18.4R3-S1: Software Release Notification for JUNOS Software Version 18.4R3-S1

Junos Software service Release version 18.4R3-S1 is now available.

18.4R3-S1 - List of Fixed issues

PR Number	Synopsis	Category: LLDP
1464553	The LLDP packets might get discarded on all Junos platforms Product-Group=junos	On all Junos platforms, the LLDP packet received from any other vendor might get discarded. The issue is seen when there are two location-id in the same packet and the Junos device considers the LLDP packet as duplicate and discards it. This might result in the PoE phone not coming up or neighborship information not getting exchanged.
PR Number	Synopsis	Category: L2NG RTG feature
1461293	MAC addresses learned on RTG may not be aged out after aging time Product-Group=junos	MAC addresses learned on redundant trunk group (RTG) might not be aged out after aging time if the source interface is configured as RTG.
PR Number	Synopsis	Category: EX4300 PFE
1453025	The IRB traffic might get drop after mastership switchover Product-Group=junos	In the Virtual-Chassis scenario with mac-persistence-timer enabled, the IRB traffic might get drop after master switchover.
PR Number	Synopsis	Category: EX2300/3400 CP
1482709	EX2300 -- SNMP Traps are not generated when MAC addresses limit threshold is reached Product-Group=junos	On EX2300, with mac-limit and drop-and-log action configured,when the limit threshold is reached, a syslog message is triggered but no SNMP trap is generated.
PR Number	Synopsis	Category: EX2300/3400 platform
1452209	The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured Product-Group=junos	On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow.
1452209	The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured Product-Group=junosvae	On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow.
1477165	EX3400 me0 interface might remain down Product-Group=junos	The me0 interface of EX3400 does not come up when connected to 100m speed interface.
PR Number	Synopsis	Category: QFX Access control list
1476708	ARP packets are always sent to CPU regardless of whether the storm-control is activated Product-Group=junos	On QFX5K platforms with VXLAN or VLAN scenario, ARP packets are not rate limited by the storm-control settings as the ARP packets will be copied to CPU by VLAN register settings and can be only rate limited by the CPU Queues rate-limit settings (ARP DDOS Queues).
PR Number	Synopsis	Category: QFX PFE L2
1467466	Few MAC addresses might be missing from MAC table in software on QFX5k platform. Product-Group=junos	On QFX5k platform, if Packet Forwarding Engine process is restarted manually or device reboot occurs, some MAC address(es) might not be seen on software MAC table but MAC address will be present in hardware table.
PR Number	Synopsis	Category: QFX L3 data-plane/forwarding
1475819	Traffic might not be forwarded over ECMP link in EVPN VXLAN scenario Product-Group=junosvae	On QFX5110/QFX5120 platforms, when Traffic Load Balance is used in EVPN VXLAN scenario, traffic might not be forwarded over ECMP link after the ECMP link flapped.
1477073	GRE transit traffic does not forward in VRRP scenario Product-Group=junos	On QFX5110 platforms, GRE transit traffic might be dropped when sending GRE tunnel packets with the destination MAC as VRRP MAC. It has a traffic impact.
PR Number	Synopsis	Category: CoS support on ACX
1455722	ACX5048 snmp polling will stalled after the link flap/ sfp replacement and ACX_COS_HALP(acx_cos_gport_sched_set_strict_priority:987): Failed to detach logs will be seen Product-Group=junos	When inserting a SFP, the lowest ifd index available is assigned to the new interface created. During this sfp attach, an ifd-halp entry is also created in cos table for the interface. When SFPs are swapped and SFPs get their IFD index assigned interchanged as that of their old IFDs, issue is observed. As per PFE, the bcm port for the interface remains the same while IFD alone changes when removed and inserted. Hence while creating an ifd-entry for the interface in cos table, it is checked for any old entry still present for same bcm port. But the check done to validate for any old entry is improper. It does not check whether the old ifd index present is still for same bcm port. Due to this check missing, a valid ifd-entry of some other interface is getting deleted in cos table. Introduced the additional validation to ensure the old ifd index of the interface is still for same bcm port. Deleting of old ifd-entry is done only if bcm port of current entry and old ifd entry are same. Also added in existing debug message to display the ifd index which is getting deleted.
PR Number	Synopsis	Category: ACX Services feature
1479710	dcpfe core when disabling/enabling macsec via Toby scripts Product-Group=junos	dcpfe core when disabling/enabling macsec via Toby scripts
PR Number	Synopsis	Category: a20a40 specific issue
1479255	The RGx might fail over after RG0 failover in a rare case. Product-Group=junos	On the SRX5000 platforms with SPC3 in use, the RGx (x>0) failover may be observed followed by RG0 failover, this is a timing issue and due to unexpected "hardware timeout" detected by RGx after RG0 failover.
PR Number	Synopsis	Category: a2a10 specific issue
1471524	The flowd or srxpfe process might stop immediately after committing the jflowv9 configuration or after upgrading to affected releases. Product-Group=junos	On all SRX platforms, if Jflow v9 is configured on the device, the flowd/srxpfe daemon might crash when committing the configuration or after upgrading to affected releases. It might show as a hung state for the device or the device will crash. Affected Releases are 12.3X48-D80 to D95 and 15.1X49-D160 to D200.
PR Number	Synopsis	Category: common or misc area for SRX product
1467376	Physically disconnecting the cable from fxp0 interface causes Hardware(HW) monitor failure and redundancy group failover on SRX1500 and SRX4K primary node in a chassis cluster. Product-Group=junos	On SRX1500 and the SRX4000 line of devices, physically disconnecting the cable from fxp0 interface causes hardware monitor failure and redundancy group failover, when the device is the primary node in a chassis cluster.
PR Number	Synopsis	Category: These are new categories in the areas of PFE
1460209	Loop detection might not work on extended ports in Junos Fusion scenarios Product-Group=junos	In Junos Fusion scenarios, if loop detection is enabled on extended ports, when a satellite device (SD) is rebooted, or when a satellite device is added or removed/re-added, the loop detection feature might not work.
PR Number	Synopsis	Category: BBE interface related issues
1459961	Subscriber statistics can be broken after ISSU Product-Group=junos	In a subscriber management environment, subscriber statistics reported by CLI commands and Radius can be broken if In-Service Software Upgrade (ISSU) is performed from any JUNOS release earlier than 18.4 to 18.4 or newer build.
PR Number	Synopsis	Category: BBE Resource monitoring related issues
1443109	The bbe-smgd might crash on MX platforms Product-Group=junos	On MX platforms, subscriber login and GRES(Graceful Routing Engine Switchover) are handled by two different threads in bbe-smgd daemon. If the thread which handles GRES scheduled first, it sets the SDB(Session Database) state as closed and releases the SDB shared memory. When i/o thread handles the subscriber login request, it does not find the shared memory pointer which might lead to bbe-smgd crash.
PR Number	Synopsis	Category: Border Gateway Protocol
1473351	Removing cluster from BGP group might cause prolonged convergence time Product-Group=junos	Cluster removal from BGP group might lead to a state where each subsequent change to BGP configuration will trigger import policy reevaluation causing prolonged convergence time of several minutes. This might result in a traffic loss.
1487691	High CPU utilization might be observed when the outgoing BGP updates are sending slowly Product-Group=junos	On all Junos platforms with the BGP routing protocols, the rpd process might go into a high CPU utilization causing slow network convergence. If a BGP peer is receiving and processing BGP updates slowly, this may cause the BGP output queue of the sending BGP peer to be full. When the queue is full it causes high CPU utilization of the BGP IO thread (bgpio, it is part of the rpd daemon) on the sending BGP peer. This defect could cause network-wide slow BGP network convergence. (See also https://kb.juniper.net/TSB17725)
PR Number	Synopsis	Category: BBE Remote Access Server
1479697	The CoA request may not be processed if it includes "proxy-state" attribute Product-Group=junos	In a subscriber management environment, the CoA requests (such as deactivating/activating subscribers) sent from Radius server will fail if the "proxy-state" attribute is present. This attribute is still unsupported but will now be ignored if it's present in CoA requests.
PR Number	Synopsis	Category: L2NG Access Security feature
1478375	The process dhcpd may crash in a Junos Fusion environment Product-Group=junos	On EX92XX platforms with the DHCP snooping configured, if a peer receives DHCPv6 packets from the server without the "client-id" option present, and it is syncing packets to the other side at that time, then the process dhcpd crash may be observed.
PR Number	Synopsis	Category: Firewall Filter
1478964	The filter may not be installed if the "policy-map xx" is present under it Product-Group=junos	If the "policy-map xx" option is configured under "family mpls" for filters, then the filters may not take effect after committing.
PR Number	Synopsis	Category: Covers Application classification workflows apart from custo
1455465	The traffic loss might occur when application service is configured Product-Group=junos	On vSRX3.0 platform, the traffic loss might occur when application service is configured.
1455465	The traffic loss might occur when application service is configured Product-Group=junosvae	On vSRX3.0 platform, the traffic loss might occur when application service is configured.
PR Number	Synopsis	Category: Express PFE FW Features
1433259	Cannot change DDOS protocol TTL values under PTX10K Product-Group=junosvae	Changing DDOS TTL protocols values in PTX10K is not supported.
1462634	The sample/syslog/log action in output firewall filter with packet of size less than 128 might cause ASIC wedge (all packet loss) on PTX platforms Product-Group=junos	On PTX platforms, if output firewall filter is configured with sample/syslog/log action, the host interface might get wedged for packets with lengths 0-128 including Layer 3 headers.
1470385	Incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands Product-Group=junos	On PTX1000/PTX3000/PTX5000/PTX10000/PTX9000/QFX10000, sending hostpath traffic and check the ddos statistics might lead to incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands
PR Number	Synopsis	Category: Express PFE L2 fwding Features
1473313	The detached interface in LAG might process the xSTP BPDUs Product-Group=junos	If the xSTP protocol is running between a detached lag member and the physically connected peer interface (which is not part of a LAG), the xSTP BPDUs might get exchanged instead of getting dropped. Because of this behavior, the xSTP protocol might make the lag interface flap.
PR Number	Synopsis	Category: SRX1500 platform software
1485224	"show chassis temperature-thresholds" comes with many FPC 0 output. Product-Group=junos	On SRX1500, "show chassis temperature-thresholds" comes with many FPC 0 output. This is the display issue and users can ignore the output.
1488203	< SRX1500> CPU Board Inlet increases after OS upgrade from 15.1X49 release to OS 18.x Product-Group=junosvae	On SRX1500, the temperature value of CPU Board Inlet increases after OS upgrade from 15.1X49 release to OS 18.x Although this is just the display issue it may cause false temperature alerts from CPU Board Inlet.
PR Number	Synopsis	Category: PTX Express ASIC interface
1412126	PTX interface stays down after maintenance Product-Group=junos	On PTX3000/PTX5000 linecard (QSFP28-100GBASE-LR4) interface may stay down after software upgrade. Issue is usually observed on links connected to another vendors equipment.
PR Number	Synopsis	Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1472643	Performing back-to-back rpd restarts might cause rpd to crash Product-Group=junos	On all Junos platforms, after performing back-to-back rpd restarts, rpd might crash. The rpd core may be observed after a timeout of 10 mins.
PR Number	Synopsis	Category: Integrated Routing & Bridging (IRB) module
1484721	ARP entry may not be created in the EVPN-MPLS environment Product-Group=junos	In the EVPN-MPLS environment, if a VLAN is created without having it in "protocols evpn extended-vlan-list", then adding it, the ARP entry may not be created on the device even it receives the ARP packets through the newly added VLAN.
PR Number	Synopsis	Category: track re issu control procedure bugs
1480561	ISSU might fail on MX204/MX10003 Virtual-chassis(VC) with an error message Product-Group=junos	An ISSU performed on MX204/MX10003 VC with MPC7/8/9 cards might fail while upgrading to the below specific releases due to a regression issue: -18.4R3 -19.1R3 -19.3R2, 19.3R2-S1 -19.4R1
PR Number	Synopsis	Category: Firewall Network Address Translation
1479824	Issuing the show security nat source paired-address command might return an error. Product-Group=junos	On the SRX series platforms with source NAT configuration, issuing the command "show security nat source paired-address ..." may return an error, which is not expected. It's a corner case, and not reproduced all the time.
PR Number	Synopsis	Category: IPSEC/IKE VPN
1479738	The kmd process might crash continually after the chassis cluster failover in the IPsec ADVPN scenario. Product-Group=junos	In the branch SRX chassis cluster setup with the IPsec ADVPN (Auto Discovery VPN) shortcuts established, the kmd process will crash continually after the chassis cluster failover. Traffic going through the IPsec ADVPN shortcuts will be dropped.
PR Number	Synopsis	Category: PFE infra to support jvision
1456275	Queue data might be missing from path '/interfaces/interface/state' Product-Group=junos	On subscribing to '/interfaces/interface/state/' it might get subscribed to '/junos/system/linecard/interface/traffic/' internally, instead of '/junos/system/linecard/interface/queue/' which might impact traffic.
PR Number	Synopsis	Category: Layer 2 VPN related issues
1379621	The core is seen due to a double free of a label. The issue happens in BGP based vpls setup where BGP has RR configuration. As because of RR configuration, the BGP-VPLS label routes are exported into bgp.l2vpn table. Product-Group=junos	JDI-RCT:Summit:Rpd core@ rtbit_reset, rte_tgtexport_rth
PR Number	Synopsis	Category: Layer 2 Control Module
1461236	Explicit Deletion Notification (del_path) Not Received when LLDP Neighbor is Lost as result of disabling local interface on the DuT via CLI (gNMI) Product-Group=junos	Explicit Deletion Notification (del_path) Not Received when LLDP Neighbor is Lost as result of disabling local interface on the DuT via CLI (gNMI)
PR Number	Synopsis	Category: Label Distribution Protocol
1479249	RPD 100% CPU load and RPD coredumps on the backup RE Product-Group=junos	RPD crash on the backup RE when LDP tried to create LDP p2mp tunnel upon receiving corrupted data from the master RE.
PR Number	Synopsis	Category: Port-based link layer security services and protocols that a
1475089	MACsec traffic over L2circuit might not work on QFX10K/PTX10K/PTX1K platforms after upgrading from Junos 15.1 to higher versions Product-Group=junos	After upgrading from Junos 15.1 to higher versions (before Junos 19.3), MACsec ethertype might not be programmed as known ethertype on QFX10K/PTX10K/PTX1K platforms, so when those platforms are configured as L2circuit tunnel termination, the inner payload (MACsec packets) could not be detected properly and outgoing packets are corrupted.
PR Number	Synopsis	Category: mc-ae interface
1479012	MC-AE interface may be shown as unknown status if adding the sub-interface as part of the VLAN on the peer MC-AE node Product-Group=junos	If adding the sub-interface as part of the VLAN on the peer MC-AE node while its corresponding MC-AE interface is still not configured to be part of the VLAN, the status of the MC-AE interface might be shown as unknown. It might have an impact on the traffic as the colour of the MC-AE interface could not be updated correctly.
PR Number	Synopsis	Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS)
1429797	Extended Ukern thread(PFEBM task) priority to support BBE performance tuning Product-Group=junos	Original PFEBM task, which is system-critical for internal network performance/resilience, was running a medium priority; Can see tnp queue errrors by 'show pfebm all' on VCP-bearing FPC when high rate of punt traffic (like ARPs or BGP route updates, etc.) which go through VC links. It needs to run at high priority to assure timely packet handling.
PR Number	Synopsis	Category: Kernel MPLS / Tag / P2MP Infrastructure
1478806	Kernel crash and device restart might happen Product-Group=junos	In a corner case on Junos platform, where the family ccc is configured along with any other existing family within the same interface, like inet, inet6, etc. (basically, Junos never allows to do so, but somehow a customer did it ). And if the family ccc is deleted from the interface, which might cause kernel crash and the device reboot automatically, so all the traffic will be interrupted.
PR Number	Synopsis	Category: Kernel socket data replication issues for protocols that use
1472519	The kernel may crash and vmcore may be observed after configuration change is committed Product-Group=junos	On all Junos platforms, after committing the configuration change (e.g. removal of protocols like mpls, isis, ldp from the interfaces), then the kernel may crash and vmcore may be observed. This issue also may cause protocol adjacency failure.
PR Number	Synopsis	Category: Path computation client daemon
1472051	The pccd core and PCEP session flaps might be seen in PCE Initiated or PCE delegated LSP scenario Product-Group=junos	The pccd core and PCEP (Path Computation Element Protocol) session flaps might be seen when PCC (Path Computation Client) tries to send a report to PCE but the connection between PCC and PCE is not in UP state. It might also cause rpd core. This issue might happen in MBB (Make-before-break) cases in PCE provisioned/controlled LSP or doing ISSU upgrade operation.
PR Number	Synopsis	Category: PTX Broadway based PFE MPLS-LSPs RSVP VPNs tcc ccc software
1484255	FPC might crash when dealing with invalid next-hops Product-Group=junos	On PTX3000/PTX5000 platform with some specific FPCs, if the weights of links are set to an invalid value on an AE bundle interface or unilist (an unilist next-hop composed of several unicast next-hops), the FPC crash might be observed. It is a rare issue and the FPC will try to reload to resolve this problem. Traffic loss might be seen before the FPC completes the reload period.
PR Number	Synopsis	Category: Issues related to PKI daemon
1465966	Loading CA certificate causes PKI daemon core file to be generated. Product-Group=junos	If a CA certificate includes CRL URL that doesn't have "/" to separate URL from the "hostname:port" section, when SRX loads it, pkid crash might happen and any service relies on CA will be affected, because the URL in CRL that is used to verify the validation of certificate will not work, that may cause security risk.
PR Number	Synopsis	Category: PTP related issues.
1471466	The clksyncd crash might be seen when PTP over AE is configured on MX104 platform Product-Group=junos	This issue is specific to feature PTP (Precision Time Protocol) over AE interface for MX104 platform. When PTP over AE is configured on MX104 platform, clksyncd process might crash and restart. It might cause partial service impact during the recovery and clksyncd restarts (about 2mins).
PR Number	Synopsis	Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1409448	The 10G fiber interfaces might flap frequently when they are connected to other vendor's switch Product-Group=junos	When QFX5100 and other vendor's switch are connected via 10G fiber link, flaps may happen sometimes.
1419732	"show interface" indicates "Media type: Fiber" on QFX5100-48T running "QFX 5e Series" image Product-Group=junos	"show interface" indicates "Media type: Fiber" on QFX5100-48T running "QFX 5e Series" image. This is a display issue. Physical interface: xe-0/0/0, Enabled, Physical link is Down Interface index: 650, SNMP ifIndex: 515 Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Link-mode: Auto, Speed: Auto, BPDU Error: None, Loop Detect PDU Error: None, Ethernet-Switching Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Auto-negotiation: Disabled, Remote fault: Offline, Media type: Fiber <<<<<< Here!! Should be "Copper" Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x4000 Link flags : None
1471216	The speed 10m might not be configured on the GE interface Product-Group=junos	On QFX5100 and EX4300 mixed-mode Virtual Chassis, the speed 10m might not be configured on the GE interface.
PR Number	Synopsis	Category: QFX PFE Class of Services
1455357	The cosd crash might be observed if the forwarding-class-set is directly applied on the child interface of an AE interface Product-Group=junos	The cosd crashes when the customer is loading the configuration with forwarding-class-set directly applied on the child interface. Perform a commit check can avoid this crash.
1476829	QFX Platforms are exhibiting invalid PFE PG counter pairs to copy, src 0xfffff80, dst 0 Product-Group=junos	On QFX Series Switches the following logs might be displayed as a result of polling class of service related SNMP OIDs. These messages might eventually lead to interface counters not being populated properly. There is no other impact from these messages. Nov 19 07:00:07 switch kernel: et-0/0/33: invalid PFE PG counter pairs to copy, src 0xfffff8012285d720, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/36: invalid PFE PG counter pairs to copy, src 0xfffff800076df570, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/37: invalid PFE PG counter pairs to copy, src 0xfffff8012285d750, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/40: invalid PFE PG counter pairs to copy, src 0xfffff800076df480, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/44: invalid PFE PG counter pairs to copy, src 0xfffff800255374e0, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/45: invalid PFE PG counter pairs to copy, src 0xfffff800076df420, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/46: invalid PFE PG counter pairs to copy, src 0xfffff800076de390, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/47: invalid PFE PG counter pairs to copy, src 0xfffff800076df210, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/48: invalid PFE PG counter pairs to copy, src 0xfffff800076dff30, dst 0
PR Number	Synopsis	Category: Filters
1480776	ARP request packets for unknown host might get dropped in remote PE in EVPN-VXLAN scenario Product-Group=junos	In EVPN-VXLAN environment, when local CE sends ARP request packets for unknown host, the packets will hit firewall-host queue in remote PE. It might trigger DDoS protection policer violations for firewall-host queue hence the ARP request packets might get dropped.
PR Number	Synopsis	Category: QFX L2 PFE
1473685	The RIPv2 packets forwarded across a L2circuit connection might be dropped Product-Group=junos	When RIPv2 routes are received on a QFX5100/EX4600 platforms, either to or from an L2 circuit connection, such packets are not propagated. This includes directed unicast RIPv2 packets.
1474545	Continuous error log messages might be raised on QFX5K platforms in EVPN/VXLAN scenario Product-Group=junos	In EVPN-VXLAN scenario, when an SP style interface is configured both with native-vlan-id and LLDP on QFX5000 platforms, continuous log messages might be observed.
PR Number	Synopsis	Category: QFX MPLS PFE
1474935	L2circuit might fail to communicate via VLAN 2 on QFX5K platforms Product-Group=junos	On QFX5K platforms acting as L2circuit PE (tunnel terminating node), if VLAN 2 is used for L2circuit communication with CE node, the VLAN 2 packets might be dropped on PE.
PR Number	Synopsis	Category: QFX VC Infrastructure
1478905	The default VC MAC persistence timer is incorrectly set to 20 seconds instead of 20 minutes Product-Group=junos	In QFX5200-32C, QFX5110 VC (Virtual Chassis) scenario, the default VC MAC (Media Access Control) persistence timer is incorrectly set to 20 seconds instead of 20 minutes. If the master VC member is rebooted, the new master member starts using its own MAC address as the system's MAC base address after only 20 seconds instead of 20 minutes. This results in issues like OSPF (Open Shortest Path First) stuck in "init" state after the master VC member reboot.
PR Number	Synopsis	Category: show route table commands, tracing, and syslog facilities
1421076	RPD crash might occur when changing prefix list address from IPv4 to IPv6 Product-Group=junos	RPD crash might occur when changing prefix list address from IPv4 to IPv6 Configure IPv4 prefix-list: set policy-options prefix-list PREFIX_LIST 10.0.0.0/24 Configure a policy that has "then next policy" term: set policy-options policy-statement POLICY term PREF from prefix-list PREFIX_LIST set policy-options policy-statement POLICY term PREF then next policy set policy-options policy-statement POLICY term END then reject commit Note: If a terminating action is used for term PREF (such as "then accept"/"then reject") the core does not appear. Change prefix-list using "replace-pattern" [edit policy-options prefix-list PREFIX_LIST] replace pattern 10.0.0.0/24 with 2001:10::/64 commit RPD crash occurs
PR Number	Synopsis	Category: Resource Reservation Protocol
1476773	RSVP LSPs might not come up in scaled network with very high number of LSPs if NSR is used on transit router Product-Group=junos	If NSR is enabled on transit router with scaled RSVP LSPs, RESV message might not be sent from transit router because the path messages replication on master RE does not complete in time. Hence RSVP LSPs might not come up with traffic impact.
PR Number	Synopsis	Category: RPD API infrastructure
1481953	The rpd may crash when executing "show route protocol l2-learned-host-routing" or "show route protocol rift" CLI command on a router Product-Group=junos	On all Junos platforms, executing the CLI command of "show route protocol l2-learned-host-routing" or "show route protocol rift" on a router may cause the rpd crash if there is an active route in bgp.rtarget.0 routing table.
PR Number	Synopsis	Category: IPSEC functionality on M/MX/T ser
1466135	ICMP Error messages are still unreceived after enabling the knob "enable-asymmetric-traffic-processing" Product-Group=junos	In two/more IPsec tunnels terminated on one router, if the knob "enable-asymmetric-traffic-processing" is enabled, the ICMP reply packet should be received via an asymmetric path which different from ICMP request packet. But the knob "enable-asymmetric-traffic-processing" for asymmetric path which the IPsec tunnel is distributed in the two/more different MS-MPC/MS-MIC, then the ICMP reply packet might be dropped in this scenario, the ICMP error message and the services (such as traceroute, DNS record, IRDP, and so on) based on these messages might be impacted.
PR Number	Synopsis	Category: SRX Argon module bugs
1480005	The flowd or srxpfe process might crash when advanced anti-malware services are used. Product-Group=junos	On all multiple-threads SRX Series devices with Advanced Anti-MalWare service used, in a rare condition that a deadlock might occur among multiple threads, which results in the flowd/srxpfe crash.
PR Number	Synopsis	Category: SSL Proxy functionality on JUNOS
1467856	Packet Forwarding Engine might generate core files because SSL proxy is enabled on NFX Series and SRX Series devices. Product-Group=junos	If SSL Proxy is using on SRX or QFX, PFE core dump may happen because of some sanity check is missing.
PR Number	Synopsis	Category: MPC7/8/9 Interface Issues
1441816	Egress stream flush failure and traffic blackhole might occur Product-Group=junos	Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, and MPC9E cards.
PR Number	Synopsis	Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1476786	Traffic loss may be observed to the LNS subscribers in case the "routing-service" knob is enabled under the dynamic-profile Product-Group=junos	On the MX platforms working in an enhanced subscriber environment, if the "routing-service" knob is enabled under the dynamic-profile for the LNS subscribers, l2tp services may not be programmed properly in the PFE due to timing, which causes forwarding issue to the affected subscribers.
PR Number	Synopsis	Category: Trio pfe l3 forwarding issues
1478279	FPC memory leak might happen after executing "show pfe route" Product-Group=junos	On all Junos platforms, if the command "show pfe route " is executed to dump the Packet Forwarding Engine (PFE) routes, and then the routes get deleted by some events, for example, Virtual Routing and Forwarding (VRF) configuration removal or Border Gateway Protocol (BGP) flap, the FPC memory leak might happen due to this issue. In large scaled scenario, the memory leak will increase by large amount which might be more easier to cause FPC crash.
PR Number	Synopsis	Category: Trio pfe mpls- lsps,rsvp,vpns- ccc, tcc software
1439453	The flow label is not pushed when "chained-composite-next-hop ingress l2ckt/l2vpn" is enabled Product-Group=junos	On MX platforms, in MPLS (Multiprotocol Label Switching) l2ckt/l2vpn with FAT (Flow-Aware Transport of Pseudowires) Flow Labels scenario, the flow label is not pushed when "chained-composite-next-hop ingress l2ckt/l2vpn" is enabled. The issue results in load balance problem for the l2ckt/l2vpn service.
PR Number	Synopsis	Category: Trio pfe microcode software
1463718	On MX204 platform, Packet Forwarding Engine (PFE) errors may occur when incoming GRE tunnel fragments 1) get sampled and 2) undergo inline reassembly Product-Group=junos	On MX204 platform, Packet Forwarding Engine (PFE) error messages might be seen when sampling, GRE tunnel termination and inline reassembly are all configured. The errors could cause packet buffer memory leak. Eventually, once packet buffer memory is exhausted, traffic will starting getting lost.
PR Number	Synopsis	Category: Junos Automation, Commit/Op/Event and SLAX
1479803	The SLAX script may be lost after upgrading software Product-Group=junos	From 15.1 onwards with event script, commit script or op script configured, the SLAX script might be lost after a software upgrade, this might cause the Junos full config cannot be loaded.
PR Number	Synopsis	Category: Configuration mgmt, ffp, load-action, commit processing
1468119	Daemons might not be started if "commit" is executed after "commit check" Product-Group=junos	On Junos from 16.2R1 onwards, if "commit" is executed after "commit check", the daemon (e.g. dhcpd, sampled) might not be started even the related configuration is successfully committed.
PR Number	Synopsis	Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1465171	Commit script does not apply changes in private mode unless a commit full is performed Product-Group=junos	Commit script does not apply changes in private mode unless a commit full is performed.
PR Number	Synopsis	Category: PTX/QFX100002/8/16 platform software
1464119	FPC might restart during run time on PTX10K/QFX10K platforms Product-Group=junosvae	On PTX10K/QFX10K platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions.

Knowledge Base