHCP snooping configured, if a peer receives DHCPv6 packets from the server without the "client-id" option present, and it is syncing packets to the other side at that time, then the process dhcpd crash may be observed.
PR Number	Synopsis	Category: OpenSSH and related subsystems
1454177	SSH login might fail if a user account exists in both local database and RADIUS or TACACS+. Product-Group=junos	SSH login from an automation tool to the Junos device might not be successful if the username is configured both as a local user and on remote RADIUS/TACACS server, and using authentication method 'password'.
PR Number	Synopsis	Category: Device Configuration Daemon
1475634	Commit error is not thrown when member link is added to multiple aggregation group with different interface specific options Product-Group=junos	Commit error is not thrown when member link was added to multiple aggregation group with different interface specific options. When member interface added to bundle with both ether and gig-ether interface specific options, gig-ether option takes precedence over ether options.
PR Number	Synopsis	Category: Firewall Filter
1452435	Commit error and dfwd coredump might be observed when applying a firewall filter with action "then traffic-class" or "then dscp" Product-Group=junos	Commit failure with error might be seen and the dfwd crashes when applying a firewall filter with action "then traffic-class" or "then dscp" to an interface.
1465093	On MX10008 and MX10016 routers policer bandwidth-limit cannot be set higher than 100g Product-Group=junos	MX10008 and MX10016's "policer bandwidth-limit" can not be set higher than 100G.
1466698	An output bandwidth-percent policer with logical-bandwidth-policer applied to an AE bundle along with an output-traffic-control-profile has incorrect effective policing rate Product-Group=junos	On MX platforms, for an AE bundle of at least two members hosted at two different FPCs, if the AE interface is with CoS output-traffic-control-profile of shaping-rate and with the output filter of policer with logical-bandwidth-policer and bandwidth-percent, the AE interface might have incorrect effective output policing rate.
1473093	Traffic might not be forwarded into the right queue but the default queue when VPLS traffic has three or more VLAN tags with VLAN priority 5 Product-Group=junos	On the MX platform with MPC line card (except DPC line card) used, if an input firewall filter is configured at the ingress VPLS interface, the packet with a VLAN priority of 5 with three or more VLAN tags might be forwarded into the wrong queue. When this occurs, it might cause traffic loss due to congestion as all traffic is forwarded into the default queue.
1478964	The filter may not be installed if the "policy-map xx" is present under it Product-Group=junos	If the "policy-map xx" option is configured under "family mpls" for filters, then the filters may not take effect after committing.
PR Number	Synopsis	Category: dhcpd daemon
1471161	DHCP relay with forward-only might fail to send OFFER messages when DHCP client is terminated on logical tunnel interface Product-Group=junos	On all Junos platforms, when DHCP relay is configured with forward-only, and DHCP client is terminated on logical tunnel interface that multiple IFLs under this lt- interface have a same VLAN, DHCP relay might fail to send OFFER messages.
1474097	Subnet information might be corrupted if it is passed by a radius server Product-Group=junos	On all Junos platforms with jdhcpd daemon, Junos is acting as a DHCPv4 local server with an external RADIUS server, if using DHCPv4 options to request subnet data from RADIUS server, the mask value which RADIUS server offered might be effectively reversed. It could cause the DHCPv4 client fails to get the correct subnet information.
PR Number	Synopsis	Category: Covers Application classification workflows apart from custo
1454180	Introduction of default inspection limits for application identification to optimize CPU usage and improve resistance to evasive applications. Product-Group=junos	AppID is significantly more resistant to evasive applications. It does this by introducing default inspection-limits which can be adjusted by using the new commands 'set services application-identification inspection-limit' and 'set services application-identification global-offload-byte-limit'.
1463159	A core file might be generated when you perform an ISSU on SRX Series devices. Product-Group=junos	When APPID is enabled and perform an ISSU on SRX devices, it might cause traffic impact and generate core-dump file.
1479684	Recent changes to JDPI's classification mechanism caused a considerable performance regression (more than 30 percent). Product-Group=junos	Recent changes to JDPI's classification mechanism caused a considerable performance regression (30%+).
PR Number	Synopsis	Category: JUNOS Dynamic Profile Configuration Infrastructure
1188434	UID may not release properly in some scenarious after service session deactivation Product-Group=junos	When same UID objects are used in both inet and inet6 services of the same subscriber session, deactivation the first session cause conditions which avoid releasing UID entry after deactivation second service session. This leads to having stale UID entry and can cause subscriber's connection problem in the future when UID pool would be completely exhausted. The probability of hitting the issue increases if amount subscriber to amount of unique services ratio is aproaching 1 (i.e. when almost every subscriber has a service with unique servie objects).
PR Number	Synopsis	Category: dynamic dcd prs
1470622	Executing commit might hang up due to stuck dcd process Product-Group=junos	When dynamic DHCP sessions are existing in the device, if multiple commits in parallel are performed, the commit might hang up.
PR Number	Synopsis	Category: Ethernet OAM (LFM)
1396540	V44-CFM: NPC crash @ rt_nh_install (rnh=0x618123d8, rnh_src=0x0, rt=< optimized out>, p_rtt=0x74f886c0) at ../../../../src/pfe/common/pfe-arch/trinity/applications/route/rt_nh.c:631 Product-Group=junos	As part of the EOAM programming the LM counters are allocated. When an interface is deleted, the EOAM LM counters needs to be cleared. This is done as part of EOAM punt deletion. But there are scenarios where the prog punt delete processing is received, the IFL is deleted in ukern. In this case the EOAM NHs are cleared but the LM counters are not freed. this can cause memory leak in jnh. This issue is seen for a scaled config, repeated addition and deletion of the interface configs when EOAM config is present
1465608	The EOAM CFM primary-vid functionality doesn't work if the enhanced-cfm-mode is enabled Product-Group=junos	On MX10003 platform, the EOAM (Ethernet Operations, Administration, and Maintenance) CFM (Connectivity Fault Management) primary-vid functionality doesn't work if the enhanced-cfm-mode is enabled. The issue impacts the CFM functionality.
PR Number	Synopsis	Category: EVPN control plane issues
1467309	The rpd might crash after changing EVPN related configuration Product-Group=junos	In EVPN scenario without encapsulation type specified (the default EVPN encapsulation type is set to MPLS), if "vlan-id none" and "vni " is configured in EVPN instance, the rpd might crash after changing EVPN related configuration (such as set the encapsulation as vxlan or delete label-allocation scheme).
PR Number	Synopsis	Category: EX Chassis Interface Handling
1441035	The EX ports might stay in up state even if the EX46XX/QFX51XX series device is rebooted Product-Group=junos	With DAC cable used between EX46XX/QFX51XX series device and EX device, during rebooting the EX46XX/QFX51XX series device, the ports on EX device might still stay up.
PR Number	Synopsis	Category: Issues related to EX MACsec
1469663	Traffic loss might be seen with framing errors or runts if MACsec is configured on EX4600/QFX5100 platforms Product-Group=junos	On EX4600/QFX5100 platforms with Media Access Control Security (MACsec) configured, if there is traffic flowing through the MACsec enabled link, increasing framing errors or runts statistics might be seen in the output of "show interfaces extensive <>" for the affected interface. Traffic loss might also happen due to this issue.
PR Number	Synopsis	Category: Express PFE CoS Features
1450265	CoS classification does not work on QFX10K Product-Group=junos	On QFX10K platforms, under the scale scenario more than 500 AE IFLs, if the classifier configuration frequent churns or link flaps, the CoS classification will not work on the impacted interfaces.
PR Number	Synopsis	Category: Express PFE FW Features
1448778	Egress sampling for sflow might stop working for more than 8 interfaces on PTX platforms Product-Group=junos	On PTX platforms, if sflow is configured on more than 8 interfaces, egress sampling might stop working due to this issue.
1462634	The sample/syslog/log action in output firewall filter with packet of size less than 128 might cause ASIC wedge (all packet loss) on PTX platforms Product-Group=junos	On PTX platforms, if output firewall filter is configured with sample/syslog/log action, the host interface might get wedged for packets with lengths 0-128 including Layer 3 headers.
1470385	Incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands Product-Group=junos	On PTX1000/PTX3000/PTX5000/PTX10000/PTX9000/QFX10000, sending hostpath traffic and check the ddos statistics might lead to incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands
PR Number	Synopsis	Category: Express PFE Services including JTI, TOE, HostPath, Jflow
1445585	Receipt of a malformed packet for J-Flow sampling might create a FPC process core. Product-Group=junos	Receipt of a malformed packet for J-Flow sampling might create a FPC process core.
PR Number	Synopsis	Category: Express PFE L2 fwding Features
1442587	The PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb Product-Group=junos	Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact.
1446291	On QFX10K platforms removing EVPN-VXLAN L3 Gateway on the IRB interface from spine switches might cause black holing of traffic Product-Group=junos	On QFX10000 platforms and EVPN-VXLAN (spine-leaf) scenario, the QFX10000 spine switches are configured with VXLAN Layer3 gateway (utilizing the virtual-gateway) on an IRB interface, if enabling and then subsequently remove the VXLAN L3 gateway on this IRB interface on one or some of these spine switches, traffic drop might be observed. If all virtual-gateways are configured with an unique v4 or v6 mac-address, this issue would not happen. This is also the workaround.
PR Number	Synopsis	Category: Enhanced Broadband Edge support for firewall
1463420	The subscribers might not pass traffic after doing some changes to the dynamic-profiles filter Product-Group=junos	On MX platform, with enhanced subscriber enabled, if doing some changes to a dynamic-profiles filter, the subscribers built on the filter might no longer forward traffic.
PR Number	Synopsis	Category: SRX1500 platform software
1452137	Hardware failure is seen on both nodes in show chassis cluster status. Product-Group=junosvae	On the SRX1500 and SRX4xxx platforms, the management interface fxp0 down triggers a major alarm and cause hardware monitoring in jsrpd.
PR Number	Synopsis	Category: PTX Express ASIC interface
1412126	PTX interface stays down after maintenance Product-Group=junos	On PTX3000/PTX5000 linecard (QSFP28-100GBASE-LR4) interface may stay down after software upgrade. Issue is usually observed on links connected to another vendors equipment.
PR Number	Synopsis	Category: idp flow creation, deletion,notification, session mgr intfce
1444043	SNMP queries might cause commit or show command to fail due to IDP. Product-Group=junos	On SRX Series devices, commit or show command for IDP might not work if SNMP queries are run when large-scale IDP is used.
PR Number	Synopsis	Category: IDP policy
1420787	NSD fails to push security zone to the Packet Forwarding Engine after reboot, if there is an active IDP rule configured with FQDN. Product-Group=junos	NSD fails to push security zone to PFE after reboot, if there is active IDP rule configured with FQDN
PR Number	Synopsis	Category: Signature Database
1466283	Updating the IDP security package offline might fail in SRX Series devices. Product-Group=junos	Rogue .gz files in /var/tmp/sec-download/ might fail offline secpack update.
PR Number	Synopsis	Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1463368	JDI-RCT:ACX/AMX:MemLeak:Backport jemalloc profiling CLI support to all releases where jemalloc is present. Product-Group=junos	Backport jemalloc profiling CLI support to all releases where jemalloc is present.
PR Number	Synopsis	Category: Inline NAT PRs for defect & enhancement requests
1446267	The static route for NAT might never come up if switchover the service interface which has NAT and GR configuration Product-Group=junos	On MX platform, when switchover a service interface that has NAT and GR configuration, the static route for NAT might never come up.
PR Number	Synopsis	Category: Kernel software for AE/AS/Container
1474300	A newly added LAG member interface might forward traffic even though its micro BFD session is down Product-Group=junos	On all Junos platforms, if a static Link Aggregate Group (LAG) is configured, and Bidirectional Forwarding Detection (BFD) is enabled on the LAG which is also called as micro BFD, a newly added member link might start to forward traffic immediately when the configuration change commits even though its micro BFD session is still down, for example, add a new member interface only on single end, and the remote member interface is disabled or not added. Therefore, traffic loss might be seen due to this issue.
PR Number	Synopsis	Category: Optical Transport Interface
1467712	"MIC Error code: 0x1b0002" alarm might not be cleared for MIC on MPC5E when the voltage has returned to normal Product-Group=junos	The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC5.
PR Number	Synopsis	Category: Integrated Routing & Bridging (IRB) module
1484964	VLAN creation failure might be seen on QFX-series platforms with scaled VLAN and L3 configuration Product-Group=junos	On QFX platforms with scaled VLAN and L3-interface configuration setup, when the VLANs are deleted and added back quickly, the newer VLANs might not get created successfully.
PR Number	Synopsis	Category: ISIS routing protocol
1455432	The rpd might crash continuously due to memory corruption in ISIS setup Product-Group=junos	With ISIS configured and in a very rare case, memory corruption may occur, this may cause rpd crash continuously.
PR Number	Synopsis	Category: jdhcpd daemon
1442222	The jdhcpd process might go into infinite loop and cause 100% CPU usage Product-Group=junos	When DHCP is configured, if subscribers are moved from one routing-instance to another or if the subscribe is deleted and re-added, the jdhcpd process might go into infinite loop and cause 100% CPU usage.
1459925	DHCP packet might not be processed correctly if DHCP option 82 is configured Product-Group=junos	In Dynamic Host Configuration Protocol (DHCP) scenario, an zero length sub-option of the option 82 in DHCP DISCOVER message might not be processed correctly causing other DHCP options from DHCP DISCOVER message to be mis-processed as well. This issue has service impact.
1464267	The repd process is not working in Junos releases 18.2R3-S1 and 18.2R2-S5 on some low-end Junos platforms Product-Group=junos	In Junos releases 18.2R3-S1 and 18.2R2-S5, on some low-end Junos platforms which have only 4G RAM (Random Access Memory ) memory or smaller (e.g. all low-end SRX), the repd process is not working. The issue results in the subscriber services like DHCP (Dynamic Host Configuration Protocol), authentication can't be synchronized to the standby RE (Routing engine). In this case, if upgrade/GRES (Graceful Routing Engine Switchover) is performed, the synchronization between the REs via the repd process fails, which results in subscriber services like DHCP, authentication can't work on the new RE after the upgrade/GRES. There is no restoration for the repd process. However, the service affected by the repd synchronization can be recovered by restart the service or reboot the device.
1465964	The ISSU might fail during subscriber inflight login is happening Product-Group=junos	On the MX platform with the DHCP subscriber scenario, if subscriber logging in is happening during the ISSU process, the ISSU failure might be observed.
PR Number	Synopsis	Category: Adresses ALG issues found in JSF
1474942	The flowd or srxpfe process might stop when an ALG creates a gate with an incorrect protocol value. Product-Group=junos	On SRX chassis clusters, when an ALG creates gate with incorrect protocol value, the flowd/srxpfe process might crash on one node. This issue might happen in the situation that an ALG receives a corrupted RTO message on secondary node. It might affect the traffic.
1483834	FTPS traffic might get dropped on SRX/MX platforms if FTP ALG is used Product-Group=junos	On SRX/MX platforms with FTP ALG enabled, if there are more than one FTPS connection between a pair of FTP client and server, the closure of one connection might cause other connections between that pair of FTP client and server to be affected, hence there might be traffic impact. It is a rare timing issue.
PR Number	Synopsis	Category: Adresses NAT/NATLIB issues found in JSF
1471932	The flowd or srxpfe process might stop when traffic is processed by both ALGs and NAT. Product-Group=junos	The flowd or srxpfe process might stop when traffic is processed by both ALGs and NAT.
PR Number	Synopsis	Category: To track issues related to jsf tcp proxy
1467351	The jbuf process usage might increase up to 99 percent after Junos OS upgrade. Product-Group=junos	An SRX's jbuf usage may become higher after a Junos upgrade, resulting in warning logs and possible jbuf exhaustion. This may lead to traffic loss.
PR Number	Synopsis	Category: Firewall Authentication
1457570	The same source IP sessions are cleared when the IP entry is removed from the UAC table. Product-Group=junos	Same-source IP sessions are cleared when the IP entry is removed from the UAC table.
PR Number	Synopsis	Category: Flow Module
1462825	The tunnel packets might be dropped because gr0.0 or st0.0 interface is wrongly calculated after a GRE or VPN route change Product-Group=junos	On SRX Series device, MTU is wrongly calculated in a gr0.0 or st0.0 interface after a GRE or VPN route change. If the command do-not-fragment is configured and the packet is bigger than the MTU, the packet might be dropped.
PR Number	Synopsis	Category: High Availability/NSRP/VRRP
1468441	IP monitoring might fail on the secondary node. Product-Group=junos	IP-monitoring might stop working on secondary node when many instances of IP monitoring are configured on RG(redundancy group)/ RETH(Redundant Ethernet interface). If primary node goes down, failover will not happen which might cause traffic loss.
PR Number	Synopsis	Category: JSR Infrastructure
1450545	Traffic loss might occur when there are around 80,000 routes in FIB. Product-Group=junosvae	On SRX1500 platform, when there are around 800K routes in forwarding information base (FIB), traffic loss might occur and abnormal error messages of some CLI commands would appear due to lack of memory on packet forwarding engine (PFE). This issue has traffic impact.
PR Number	Synopsis	Category: Firewall Network Address Translation
1443345	On SRX5000 line of devices with SPC3 card, when using source NAT, under high traffic load, a small fraction of TCP-SYN packets may be dropped due to the source NAT port failing to be allocated. Also, the NAT pool resources may leak over time. Product-Group=junos	In SRX5K cluster environment, when using source NAT, after RG1 failover, a small fraction of TCP-SYN packets might be dropped due to the source NAT ports failing to be allocated, and the NAT pool resource may leak over time. If all NAT pool resource leaked, new NAT session cannot be installed.
1457904	Packet loss is observed when multiple source NAT pools and rules are configured Product-Group=junos	On the SRX5000 platforms with SPC2 installed, the device may experience packet loss or a flowd coredump when multiple source NAT pools and rules are configured.
1479824	Issuing the show security nat source paired-address command might return an error. Product-Group=junos	On the SRX series platforms with source NAT configuration, issuing the command "show security nat source paired-address ..." may return an error, which is not expected. It's a corner case, and not reproduced all the time.
PR Number	Synopsis	Category: Firewall Policy
1453852	Security policies cannot synchronize between Routing Engine and Packet Forwarding Engine on SRX Series devices. Product-Group=junos	On all SRX platforms, in a very rare condition, security policies do not be synchronized between RE and PFE. This issue might cause traffic loss.
1471621	The count option in security policy does not take effect even if the policy count is enabled. Product-Group=junos	On SRX Series devices that have a security policy counter deployed, the count option in the security policy might not work. As a result, issuing show security policies <> detail might not print traffic statistics for the security policy.
PR Number	Synopsis	Category: IPSEC/IKE VPN
1405840	The IKE and IPsec configuration under groups is not supported. Product-Group=junos	On SRX5400, SRX5600, SRX5800 devices with SPC3, occasionally, if an IKE or IPSec configuration (under groups hierarchy) change is done for one IKE gateway, the tunnel may be cleared for unrelated IKE/IPSec gateway.
1421905	The VPN tunnel might flap when IKE and IPsec rekey happen simultaneously. Product-Group=junos	The VPN tunnel might flap in a corner case scenario (when IKE and IPsec rekey happen simultaneously).
1423821	Old tunnel entries might be observed in the output of show security IPsec or IKE SA. Product-Group=junos	On SRX and MX platforms, old tunnel entries might be observed in the output of show security IKE/IPSEC security-associations after the IKE gateway configuration changes and new SA session is established. There is minor impact as old tunnel entries are getting deleted after 1-2 mins interval. No impact on traffic.
1433343	IPSec rekey trigger does not work when sequence number gets exhausted on SRX5K platforms with SPC3/SPC2 Product-Group=junos	On SRX5400, SRX5600 or SRX5800 with SPC3/SPC2, if traffic goes through an IPSec tunnel and sequence number gets exhausted in packets, it does not trigger IPSec rekey to generate new SA. IPSec traffic might be dropped due to anti replay window mismatch.
PR Number	Synopsis	Category: Security platform jweb support
1464110	IPv6 address objects containing a,b,c,d,e can't be configured via J-Web Product-Group=junos	When configuring IPv6 address objects under Configure>Security>Objects>Zone Addresses>Addresses/Address-sets via J-web, address objects containing a,b,c,d,e can't be configured. The issue might impact IPv6 service deployment. Please configure address objects containing a,b,c,d,e via CLI command to avoid this issue.
PR Number	Synopsis	Category: issues related to RPD sensors including LSP
1449837	Changing the hostname will trigger lsp on -change notification, not an adjacency on-change notification. Also, currently ISIS is sending host-name instead of system-id in OC paths. Product-Group=junos	Currently ISIS is sending system host-name instead of system-id in OC paths in lsdb or Adjacency xpaths in periodic streaming and on-change notification.
PR Number	Synopsis	Category: Layer 2 Circuit issues
1464194	The l2circuit connections might be stuck in OL state after changing the l2circuit community and flapping the primary LSP path Product-Group=junos	In l2circuit scenario with community configured, when the community for l2circuit is changed from X to Y to go via a different LSP, the l2circuit connections might be stuck in "OL" state if there is a flap in the primary LSP path.
PR Number	Synopsis	Category: Layer 2 Control Module
1469635	Memory leak on l2cpd process might lead to l2cpd crash Product-Group=junos	On all Junos platforms with l2cpd (Layer-2 control protocols) daemon, committing configuration changes which are processed by l2cpd (e.g., flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, family ethernet-switching) might cause marginally memory leak. Committing the l2cpd processed configuration changes in a successive manner might cause the memory resource exhaustion (Some operations have the same effect as the committing action, e.g., bouncing a vlan-tagged interface in a successive way). Eventually, it could result in the l2cpd process crash.
1473610	ERP might not come up properly when MSTP and ERP are enabled on the same interface Product-Group=junos	When both MSTP and ERP are enabled on the same interface, then ERP will not come up properly.
PR Number	Synopsis	Category: Layer2 forwarding on EX/NTF/PTX/QFX
1468732	MAC address might not be learned on a new extended port after VMotion in Junos Fusion Data Center environment. Product-Group=junos	In Junos Fusion Data Center environment, when a VM is moved from one satellite port to another using VMotion, MAC address of VM might not move to new satellite port in Aggregate Device's switching table.
1484468	Packet loss might be observed after device rebooted or l2ald restarted in EVPN-MPLS scenario Product-Group=junos	In EVPN-MPLS scenario, if the core-facing interface (mpls interface) and the CE-facing interface are on different PEs, and the traffic from core is not continuous and DMAC (Dynamic MAC) ages out, due to an incorrect flood next-hop programming across different PFEs, packet loss might be observed after device rebooted or l2ald restarted.
PR Number	Synopsis	Category: L2TP service related issues
1472775	MX L2tp LTS fails to forward the agentCircuitId and agentRemoteId AVP towards the LNS Product-Group=junos	MX L2tp LTS fails to forward the agentCircuitId and agentRemoteId AVP received from the LAC towards the LNS.
PR Number	Synopsis	Category: Label Distribution Protocol
1428843	The LDP might withdraw a label for an FEC once the IGP route is inactive in inet.0 Product-Group=junos	If LDP is used without using egress-policy, when the route from other routing protocol is preferred over the IGP route in inet.0, e.g. BGP-LU route exported in inet.0, LDP might withdraw the FEC label hence causing LDP traffic to get lost.
PR Number	Synopsis	Category: mc-ae interface
1447693	The l2ald might fail to update composite NH Product-Group=junos	This is a timing issue where the l2ald receive underlay NH from rpd as part of LSI IFF ADD (VPLS core NH) and creates flood NH. Due to a flap at local IFL or core (VPLS etc.), the l2ald receives multiple LSI IFF Add and Delete in some order. In some sequence where rpd delete underlay NH from Kernel Forwarding table but the l2ald still create flood NH with this underlay NH, because IFF delete is yet to be received at the l2ald, so l2ald might fail to update Composite NH. This is generic L2 issue and can happen without mc-ae.
PR Number	Synopsis	Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS)
1429797	Extended Ukern thread(PFEBM task) priority to support BBE performance tuning Product-Group=junos	Original PFEBM task, which is system-critical for internal network performance/resilience, was running a medium priority; Can see tnp queue errrors by 'show pfebm all' on VCP-bearing FPC when high rate of punt traffic (like ARPs or BGP route updates, etc.) which go through VC links. It needs to run at high priority to assure timely packet handling.
PR Number	Synopsis	Category: Multiprotocol Label Switching
1445024	The rpd memory leak might be seen when the inter-domain RSVP LSP is in down state Product-Group=junos	In inter-domain RSVP (Resource Reservation Protocol) LSP (Label-switched Path) scenario, the rpd memory leak might be seen when the CSPF (Constrained Shortest Path First) tries to recompute the path for the "down" LSP which is due to no route or ERO is incorrectly configured. The issue might lead to rpd crash when the rpd is out of memory and results in traffic loss.
1465902	The device may use the local-computed path for the PCE-controlled LSPs after link/node failure Product-Group=junos	In a Path Computation Element Communication Protocol (PCEP) scenario where the link/node protection is enabled, the PCE-controlled LSPs may shift to the local-computed path after link/node failure upon path retry processing.
PR Number	Synopsis	Category: Multicast Routing
1443713	PIM (S,G) joins can cause MSDP to incorrectly announce source active messages in some cases Product-Group=junos	In the event of a network running: 1) a first-hop PIM router also being a rendez-vous point (RP); and 2) anycast RP in conjunction with MSDP; and 3) any-source multicast; and 4) a PIM last-hop router sending an (S,G) join when there is no traffic in the network matching the source and group, the first-hop RP will incorrectly send MSDP source-active messages to other MSDP peers. In other cases such as when the RP is not the first-hop PIM router, the traffic source needs to originate packets before the RP would originate MSDP source-active messages.
1470183	The mcsnoopd might crash when the STP moves the mrouter port to the blocked state Product-Group=junos	On ACX, EX, QFX, NFX and SRX platform, when IGMP snooping is enabled and a logical interface (IFL) of mrouter port is in blocked state by Spanning Tree protocol (STP), removal of the IFL might get stuck in Kernel routing table (KRT), which causes mscnoopd crash. Traffic loss will happen during mscnoopd self-restart.
PR Number	Synopsis	Category: Multicast for L3VPNs
1442054	Memory leak might happen if PIM messages received over an MDT (mt- interface) in Draft-Rosen MVPN scenario Product-Group=junos	On all Junos platforms configured in the Draft-Rosen Multicast Virtual Private Network (MVPN) scenario, if Protocol Independent Multicast (PIM) messages are received over an Multicast Distribution Tree (MDT) tunnel logical interface (mt- interface), there might be memory leak which will lead to the rpd process crash.
1469028	The rpd might crash when "link-protection" is added/deleted from LSP for MVPN ingress replication selective provider tunnel Product-Group=junos	In MVPN scenario with ingress replication selective provider tunnel used, if the knob "link-protection" is added/deleted from the LSP for MVPN, rpd crash might be seen. The reason is that when link-protection is deleted, the ingress tunnel is not deleted, and when link link-protection is added back, it tries to add same tunnel, hence the rpd asserts as same tunnel exists. Finally the rpd core might be seen.
PR Number	Synopsis	Category: Track Mt Rainier SPMB platform software issues
1460992	Hardware failure in CB2-PTX causes traffic interruption Product-Group=junos	In PTX 3000/5000 platforms with CB2-PTX (Control Board), there is an existence of an errata on a clock signal component manufactured by a third-party supplier, which might cause the Switch Processor Mezzanine Board (SPMB) and Switch Interface Boards (SIBs) failure, eventually, traffic will be interrupted.
PR Number	Synopsis	Category: build tools
1290089	jcrypto syslog help package and events are not packaged even when errmsg is compiled Product-Group=junos	jcrypto syslog help package and events are not packaged even when errmsg is compiled properly. Several of the KMD help syslog entries are missing
PR Number	Synopsis	Category: FreeBSD Kernel Infrastructure
1427233	The duplex status of management interface might not be updated in the output of show command Product-Group=junos	On all Junos platforms that are upgraded to Junos OS Release 15.1 onward, when the duplex setting is changed on the management interface (for example, fxp0/em0), the duplex status of the management interface might not be updated in the output of the "show interface <>".
1442376	EX2300 platforms might stop forwarding traffic or responding to console Product-Group=junos	On EX2300/EX2300-C platforms, if Junos OS is with FreeBSD kernel version 11 with the build date on or after 2019-02-12, the switch might stop forwarding traffic or responding to console. A reboot is required to restore the service.
1450093	EX4300 : CLI config "on-disk-failure" is not supported Product-Group=junos	On an EX4300 switch, the CLI configuration "set chassis routing-engine on-disk-failure disk-failure-action (reboot | halt)" is not supported.
1454950	EX switches might not come up properly upon reboot Product-Group=junos	EX switches might not come up properly upon reboot due to the date not been set up.
1469400	EX3400 might reboot because of lack of watchdog patting Product-Group=junos	On EX3400, if watchdog pat did not happen within stipulated time and it might reboot automatically with "0x2:watchdog" as reboot reason.
PR Number	Synopsis	Category: Kernel MPLS / Tag / P2MP Infrastructure
1478806	Kernel crash and device restart might happen Product-Group=junos	In a corner case on Junos platform, where the family ccc is configured along with any other existing family within the same interface, like inet, inet6, etc. (basically, Junos never allows to do so, but somehow a customer did it ). And if the family ccc is deleted from the interface, which might cause kernel crash and the device reboot automatically, so all the traffic will be interrupted.
PR Number	Synopsis	Category: Kernel socket data replication issues for protocols that use
1472519	The kernel may crash and vmcore may be observed after configuration change is committed Product-Group=junos	On all Junos platforms, after committing the configuration change (e.g. removal of protocols like mpls, isis, ldp from the interfaces), then the kernel may crash and vmcore may be observed. This issue also may cause protocol adjacency failure.
PR Number	Synopsis	Category: TCP/UDP transport layer
1449664	FPC might reboot with vmcore due to memory leak Product-Group=junos	On all Junos platforms, if the device is up for a long period (e.g. several weeks or months), there might be a slow memory leak happening in some error scenarios where an application tries to send some data on a stale TCP socket (e.g. short-lived TCP connections used by the mgd process), and this issue might lead to FPC reboot with vmcore files.
PR Number	Synopsis	Category: OSPF routing protocol
1444728	The rpd crash might be seen after configuring OSPF nssa area-range and summaries Product-Group=junos	In the scenario of running OSPF, if nssa area-range and summaries are configured, the rpd crash may occur and traffic may be lost.
1463535	Install all possible next-hops for OSPF network LSAs Product-Group=junos	For each network lsa, OSPF code fetches the first router lsa link and adds the only one candidate as route. Now the code is updated to fetch all the router lsa link, present in network lsa.
PR Number	Synopsis	Category: PTX Broadway based PFE MPLS-LSPs RSVP VPNs tcc ccc software
1484255	FPC might crash when dealing with invalid next-hops Product-Group=junos	On PTX3000/PTX5000 platform with some specific FPCs, if the weights of links are set to an invalid value on an AE bundle interface or unilist (an unilist next-hop composed of several unicast next-hops), the FPC crash might be observed. It is a rare issue and the FPC will try to reload to resolve this problem. Traffic loss might be seen before the FPC completes the reload period.
PR Number	Synopsis	Category: Periodic Packet Management Daemon
1448670	The connection between ppmd (RE) and ppman (FPC) might get lost due to session timeout Product-Group=junos	Under certain circumstances such as JUNOS VM freeze at the Routing Engine, ppmd to ppman connection might be closed if the session timeout is greater than 3 seconds in either direction. This might lead to flapping of distributed ppm protocol adjacency such as lacp/mBFD.
PR Number	Synopsis	Category: PTP related issues.
1408178	QFX5k : Transit traffic loss when one of LAG child interfaces deleted or deactivated Product-Group=junos	Traffic does not pass through LAG interface on QFX5k once deleted or deactivated one of child interfaces though LAG interface is UP state. At that time, invalid vlan tag will be added to traffic.
PR Number	Synopsis	Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1462582	"entPhysicalTable" MIB is not fetching expected data on QFX10002-72Q / 36Q platforms Product-Group=junos	"entPhysicalTable" MIB is not fetching expected data on QFX10002-72Q / 36Q platforms
1462582	"entPhysicalTable" MIB is not fetching expected data on QFX10002-72Q / 36Q platforms Product-Group=junosvae	"entPhysicalTable" MIB is not fetching expected data on QFX10002-72Q / 36Q platforms
PR Number	Synopsis	Category: Interface related issues. Port up/down, stats, CMLC , serdes
1440062	The EX4600/QFX5100 VC might not come up after replacing VC port fiber connection with DAC cable Product-Group=junos	On the EX4600/QFX5100 virtual chassis scenario, the VC may split after replacing VC port fiber connection with DAC cable.
1449406	CRC error might be seen on the VCPs of the QFX5100 VC Product-Group=junos	In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC.
1449406	CRC error might be seen on the VCPs of the QFX5100 VC Product-Group=junosvae	In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC.
1465302	The physical interface of AE (Aggregated Ethernet) might take time to come up after disable/enable Product-Group=junos	On Junos platforms, the physical interface of AE might come up after a long delay (4 mins) if there are millions of bgp routes learnt on the device. This delay is happening because PFE Manager thread is busy processing the routing updates from RE. These routing updates are the result of AE interface going down at the first step of disabling the interface.
PR Number	Synopsis	Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1409448	The 10G fiber interfaces might flap frequently when they are connected to other vendor's switch Product-Group=junos	When QFX5100 and other vendor's switch are connected via 10G fiber link, flaps may happen sometimes.
1419732	"show interface" indicates "Media type: Fiber" on QFX5100-48T running "QFX 5e Series" image Product-Group=junos	"show interface" indicates "Media type: Fiber" on QFX5100-48T running "QFX 5e Series" image. This is a display issue. Physical interface: xe-0/0/0, Enabled, Physical link is Down Interface index: 650, SNMP ifIndex: 515 Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Link-mode: Auto, Speed: Auto, BPDU Error: None, Loop Detect PDU Error: None, Ethernet-Switching Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Auto-negotiation: Disabled, Remote fault: Offline, Media type: Fiber <<<<<< Here!! Should be "Copper" Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x4000 Link flags : None
1454527	Dcpfe should crash because usage of data is not NULL terminated on QFX5K Product-Group=junosvae	The dcpfe crash is due to usage of data which is not NULL terminated on QFX5K.
1457456	Over temperature SNMP trap messages are shown up after update even though the temperature are within the system thresholds Product-Group=junos	EX2300 and QFX series switches generate SNMP trap for high temperature after upgrading to any of the affected Junos software. This is due to a temperature threshold value being set incorrectly in the software, SNMP false trap related to temperature gets generated and results in "over temperature" logs.
1465183	PEM is not present spontaneously on QFX5210 Product-Group=junosvae	On QFX5210 platforms, due to a firmware issue on the power supplies (PEMs) of the switch, the routing engine may spontaneously misread the status registers of a power supply. This produces erroneous messages of PEM not present. Although the power supply is present and can deliver power, the system may then deactivate the power supply believing it not to be present.
1466810	EPR iCRC errors in QFX10000 series platforms might cause protocols down Product-Group=junos	EPR iCRC errors in QFX10000 series platforms might cause protocols down. FPC will be in wedged state and will not pass traffic on that PFE if hitting this issue. EPR iCRC errors are normal and caused by transient hardware conditions. EPR iCRC errors are not expected to impact the protocols, and only one CRC failed packet will be dropped. But due to incorrect handling of this error, it affects protocols and causes FPC wedge.
1471216	The speed 10m might not be configured on the GE interface Product-Group=junos	On QFX5100 and EX4300 mixed-mode Virtual Chassis, the speed 10m might not be configured on the GE interface.
PR Number	Synopsis	Category: QFX platform optics related issues
1457266	QFX5110 QSFP-100GBASE-SR4 made by Avago cannot linkup Product-Group=junos	On QFX5110, interface on QSFP-100GBASE-SR4 whose Xcvr vendor is Avago on the QFX side cannot linkup, FEC errors might be seen on the other side.
PR Number	Synopsis	Category: QFX access control list
1464883	QFX5100-24Q: not able to apply dscp rewrite to firewall filter to a Layer 3 subinterface (e.g. xe-0/0/0.100) Product-Group=junos	When you try to apply a firewall filter that contains a "then dscp" action to a Layer 3 inet subinterface, you will get an error when trying to commit. Applying the same filter to an IRB interface succeeds as does applying the same filter to a Layer 3 subinterface on QFX5100-48S.
PR Number	Synopsis	Category: QFX PFE Class of Services
1468033	Ingress drops to be included at CLI from interface statistics and added to InDiscards Product-Group=junos	In QFX5000 platforms, as Ingress buffer drops (InDiscards) field is not presented the output of "show interfaces extensive x-x/x/x". This change added ingress buffer drops counters.
PR Number	Synopsis	Category: DHCP related Issues
1459499	The lightweight DHCPv6 relay agent functionality might be broken on QFX5K platforms Product-Group=junos	On QFX5K platforms, the Lightweight DHCPv6 Relay Agent (LDRA) functionality might be broken. Due to this issue, when light-weight-dhcpv6-relay is configured under dhcp-security hirachy, dhcp-security ipv6 binding might be stuck at "WAIT" state and get cleared later.
PR Number	Synopsis	Category: Filters
1462594	The fxpc process might core-dump when changing MTU in a VXLAN scenario with firewall filters applied on QFX5K platforms Product-Group=junos	On the QFX5K VC/VCF platform with firewall filters applied on VXLAN enabled interface, the fxpc process might crash when changing MTU for the interface.
1480776	ARP request packets for unknown host might get dropped in remote PE in EVPN-VXLAN scenario Product-Group=junos	In EVPN-VXLAN environment, when local CE sends ARP request packets for unknown host, the packets will hit firewall-host queue in remote PE. It might trigger DDoS protection policer violations for firewall-host queue hence the ARP request packets might get dropped.
PR Number	Synopsis	Category: for all ipv6 related issues
1459759	The fxpc process might crash due to several BGP IPV6 session flaps Product-Group=junos	On QFX5100 and EX4600 platforms, the fxpc (packet forwarding engine manager) process might crash when multiple BGP IPV6 sessions (for instance around 500) are flapped and then restored at the same time.
PR Number	Synopsis	Category: QFX L2 PFE
1473685	The RIPv2 packets forwarded across a L2circuit connection might be dropped Product-Group=junos	When RIPv2 routes are received on a QFX5100/EX4600 platforms, either to or from an L2 circuit connection, such packets are not propagated. This includes directed unicast RIPv2 packets.
1474545	Continuous error log messages might be raised on QFX5K platforms in EVPN/VXLAN scenario Product-Group=junos	In EVPN-VXLAN scenario, when an SP style interface is configured both with native-vlan-id and LLDP on QFX5000 platforms, continuous log messages might be observed.
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1456336	Link up delay and traffic drop might be seen on mixed SP L2/L3 and EP L2 type configs Product-Group=junos	This PR includes three issues. First one: When Layer3 IFL (logical interface) is configured first and then Layer2 IFL is configured, MAC move might not happen. Second one: On Vxlan setup with large number of child interfaces, link up delay is seen. Third one: In case of VLAN setup with Enterprise/Service Provider L2 and L3 type configs, when all the configs are done in single commit statement then the traffic might not be forwarded.
PR Number	Synopsis	Category: QFX MPLS PFE
1469998	If continuous interface flaps at ingress/egress of PE devices, IP routed packets might be looped on the MPLS PHP node Product-Group=junos	On QFX5K platform, when MPLS node-link-protection is configured on all nodes (PE and P device), the IP routed packets might be looped on the MPLS PHP node (P device) if continuous interface flaps at ingress/egress of PE devices.
1474935	L2circuit might fail to communicate via VLAN 2 on QFX5K platforms Product-Group=junos	On QFX5K platforms acting as L2circuit PE (tunnel terminating node), if VLAN 2 is used for L2circuit communication with CE node, the VLAN 2 packets might be dropped on PE.
PR Number	Synopsis	Category: QFX EVPN / VxLAN
1463939	JDI-RCT : QFX 5100 VC/VCF : Observing Error BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: while cleanup Evpan-VxLAN configs with Mini-PDT base configurations Product-Group=junos	On QFX5100, Error BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: may come while cleanup Evpn-VxLAN configs. These are harmless messages.
PR Number	Synopsis	Category: QFX VC Infrastructure
1465196	A 10G interface might not come up on QFX5100-48T switches or negotiate at speed 1G when connected with Broadcom 57800-T daughter card Product-Group=junos	On QFX5100-48T, the 10G interface might not come up or negotiate at the speed of 1G with Broadcom 10G 57800-T daughter card. In the issue state, speed will be set to 1G which might make the interface down and result in traffic impact.
1478905	The default VC MAC persistence timer is incorrectly set to 20 seconds instead of 20 minutes Product-Group=junos	In QFX5200-32C, QFX5110 VC (Virtual Chassis) scenario, the default VC MAC (Media Access Control) persistence timer is incorrectly set to 20 seconds instead of 20 minutes. If the master VC member is rebooted, the new master member starts using its own MAC address as the system's MAC base address after only 20 seconds instead of 20 minutes. This results in issues like OSPF (Open Shortest Path First) stuck in "init" state after the master VC member reboot.
PR Number	Synopsis	Category: QFX VCCP
1454343	Master FPC might come up in master state again after reboot instead of backup Product-Group=junos	In QFX5110-32Q VC with 100G VCP links, if the master switch with the lowest MAC address reboot, it might come up in the master state again instead of backup. This can have outage around ten minutes and packets loss.
PR Number	Synopsis	Category: Routing Information Protocol
1485009	The rpd crashes if the same neighbor is set in different RIP groups Product-Group=junos	If the same neighbor is configured under different RIP groups, the commit check fails to capture this invalid configuration and commit can be done successfully. However the rpd will crash.
PR Number	Synopsis	Category: rosen-6 and rosen-7 mvpn bugs
1405887	The CLI command "show pim mdt data-mdt-limit instance " with family option might cause CPU usage of rpd high Product-Group=junos	In draft-rosen MVPN scenario with data-mdt, if performing the CLI command "show pim mdt data-mdt-limit instance ", The output might go in loop and the rpd process might use high CPU.
PR Number	Synopsis	Category: KRT Queue issues within RPD
1402569	JUNOS rpd core seen after couple of config rollback event from baseline config to pdt profile config Product-Group=junos	JUNOS RPD core seen after multiple configuration rollback events from baseline config to configuration with large BGP+IGP configuration. In certain events, a change in import policy or resolution rib at the same time when BGP peer is shutting down can cause inconsistencies in Next-Hop entries, in causing RPD process coredump.
PR Number	Synopsis	Category: RPD Next-hop issues including indirect, CNH, and MCNH
1441550	The rpd may crash or consume 100% of CPU after flapping routes Product-Group=junos	When flapping the existed flood nexthop type routes, it may cause rpd crash or consume 100% of CPU. This issue may cause routing protocols sessions/neighbors flap or traffic loss.
PR Number	Synopsis	Category: RPD policy options
1453439	Routes resolution might be inconsistent if any route resolving over the multipath route Product-Group=junos	On all Junos platforms, any route resolving over the multipath routes, one scenario is BGP over BGP. After the metric value of any PNH (refers to the second PNH and using it to performing the second time next-hop resolving) changes, meanwhile, if the hash-selection changes happened, it might result in routes resolution inconsistency. Traffic drops could be observed if the packages are still forwarding to the old PNH (Protocol Next Hop). Any recursive resolving multipath scenario might trigger this issue.
1476530	Support for dynamic tunnels on SRX Series devices was mistakenly removed. Product-Group=junos	Support for dynamic-tunnels on SRX-Series devices was mistakenly removed.
PR Number	Synopsis	Category: RPD route tables, resolver, routing instances, static routes
1459384	The rpd memory leak might be observed on backup routing engine due to BGP flap Product-Group=junos	In a BGP scenario when certain routes are flapping frequently, it could lead to rpd memory leak on backup Routing Engine. The rpd might crash and restart once the rpd runs out of memory for certain junos releases.
PR Number	Synopsis	Category: show route table commands, tracing, and syslog facilities
1421076	RPD crash might occur when changing prefix list address from IPv4 to IPv6 Product-Group=junos	RPD crash might occur when changing prefix list address from IPv4 to IPv6 Configure IPv4 prefix-list: set policy-options prefix-list PREFIX_LIST 10.0.0.0/24 Configure a policy that has "then next policy" term: set policy-options policy-statement POLICY term PREF from prefix-list PREFIX_LIST set policy-options policy-statement POLICY term PREF then next policy set policy-options policy-statement POLICY term END then reject commit Note: If a terminating action is used for term PREF (such as "then accept"/"then reject") the core does not appear. Change prefix-list using "replace-pattern" [edit policy-options prefix-list PREFIX_LIST] replace pattern 10.0.0.0/24 with 2001:10::/64 commit RPD crash occurs
1442542	EVENT UpDown interface logs are partially collected in syslog messages Product-Group=junos	When multiple interfaces UpDown event happens, a number of interfaces are not logged the event but partial logs are recorded in messages file.
PR Number	Synopsis	Category: multicast source distribution protocol
1454244	The rpd memory might leak in a certain MSDP scenario Product-Group=junos	In the Multicast Source Discovery Protocol (MSDP) scenario, where the router acts as both Rendezvous Point (RP) and First Hop Router (FHR), connecting to another RP in its AS with a logical loop topology, due to this special setup, it might cause a source-active (SA) message continuously to loop and eventually causes the rpd memory leak.
PR Number	Synopsis	Category: Resource Reservation Protocol
1359087	The FPC might be stuck in 'Ready' state after applying a configuration change that will remove RSVP and trigger FPC restart Product-Group=junos	When 'tunnel-services' is configured under 'chassis fpc <> pic <>', the vt-x/y/z physical interface (IFD) is created for the corresponding FPC. If 'protocols rsvp' is configured, RSVP will create a default vt-x/y/z.u logical interface (IFL) under the corresponding vt-x/y/z IFD. After applying a configuration change that will remove RSVP and trigger FPC restart, the vt-x/y/z.u IFL is not cleaned up due to a code issue. Hence the corresponding vt-x/y/z IFD cannot be cleaned up during the corresponding FPC coming up. The IFD cleaning keeps retrying which cause the corresponding FPC to be stuck in 'Ready' state.
1471281	The rpd crash might be seen after doing some commit operations which could affect RSVP ingress routes Product-Group=junos	On all platforms with BGP PIC configured, if doing some commit operations where RSVP ingress routes are affected, the rpd crash might be seen.
1476773	RSVP LSPs might not come up in scaled network with very high number of LSPs if NSR is used on transit router Product-Group=junos	If NSR is enabled on transit router with scaled RSVP LSPs, RESV message might not be sent from transit router because the path messages replication on master RE does not complete in time. Hence RSVP LSPs might not come up with traffic impact.
PR Number	Synopsis	Category: IPSEC functionality on M/MX/T ser
1477483	On NATT scenario the IKE Version 2 IPsec tunnel might flap if the tunnel initiator is not behind NAT Product-Group=junos	On MX platforms with MS-MPC/MS-MIC card installed and NATT scenario, when the IPsec tunnel initiator is not behind NAT, it might cause IPsec tunnel flapping. It happens in IKEv2 scenario.
PR Number	Synopsis	Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1459306	The traffic might be stuck on MS-MPC/MS-MIC with sessions receiving huge number of affinity packets Product-Group=junos	On MX platforms with MS-MPC/MS-MIC, if there are sessions receiving huge number of affinity packets (e.g. thousands of packets), the service interface might be brought down by the prolonged flow-control, and the mspmand process crash might happen. In this case, the traffic will be stuck due to this issue.
PR Number	Synopsis	Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1425405	The mspmand process might crash and restart with a mspmand core file created after doing a commit change to deactivate and activate service-set Product-Group=junos	On MX-Series platforms with NAT pool PBA (Port Block Allocation) configuration, the mspmand process might crash and restart with a mspmand core file created if a NAT pool PBA configuration is changed. The impact is that it might cause a service traffic loss.
PR Number	Synopsis	Category: SRX Argon module bugs
1455169	The SRX Series devices stop and generate several core files. Product-Group=junos	The SRX device generates a lot of core-dumps when AAMW(advanced-anti-malware) and user-firewall features are used.
PR Number	Synopsis	Category: platform related PRs on SRX branch platforms
1430403	Certain interfaces may drop all unicast traffic when LTE PIM is used. Product-Group=junos	On SRX Series devices with LTE PIM card installed, after committing configuration changes for an interface, certain interfaces may go to problematic state, which results in all unicast traffic loss.
1465199	Static route through dl0.0 interface is not active. Product-Group=junos	On SRX320,SRX345 or SRX550m platforms with LTE Mini-PIM module installed, if configure a static route with the gateway IP address of d10 as next-hop and default route is configured, all traffic destined for the static route will fail to transmit to dl0 interface.
1468430	Tail drop on all ports is observed when any switch-side egress port gets congested. Product-Group=junos	On the SRX300 line of devices with Mini-PIM installed, tail-drop might happen on all ports when the serial egress port gets congested.
PR Number	Synopsis	Category: MPC7/8/9 chassis issues
1437855	The chassisd might crash after enabling hash-key Product-Group=junos	On all Junos platforms, if hash-key is enabled, packets might be dropped due to chassisd crash, including packets on other FPCs on which the hash-key is disabled.
PR Number	Synopsis	Category: MPC7/8/9 Interface Issues
1463015	An interface might get stuck in down state on certain MX platforms Product-Group=junos	The interfaces on certain MX platforms might get stuck in a down state, if the remote interface sends invalid code to the local interface. Link might not come up even after the remote peer has begun sending a good signal.
PR Number	Synopsis	Category: SRX-1RU HA SW defects
1474233	An unhealthy node might become primary in SRX4600 devices with chassis cluster scenario. Product-Group=junos	In the SRX4600 Chassis Cluster scenario, a node might become primary in a failover scenario. This can lead to packet drops.
PR Number	Synopsis	Category: SRX-1RU platfom datapath SW defects
1462610	The srxpfe or flowd process might stop if the sampling configuration is changed. Product-Group=junos	On all SRX platforms, if Jflow is configured and there is a sampling configuration change, the srxpfe/flowd process might crash. This is a corner issue. It might cause traffic loss.
PR Number	Synopsis	Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1397628	The PPPoE subscribers are unable to reconnect after FPC reboot Product-Group=junos	In the scale subscribers management environment, the PPP inline keepalives don't work after all the AE (Aggregate Ethernet) member link line cards reboot. This issue may cause the PPPoE subscribers are unable to reconnect.
1476786	Traffic loss may be observed to the LNS subscribers in case the "routing-service" knob is enabled under the dynamic-profile Product-Group=junos	On the MX platforms working in an enhanced subscriber environment, if the "routing-service" knob is enabled under the dynamic-profile for the LNS subscribers, l2tp services may not be programmed properly in the PFE due to timing, which causes forwarding issue to the affected subscribers.
PR Number	Synopsis	Category: Trio pfe bridging, learning, stp, oam, irb software
1468663	JNH memory leaks might be seen after CFM session flap for LSI/VT interfaces Product-Group=junos	JNH memory leak may be seen when CFM session over the VPLS LSI interface/VT interface flaps if mip-half-function is used.
PR Number	Synopsis	Category: Trio pfe l3 forwarding issues
1434980	PFE memory leak might be seen if MLPPP links are flapped Product-Group=junos	On all Trio-based platforms, MLPPP links flap continuously might result in PFE memory exhaustion. Furthermore, the PFE crash might be seen due to running out of memory.
1444186	GRE packets which are larger than MTU get dropped on MX204 platforms when sampling is enabled on the egress interface Product-Group=junos	On MX204 platforms, if GRE packet length exceeds MTU of gr interface and the egress interface is configured with sampling, it might cause GRE packet to be dropped because the reassembled packet's checksum is incorrect.
PR Number	Synopsis	Category: Trio pfe multicast software
1478981	The convergence time for MVPN fast upstream failover might be more than 50ms Product-Group=junos	On MX platforms which act as Next Generation Mulicast Virtual Private Network (NG-MVPN) Provider Edge (PE) routers, if the hot-root-standby and sender-based-rpf features are configured to enable MVPN fast upstream failover, once the primary multicast flow rate falls below the configured "mvpn hot-root-standby min-rate rate" threshold, the egress PE router is supposed to take switchover action from the primary flows to the backup ones, and the covergence time should be within 50 milliseconds. Due to this issue, the covergence time might be more than 50ms and reach up to several seconds (e.g. 2~3s) in a highly scaled scenario (e.g. the number of the multicast groups undergoing the switchover simultaneously is greater than 250 groups). This will result in more traffic loss than expected.
PR Number	Synopsis	Category: Junos Automation, Commit/Op/Event and SLAX
1461021	Modifying the REST configuration might cause the system to become unresponsive. Product-Group=junos	When Representational State Transfer (REST) service configuration is modified, for example the REST service is configured and then deleted for multiple times, the system might become unresponsive, even to SSH and console. This issue has service impact.
PR Number	Synopsis	Category: Configuration management, ffp, load action
1426341	Switch may unable to commit baseline config after zeroize Product-Group=junos	When the OpenConfig package is used (The OpenConfig package became part of image itself from 18.3, prior to 18.3 OpenConfig package is a seperate add-on package), the following switches (EX2200, EX3200, EX3300, EX3400, EX4200, EX4300, EX4500, EX4550, EX4600, QFX3000, QFX3100, QFX3500, QFX3600, QFX5100) may unable to commit baseline config after zeroize.
PR Number	Synopsis	Category: Configuration mgmt, ffp, load-action, commit processing
1410322	The configuration database might not be unlocked automatically if the related user session is disconnected during the commit operation in progress Product-Group=junos	Configuration database can remain locked after the SSH session is halted.
PR Number	Synopsis	Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1464439	The CPU utilization on mgd daemon might be stuck at 100% after the netconf session is interrupted by flapping interface Product-Group=junos	If a netconf session is initiated over inband connection, the CPU utilization on mgd daemon might be stuck at 100% after the netconf session which is executing an RPC call for some commands gets interrupted by flapping interface. There is no impact observed to control-plane or forwarding-plane, the subsequent netconf session will continue to function.
1480348	TFTP installation from loader prompt may not succeed on the EX series devices Product-Group=junos	On the EX series platforms with 17.1R1 onwards, software installation from loader prompt may not succeed by using TFTP.
PR Number	Synopsis	Category: PTX/QFX10002/8/16 specific software components
1471679	ARP suppression (default enabled) in EVPN not working on MX10008/MX10016 line cards Product-Group=junosvae	If MX10008 or MX10016 function as provider edge (PE) devices in an Ethernet VPN-MPLS (EVPN-MPLS) or Layer 3 VXLAN gateways in an Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) environment, ARP suppression is enabled by default, when the ARP expires on any the CPE's , it sends out an ARP REQ broadcast message , this should be suppressed by the PE(MX10008/MX10016). However, ARP broadcast received on MX10008/MX10016 seems to flooded.
1475871	Traffic loss might be seen as backup RE takes around 20 seconds to acquire mastership Product-Group=junos	On the MX10008/10016 platforms, when GRES and NSR are configured, backup RE will take about 20 seconds to acquire mastership after kernel crash on master RE. Due to this long switching time, traffic loss might be seen. Normal RE mastership switchovers are not affected by this issue.
PR Number	Synopsis	Category: PTX/QFX100002/8/16 platform software
1464119	FPC might restart during run time on PTX10K/QFX10K platforms Product-Group=junos	On PTX10K/QFX10K platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions.
PR Number	Synopsis	Category: Virtual Router Redundancy Protocol
1454895	The VRRP traffic loss is longer than one second for some backup groups after performing GRES Product-Group=junos	On all Junos OS platforms, configuring VRRP over the AE interface whose member physical interfaces belong to different PFE (packet forwarding engine), some backup VRRP groups traffic loss are observed longer than one second after performing GRES (graceful Routing Engine switchover). As the expectation is that the outage is subsecond.
PR Number	Synopsis	Category: VSRX platform software
1469978	vsrx2.0 - config-drive does not work as expected Product-Group=junos	Adding the license to the vSRX while it's getting spun through cloud-init fails. It would have to manually add it after the device has booted up.

 

---

Updated 2020-05-11 to include the notice for TSB17782
First publication 2020-04-07