Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.4R3-S1: Software Release Notification for JUNOS Software Version 18.4R3-S1

0

0

Article ID: TSB17764 TECHNICAL_BULLETINS Last Updated: 09 Apr 2020Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, and VMX
Alert Description:
Junos Software Service Release version 18.4R3-S1 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.4R3-S1 is now available.

18.4R3-S1 - List of Fixed issues
PR Number Synopsis Category: LLDP
1464553 The LLDP packets might get discarded on all Junos platforms
Product-Group=junos
On all Junos platforms, the LLDP packet received from any other vendor might get discarded. The issue is seen when there are two location-id in the same packet and the Junos device considers the LLDP packet as duplicate and discards it. This might result in the PoE phone not coming up or neighborship information not getting exchanged.
PR Number Synopsis Category: L2NG RTG feature
1461293 MAC addresses learned on RTG may not be aged out after aging time
Product-Group=junos
MAC addresses learned on redundant trunk group (RTG) might not be aged out after aging time if the source interface is configured as RTG.
PR Number Synopsis Category: EX4300 PFE
1453025 The IRB traffic might get drop after mastership switchover
Product-Group=junos
In the Virtual-Chassis scenario with mac-persistence-timer enabled, the IRB traffic might get drop after master switchover.
PR Number Synopsis Category: EX2300/3400 CP
1482709 EX2300 -- SNMP Traps are not generated when MAC addresses limit threshold is reached
Product-Group=junos
On EX2300, with mac-limit and drop-and-log action configured,when the limit threshold is reached, a syslog message is triggered but no SNMP trap is generated.
PR Number Synopsis Category: EX2300/3400 platform
1452209 The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured
Product-Group=junos
On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow.
1452209 The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured
Product-Group=junosvae
On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow.
1477165 EX3400 me0 interface might remain down
Product-Group=junos
The me0 interface of EX3400 does not come up when connected to 100m speed interface.
PR Number Synopsis Category: QFX Access control list
1476708 ARP packets are always sent to CPU regardless of whether the storm-control is activated
Product-Group=junos
On QFX5K platforms with VXLAN or VLAN scenario, ARP packets are not rate limited by the storm-control settings as the ARP packets will be copied to CPU by VLAN register settings and can be only rate limited by the CPU Queues rate-limit settings (ARP DDOS Queues).
PR Number Synopsis Category: QFX PFE L2
1467466 Few MAC addresses might be missing from MAC table in software on QFX5k platform.
Product-Group=junos
On QFX5k platform, if Packet Forwarding Engine process is restarted manually or device reboot occurs, some MAC address(es) might not be seen on software MAC table but MAC address will be present in hardware table.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1475819 Traffic might not be forwarded over ECMP link in EVPN VXLAN scenario
Product-Group=junosvae
On QFX5110/QFX5120 platforms, when Traffic Load Balance is used in EVPN VXLAN scenario, traffic might not be forwarded over ECMP link after the ECMP link flapped.
1477073 GRE transit traffic does not forward in VRRP scenario
Product-Group=junos
On QFX5110 platforms, GRE transit traffic might be dropped when sending GRE tunnel packets with the destination MAC as VRRP MAC. It has a traffic impact.
PR Number Synopsis Category: CoS support on ACX
1455722 ACX5048 snmp polling will stalled after the link flap/ sfp replacement and ACX_COS_HALP(acx_cos_gport_sched_set_strict_priority:987): Failed to detach logs will be seen
Product-Group=junos
When inserting a SFP, the lowest ifd index available is assigned to the new interface created. During this sfp attach, an ifd-halp entry is also created in cos table for the interface. When SFPs are swapped and SFPs get their IFD index assigned interchanged as that of their old IFDs, issue is observed. As per PFE, the bcm port for the interface remains the same while IFD alone changes when removed and inserted. Hence while creating an ifd-entry for the interface in cos table, it is checked for any old entry still present for same bcm port. But the check done to validate for any old entry is improper. It does not check whether the old ifd index present is still for same bcm port. Due to this check missing, a valid ifd-entry of some other interface is getting deleted in cos table. Introduced the additional validation to ensure the old ifd index of the interface is still for same bcm port. Deleting of old ifd-entry is done only if bcm port of current entry and old ifd entry are same. Also added in existing debug message to display the ifd index which is getting deleted.
PR Number Synopsis Category: ACX Services feature
1479710 dcpfe core when disabling/enabling macsec via Toby scripts
Product-Group=junos
dcpfe core when disabling/enabling macsec via Toby scripts
PR Number Synopsis Category: a20a40 specific issue
1479255 The RGx might fail over after RG0 failover in a rare case.
Product-Group=junos
On the SRX5000 platforms with SPC3 in use, the RGx (x>0) failover may be observed followed by RG0 failover, this is a timing issue and due to unexpected "hardware timeout" detected by RGx after RG0 failover.
PR Number Synopsis Category: a2a10 specific issue
1471524 The flowd or srxpfe process might stop immediately after committing the jflowv9 configuration or after upgrading to affected releases.
Product-Group=junos
On all SRX platforms, if Jflow v9 is configured on the device, the flowd/srxpfe daemon might crash when committing the configuration or after upgrading to affected releases. It might show as a hung state for the device or the device will crash. Affected Releases are 12.3X48-D80 to D95 and 15.1X49-D160 to D200.
PR Number Synopsis Category: common or misc area for SRX product
1467376 Physically disconnecting the cable from fxp0 interface causes Hardware(HW) monitor failure and redundancy group failover on SRX1500 and SRX4K primary node in a chassis cluster.
Product-Group=junos
On SRX1500 and the SRX4000 line of devices, physically disconnecting the cable from fxp0 interface causes hardware monitor failure and redundancy group failover, when the device is the primary node in a chassis cluster.
PR Number Synopsis Category: These are new categories in the areas of PFE
1460209 Loop detection might not work on extended ports in Junos Fusion scenarios
Product-Group=junos
In Junos Fusion scenarios, if loop detection is enabled on extended ports, when a satellite device (SD) is rebooted, or when a satellite device is added or removed/re-added, the loop detection feature might not work.
PR Number Synopsis Category: BBE interface related issues
1459961 Subscriber statistics can be broken after ISSU
Product-Group=junos
In a subscriber management environment, subscriber statistics reported by CLI commands and Radius can be broken if In-Service Software Upgrade (ISSU) is performed from any JUNOS release earlier than 18.4 to 18.4 or newer build.
PR Number Synopsis Category: BBE Resource monitoring related issues
1443109 The bbe-smgd might crash on MX platforms
Product-Group=junos
On MX platforms, subscriber login and GRES(Graceful Routing Engine Switchover) are handled by two different threads in bbe-smgd daemon. If the thread which handles GRES scheduled first, it sets the SDB(Session Database) state as closed and releases the SDB shared memory. When i/o thread handles the subscriber login request, it does not find the shared memory pointer which might lead to bbe-smgd crash.
PR Number Synopsis Category: Border Gateway Protocol
1473351 Removing cluster from BGP group might cause prolonged convergence time
Product-Group=junos
Cluster removal from BGP group might lead to a state where each subsequent change to BGP configuration will trigger import policy reevaluation causing prolonged convergence time of several minutes. This might result in a traffic loss.
1487691 High CPU utilization might be observed when the outgoing BGP updates are sending slowly
Product-Group=junos
On all Junos platforms with the BGP routing protocols, the rpd process might go into a high CPU utilization causing slow network convergence. If a BGP peer is receiving and processing BGP updates slowly, this may cause the BGP output queue of the sending BGP peer to be full. When the queue is full it causes high CPU utilization of the BGP IO thread (bgpio, it is part of the rpd daemon) on the sending BGP peer. This defect could cause network-wide slow BGP network convergence. (See also https://kb.juniper.net/TSB17725)
PR Number Synopsis Category: BBE Remote Access Server
1479697 The CoA request may not be processed if it includes "proxy-state" attribute
Product-Group=junos
In a subscriber management environment, the CoA requests (such as deactivating/activating subscribers) sent from Radius server will fail if the "proxy-state" attribute is present. This attribute is still unsupported but will now be ignored if it's present in CoA requests.
PR Number Synopsis Category: L2NG Access Security feature
1478375 The process dhcpd may crash in a Junos Fusion environment
Product-Group=junos
On EX92XX platforms with the DHCP snooping configured, if a peer receives DHCPv6 packets from the server without the "client-id" option present, and it is syncing packets to the other side at that time, then the process dhcpd crash may be observed.
PR Number Synopsis Category: Firewall Filter
1478964 The filter may not be installed if the "policy-map xx" is present under it
Product-Group=junos
If the "policy-map xx" option is configured under "family mpls" for filters, then the filters may not take effect after committing.
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1455465 The traffic loss might occur when application service is configured
Product-Group=junos
On vSRX3.0 platform, the traffic loss might occur when application service is configured.
1455465 The traffic loss might occur when application service is configured
Product-Group=junosvae
On vSRX3.0 platform, the traffic loss might occur when application service is configured.
PR Number Synopsis Category: Express PFE FW Features
1433259 Cannot change DDOS protocol TTL values under PTX10K
Product-Group=junosvae
Changing DDOS TTL protocols values in PTX10K is not supported.
1462634 The sample/syslog/log action in output firewall filter with packet of size less than 128 might cause ASIC wedge (all packet loss) on PTX platforms
Product-Group=junos
On PTX platforms, if output firewall filter is configured with sample/syslog/log action, the host interface might get wedged for packets with lengths 0-128 including Layer 3 headers.
1470385 Incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands
Product-Group=junos
On PTX1000/PTX3000/PTX5000/PTX10000/PTX9000/QFX10000, sending hostpath traffic and check the ddos statistics might lead to incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands
PR Number Synopsis Category: Express PFE L2 fwding Features
1473313 The detached interface in LAG might process the xSTP BPDUs
Product-Group=junos
If the xSTP protocol is running between a detached lag member and the physically connected peer interface (which is not part of a LAG), the xSTP BPDUs might get exchanged instead of getting dropped. Because of this behavior, the xSTP protocol might make the lag interface flap.
PR Number Synopsis Category: SRX1500 platform software
1485224 "show chassis temperature-thresholds" comes with many FPC 0 output.
Product-Group=junos
On SRX1500, "show chassis temperature-thresholds" comes with many FPC 0 output. This is the display issue and users can ignore the output.
1488203 < SRX1500> CPU Board Inlet increases after OS upgrade from 15.1X49 release to OS 18.x
Product-Group=junosvae
On SRX1500, the temperature value of CPU Board Inlet increases after OS upgrade from 15.1X49 release to OS 18.x Although this is just the display issue it may cause false temperature alerts from CPU Board Inlet.
PR Number Synopsis Category: PTX Express ASIC interface
1412126 PTX interface stays down after maintenance
Product-Group=junos
On PTX3000/PTX5000 linecard (QSFP28-100GBASE-LR4) interface may stay down after software upgrade. Issue is usually observed on links connected to another vendors equipment.
PR Number Synopsis Category: Libjtask for RPD tasks, scheduler, timers, memory, and slip
1472643 Performing back-to-back rpd restarts might cause rpd to crash
Product-Group=junos
On all Junos platforms, after performing back-to-back rpd restarts, rpd might crash. The rpd core may be observed after a timeout of 10 mins.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1484721 ARP entry may not be created in the EVPN-MPLS environment
Product-Group=junos
In the EVPN-MPLS environment, if a VLAN is created without having it in "protocols evpn extended-vlan-list", then adding it, the ARP entry may not be created on the device even it receives the ARP packets through the newly added VLAN.
PR Number Synopsis Category: track re issu control procedure bugs
1480561 ISSU might fail on MX204/MX10003 Virtual-chassis(VC) with an error message
Product-Group=junos
An ISSU performed on MX204/MX10003 VC with MPC7/8/9 cards might fail while upgrading to the below specific releases due to a regression issue: -18.4R3 -19.1R3 -19.3R2, 19.3R2-S1 -19.4R1
PR Number Synopsis Category: Firewall Network Address Translation
1479824 Issuing the show security nat source paired-address command might return an error.
Product-Group=junos
On the SRX series platforms with source NAT configuration, issuing the command "show security nat source paired-address ..." may return an error, which is not expected. It's a corner case, and not reproduced all the time.
PR Number Synopsis Category: IPSEC/IKE VPN
1479738 The kmd process might crash continually after the chassis cluster failover in the IPsec ADVPN scenario.
Product-Group=junos
In the branch SRX chassis cluster setup with the IPsec ADVPN (Auto Discovery VPN) shortcuts established, the kmd process will crash continually after the chassis cluster failover. Traffic going through the IPsec ADVPN shortcuts will be dropped.
PR Number Synopsis Category: PFE infra to support jvision
1456275 Queue data might be missing from path '/interfaces/interface/state'
Product-Group=junos
On subscribing to '/interfaces/interface/state/' it might get subscribed to '/junos/system/linecard/interface/traffic/' internally, instead of '/junos/system/linecard/interface/queue/' which might impact traffic.
PR Number Synopsis Category: Layer 2 VPN related issues
1379621 The core is seen due to a double free of a label. The issue happens in BGP based vpls setup where BGP has RR configuration. As because of RR configuration, the BGP-VPLS label routes are exported into bgp.l2vpn table.
Product-Group=junos
JDI-RCT:Summit:Rpd core@ rtbit_reset, rte_tgtexport_rth
PR Number Synopsis Category: Layer 2 Control Module
1461236 Explicit Deletion Notification (del_path) Not Received when LLDP Neighbor is Lost as result of disabling local interface on the DuT via CLI (gNMI)
Product-Group=junos
Explicit Deletion Notification (del_path) Not Received when LLDP Neighbor is Lost as result of disabling local interface on the DuT via CLI (gNMI)
PR Number Synopsis Category: Label Distribution Protocol
1479249 RPD 100% CPU load and RPD coredumps on the backup RE
Product-Group=junos
RPD crash on the backup RE when LDP tried to create LDP p2mp tunnel upon receiving corrupted data from the master RE.
PR Number Synopsis Category: Port-based link layer security services and protocols that a
1475089 MACsec traffic over L2circuit might not work on QFX10K/PTX10K/PTX1K platforms after upgrading from Junos 15.1 to higher versions
Product-Group=junos
After upgrading from Junos 15.1 to higher versions (before Junos 19.3), MACsec ethertype might not be programmed as known ethertype on QFX10K/PTX10K/PTX1K platforms, so when those platforms are configured as L2circuit tunnel termination, the inner payload (MACsec packets) could not be detected properly and outgoing packets are corrupted.
PR Number Synopsis Category: mc-ae interface
1479012 MC-AE interface may be shown as unknown status if adding the sub-interface as part of the VLAN on the peer MC-AE node
Product-Group=junos
If adding the sub-interface as part of the VLAN on the peer MC-AE node while its corresponding MC-AE interface is still not configured to be part of the VLAN, the status of the MC-AE interface might be shown as unknown. It might have an impact on the traffic as the colour of the MC-AE interface could not be updated correctly.
PR Number Synopsis Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS)
1429797 Extended Ukern thread(PFEBM task) priority to support BBE performance tuning
Product-Group=junos
Original PFEBM task, which is system-critical for internal network performance/resilience, was running a medium priority; Can see tnp queue errrors by 'show pfebm all' on VCP-bearing FPC when high rate of punt traffic (like ARPs or BGP route updates, etc.) which go through VC links. It needs to run at high priority to assure timely packet handling.
PR Number Synopsis Category: Kernel MPLS / Tag / P2MP Infrastructure
1478806 Kernel crash and device restart might happen
Product-Group=junos
In a corner case on Junos platform, where the family ccc is configured along with any other existing family within the same interface, like inet, inet6, etc. (basically, Junos never allows to do so, but somehow a customer did it ). And if the family ccc is deleted from the interface, which might cause kernel crash and the device reboot automatically, so all the traffic will be interrupted.
PR Number Synopsis Category: Kernel socket data replication issues for protocols that use
1472519 The kernel may crash and vmcore may be observed after configuration change is committed
Product-Group=junos
On all Junos platforms, after committing the configuration change (e.g. removal of protocols like mpls, isis, ldp from the interfaces), then the kernel may crash and vmcore may be observed. This issue also may cause protocol adjacency failure.
PR Number Synopsis Category: Path computation client daemon
1472051 The pccd core and PCEP session flaps might be seen in PCE Initiated or PCE delegated LSP scenario
Product-Group=junos
The pccd core and PCEP (Path Computation Element Protocol) session flaps might be seen when PCC (Path Computation Client) tries to send a report to PCE but the connection between PCC and PCE is not in UP state. It might also cause rpd core. This issue might happen in MBB (Make-before-break) cases in PCE provisioned/controlled LSP or doing ISSU upgrade operation.
PR Number Synopsis Category: PTX Broadway based PFE MPLS-LSPs RSVP VPNs tcc ccc software
1484255 FPC might crash when dealing with invalid next-hops
Product-Group=junos
On PTX3000/PTX5000 platform with some specific FPCs, if the weights of links are set to an invalid value on an AE bundle interface or unilist (an unilist next-hop composed of several unicast next-hops), the FPC crash might be observed. It is a rare issue and the FPC will try to reload to resolve this problem. Traffic loss might be seen before the FPC completes the reload period.
PR Number Synopsis Category: Issues related to PKI daemon
1465966 Loading CA certificate causes PKI daemon core file to be generated.
Product-Group=junos
If a CA certificate includes CRL URL that doesn't have "/" to separate URL from the "hostname:port" section, when SRX loads it, pkid crash might happen and any service relies on CA will be affected, because the URL in CRL that is used to verify the validation of certificate will not work, that may cause security risk.
PR Number Synopsis Category: PTP related issues.
1471466 The clksyncd crash might be seen when PTP over AE is configured on MX104 platform
Product-Group=junos
This issue is specific to feature PTP (Precision Time Protocol) over AE interface for MX104 platform. When PTP over AE is configured on MX104 platform, clksyncd process might crash and restart. It might cause partial service impact during the recovery and clksyncd restarts (about 2mins).
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1409448 The 10G fiber interfaces might flap frequently when they are connected to other vendor's switch
Product-Group=junos
When QFX5100 and other vendor's switch are connected via 10G fiber link, flaps may happen sometimes.
1419732 "show interface" indicates "Media type: Fiber" on QFX5100-48T running "QFX 5e Series" image
Product-Group=junos
"show interface" indicates "Media type: Fiber" on QFX5100-48T running "QFX 5e Series" image. This is a display issue. Physical interface: xe-0/0/0, Enabled, Physical link is Down Interface index: 650, SNMP ifIndex: 515 Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Link-mode: Auto, Speed: Auto, BPDU Error: None, Loop Detect PDU Error: None, Ethernet-Switching Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Auto-negotiation: Disabled, Remote fault: Offline, Media type: Fiber <<<<<< Here!! Should be "Copper" Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x4000 Link flags : None
1471216 The speed 10m might not be configured on the GE interface
Product-Group=junos
On QFX5100 and EX4300 mixed-mode Virtual Chassis, the speed 10m might not be configured on the GE interface.
PR Number Synopsis Category: QFX PFE Class of Services
1455357 The cosd crash might be observed if the forwarding-class-set is directly applied on the child interface of an AE interface
Product-Group=junos
The cosd crashes when the customer is loading the configuration with forwarding-class-set directly applied on the child interface. Perform a commit check can avoid this crash.
1476829 QFX Platforms are exhibiting invalid PFE PG counter pairs to copy, src 0xfffff80, dst 0
Product-Group=junos
On QFX Series Switches the following logs might be displayed as a result of polling class of service related SNMP OIDs. These messages might eventually lead to interface counters not being populated properly. There is no other impact from these messages. Nov 19 07:00:07 switch kernel: et-0/0/33: invalid PFE PG counter pairs to copy, src 0xfffff8012285d720, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/36: invalid PFE PG counter pairs to copy, src 0xfffff800076df570, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/37: invalid PFE PG counter pairs to copy, src 0xfffff8012285d750, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/40: invalid PFE PG counter pairs to copy, src 0xfffff800076df480, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/44: invalid PFE PG counter pairs to copy, src 0xfffff800255374e0, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/45: invalid PFE PG counter pairs to copy, src 0xfffff800076df420, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/46: invalid PFE PG counter pairs to copy, src 0xfffff800076de390, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/47: invalid PFE PG counter pairs to copy, src 0xfffff800076df210, dst 0 Nov 19 07:00:07 switch kernel: et-0/0/48: invalid PFE PG counter pairs to copy, src 0xfffff800076dff30, dst 0
PR Number Synopsis Category: Filters
1480776 ARP request packets for unknown host might get dropped in remote PE in EVPN-VXLAN scenario
Product-Group=junos
In EVPN-VXLAN environment, when local CE sends ARP request packets for unknown host, the packets will hit firewall-host queue in remote PE. It might trigger DDoS protection policer violations for firewall-host queue hence the ARP request packets might get dropped.
PR Number Synopsis Category: QFX L2 PFE
1473685 The RIPv2 packets forwarded across a L2circuit connection might be dropped
Product-Group=junos
When RIPv2 routes are received on a QFX5100/EX4600 platforms, either to or from an L2 circuit connection, such packets are not propagated. This includes directed unicast RIPv2 packets.
1474545 Continuous error log messages might be raised on QFX5K platforms in EVPN/VXLAN scenario
Product-Group=junos
In EVPN-VXLAN scenario, when an SP style interface is configured both with native-vlan-id and LLDP on QFX5000 platforms, continuous log messages might be observed.
PR Number Synopsis Category: QFX MPLS PFE
1474935 L2circuit might fail to communicate via VLAN 2 on QFX5K platforms
Product-Group=junos
On QFX5K platforms acting as L2circuit PE (tunnel terminating node), if VLAN 2 is used for L2circuit communication with CE node, the VLAN 2 packets might be dropped on PE.
PR Number Synopsis Category: QFX VC Infrastructure
1478905 The default VC MAC persistence timer is incorrectly set to 20 seconds instead of 20 minutes
Product-Group=junos
In QFX5200-32C, QFX5110 VC (Virtual Chassis) scenario, the default VC MAC (Media Access Control) persistence timer is incorrectly set to 20 seconds instead of 20 minutes. If the master VC member is rebooted, the new master member starts using its own MAC address as the system's MAC base address after only 20 seconds instead of 20 minutes. This results in issues like OSPF (Open Shortest Path First) stuck in "init" state after the master VC member reboot.
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1421076 RPD crash might occur when changing prefix list address from IPv4 to IPv6
Product-Group=junos
RPD crash might occur when changing prefix list address from IPv4 to IPv6 Configure IPv4 prefix-list: set policy-options prefix-list PREFIX_LIST 10.0.0.0/24 Configure a policy that has "then next policy" term: set policy-options policy-statement POLICY term PREF from prefix-list PREFIX_LIST set policy-options policy-statement POLICY term PREF then next policy set policy-options policy-statement POLICY term END then reject commit Note: If a terminating action is used for term PREF (such as "then accept"/"then reject") the core does not appear. Change prefix-list using "replace-pattern" [edit policy-options prefix-list PREFIX_LIST] replace pattern 10.0.0.0/24 with 2001:10::/64 commit RPD crash occurs
PR Number Synopsis Category: Resource Reservation Protocol
1476773 RSVP LSPs might not come up in scaled network with very high number of LSPs if NSR is used on transit router
Product-Group=junos
If NSR is enabled on transit router with scaled RSVP LSPs, RESV message might not be sent from transit router because the path messages replication on master RE does not complete in time. Hence RSVP LSPs might not come up with traffic impact.
PR Number Synopsis Category: RPD API infrastructure
1481953 The rpd may crash when executing "show route protocol l2-learned-host-routing" or "show route protocol rift" CLI command on a router
Product-Group=junos
On all Junos platforms, executing the CLI command of "show route protocol l2-learned-host-routing" or "show route protocol rift" on a router may cause the rpd crash if there is an active route in bgp.rtarget.0 routing table.
PR Number Synopsis Category: IPSEC functionality on M/MX/T ser
1466135 ICMP Error messages are still unreceived after enabling the knob "enable-asymmetric-traffic-processing"
Product-Group=junos
In two/more IPsec tunnels terminated on one router, if the knob "enable-asymmetric-traffic-processing" is enabled, the ICMP reply packet should be received via an asymmetric path which different from ICMP request packet. But the knob "enable-asymmetric-traffic-processing" for asymmetric path which the IPsec tunnel is distributed in the two/more different MS-MPC/MS-MIC, then the ICMP reply packet might be dropped in this scenario, the ICMP error message and the services (such as traceroute, DNS record, IRDP, and so on) based on these messages might be impacted.
PR Number Synopsis Category: SRX Argon module bugs
1480005 The flowd or srxpfe process might crash when advanced anti-malware services are used.
Product-Group=junos
On all multiple-threads SRX Series devices with Advanced Anti-MalWare service used, in a rare condition that a deadlock might occur among multiple threads, which results in the flowd/srxpfe crash.
PR Number Synopsis Category: SSL Proxy functionality on JUNOS
1467856 Packet Forwarding Engine might generate core files because SSL proxy is enabled on NFX Series and SRX Series devices.
Product-Group=junos
If SSL Proxy is using on SRX or QFX, PFE core dump may happen because of some sanity check is missing.
PR Number Synopsis Category: MPC7/8/9 Interface Issues
1441816 Egress stream flush failure and traffic blackhole might occur
Product-Group=junos
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, and MPC9E cards.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1476786 Traffic loss may be observed to the LNS subscribers in case the "routing-service" knob is enabled under the dynamic-profile
Product-Group=junos
On the MX platforms working in an enhanced subscriber environment, if the "routing-service" knob is enabled under the dynamic-profile for the LNS subscribers, l2tp services may not be programmed properly in the PFE due to timing, which causes forwarding issue to the affected subscribers.
PR Number Synopsis Category: Trio pfe l3 forwarding issues
1478279 FPC memory leak might happen after executing "show pfe route"
Product-Group=junos
On all Junos platforms, if the command "show pfe route " is executed to dump the Packet Forwarding Engine (PFE) routes, and then the routes get deleted by some events, for example, Virtual Routing and Forwarding (VRF) configuration removal or Border Gateway Protocol (BGP) flap, the FPC memory leak might happen due to this issue. In large scaled scenario, the memory leak will increase by large amount which might be more easier to cause FPC crash.
PR Number Synopsis Category: Trio pfe mpls- lsps,rsvp,vpns- ccc, tcc software
1439453 The flow label is not pushed when "chained-composite-next-hop ingress l2ckt/l2vpn" is enabled
Product-Group=junos
On MX platforms, in MPLS (Multiprotocol Label Switching) l2ckt/l2vpn with FAT (Flow-Aware Transport of Pseudowires) Flow Labels scenario, the flow label is not pushed when "chained-composite-next-hop ingress l2ckt/l2vpn" is enabled. The issue results in load balance problem for the l2ckt/l2vpn service.
PR Number Synopsis Category: Trio pfe microcode software
1463718 On MX204 platform, Packet Forwarding Engine (PFE) errors may occur when incoming GRE tunnel fragments 1) get sampled and 2) undergo inline reassembly
Product-Group=junos
On MX204 platform, Packet Forwarding Engine (PFE) error messages might be seen when sampling, GRE tunnel termination and inline reassembly are all configured. The errors could cause packet buffer memory leak. Eventually, once packet buffer memory is exhausted, traffic will starting getting lost.
PR Number Synopsis Category: Junos Automation, Commit/Op/Event and SLAX
1479803 The SLAX script may be lost after upgrading software
Product-Group=junos
From 15.1 onwards with event script, commit script or op script configured, the SLAX script might be lost after a software upgrade, this might cause the Junos full config cannot be loaded.
PR Number Synopsis Category: Configuration mgmt, ffp, load-action, commit processing
1468119 Daemons might not be started if "commit" is executed after "commit check"
Product-Group=junos
On Junos from 16.2R1 onwards, if "commit" is executed after "commit check", the daemon (e.g. dhcpd, sampled) might not be started even the related configuration is successfully committed.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1465171 Commit script does not apply changes in private mode unless a commit full is performed
Product-Group=junos
Commit script does not apply changes in private mode unless a commit full is performed.
PR Number Synopsis Category: PTX/QFX100002/8/16 platform software
1464119 FPC might restart during run time on PTX10K/QFX10K platforms
Product-Group=junosvae
On PTX10K/QFX10K platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions.
 
Modification History:
First publication 2020-04-09
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search