Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.3R3-S2: Software Release Notification for JUNOS Software Version 18.3R3-S2

0

0

Article ID: TSB17781 TECHNICAL_BULLETINS Last Updated: 11 May 2020Version: 3.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 18.3R3-S2 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.3R3-S2 is now available.
NOTE

PR1463859 introduces a software defect that causes a 10GE interface to flap continuously when configured with the WAN-PHY framing with the default "hold-down" timer (0). Once you upgrade a router to an affected software release, the interface may flap continuously. This is not applicable to an interface with the default framing - LAN-PHY. [TSB17782]

18.3R3-S2 - List of Fixed issues  

PR Number Synopsis Category: DOT1X
1462479 EX-4600-EX-4300: Mac entry missing in Ethernet-Switching table for Mac-radius client in server fail scenario when tagged is sent for 2 client
Product-Group=junos
In case of server_fail scenario, When tagged traffic is sent for first client MAC learning happen for both data and voice. But for second client on same interface learning happening only for voice. Because vlan is already added for an interface due to first client authentication process.
PR Number Synopsis Category: LLDP
1464553 The LLDP packets might get discarded on all Junos platforms
Product-Group=junos
On all Junos platforms, the LLDP packet received from any other vendor might get discarded. The issue is seen when there are two location-id in the same packet and the Junos device considers the LLDP packet as duplicate and discards it. This might result in the PoE phone not coming up or neighborship information not getting exchanged.
PR Number Synopsis Category: EX4300 PFE
1491348 The traffic destined to VRRP VIP might be dropped after the IRB interface is disabled on the initial VRRP master
Product-Group=junos
On the EX4300 virtual-chassis scenario, the traffic destined to the VRRP Virtual IP Address (VIP) might be dropped on the Virtual-Chassis if the VRRP IRB interface is disabled on the initial VRRP master. For details, please refer to the following topology and problem description.
PR Number Synopsis Category: EX9200 Platform
1467459 The MAC move message may have an incorrect "from" interface when MAC moves rapidly
Product-Group=junos
On the EX2300/3400/4300/4600/9200 platform, in some cases, if MAC moves rapidly, traffic might be impacted and the MAC move message might have an incorrect "from" interface.
PR Number Synopsis Category: EX2300/3400 platform
1452209 The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured
Product-Group=junosvae
On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow.
1452209 The MAC Pause frames will be incrementing on Receive direction if half duplex mode on 10M or 100M speed is configured
Product-Group=junos
On EX3400 with half duplex mode on 10M or 100M speed at medium traffic rates, MAC pause frames will be seen on the port and egress traffic on the port will stop to flow.
1467707 FPCs might get disconnected from EX3400 VC briefly after reboot/upgrade
Product-Group=junos
On EX3400 Virtual Chassis, during reboot or upgrade, because of a high CPU load in slow path of fxpc, TCP keep alive message is not sent. Hence, it is observed that sometimes a few Virtual Chassis members might get disconnected from the Virtual Chassis briefly and join back in 3-6 minutes.
1477165 EX3400 me0 interface might remain down
Product-Group=junos
The me0 interface of EX3400 does not come up when connected to 100m speed interface.
PR Number Synopsis Category: MX10008/16 Platform
1420571 "show chassis power" output status doesn't seem right and there are also similar error messages in the syslog after turn off / on power feed
Product-Group=junos
After changing the power feed(s), either turn off or turn on, show chassis power outputs do not match real condition and there are also incorrect Syslog information recorded.
PR Number Synopsis Category: Hardware Escalation
1426910 Drift messages in ACX2200 which is a PTP hybrid (PTP+syncE) device
Product-Group=junos
On ACX2200 configured with PTP+SyncE , slave devices might get impacted due to high PDVs. This is observed through drift messages in the router.
PR Number Synopsis Category: Platform-side analytics for QFX
1456282 Telemetry traffic might not be sent out when telemetry server is reachable through different routing-instance
Product-Group=junos
On QFX Series switches (except for QFX10000) with Jvision enabled, the telemetry traffic might be locally dropped when the egress interface to the telemetry server is a part of non-default routing-instance.
PR Number Synopsis Category: QFX Multichassis Link Aggregrate
1488681 MClag consistency check for multiple irb's configured with same vrrp-group
Product-Group=junos
The MClag consistency check fails if the same vrrp-group is used for multiple irb configurations on Local and Remote REs of the MCLAG topology. This change corrects the defect and makes the MClag consistency check to pass.
PR Number Synopsis Category: QFX Access control list
1476708 ARP packets are always sent to CPU regardless of whether the storm-control is activated
Product-Group=junos
On QFX5K platforms with VXLAN or VLAN scenario, ARP packets are not rate limited by the storm-control settings as the ARP packets will be copied to CPU by VLAN register settings and can be only rate limited by the CPU Queues rate-limit settings (ARP DDOS Queues).
PR Number Synopsis Category: QFX PFE L2
1467466 Few MAC addresses might be missing from MAC table in software on QFX5k platform.
Product-Group=junos
On QFX5k platform, if Packet Forwarding Engine process is restarted manually or device reboot occurs, some MAC address(es) might not be seen on software MAC table but MAC address will be present in hardware table.
1481031 Connectivity is broken through LAG due to members configured with hold-time and force-up
Product-Group=junos
Connectivity through link aggregation group bundle could break after there is a flap event on the physical ports when one physical member interface is configured with hold-time and the other member interface is having LACP force-up feature configured.
1499422 The FPC will go down when 100G link comes up on the network port of the QFX5110-48S device
Product-Group=junos
On the QFX5110-48S device running on Junos 19.3R2-S2, 18.2R3-S3 or 18.2R3-S4, the FPC will go down when the 100G link comes up on the network port. This leads to FPC up and down every 90 seconds. During the prolem state running CLI "show chassis fpc detail" will not yield any output for upto 90sec. user@device> show chassis fpc detail. <-------- Empty Once FPC state transition back to online state, the 100G transceivers gets detected and fpc flap is seen again. This behavior is seen continuously as long as 100G transceivers remain connected to the QFX device in question. If 100G interfaces gets disabled from CLI or physically removed from the QFX switch, the FPC flap will no longer be seen. Note: This issue is not applicable when 100G-QSFP is used as a VCP port on QFX5110-48S.
PR Number Synopsis Category: QFX L3 data-plane/forwarding
1460791 JDI-RCT : QFX 5100 VC/VCF : Observing Error brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running) after ISSU with Mini-PDT base configurations
Product-Group=junos
"multicast stats related errors like " brcm_ipmc_route_counter_delete:3900Multicast stat destroy failed (-10:Operation still running)" will be observed during ISSU and these messages are harmless and does not affect multicast functionality".
1475819 Traffic might not be forwarded over ECMP link in EVPN VXLAN scenario
Product-Group=junosvae
On QFX5110/QFX5120 platforms, when Traffic Load Balance is used in EVPN VXLAN scenario, traffic might not be forwarded over ECMP link after the ECMP link flapped.
1487707 CPU port queue gets full due to excessive pause frames being received on interfaces, this causes control packets from the CPU to all ports to be dropped.
Product-Group=junos
On QFX5000 platforms (QFX5100/QFX5110/QFX5120/QFX5200/QFX5210) with point-to-point multi-link scenario, when the switch ingress buffer saturation happens, all interfaces on multi-link stop sending traffic at the same time.
PR Number Synopsis Category: QFX PFE MPLS
1475395 Traffic blackhole might be seen on PE when CE sends traffic to PE and the destination is resolved with two LSPs through one upstream interface
Product-Group=junos
On QFX5K platforms with Layer3 VPN scenario, when CE sends traffic to PE and the destination is resolved with two LSPs through one upstream interface, the traffic blackhole might be seen on PE. It happens in ECMP scenario.
PR Number Synopsis Category: Accounting Profile
1458143 A problem with statistics on some interfaces of a router may be observed after FPC or PIC reboot
Product-Group=junos
In some rare scenarios upon FPC or PIC reboot, the pfed (packet forwarding engine daemon) database may not get updated with the correct location_id for some physical interfaces (IFDs), then a problem with statistics on some interfaces of a router may be observed. If this issue happens in the subscriber management environment, and depending on the radius server configuration, it may cause the subscribers to get disconnected by the radius server because of the radius server can not receive the proper statistics update for the subscribers from the pfed.
PR Number Synopsis Category: CoS support on ACX
1455722 ACX5048 snmp polling will stalled after the link flap/ sfp replacement and ACX_COS_HALP(acx_cos_gport_sched_set_strict_priority:987): Failed to detach logs will be seen
Product-Group=junos
When inserting a SFP, the lowest ifd index available is assigned to the new interface created. During this sfp attach, an ifd-halp entry is also created in cos table for the interface. When SFPs are swapped and SFPs get their IFD index assigned interchanged as that of their old IFDs, issue is observed. As per PFE, the bcm port for the interface remains the same while IFD alone changes when removed and inserted. Hence while creating an ifd-entry for the interface in cos table, it is checked for any old entry still present for same bcm port. But the check done to validate for any old entry is improper. It does not check whether the old ifd index present is still for same bcm port. Due to this check missing, a valid ifd-entry of some other interface is getting deleted in cos table. Introduced the additional validation to ensure the old ifd index of the interface is still for same bcm port. Deleting of old ifd-entry is done only if bcm port of current entry and old ifd entry are same. Also added in existing debug message to display the ifd index which is getting deleted.
PR Number Synopsis Category: ACX Services feature
1479710 dcpfe core when disabling/enabling macsec via Toby scripts
Product-Group=junos
dcpfe core when disabling/enabling macsec via Toby scripts
PR Number Synopsis Category: "agentd" software daemon
1426871 The decoding of telemetry data at collector may not be proper if configuring the sensors
Product-Group=junos
On EX and MX platforms, if configuring the sensors to stream data over UDP in static DB, decoding of telemetry data at collector may not be proper.
PR Number Synopsis Category: MPC Fusion SW
1463859 The MPC2E-NG/MPC3E-NG card with specific MIC might crash after a high rate of interface flaps
Product-Group=junos
If any MIC of MIC-3D-2XGE-XFP / MIC-3D-4XGE-XFP / MIC-3D-20GE-SFP-E / MIC-3D-20GE-SFP-EH / MIC-MACSEC-20GE is installed in MPC2E-NG/MPC3E-NG card, the Microkernel (uKern) might hog for CPU on Packet Forwarding Engine (PFE) when there is a high rate of interface flaps (~30/40 flaps per second). This will eventually trigger the MPC2E-NG/MPC3E-NG card crash with an NGMPC core file. Normally the excessive interface flapping won't happen frequently in real world and it may be caused due to external environment. This fix will reduce the impact and prevent the uKern hog when having such conditions.
PR Number Synopsis Category: A15 specific issue
1439744 The SPC card might stop on SRX5000 line of devices.
Product-Group=junos
On the SRX5400,SRX5600 or SRX5800 platforms with SPC2, the SPC could go into a hung state without processing any traffic.
PR Number Synopsis Category: a20a40 specific issue
1479255 The RGx may fail over after RG0 failover in a rare case.
Product-Group=junos
On the SRX5000 platforms with SPC3 in use, the RGx (x>0) failover may be observed followed by RG0 failover, this is a timing issue and due to unexpected "hardware timeout" detected by RGx after RG0 failover.
PR Number Synopsis Category: a2a10 specific issue
1471524 The flowd and srxpfe process might stop immediately after you commit the jflowv9 configuration or after you upgrade Junos OS to affected releases.
Product-Group=junos
On all SRX platforms, if Jflow v9 is configured on the device, the flowd/srxpfe daemon might crash when committing the configuration or after upgrading to affected releases. It might show as a hung state for the device or the device will crash. Affected Releases are 12.3X48-D80 to D95 and 15.1X49-D160 to D200.
PR Number Synopsis Category: common or misc area for SRX product
1467376 Physically disconnecting the cable from the fxp0 interface causes hardware monitor failure.
Product-Group=junos
On SRX1500 and the SRX4000 line of devices, physically disconnecting the cable from fxp0 interface causes hardware monitor failure and redundancy group failover, when the device is the primary node in a chassis cluster.
PR Number Synopsis Category: These are new categories in the areas of PFE
1460209 Loop detection might not work on extended ports in Junos Fusion scenarios
Product-Group=junos
In Junos Fusion scenarios, if loop detection is enabled on extended ports, when a satellite device (SD) is rebooted, or when a satellite device is added or removed/re-added, the loop detection feature might not work.
PR Number Synopsis Category: Bi Directional Forwarding Detection (BFD)
1470603 The BFD client session might flap when removing BFD configuration from the peer end (from other vendor) of the BFD session
Product-Group=junos
Currently, when a BFD packet with session state set to "AdminDown" is received by Juniper Device, the Juniper device will check both the session state and the diagnostic code in the packet. If the session state is "AdminDown" and the diagnostic code is 7 (which means "diag AdminDown"), the BFD session will be set to "Down" and the BFD client (i.e. the service which is protected by BFD) will be notified with "AdminDown" and the BFD client session will not flap. But if the BFD packet with session state set to "AdminDown" along with diagnostic code other than 7 is received, the BFD client will be notified with "Down" and the BFD client session will flap.
PR Number Synopsis Category: Border Gateway Protocol
1414121 QFX5100 : BGP v4/v6 convergence & RIB install/delete time degraded in 19.1R1/19.2R1/19.3R1/19.4R1
Product-Group=junos
BGP IPv4 or IPv6 convergence and RIB install/delete time is degraded in Junos OS Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1.
1473351 Removing cluster from BGP group might cause prolonged convergence time
Product-Group=junos
Cluster removal from BGP group might lead to a state where each subsequent change to BGP configuration will trigger import policy reevaluation causing prolonged convergence time of several minutes. This might result in a traffic loss.
1487691 High CPU utilization might be observed when the outgoing BGP updates are sending slowly
Product-Group=junos
On all Junos platforms with the BGP routing protocols, the rpd process might go into a high CPU utilization causing slow network convergence. If a BGP peer is receiving and processing BGP updates slowly, this may cause the BGP output queue of the sending BGP peer to be full. When the queue is full it causes high CPU utilization of the BGP IO thread (bgpio, it is part of the rpd daemon) on the sending BGP peer. This defect could cause network-wide slow BGP network convergence. (See also https://kb.juniper.net/TSB17725)
1487893 The process rpd may generate soft cores after "always-compare-med" is configured for BGP path-selection
Product-Group=junos
If a manually configured rib-group or automatically generated rib-group (via "family inet labeled-unicast resolve-vpn") is used to copy inet.0 (IP routing table) routes to inet.3 (MPLS routing table), the process rpd may continuously generate soft cores after "protocols bgp path-selection always-compare-med" is configured.
PR Number Synopsis Category: BBE Remote Access Server
1479697 The CoA request may not be processed if it includes "proxy-state" attribute
Product-Group=junos
In a subscriber management environment, the CoA requests (such as deactivating/activating subscribers) sent from Radius server will fail if the "proxy-state" attribute is present. This attribute is still unsupported but will now be ignored if it's present in CoA requests.
PR Number Synopsis Category: Chotu platform software
1450424 RE-MX2008-X8-128G Secure BIOS Version Mismatch alarms
Product-Group=junos
After reboot of the MX2008, can see below alarms:- 2019-07-22 05:07:57 UTC Minor VMHost RE 1 Secure BIOS Version Mismatch 2019-07-22 05:07:53 UTC Minor VMHost RE 0 Secure BIOS Version Mismatch 2019-07-22 05:07:53 UTC Minor Mixed Master and Backup RE types labroot@BRAIN-RE0> show chassis hardware Hardware inventory: Item Version Part number Serial number Description Chassis JN1261F13AFL MX2008 Routing Engine 0 BUILTIN BUILTIN RE-MX2008-X8-128G <<<< 128G Routing Engine 1 BUILTIN BUILTIN RE-MX2008-X8-128G <<<< 128G In certain platforms due to an issue in mfg packaging lastknown bios images are not present in efi_P/efi_S partition.
PR Number Synopsis Category: L2NG Access Security feature
1478375 The process dhcpd may crash in a Junos Fusion environment
Product-Group=junos
On EX92XX platforms with the DHCP snooping configured, if a peer receives DHCPv6 packets from the server without the "client-id" option present, and it is syncing packets to the other side at that time, then the process dhcpd crash may be observed.
PR Number Synopsis Category: Firewall Filter
1478964 The filter may not be installed if the "policy-map xx" is present under it
Product-Group=junos
If the "policy-map xx" option is configured under "family mpls" for filters, then the filters may not take effect after committing.
PR Number Synopsis Category: DNX platform MPLS FRR features
1485444 ACX5448 L2VPN with interface ethernet-ccc input-vlan-map/output-vlan-map can cause traffic blackhole
Product-Group=junos
On the ACX5448 platform, l2vpn application with ethernet-ccc input-vlan-map/output-vlan-map can experience traffic blackhole while the control plane is still up. This issue is a software defect introduced by changes made via PR1456624 in the ethernet-ccc ingress interface. This software defect adds an internal vlan tag to all packets. As a result, customers' desired vlan-tag was not added in ccc->mpls direction. Causing the remote PE -- expecting vlan-tagged traffic -- to drop these packets due to vlan mismatch.
PR Number Synopsis Category: Covers Application classification workflows apart from custo
1455465 The traffic loss might occur when application service is configured
Product-Group=junosvae
On vSRX3.0 platform, traffic loss might occur when application service is configured.
1455465 The traffic loss might occur when application service is configured
Product-Group=junos
On vSRX3.0 platform, traffic loss might occur when application service is configured.
1479684 Recent changes to JDPI's classification mechanism caused a considerable performance regression
Product-Group=junos
Recent changes to JDPI's (Juniper Deep Packet Inspection) classification mechanism caused a considerable performance regression (more than 30 percent).
PR Number Synopsis Category: Ethernet OAM (LFM)
1396540 V44-CFM: NPC crash @ rt_nh_install (rnh=0x618123d8, rnh_src=0x0, rt=< optimized out>, p_rtt=0x74f886c0) at ../../../../src/pfe/common/pfe-arch/trinity/applications/route/rt_nh.c:631
Product-Group=junos
As part of the EOAM programming the LM counters are allocated. When an interface is deleted, the EOAM LM counters needs to be cleared. This is done as part of EOAM punt deletion. But there are scenarios where the prog punt delete processing is received, the IFL is deleted in ukern. In this case the EOAM NHs are cleared but the LM counters are not freed. this can cause memory leak in jnh. This issue is seen for a scaled config, repeated addition and deletion of the interface configs when EOAM config is present
PR Number Synopsis Category: EVPN control plane issues
1467309 The rpd might crash after changing EVPN related configuration
Product-Group=junos
In EVPN scenario without encapsulation type specified (the default EVPN encapsulation type is set to MPLS), if "vlan-id none" and "vni " is configured in EVPN instance, the rpd might crash after changing EVPN related configuration (such as set the encapsulation as vxlan or delete label-allocation scheme).
1490953 The rpd core might be seen when doing RE switchover after disabling BGP protocol globally
Product-Group=junos
On EVPN scenario with BGP and routing-instance configured, if BGP protocol is disabled globally and then doing RE switchover, multiple rpd core might be seen. And the rpd does not run on new master RE. Hence it would affect the traffic and service.
PR Number Synopsis Category: EVPN Layer-2 Forwarding
1484296 Dead next-hops might flood in a rare scenario after remote PEs are bounced
Product-Group=junos
On all Junos platforms with EVPN-MPLS scenario, due to a timing condition, dead next-hops might flood after remote PEs are bounced. This will affect BUM traffic flooding to remote EVPN PEs.
PR Number Synopsis Category: Issues related to EX MACsec
1469663 Traffic loss might be seen with framing errors or runts if MACsec is configured on EX4600/QFX5100 platforms
Product-Group=junos
On EX4600/QFX5100 platforms with Media Access Control Security (MACsec) configured, if there is traffic flowing through the MACsec enabled link, increasing framing errors or runts statistics might be seen in the output of "show interfaces extensive <>" for the affected interface. Traffic loss might also happen due to this issue.
PR Number Synopsis Category: Express PFE FW Features
1470385 Incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands
Product-Group=junos
On PTX1000/PTX3000/PTX5000/PTX10000/PTX9000/QFX10000, sending hostpath traffic and check the ddos statistics might lead to incorrect counter value for "Arrival rate" and "Peak rate" for ddos commands
1491575 BFD sessions start to flap when the firewall filter in the loopback0 is changed
Product-Group=junos
On all Junos based PTX/QFX10000 series platforms with large filter configuration (e.g. one filter has more than 500 terms or one term has more than 500 filters) scenario, during the change operation of loopback0 filter, the bfd sessions start to flap.
PR Number Synopsis Category: Express PFE Services including JTI, TOE, HostPath, Jflow
1445585 Receipt of a malformed packet for J-Flow sampling might create a FPC process core.
Product-Group=junos
Receipt of a malformed packet for J-Flow sampling might create a FPC process core.
PR Number Synopsis Category: Express PFE L2 fwding Features
1442587 The PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb
Product-Group=junos
Path MTU Discovery (PMTUD) is a standardized technique for determining the maximum transmission unit (MTU) size on the network path between two IP hosts, usually with the goal of avoiding IP fragmentation. On QFX10K platforms, the PMTUD might not work for both IPv4 and IPv6 if the ingress L3 interface is an irb. The corresponding ICMP Fragmentation Needed packet to the sender might be dropped silently, then PMTUD fails. This issue has service impact.
PR Number Synopsis Category: SRX1500 platform software
1452137 Hardware failure is seen on both nodes in show chassis cluster status.
Product-Group=junosvae
On the SRX1500 and SRX4xxx platforms, the management interface fxp0 down triggers a major alarm and cause hardware monitoring in jsrpd.
PR Number Synopsis Category: PTX Express ASIC interface
1412126 PTX interface stays down after maintenance
Product-Group=junos
On PTX3000/PTX5000 linecard (QSFP28-100GBASE-LR4) interface may stay down after software upgrade. Issue is usually observed on links connected to another vendors equipment.
PR Number Synopsis Category: Kernel software for AE/AS/Container
1474300 A newly added LAG member interface might forward traffic even though its micro BFD session is down
Product-Group=junos
On all Junos platforms, if a static Link Aggregate Group (LAG) is configured, and Bidirectional Forwarding Detection (BFD) is enabled on the LAG which is also called as micro BFD, a newly added member link might start to forward traffic immediately when the configuration change commits even though its micro BFD session is still down, for example, add a new member interface only on single end, and the remote member interface is disabled or not added. Therefore, traffic loss might be seen due to this issue.
PR Number Synopsis Category: Integrated Routing & Bridging (IRB) module
1436924 IRB over VTEP unicast traffic might get dropped on EX9200/MX platforms
Product-Group=junos
On EX9200/MX platforms running as Provider Edge (PE) nodes in Ethernet Virtual Private Network (EVPN) and Virtual extension LAN (VxLAN) scenario, if the enhanced-ip mode is enabled for chassis configuration, and the EVPN routing instance is configured with Integrated Routing and Bridging (IRB) interface, the unicast traffic which is sent through IRB over Virtual Tunnel End Point (VTEP) might get dropped since it couldn't get routed towards core network due to this issue. [TSB17770]
1484721 ARP entry may not be created in the EVPN-MPLS environment
Product-Group=junos
In the EVPN-MPLS environment, if a VLAN is created without having it in "protocols evpn extended-vlan-list", then adding it, the ARP entry may not be created on the device even it receives the ARP packets through the newly added VLAN.
1484964 VLAN creation failure might be seen on QFX-series platforms with scaled VLAN and L3 configuration
Product-Group=junos
On QFX platforms with scaled VLAN and L3-interface configuration setup, when the VLANs are deleted and added back quickly, the newer VLANs might not get created successfully.
PR Number Synopsis Category: Adresses ALG issues found in JSF
1483834 FTPS traffic might get dropped on SRX/MX platforms if FTP ALG is used
Product-Group=junos
On SRX/MX platforms with FTP ALG enabled, if there are more than one FTPS connection between a pair of FTP client and server, the closure of one connection might cause other connections between that pair of FTP client and server to be affected, hence there might be traffic impact. It is a rare timing issue.
PR Number Synopsis Category: Firewall Authentication
1475435 SRX Series: Unified Access Control (UAC) bypass vulnerability (CVE-2020-1637)
Product-Group=junos
A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy; Refer to https://kb.juniper.net/JSA11018 for more information.
PR Number Synopsis Category: Firewall Network Address Translation
1479824 Issuing the show security nat source paired-address command might return an error.
Product-Group=junos
On the SRX series platforms with source NAT configuration, issuing the command "show security nat source paired-address ..." may return an error, which is not expected. It's a corner case, and not reproduced all the time.
PR Number Synopsis Category: IPSEC/IKE VPN
1421905 The VPN tunnel might flap when IKE and IPsec rekey happen simultaneously.
Product-Group=junos
The VPN tunnel might flap in a corner case scenario (when IKE and IPsec rekey happen simultaneously).
PR Number Synopsis Category: Security platform jweb support
1499280 Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services
Product-Group=junos
Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information.
PR Number Synopsis Category: Issues related to Jflow Jvision Sensors
1477445 Sampling Process may crash when MPLS/MPLS over UDP traffic is sampled
Product-Group=junos
When inline-jflow is configured for sampling MPLS traffic, multi-svsc process running on the FPC may crash due to MPLS resend flow referencing to an unavailable memory location. The issue is related only to MPLS traffic profile and has no bearing with any other jflow i.e. IPv4 and v6.
PR Number Synopsis Category: PFE infra to support jvision
1456275 Queue data might be missing from path '/interfaces/interface/state'
Product-Group=junos
On subscribing to '/interfaces/interface/state/' it might get subscribed to '/junos/system/linecard/interface/traffic/' internally, instead of '/junos/system/linecard/interface/queue/' which might impact traffic.
PR Number Synopsis Category: Layer 2 Circuit issues
1498040 The l2circuit neighbor might be stuck in rd state at one end of MG-LAG peer
Product-Group=junos
In MC-LAG scenario, if the l2circuit is configured with primary-neighbor or backup-neighbor over the MC-LAG link and the l2ckt (l2ciruits control daemon for pseudowire) session of the primary-neighbor or backup-neighbor is flapped continuously (such as clear neighbor ldp and ospf etc..,), one of the remote neighbors may be stuck in RD (the remote pseudowire neighbor is down)status due to race condition between VC(virtual circuit)status update timer and L2ckt intf status change timer. Then, that pseudowire might be down, the traffic might be impacted if the RD pseudowire is not up.
PR Number Synopsis Category: Layer 2 Control Module
1473610 ERP might not come up properly when MSTP and ERP are enabled on the same interface
Product-Group=junos
When both MSTP and ERP are enabled on the same interface, then ERP will not come up properly.
PR Number Synopsis Category: Layer2 forwarding on EX/NTF/PTX/QFX
1484468 Packet loss might be observed after device rebooted or l2ald restarted in EVPN-MPLS scenario
Product-Group=junos
In EVPN-MPLS scenario, if the core-facing interface (mpls interface) and the CE-facing interface are on different PEs, and the traffic from core is not continuous and DMAC (Dynamic MAC) ages out, due to an incorrect flood next-hop programming across different PFEs, packet loss might be observed after device rebooted or l2ald restarted.
PR Number Synopsis Category: mc-ae interface
1447693 The l2ald might fail to update composite NH
Product-Group=junos
This is a timing issue where the l2ald receive underlay NH from rpd as part of LSI IFF ADD (VPLS core NH) and creates flood NH. Due to a flap at local IFL or core (VPLS etc.), the l2ald receives multiple LSI IFF Add and Delete in some order. In some sequence where rpd delete underlay NH from Kernel Forwarding table but the l2ald still create flood NH with this underlay NH, because IFF delete is yet to be received at the l2ald, so l2ald might fail to update Composite NH. This is generic L2 issue and can happen without mc-ae.
PR Number Synopsis Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS)
1429797 Extended Ukern thread(PFEBM task) priority to support BBE performance tuning
Product-Group=junos
Original PFEBM task, which is system-critical for internal network performance/resilience, was running a medium priority; Can see tnp queue errrors by 'show pfebm all' on VCP-bearing FPC when high rate of punt traffic (like ARPs or BGP route updates, etc.) which go through VC links. It needs to run at high priority to assure timely packet handling.
1493699 [subscriber_services] [all] JDI_BBE_REGRESSIONS: DHCP subscribers not coming up as expected after deactivating vcp port
Product-Group=junos
In 20.1R1, for MX-VC platforms, setting or deleting a VC port causes other VC ports on the same FPC/MIC slot to bring link state down for a few seconds, possibly interrupting communication with the other member chassis.
PR Number Synopsis Category: Multiprotocol Label Switching
1445024 The rpd memory leak might be seen when the inter-domain RSVP LSP is in down state
Product-Group=junos
In inter-domain RSVP (Resource Reservation Protocol) LSP (Label-switched Path) scenario, the rpd memory leak might be seen when the CSPF (Constrained Shortest Path First) tries to recompute the path for the "down" LSP which is due to no route or ERO is incorrectly configured. The issue might lead to rpd crash when the rpd is out of memory and results in traffic loss.
1497641 The rpd might crash when SNMP polling is done using OID "jnxMplsTeP2mpTunnelDestTable"
Product-Group=junos
In a very rare P2MP with SNMP scenario, if the OID "jnxMplsTeP2mpTunnelDestTable" is polled by SNMP, the rpd (Routing Protocol Daemon) might crash since the relevant value is empty on the device and SNMP can not walk it at that time.
PR Number Synopsis Category: build tools
1290089 jcrypto syslog help package and events are not packaged even when errmsg is compiled
Product-Group=junos
jcrypto syslog help package and events are not packaged even when errmsg is compiled properly. Several of the KMD help syslog entries are missing
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1439906 FPC might reboot if jlock hog occurs on all Junos VM based platforms
Product-Group=junos
On a JUNOS VM using TSC clocking from the host system, "jlock hog" messages may be seen. This may lead to FPCs reboot.
1483644 Kernel core might be observed if deactivating daemon on EX2300/EX3400 platforms
Product-Group=junos
On EX2300/EX3400 platforms, kernel core might be seen intermittently if deactivating the daemon using the wired-memory (Wired-Memory that is not eligible to be swapped and is usually used for Routing Engine memory structures or memory physically locked by a process).
PR Number Synopsis Category: "ifstate" infrastructure
1486161 Kernel core might be seen if deleting an ifstate
Product-Group=junos
On all Junos platforms, some operations such as configuration change may cause state information to change and eventually cause the ifstate to be deleted. In a very rare case, deleting an ifstate (kernel state) might cause kernel core and RE (Routing Engine) restart. There is no specific trigger, this issue is reported by the configuration change.
PR Number Synopsis Category: Kernel MPLS / Tag / P2MP Infrastructure
1478806 Kernel crash and device restart might happen
Product-Group=junos
In a corner case on Junos platform, where the family ccc is configured along with any other existing family within the same interface, like inet, inet6, etc. (basically, Junos never allows to do so, but somehow a customer did it ). And if the family ccc is deleted from the interface, which might cause kernel crash and the device reboot automatically, so all the traffic will be interrupted.
1493053 Backup RE might crash unexpectedly due to a rare timing issue
Product-Group=junos
The backup Routing Engine might crash unexpectedly due to a rare timing issue during a route churn in the network.
1493431 BGP session might keep flapping between two directly connected BGP peers because of the wrong TCP-MSS in use
Product-Group=junos
In case the two directly connected BGP peers are established over a one-hop LSP, if the IP layer's MTU is smaller than the MPLS layer's MTU, plus the BGP packets from the host have the DF bit set, the BGP session might keep flapping because of the wrong TCP-MSS in use.
PR Number Synopsis Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1484689 Show system buffer command display's all zero in the MX104 chassis and it looks like cosmetic issue as there is no service impact reported
Product-Group=junos
Corrected the odl tags and buffer data handling while xmlizing the output.
PR Number Synopsis Category: Kernel socket data replication issues for protocols that use
1472519 The kernel may crash and vmcore may be observed after configuration change is committed
Product-Group=junos
On all Junos platforms, after committing the configuration change (e.g. removal of protocols like mpls, isis, ldp from the interfaces), then the kernel may crash and vmcore may be observed. This issue also may cause protocol adjacency failure.
PR Number Synopsis Category: PTX Broadway based PFE MPLS-LSPs RSVP VPNs tcc ccc software
1484255 FPC might crash when dealing with invalid next-hops
Product-Group=junos
On PTX3000/PTX5000 platform with some specific FPCs, if the weights of links are set to an invalid value on an AE bundle interface or unilist (an unilist next-hop composed of several unicast next-hops), the FPC crash might be observed. It is a rare issue and the FPC will try to reload to resolve this problem. Traffic loss might be seen before the FPC completes the reload period.
PR Number Synopsis Category: PTX5KBroadway based PFE IPv4, IPv6 software
1479789 Multicast routes add/delete events might cause adjacency and LSPs to go down
Product-Group=junos
In PTX5000 platform with (FPC2-PTX-P1A | FPC-PTX-P1A), or PTX3000 with FPC-SFF-PTX-P1-A, with PIM scenario, The adjacency relationships of routing protocols and LSPs might go down if add/delete some multicast routes (which can be achieved by flapping interface or protocol) ). It is because that though the routes are deleted, its counter for statistic will not be removed from Junos resulting in memory block for counter exhaustion. And due to the exhaustion, any protocols that are sharing the same memory scope might fail to allocate its own counter, which eventually causes protocol adjacency and LSPs to go down. [TSB17747]
PR Number Synopsis Category: Layer 3 issues for VMX
1485706 Interface input error counters are not increasing on MX150
Product-Group=junos
The input errors on MX150 may be zero under show interfaces extensive output when there are CRC/Align errors on the interface.
PR Number Synopsis Category: Protocol Independant Multicast
1443056 PIM RPF selection for the specific multicast group might get incorrectly applied to other multicast groups
Product-Group=junos
On all Junos platforms, changing an RPF interface for a particular multicast group using PIM rpf-selection configuration, might cause other multicast groups to take, a newly changed RPF interface.
PR Number Synopsis Category: Issues related to PKI daemon
1489249 Has the risk of service interruption on all SRX platforms with a dual-stacked CA server
Product-Group=junos
On all SRX products with Online Certificate Status Protocol (OCSP) or Certificate Revocation List (CRL) configured which belongs to a dual-stacked (IPv4/IPv6) Certificate Authority (CA) server, and if one of the IP addresses gets failure, all the services that rely on it might be interrupted, as Junos only selects the first IP from the DNS response message as the IP of the OCSP or CRL.
PR Number Synopsis Category: PTP related issues.
1421811 PTP might not work on MX104 if phy-timestamping is enabled
Product-Group=junos
On MX104 platform with any 2-port license installed on 10G interfaces and phy-timestamping enabled in PTP, PTP might not work.
1461031 The PTP function may hog kernel CPU for a long time
Product-Group=junos
If the PTP function is configured, the process ppmd may be starved due to the defect that PTP function hog kernel CPU for a long time (>100ms), which can cause the "keep-alive" of the corresponding functions timeout such as ppmd based functions - LFM, BFD.
PR Number Synopsis Category: Chassis mgmt for all QFX systems - chassis MIB, alarms, CLI
1456742 The laser from the 10G SFP+ interface is still on when the interface is disabled or the device is rebooted
Product-Group=junos
On the QFX5210/QFX5110/QFX5100 platform, the laser is still emitting from 10G SFP+ port even though the interface is disabled or the device is rebooted. It will cause the peer's interface is still up and might impact traffic.
PR Number Synopsis Category: QFX Control Plane Kernel related
1421250 A vmcore is seen on QFX VC
Product-Group=junos
On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed.
1421250 A vmcore is seen on QFX VC
Product-Group=junosvae
On QFX Series Virtual Chassis during shutdown, if an interrupt is received, the system gets into this state and vmcore is observed.
PR Number Synopsis Category: QFX Platform related (SYSLOG/ALARMS/miscellaneous)
1409448 The 10G fiber interfaces might flap frequently when they are connected to other vendor's switch
Product-Group=junos
When QFX5100 and other vendor's switch are connected via 10G fiber link, flaps may happen sometimes.
1419732 "show interface" indicates "Media type: Fiber" on QFX5100-48T running "QFX 5e Series" image
Product-Group=junos
"show interface" indicates "Media type: Fiber" on QFX5100-48T running "QFX 5e Series" image. This is a display issue. Physical interface: xe-0/0/0, Enabled, Physical link is Down Interface index: 650, SNMP ifIndex: 515 Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Link-mode: Auto, Speed: Auto, BPDU Error: None, Loop Detect PDU Error: None, Ethernet-Switching Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Auto-negotiation: Disabled, Remote fault: Offline, Media type: Fiber <<<<<< Here!! Should be "Copper" Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x4000 Link flags : None
1449977 FPC does not restart immediately after rebooting the system. That might cause packet loss
Product-Group=junosvae
On QFX10008 and QFX100016 switches, the traffic drop occurs after rebooting the system due to the time delay in rebooting the FPC.
PR Number Synopsis Category: QFX platform optics related issues
1457266 QFX5110 QSFP-100GBASE-SR4 made by Avago cannot linkup
Product-Group=junos
On QFX5110, interface on QSFP-100GBASE-SR4 whose Xcvr vendor is Avago on the QFX side cannot linkup, FEC errors might be seen on the other side. Note : Do not use 19.3R2-S2, 18.2R3-S3 and 18.2R3-S4 for this fix. The fix causes that FPC will go down when 100G link comes up and this leads FPC up and down every 90 seconds. The fix will work on 19.3R2-S3 and 18.2R3-S5 properly.
PR Number Synopsis Category: Filters
1480776 ARP request packets for unknown host might get dropped in remote PE in EVPN-VXLAN scenario
Product-Group=junos
In EVPN-VXLAN environment, when local CE sends ARP request packets for unknown host, the packets will hit firewall-host queue in remote PE. It might trigger DDoS protection policer violations for firewall-host queue hence the ARP request packets might get dropped.
PR Number Synopsis Category: QFX L2 PFE
1385954 "CMQFX: Error requesting SET BOOLEAN, illegal setting 66" is generated at booting up.
Product-Group=junos
The following log may be generated at booting up. >> Feb 10 02:15:26 jtac-qfx5100-48s-6q-r2373 : %PFE-3: fpc0 CMQFX: Error requesting SET BOOLEAN, illegal setting 66. This is a cosmetic log and you can ignore the log safely.
1454095 Changing the VLAN name associated with access ports may cause that MAC addresses can not be learned under EVPN-VXLAN scenario
Product-Group=junos
On the QFX5k platform with EVPN-VXLAN configured, if the VLAN name associated with access ports is changed, then the virtual bridge domain may not be created. Due to this, the MAC addresses will not be learned. This issue will cause traffic loss.
1473685 The RIPv2 packets forwarded across a L2circuit connection might be dropped
Product-Group=junos
When RIPv2 routes are received on a QFX5100/EX4600 platforms, either to or from an L2 circuit connection, such packets are not propagated. This includes directed unicast RIPv2 packets.
PR Number Synopsis Category: QFX MPLS PFE
1474935 L2circuit might fail to communicate via VLAN 2 on QFX5K platforms
Product-Group=junos
On QFX5K platforms acting as L2circuit PE (tunnel terminating node), if VLAN 2 is used for L2circuit communication with CE node, the VLAN 2 packets might be dropped on PE.
PR Number Synopsis Category: QFX VC Infrastructure
1478905 The default VC MAC persistence timer is incorrectly set to 20 seconds instead of 20 minutes
Product-Group=junos
In QFX5200-32C, QFX5110 VC (Virtual Chassis) scenario, the default VC MAC (Media Access Control) persistence timer is incorrectly set to 20 seconds instead of 20 minutes. If the master VC member is rebooted, the new master member starts using its own MAC address as the system's MAC base address after only 20 seconds instead of 20 minutes. This results in issues like OSPF (Open Shortest Path First) stuck in "init" state after the master VC member reboot.
PR Number Synopsis Category: Routing Information Protocol
1485009 The rpd crashes if the same neighbor is set in different RIP groups
Product-Group=junos
If the same neighbor is configured under different RIP groups, the commit check fails to capture this invalid configuration and commit can be done successfully. However the rpd will crash.
PR Number Synopsis Category: rosen-6 and rosen-7 mvpn bugs
1405887 The CLI command "show pim mdt data-mdt-limit instance " with family option might cause CPU usage of rpd high
Product-Group=junos
In draft-rosen MVPN scenario with data-mdt, if performing the CLI command "show pim mdt data-mdt-limit instance ", The output might go in loop and the rpd process might use high CPU.
PR Number Synopsis Category: RPD Interfaces related issues
1498992 The rpd might crash when multiple VRFs with 'IFLs link-protection' are deleted at a single time
Product-Group=junos
On all Junos platforms with large-scale VRF scenario, the rpd might crash when multiple VRFs with 'routing-options interface IFL link-protection' are deleted via a single commit.
PR Number Synopsis Category: RPD policy options
1450123 The rib-group might not process the exported route correctly
Product-Group=junos
The rib-group with a policy that matches route next-hop can fail to add the route to the secondary routing table when matched route next-hop is changed to another one and then referred back again after some time. This issue has traffic impact as the exported route will lose in the secondary routing table.
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities
1421076 RPD crash might occur when changing prefix list address from IPv4 to IPv6
Product-Group=junos
RPD crash might occur when changing prefix list address from IPv4 to IPv6 Configure IPv4 prefix-list: set policy-options prefix-list PREFIX_LIST 10.0.0.0/24 Configure a policy that has "then next policy" term: set policy-options policy-statement POLICY term PREF from prefix-list PREFIX_LIST set policy-options policy-statement POLICY term PREF then next policy set policy-options policy-statement POLICY term END then reject commit Note: If a terminating action is used for term PREF (such as "then accept"/"then reject") the core does not appear. Change prefix-list using "replace-pattern" [edit policy-options prefix-list PREFIX_LIST] replace pattern 10.0.0.0/24 with 2001:10::/64 commit RPD crash occurs
PR Number Synopsis Category: Resource Reservation Protocol
1359087 The FPC might be stuck in 'Ready' state after applying a configuration change that will remove RSVP and trigger FPC restart
Product-Group=junos
When 'tunnel-services' is configured under 'chassis fpc <> pic <>', the vt-x/y/z physical interface (IFD) is created for the corresponding FPC. If 'protocols rsvp' is configured, RSVP will create a default vt-x/y/z.u logical interface (IFL) under the corresponding vt-x/y/z IFD. After applying a configuration change that will remove RSVP and trigger FPC restart, the vt-x/y/z.u IFL is not cleaned up due to a code issue. Hence the corresponding vt-x/y/z IFD cannot be cleaned up during the corresponding FPC coming up. The IFD cleaning keeps retrying which cause the corresponding FPC to be stuck in 'Ready' state.
1469567 Fast reroute detour next-hop down event might cause primary LSP down in particular scenario
Product-Group=junos
In detour protection scenario (Fast-reroute enabled in LSP) in which the incoming detour LSPs that arrives on the primary next-hop merge with the locally originated detour LSP, sometimes after detour LSP next-hop down event the node incorrectly chooses the primary nhop (next hop) as the detour nhop, as a result it could cause brief traffic loss (a few seconds).
1476773 RSVP LSPs might not come up in scaled network with very high number of LSPs if NSR is used on transit router
Product-Group=junos
If NSR is enabled on transit router with scaled RSVP LSPs, RESV message might not be sent from transit router because the path messages replication on master RE does not complete in time. Hence RSVP LSPs might not come up with traffic impact.
PR Number Synopsis Category: RPD API infrastructure
1481953 The rpd may crash when executing "show route protocol l2-learned-host-routing" or "show route protocol rift" CLI command on a router
Product-Group=junos
On all Junos platforms, executing the CLI command of "show route protocol l2-learned-host-routing" or "show route protocol rift" on a router may cause the rpd crash if there is an active route in bgp.rtarget.0 routing table.
PR Number Synopsis Category: jflow/monitoring services
1439630 Sampling might return incorrect ASN for BGP traffic
Product-Group=junos
In a BGP scenario with sampling enabled, incorrect ASN (autonomous system number) might be returned for the traffic originated from an internal prefix. This is because some AS paths and routes don't hold the latest information in the message buffers that srrd (sampling route-record daemon) uses to send to the clients.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1464020 The mspmand might crash when stateful firewall and RPC ALG used on MX platforms with MS-MIC/MS-MPC
Product-Group=junos
On MX platforms with MS-MIC/MS-MPC, when stateful firewall is configured with "application junos-dce-rpc-portmap" and RPC ALG is enabled (both Sun RPC and MS-RPC), the mspmand might crash continuously (about every 15 or 20 minutes).
PR Number Synopsis Category: MS-MPC Logging on MX
1478972 TCP-log sessions might be in Established state but no logs get sent out to the syslog server
Product-Group=junos
When TCP-based syslog is configured under the service-set, the Services PICs will establish the TCP sessions with syslog server. When the networks between the syslog server and the MX/SRX are not stable, TCP retransmit may not work properly and cause the TCP sessions to hang. When issuing "show services tcp-log connections", the TCP sessions are still shown in "Established" state, however, no syslog messages are sent to the syslog server.
PR Number Synopsis Category: SRX Argon module bugs
1480005 The flowd or srxpfe process might stop when advanced anti-malware service is used.
Product-Group=junos
On all multiple-threads SRX Series devices with Advanced Anti-MalWare service used, in a rare condition that a deadlock might occur among multiple threads, which results in the flowd/srxpfe crash.
PR Number Synopsis Category: security-intelligence feature on SRX
1482947 19.2R2:VSRX3.0:SRX-RIAD:ipfd core found at 0x08601e14 in ipid_msg_process (svr=< optimized out>, client_id=< optimized out>, msg=< optimized out>, len=< optimized out>) at ../../../../../../src/pfe-shared/include/jnx/usp/ipid_shared.h:622
Product-Group=junos
If ipfd core happens with similar stack trace, it is likely that PR1482947 applies, it is self-heal, does not need special action, and does not impact production traffic
PR Number Synopsis Category: MX10003/MX204 Platform SW - Chassisd s/w defects
1406952 MX10003 / MX204 cosmetic message: ALARMD_CONNECTION_FAILURE: after 60 attempts craftd connect returned error: Connection refused
Product-Group=junos
MX10003 / MX204 platform doesn't have craftd process but alarmd keeps on retrying to connect to it. As the connection keeps failing, alarmd logs error message for first 10 minutes. Later it keeps re-trying the connection attempt silently and endlessly every one second. Removing this connection attempt from alarmd process for unsupported platforms.
PR Number Synopsis Category: SRX-1RU HA SW defects
1487951 If a cluster-id of 16 or multiples of 16 is used the cluster might not come up
Product-Group=junos
When using the SRX4600 firewall in a cluster, if a cluster-id of 16 or multiples of 16 is being used, the cluster might not come up.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1476786 Traffic loss may be observed to the LNS subscribers in case the "routing-service" knob is enabled under the dynamic-profile
Product-Group=junos
On the MX platforms working in an enhanced subscriber environment, if the "routing-service" knob is enabled under the dynamic-profile for the LNS subscribers, l2tp services may not be programmed properly in the PFE due to timing, which causes forwarding issue to the affected subscribers.
PR Number Synopsis Category: Trio pfe bridging, learning, stp, oam, irb software
1468663 JNH memory leaks might be seen after CFM session flap for LSI/VT interfaces
Product-Group=junos
JNH memory leak may be seen when CFM session over the VPLS LSI interface/VT interface flaps if mip-half-function is used.
1491091 MAC malformation might happen in a rare scenario under MX-VC setup
Product-Group=junos
On MX-VC setup, if traffic is going through a VCP (virtual chassis port) port and forwarding to an egress port to the destination, while the traffic is handled entirely by the same PFE, MAC malformation might happen.
PR Number Synopsis Category: Trio pfe multicast software
1478981 The convergence time for MVPN fast upstream failover might be more than 50ms
Product-Group=junos
On MX platforms which act as Next Generation Mulicast Virtual Private Network (NG-MVPN) Provider Edge (PE) routers, if the hot-root-standby and sender-based-rpf features are configured to enable MVPN fast upstream failover, once the primary multicast flow rate falls below the configured "mvpn hot-root-standby min-rate rate" threshold, the egress PE router is supposed to take switchover action from the primary flows to the backup ones, and the covergence time should be within 50 milliseconds. Due to this issue, the covergence time might be more than 50ms and reach up to several seconds (e.g. 2~3s) in a highly scaled scenario (e.g. the number of the multicast groups undergoing the switchover simultaneously is greater than 250 groups). This will result in more traffic loss than expected.
PR Number Synopsis Category: Configuration mgmt, ffp, load-action, commit processing
1468119 Daemons might not be started if "commit" is executed after "commit check"
Product-Group=junos
On Junos from 16.2R1 onwards, if "commit" is executed after "commit check", the daemon (e.g. dhcpd, sampled) might not be started even the related configuration is successfully committed.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1439805 When group is applied at non-root level then updating knobs inside the group is not updating hierarchies where it's applied
Product-Group=junos
On all Junos platforms, if a group is applied at non-root level and later some knob from the group is deleted, then change bits are not set for the hierarchy where the group is applied.
1480348 TFTP installation from loader prompt may not succeed on the EX series devices
Product-Group=junos
On the EX series platforms with 17.1R1 onwards, software installation from loader prompt may not succeed by using TFTP.
PR Number Synopsis Category: V44 Satellite Device Infra
1460607 The dpd crash might be observed on satellite devices in junos fusion enterprise
Product-Group=junosvae
In junos fusion dpd might crash on satellite devices running SNOS.
PR Number Synopsis Category: PTX/QFX10002/8/16 specific software components
1475871 Traffic loss might be seen as backup RE takes around 20 seconds to acquire mastership
Product-Group=junos
On the MX10008/10016 platforms, when GRES and NSR are configured, backup RE will take about 20 seconds to acquire mastership after kernel crash on master RE. Due to this long switching time, traffic loss might be seen. Normal RE mastership switchovers are not affected by this issue.
PR Number Synopsis Category: PTX/QFX100002/8/16 platform software
1464119 FPC might restart during run time on PTX10K/QFX10K platforms
Product-Group=junosvae
On PTX10K/QFX10K platforms, FPC might restart if there is some corruption in BCM (Broadcom) switch (a small internal ethernet switch, instead of PFE engine) inside the FPC. It is a timing issue. The reason is that the PCIe speed configuration for BCM switch is not correct. And this issue is resolved in some FPC U-boot versions.
PR Number Synopsis Category: Virtual Private LAN Services
1295664 LSI interface might not be created causing remote MACs not being learnt with error log of "RPD_KRT_Q_RETRIES: ifl iff add: Device busy"
Product-Group=junos
With VPLS being configured, after upgrade to 15.1/16.1/17.x releases, in some circumstances VPLS LSI interface are not correctly created, causing remote MACs not being learnt and L2 VPLS outage. The issue is not reproduced and the code change is not a fix but add a instrumentation using a hidden command 'show vpls ipc-history', which should be captured right away when the issue is seen on latest releases. show vpls ipc-history <<<<< show vpls connections show krt queue show route forwarding-table extensive /var/log/messages
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1454895 The VRRP traffic loss is longer than one second for some backup groups after performing GRES
Product-Group=junos
On all Junos OS platforms, configuring VRRP over the AE interface whose member physical interfaces belong to different PFE (packet forwarding engine), some backup VRRP groups traffic loss are observed longer than one second after performing GRES (graceful Routing Engine switchover). As the expectation is that the outage is subsecond.
 
 
Modification History:
First publication date 2020-05-08
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search