Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.2R3-S3: Software Release Notification for JUNOS Software Version 18.2R3-S3

0

0

Article ID: TSB17762 TECHNICAL_BULLETINS Last Updated: 11 May 2020Version: 3.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, MX, EX, PTX, QFX, vMX, vRR, NFX, SRX, vSRX
Alert Description:
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.2R3-S3 is now available.

NOTE

PR1463859 introduces a software defect that causes a 10GE interface to flap continuously when configured with the WAN-PHY framing with the default "hold-down" timer (0). Once you upgrade a router to an affected software release, the interface may flap continuously. This is not applicable to an interface with the default framing - LAN-PHY. [TSB17782]

18.2R3-S3 - List of Fixed issues

PR Number Synopsis Category: Software build tools (packaging, makefiles, et. al.)
1417345 The JSU package installation may fail
Product-Group=junos
In a specific scenario, the JSU (Junos OS selective upgrade) package installation on a router which has JET (Juniper Extension Toolkit) package installed may fail due to "Operation not permitted" error. This issue does not impact service and traffic.
PR Number Synopsis Category: LLDP
1464553 The LLDP packets might get discarded on all Junos platforms
Product-Group=junos
On all Junos platforms, the LLDP packet received from any other vendor might get discarded. The issue is seen when there are two location-id in the same packet and the Junos device considers the LLDP packet as duplicate and discards it. This might result in the PoE phone not coming up or neighborship information not getting exchanged.
PR Number Synopsis Category: L2NG RTG feature
1461293 MAC addresses learned on RTG may not be aged out after aging time
Product-Group=junos
MAC addresses learned on redundant trunk group (RTG) might not be aged out after aging time if the source interface is configured as RTG.
PR Number Synopsis Category: EX4300 Control Plane
1461434 ERP might not revert back to IDLE state after reload/reboot of multiple switches
Product-Group=junos
On EX4300 platforms configured with ERP, after multiple devices reboot/restart at the same time, ERP might not revert back to the IDLE state. This issue might be seen in situations where the ERP node-id is not configured manually and after the restart, the default node-id (switch base MAC address) might get reset to 00:00:00:00:00:00, effectively causing multiple devices to have the same node-id.
PR Number Synopsis Category: EX4300 PFE
1448607 NSSU cause a traffic loss again after the backup to master transitions
Product-Group=junos
In specific topology (VC uplink with VRRP and downlink client-side has a LAG), while doing NSSU on EX4300 VC, traffic loss might be observed again after the backup to master transitions.
1470424 The switch might not be able to learn MAC address with dot1x and interface-mac-limit configured
Product-Group=junos
On Junos platforms, if dot1x and interface-mac-limit are configured, when sending traffic continuously to the interfaces, the switch might not be able to learn MAC address. Hence traffic drop might be seen.
1491348 The traffic destined to VRRP VIP might be dropped after the IRB interface is disabled on the initial VRRP master
Product-Group=junos
On the EX4300 virtual-chassis scenario, the traffic destined to the VRRP Virtual IP Address (VIP) might be dropped on the Virtual-Chassis if the VRRP IRB interface is disabled on the initial VRRP master. For details, please refer to the following topology and problem description. Topology: +------------------virtual-chassis VC2---+ | | irb.1001 | +----------+ +----------+ | 192.168.1.3 | | sw3 +------------+ sw4 | | | +----------+ +----------+ | | |ae0 | irb.1001 +--------+-------------------------------+ VRRP VIP | 192.168.1.1 | |--------+ae1001----virtual-chassis VC1---+ | +----------+ +----------+ | irb.1001 | | sw1 +------------+ sw2 | | 192.168.1.2 | +------+---+ +----------+ | | | | +-----------------------------------------+ |0/0/20 | + SW 5 192.168.1.254 SW1 and SW2 are configured in VC1 SW3 and SW4 are configured in VC2 IRB.1001 with VRRP is configured on VC1 and VC2 IRB.1001, IP 192.168.1.3 and VRRP VIP 192.168.1.1 is on VC2 IRB.1001, IP 192.168.1.2 and VRRP VIP 192.168.1.1 is on VC1 VC1 is VRRP master Problem description: When the IRB.1001 is deactivated on VC1, traffic from SW5 ( 192.168.1.254) to VRRP VIP 192.168.1.1 (now active on VC2) is dropped on VC1.
PR Number Synopsis Category: EX4300 Platform
1445626 The laser TX might be enabled while the interface is disabled
Product-Group=junos
In ex4300 switches when 1G SFP is connected to 10G port, Auto-negotiation should be disabled (when enabled causes many issues like ARP, link down..) hence when AN is disabled somehow corrupting the TX_DISABLE field hence Laser Tx remain enabled when disabling and plug-out - plug-in.
PR Number Synopsis Category: Marvell based EX PFE L2
1474808 Continuous dcpfe error messages and eventd process hogged might be seen on EX2300 VC scenario
Product-Group=junos
On EX2300 VC scenario, when host path packets are flooding through internal HG (higig) port, it might generate some dcpfe error messages which are harmless and eventd process hogged might also be seen. And it also might cause high CPU utilization which might affect protocol traffic.
PR Number Synopsis Category: Marvell based EX PFE L3
1462106 Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX-4600-EX-4300 VC
Product-Group=junos
Error messages related to soft reset of port due to queue buffers being stuck could be seen on EX-4600-EX-4300 VC
PR Number Synopsis Category: EX9200 Control Plane
1452738 The l2ald and eventd are hogging 100% after issued "clear ethernet-switching table"
Product-Group=junos
The l2ald and eventd processes are hogging 100% after issued "clear ethernet-switching table" and also the continuous syslog errors "l2ald[18605]: L2ALD_IPC_MESSAGE_INVALID: Invalid message received (message type 0, subtype 0): null message" are observed.
PR Number Synopsis Category: EX9200 Platform
1467459 The MAC move message may have an incorrect "from" interface when MAC moves rapidly
Product-Group=junos
On the EX2300/3400/4300/4600/9200 platform, in some cases, if MAC moves rapidly, traffic might be impacted and the MAC move message might have an incorrect "from" interface.
PR Number Synopsis Category: EX2300/3400 CP
1458559 The correct VoIP VLAN information in LLDP-MED packets might not be sent after commit if dynamic VoIP VLAN assignment is used
Product-Group=junos
If the dynamic assignment of VoIP VLAN is used, the switch might not send correct VoIP VLAN information in LLDP MED packets after any configuration change and commit.
PR Number Synopsis Category: EX2300/3400 PFE
1465526 The fxpc might crash after mastership election on EX2300 and EX3400 platform
Product-Group=junos
On EX2300 and EX3400 platforms under virtual chassis(VC) scenario, fxpc might crash during mastership switchover process.
1466423 The broadcast and multicast traffic might be dropped over IRB or LAG interface in QFX/EX VC scenario
Product-Group=junos
On QFX5000/EX2300/EX3400/EX4600 Virtual Chassis (VC) platforms, the broadcast and multicast traffic might get dropped over some of the Link Aggregation Group (LAG) or Integrated Routing and Bridging (IRB) interfaces. Due to this issue, all the routing protocols replying on broadcast/multicast traffic would not be able to setup neighbor sessions, for example, some of the Open Shortest Path First (OSPF) sessions might be stuck in "Init" state over LAG or IRB interfaces.
PR Number Synopsis Category: EX2300/3400 platform
1361025 On EX2300MP platforms, the fan count is wrong in jnxFruName,jnxFilledDescr and jnxContainersCount.4
Product-Group=junos
On EX2300MP platforms, a wrong number of FAN count is shown in for jnxContainersCount. It shows 4 instead of 3. There is no functionality impact.
1452209 The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured
Product-Group=junos
On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow.
1452209 The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured
Product-Group=junosvae
On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow.
1467707 FPCs might get disconnected from EX3400 VC briefly after reboot/upgrade
Product-Group=junos
On EX3400 Virtual Chassis, during reboot or upgrade, because of a high CPU load in slow path of fxpc, TCP keep alive message is not sent. Hence, it is observed that sometimes a few Virtual Chassis members might get disconnected from the Virtual Chassis briefly and join back in 3-6 minutes.
1469750 Traffic loss might be observed between SFP-T connected interfaces on EX3400 platforms
Product-Group=junosvae
On EX3400 switches, traffic (Receive) loss might be seen when SFP-T is connected between interfaces.
1471931 EX3400 is advertising only 100m when configured the speed 100m with autoneg enabled
Product-Group=junos
With Auto-negotiation enabled EX3400 will advertise only 100m whenever we configure the speed 100m
1477165 EX3400 me0 interface might remain down
Product-Group=junos
The me0 interface of EX3400 does not come up when connected to 100m speed interface.
PR Number Synopsis Category: DC PFE QoS
1466770 Slow packet drops might be seen on QFX5000 platforms
Product-Group=junos
The issue observed on QFX5000 platforms when there are any packets on the port before its buffer configuration is completed after the reboot. This issue is very rare and the window could be just few milli seconds.
PR Number Synopsis Category: DHCP related Issues
1467182 [dhcp] [DHCP_RELAY]- JDI-_DHCP_-REGRESSION-SWITCHING:: DHCPvX ACK Messages did not receive response to Broadcast INFORM packets with 19.1R2.3
Product-Group=junos
Few of DHCPvX INFORM Messages, specific to particular VLAN are not receiving any ACK from server.
PR Number Synopsis Category: QFX Multichassis Link Aggregrate
1465077 The traffic might be forwarded to wrong interfaces in MC-LAG scenario
Product-Group=junos
On EX/QFX platforms with MultiChassis Link Aggregation Group (MC-LAG) configured, if the interface media of MC-LAG is changed from MultiProtocol Label Switching (MPLS) to Dense Wavelength Division Multiplexing (DWDM), the traffic might be forwarded to wrong interfaces and get dropped.
PR Number Synopsis Category: QFX Access control list
1379718 Host destined packets with filter log action might not reach to the RE if log/syslog is enabled
Product-Group=junos
On EX4300/EX4600/QFX Series switches except for QFX10k, if host destined packets (that is, the destination address belongs to the device) come from the interface with ingress filter of log/syslog action (for example, 'filter <> term <> then log/syslog'), such packets should not be dropped and reach the Routing Engine.
1476708 ARP packets are always sent to CPU regardless of whether the storm-control is activated
Product-Group=junos
On QFX5K platforms with VXLAN or VLAN scenario, ARP packets are not rate limited by the storm-control settings as the ARP packets will be copied to CPU by VLAN register settings and can be only rate limited by the CPU Queues rate-limit settings (ARP DDOS Queues).
PR Number Synopsis Category: QFX PFE CoS
1432078 Shaping does not work after the reboot if "shaping-rate" is configured
Product-Group=junos
On QFX5110, QFX5100 and EX4600 platforms, if "shaping-rate" is configured, the shaping feature might not work after a reboot. The service might be impacted as the traffic cannot be rate limited.
PR Number Synopsis Category: QFX PFE L2
1421672 Packet loss might be seen when one of the Spine switch fails or reboots
Product-Group=junos
On QFX5K/AS7816 series switches, a brief packet loss might be seen when one of the spine switch fails or reboots in a VxLAN setup as it takes time to update all the VTEPs to new next-hop towards the other Spine switch. This happens due to the Fast Reroute capability not being present for VxLAN technology.
1431262 ERPS (Ethernet Ring Protection Switching) nodes might not converge to IDLE state after failure recovery or reboot
Product-Group=junos
In ERPS topologies where EX/QFX platform switches are used, after failure recovery or reboot, some nodes might not converge to IDLE state and their interfaces might remain in discarding state. It is expected to have single STP (Spanning Tree Protocol) instance getting mapped to STG (Spanning Tree Group) however, in problematic state two STP instances get created, resulting in two STG and cause traffic loss.
1437577 Physical layer and MAC/ARP learning might not work for copper base SFP-T on QFX5100/QFX5110/EX4600
Product-Group=junos
On QFX5100/QFX5110/EX4600 platforms, if copper base SFP-T is used, it might not get up on physical layer and the MAC/ARP learning might not work if it gets up. The PR fixes both layer-1 and layer-2 issues in this scenario.
1467466 Few MAC addresses might be missing from MAC table in software on QFX5k platform.
Product-Group=junos
On QFX5k platform, if Packet Forwarding Engine process is restarted manually or device reboot occurs, some MAC address(es) might not be seen on software MAC table but MAC address will be present in hardware table.
1467763 The fxpc.core might be seen when committing the configuration all together, e.g., after the reboot
Product-Group=junos
On EX2300/3400/4300/4600 and QFX Series switches except for QFX10k, if committing the configuration all together (e.g., after the reboot), the fxpc/PFE core dump might be found. In the Virtual Chassis scenario, the VC members might be splitted because the VC ports might not be created in time.
1469596 Ingress traffic might be blackholed if underlying interfaces flap in EVPN/VXLAN scenario
Product-Group=junos
On QFX5000 platforms with Ethernet Virtual Private Network (EVPN) and Virtual Extensible LAN (VXLAN) scenario, if there is the underlying interface flaps for the core network side, all the ingress traffic might be backholed by the VXLAN Tunnel Endpoint (VTEP) due to this issue.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1367439 Invalid VRRP mastership election on QFX5110-VC peers
Product-Group=junosvae
In some specific scenarios, the configuration of bpdu-block-on-edge might cause both QFX5110 to claim as VRRP masters.
1367439 Invalid VRRP mastership election on QFX5110-VC peers
Product-Group=junos
In some specific scenarios, the configuration of bpdu-block-on-edge might cause both QFX5110 to claim as VRRP masters.
1455547 The coredump might occur during adding/removing EVPN Type-5 routing instance
Product-Group=junos
On QFX platforms, the coredump might occur during adding/removing EVPN Type-5 routing instance. The EVPN route would be corrupted and traffic/service impact appears if hitting the issue.
1460791 JDI-RCT : QFX 5100 VC/VCF : Observing Error brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) after ISSU with Mini-PDT base configurations
Product-Group=junos
"multicast stats related errors like " brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running)" will be observed during ISSU and these messages are harmless and does not affect multicast functionality".
PR Number Synopsis Category: QFX PFE MPLS
1475395 Traffic blackhole might be seen on PE when CE sends traffic to PE and the destination is resolved with two LSPs through one upstream interface
Product-Group=junos
On QFX5K platforms with Layer3 VPN scenario, when CE sends traffic to PE and the destination is resolved with two LSPs through one upstream interface, the traffic blackhole might be seen on PE. It happens in ECMP scenario.
1477301 The traffic may be lost over QFX5100 switch acting as a transit PHP node in the MPLS network
Product-Group=junos
In the MPLS network, the packets may get dropped by egress node if the packets go through the QFX5100 switch acting as a transit PHP (penultimate-hop popping) node.
PR Number Synopsis Category: SPC3 HW and SW Issues
1429899 Packet loss is caused by FPGA back pressure on SPC3.
Product-Group=junos
On SRX5000 Series devices with an SPC3 card, sometimes very small amount of packet loss is observed.
PR Number Synopsis Category: SRX Macsec bug tracking
1474674 Packet drop might be observed on the SRX300 line of devices when adding or removing an interface from MACsec.
Product-Group=junos
On SRX3xx platforms, when adding/removing an interface from MACsec (e.g. enables/deactivates an interface under security macsec heirarchy), and that interface is configured with non-default properties of speed/mtu/autonegotiation/duplixity, packets drop might be observed on that interface.
PR Number Synopsis Category: CoS support on ACX
1455722 ACX5048 snmp polling will stalled after the link flap/ sfp replacement and ACX_COS_HALP(acx_cos_gport_sched_set_strict_priority:987): Failed to detach logs will be seen
Product-Group=junos
When inserting a SFP, the lowest ifd index available is assigned to the new interface created. During this sfp attach, an ifd-halp entry is also created in cos table for the interface. When SFPs are swapped and SFPs get their IFD index assigned interchanged as that of their old IFDs, issue is observed. As per PFE, the bcm port for the interface remains the same while IFD alone changes when removed and inserted. Hence while creating an ifd-entry for the interface in cos table, it is checked for any old entry still present for same bcm port. But the check done to validate for any old entry is improper. It does not check whether the old ifd index present is still for same bcm port. Due to this check missing, a valid ifd-entry of some other interface is getting deleted in cos table. Introduced the additional validation to ensure the old ifd index of the interface is still for same bcm port. Deleting of old ifd-entry is done only if bcm port of current entry and old ifd entry are same. Also added in existing debug message to display the ifd index which is getting deleted.
PR Number Synopsis Category: ACX Interfaces IFD, IFL, vlans, and BRCM init
1284590 ACX5k MacDrainTimeOut and bcm_port_update failed: Internal error
Product-Group=junos
On ACX5K, the buffer is corrupted on port 0 (*/*/0) and error message MACDRAINTIMEOUT and dcbcm_check_stuck_buffers are observed, which could eventually lead to port 0 (*/*/0) flapping.
1411015 The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx
Product-Group=junos
The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped but as the port has not been started, it does not disable Tx.
PR Number Synopsis Category: ACX MPLS
1449681 l2circuit with a "backup-neighbor" (hot-standby) configured may stop forwarding traffic after failovers
Product-Group=junos
On ACX platforms, if the "backup-neighbor" is configured with the "hot-standby" parameter, then l2circuit may stop passing traffic if the master path is down and back up again (l2circuit switchovers from the master path to the backup path, then moves back from the backup path to the master path)
PR Number Synopsis Category: ACX GE, 10GE, PoE, IDT framers
1439384 interface on ACX1100 remains down when using SFP-1FE-FX (740-021487)
Product-Group=junos
Interface with SFP-1FE-FX transceiver optic (740-021487) will not come UP on ACX routers.
PR Number Synopsis Category: MPC Fusion SW
1454595 The 100G Interfaces may not come up again after going down on MPC3E-NG
Product-Group=junos
On MPC3E-NG cards with 100G interface in use, if the interface detects Loss of Lock (LOL) on the link without Loss of Signal (LOS), the interface will go down and may not come up again after the link is recovered.
1463859 The MPC2E-NG/MPC3E-NG card with specific MIC might crash after a high rate of interface flaps
Product-Group=junos
If any MIC of MIC-3D-2XGE-XFP / MIC-3D-4XGE-XFP / MIC-3D-20GE-SFP-E / MIC-3D-20GE-SFP-EH / MIC-MACSEC-20GE is installed in MPC2E-NG/MPC3E-NG card, the Microkernel (uKern) might hog for CPU on Packet Forwarding Engine (PFE) when there is a high rate of interface flaps (~30/40 flaps per second). This will eventually trigger the MPC2E-NG/MPC3E-NG card crash with an NGMPC core file. Normally the excessive interface flapping won't happen frequently in real world and it may be caused due to external environment. This fix will reduce the impact and prevent the uKern hog when having such conditions.
PR Number Synopsis Category: A15 specific issue
1439744 The SPC card might stop on the SRX5000 line of devices.
Product-Group=junos
On the SRX5400,SRX5600 or SRX5800 platforms with SPC2, the SPC could go into a hung state without processing any traffic.
PR Number Synopsis Category: a20a40 specific issue
1479255 The RGx might fail over after RG0 failover in a rare case.
Product-Group=junos
On the SRX5000 platforms with SPC3 in use, the RGx (x>0) failover may be observed followed by RG0 failover, this is a timing issue and due to unexpected "hardware timeout" detected by RGx after RG0 failover.
PR Number Synopsis Category: srx5k service offloading related PR
1436421 On an SRX4600 device, core file generation might be observed and SPM might be in present state.
Product-Group=junos
On SRX4600 devices, in rare cases, FPC0 and/or FPC1 may stay in Present state at boot and never come Online or may move to Present state during operation. When this occurs, J-Ukernel crashes and multiple chassis alarms may be observed. The reason is that the power chip doesn`t produce the right voltage. The fix is to set the right voltage (through upgrading the Jfirmware version). It would affect the traffic.
PR Number Synopsis Category: These are new categories in the areas of PFE
1460209 Loop detection might not work on extended ports in Junos Fusion scenarios
Product-Group=junos
In Junos Fusion scenarios, if loop detection is enabled on extended ports, when a satellite device (SD) is rebooted, or when a satellite device is added or removed/re-added, the loop detection feature might not work.
PR Number Synopsis Category: BBE Autoconfigured DVLAN related issues
1467468 L2 Wholesale not forwarding all client requests with stacked VLAN
Product-Group=junos
In the Non-ANCP Based L2 Wholesale scenario, if more than one request packets from customer side encapsulated in dual-tagged VLAN arrive at PE device, only the first one of the packets which share the same outer VLAN gets forwarded, and the rest will fail.
PR Number Synopsis Category: BBE database related issues
1457284 UI_OPEN_TIMEDOUT: Timeout connecting to peer 'database-replication'
Product-Group=junos
Syslog "timeout connecting to peer database-replication" is generated when command "show version detail" issued.
PR Number Synopsis Category: BBE interface related issues
1467125 The PPPoE subscribers get stuck due to the PPPoE inline keepalives don't work properly
Product-Group=junos
In the PPPoE subscriber management environment, due to the PPPoE inline keepalives timeout events may get dropped by the RE (routing engine), the PPPoE subscribers get stuck. This issue may cause the PPPoE subscribers are unable to reconnect.
PR Number Synopsis Category: MIBs related to BBE
1470664 SNMP interface-mib stops working for PPPoE clients
Product-Group=junos
SNMP interface-mib stops working for PPPoE clients. In this scenario SNMP works fine for standard queries on the MX router, but for subscriber statistics always returns value of zero.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1432440 In BFD and GR enabled scenario, BFD DOWN packets are not being sent immediately after BFD failure
Product-Group=junos
In both GR helper and GR restarter scenarios, BFD down packets are not immediately sent. It might cause an issue where BGP session down is notified before BFD DOWN.
1448649 JUNOS BFD sessions with authentication flaps after a certain time
Product-Group=junos
In the scenario where BFD session authentication is configured, after a certain period of time, BFD sessions flaps may be seen, this will cause the neighbor to be down.
1470603 The BFD client session might flap when removing BFD configuration from the peer end (from other vendor) of the BFD session
Product-Group=junos
Currently, when a BFD packet with session state set to "AdminDown" is received by Juniper Device, the Juniper device will check both the session state and the diagnostic code in the packet. If the session state is "AdminDown" and the diagnostic code is 7 (which means "diag AdminDown"), the BFD session will be set to "Down" and the BFD client (i.e. the service which is protected by BFD) will be notified with "AdminDown" and the BFD client session will not flap. But if the BFD packet with session state set to "AdminDown" along with diagnostic code other than 7 is received, the BFD client will be notified with "Down" and the BFD client session will flap.
PR Number Synopsis Category: Border Gateway Protocol
1382892 The rpd might crash under a rare condition if GR helper mode is triggered
Product-Group=junos
When graceful restart is configured on the BGP peer device, if the peer device initiate new TCP connection when there is an existing TCP connection for the BGP session, send OPEN message and this new TCP connection also get torn down immediately after establishment/sending of OPEN message. The rpd might crash.
1412538 BGP might stuck in Idle state when the peer triggers a GR restart event
Product-Group=junos
When NSR (nonstop-routing) is enabled in local device and BGP GR (Graceful-Restart) is enabled in peer device, if the peer triggers a GR restart (it is usually caused by some failure in peer or the peer restarts rpd, etc), some BGP sessions might stuck in Idle state. The reason is that when the GR restart happens, the device is still doing the initial sync to the backup RE of the previous sessions, so some BGP sessions might stuck in Idle state because the router does not complete the process (the initial sync of the data set to the backup).
1414121 QFX5100 : BGP v4/v6 convergence & RIB install/delete time degraded in 19.1R1/19.2R1/19.3R1/19.4R1
Product-Group=junos
BGP IPv4 or IPv6 convergence and RIB install/delete time is degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1.
1454198 The rpd scheduler slip for BGP GR might be up to 120s after the peer goes down
Product-Group=junos
In BGP GR (graceful-restart) scenario (graceful-restart is configured for BGP or GR-helper mode is enabled by default), when high-scale routes get learnt from one peer, the rpd scheduler slip might be up to 120s after that BGP peer flaps.
1454951 The rpd process might crash when multipath is in use
Product-Group=junos
If multipath is enabled, in some certain conditions, the rpd process might crash while secondary route resolution is running.
1461602 The rpd scheduler slips might be seen on RPKI route validation enabled BGP peering router in a scaled setup
Product-Group=junos
In scaled BGP environment (e.g. global table ~3M routes or more) when there are a lot of (e.g 10k or more) more specific routes for a certain IPv4 or IPv6 prefix covered by some RV (route validation) record, a change in RV records database might lead to rpd (routing protocol daemon) scheduler slips, which could trigger routing protocol adjacency flap. The same could be triggered by executing "clear validation database" command or shortly after initial session RPKI (resource public key infrastructure) establishment event.
1472671 The rpd process might crash with BGP multipath and damping configured
Product-Group=junos
On all Junos platforms running with Border Gateway Protocol (BGP), if both BGP multipath and BGP damping are configured, it might happen that, when the active route, for example r1, is withdrawn but it is not really deleted due to damping, then BGP might be unable to find its original gateway when the route r1 is relearned and becomes the best route again. It will lead to the rpd process crash.
1473351 Removing cluster from BGP group might cause prolonged convergence time
Product-Group=junos
Cluster removal from BGP group might lead to a state where each subsequent change to BGP configuration will trigger import policy reevaluation causing prolonged convergence time of several minutes. This might result in a traffic loss.
1487691 High CPU utilization might be observed when the outgoing BGP updates are sending slowly
Product-Group=junos
On all Junos platforms with the BGP routing protocols, the rpd process might go into a high CPU utilization causing slow network convergence. If a BGP peer is receiving and processing BGP updates slowly, this may cause the BGP output queue of the sending BGP peer to be full. When the queue is full it causes high CPU utilization of the BGP IO thread (bgpio, it is part of the rpd daemon) on the sending BGP peer. This defect could cause network-wide slow BGP network convergence. (See also https://kb.juniper.net/TSB17725)
PR Number Synopsis Category: BBE Remote Access Server
1431614 Subscriber filtering for General Authentication Services traceoptions will report debug messages for other users.
Product-Group=junos
Subscriber filtering for General Authentication Services traceoptions will report debug messages for other users.
1479697 The CoA request may not be processed if it includes "proxy-state" attribute
Product-Group=junos
In a subscriber management environment, the CoA requests (such as deactivating/activating subscribers) sent from Radius server will fail if the "proxy-state" attribute is present. This attribute is still unsupported but will now be ignored if it's present in CoA requests.
PR Number Synopsis Category: Cassis pfe microcode software
1464820 MPC5E/6E might crash due to internal thread hogging the CPU
Product-Group=junos
PR 1382182 (which is fixed in 16.2R3 17.1R3 17.3R3-S3 17.3R4 17.4R2-S3 17.4R3 18.1R3-S2 18.1R4 18.2R2 18.2X75-D40 18.3R2 18.4R1 19.1R1) introduced an improper code which could cause an internal thread to hog the CPU and eventually result in the MPC crash. It is a timing issue and affects MPC5E/6E.
PR Number Synopsis Category: MX Platform SW - UI management
1453533 Alarm was not sent to syslog on MX10003 platform
Product-Group=junos
On the MX10003 platform, the alarmd wont write the alarm messages to the syslog.
1453533 Alarm was not sent to syslog on MX10003 platform
Product-Group=junosvae
On the MX10003 platform, the alarmd wont write the alarm messages to the syslog.
1457657 The chassisd process and all FPCs may restart after RE switchover
Product-Group=junos
The chassisd process and all FPCs may restart after RE switchover if the knob "master-only" is enabled.
PR Number Synopsis Category: Class of Service
1475508 MX10008/MX100016 might generate cosd core after executing "commit/commit check" if "policy-map" configuration is set
Product-Group=junos
On MX10008 and MX10016 platforms, the cosd crash might be seen after executing "commit/commit check" if "policy-map" configuration is set.
PR Number Synopsis Category: L2NG Access Security feature
1478375 The process dhcpd may crash in a Junos Fusion environment
Product-Group=junos
On EX92XX platforms with the DHCP snooping configured, if a peer receives DHCPv6 packets from the server without the "client-id" option present, and it is syncing packets to the other side at that time, then the process dhcpd crash may be observed.
PR Number Synopsis Category: OpenSSH and related subsystems
1454177 SSH login might fail if a user account exists in both local database and RADIUS or TACACS+.
Product-Group=junos
SSH login from an automation tool to the Junos device might not be successful if the username is configured both as a local user and on remote RADIUS/TACACS server, and using authentication method 'password'.
PR Number Synopsis Category: Device Configuration Daemon
1475634 Commit error is not thrown when member link is added to multiple aggregation group with different interface specific options
Product-Group=junos
Commit error is not thrown when member link was added to multiple aggregation group with different interface specific options. When member interface added to bundle with both ether and gig-ether interface specific options, gig-ether option takes precedence over ether options.
PR Number Synopsis Category: Firewall Filter
1452435 Commit error and dfwd coredump might be observed when applying a firewall filter with action "then traffic-class" or "then dscp"
Product-Group=junos
Commit failure with error might be seen and the dfwd crashes when applying a firewall filter with action "then traffic-class" or "then dscp" to an interface.
1465093 On MX10008 and MX10016 routers policer bandwidth-limit cannot be set higher than 100g
Product-Group=junos
MX10008 and MX10016's "policer bandwidth-limit" can not be set higher than 100G.
1466698 An output bandwidth-percent policer with logical-bandwidth-policer applied to an AE bundle along with an output-traffic-control-profile has incorrect effective policing rate
Product-Group=junos
On MX platforms, for an AE bundle of at least two members hosted at two different FPCs, if the AE interface is with CoS output-traffic-control-profile of shaping-rate and with the output filter of policer with logical-bandwidth-policer and bandwidth-percent, the AE interface might have incorrect effective output policing rate.
1473093 Traffic might not be forwarded into the right queue but the default queue when VPLS traffic has three or more VLAN tags with VLAN priority 5
Product-Group=junos
On the MX platform with MPC line card (except DPC line card) used, if an input firewall filter is configured at the ingress VPLS interface, the packet with a VLAN priority of 5 with three or more VLAN tags might be forwarded into the wrong queue. When this occurs, it might cause traffic loss due to congestion as all traffic is forwarded into the default queue.
1478964 The filter may not be installed if the "policy-map xx" is present under it
Product-Group=junos
If the "policy-map xx" option is configured under "family mpls" for filters, then the filters may not take effect after committing.
PR Number Synopsis Category: dhcpd daemon
1471161 DHCP relay with forward-only might fail to send OFFER messages when DHCP client is terminated on logical tunnel interface
Product-Group=junos
On all Junos platforms, when DHCP relay is configured with forward-only, and DHCP client is terminated on logical tunnel interface that multiple IFLs under this lt- interface have a same VLAN, DHCP relay might fail to send OFFER messages.
1474097 Subnet information might be corrupted if it is passed by a radius server
Product-Group=junos
On all Junos platforms with jdhcpd daemon, Junos is acting as a DHCPv4 local server with an external RADIUS server, if using DHCPv4 options to request subnet data from RADIUS server, the mask value which RADIUS server offered might be effectively reversed. It could cause the DHCPv4 client fails to get the correct subnet information.
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1454180 Introduction of default inspection limits for application identification to optimize CPU usage and improve resistance to evasive applications.
Product-Group=junos
AppID is significantly more resistant to evasive applications. It does this by introducing default inspection-limits which can be adjusted by using the new commands 'set services application-identification inspection-limit' and 'set services application-identification global-offload-byte-limit'.
1463159 A core file might be generated when you perform an ISSU on SRX Series devices.
Product-Group=junos
When APPID is enabled and perform an ISSU on SRX devices, it might cause traffic impact and generate core-dump file.
1479684 Recent changes to JDPI's classification mechanism caused a considerable performance regression (more than 30 percent).
Product-Group=junos
Recent changes to JDPI's classification mechanism caused a considerable performance regression (30%+).
PR Number Synopsis Category: JUNOS Dynamic Profile Configuration Infrastructure
1188434 UID may not release properly in some scenarious after service session deactivation
Product-Group=junos
When same UID objects are used in both inet and inet6 services of the same subscriber session, deactivation the first session cause conditions which avoid releasing UID entry after deactivation second service session. This leads to having stale UID entry and can cause subscriber's connection problem in the future when UID pool would be completely exhausted. The probability of hitting the issue increases if amount subscriber to amount of unique services ratio is aproaching 1 (i.e. when almost every subscriber has a service with unique servie objects).
PR Number Synopsis Category: dynamic dcd prs
1470622 Executing commit might hang up due to stuck dcd process
Product-Group=junos
When dynamic DHCP sessions are existing in the device, if multiple commits in parallel are performed, the commit might hang up.
PR Number Synopsis Category: Ethernet OAM (LFM)
1396540 V44-CFM: NPC crash @ rt_nh_install (rnh=0x618123d8, rnh_src=0x0, rt=< optimized out>, p_rtt=0x74f886c0) at ../../../../src/pfe/common/pfe-arch/trinity/applications/route/rt_nh.c:631
Product-Group=junos
As part of the EOAM programming the LM counters are allocated. When an interface is deleted, the EOAM LM counters needs to be cleared. This is done as part of EOAM punt deletion. But there are scenarios where the prog punt delete processing is received, the IFL is deleted in ukern. In this case the EOAM NHs are cleared but the LM counters are not freed. this can cause memory leak in jnh. This issue is seen for a scaled config, repeated addition and deletion of the interface configs when EOAM config is present
1465608 The EOAM CFM primary-vid functionality doesn't work if the enhanced-cfm-mode is enabled
Product-Group=junos
On MX10003 platform, the EOAM (Ethernet Operations, Administration, and Maintenance) CFM (Connectivity Fault Management) primary-vid functionality doesn't work if the enhanced-cfm-mode is enabled. The issue impacts the CFM functionality.
PR Number Synopsis Category: EVPN control plane issues
1467309 The rpd might crash after changing EVPN related configuration
Product-Group=junos
In EVPN scenario without encapsulation type specified (the default EVPN encapsulation type is set to MPLS), if "vlan-id none" and "vni " is configured in EVPN instance, the rpd might crash after changing EVPN related configuration (such as set the encapsulation as vxlan or delete label-allocation scheme).
PR Number Synopsis Category: EX Chassis Interface Handling
1441035 The EX ports might stay in up state even if the EX46XX/QFX51XX series device is rebooted
Product-Group=junos
With DAC cable used between EX46XX/QFX51XX series device and EX device, during rebooting the EX46XX/QFX51XX series device, the ports on EX device might still stay up.
PR Number Synopsis Category: Issues related to EX MACsec
1469663 Traffic loss might be seen with framing errors or runts if MACsec is configured on EX4600/QFX5100 platforms
Product-Group=junos
On EX4600/QFX5100 platforms with Media Access Control Security (MACsec) configured, if there is traffic flowing through the MACsec enabled link, increasing framing errors or runts statistics might be seen in the output of "show interfaces extensive <>" for the affected interface. Traffic loss might also happen due to this issue.
PR Number Synopsis Category: Express PFE CoS Features
1450265 CoS classification does not work on QFX10K
Product-Group=junos
On QFX10K platforms, under the scale scenario more than 500 AE IFLs, if the classifier configuration frequent churns or link flaps, the CoS classification will not work on the impacted interfaces.
PR Number Synopsis Category: Express PFE FW Features
1448778 Egress sampling for sflow might stop working for more than 8 interfaces on PTX platforms
Product-Group=junos
On PTX platforms, if sflow is configured on more than 8 interfaces, egress sampling might stop working due to this issue.
1462634 The sample/syslog/log action in output firewall filter with packet of size less than 128 might cause ASIC wedge (all packet loss) on PTX platforms
Product-Group=junos
On PTX platforms, if output firewall filter is configured with sample/syslog/log action, the host interface might get wedged for packets with lengths 0-128 including Layer 3 headers.
1470385 Incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands
Product-Group=junos
On PTX1000/PTX3000/PTX5000/PTX10000/PTX9000/QFX10000, sending hostpath traffic and check the ddos statistics might lead to incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands
PR Number Synopsis Category: Express PFE Services including JTI, TOE, HostPath, Jflow
1445585 Receipt of a malformed packet for J-Flow sampling might create a FPC process core.
Product-Group=junos
Receipt of a malformed packet for J-Flow sampling might create a FPC process core.
PR Number Synopsis Category: Express PFE L2 fwding Features
1442587 The PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb
Product-Group=junos
Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact.
1446291 On QFX10K platforms removing EVPN-VXLAN L3 Gateway on the IRB interface from spine switches might cause black holing of traffic
Product-Group=junos
On QFX10000 platforms and EVPN-VXLAN (spine-leaf) scenario, the QFX10000 spine switches are configured with VXLAN Layer3 gateway (utilizing the virtual-gateway) on an IRB interface, if enabling and then subsequently remove the VXLAN L3 gateway on this IRB interface on one or some of these spine switches, traffic drop might be observed. If all virtual-gateways are configured with an unique v4 or v6 mac-address, this issue would not happen. This is also the workaround.
PR Number Synopsis Category: Enhanced Broadband Edge support for firewall
1463420 The subscribers might not pass traffic after doing some changes to the dynamic-profiles filter
Product-Group=junos
On MX platform, with enhanced subscriber enabled, if doing some changes to a dynamic-profiles filter, the subscribers built on the filter might no longer forward traffic.
PR Number Synopsis Category: SRX1500 platform software
1452137 Hardware failure is seen on both nodes in show chassis cluster status.
Product-Group=junosvae
On the SRX1500 and SRX4xxx platforms, the management interface fxp0 down triggers a major alarm and cause hardware monitoring in jsrpd.
PR Number Synopsis Category: PTX Express ASIC interface
1412126 PTX interface stays down after maintenance
Product-Group=junos
On PTX3000/PTX5000 linecard (QSFP28-100GBASE-LR4) interface may stay down after software upgrade. Issue is usually observed on links connected to another vendors equipment.
PR Number Synopsis Category: idp flow creation, deletion,notification, session mgr intfce
1444043 SNMP queries might cause commit or show command to fail due to IDP.
Product-Group=junos
On SRX Series devices, commit or show command for IDP might not work if SNMP queries are run when large-scale IDP is used.
PR Number Synopsis Category: IDP policy
1420787 NSD fails to push security zone to the Packet Forwarding Engine after reboot, if there is an active IDP rule configured with FQDN.
Product-Group=junos
NSD fails to push security zone to PFE after reboot, if there is active IDP rule configured with FQDN
PR Number Synopsis Category: Signature Database
1466283 Updating the IDP security package offline might fail in SRX Series devices.
Product-Group=junos
Rogue .gz files in /var/tmp/sec-download/ might fail offline secpack update.
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1463368 JDI-RCT:ACX/AMX:MemLeak:Backport jemalloc profiling CLI support to all releases where jemalloc is present.
Product-Group=junos
Backport jemalloc profiling CLI support to all releases where jemalloc is present.
PR Number Synopsis Category: Inline NAT PRs for defect & enhancement requests
1446267 The static route for NAT might never come up if switchover the service interface which has NAT and GR configuration
Product-Group=junos
On MX platform, when switchover a service interface that has NAT and GR configuration, the static route for NAT might never come up.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1474300 A newly added LAG member interface might forward traffic even though its micro BFD session is down
Product-Group=junos
On all Junos platforms, if a static Link Aggregate Group (LAG) is configured, and Bidirectional Forwarding Detection (BFD) is enabled on the LAG which is also called as micro BFD, a newly added member link might start to forward traffic immediately when the configuration change commits even though its micro BFD session is still down, for example, add a new member interface only on single end, and the remote member interface is disabled or not added. Therefore, traffic loss might be seen due to this issue.
PR Number Synopsis Category: Optical Transport Interface
1467712 "MIC Error code: 0x1b0002" alarm might not be cleared for MIC on MPC5E when the voltage has returned to normal
Product-Group=junos
The voltage high alarm might not be cleared when voltage level comes back to normal for MIC on MPC5.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1484964 VLAN creation failure might be seen on QFX-series platforms with scaled VLAN and L3 configuration
Product-Group=junos
On QFX platforms with scaled VLAN and L3-interface configuration setup, when the VLANs are deleted and added back quickly, the newer VLANs might not get created successfully.
PR Number Synopsis Category: ISIS routing protocol
1455432 The rpd might crash continuously due to memory corruption in ISIS setup
Product-Group=junos
With ISIS configured and in a very rare case, memory corruption may occur, this may cause rpd crash continuously.
PR Number Synopsis Category: jdhcpd daemon
1442222 The jdhcpd process might go into infinite loop and cause 100% CPU usage
Product-Group=junos
When DHCP is configured, if subscribers are moved from one routing-instance to another or if the subscribe is deleted and re-added, the jdhcpd process might go into infinite loop and cause 100% CPU usage.
1459925 DHCP packet might not be processed correctly if DHCP option 82 is configured
Product-Group=junos
In Dynamic Host Configuration Protocol (DHCP) scenario, an zero length sub-option of the option 82 in DHCP DISCOVER message might not be processed correctly causing other DHCP options from DHCP DISCOVER message to be mis-processed as well. This issue has service impact.
1464267 The repd process is not working in Junos releases 18.2R3-S1 and 18.2R2-S5 on some low-end Junos platforms
Product-Group=junos
In Junos releases 18.2R3-S1 and 18.2R2-S5, on some low-end Junos platforms which have only 4G RAM (Random Access Memory ) memory or smaller (e.g. all low-end SRX), the repd process is not working. The issue results in the subscriber services like DHCP (Dynamic Host Configuration Protocol), authentication can't be synchronized to the standby RE (Routing engine). In this case, if upgrade/GRES (Graceful Routing Engine Switchover) is performed, the synchronization between the REs via the repd process fails, which results in subscriber services like DHCP, authentication can't work on the new RE after the upgrade/GRES. There is no restoration for the repd process. However, the service affected by the repd synchronization can be recovered by restart the service or reboot the device.
1465964 The ISSU might fail during subscriber inflight login is happening
Product-Group=junos
On the MX platform with the DHCP subscriber scenario, if subscriber logging in is happening during the ISSU process, the ISSU failure might be observed.
PR Number Synopsis Category: Adresses ALG issues found in JSF
1474942 The flowd or srxpfe process might stop when an ALG creates a gate with an incorrect protocol value.
Product-Group=junos
On SRX chassis clusters, when an ALG creates gate with incorrect protocol value, the flowd/srxpfe process might crash on one node. This issue might happen in the situation that an ALG receives a corrupted RTO message on secondary node. It might affect the traffic.
1483834 FTPS traffic might get dropped on SRX/MX platforms if FTP ALG is used
Product-Group=junos
On SRX/MX platforms with FTP ALG enabled, if there are more than one FTPS connection between a pair of FTP client and server, the closure of one connection might cause other connections between that pair of FTP client and server to be affected, hence there might be traffic impact. It is a rare timing issue.
PR Number Synopsis Category: Adresses NAT/NATLIB issues found in JSF
1471932 The flowd or srxpfe process might stop when traffic is processed by both ALGs and NAT.
Product-Group=junos
The flowd or srxpfe process might stop when traffic is processed by both ALGs and NAT.
PR Number Synopsis Category: To track issues related to jsf tcp proxy
1467351 The jbuf process usage might increase up to 99 percent after Junos OS upgrade.
Product-Group=junos
An SRX's jbuf usage may become higher after a Junos upgrade, resulting in warning logs and possible jbuf exhaustion. This may lead to traffic loss.
PR Number Synopsis Category: Firewall Authentication
1457570 The same source IP sessions are cleared when the IP entry is removed from the UAC table.
Product-Group=junos
Same-source IP sessions are cleared when the IP entry is removed from the UAC table.
PR Number Synopsis Category: Flow Module
1462825 The tunnel packets might be dropped because gr0.0 or st0.0 interface is wrongly calculated after a GRE or VPN route change
Product-Group=junos
On SRX Series device, MTU is wrongly calculated in a gr0.0 or st0.0 interface after a GRE or VPN route change. If the command do-not-fragment is configured and the packet is bigger than the MTU, the packet might be dropped.
PR Number Synopsis Category: High Availability/NSRP/VRRP
1468441 IP monitoring might fail on the secondary node.
Product-Group=junos
IP-monitoring might stop working on secondary node when many instances of IP monitoring are configured on RG(redundancy group)/ RETH(Redundant Ethernet interface). If primary node goes down, failover will not happen which might cause traffic loss.
PR Number Synopsis Category: JSR Infrastructure
1450545 Traffic loss might occur when there are around 80,000 routes in FIB.
Product-Group=junosvae
On SRX1500 platform, when there are around 800K routes in forwarding information base (FIB), traffic loss might occur and abnormal error messages of some CLI commands would appear due to lack of memory on packet forwarding engine (PFE). This issue has traffic impact.
PR Number Synopsis Category: Firewall Network Address Translation
1443345 On SRX5000 line of devices with SPC3 card, when using source NAT, under high traffic load, a small fraction of TCP-SYN packets may be dropped due to the source NAT port failing to be allocated. Also, the NAT pool resources may leak over time.
Product-Group=junos
In SRX5K cluster environment, when using source NAT, after RG1 failover, a small fraction of TCP-SYN packets might be dropped due to the source NAT ports failing to be allocated, and the NAT pool resource may leak over time. If all NAT pool resource leaked, new NAT session cannot be installed.
1457904 Packet loss is observed when multiple source NAT pools and rules are configured
Product-Group=junos
On the SRX5000 platforms with SPC2 installed, the device may experience packet loss or a flowd coredump when multiple source NAT pools and rules are configured.
1479824 Issuing the show security nat source paired-address command might return an error.
Product-Group=junos
On the SRX series platforms with source NAT configuration, issuing the command "show security nat source paired-address ..." may return an error, which is not expected. It's a corner case, and not reproduced all the time.
PR Number Synopsis Category: Firewall Policy
1453852 Security policies cannot synchronize between Routing Engine and Packet Forwarding Engine on SRX Series devices.
Product-Group=junos
On all SRX platforms, in a very rare condition, security policies do not be synchronized between RE and PFE. This issue might cause traffic loss.
1471621 The count option in security policy does not take effect even if the policy count is enabled.
Product-Group=junos
On SRX Series devices that have a security policy counter deployed, the count option in the security policy might not work. As a result, issuing show security policies <> detail might not print traffic statistics for the security policy.
PR Number Synopsis Category: IPSEC/IKE VPN
1405840 The IKE and IPsec configuration under groups is not supported.
Product-Group=junos
On SRX5400, SRX5600, SRX5800 devices with SPC3, occasionally, if an IKE or IPSec configuration (under groups hierarchy) change is done for one IKE gateway, the tunnel may be cleared for unrelated IKE/IPSec gateway.
1421905 The VPN tunnel might flap when IKE and IPsec rekey happen simultaneously.
Product-Group=junos
The VPN tunnel might flap in a corner case scenario (when IKE and IPsec rekey happen simultaneously).
1423821 Old tunnel entries might be observed in the output of show security IPsec or IKE SA.
Product-Group=junos
On SRX and MX platforms, old tunnel entries might be observed in the output of show security IKE/IPSEC security-associations after the IKE gateway configuration changes and new SA session is established. There is minor impact as old tunnel entries are getting deleted after 1-2 mins interval. No impact on traffic.
1433343 IPSec rekey trigger does not work when sequence number gets exhausted on SRX5K platforms with SPC3/SPC2
Product-Group=junos
On SRX5400, SRX5600 or SRX5800 with SPC3/SPC2, if traffic goes through an IPSec tunnel and sequence number gets exhausted in packets, it does not trigger IPSec rekey to generate new SA. IPSec traffic might be dropped due to anti replay window mismatch.
PR Number Synopsis Category: Security platform jweb support
1464110 IPv6 address objects containing a,b,c,d,e can't be configured via J-Web
Product-Group=junos
When configuring IPv6 address objects under Configure>Security>Objects>Zone Addresses>Addresses/Address-sets via J-web, address objects containing a,b,c,d,e can't be configured. The issue might impact IPv6 service deployment. Please configure address objects containing a,b,c,d,e via CLI command to avoid this issue.
PR Number Synopsis Category: issues related to RPD sensors including LSP
1449837 Changing the hostname will trigger lsp on -change notification, not an adjacency on-change notification. Also, currently ISIS is sending host-name instead of system-id in OC paths.
Product-Group=junos
Currently ISIS is sending system host-name instead of system-id in OC paths in lsdb or Adjacency xpaths in periodic streaming and on-change notification.
PR Number Synopsis Category: Layer 2 Circuit issues
1464194 The l2circuit connections might be stuck in OL state after changing the l2circuit community and flapping the primary LSP path
Product-Group=junos
In l2circuit scenario with community configured, when the community for l2circuit is changed from X to Y to go via a different LSP, the l2circuit connections might be stuck in "OL" state if there is a flap in the primary LSP path.
PR Number Synopsis Category: Layer 2 Control Module
1469635 Memory leak on l2cpd process might lead to l2cpd crash
Product-Group=junos
On all Junos platforms with l2cpd (Layer-2 control protocols) daemon, committing configuration changes which are processed by l2cpd (e.g., flexible-vlan-tagging, stacked-vlan-tagging, vlan-tagging, family ethernet-switching) might cause marginally memory leak. Committing the l2cpd processed configuration changes in a successive manner might cause the memory resource exhaustion (Some operations have the same effect as the committing action, e.g., bouncing a vlan-tagged interface in a successive way). Eventually, it could result in the l2cpd process crash.
1473610 ERP might not come up properly when MSTP and ERP are enabled on the same interface
Product-Group=junos
When both MSTP and ERP are enabled on the same interface, then ERP will not come up properly.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1468732 MAC address might not be learned on a new extended port after VMotion in Junos Fusion Data Center environment.
Product-Group=junos
In Junos Fusion Data Center environment, when a VM is moved from one satellite port to another using VMotion, MAC address of VM might not move to new satellite port in Aggregate Device's switching table.
1484468 Packet loss might be observed after device rebooted or l2ald restarted in EVPN-MPLS scenario
Product-Group=junos
In EVPN-MPLS scenario, if the core-facing interface (mpls interface) and the CE-facing interface are on different PEs, and the traffic from core is not continuous and DMAC (Dynamic MAC) ages out, due to an incorrect flood next-hop programming across different PFEs, packet loss might be observed after device rebooted or l2ald restarted.
PR Number Synopsis Category: L2TP service related issues
1472775 MX L2tp LTS fails to forward the agentCircuitId and agentRemoteId AVP towards the LNS
Product-Group=junos
MX L2tp LTS fails to forward the agentCircuitId and agentRemoteId AVP received from the LAC towards the LNS.
PR Number Synopsis Category: Label Distribution Protocol
1428843 The LDP might withdraw a label for an FEC once the IGP route is inactive in inet.0
Product-Group=junos
If LDP is used without using egress-policy, when the route from other routing protocol is preferred over the IGP route in inet.0, e.g. BGP-LU route exported in inet.0, LDP might withdraw the FEC label hence causing LDP traffic to get lost.
PR Number Synopsis Category: mc-ae interface
1447693 The l2ald might fail to update composite NH
Product-Group=junos
This is a timing issue where the l2ald receive underlay NH from rpd as part of LSI IFF ADD (VPLS core NH) and creates flood NH. Due to a flap at local IFL or core (VPLS etc.), the l2ald receives multiple LSI IFF Add and Delete in some order. In some sequence where rpd delete underlay NH from Kernel Forwarding table but the l2ald still create flood NH with this underlay NH, because IFF delete is yet to be received at the l2ald, so l2ald might fail to update Composite NH. This is generic L2 issue and can happen without mc-ae.
PR Number Synopsis Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS)
1429797 Extended Ukern thread(PFEBM task) priority to support BBE performance tuning
Product-Group=junos
Original PFEBM task, which is system-critical for internal network performance/resilience, was running a medium priority; Can see tnp queue errrors by 'show pfebm all' on VCP-bearing FPC when high rate of punt traffic (like ARPs or BGP route updates, etc.) which go through VC links. It needs to run at high priority to assure timely packet handling.
PR Number Synopsis Category: Multiprotocol Label Switching
1445024 The rpd memory leak might be seen when the inter-domain RSVP LSP is in down state
Product-Group=junos
In inter-domain RSVP (Resource Reservation Protocol) LSP (Label-switched Path) scenario, the rpd memory leak might be seen when the CSPF (Constrained Shortest Path First) tries to recompute the path for the "down" LSP which is due to no route or ERO is incorrectly configured. The issue might lead to rpd crash when the rpd is out of memory and results in traffic loss.
1465902 The device may use the local-computed path for the PCE-controlled LSPs after link/node failure
Product-Group=junos
In a Path Computation Element Communication Protocol (PCEP) scenario where the link/node protection is enabled, the PCE-controlled LSPs may shift to the local-computed path after link/node failure upon path retry processing.
PR Number Synopsis Category: Multicast Routing
1443713 PIM (S,G) joins can cause MSDP to incorrectly announce source active messages in some cases
Product-Group=junos
In the event of a network running: 1) a first-hop PIM router also being a rendez-vous point (RP); and 2) anycast RP in conjunction with MSDP; and 3) any-source multicast; and 4) a PIM last-hop router sending an (S,G) join when there is no traffic in the network matching the source and group, the first-hop RP will incorrectly send MSDP source-active messages to other MSDP peers. In other cases such as when the RP is not the first-hop PIM router, the traffic source needs to originate packets before the RP would originate MSDP source-active messages.
1470183 The mcsnoopd might crash when the STP moves the mrouter port to the blocked state
Product-Group=junos
On ACX, EX, QFX, NFX and SRX platform, when IGMP snooping is enabled and a logical interface (IFL) of mrouter port is in blocked state by Spanning Tree protocol (STP), removal of the IFL might get stuck in Kernel routing table (KRT), which causes mscnoopd crash. Traffic loss will happen during mscnoopd self-restart.
PR Number Synopsis Category: Multicast for L3VPNs
1442054 Memory leak might happen if PIM messages received over an MDT (mt- interface) in Draft-Rosen MVPN scenario
Product-Group=junos
On all Junos platforms configured in the Draft-Rosen Multicast Virtual Private Network (MVPN) scenario, if Protocol Independent Multicast (PIM) messages are received over an Multicast Distribution Tree (MDT) tunnel logical interface (mt- interface), there might be memory leak which will lead to the rpd process crash.
1469028 The rpd might crash when "link-protection" is added/deleted from LSP for MVPN ingress replication selective provider tunnel
Product-Group=junos
In MVPN scenario with ingress replication selective provider tunnel used, if the knob "link-protection" is added/deleted from the LSP for MVPN, rpd crash might be seen. The reason is that when link-protection is deleted, the ingress tunnel is not deleted, and when link link-protection is added back, it tries to add same tunnel, hence the rpd asserts as same tunnel exists. Finally the rpd core might be seen.
PR Number Synopsis Category: Track Mt Rainier SPMB platform software issues
1460992 Hardware failure in CB2-PTX causes traffic interruption
Product-Group=junos
In PTX 3000/5000 platforms with CB2-PTX (Control Board), there is an existence of an errata on a clock signal component manufactured by a third-party supplier, which might cause the Switch Processor Mezzanine Board (SPMB) and Switch Interface Boards (SIBs) failure, eventually, traffic will be interrupted.
PR Number Synopsis Category: build tools
1290089 jcrypto syslog help package and events are not packaged even when errmsg is compiled
Product-Group=junos
jcrypto syslog help package and events are not packaged even when errmsg is compiled properly. Several of the KMD help syslog entries are missing
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1427233 The duplex status of management interface might not be updated in the output of show command
Product-Group=junos
On all Junos platforms that are upgraded to Junos OS Release 15.1 onward, when the duplex setting is changed on the management interface (for example, fxp0/em0), the duplex status of the management interface might not be updated in the output of the "show interface <>".
1442376 EX2300 platforms might stop forwarding traffic or responding to console
Product-Group=junos
On EX2300/EX2300-C platforms, if Junos OS is with FreeBSD kernel version 11 with the build date on or after 2019-02-12, the switch might stop forwarding traffic or responding to console. A reboot is required to restore the service.
1450093 EX4300 : CLI config "on-disk-failure" is not supported
Product-Group=junos
On an EX4300 switch, the CLI configuration "set chassis routing-engine on-disk-failure disk-failure-action (reboot | halt)" is not supported.
1454950 EX switches might not come up properly upon reboot
Product-Group=junos
EX switches might not come up properly upon reboot due to the date not been set up.
1469400 EX3400 might reboot because of lack of watchdog patting
Product-Group=junos
On EX3400, if watchdog pat did not happen within stipulated time and it might reboot automatically with "0x2:watchdog" as reboot reason.
PR Number Synopsis Category: Kernel MPLS / Tag / P2MP Infrastructure
1478806 Kernel crash and device restart might happen
Product-Group=junos
In a corner case on Junos platform, where the family ccc is configured along with any other existing family within the same interface, like inet, inet6, etc. (basically, Junos never allows to do so, but somehow a customer did it ). And if the family ccc is deleted from the interface, which might cause kernel crash and the device reboot automatically, so all the traffic will be interrupted.
PR Number Synopsis Category: Kernel socket data replication issues for protocols that use
1472519 The kernel may crash and vmcore may be observed after configuration change is committed
Product-Group=junos
On all Junos platforms, after committing the configuration change (e.g. removal of protocols like mpls, isis, ldp from the interfaces), then the kernel may crash and vmcore may be observed. This issue also may cause protocol adjacency failure.
PR Number Synopsis Category: TCP/UDP transport layer
1449664 FPC might reboot with vmcore due to memory leak
Product-Group=junos
On all Junos platforms, if the device is up for a long period (e.g. several weeks or months), there might be a slow memory leak happening in some error scenarios where an application tries to send some data on a stale TCP socket (e.g. short-lived TCP connections used by the mgd process), and this issue might lead to FPC reboot with vmcore files.
PR Number Synopsis Category: OSPF routing protocol
1444728 The rpd crash might be seen after configuring OSPF nssa area-range and summaries
Product-Group=junos
In the scenario of running OSPF, if nssa area-range and summaries are configured, the rpd crash may occur and traffic may be lost.
1463535 Install all possible next-hops for OSPF network LSAs
Product-Group=junos
For each network lsa, OSPF code fetches the first router lsa link and adds the only one candidate as route. Now the code is updated to fetch all the router lsa link, present in network lsa.
PR Number Synopsis Category: PTX Broadway based PFE MPLS-LSPs RSVP VPNs tcc ccc software
1484255 FPC might crash when dealing with invalid next-hops
Product-Group=junos
On PTX3000/PTX5000 platform with some specific FPCs, if the weights of links are set to an invalid value on an AE bundle interface or unilist (an unilist next-hop composed of several unicast next-hops), the FPC crash might be observed. It is a rare issue and the FPC will try to reload to resolve this problem. Traffic loss might be seen before the FPC completes the reload period.
PR Number Synopsis Category: Periodic Packet Management Daemon
1448670 The connection between ppmd (RE) and ppman (FPC) might get lost due to session timeout
Product-Group=junos
Under certain circumstances such as JUNOS VM freeze at the Routing Engine, ppmd to ppman connection might be closed if the session timeout is greater than 3 seconds in either direction. This might lead to flapping of distributed ppm protocol adjacency such as lacp/mBFD.
PR Number Synopsis Category: PTP related issues.
1408178 QFX5k : Transit traffic loss when one of LAG child interfaces deleted or deactivated
Product-Group=junos
Traffic does not pass through LAG interface on QFX5k once deleted or deactivated one of child interfaces though LAG interface is UP state. At that time, invalid vlan tag will be added to traffic.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1462582 "entPhysicalTable" MIB is not fetching expected data on QFX10002-72Q / 36Q platforms
Product-Group=junos
"entPhysicalTable" MIB is not fetching expected data on QFX10002-72Q / 36Q platforms
1462582 "entPhysicalTable" MIB is not fetching expected data on QFX10002-72Q / 36Q platforms
Product-Group=junosvae
"entPhysicalTable" MIB is not fetching expected data on QFX10002-72Q / 36Q platforms
PR Number Synopsis Category: Interface related issues. Port up/down, stats, CMLC , serdes
1440062 The EX4600/QFX5100 VC might not come up after replacing VC port fiber connection with DAC cable
Product-Group=junos
On the EX4600/QFX5100 virtual chassis scenario, the VC may split after replacing VC port fiber connection with DAC cable.
1449406 CRC error might be seen on the VCPs of the QFX5100 VC
Product-Group=junos
In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC.
1449406 CRC error might be seen on the VCPs of the QFX5100 VC
Product-Group=junosvae
In QFX5100 VC (Virtual Chassis) scenario, CRC (Cyclic Redundancy Check) error might be seen on the VCPs (Virtual Chassis Port) when the VCPs are "BCM84328 PHY" ports. The CRC error indicates there is data corrupt, the issue might reduce the system performance. The issue can be avoided by using non-"BCM84328 PHY" ports as VCPs to build the VC.
1465302 The physical interface of AE (Aggregated Ethernet) might take time to come up after disable/enable
Product-Group=junos
On Junos platforms, the physical interface of AE might come up after a long delay (4 mins) if there are millions of bgp routes learnt on the device. This delay is happening because PFE Manager thread is busy processing the routing updates from RE. These routing updates are the result of AE interface going down at the first step of disabling the interface.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1409448 The 10G fiber interfaces might flap frequently when they are connected to other vendor's switch
Product-Group=junos
When QFX5100 and other vendor's switch are connected via 10G fiber link, flaps may happen sometimes.
1419732 "show interface" indicates "Media type: Fiber" on QFX5100-48T running "QFX 5e Series" image
Product-Group=junos
"show interface" indicates "Media type: Fiber" on QFX5100-48T running "QFX 5e Series" image. This is a display issue. Physical interface: xe-0/0/0, Enabled, Physical link is Down Interface index: 650, SNMP ifIndex: 515 Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Link-mode: Auto, Speed: Auto, BPDU Error: None, Loop Detect PDU Error: None, Ethernet-Switching Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Auto-negotiation: Disabled, Remote fault: Offline, Media type: Fiber <<<<<< Here!! Should be "Copper" Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x4000 Link flags : None
1454527 Dcpfe should crash because usage of data is not NULL terminated on QFX5K
Product-Group=junosvae
The dcpfe crash is due to usage of data which is not NULL terminated on QFX5K.
1457456 Over temperature SNMP trap messages are shown up after update even though the temperature are within the system thresholds
Product-Group=junos
EX2300 and QFX series switches generate SNMP trap for high temperature after upgrading to any of the affected Junos software. This is due to a temperature threshold value being set incorrectly in the software, SNMP false trap related to temperature gets generated and results in "over temperature" logs.
1465183 PEM is not present spontaneously on QFX5210
Product-Group=junosvae
On QFX5210 platforms, due to a firmware issue on the power supplies (PEMs) of the switch, the routing engine may spontaneously misread the status registers of a power supply. This produces erroneous messages of PEM not present. Although the power supply is present and can deliver power, the system may then deactivate the power supply believing it not to be present.
1466810 EPR iCRC errors in QFX10000 series platforms might cause protocols down
Product-Group=junos
EPR iCRC errors in QFX10000 series platforms might cause protocols down. FPC will be in wedged state and will not pass traffic on that PFE if hitting this issue. EPR iCRC errors are normal and caused by transient hardware conditions. EPR iCRC errors are not expected to impact the protocols, and only one CRC failed packet will be dropped. But due to incorrect handling of this error, it affects protocols and causes FPC wedge.
1471216 The speed 10m might not be configured on the GE interface
Product-Group=junos
On QFX5100 and EX4300 mixed-mode Virtual Chassis, the speed 10m might not be configured on the GE interface.
PR Number Synopsis Category: QFX platform optics related issues
1457266 QFX5110 QSFP-100GBASE-SR4 made by Avago cannot linkup
Product-Group=junos
On QFX5110, interface on QSFP-100GBASE-SR4 whose Xcvr vendor is Avago on the QFX side cannot linkup, FEC errors might be seen on the other side.
PR Number Synopsis Category: QFX access control list
1464883 QFX5100-24Q: not able to apply dscp rewrite to firewall filter to a Layer 3 subinterface (e.g. xe-0/0/0.100)
Product-Group=junos
When you try to apply a firewall filter that contains a "then dscp" action to a Layer 3 inet subinterface, you will get an error when trying to commit. Applying the same filter to an IRB interface succeeds as does applying the same filter to a Layer 3 subinterface on QFX5100-48S.
PR Number Synopsis Category: QFX PFE Class of Services
1468033 Ingress drops to be included at CLI from interface statistics and added to InDiscards
Product-Group=junos
In QFX5000 platforms, as Ingress buffer drops (InDiscards) field is not presented the output of "show interfaces extensive x-x/x/x". This change added ingress buffer drops counters.
PR Number Synopsis Category: DHCP related Issues
1459499 The lightweight DHCPv6 relay agent functionality might be broken on QFX5K platforms
Product-Group=junos
On QFX5K platforms, the Lightweight DHCPv6 Relay Agent (LDRA) functionality might be broken. Due to this issue, when light-weight-dhcpv6-relay is configured under dhcp-security hirachy, dhcp-security ipv6 binding might be stuck at "WAIT" state and get cleared later.
PR Number Synopsis Category: Filters
1462594 The fxpc process might core-dump when changing MTU in a VXLAN scenario with firewall filters applied on QFX5K platforms
Product-Group=junos
On the QFX5K VC/VCF platform with firewall filters applied on VXLAN enabled interface, the fxpc process might crash when changing MTU for the interface.
1480776 ARP request packets for unknown host might get dropped in remote PE in EVPN-VXLAN scenario
Product-Group=junos
In EVPN-VXLAN environment, when local CE sends ARP request packets for unknown host, the packets will hit firewall-host queue in remote PE. It might trigger DDoS protection policer violations for firewall-host queue hence the ARP request packets might get dropped.
PR Number Synopsis Category: for all ipv6 related issues
1459759 The fxpc process might crash due to several BGP IPV6 session flaps
Product-Group=junos
On QFX5100 and EX4600 platforms, the fxpc (packet forwarding engine manager) process might crash when multiple BGP IPV6 sessions (for instance around 500) are flapped and then restored at the same time.
PR Number Synopsis Category: QFX L2 PFE
1473685 The RIPv2 packets forwarded across a L2circuit connection might be dropped
Product-Group=junos
When RIPv2 routes are received on a QFX5100/EX4600 platforms, either to or from an L2 circuit connection, such packets are not propagated. This includes directed unicast RIPv2 packets.
1474545 Continuous error log messages might be raised on QFX5K platforms in EVPN/VXLAN scenario
Product-Group=junos
In EVPN-VXLAN scenario, when an SP style interface is configured both with native-vlan-id and LLDP on QFX5000 platforms, continuous log messages might be observed.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1456336 Link up delay and traffic drop might be seen on mixed SP L2/L3 and EP L2 type configs
Product-Group=junos
This PR includes three issues. First one: When Layer3 IFL (logical interface) is configured first and then Layer2 IFL is configured, MAC move might not happen. Second one: On Vxlan setup with large number of child interfaces, link up delay is seen. Third one: In case of VLAN setup with Enterprise/Service Provider L2 and L3 type configs, when all the configs are done in single commit statement then the traffic might not be forwarded.
PR Number Synopsis Category: QFX MPLS PFE
1469998 If continuous interface flaps at ingress/egress of PE devices, IP routed packets might be looped on the MPLS PHP node
Product-Group=junos
On QFX5K platform, when MPLS node-link-protection is configured on all nodes (PE and P device), the IP routed packets might be looped on the MPLS PHP node (P device) if continuous interface flaps at ingress/egress of PE devices.
1474935 L2circuit might fail to communicate via VLAN 2 on QFX5K platforms
Product-Group=junos
On QFX5K platforms acting as L2circuit PE (tunnel terminating node), if VLAN 2 is used for L2circuit communication with CE node, the VLAN 2 packets might be dropped on PE.
PR Number Synopsis Category: QFX EVPN / VxLAN
1463939 JDI-RCT : QFX 5100 VC/VCF : Observing Error BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: while cleanup Evpan-VxLAN configs with Mini-PDT base configurations
Product-Group=junos
On QFX5100, Error BRCM-VIRTUAL,brcm_vxlan_walk_svp(),6916:Failed to find L2-iff for ifl: may come while cleanup Evpn-VxLAN configs. These are harmless messages.
PR Number Synopsis Category: QFX VC Infrastructure
1465196 A 10G interface might not come up on QFX5100-48T switches or negotiate at speed 1G when connected with Broadcom 57800-T daughter card
Product-Group=junos
On QFX5100-48T, the 10G interface might not come up or negotiate at the speed of 1G with Broadcom 10G 57800-T daughter card. In the issue state, speed will be set to 1G which might make the interface down and result in traffic impact.
1478905 The default VC MAC persistence timer is incorrectly set to 20 seconds instead of 20 minutes
Product-Group=junos
In QFX5200-32C, QFX5110 VC (Virtual Chassis) scenario, the default VC MAC (Media Access Control) persistence timer is incorrectly set to 20 seconds instead of 20 minutes. If the master VC member is rebooted, the new master member starts using its own MAC address as the system's MAC base address after only 20 seconds instead of 20 minutes. This results in issues like OSPF (Open Shortest Path First) stuck in "init" state after the master VC member reboot.
PR Number Synopsis Category: QFX VCCP
1454343 Master FPC might come up in master state again after reboot instead of backup
Product-Group=junos
In QFX5110-32Q VC with 100G VCP links, if the master switch with the lowest MAC address reboot, it might come up in the master state again instead of backup. This can have outage around ten minutes and packets loss.
PR Number Synopsis Category: Routing Information Protocol
1485009 The rpd crashes if the same neighbor is set in different RIP groups
Product-Group=junos
If the same neighbor is configured under different RIP groups, the commit check fails to capture this invalid configuration and commit can be done successfully. However the rpd will crash.
PR Number Synopsis Category: rosen-6 and rosen-7 mvpn bugs
1405887 The CLI command "show pim mdt data-mdt-limit instance " with family option might cause CPU usage of rpd high
Product-Group=junos
In draft-rosen MVPN scenario with data-mdt, if performing the CLI command "show pim mdt data-mdt-limit instance ", The output might go in loop and the rpd process might use high CPU.
PR Number Synopsis Category: KRT Queue issues within RPD
1402569 JUNOS rpd core seen after couple of config rollback event from baseline config to pdt profile config
Product-Group=junos
JUNOS RPD core seen after multiple configuration rollback events from baseline config to configuration with large BGP+IGP configuration. In certain events, a change in import policy or resolution rib at the same time when BGP peer is shutting down can cause inconsistencies in Next-Hop entries, in causing RPD process coredump.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1441550 The rpd may crash or consume 100% of CPU after flapping routes
Product-Group=junos
When flapping the existed flood nexthop type routes, it may cause rpd crash or consume 100% of CPU. This issue may cause routing protocols sessions/neighbors flap or traffic loss.
PR Number Synopsis Category: RPD policy options
1453439 Routes resolution might be inconsistent if any route resolving over the multipath route
Product-Group=junos
On all Junos platforms, any route resolving over the multipath routes, one scenario is BGP over BGP. After the metric value of any PNH (refers to the second PNH and using it to performing the second time next-hop resolving) changes, meanwhile, if the hash-selection changes happened, it might result in routes resolution inconsistency. Traffic drops could be observed if the packages are still forwarding to the old PNH (Protocol Next Hop). Any recursive resolving multipath scenario might trigger this issue.
1476530 Support for dynamic tunnels on SRX Series devices was mistakenly removed.
Product-Group=junos
Support for dynamic-tunnels on SRX-Series devices was mistakenly removed.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1459384 The rpd memory leak might be observed on backup routing engine due to BGP flap
Product-Group=junos
In a BGP scenario when certain routes are flapping frequently, it could lead to rpd memory leak on backup Routing Engine. The rpd might crash and restart once the rpd runs out of memory for certain junos releases.
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1421076 RPD crash might occur when changing prefix list address from IPv4 to IPv6
Product-Group=junos
RPD crash might occur when changing prefix list address from IPv4 to IPv6 Configure IPv4 prefix-list: set policy-options prefix-list PREFIX_LIST 10.0.0.0/24 Configure a policy that has "then next policy" term: set policy-options policy-statement POLICY term PREF from prefix-list PREFIX_LIST set policy-options policy-statement POLICY term PREF then next policy set policy-options policy-statement POLICY term END then reject commit Note: If a terminating action is used for term PREF (such as "then accept"/"then reject") the core does not appear. Change prefix-list using "replace-pattern" [edit policy-options prefix-list PREFIX_LIST] replace pattern 10.0.0.0/24 with 2001:10::/64 commit RPD crash occurs
1442542 EVENT UpDown interface logs are partially collected in syslog messages
Product-Group=junos
When multiple interfaces UpDown event happens, a number of interfaces are not logged the event but partial logs are recorded in messages file.
PR Number Synopsis Category: multicast source distribution protocol
1454244 The rpd memory might leak in a certain MSDP scenario
Product-Group=junos
In the Multicast Source Discovery Protocol (MSDP) scenario, where the router acts as both Rendezvous Point (RP) and First Hop Router (FHR), connecting to another RP in its AS with a logical loop topology, due to this special setup, it might cause a source-active (SA) message continuously to loop and eventually causes the rpd memory leak.
PR Number Synopsis Category: Resource Reservation Protocol
1359087 The FPC might be stuck in 'Ready' state after applying a configuration change that will remove RSVP and trigger FPC restart
Product-Group=junos
When 'tunnel-services' is configured under 'chassis fpc <> pic <>', the vt-x/y/z physical interface (IFD) is created for the corresponding FPC. If 'protocols rsvp' is configured, RSVP will create a default vt-x/y/z.u logical interface (IFL) under the corresponding vt-x/y/z IFD. After applying a configuration change that will remove RSVP and trigger FPC restart, the vt-x/y/z.u IFL is not cleaned up due to a code issue. Hence the corresponding vt-x/y/z IFD cannot be cleaned up during the corresponding FPC coming up. The IFD cleaning keeps retrying which cause the corresponding FPC to be stuck in 'Ready' state.
1471281 The rpd crash might be seen after doing some commit operations which could affect RSVP ingress routes
Product-Group=junos
On all platforms with BGP PIC configured, if doing some commit operations where RSVP ingress routes are affected, the rpd crash might be seen.
1476773 RSVP LSPs might not come up in scaled network with very high number of LSPs if NSR is used on transit router
Product-Group=junos
If NSR is enabled on transit router with scaled RSVP LSPs, RESV message might not be sent from transit router because the path messages replication on master RE does not complete in time. Hence RSVP LSPs might not come up with traffic impact.
PR Number Synopsis Category: IPSEC functionality on M/MX/T ser
1477483 On NATT scenario the IKE Version 2 IPsec tunnel might flap if the tunnel initiator is not behind NAT
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC card installed and NATT scenario, when the IPsec tunnel initiator is not behind NAT, it might cause IPsec tunnel flapping. It happens in IKEv2 scenario.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1459306 The traffic might be stuck on MS-MPC/MS-MIC with sessions receiving huge number of affinity packets
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC, if there are sessions receiving huge number of affinity packets (e.g. thousands of packets), the service interface might be brought down by the prolonged flow-control, and the mspmand process crash might happen. In this case, the traffic will be stuck due to this issue.
PR Number Synopsis Category: SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1425405 The mspmand process might crash and restart with a mspmand core file created after doing a commit change to deactivate and activate service-set
Product-Group=junos
On MX-Series platforms with NAT pool PBA (Port Block Allocation) configuration, the mspmand process might crash and restart with a mspmand core file created if a NAT pool PBA configuration is changed. The impact is that it might cause a service traffic loss.
PR Number Synopsis Category: SRX Argon module bugs
1455169 The SRX Series devices stop and generate several core files.
Product-Group=junos
The SRX device generates a lot of core-dumps when AAMW(advanced-anti-malware) and user-firewall features are used.
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1430403 Certain interfaces may drop all unicast traffic when LTE PIM is used.
Product-Group=junos
On SRX Series devices with LTE PIM card installed, after committing configuration changes for an interface, certain interfaces may go to problematic state, which results in all unicast traffic loss.
1465199 Static route through dl0.0 interface is not active.
Product-Group=junos
On SRX320,SRX345 or SRX550m platforms with LTE Mini-PIM module installed, if configure a static route with the gateway IP address of d10 as next-hop and default route is configured, all traffic destined for the static route will fail to transmit to dl0 interface.
1468430 Tail drop on all ports is observed when any switch-side egress port gets congested.
Product-Group=junos
On the SRX300 line of devices with Mini-PIM installed, tail-drop might happen on all ports when the serial egress port gets congested.
PR Number Synopsis Category: MPC7/8/9 chassis issues
1437855 The chassisd might crash after enabling hash-key
Product-Group=junos
On all Junos platforms, if hash-key is enabled, packets might be dropped due to chassisd crash, including packets on other FPCs on which the hash-key is disabled.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1463015 An interface might get stuck in down state on certain MX platforms
Product-Group=junos
The interfaces on certain MX platforms might get stuck in a down state, if the remote interface sends invalid code to the local interface. Link might not come up even after the remote peer has begun sending a good signal.
PR Number Synopsis Category: SRX-1RU HA SW defects
1474233 An unhealthy node might become primary in SRX4600 devices with chassis cluster scenario.
Product-Group=junos
In the SRX4600 Chassis Cluster scenario, a node might become primary in a failover scenario. This can lead to packet drops.
PR Number Synopsis Category: SRX-1RU platfom datapath SW defects
1462610 The srxpfe or flowd process might stop if the sampling configuration is changed.
Product-Group=junos
On all SRX platforms, if Jflow is configured and there is a sampling configuration change, the srxpfe/flowd process might crash. This is a corner issue. It might cause traffic loss.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1397628 The PPPoE subscribers are unable to reconnect after FPC reboot
Product-Group=junos
In the scale subscribers management environment, the PPP inline keepalives don't work after all the AE (Aggregate Ethernet) member link line cards reboot. This issue may cause the PPPoE subscribers are unable to reconnect.
1476786 Traffic loss may be observed to the LNS subscribers in case the "routing-service" knob is enabled under the dynamic-profile
Product-Group=junos
On the MX platforms working in an enhanced subscriber environment, if the "routing-service" knob is enabled under the dynamic-profile for the LNS subscribers, l2tp services may not be programmed properly in the PFE due to timing, which causes forwarding issue to the affected subscribers.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1468663 JNH memory leaks might be seen after CFM session flap for LSI/VT interfaces
Product-Group=junos
JNH memory leak may be seen when CFM session over the VPLS LSI interface/VT interface flaps if mip-half-function is used.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1434980 PFE memory leak might be seen if MLPPP links are flapped
Product-Group=junos
On all Trio-based platforms, MLPPP links flap continuously might result in PFE memory exhaustion. Furthermore, the PFE crash might be seen due to running out of memory.
1444186 GRE packets which are larger than MTU get dropped on MX204 platforms when sampling is enabled on the egress interface
Product-Group=junos
On MX204 platforms, if GRE packet length exceeds MTU of gr interface and the egress interface is configured with sampling, it might cause GRE packet to be dropped because the reassembled packet's checksum is incorrect.
PR Number Synopsis Category: Trio pfe multicast software
1478981 The convergence time for MVPN fast upstream failover might be more than 50ms
Product-Group=junos
On MX platforms which act as Next Generation Mulicast Virtual Private Network (NG-MVPN) Provider Edge (PE) routers, if the hot-root-standby and sender-based-rpf features are configured to enable MVPN fast upstream failover, once the primary multicast flow rate falls below the configured "mvpn hot-root-standby min-rate rate" threshold, the egress PE router is supposed to take switchover action from the primary flows to the backup ones, and the covergence time should be within 50 milliseconds. Due to this issue, the covergence time might be more than 50ms and reach up to several seconds (e.g. 2~3s) in a highly scaled scenario (e.g. the number of the multicast groups undergoing the switchover simultaneously is greater than 250 groups). This will result in more traffic loss than expected.
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1461021 Modifying the REST configuration might cause the system to become unresponsive.
Product-Group=junos
When Representational State Transfer (REST) service configuration is modified, for example the REST service is configured and then deleted for multiple times, the system might become unresponsive, even to SSH and console. This issue has service impact.
PR Number Synopsis Category: Configuration management, ffp, load action
1426341 Switch may unable to commit baseline config after zeroize
Product-Group=junos
When the OpenConfig package is used (The OpenConfig package became part of image itself from 18.3, prior to 18.3 OpenConfig package is a seperate add-on package), the following switches (EX2200, EX3200, EX3300, EX3400, EX4200, EX4300, EX4500, EX4550, EX4600, QFX3000, QFX3100, QFX3500, QFX3600, QFX5100) may unable to commit baseline config after zeroize.
PR Number Synopsis Category: Configuration mgmt, ffp, load-action, commit processing
1410322 The configuration database might not be unlocked automatically if the related user session is disconnected during the commit operation in progress
Product-Group=junos
Configuration database can remain locked after the SSH session is halted.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1464439 The CPU utilization on mgd daemon might be stuck at 100% after the netconf session is interrupted by flapping interface
Product-Group=junos
If a netconf session is initiated over inband connection, the CPU utilization on mgd daemon might be stuck at 100% after the netconf session which is executing an RPC call for some commands gets interrupted by flapping interface. There is no impact observed to control-plane or forwarding-plane, the subsequent netconf session will continue to function.
1480348 TFTP installation from loader prompt may not succeed on the EX series devices
Product-Group=junos
On the EX series platforms with 17.1R1 onwards, software installation from loader prompt may not succeed by using TFTP.
PR Number Synopsis Category: PTX/QFX10002/8/16 specific software components
1471679 ARP suppression (default enabled) in EVPN not working on MX10008/MX10016 line cards
Product-Group=junosvae
If MX10008 or MX10016 function as provider edge (PE) devices in an Ethernet VPN-MPLS (EVPN-MPLS) or Layer 3 VXLAN gateways in an Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) environment, ARP suppression is enabled by default, when the ARP expires on any the CPE's , it sends out an ARP REQ broadcast message , this should be suppressed by the PE(MX10008/MX10016). However, ARP broadcast received on MX10008/MX10016 seems to flooded.
1475871 Traffic loss might be seen as backup RE takes around 20 seconds to acquire mastership
Product-Group=junos
On the MX10008/10016 platforms, when GRES and NSR are configured, backup RE will take about 20 seconds to acquire mastership after kernel crash on master RE. Due to this long switching time, traffic loss might be seen. Normal RE mastership switchovers are not affected by this issue.
PR Number Synopsis Category: PTX/QFX100002/8/16 platform software
1464119 FPC might restart during run time on PTX10K/QFX10K platforms
Product-Group=junos
On PTX10K/QFX10K platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions.
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1454895 The VRRP traffic loss is longer than one second for some backup groups after performing GRES
Product-Group=junos
On all Junos OS platforms, configuring VRRP over the AE interface whose member physical interfaces belong to different PFE (packet forwarding engine), some backup VRRP groups traffic loss are observed longer than one second after performing GRES (graceful Routing Engine switchover). As the expectation is that the outage is subsecond.
PR Number Synopsis Category: VSRX platform software
1469978 vsrx2.0 - config-drive does not work as expected
Product-Group=junos
Adding the license to the vSRX while it's getting spun through cloud-init fails. It would have to manually add it after the device has booted up.
 
Modification History:
Updated 2020-05-11 to include the notice for TSB17782
First publication 2020-04-07
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search