Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles18.4R3-S1: Software Release Notification for JUNOS Software Version 18.4R3-S1
Warning: With VPLS/Bridge-Domain environment, an MX/EX9200 Series router with Trio-based MPCs running software version 18.4R3-S1. The MPCs may experience NH memory leak in the PFEs when using integrated routing and bridging (IRB) interface participating in the VPLS/Bridge-domain instance.
Junos Software service Release version 18.4R3-S1 is now available.
PR Number | Synopsis | Category: LLDP |
---|---|---|
1464553 | The LLDP packets might get discarded on all Junos platforms Product-Group=junos |
On all Junos platforms, the LLDP packet received from any other vendor might get discarded. The issue is seen when there are two location-id in the same packet and the Junos device considers the LLDP packet as duplicate and discards it. This might result in the PoE phone not coming up or neighborship information not getting exchanged. |
PR Number | Synopsis | Category: L2NG RTG feature |
1461293 | MAC addresses learned on RTG may not be aged out after aging time Product-Group=junos |
MAC addresses learned on redundant trunk group (RTG) might not be aged out after aging time if the source interface is configured as RTG. |
PR Number | Synopsis | Category: EX4300 PFE |
1453025 | The IRB traffic might get drop after mastership switchover Product-Group=junos |
In the Virtual-Chassis scenario with mac-persistence-timer enabled, the IRB traffic might get drop after master switchover. |
PR Number | Synopsis | Category: EX2300/3400 CP |
1482709 | EX2300 -- SNMP Traps are not generated when MAC addresses limit threshold is reached Product-Group=junos |
On EX2300, with mac-limit and drop-and-log action configured,when the limit threshold is reached, a syslog message is triggered but no SNMP trap is generated. |
PR Number | Synopsis | Category: EX2300/3400 platform |
1452209 | The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured Product-Group=junos |
On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow. |
1452209 | The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured Product-Group=junosvae |
On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow. |
1477165 | EX3400 me0 interface might remain down Product-Group=junos |
The me0 interface of EX3400 does not come up when connected to 100m speed interface. |
PR Number | Synopsis | Category: QFX Access control list |
1476708 | ARP packets are always sent to CPU regardless of whether the storm-control is activated Product-Group=junos |
On QFX5K platforms with VXLAN or VLAN scenario, ARP packets are not rate limited by the storm-control settings as the ARP packets will be copied to CPU by VLAN register settings and can be only rate limited by the CPU Queues rate-limit settings (ARP DDOS Queues). |
PR Number | Synopsis | Category: QFX PFE L2 |
1467466 | Few MAC addresses might be missing from MAC table in software on QFX5k platform. Product-Group=junos |
On QFX5k platform, if Packet Forwarding Engine process is restarted manually or device reboot occurs, some MAC address(es) might not be seen on software MAC table but MAC address will be present in hardware table. |
PR Number | Synopsis | Category: QFX L3 data-plane/forwarding |
1475819 | Traffic might not be forwarded over ECMP link in EVPN VXLAN scenario Product-Group=junosvae |
On QFX5110/QFX5120 platforms, when Traffic Load Balance is used in EVPN VXLAN scenario, traffic might not be forwarded over ECMP link after the ECMP link flapped. |
1477073 | GRE transit traffic does not forward in VRRP scenario Product-Group=junos |
On QFX5110 platforms, GRE transit traffic might be dropped when sending GRE tunnel packets with the destination MAC as VRRP MAC. It has a traffic impact. |
PR Number | Synopsis | Category: CoS support on ACX |
1455722 | ACX5048 snmp polling will stalled after the link flap/ sfp replacement and ACX_COS_HALP(acx_cos_gport_sched_set_strict_priority:987): Failed to detach logs will be seen Product-Group=junos |
When inserting a SFP, the lowest ifd index available is assigned to the new interface created. During this sfp attach, an ifd-halp entry is also created in cos table for the interface. When SFPs are swapped and SFPs get their IFD index assigned interchanged as that of their old IFDs, issue is observed. As per PFE, the bcm port for the interface remains the same while IFD alone changes when removed and inserted. Hence while creating an ifd-entry for the interface in cos table, it is checked for any old entry still present for same bcm port. But the check done to validate for any old entry is improper. It does not check whether the old ifd index present is still for same bcm port. Due to this check missing, a valid ifd-entry of some other interface is getting deleted in cos table. Introduced the additional validation to ensure the old ifd index of the interface is still for same bcm port. Deleting of old ifd-entry is done only if bcm port of current entry and old ifd entry are same. Also added in existing debug message to display the ifd index which is getting deleted. |
PR Number | Synopsis | Category: ACX Services feature |
1479710 | dcpfe core when disabling/enabling macsec via Toby scripts Product-Group=junos |
dcpfe core when disabling/enabling macsec via Toby scripts |
PR Number | Synopsis | Category: a20a40 specific issue |
1479255 | The RGx might fail over after RG0 failover in a rare case. Product-Group=junos |
On the SRX5000 platforms with SPC3 in use, the RGx (x>0) failover may be observed followed by RG0 failover, this is a timing issue and due to unexpected "hardware timeout" detected by RGx after RG0 failover. |
PR Number | Synopsis | Category: a2a10 specific issue |
1471524 | The flowd or srxpfe process might stop immediately after committing the jflowv9 configuration or after upgrading to affected releases. Product-Group=junos |
On all SRX platforms, if Jflow v9 is configured on the device, the flowd/srxpfe daemon might crash when committing the configuration or after upgrading to affected releases. It might show as a hung state for the device or the device will crash. Affected Releases are 12.3X48-D80 to D95 and 15.1X49-D160 to D200. |
PR Number | Synopsis | Category: common or misc area for SRX product |
1467376 | Physically disconnecting the cable from fxp0 interface causes Hardware(HW) monitor failure and redundancy group failover on SRX1500 and SRX4K primary node in a chassis cluster. Product-Group=junos |
On SRX1500 and the SRX4000 line of devices, physically disconnecting the cable from fxp0 interface causes hardware monitor failure and redundancy group failover, when the device is the primary node in a chassis cluster. |
PR Number | Synopsis | Category: These are new categories in the areas of PFE |
1460209 | Loop detection might not work on extended ports in Junos Fusion scenarios Product-Group=junos |
In Junos Fusion scenarios, if loop detection is enabled on extended ports, when a satellite device (SD) is rebooted, or when a satellite device is added or removed/re-added, the loop detection feature might not work. |
PR Number | Synopsis | Category: BBE interface related issues |
1459961 | Subscriber statistics can be broken after ISSU Product-Group=junos |
In a subscriber management environment, subscriber statistics reported by CLI commands and Radius can be broken if In-Service Software Upgrade (ISSU) is performed from any JUNOS release earlier than 18.4 to 18.4 or newer build. |
PR Number | Synopsis | Category: BBE Resource monitoring related issues |
1443109 | The bbe-smgd might crash on MX platforms Product-Group=junos |
On MX platforms, subscriber login and GRES(Graceful Routing Engine Switchover) are handled by two different threads in bbe-smgd daemon. If the thread which handles GRES scheduled first, it sets the SDB(Session Database) state as closed and releases the SDB shared memory. When i/o thread handles the subscriber login request, it does not find the shared memory pointer which might lead to bbe-smgd crash. |
PR Number | Synopsis | Category: Border Gateway Protocol |
1473351 | Removing cluster from BGP group might cause prolonged convergence time Product-Group=junos |
Cluster removal from BGP group might lead to a state where each subsequent change to BGP configuration will trigger import policy reevaluation causing prolonged convergence time of several minutes. This might result in a traffic loss. |
1487691 | High CPU utilization might be observed when the outgoing BGP updates are sending slowly Product-Group=junos |
On all Junos platforms with the BGP routing protocols, the rpd process might go into a high CPU utilization causing slow network convergence. If a BGP peer is receiving and processing BGP updates slowly, this may cause the BGP output queue of the sending BGP peer to be full. When the queue is full it causes high CPU utilization of the BGP IO thread (bgpio, it is part of the rpd daemon) on the sending BGP peer. This defect could cause network-wide slow BGP network convergence. (See also https://kb.juniper.net/TSB17725) |
PR Number | Synopsis | Category: BBE Remote Access Server |
1479697 | The CoA request may not be processed if it includes "proxy-state" attribute Product-Group=junos |
In a subscriber management environment, the CoA requests (such as deactivating/activating subscribers) sent from Radius server will fail if the "proxy-state" attribute is present. This attribute is still unsupported but will now be ignored if it's present in CoA requests. |
PR Number | Synopsis | Category: L2NG Access Security feature |
1478375 | The process dhcpd may crash in a Junos Fusion environment Product-Group=junos |
On EX92XX platforms with the DHCP snooping configured, if a peer receives DHCPv6 packets from the server without the "client-id" option present, and it is syncing packets to the other side at that time, then the process dhcpd crash may be observed. |
PR Number | Synopsis | Category: Firewall Filter |
1478964 | The filter may not be installed if the "policy-map xx" is present under it Product-Group=junos |
If the "policy-map xx" option is configured under "family mpls" for filters, then the filters may not take effect after committing. |
PR Number | Synopsis | Category: Covers Application classification workflows apart from custo |
1455465 | The traffic loss might occur when application service is configured Product-Group=junos |
On vSRX3.0 platform, the traffic loss might occur when application service is configured. |
1455465 | The traffic loss might occur when application service is configured Product-Group=junosvae |
On vSRX3.0 platform, the traffic loss might occur when application service is configured. |
PR Number | Synopsis | Category: Express PFE FW Features |
1433259 | Cannot change DDOS protocol TTL values under PTX10K Product-Group=junosvae |
Changing DDOS TTL protocols values in PTX10K is not supported. |
1462634 | The sample/syslog/log action in output firewall filter with packet of size less than 128 might cause ASIC wedge (all packet loss) on PTX platforms Product-Group=junos |
On PTX platforms, if output firewall filter is configured with sample/syslog/log action, the host interface might get wedged for packets with lengths 0-128 including Layer 3 headers. |
1470385 | Incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands Product-Group=junos |
On PTX1000/PTX3000/PTX5000/PTX10000/PTX9000/QFX10000, sending hostpath traffic and check the ddos statistics might lead to incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands |
PR Number | Synopsis | Category: Express PFE L2 fwding Features |
1473313 | The detached interface in LAG might process the xSTP BPDUs Product-Group=junos |
If the xSTP protocol is running between a detached lag member and the physically connected peer interface (which is not part of a LAG), the xSTP BPDUs might get exchanged instead of getting dropped. Because of this behavior, the xSTP protocol might make the lag interface flap. |
PR Number | Synopsis | Category: SRX1500 platform software |
1485224 | "show chassis temperature-thresholds" comes with many FPC 0 output. Product-Group=junos |
On SRX1500, "show chassis temperature-thresholds" comes with many FPC 0 output. This is the display issue and users can ignore the output. |
1488203 | < SRX1500> CPU Board Inlet increases after OS upgrade from 15.1X49 release to OS 18.x Product-Group=junosvae |
On SRX1500, the temperature value of CPU Board Inlet increases after OS upgrade from 15.1X49 release to OS 18.x Although this is just the display issue it may cause false temperature alerts from CPU Board Inlet. |
PR Number | Synopsis | Category: PTX Express ASIC interface |
1412126 | PTX interface stays down after maintenance Product-Group=junos |
On PTX3000/PTX5000 linecard (QSFP28-100GBASE-LR4) interface may stay down after software upgrade. Issue is usually observed on links connected to another vendors equipment. |
PR Number | Synopsis | Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip |
1472643 | Performing back-to-back rpd restarts might cause rpd to crash Product-Group=junos |
On all Junos platforms, after performing back-to-back rpd restarts, rpd might crash. The rpd core may be observed after a timeout of 10 mins. |
PR Number | Synopsis | Category: Integrated Routing & Bridging (IRB) module |
1484721 | ARP entry may not be created in the EVPN-MPLS environment Product-Group=junos |
In the EVPN-MPLS environment, if a VLAN is created without having it in "protocols evpn extended-vlan-list", then adding it, the ARP entry may not be created on the device even it receives the ARP packets through the newly added VLAN. |
PR Number | Synopsis | Category: track re issu control procedure bugs |
1480561 | ISSU might fail on MX204/MX10003 Virtual-chassis(VC) with an error message Product-Group=junos |
An ISSU performed on MX204/MX10003 VC with MPC7/8/9 cards might fail while upgrading to the below specific releases due to a regression issue: -18.4R3 -19.1R3 -19.3R2, 19.3R2-S1 -19.4R1 |
PR Number | Synopsis | Category: Firewall Network Address Translation |
1479824 | Issuing the show security nat source paired-address command might return an error. Product-Group=junos |
On the SRX series platforms with source NAT configuration, issuing the command "show security nat source paired-address ..." may return an error, which is not expected. It's a corner case, and not reproduced all the time. |
PR Number | Synopsis | Category: IPSEC/IKE VPN |
1479738 | The kmd process might crash continually after the chassis cluster failover in the IPsec ADVPN scenario. Product-Group=junos |
In the branch SRX chassis cluster setup with the IPsec ADVPN (Auto Discovery VPN) shortcuts established, the kmd process will crash continually after the chassis cluster failover. Traffic going through the IPsec ADVPN shortcuts will be dropped. |
PR Number | Synopsis | Category: PFE infra to support jvision |
1456275 | Queue data might be missing from path '/interfaces/interface/state' Product-Group=junos |
On subscribing to '/interfaces/interface/state/' it might get subscribed to '/junos/system/linecard/interface/traffic/' internally, instead of '/junos/system/linecard/interface/queue/' which might impact traffic. |
PR Number | Synopsis | Category: Layer 2 VPN related issues |
1379621 | The core is seen due to a double free of a label. The issue happens in BGP based vpls setup where BGP has RR configuration. As because of RR configuration, the BGP-VPLS label routes are exported into bgp.l2vpn table. Product-Group=junos |
JDI-RCT:Summit:Rpd core@ rtbit_reset, rte_tgtexport_rth |
PR Number | Synopsis | Category: Layer 2 Control Module |
1461236 | Explicit Deletion Notification (del_path) Not Received when LLDP Neighbor is Lost as result of disabling local interface on the DuT via CLI (gNMI) Product-Group=junos |
Explicit Deletion Notification (del_path) Not Received when LLDP Neighbor is Lost as result of disabling local interface on the DuT via CLI (gNMI) |
PR Number | Synopsis | Category: Label Distribution Protocol |
1479249 | RPD 100% CPU load and RPD coredumps on the backup RE Product-Group=junos |
RPD crash on the backup RE when LDP tried to create LDP p2mp tunnel upon receiving corrupted data from the master RE. |
PR Number | Synopsis | Category: Port-based link layer security services and protocols that a |
1475089 | MACsec traffic over L2circuit might not work on QFX10K/PTX10K/PTX1K platforms after upgrading from Junos 15.1 to higher versions Product-Group=junos |
After upgrading from Junos 15.1 to higher versions (before Junos 19.3), MACsec ethertype might not be programmed as known ethertype on QFX10K/PTX10K/PTX1K platforms, so when those platforms are configured as L2circuit tunnel termination, the inner payload (MACsec packets) could not be detected properly and outgoing packets are corrupted. |
PR Number | Synopsis | Category: mc-ae interface |
1479012 | MC-AE interface may be shown as unknown status if adding the sub-interface as part of the VLAN on the peer MC-AE node Product-Group=junos |
If adding the sub-interface as part of the VLAN on the peer MC-AE node while its corresponding MC-AE interface is still not configured to be part of the VLAN, the status of the MC-AE interface might be shown as unknown. It might have an impact on the traffic as the colour of the MC-AE interface could not be updated correctly. |
PR Number | Synopsis | Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS) |
1429797 | Extended Ukern thread(PFEBM task) priority to support BBE performance tuning Product-Group=junos |
Original PFEBM task, which is system-critical for internal network performance/resilience, was running a medium priority; Can see tnp queue errrors by 'show pfebm all' on VCP-bearing FPC when high rate of punt traffic (like ARPs or BGP route updates, etc.) which go through VC links. It needs to run at high priority to assure timely packet handling. |
PR Number | Synopsis | Category: Kernel MPLS / Tag / P2MP Infrastructure |
1478806 | Kernel crash and device restart might happen Product-Group=junos |
In a corner case on Junos platform, where the family ccc is configured along with any other existing family within the same interface, like inet, inet6, etc. (basically, Junos never allows to do so, but somehow a customer did it ). And if the family ccc is deleted from the interface, which might cause kernel crash and the device reboot automatically, so all the traffic will be interrupted. |
PR Number | Synopsis | Category: Kernel socket data replication issues for protocols that use |
1472519 | The kernel may crash and vmcore may be observed after configuration change is committed Product-Group=junos |
On all Junos platforms, after committing the configuration change (e.g. removal of protocols like mpls, isis, ldp from the interfaces), then the kernel may crash and vmcore may be observed. This issue also may cause protocol adjacency failure. |
PR Number | Synopsis | Category: Path computation client daemon |
1472051 | The pccd core and PCEP session flaps might be seen in PCE Initiated or PCE delegated LSP scenario Product-Group=junos |
The pccd core and PCEP (Path Computation Element Protocol) session flaps might be seen when PCC (Path Computation Client) tries to send a report to PCE but the connection between PCC and PCE is not in UP state. It might also cause rpd core. This issue might happen in MBB (Make-before-break) cases in PCE provisioned/controlled LSP or doing ISSU upgrade operation. |
PR Number | Synopsis | Category: PTX Broadway based PFE MPLS-LSPs RSVP VPNs tcc ccc software |
1484255 | FPC might crash when dealing with invalid next-hops Product-Group=junos |
On PTX3000/PTX5000 platform with some specific FPCs, if the weights of links are set to an invalid value on an AE bundle interface or unilist (an unilist next-hop composed of several unicast next-hops), the FPC crash might be observed. It is a rare issue and the FPC will try to reload to resolve this problem. Traffic loss might be seen before the FPC completes the reload period. |
PR Number | Synopsis | Category: Issues related to PKI daemon |
1465966 | Loading CA certificate causes PKI daemon core file to be generated. Product-Group=junos |
If a CA certificate includes CRL URL that doesn't have "/" to separate URL from the "hostname:port" section, when SRX loads it, pkid crash might happen and any service relies on CA will be affected, because the URL in CRL that is used to verify the validation of certificate will not work, that may cause security risk. |
PR Number | Synopsis | Category: PTP related issues. |
1471466 | The clksyncd crash might be seen when PTP over AE is configured on MX104 platform Product-Group=junos |
This issue is specific to feature PTP (Precision Time Protocol) over AE interface for MX104 platform. When PTP over AE is configured on MX104 platform, clksyncd process might crash and restart. It might cause partial service impact during the recovery and clksyncd restarts (about 2mins). |
PR Number | Synopsis | Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous) |
1409448 | The 10G fiber interfaces might flap frequently when they are connected to other vendor's switch Product-Group=junos |
When QFX5100 and other vendor's switch are connected via 10G fiber link, flaps may happen sometimes. |
1419732 | "show interface" indicates "Media type: Fiber" on QFX5100-48T running "QFX 5e Series" image Product-Group=junos |
"show interface" indicates "Media type: Fiber" on QFX5100-48T running "QFX 5e Series" image. This is a display issue. Physical interface: xe-0/0/0, Enabled, Physical link is Down Interface index: 650, SNMP ifIndex: 515 Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Link-mode: Auto, Speed: Auto, BPDU Error: None, Loop Detect PDU Error: None, Ethernet-Switching Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Auto-negotiation: Disabled, Remote fault: Offline, Media type: Fiber <<<<<< Here!! Should be "Copper" Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x4000 Link flags : None |
1471216 | The speed 10m might not be configured on the GE interface Product-Group=junos |
On QFX5100 and EX4300 mixed-mode Virtual Chassis, the speed 10m might not be configured on the GE interface. |
PR Number | Synopsis | Category: QFX PFE Class of Services |
1455357 | The cosd crash might be observed if the forwarding-class-set is directly applied on the child interface of an AE interface Product-Group=junos |
The cosd crashes when the customer is loading the configuration with forwarding-class-set directly applied on the child interface. Perform a commit check can avoid this crash. |
1476829 | QFX Platforms are exhibiting invalid PFE PG counter pairs to copy, src 0xfffff80, dst 0 Product-Group=junos |
On QFX Series Switches the following logs might be displayed as a result of polling class of service related SNMP OIDs. These messages might eventually lead to interface counters not being populated properly. There is no other impact from these messages. Nov 19 07:00:07 switch kernel: et-0/0/33: invalid PFE PG counter pairs to copy, src 0xfffff8012285d720, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/36: invalid PFE PG counter pairs to copy, src 0xfffff800076df570, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/37: invalid PFE PG counter pairs to copy, src 0xfffff8012285d750, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/40: invalid PFE PG counter pairs to copy, src 0xfffff800076df480, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/44: invalid PFE PG counter pairs to copy, src 0xfffff800255374e0, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/45: invalid PFE PG counter pairs to copy, src 0xfffff800076df420, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/46: invalid PFE PG counter pairs to copy, src 0xfffff800076de390, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/47: invalid PFE PG counter pairs to copy, src 0xfffff800076df210, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/48: invalid PFE PG counter pairs to copy, src 0xfffff800076dff30, dst 0 |
PR Number | Synopsis | Category: Filters |
1480776 | ARP request packets for unknown host might get dropped in remote PE in EVPN-VXLAN scenario Product-Group=junos |
In EVPN-VXLAN environment, when local CE sends ARP request packets for unknown host, the packets will hit firewall-host queue in remote PE. It might trigger DDoS protection policer violations for firewall-host queue hence the ARP request packets might get dropped. |
PR Number | Synopsis | Category: QFX L2 PFE |
1473685 | The RIPv2 packets forwarded across a L2circuit connection might be dropped Product-Group=junos |
When RIPv2 routes are received on a QFX5100/EX4600 platforms, either to or from an L2 circuit connection, such packets are not propagated. This includes directed unicast RIPv2 packets. |
1474545 | Continuous error log messages might be raised on QFX5K platforms in EVPN/VXLAN scenario Product-Group=junos |
In EVPN-VXLAN scenario, when an SP style interface is configured both with native-vlan-id and LLDP on QFX5000 platforms, continuous log messages might be observed. |
PR Number | Synopsis | Category: QFX MPLS PFE |
1474935 | L2circuit might fail to communicate via VLAN 2 on QFX5K platforms Product-Group=junos |
On QFX5K platforms acting as L2circuit PE (tunnel terminating node), if VLAN 2 is used for L2circuit communication with CE node, the VLAN 2 packets might be dropped on PE. |
PR Number | Synopsis | Category: QFX VC Infrastructure |
1478905 | The default VC MAC persistence timer is incorrectly set to 20 seconds instead of 20 minutes Product-Group=junos |
In QFX5200-32C, QFX5110 VC (Virtual Chassis) scenario, the default VC MAC (Media Access Control) persistence timer is incorrectly set to 20 seconds instead of 20 minutes. If the master VC member is rebooted, the new master member starts using its own MAC address as the system's MAC base address after only 20 seconds instead of 20 minutes. This results in issues like OSPF (Open Shortest Path First) stuck in "init" state after the master VC member reboot. |
PR Number | Synopsis | Category: show route table commands, tracing, and syslog facilities |
1421076 | RPD crash might occur when changing prefix list address from IPv4 to IPv6 Product-Group=junos |
RPD crash might occur when changing prefix list address from IPv4 to IPv6 Configure IPv4 prefix-list: set policy-options prefix-list PREFIX_LIST 10.0.0.0/24 Configure a policy that has "then next policy" term: set policy-options policy-statement POLICY term PREF from prefix-list PREFIX_LIST set policy-options policy-statement POLICY term PREF then next policy set policy-options policy-statement POLICY term END then reject commit Note: If a terminating action is used for term PREF (such as "then accept"/"then reject") the core does not appear. Change prefix-list using "replace-pattern" [edit policy-options prefix-list PREFIX_LIST] replace pattern 10.0.0.0/24 with 2001:10::/64 commit RPD crash occurs |
PR Number | Synopsis | Category: Resource Reservation Protocol |
1476773 | RSVP LSPs might not come up in scaled network with very high number of LSPs if NSR is used on transit router Product-Group=junos |
If NSR is enabled on transit router with scaled RSVP LSPs, RESV message might not be sent from transit router because the path messages replication on master RE does not complete in time. Hence RSVP LSPs might not come up with traffic impact. |
PR Number | Synopsis | Category: RPD API infrastructure |
1481953 | The rpd may crash when executing "show route protocol l2-learned-host-routing" or "show route protocol rift" CLI command on a router Product-Group=junos |
On all Junos platforms, executing the CLI command of "show route protocol l2-learned-host-routing" or "show route protocol rift" on a router may cause the rpd crash if there is an active route in bgp.rtarget.0 routing table. |
PR Number | Synopsis | Category: IPSEC functionality on M/MX/T ser |
1466135 | ICMP Error messages are still unreceived after enabling the knob "enable-asymmetric-traffic-processing" Product-Group=junos |
In two/more IPsec tunnels terminated on one router, if the knob "enable-asymmetric-traffic-processing" is enabled, the ICMP reply packet should be received via an asymmetric path which different from ICMP request packet. But the knob "enable-asymmetric-traffic-processing" for asymmetric path which the IPsec tunnel is distributed in the two/more different MS-MPC/MS-MIC, then the ICMP reply packet might be dropped in this scenario, the ICMP error message and the services (such as traceroute, DNS record, IRDP, and so on) based on these messages might be impacted. |
PR Number | Synopsis | Category: SRX Argon module bugs |
1480005 | The flowd or srxpfe process might crash when advanced anti-malware services are used. Product-Group=junos |
On all multiple-threads SRX Series devices with Advanced Anti-MalWare service used, in a rare condition that a deadlock might occur among multiple threads, which results in the flowd/srxpfe crash. |
PR Number | Synopsis | Category: SSL Proxy functionality on JUNOS |
1467856 | Packet Forwarding Engine might generate core files because SSL proxy is enabled on NFX Series and SRX Series devices. Product-Group=junos |
If SSL Proxy is using on SRX or QFX, PFE core dump may happen because of some sanity check is missing. |
PR Number | Synopsis | Category: MPC7/8/9 Interface Issues |
1441816 | Egress stream flush failure and traffic blackhole might occur Product-Group=junos |
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, and MPC9E cards. |
PR Number | Synopsis | Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch |
1476786 | Traffic loss may be observed to the LNS subscribers in case the "routing-service" knob is enabled under the dynamic-profile Product-Group=junos |
On the MX platforms working in an enhanced subscriber environment, if the "routing-service" knob is enabled under the dynamic-profile for the LNS subscribers, l2tp services may not be programmed properly in the PFE due to timing, which causes forwarding issue to the affected subscribers. |
PR Number | Synopsis | Category: Trio pfe l3 forwarding issues |
1478279 | FPC memory leak might happen after executing "show pfe route" Product-Group=junos |
On all Junos platforms, if the command "show pfe route " is executed to dump the Packet Forwarding Engine (PFE) routes, and then the routes get deleted by some events, for example, Virtual Routing and Forwarding (VRF) configuration removal or Border Gateway Protocol (BGP) flap, the FPC memory leak might happen due to this issue. In large scaled scenario, the memory leak will increase by large amount which might be more easier to cause FPC crash. |
PR Number | Synopsis | Category: Trio pfe mpls- lsps,rsvp,vpns- ccc, tcc software |
1439453 | The flow label is not pushed when "chained-composite-next-hop ingress l2ckt/l2vpn" is enabled Product-Group=junos |
On MX platforms, in MPLS (Multiprotocol Label Switching) l2ckt/l2vpn with FAT (Flow-Aware Transport of Pseudowires) Flow Labels scenario, the flow label is not pushed when "chained-composite-next-hop ingress l2ckt/l2vpn" is enabled. The issue results in load balance problem for the l2ckt/l2vpn service. |
PR Number | Synopsis | Category: Trio pfe microcode software |
1463718 | On MX204 platform, Packet Forwarding Engine (PFE) errors may occur when incoming GRE tunnel fragments 1) get sampled and 2) undergo inline reassembly Product-Group=junos |
On MX204 platform, Packet Forwarding Engine (PFE) error messages might be seen when sampling, GRE tunnel termination and inline reassembly are all configured. The errors could cause packet buffer memory leak. Eventually, once packet buffer memory is exhausted, traffic will starting getting lost. |
PR Number | Synopsis | Category: Junos Automation, Commit/Op/Event and SLAX |
1479803 | The SLAX script may be lost after upgrading software Product-Group=junos |
From 15.1 onwards with event script, commit script or op script configured, the SLAX script might be lost after a software upgrade, this might cause the Junos full config cannot be loaded. |
PR Number | Synopsis | Category: Configuration mgmt, ffp, load-action, commit processing |
1468119 | Daemons might not be started if "commit" is executed after "commit check" Product-Group=junos |
On Junos from 16.2R1 onwards, if "commit" is executed after "commit check", the daemon (e.g. dhcpd, sampled) might not be started even the related configuration is successfully committed. |
PR Number | Synopsis | Category: UI Infrastructure - mgd, DAX API, DDL/ODL |
1465171 | Commit script does not apply changes in private mode unless a commit full is performed Product-Group=junos |
Commit script does not apply changes in private mode unless a commit full is performed. |
PR Number | Synopsis | Category: PTX/QFX100002/8/16 platform software |
1464119 | FPC might restart during run time on PTX10K/QFX10K platforms Product-Group=junosvae |
On PTX10K/QFX10K platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions. |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search